diff options
120 files changed, 2077 insertions, 257 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index c7816b7e..962dfb99 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -224,3 +224,15 @@ topics: description: requires: - overcloud-resource-registry-puppet.yaml + + - title: Operational Tools + description: + environment_groups: + - title: Monitoring agents + description: Enable monitoring agents + environments: + - file: environments/monitoring-environment.yaml + title: enable monitoring agents + description: + requires: + - overcloud-resource-registry-puppet.yaml diff --git a/environments/monitoring-environment.yaml b/environments/monitoring-environment.yaml new file mode 100644 index 00000000..a8ad2084 --- /dev/null +++ b/environments/monitoring-environment.yaml @@ -0,0 +1,30 @@ +## A Heat environment file which can be used to set up monitoring +## and logging agents + +resource_registry: + OS::TripleO::Services::SensuClient: ../puppet/services/monitoring/sensu-client.yaml + +parameter_defaults: + #### Sensu settings #### + ##MonitoringRabbitHost: 10.10.10.10 + ##MonitoringRabbitPort: 5672 + ##MonitoringRabbitUserName: sensu + ##MonitoringRabbitPassword: sensu + ##MonitoringRabbitUseSSL: false + ##MonitoringRabbitVhost: "/sensu" + ##SensuClientCustomConfig: + ## - api: + ## - warning: 10 + ## critical: 20 + ## openstack: + ## - username: admin + ## password: changeme + ## project_name: admin + ## auth_url: http://controller:5000/v2.0 + ## region_name: RegionOne + + #### EFK settings #### + ## TBD + + #### Grafana/Graphite settings #### + ## TBD diff --git a/environments/neutron-ovs-dpdk.yaml b/environments/neutron-ovs-dpdk.yaml new file mode 100644 index 00000000..004b8ac0 --- /dev/null +++ b/environments/neutron-ovs-dpdk.yaml @@ -0,0 +1,18 @@ +## A Heat environment that can be used to deploy DPDK with OVS +resource_registry: + OS::TripleO::Services::ComputeNeutronOvsAgent: ../puppet/services/neutron-ovs-dpdk-agent.yaml + +parameter_defaults: + ## NeutronDpdkCoreList and NeutronDpdkMemoryChannels are REQUIRED settings. + ## Attempting to deploy DPDK without appropriate values will cause deployment to fail or lead to unstable deployments. + #NeutronDpdkCoreList: "" + #NeutronDpdkMemoryChannels: "" + + NeutronDatapathType: "netdev" + NeutronVhostuserSocketDir: "/var/run/openvswitch" + + #NeutronDpdkSocketMemory: "" + #NeutronDpdkDriverType: "vfio-pci" + #NovaReservedHostMemory: 4096 + #NovaVcpuPinSet: "" + diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh index bc115ef7..0b702630 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh @@ -155,17 +155,19 @@ wsrep_on = ON wsrep_cluster_address = gcomm://localhost EOF -if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then - if [ $DO_MYSQL_UPGRADE -eq 1 ]; then - # Scripts run via heat have no HOME variable set and this confuses - # mysqladmin - export HOME=/root - mkdir /var/lib/mysql || /bin/true - chown mysql:mysql /var/lib/mysql - chmod 0755 /var/lib/mysql - restorecon -R /var/lib/mysql/ - mysql_install_db --datadir=/var/lib/mysql --user=mysql - chown -R mysql:mysql /var/lib/mysql/ +if [ $DO_MYSQL_UPGRADE -eq 1 ]; then + # Scripts run via heat have no HOME variable set and this confuses + # mysqladmin + export HOME=/root + + mkdir /var/lib/mysql || /bin/true + chown mysql:mysql /var/lib/mysql + chmod 0755 /var/lib/mysql + restorecon -R /var/lib/mysql/ + mysql_install_db --datadir=/var/lib/mysql --user=mysql + chown -R mysql:mysql /var/lib/mysql/ + + if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then mysqld_safe --wsrep-new-cluster & # We have a populated /root/.my.cnf with root/password here so # we need to temporarily rename it because the newly created @@ -182,6 +184,9 @@ fi # If we reached here without error we can safely blow away the origin # mysql dir from every controller + +# TODO: What if the upgrade fails on the bootstrap node, but not on +# this controller. Data may be lost. if [ $DO_MYSQL_UPGRADE -eq 1 ]; then rm -r $MYSQL_TEMP_UPGRADE_BACKUP_DIR fi diff --git a/extraconfig/tasks/pacemaker_resource_restart.sh b/extraconfig/tasks/pacemaker_resource_restart.sh index 1637cee2..fd1fd0dc 100755 --- a/extraconfig/tasks/pacemaker_resource_restart.sh +++ b/extraconfig/tasks/pacemaker_resource_restart.sh @@ -7,15 +7,23 @@ pacemaker_status=$(systemctl is-active pacemaker) # Run if pacemaker is running, we're the bootstrap node, # and we're updating the deployment (not creating). if [ "$pacemaker_status" = "active" -a \ - "$(hiera bootstrap_nodeid)" = "$(facter hostname)" -a \ - "$(hiera stack_action)" = "UPDATE" ]; then + "$(hiera bootstrap_nodeid)" = "$(facter hostname)" ]; then - PCMK_RESOURCES="haproxy-clone redis-master rabbitmq-clone galera-master openstack-cinder-volume openstack-cinder-backup" - # Ten minutes of timeout to restart each resource, given there are no constraints should be enough TIMEOUT=600 - for resource in $PCMK_RESOURCES; do - if pcs status | grep $resource; then - pcs resource restart --wait=$TIMEOUT $resource - fi + SERVICES_TO_RESTART="$(ls /var/lib/tripleo/pacemaker-restarts)" + PCS_STATUS_OUTPUT="$(pcs status)" + + for service in $SERVICES_TO_RESTART; do + if ! echo "$PCS_STATUS_OUTPUT" | grep $service; then + echo "Service $service not found as a pacemaker resource, cannot restart it." + exit 1 + fi + done + + for service in $SERVICES_TO_RESTART; do + echo "Restarting $service..." + pcs resource restart --wait=$TIMEOUT $service + rm -f /var/lib/tripleo/pacemaker-restarts/$service done + fi diff --git a/network/config/bond-with-vlans/compute-dpdk.yaml b/network/config/bond-with-vlans/compute-dpdk.yaml new file mode 100644 index 00000000..3fc764be --- /dev/null +++ b/network/config/bond-with-vlans/compute-dpdk.yaml @@ -0,0 +1,192 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to drive os-net-config with 2 bonded nics on a bridge + with VLANs attached for the compute role. + +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + BondInterfaceOvsOptions: + default: '' + description: The ovs_options string for the bond interface. Set things like + lacp=active and/or bond_mode=balance-slb using this option. + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string + +resources: + OsNetConfigImpl: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + os_net_config: + network_config: + - + type: interface + name: nic1 + use_dhcp: false + dns_servers: {get_param: DnsServers} + addresses: + - + ip_netmask: + list_join: + - '/' + - - {get_param: ControlPlaneIp} + - {get_param: ControlPlaneSubnetCidr} + routes: + - + ip_netmask: 169.254.169.254/32 + next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} + - + type: ovs_bridge + name: {get_input: bridge_name} + members: + - + type: ovs_bond + name: bond1 + ovs_options: {get_param: BondInterfaceOvsOptions} + members: + - + type: interface + name: nic2 + primary: true + - + type: interface + name: nic3 + - + type: vlan + device: bond1 + vlan_id: {get_param: InternalApiNetworkVlanID} + addresses: + - + ip_netmask: {get_param: InternalApiIpSubnet} + - + type: vlan + device: bond1 + vlan_id: {get_param: StorageNetworkVlanID} + addresses: + - + ip_netmask: {get_param: StorageIpSubnet} + - + type: vlan + device: bond1 + vlan_id: {get_param: TenantNetworkVlanID} + addresses: + - + ip_netmask: {get_param: TenantIpSubnet} + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. + #- + # type: vlan + # device: bond1 + # vlan_id: {get_param: ManagementNetworkVlanID} + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} + - + type: ovs_user_bridge + name: br-link + members: + - + type: ovs_dpdk_bond + name: dpdkbond0 + members: + - + type: ovs_dpdk_port + name: dpdk0 + members: + - + type: interface + name: nic4 + - + type: ovs_dpdk_port + name: dpdk1 + members: + - + type: interface + name: nic5 + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: {get_resource: OsNetConfigImpl} diff --git a/network/service_net_map.yaml b/network/service_net_map.yaml index 50f5c55a..4cfff402 100644 --- a/network/service_net_map.yaml +++ b/network/service_net_map.yaml @@ -13,6 +13,7 @@ parameters: ServiceNetMapDefaults: default: + ApacheNetwork: internal_api NeutronTenantNetwork: tenant CeilometerApiNetwork: internal_api AodhApiNetwork: internal_api @@ -22,7 +23,8 @@ parameters: CinderIscsiNetwork: storage GlanceApiNetwork: storage GlanceRegistryNetwork: internal_api - IronicApiNetwork: internal_api + IronicApiNetwork: ctlplane + IronicNetwork: ctlplane KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints KeystonePublicApiNetwork: internal_api ManilaApiNetwork: internal_api @@ -40,7 +42,7 @@ parameters: RedisNetwork: internal_api MysqlNetwork: internal_api CephClusterNetwork: storage_mgmt - CephPublicNetwork: storage + CephMonNetwork: storage ControllerHostnameResolveNetwork: internal_api ComputeHostnameResolveNetwork: internal_api BlockStorageHostnameResolveNetwork: internal_api @@ -58,6 +60,7 @@ parameters: default: MongoDbNetwork: MongodbNetwork RabbitMqNetwork: RabbitmqNetwork + CephPublicNetwork: CephMonNetwork description: Mapping older deprecated service names, intended for internal use only, this will be removed in future. type: json diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 57399210..737cb136 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -130,6 +130,7 @@ resource_registry: # services OS::TripleO::Services: puppet/services/services.yaml + OS::TripleO::Services::Apache: puppet/services/apache.yaml OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml OS::TripleO::Services::CephMon: OS::Heat::None OS::TripleO::Services::CephOSD: OS::Heat::None @@ -166,7 +167,6 @@ resource_registry: OS::TripleO::Services::NeutronCorePluginOpencontrail: puppet/services/neutron-plugin-opencontrail.yaml OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml - # ComputeNeutronOvsAgent can be overriden to puppet/services/neutron-ovs-dpdk-agent.yaml also to enable DPDK OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml OS::TripleO::Services::Pacemaker: OS::Heat::None OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None @@ -222,6 +222,7 @@ resource_registry: OS::TripleO::Services::TripleoFirewall: puppet/services/tripleo-firewall.yaml OS::TripleO::Services::OpenDaylight: OS::Heat::None OS::TripleO::Services::OpenDaylightOvs: OS::Heat::None + OS::TripleO::Services::SensuClient: OS::Heat::None parameter_defaults: EnablePackageInstall: false diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index 23dc6464..a85c57c0 120000..100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -1 +1,1038 @@ -overcloud.yaml
\ No newline at end of file +heat_template_version: 2016-04-08 + +description: > + Deploy an OpenStack environment, consisting of several node types (roles), + Controller, Compute, BlockStorage, SwiftStorage and CephStorage. The Storage + roles enable independent scaling of the storage components, but the minimal + deployment is one Controller and one Compute node. + + +# TODO(shadower): we should probably use the parameter groups to put +# some order in here. +parameters: + + # Common parameters (not specific to a role) + CloudName: + default: overcloud + description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org + type: string + CloudNameInternal: + default: overcloud.internalapi.localdomain + description: > + The DNS name of this cloud's internal API endpoint. E.g. + 'ci-overcloud.internalapi.tripleo.org'. + type: string + CloudNameStorage: + default: overcloud.storage.localdomain + description: > + The DNS name of this cloud's storage endpoint. E.g. + 'ci-overcloud.storage.tripleo.org'. + type: string + CloudNameStorageManagement: + default: overcloud.storagemgmt.localdomain + description: > + The DNS name of this cloud's storage management endpoint. E.g. + 'ci-overcloud.storagemgmt.tripleo.org'. + type: string + CloudNameManagement: + default: overcloud.management.localdomain + description: > + The DNS name of this cloud's storage management endpoint. E.g. + 'ci-overcloud.management.tripleo.org'. + type: string + ControlFixedIPs: + default: [] + description: Should be used for arbitrary ips. + type: json + InternalApiVirtualFixedIPs: + default: [] + description: > + Control the IP allocation for the InternalApiVirtualInterface port. E.g. + [{'ip_address':'1.2.3.4'}] + type: json + NeutronControlPlaneID: + default: 'ctlplane' + type: string + description: Neutron ID or name for ctlplane network. + NeutronPublicInterface: + default: nic1 + description: What interface to bridge onto br-ex for network nodes. + type: string + PublicVirtualFixedIPs: + default: [] + description: > + Control the IP allocation for the PublicVirtualInterface port. E.g. + [{'ip_address':'1.2.3.4'}] + type: json + RabbitCookieSalt: + type: string + default: unset + description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. + StorageVirtualFixedIPs: + default: [] + description: > + Control the IP allocation for the StorageVirtualInterface port. E.g. + [{'ip_address':'1.2.3.4'}] + type: json + StorageMgmtVirtualFixedIPs: + default: [] + description: > + Control the IP allocation for the StorageMgmgVirtualInterface port. E.g. + [{'ip_address':'1.2.3.4'}] + type: json + RedisVirtualFixedIPs: + default: [] + description: > + Control the IP allocation for the virtual IP used by Redis. E.g. + [{'ip_address':'1.2.3.4'}] + type: json + CloudDomain: + default: 'localdomain' + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. + ServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. + type: json + + # Controller-specific params + ControllerCount: + type: number + default: 1 + controllerExtraConfig: + default: {} + description: | + Deprecated. Use ControllerExtraConfig via parameter_defaults instead. + type: json + ExtraConfig: + default: {} + description: | + Additional configuration to inject into the cluster. The format required + may be implementation specific, e.g puppet hieradata. Any role specific + ExtraConfig, e.g controllerExtraConfig takes precedence over ExtraConfig. + type: json + +# Compute-specific params + ComputeCount: + type: number + default: 1 + HypervisorNeutronPhysicalBridge: + default: 'br-ex' + description: > + An OVS bridge to create on each hypervisor. This defaults to br-ex the + same as the control plane nodes, as we have a uniform configuration of + the openvswitch agent. Typically should not need to be changed. + type: string + HypervisorNeutronPublicInterface: + default: nic1 + description: What interface to add to the HypervisorNeutronPhysicalBridge. + type: string + + ControllerServices: + default: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Core + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::Redis + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaVncproxy + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::Tripleo::Services::ManilaApi + - OS::Tripleo::Services::ManilaScheduler + - OS::Tripleo::Services::ManilaShare + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::OpenDaylight + - OS::TripleO::Services::SensuClient + description: A list of service resources (configured in the Heat + resource_registry) which represent nested stacks + for each service that should get installed on the Controllers. + type: comma_delimited_list + + ComputeServices: + default: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::NeutronSriovAgent + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::SensuClient + description: A list of service resources (configured in the Heat + resource_registry) which represent nested stacks + for each service that should get installed on the Compute Nodes. + type: comma_delimited_list + +# Block storage specific parameters + BlockStorageCount: + type: number + default: 0 + BlockStorageExtraConfig: + default: {} + description: | + BlockStorage specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + BlockStorageServices: + default: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient + description: A list of service resources (configured in the Heat + resource_registry) which represent nested stacks + for each service that should get installed on the BlockStorage nodes. + type: comma_delimited_list + +# Object storage specific parameters + ObjectStorageCount: + type: number + default: 0 + ObjectStorageExtraConfig: + default: {} + description: | + ObjectStorage specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + ObjectStorageServices: + default: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient + description: A list of service resources (configured in the Heat + resource_registry) which represent nested stacks + for each service that should get installed on the ObjectStorage nodes. + Note this role currently only supports steps 2, 3 and 4 configuration. + type: comma_delimited_list + + +# Ceph storage specific parameters + CephStorageCount: + type: number + default: 0 + CephStorageExtraConfig: + default: {} + description: | + CephStorage specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + CephStorageServices: + default: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient + description: A list of service resources (configured in the Heat + resource_registry) which represent nested stacks + for each service that should get installed on the CephStorage nodes. + type: comma_delimited_list + + # Hostname format for each role + # Note %index% is translated into the index of the node, e.g 0/1/2 etc + # and %stackname% is replaced with OS::stack_name in the template below. + # If you want to use the heat generated names, pass '' (empty string). + ControllerHostnameFormat: + type: string + description: Format for Controller node hostnames + default: '%stackname%-controller-%index%' + ComputeHostnameFormat: + type: string + description: Format for Compute node hostnames + default: '%stackname%-novacompute-%index%' + BlockStorageHostnameFormat: + type: string + description: Format for BlockStorage node hostnames + default: '%stackname%-blockstorage-%index%' + ObjectStorageHostnameFormat: + type: string + description: Format for SwiftStorage node hostnames + default: '%stackname%-objectstorage-%index%' + CephStorageHostnameFormat: + type: string + description: Format for CephStorage node hostnames + default: '%stackname%-cephstorage-%index%' + + # Identifiers to trigger tasks on nodes + UpdateIdentifier: + default: '' + type: string + description: > + Setting to a previously unused value during stack-update will trigger + package update on all nodes + DeployIdentifier: + default: '' + type: string + description: > + Setting this to a unique value will re-run any deployment tasks which + perform configuration on a Heat stack-update. + + # If you want to remove a specific node from a resource group, you can pass + # the node name or id as a <Group>RemovalPolicies parameter, for example: + # ComputeRemovalPolicies: [{'resource_list': ['0']}] + ControllerRemovalPolicies: + default: [] + type: json + description: > + List of resources to be removed from ControllerResourceGroup when + doing an update which requires removal of specific resources. + ComputeRemovalPolicies: + default: [] + type: json + description: > + List of resources to be removed from ComputeResourceGroup when + doing an update which requires removal of specific resources. + BlockStorageRemovalPolicies: + default: [] + type: json + description: > + List of resources to be removed from BlockStorageResourceGroup when + doing an update which requires removal of specific resources. + ObjectStorageRemovalPolicies: + default: [] + type: json + description: > + List of resources to be removed from ObjectStorageResourceGroup when + doing an update which requires removal of specific resources. + CephStorageRemovalPolicies: + default: [] + type: json + description: > + List of resources to be removed from CephStorageResourceGroup when + doing an update which requires removal of specific resources. + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - controllerExtraConfig + + +resources: + + HeatAuthEncryptionKey: + type: OS::Heat::RandomString + + PcsdPassword: + type: OS::Heat::RandomString + properties: + length: 16 + + HorizonSecret: + type: OS::Heat::RandomString + properties: + length: 10 + + ServiceNetMap: + type: OS::TripleO::ServiceNetMap + + EndpointMap: + type: OS::TripleO::EndpointMap + properties: + CloudEndpoints: + external: {get_param: CloudName} + internal_api: {get_param: CloudNameInternal} + storage: {get_param: CloudNameStorage} + storage_mgmt: {get_param: CloudNameStorageManagement} + management: {get_param: CloudNameManagement} + NetIpMap: {get_attr: [VipMap, net_ip_map]} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + + ControllerServiceChain: + type: OS::TripleO::Services + properties: + Services: {get_param: ControllerServices} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + DefaultPasswords: {get_attr: [DefaultPasswords, passwords]} + + Controller: + type: OS::Heat::ResourceGroup + depends_on: Networks + properties: + count: {get_param: ControllerCount} + removal_policies: {get_param: ControllerRemovalPolicies} + resource_def: + type: OS::TripleO::Controller + properties: + CloudDomain: {get_param: CloudDomain} + controllerExtraConfig: {get_param: controllerExtraConfig} + PcsdPassword: {get_resource: PcsdPassword} + RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} + RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + Hostname: + str_replace: + template: {get_param: ControllerHostnameFormat} + params: + '%stackname%': {get_param: 'OS::stack_name'} + NodeIndex: '%index%' + ServiceConfigSettings: {get_attr: [ControllerServiceChain, role_data, config_settings]} + ServiceNames: {get_attr: [ControllerServiceChain, role_data, service_names]} + MonitoringSubscriptions: {get_attr: [ControllerServiceChain, role_data, monitoring_subscriptions]} + + ComputeServiceChain: + type: OS::TripleO::Services + properties: + Services: {get_param: ComputeServices} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + DefaultPasswords: {get_attr: [DefaultPasswords, passwords]} + + Compute: + type: OS::Heat::ResourceGroup + depends_on: Networks + properties: + count: {get_param: ComputeCount} + removal_policies: {get_param: ComputeRemovalPolicies} + resource_def: + type: OS::TripleO::Compute + properties: + CloudDomain: {get_param: CloudDomain} + NeutronPhysicalBridge: {get_param: HypervisorNeutronPhysicalBridge} + NeutronPublicInterface: {get_param: HypervisorNeutronPublicInterface} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + Hostname: + str_replace: + template: {get_param: ComputeHostnameFormat} + params: + '%stackname%': {get_param: 'OS::stack_name'} + NodeIndex: '%index%' + ServiceConfigSettings: {get_attr: [ComputeServiceChain, role_data, config_settings]} + ServiceNames: {get_attr: [ComputeServiceChain, role_data, service_names]} + MonitoringSubscriptions: {get_attr: [ComputeServiceChain, role_data, monitoring_subscriptions]} + + BlockStorageServiceChain: + type: OS::TripleO::Services + properties: + Services: {get_param: BlockStorageServices} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + DefaultPasswords: {get_attr: [DefaultPasswords, passwords]} + + BlockStorage: + type: OS::Heat::ResourceGroup + depends_on: Networks + properties: + count: {get_param: BlockStorageCount} + removal_policies: {get_param: BlockStorageRemovalPolicies} + resource_def: + type: OS::TripleO::BlockStorage + properties: + UpdateIdentifier: {get_param: UpdateIdentifier} + Hostname: + str_replace: + template: {get_param: BlockStorageHostnameFormat} + params: + '%stackname%': {get_param: 'OS::stack_name'} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + ExtraConfig: {get_param: ExtraConfig} + BlockStorageExtraConfig: {get_param: BlockStorageExtraConfig} + CloudDomain: {get_param: CloudDomain} + ServerMetadata: {get_param: ServerMetadata} + NodeIndex: '%index%' + ServiceConfigSettings: {get_attr: [BlockStorageServiceChain, role_data, config_settings]} + ServiceNames: {get_attr: [BlockStorageServiceChain, role_data, service_names]} + MonitoringSubscriptions: {get_attr: [BlockStorageServiceChain, role_data, monitoring_subscriptions]} + + ObjectStorageServiceChain: + type: OS::TripleO::Services + properties: + Services: {get_param: ObjectStorageServices} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + DefaultPasswords: {get_attr: [DefaultPasswords, passwords]} + + ObjectStorage: + type: OS::Heat::ResourceGroup + depends_on: Networks + properties: + count: {get_param: ObjectStorageCount} + removal_policies: {get_param: ObjectStorageRemovalPolicies} + resource_def: + type: OS::TripleO::ObjectStorage + properties: + UpdateIdentifier: {get_param: UpdateIdentifier} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + Hostname: + str_replace: + template: {get_param: ObjectStorageHostnameFormat} + params: + '%stackname%': {get_param: 'OS::stack_name'} + ExtraConfig: {get_param: ExtraConfig} + ObjectStorageExtraConfig: {get_param: ObjectStorageExtraConfig} + CloudDomain: {get_param: CloudDomain} + ServerMetadata: {get_param: ServerMetadata} + NodeIndex: '%index%' + ServiceConfigSettings: {get_attr: [ObjectStorageServiceChain, role_data, config_settings]} + ServiceNames: {get_attr: [ObjectStorageServiceChain, role_data, service_names]} + MonitoringSubscriptions: {get_attr: [ObjectStorageServiceChain, role_data, monitoring_subscriptions]} + + CephStorageServiceChain: + type: OS::TripleO::Services + properties: + Services: {get_param: CephStorageServices} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + DefaultPasswords: {get_attr: [DefaultPasswords, passwords]} + + CephStorage: + type: OS::Heat::ResourceGroup + depends_on: Networks + properties: + count: {get_param: CephStorageCount} + removal_policies: {get_param: CephStorageRemovalPolicies} + resource_def: + type: OS::TripleO::CephStorage + properties: + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + UpdateIdentifier: {get_param: UpdateIdentifier} + Hostname: + str_replace: + template: {get_param: CephStorageHostnameFormat} + params: + '%stackname%': {get_param: 'OS::stack_name'} + ExtraConfig: {get_param: ExtraConfig} + CephStorageExtraConfig: {get_param: CephStorageExtraConfig} + CloudDomain: {get_param: CloudDomain} + ServerMetadata: {get_param: ServerMetadata} + NodeIndex: '%index%' + ServiceConfigSettings: {get_attr: [CephStorageServiceChain, role_data, config_settings]} + ServiceNames: {get_attr: [CephStorageServiceChain, role_data, service_names]} + MonitoringSubscriptions: {get_attr: [CephStorageServiceChain, role_data, monitoring_subscriptions]} + + ControllerIpListMap: + type: OS::TripleO::Network::Ports::NetIpListMap + properties: + ControlPlaneIpList: {get_attr: [Controller, ip_address]} + ExternalIpList: {get_attr: [Controller, external_ip_address]} + InternalApiIpList: {get_attr: [Controller, internal_api_ip_address]} + StorageIpList: {get_attr: [Controller, storage_ip_address]} + StorageMgmtIpList: {get_attr: [Controller, storage_mgmt_ip_address]} + TenantIpList: {get_attr: [Controller, tenant_ip_address]} + ManagementIpList: {get_attr: [Controller, management_ip_address]} + EnabledServices: {get_attr: [ControllerServiceChain, role_data, service_names]} + ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} + + allNodesConfig: + type: OS::TripleO::AllNodes::SoftwareConfig + properties: + hosts: + - list_join: + - '\n' + - {get_attr: [Compute, hosts_entry]} + - list_join: + - '\n' + - {get_attr: [Controller, hosts_entry]} + - list_join: + - '\n' + - {get_attr: [BlockStorage, hosts_entry]} + - list_join: + - '\n' + - {get_attr: [ObjectStorage, hosts_entry]} + - list_join: + - '\n' + - {get_attr: [CephStorage, hosts_entry]} + enabled_services: + list_join: + - ',' + - {get_attr: [ControllerServiceChain, role_data, service_names]} + - {get_attr: [ComputeServiceChain, role_data, service_names]} + - {get_attr: [BlockStorageServiceChain, role_data, service_names]} + - {get_attr: [ObjectStorageServiceChain, role_data, service_names]} + - {get_attr: [CephStorageServiceChain, role_data, service_names]} + controller_ips: {get_attr: [Controller, ip_address]} + controller_names: {get_attr: [Controller, hostname]} + service_ips: {get_attr: [ControllerIpListMap, service_ips]} + # FIXME(shardy): These require further work to move into service_ips + rabbit_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, RabbitmqNetwork]}]} + memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} + keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]} + keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} + ceph_mon_node_names: {get_attr: [Controller, hostname]} + DeployIdentifier: {get_param: DeployIdentifier} + UpdateIdentifier: {get_param: UpdateIdentifier} + + MysqlRootPassword: + type: OS::Heat::RandomString + properties: + length: 10 + + RabbitCookie: + type: OS::Heat::RandomString + properties: + length: 20 + salt: {get_param: RabbitCookieSalt} + + DefaultPasswords: + type: OS::TripleO::DefaultPasswords + properties: + DefaultMysqlRootPassword: {get_attr: [MysqlRootPassword, value]} + DefaultRabbitCookie: {get_attr: [RabbitCookie, value]} + DefaultHeatAuthEncryptionKey: {get_attr: [HeatAuthEncryptionKey, value]} + DefaultPcsdPassword: {get_attr: [PcsdPassword, value]} + DefaultHorizonSecret: {get_attr: [HorizonSecret, value]} + + # creates the network architecture + Networks: + type: OS::TripleO::Network + + ControlVirtualIP: + type: OS::Neutron::Port + depends_on: Networks + properties: + name: control_virtual_ip + network: {get_param: NeutronControlPlaneID} + fixed_ips: {get_param: ControlFixedIPs} + replacement_policy: AUTO + + RedisVirtualIP: + depends_on: Networks + type: OS::TripleO::Network::Ports::RedisVipPort + properties: + ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + ControlPlaneNetwork: {get_param: NeutronControlPlaneID} + PortName: redis_virtual_ip + NetworkName: {get_attr: [ServiceNetMap, service_net_map, RedisNetwork]} + ServiceName: redis + FixedIPs: {get_param: RedisVirtualFixedIPs} + + # The public VIP is on the External net, falls back to ctlplane + PublicVirtualIP: + depends_on: Networks + type: OS::TripleO::Network::Ports::ExternalVipPort + properties: + ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + ControlPlaneNetwork: {get_param: NeutronControlPlaneID} + PortName: public_virtual_ip + FixedIPs: {get_param: PublicVirtualFixedIPs} + + InternalApiVirtualIP: + depends_on: Networks + type: OS::TripleO::Network::Ports::InternalApiVipPort + properties: + ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + PortName: internal_api_virtual_ip + FixedIPs: {get_param: InternalApiVirtualFixedIPs} + + StorageVirtualIP: + depends_on: Networks + type: OS::TripleO::Network::Ports::StorageVipPort + properties: + ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + PortName: storage_virtual_ip + FixedIPs: {get_param: StorageVirtualFixedIPs} + + StorageMgmtVirtualIP: + depends_on: Networks + type: OS::TripleO::Network::Ports::StorageMgmtVipPort + properties: + ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + PortName: storage_management_virtual_ip + FixedIPs: {get_param: StorageMgmtVirtualFixedIPs} + + VipMap: + type: OS::TripleO::Network::Ports::NetVipMap + properties: + ControlPlaneIp: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} + ExternalIp: {get_attr: [PublicVirtualIP, ip_address]} + ExternalIpUri: {get_attr: [PublicVirtualIP, ip_address_uri]} + InternalApiIp: {get_attr: [InternalApiVirtualIP, ip_address]} + InternalApiIpUri: {get_attr: [InternalApiVirtualIP, ip_address_uri]} + StorageIp: {get_attr: [StorageVirtualIP, ip_address]} + StorageIpUri: {get_attr: [StorageVirtualIP, ip_address_uri]} + StorageMgmtIp: {get_attr: [StorageMgmtVirtualIP, ip_address]} + StorageMgmtIpUri: {get_attr: [StorageMgmtVirtualIP, ip_address_uri]} + # No tenant or management VIP required + + VipConfig: + type: OS::TripleO::VipConfig + + VipDeployment: + type: OS::Heat::StructuredDeployments + properties: + name: VipDeployment + config: {get_resource: VipConfig} + servers: {get_attr: [Controller, attributes, nova_server_resource]} + input_values: + # service VIP mappings + keystone_admin_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} + keystone_public_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]} + neutron_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NeutronApiNetwork]}]} + cinder_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CinderApiNetwork]}]} + glance_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceApiNetwork]}]} + glance_registry_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceRegistryNetwork]}]} + swift_proxy_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SwiftProxyNetwork]}]} + nova_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaApiNetwork]}]} + nova_metadata_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaMetadataNetwork]}]} + ceilometer_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CeilometerApiNetwork]}]} + aodh_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, AodhApiNetwork]}]} + gnocchi_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GnocchiApiNetwork]}]} + heat_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, HeatApiNetwork]}]} + horizon_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, HorizonNetwork]}]} + redis_vip: {get_attr: [RedisVirtualIP, ip_address]} + manila_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, ManilaApiNetwork]}]} + mysql_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MysqlNetwork]}]} + rabbit_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, RabbitMqNetwork]}]} + # direct configuration of Virtual IPs for each network + control_virtual_ip: {get_attr: [VipMap, net_ip_map, ctlplane]} + public_virtual_ip: {get_attr: [VipMap, net_ip_map, external]} + internal_api_virtual_ip: {get_attr: [VipMap, net_ip_map, internal_api]} + sahara_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SaharaApiNetwork]}]} + ironic_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, IronicApiNetwork]}]} + opendaylight_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, OpenDaylightApiNetwork]}]} + storage_virtual_ip: {get_attr: [VipMap, net_ip_map, storage]} + storage_mgmt_virtual_ip: {get_attr: [VipMap, net_ip_map, storage_mgmt]} + + ControllerSwiftDeployment: + type: OS::Heat::StructuredDeployments + properties: + name: ControllerSwiftDeployment + config: {get_attr: [SwiftDevicesAndProxyConfig, config_id]} + servers: {get_attr: [Controller, attributes, nova_server_resource]} + + ObjectStorageSwiftDeployment: + type: OS::Heat::StructuredDeployments + properties: + name: ObjectStorageSwiftDeployment + config: {get_attr: [SwiftDevicesAndProxyConfig, config_id]} + servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} + + SwiftDevicesAndProxyConfig: + type: OS::TripleO::SwiftDevicesAndProxy::SoftwareConfig + properties: + controller_swift_devices: {get_attr: [Controller, swift_device]} + object_store_swift_devices: {get_attr: [ObjectStorage, swift_device]} + controller_swift_proxy_memcaches: {get_attr: [Controller, swift_proxy_memcache]} + + ControllerAllNodesDeployment: + type: OS::Heat::StructuredDeployments + properties: + name: ControllerAllNodesDeployment + config: {get_attr: [allNodesConfig, config_id]} + servers: {get_attr: [Controller, attributes, nova_server_resource]} + input_values: + bootstrap_nodeid: {get_attr: [Controller, resource.0.hostname]} + bootstrap_nodeid_ip: {get_attr: [Controller, resource.0.ip_address]} + + ComputeAllNodesDeployment: + type: OS::Heat::StructuredDeployments + properties: + name: ComputeAllNodesDeployment + config: {get_attr: [allNodesConfig, config_id]} + servers: {get_attr: [Compute, attributes, nova_server_resource]} + input_values: + bootstrap_nodeid: {get_attr: [Compute, resource.0.hostname]} + bootstrap_nodeid_ip: {get_attr: [Compute, resource.0.ip_address]} + + BlockStorageAllNodesDeployment: + type: OS::Heat::StructuredDeployments + properties: + name: BlockStorageAllNodesDeployment + config: {get_attr: [allNodesConfig, config_id]} + servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} + input_values: + bootstrap_nodeid: {get_attr: [BlockStorage, resource.0.hostname]} + bootstrap_nodeid_ip: {get_attr: [BlockStorage, resource.0.ip_address]} + + ObjectStorageAllNodesDeployment: + type: OS::Heat::StructuredDeployments + properties: + name: ObjectStorageAllNodesDeployment + config: {get_attr: [allNodesConfig, config_id]} + servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} + input_values: + bootstrap_nodeid: {get_attr: [ObjectStorage, resource.0.hostname]} + bootstrap_nodeid_ip: {get_attr: [ObjectStorage, resource.0.ip_address]} + + CephStorageAllNodesDeployment: + type: OS::Heat::StructuredDeployments + properties: + name: CephStorageAllNodesDeployment + config: {get_attr: [allNodesConfig, config_id]} + servers: {get_attr: [CephStorage, attributes, nova_server_resource]} + input_values: + bootstrap_nodeid: {get_attr: [CephStorage, resource.0.hostname]} + bootstrap_nodeid_ip: {get_attr: [CephStorage, resource.0.ip_address]} + + # All Nodes Validations + AllNodesValidationConfig: + type: OS::TripleO::AllNodes::Validation + properties: + PingTestIps: + list_join: + - ' ' + - - {get_attr: [Controller, resource.0.external_ip_address]} + - {get_attr: [Controller, resource.0.internal_api_ip_address]} + - {get_attr: [Controller, resource.0.storage_ip_address]} + - {get_attr: [Controller, resource.0.storage_mgmt_ip_address]} + - {get_attr: [Controller, resource.0.tenant_ip_address]} + - {get_attr: [Controller, resource.0.management_ip_address]} + + ControllerAllNodesValidationDeployment: + type: OS::Heat::StructuredDeployments + depends_on: ControllerAllNodesDeployment + properties: + name: ControllerAllNodesValidationDeployment + config: {get_resource: AllNodesValidationConfig} + servers: {get_attr: [Controller, attributes, nova_server_resource]} + + ComputeAllNodesValidationDeployment: + type: OS::Heat::StructuredDeployments + depends_on: ComputeAllNodesDeployment + properties: + name: ComputeAllNodesValidationDeployment + config: {get_resource: AllNodesValidationConfig} + servers: {get_attr: [Compute, attributes, nova_server_resource]} + + BlockStorageAllNodesValidationDeployment: + type: OS::Heat::StructuredDeployments + depends_on: BlockStorageAllNodesDeployment + properties: + name: BlockStorageAllNodesValidationDeployment + config: {get_resource: AllNodesValidationConfig} + servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} + + ObjectStorageAllNodesValidationDeployment: + type: OS::Heat::StructuredDeployments + depends_on: ObjectStorageAllNodesDeployment + properties: + name: ObjectStorageAllNodesValidationDeployment + config: {get_resource: AllNodesValidationConfig} + servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} + + CephStorageAllNodesValidationDeployment: + type: OS::Heat::StructuredDeployments + depends_on: CephStorageAllNodesDeployment + properties: + name: CephStorageAllNodesValidationDeployment + config: {get_resource: AllNodesValidationConfig} + servers: {get_attr: [CephStorage, attributes, nova_server_resource]} + + UpdateWorkflow: + type: OS::TripleO::Tasks::UpdateWorkflow + properties: + controller_servers: {get_attr: [Controller, attributes, nova_server_resource]} + compute_servers: {get_attr: [Compute, attributes, nova_server_resource]} + blockstorage_servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} + objectstorage_servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} + cephstorage_servers: {get_attr: [CephStorage, attributes, nova_server_resource]} + input_values: + deploy_identifier: {get_param: DeployIdentifier} + update_identifier: {get_param: UpdateIdentifier} + + # Optional ExtraConfig for all nodes - all roles are passed in here, but + # the nested template may configure each role differently (or not at all) + AllNodesExtraConfig: + type: OS::TripleO::AllNodesExtraConfig + depends_on: + - UpdateWorkflow + - ComputeAllNodesValidationDeployment + - BlockStorageAllNodesValidationDeployment + - ObjectStorageAllNodesValidationDeployment + - CephStorageAllNodesValidationDeployment + - ControllerAllNodesValidationDeployment + properties: + controller_servers: {get_attr: [Controller, attributes, nova_server_resource]} + compute_servers: {get_attr: [Compute, attributes, nova_server_resource]} + blockstorage_servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} + objectstorage_servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} + cephstorage_servers: {get_attr: [CephStorage, attributes, nova_server_resource]} + + # Nested stack deployment runs after all other controller deployments + ControllerNodesPostDeployment: + type: OS::TripleO::ControllerPostDeployment + depends_on: [ControllerAllNodesDeployment, ControllerSwiftDeployment] + properties: + servers: {get_attr: [Controller, attributes, nova_server_resource]} + RoleData: {get_attr: [ControllerServiceChain, role_data]} + + ComputeNodesPostDeployment: + type: OS::TripleO::ComputePostDeployment + depends_on: [ComputeAllNodesDeployment] + properties: + servers: {get_attr: [Compute, attributes, nova_server_resource]} + RoleData: {get_attr: [ComputeServiceChain, role_data]} + + ObjectStorageNodesPostDeployment: + type: OS::TripleO::ObjectStoragePostDeployment + depends_on: [ObjectStorageSwiftDeployment, ObjectStorageAllNodesDeployment] + properties: + servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} + RoleData: {get_attr: [ObjectStorageServiceChain, role_data]} + + BlockStorageNodesPostDeployment: + type: OS::TripleO::BlockStoragePostDeployment + depends_on: [ControllerNodesPostDeployment, BlockStorageAllNodesDeployment] + properties: + servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} + RoleData: {get_attr: [BlockStorageServiceChain, role_data]} + + CephStorageNodesPostDeployment: + type: OS::TripleO::CephStoragePostDeployment + depends_on: [ControllerNodesPostDeployment, CephStorageAllNodesDeployment] + properties: + servers: {get_attr: [CephStorage, attributes, nova_server_resource]} + RoleData: {get_attr: [CephStorageServiceChain, role_data]} + + +outputs: + ManagedEndpoints: + description: Asserts that the keystone endpoints have been provisioned. + value: true + KeystoneURL: + description: URL for the Overcloud Keystone service + value: {get_attr: [EndpointMap, endpoint_map, KeystonePublic, uri]} + KeystoneAdminVip: + description: Keystone Admin VIP endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} + PublicVip: + description: Controller VIP for public API endpoints + value: {get_attr: [VipMap, net_ip_map, external]} + AodhInternalVip: + description: VIP for Aodh API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, AodhApiNetwork]}]} + CeilometerInternalVip: + description: VIP for Ceilometer API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CeilometerApiNetwork]}]} + CinderInternalVip: + description: VIP for Cinder API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CinderApiNetwork]}]} + GlanceInternalVip: + description: VIP for Glance API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceApiNetwork]}]} + GnocchiInternalVip: + description: VIP for Gnocchi API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GnocchiApiNetwork]}]} + HeatInternalVip: + description: VIP for Heat API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, HeatApiNetwork]}]} + IronicInternalVip: + description: VIP for Ironic API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, IronicApiNetwork]}]} + KeystoneInternalVip: + description: VIP for Keystone API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]} + ManilaInternalVip: + description: VIP for Manila API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, ManilaApiNetwork]}]} + NeutronInternalVip: + description: VIP for Neutron API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NeutronApiNetwork]}]} + NovaInternalVip: + description: VIP for Nova API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaApiNetwork]}]} + OpenDaylightInternalVip: + description: VIP for OpenDaylight API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, OpenDaylightApiNetwork]}]} + SaharaInternalVip: + description: VIP for Sahara API internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SaharaApiNetwork]}]} + SwiftInternalVip: + description: VIP for Swift Proxy internal endpoint + value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SwiftProxyNetwork]}]} + EndpointMap: + description: | + Mapping of the resources with the needed info for their endpoints. + This includes the protocol used, the IP, port and also a full + representation of the URI. + value: {get_attr: [EndpointMap, endpoint_map]} + HostsEntry: + description: | + The content that should be appended to your /etc/hosts if you want to get + hostname-based access to the deployed nodes (useful for testing without + setting up a DNS). + value: {get_attr: [allNodesConfig, hosts_entries]} + EnabledServices: + description: The services enabled on each role + value: + Controller: {get_attr: [ControllerServiceChain, role_data, service_names]} + Compute: {get_attr: [ComputeServiceChain, role_data, service_names]} + BlockStorage: {get_attr: [BlockStorageServiceChain, role_data, service_names]} + ObjectStorage: {get_attr: [ObjectStorageServiceChain, role_data, service_names]} + CephStorage: {get_attr: [CephStorageServiceChain, role_data, service_names]} diff --git a/overcloud.yaml b/overcloud.yaml index 38a36800..a85c57c0 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -2,7 +2,7 @@ heat_template_version: 2016-04-08 description: > Deploy an OpenStack environment, consisting of several node types (roles), - Controller, Compute, BlockStorage, SwiftStorage and CephStorage. The Storage + Controller, Compute, BlockStorage, SwiftStorage and CephStorage. The Storage roles enable independent scaling of the storage components, but the minimal deployment is one Controller and one Compute node. @@ -199,6 +199,7 @@ parameters: - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::OpenDaylight + - OS::TripleO::Services::SensuClient description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Controllers. @@ -224,6 +225,7 @@ parameters: - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::NeutronSriovAgent - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::SensuClient description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Compute Nodes. @@ -249,6 +251,7 @@ parameters: - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the BlockStorage nodes. @@ -275,6 +278,7 @@ parameters: - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the ObjectStorage nodes. @@ -301,6 +305,7 @@ parameters: - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the CephStorage nodes. @@ -435,7 +440,6 @@ resources: properties: CloudDomain: {get_param: CloudDomain} controllerExtraConfig: {get_param: controllerExtraConfig} - HorizonSecret: {get_resource: HorizonSecret} PcsdPassword: {get_resource: PcsdPassword} RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]} @@ -449,6 +453,7 @@ resources: NodeIndex: '%index%' ServiceConfigSettings: {get_attr: [ControllerServiceChain, role_data, config_settings]} ServiceNames: {get_attr: [ControllerServiceChain, role_data, service_names]} + MonitoringSubscriptions: {get_attr: [ControllerServiceChain, role_data, monitoring_subscriptions]} ComputeServiceChain: type: OS::TripleO::Services @@ -480,6 +485,7 @@ resources: NodeIndex: '%index%' ServiceConfigSettings: {get_attr: [ComputeServiceChain, role_data, config_settings]} ServiceNames: {get_attr: [ComputeServiceChain, role_data, service_names]} + MonitoringSubscriptions: {get_attr: [ComputeServiceChain, role_data, monitoring_subscriptions]} BlockStorageServiceChain: type: OS::TripleO::Services @@ -512,6 +518,7 @@ resources: NodeIndex: '%index%' ServiceConfigSettings: {get_attr: [BlockStorageServiceChain, role_data, config_settings]} ServiceNames: {get_attr: [BlockStorageServiceChain, role_data, service_names]} + MonitoringSubscriptions: {get_attr: [BlockStorageServiceChain, role_data, monitoring_subscriptions]} ObjectStorageServiceChain: type: OS::TripleO::Services @@ -544,6 +551,7 @@ resources: NodeIndex: '%index%' ServiceConfigSettings: {get_attr: [ObjectStorageServiceChain, role_data, config_settings]} ServiceNames: {get_attr: [ObjectStorageServiceChain, role_data, service_names]} + MonitoringSubscriptions: {get_attr: [ObjectStorageServiceChain, role_data, monitoring_subscriptions]} CephStorageServiceChain: type: OS::TripleO::Services @@ -576,6 +584,7 @@ resources: NodeIndex: '%index%' ServiceConfigSettings: {get_attr: [CephStorageServiceChain, role_data, config_settings]} ServiceNames: {get_attr: [CephStorageServiceChain, role_data, service_names]} + MonitoringSubscriptions: {get_attr: [CephStorageServiceChain, role_data, monitoring_subscriptions]} ControllerIpListMap: type: OS::TripleO::Network::Ports::NetIpListMap @@ -625,7 +634,6 @@ resources: memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]} keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} - ceph_mon_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CephPublicNetwork]}]} ceph_mon_node_names: {get_attr: [Controller, hostname]} DeployIdentifier: {get_param: DeployIdentifier} UpdateIdentifier: {get_param: UpdateIdentifier} @@ -952,6 +960,7 @@ resources: servers: {get_attr: [CephStorage, attributes, nova_server_resource]} RoleData: {get_attr: [CephStorageServiceChain, role_data]} + outputs: ManagedEndpoints: description: Asserts that the keystone endpoints have been provisioned. diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 644c1938..a43e9645 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -22,8 +22,6 @@ parameters: type: comma_delimited_list keystone_admin_api_node_ips: type: comma_delimited_list - ceph_mon_node_ips: - type: comma_delimited_list ceph_mon_node_names: type: comma_delimited_list DeployIdentifier: @@ -126,18 +124,6 @@ resources: list_join: - ',' - {get_param: ceph_mon_node_names} - tripleo::profile::base::ceph::ceph_mon_host: - list_join: - - ',' - - {get_param: ceph_mon_node_ips} - tripleo::profile::base::ceph::ceph_mon_host_v6: - str_replace: - template: "'[IPS_LIST]'" - params: - IPS_LIST: - list_join: - - '],[' - - {get_param: ceph_mon_node_ips} # NOTE(gfidente): interpolation with %{} in the # hieradata file can't be used as it returns string ceilometer::rabbit_hosts: *rabbit_nodes_array diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index 829456b5..fe2a916f 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -90,6 +90,9 @@ parameters: ServiceNames: type: comma_delimited_list default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -252,6 +255,7 @@ resources: service_names: mapped_data: service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} service_configs: mapped_data: map_replace: diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index ef3f08ff..26906532 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -92,6 +92,9 @@ parameters: ServiceNames: type: comma_delimited_list default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -258,6 +261,7 @@ resources: service_names: mapped_data: service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} service_configs: mapped_data: map_replace: diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 1790aa0d..0f9e0313 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -107,6 +107,9 @@ parameters: ServiceNames: type: comma_delimited_list default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -271,6 +274,7 @@ resources: service_names: mapped_data: service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} service_configs: mapped_data: map_replace: diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 28fd08da..a6efe1aa 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -83,10 +83,6 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - HorizonSecret: - description: Secret key for Django - type: string - hidden: true controllerImage: type: string default: overcloud-full @@ -96,10 +92,6 @@ parameters: default: 'REBUILD_PRESERVE_EPHEMERAL' description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. type: string - InstanceNameTemplate: - default: 'instance-%08x' - description: Template string to be used to generate instance names - type: string KeyName: default: default description: Name of an existing Nova key pair to enable SSH access to the instances @@ -110,39 +102,14 @@ parameters: default: false description: Whether to manage IPtables rules. type: boolean - MemcachedIPv6: - default: false - description: Enable IPv6 features in Memcached. - type: boolean PurgeFirewallRules: default: false description: Whether IPtables rules should be purged before setting up the new ones. type: boolean - NeutronMetadataProxySharedSecret: - description: Shared secret to prevent spoofing - type: string - hidden: true - NeutronPassword: - description: The password for the neutron service and db account, used by neutron agents. - type: string - hidden: true NeutronPublicInterface: default: nic1 description: What interface to bridge onto br-ex for network nodes. type: string - NovaEnableDBPurge: - default: true - description: | - Whether to create cron job for purging soft deleted rows in Nova database. - type: boolean - NovaIPv6: - default: false - description: Enable IPv6 features in Nova - type: boolean - NovaPassword: - description: The password for the nova service and db account, used by nova-api. - type: string - hidden: true PcsdPassword: type: string description: The password for the 'pcsd' user. @@ -162,10 +129,6 @@ parameters: default: {} description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' type: json - UpgradeLevelNovaCompute: - type: string - description: Nova Compute upgrade level - default: '' ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -225,6 +188,9 @@ parameters: ServiceNames: type: comma_delimited_list default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -392,43 +358,15 @@ resources: server: {get_resource: Controller} input_values: bootstack_nodeid: {get_attr: [Controller, name]} - horizon_secret: {get_param: HorizonSecret} debug: {get_param: Debug} - keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } enable_fencing: {get_param: EnableFencing} enable_load_balancer: {get_param: EnableLoadBalancer} manage_firewall: {get_param: ManageFirewall} purge_firewall_rules: {get_param: PurgeFirewallRules} - neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - nova_enable_db_purge: {get_param: NovaEnableDBPurge} - nova_ipv6: {get_param: NovaIPv6} corosync_ipv6: {get_param: CorosyncIPv6} - memcached_ipv6: {get_param: MemcachedIPv6} - nova_password: {get_param: NovaPassword} - upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute} - instance_name_template: {get_param: InstanceNameTemplate} fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]} - neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} - nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} - horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} - horizon_subnet: - str_replace: - template: "['SUBNET']" - params: - SUBNET: - get_attr: - - NetIpMap - - net_ip_map - - str_replace: - template: "NETWORK_subnet" - params: - NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} redis_vip: {get_param: RedisVirtualIP} ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]} @@ -465,6 +403,7 @@ resources: service_names: mapped_data: service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} service_configs: mapped_data: map_replace: @@ -489,37 +428,14 @@ resources: tripleo::fencing::config: {get_input: fencing_config} # Neutron - neutron::bind_host: {get_input: neutron_api_network} - neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - - # Nova - nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute} - nova::use_ipv6: {get_input: nova_ipv6} - nova::api::api_bind_address: {get_input: nova_api_network} - nova::api::metadata_listen: {get_input: nova_metadata_network} - nova::glance_api_servers: {get_input: glance_api_servers} - nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} - nova::api::instance_name_template: {get_input: instance_name_template} - nova::vncproxy::host: {get_input: nova_api_network} - nova_enable_db_purge: {get_input: nova_enable_db_purge} - - # Horizon - apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet} - apache::ip: {get_input: horizon_network} - horizon::django_debug: {get_input: debug} - horizon::secret_key: {get_input: horizon_secret} - horizon::bind_address: {get_input: horizon_network} - horizon::keystone_url: {get_input: keystone_auth_uri} - # Redis redis_vip: {get_input: redis_vip} # Firewall tripleo::firewall::manage_firewall: {get_input: manage_firewall} tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules} # Misc - memcached_ipv6: {get_input: memcached_ipv6} tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 4308052b..65afffad 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionAodhApi: + default: 'overcloud-ceilometer-aodh-api' + type: string resources: AodhBase: @@ -27,14 +30,23 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + outputs: role_data: description: Role data for the Aodh API service. value: service_name: aodh_api + monitoring_subscription: {get_param: MonitoringSubscriptionAodhApi} config_settings: map_merge: - get_attr: [AodhBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] - aodh::wsgi::apache::ssl: false aodh::api::service_name: 'httpd' tripleo.aodh_api.firewall_rules: diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml index 3988c940..405c500e 100644 --- a/puppet/services/aodh-evaluator.yaml +++ b/puppet/services/aodh-evaluator.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionAodhEvaluator: + default: 'overcloud-ceilometer-aodh-evaluator' + type: string resources: AodhBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Aodh Evaluator service. value: service_name: aodh_evaluator + monitoring_subscription: {get_param: MonitoringSubscriptionAodhEvaluator} config_settings: get_attr: [AodhBase, role_data, config_settings] step_config: | diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml index bc1ccde7..fc4e8b39 100644 --- a/puppet/services/aodh-listener.yaml +++ b/puppet/services/aodh-listener.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionAodhListener: + default: 'overcloud-ceilometer-aodh-listener' + type: string resources: AodhBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Aodh Listener service. value: service_name: aodh_listener + monitoring_subscription: {get_param: MonitoringSubscriptionAodhListener} config_settings: get_attr: [AodhBase, role_data, config_settings] step_config: | diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml index 66e9f3e9..2e51c639 100644 --- a/puppet/services/aodh-notifier.yaml +++ b/puppet/services/aodh-notifier.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionAodhNotifier: + default: 'overcloud-ceilometer-aodh-notifier' + type: string resources: AodhBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Aodh Notifier service. value: service_name: aodh_notifier + monitoring_subscription: {get_param: MonitoringSubscriptionAodhNotifier} config_settings: get_attr: [AodhBase, role_data, config_settings] step_config: | diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml new file mode 100644 index 00000000..7595e4c3 --- /dev/null +++ b/puppet/services/apache.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2016-10-14 + +description: > + Apache service configured with Puppet. Note this is typically included + automatically via other services which run via Apache. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Apache role. + value: + service_name: apache + config_settings: + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]} + apache::server_signature: 'Off' + apache::server_tokens: 'Prod' + apache_remote_proxy_ips_network: + str_replace: + template: "NETWORK_subnet" + params: + NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]} + apache::mod::remoteip::proxy_ips: + - "%{hiera('apache_remote_proxy_ips_network')}" diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index 72bad632..5d980d79 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -22,6 +22,9 @@ parameters: description: The password for the redis service account. type: string hidden: true + MonitoringSubscriptionCeilometerCentral: + default: 'overcloud-ceilometer-agent-central' + type: string resources: CeilometerServiceBase: @@ -36,6 +39,7 @@ outputs: description: Role data for the Ceilometer Central Agent role. value: service_name: ceilometer_agent_central + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral} config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml index 5bfecfed..5457539c 100644 --- a/puppet/services/ceilometer-agent-compute.yaml +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCeilometerCompute: + default: 'overcloud-ceilometer-agent-compute' + type: string resources: CeilometerServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Ceilometer Compute Agent role. value: service_name: ceilometer_agent_compute + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCompute} config_settings: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml index 7873706d..bedb8b04 100644 --- a/puppet/services/ceilometer-agent-notification.yaml +++ b/puppet/services/ceilometer-agent-notification.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCeilometerNotification: + default: 'overcloud-ceilometer-agent-notification' + type: string resources: @@ -33,6 +36,7 @@ outputs: description: Role data for the Ceilometer Notification Agent role. value: service_name: ceilometer_agent_notification + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerNotification} config_settings: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index 201a2b7b..5df9f2b3 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCeilometerApi: + default: 'overcloud-ceilometer-api' + type: string resources: @@ -28,13 +31,22 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + outputs: role_data: description: Role data for the Ceilometer API role. value: service_name: ceilometer_api + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerApi} config_settings: map_merge: + - get_attr: [ApacheServiceBase, role_data, config_settings] - get_attr: [CeilometerServiceBase, role_data, config_settings] - tripleo.ceilometer_api.firewall_rules: '124 ceilometer': diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml index ef7ffbd6..9dbb2759 100644 --- a/puppet/services/ceilometer-collector.yaml +++ b/puppet/services/ceilometer-collector.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCeilometerCollector: + default: 'overcloud-ceilometer-collector' + type: string resources: CeilometerServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Ceilometer Collector role. value: service_name: ceilometer_collector + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCollector} config_settings: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml index 63a6d41d..3b811c4d 100644 --- a/puppet/services/ceilometer-expirer.yaml +++ b/puppet/services/ceilometer-expirer.yaml @@ -18,7 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - + MonitoringSubscriptionCeilometerExpirer: + default: 'overcloud-ceilometer-expirer' + type: string resources: CeilometerServiceBase: @@ -33,6 +35,7 @@ outputs: description: Role data for the Ceilometer Expirer role. value: service_name: ceilometer_expirer + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerExpirer} config_settings: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index 4d98546d..ce8d9158 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -20,9 +20,6 @@ parameters: CephClusterFSID: type: string description: The Ceph cluster FSID. Must be a UUID. - CephIPv6: - default: False - type: boolean CinderRbdPoolName: default: volumes type: string @@ -72,7 +69,6 @@ outputs: value: service_name: ceph_base config_settings: - tripleo::profile::base::ceph::ceph_ipv6: {get_param: CephIPv6} tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage} ceph::profile::params::osd_pool_default_min_size: 1 ceph::profile::params::osds: {/srv/data: {}} @@ -93,8 +89,8 @@ outputs: str_replace: template: "NETWORK_subnet" params: - NETWORK: {get_param: [ServiceNetMap, CephPublicNetwork]} - ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephPublicNetwork]} + NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]} + ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]} ceph::profile::params::client_keys: str_replace: template: "{ diff --git a/puppet/services/ceph-client.yaml b/puppet/services/ceph-client.yaml index a9e4621a..b482dd2e 100644 --- a/puppet/services/ceph-client.yaml +++ b/puppet/services/ceph-client.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCephClient: + default: 'overcloud-ceph-client' + type: string resources: CephBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Cinder OSD service. value: service_name: ceph_client + monitoring_subscription: {get_param: MonitoringSubscriptionCephClient} config_settings: get_attr: [CephBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index 959cee26..52c4824f 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -47,12 +47,16 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCephExternal: + default: 'overcloud-ceph-external' + type: string outputs: role_data: description: Role data for the Ceph External service. value: service_name: ceph_external + monitoring_subscription: {get_param: MonitoringSubscriptionCephExternal} config_settings: tripleo::profile::base::ceph::ceph_mon_host: {get_param: CephExternalMonHost} ceph::profile::params::fsid: {get_param: CephClusterFSID} diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index f634ce8a..a2b3f13e 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -53,6 +53,9 @@ parameters: } default: {} type: json + MonitoringSubscriptionCephMon: + default: 'overcloud-ceph-mon' + type: string resources: CephBase: @@ -67,6 +70,7 @@ outputs: description: Role data for the Ceph Monitor service. value: service_name: ceph_mon + monitoring_subscription: {get_param: MonitoringSubscriptionCephMon} config_settings: map_merge: - get_attr: [CephBase, role_data, config_settings] diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml index d18ccabf..f6378720 100644 --- a/puppet/services/ceph-osd.yaml +++ b/puppet/services/ceph-osd.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCephOsd: + default: 'overcloud-ceph-osd' + type: string resources: CephBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Cinder OSD service. value: service_name: ceph_osd + monitoring_subscription: {get_param: MonitoringSubscriptionCephOsd} config_settings: map_merge: - get_attr: [CephBase, role_data, config_settings] diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 5df0739f..94c94a65 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -31,6 +31,9 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionCinderApi: + default: 'overcloud-cinder-api' + type: string resources: @@ -46,6 +49,7 @@ outputs: description: Role data for the Cinder API role. value: service_name: cinder_api + monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi} config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] diff --git a/puppet/services/cinder-backup.yaml b/puppet/services/cinder-backup.yaml index f92fdfdb..80795457 100644 --- a/puppet/services/cinder-backup.yaml +++ b/puppet/services/cinder-backup.yaml @@ -30,6 +30,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCinderBackup: + default: 'overcloud-cinder-backup' + type: string resources: @@ -45,6 +48,7 @@ outputs: description: Role data for the Cinder Backup role. value: service_name: cinder_backup + monitoring_subscription: {get_param: MonitoringSubscriptionCinderBackup} config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml index 129706b1..1326e267 100644 --- a/puppet/services/cinder-scheduler.yaml +++ b/puppet/services/cinder-scheduler.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCinderScheduler: + default: 'overcloud-cinder-scheduler' + type: string resources: @@ -33,6 +36,7 @@ outputs: description: Role data for the Cinder Scheduler role. value: service_name: cinder_scheduler + monitoring_subscription: {get_param: MonitoringSubscriptionCinderScheduler} config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index de7e6bab..c84c784e 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -56,6 +56,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCinderVolume: + default: 'overcloud-cinder-volume' + type: string resources: @@ -71,6 +74,7 @@ outputs: description: Role data for the Cinder Volume role. value: service_name: cinder_volume + monitoring_subscription: {get_param: MonitoringSubscriptionCinderVolume} config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] @@ -95,10 +99,6 @@ outputs: # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: - str_replace: - template: "NETWORK_uri" - params: - NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]} + tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]} step_config: | include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index d2376af3..adc1b4cb 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -73,12 +73,16 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionGlanceApi: + default: 'overcloud-glance-api' + type: string outputs: role_data: description: Role data for the Glance API role. value: service_name: glance_api + monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi} config_settings: glance::api::database_connection: list_join: @@ -90,14 +94,14 @@ outputs: - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} - glance::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - glance::api::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } glance::api::registry_host: str_replace: template: "'REGISTRY_HOST'" params: REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]} - glance::api::keystone_password: {get_param: GlancePassword} + glance::api::authtoken::password: {get_param: GlancePassword} glance::api::enable_proxy_headers_parsing: true glance::api::debug: {get_param: Debug} glance::api::workers: {get_param: GlanceWorkers} @@ -128,7 +132,7 @@ outputs: - 9292 - 13292 glance::keystone::auth::tenant: 'service' - glance::api::keystone_tenant: 'service' + glance::api::authtoken::project_name: 'service' glance::api::pipeline: 'keystone' glance::api::show_image_direct_url: true # NOTE: bind IP is found in Heat replacing the network name with the diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index 06ef9379..d5f01d46 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -30,12 +30,16 @@ parameters: default: 0 description: Number of workers for Glance service. type: number + MonitoringSubscriptionGlanceRegistry: + default: 'overcloud-glance-registry' + type: string outputs: role_data: description: Role data for the Glance Registry role. value: service_name: glance_registry + monitoring_subscription: {get_param: MonitoringSubscriptionGlanceRegistry} config_settings: glance::registry::database_connection: list_join: @@ -46,11 +50,11 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' - glance::registry::keystone_password: {get_param: GlancePassword} - glance::registry::keystone_tenant: 'service' + glance::registry::authtoken::password: {get_param: GlancePassword} + glance::registry::authtoken::project_name: 'service' glance::registry::pipeline: 'keystone' - glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } glance::registry::debug: {get_param: Debug} glance::registry::workers: {get_param: GlanceWorkers} glance::db::mysql::user: glance @@ -61,7 +65,6 @@ outputs: - "%{hiera('mysql_bind_host')}" glance::registry::db::database_db_max_retries: -1 glance::registry::db::database_max_retries: -1 - tripleo.glance_registry.firewall_rules: '112 glance_registry': dport: diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index ec42f3f5..650865e2 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -33,8 +33,12 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionGnocchiApi: + default: 'overcloud-gnocchi-api' + type: string resources: + GnocchiServiceBase: type: ./gnocchi-base.yaml properties: @@ -42,13 +46,22 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + outputs: role_data: description: Role data for the Gnocchi role. value: service_name: gnocchi_api + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi} config_settings: map_merge: + - get_attr: [ApacheServiceBase, role_data, config_settings] - get_attr: [GnocchiServiceBase, role_data, config_settings] - tripleo.gnocchi_api.firewall_rules: '129 gnocchi-api': diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml index 205d0552..ebdebd1e 100644 --- a/puppet/services/gnocchi-metricd.yaml +++ b/puppet/services/gnocchi-metricd.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionGnocchiMetricd: + default: 'overcloud-gnocchi-metricd' + type: string resources: GnocchiServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Gnocchi role. value: service_name: gnocchi_metricd + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiMetricd} config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml index 018ad2b1..04339f46 100644 --- a/puppet/services/gnocchi-statsd.yaml +++ b/puppet/services/gnocchi-statsd.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionGnocchiStatsd: + default: 'overcloud-gnocchi-statsd' + type: string resources: GnocchiServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Gnocchi role. value: service_name: gnocchi_statsd + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiStatsd} config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 6885449e..df23e6e1 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -44,12 +44,16 @@ parameters: Specifies the interface where the public-facing virtual ip will be assigned. This should be int_public when a VLAN is being used. type: string + MonitoringSubscriptionHaproxy: + default: 'overcloud-haproxy' + type: string outputs: role_data: description: Role data for the HAproxy role. value: service_name: haproxy + monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy} config_settings: tripleo.haproxy.firewall_rules: '107 haproxy stats': diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index a15ea32d..61a69078 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -30,6 +30,9 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionHeatApiCnf: + default: 'overcloud-heat-api-cfn' + type: string resources: HeatBase: @@ -44,6 +47,7 @@ outputs: description: Role data for the Heat CloudFormation API role. value: service_name: heat_api_cfn + monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf} config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index 6d645ee7..c12e56ef 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -22,6 +22,9 @@ parameters: default: 0 description: Number of workers for Heat service. type: number + MonitoringSubscriptionHeatApiCloudwatch: + default: 'overcloud-heat-api-cloudwatch' + type: string resources: HeatBase: @@ -36,6 +39,7 @@ outputs: description: Role data for the Heat Cloudwatch API role. value: service_name: heat_api_cloudwatch + monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCloudwatch} config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index ec3b0e37..64b0c53b 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -30,6 +30,9 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionHeatApi: + default: 'overcloud-heat-api' + type: string resources: HeatBase: @@ -44,6 +47,7 @@ outputs: description: Role data for the Heat API role. value: service_name: heat_api + monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi} config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index 226d2a51..7eb58f56 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -32,6 +32,10 @@ parameters: via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json + HeatPassword: + description: The password for the Heat service and db account, used by the Heat services. + type: string + hidden: true DefaultPasswords: default: {} type: json @@ -60,11 +64,13 @@ outputs: key: 'context_is_admin' value: 'role:admin' heat::rabbit_heartbeat_timeout_threshold: 60 - heat::keystone_tenant: 'service' + heat::keystone::authtoken::project_name: 'service' + heat::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + heat::keystone::authtoken::password: {get_param: HeatPassword} heat::keystone::domain::domain_name: 'heat_stack' heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' - heat::auth_plugin: 'password' heat::cron::purge_deleted::age: 30 heat::cron::purge_deleted::age_type: 'days' heat::cron::purge_deleted::maxdelay: 3600 diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index b230ec1d..089bf531 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -40,6 +40,9 @@ parameters: type: string hidden: true default: '' + MonitoringSubscriptionHeatEngine: + default: 'overcloud-heat-engine' + type: string resources: HeatBase: @@ -54,6 +57,7 @@ outputs: description: Role data for the Heat Engine role. value: service_name: heat_engine + monitoring_subscription: {get_param: MonitoringSubscriptionHeatEngine} config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] @@ -71,8 +75,6 @@ outputs: - {get_param: [EndpointMap, MysqlInternal, host]} - '/heat' heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} - heat::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - heat::keystone_password: {get_param: HeatPassword} heat::db::mysql::password: {get_param: HeatPassword} heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} heat::db::mysql::user: heat diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index c5d96819..c8ec2b2b 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > Horizon service configured with Puppet @@ -10,6 +10,10 @@ parameters: via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string DefaultPasswords: default: {} type: json @@ -22,17 +26,30 @@ parameters: default: '*' description: A list of IP/Hostname allowed to connect to horizon type: comma_delimited_list + HorizonSecret: + description: Secret key for Django + type: string + hidden: true + default: '' NeutronMechanismDrivers: default: 'openvswitch' description: | The mechanism drivers for the Neutron tenant network. type: comma_delimited_list + MemcachedIPv6: + default: false + description: Enable IPv6 features in Memcached. + type: boolean + MonitoringSubscriptionHorizon: + default: 'overcloud-horizon' + type: string outputs: role_data: description: Role data for the Horizon role. value: service_name: horizon + monitoring_subscription: {get_param: MonitoringSubscriptionHorizon} config_settings: horizon::allowed_hosts: {get_param: HorizonAllowedHosts} neutron::plugins::ml2::mechanism_drivers: @@ -51,5 +68,29 @@ outputs: add_listen: false priority: 10 access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + apache::ip: {get_param: [ServiceNetMap, HorizonNetwork]} + apache_remote_proxy_ips_network: + str_replace: + template: "NETWORK_subnet" + params: + NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} + apache::mod::remoteip::proxy_ips: + - "%{hiera('apache_remote_proxy_ips_network')}" + horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]} + horizon::django_debug: {get_param: Debug} + horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]} + horizon::secret_key: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: HorizonSecret} + - {get_param: [DefaultPasswords, horizon_secret]} + memcached_ipv6: {get_param: MemcachedIPv6} step_config: | include ::tripleo::profile::base::horizon diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index d0516e1b..5c3f370e 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -22,6 +22,9 @@ parameters: description: The password for the Ironic service and db account, used by the Ironic services type: string hidden: true + MonitoringSubscriptionIronicApi: + default: 'overcloud-ironic-api' + type: string resources: IronicBase: @@ -36,27 +39,28 @@ outputs: description: Role data for the Ironic API role. value: service_name: ironic_api + monitoring_subscription: {get_param: MonitoringSubscriptionIronicApi} config_settings: map_merge: - get_attr: [IronicBase, role_data, config_settings] - # NOTE(dtantsur): the my_ip parameter is heavily overloaded in - # ironic. It's used as a default value for e.g. TFTP server IP, - # glance and neutron endpoints, virtual console IP. We override - # the TFTP server IP in ironic-conductor.yaml as it should not be - # the VIP, but rather a real IP of the controller. - - ironic::my_ip: {get_param: [EndpointMap, MysqlInternal, host]} - ironic::api::authtoken::password: {get_param: IronicPassword} + - ironic::api::authtoken::password: {get_param: IronicPassword} ironic::api::authtoken::project_name: 'service' ironic::api::authtoken::username: 'ironic' ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - ironic::api::host_ip: {get_input: ironic_api_network} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + ironic::api::host_ip: {get_param: [ServiceNetMap, IronicApiNetwork]} ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]} # This is used to build links in responses ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} - ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri]} - ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri]} - ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri]} + ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]} + ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} + ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} ironic::keystone::auth::auth_name: 'ironic' ironic::keystone::auth::password: {get_param: IronicPassword } ironic::keystone::auth::tenant: 'service' diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 27479f79..97369cdd 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -22,6 +22,9 @@ parameters: default: ['pxe_ipmitool', 'agent_ipmitool'] description: Enabled Ironic drivers type: comma_delimited_list + MonitoringSubscriptionIronicConductor: + default: 'overcloud-ironic-conductor' + type: string resources: IronicBase: @@ -36,6 +39,7 @@ outputs: description: Role data for the Ironic conductor role. value: service_name: ironic_conductor + monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor} config_settings: map_merge: - get_attr: [IronicBase, role_data, config_settings] @@ -44,12 +48,23 @@ outputs: ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} ironic::enabled_drivers: {get_param: IronicEnabledDrivers} - # Prevent tftp_server from defaulting to my_ip setting, which is - # controller VIP, not a real IP. - ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]} tripleo.ironic_conductor.firewall_rules: '134 ironic conductor TFTP': dport: 69 proto: udp + # NOTE(dtantsur): the my_ip parameter is heavily overloaded in + # ironic. It's used as a default value for e.g. TFTP server IP, + # glance and neutron endpoints, virtual console IP. We override + # the TFTP server IP in ironic-conductor.yaml as it should not be + # the VIP, but rather a real IP of the host. + ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]} + step_config: | include ::tripleo::profile::base::ironic::conductor diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index b783345b..2b069d67 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -28,12 +28,16 @@ parameters: Specifies the interface where the public-facing virtual ip will be assigned. This should be int_public when a VLAN is being used. type: string + MonitoringSubscriptionKeepalived: + default: 'overcloud-keepalived' + type: string outputs: role_data: description: Role data for the Keepalived role. value: service_name: keepalived + monitoring_subscription: {get_param: MonitoringSubscriptionKeepalived} config_settings: tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface} tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface} diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index c763c391..79033047 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -84,81 +84,98 @@ parameters: type: string description: Set the number of workers for keystone::wsgi::apache default: '"%{::processorcount}"' + MonitoringSubscriptionKeystone: + default: 'overcloud-kestone' + type: string + +resources: + + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + outputs: role_data: description: Role data for the Keystone role. value: service_name: keystone + monitoring_subscription: {get_param: MonitoringSubscriptionKeystone} config_settings: - keystone::database_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://keystone:' - - {get_param: AdminToken} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/keystone' - keystone::admin_token: {get_param: AdminToken} - keystone::roles::admin::password: {get_param: AdminPassword} - keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} - keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} - keystone::enable_proxy_headers_parsing: true - keystone::debug: {get_param: Debug} - keystone::db::mysql::password: {get_param: AdminToken} - keystone::rabbit_userid: {get_param: RabbitUserName} - keystone::rabbit_password: {get_param: RabbitPassword} - keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - keystone::rabbit_port: {get_param: RabbitClientPort} - keystone::notification_driver: {get_param: KeystoneNotificationDriver} - keystone::notification_format: {get_param: KeystoneNotificationFormat} - keystone::roles::admin::email: {get_param: AdminEmail} - keystone::roles::admin::password: {get_param: AdminPassword} - keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} - keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - keystone::endpoint::region: {get_param: KeystoneRegion} - keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} - keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} - keystone::db::mysql::user: keystone - keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - keystone::db::mysql::dbname: keystone - keystone::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - keystone::rabbit_heartbeat_timeout_threshold: 60 - keystone::cron::token_flush::maxdelay: 3600 - keystone::roles::admin::service_tenant: 'service' - keystone::roles::admin::admin_tenant: 'admin' - keystone::cron::token_flush::destination: '/dev/null' - keystone::config::keystone_config: - ec2/driver: - value: 'keystone.contrib.ec2.backends.sql.Ec2' - keystone::service_name: 'httpd' - keystone::wsgi::apache::ssl: false - - keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} - # override via extraconfig: - keystone::wsgi::apache::threads: 1 - keystone::db::database_db_max_retries: -1 - keystone::db::database_max_retries: -1 - tripleo.keystone.firewall_rules: - '111 keystone': - dport: - - 5000 - - 13000 - - 35357 - - 13357 - # NOTE: bind IP is found in Heat replacing the network name with the - # local node IP for the given network; replacement examples - # (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - # NOTE: this applies to all 4 bind IP settings below... - keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} - keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} - keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} - keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} + config_settings: + map_merge: + - get_attr: [ApacheServiceBase, role_data, config_settings] + - keystone::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://keystone:' + - {get_param: AdminToken} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/keystone' + keystone::admin_token: {get_param: AdminToken} + keystone::roles::admin::password: {get_param: AdminPassword} + keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} + keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone::enable_proxy_headers_parsing: true + keystone::debug: {get_param: Debug} + keystone::db::mysql::password: {get_param: AdminToken} + keystone::rabbit_userid: {get_param: RabbitUserName} + keystone::rabbit_password: {get_param: RabbitPassword} + keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + keystone::rabbit_port: {get_param: RabbitClientPort} + keystone::notification_driver: {get_param: KeystoneNotificationDriver} + keystone::notification_format: {get_param: KeystoneNotificationFormat} + keystone::roles::admin::email: {get_param: AdminEmail} + keystone::roles::admin::password: {get_param: AdminPassword} + keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} + keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + keystone::endpoint::region: {get_param: KeystoneRegion} + keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} + keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} + keystone::db::mysql::user: keystone + keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + keystone::db::mysql::dbname: keystone + keystone::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + keystone::rabbit_heartbeat_timeout_threshold: 60 + keystone::cron::token_flush::maxdelay: 3600 + keystone::roles::admin::service_tenant: 'service' + keystone::roles::admin::admin_tenant: 'admin' + keystone::cron::token_flush::destination: '/dev/null' + keystone::config::keystone_config: + ec2/driver: + value: 'keystone.contrib.ec2.backends.sql.Ec2' + keystone::service_name: 'httpd' + keystone::wsgi::apache::ssl: false + + keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} + # override via extraconfig: + keystone::wsgi::apache::threads: 1 + keystone::db::database_db_max_retries: -1 + keystone::db::database_max_retries: -1 + tripleo.keystone.firewall_rules: + '111 keystone': + dport: + - 5000 + - 13000 + - 35357 + - 13357 + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + # NOTE: this applies to all 4 bind IP settings below... + keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} + keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} + keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} + keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} step_config: | include ::tripleo::profile::base::keystone diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index b3987747..2e43730d 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -26,6 +26,9 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionManilaApi: + default: 'overcloud-manila-api' + type: string resources: ManilaBase: @@ -40,6 +43,7 @@ outputs: description: Role data for the Manila-api role. value: service_name: manila_api + monitoring_subscription: {get_param: MonitoringSubscriptionManilaApi} config_settings: map_merge: - get_attr: [ManilaBase, role_data, config_settings] diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml index a5122ba0..28addd68 100644 --- a/puppet/services/manila-scheduler.yaml +++ b/puppet/services/manila-scheduler.yaml @@ -30,6 +30,9 @@ parameters: description: The password for the manila service account. type: string hidden: true + MonitoringSubscriptionManilaScheduler: + default: 'overcloud-manila-scheduler' + type: string resources: ManilaBase: @@ -44,6 +47,7 @@ outputs: description: Role data for the Manila-scheduler role. value: service_name: manila_scheduler + monitoring_subscription: {get_param: MonitoringSubscriptionManilaScheduler} config_settings: map_merge: - get_attr: [ManilaBase, role_data, config_settings] @@ -65,4 +69,3 @@ outputs: - '/manila' step_config: | include ::tripleo::profile::base::manila::scheduler - diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml index 184f3694..e42d2fae 100644 --- a/puppet/services/manila-share.yaml +++ b/puppet/services/manila-share.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionManilaShare: + default: 'overcloud-manila-share' + type: string resources: ManilaBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Manila-share role. value: service_name: manila_share + monitoring_subscription: {get_param: MonitoringSubscriptionManilaShare} config_settings: map_merge: - get_attr: [ManilaBase, role_data, config_settings] diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml index 3b47261e..9e3f6375 100644 --- a/puppet/services/memcached.yaml +++ b/puppet/services/memcached.yaml @@ -18,12 +18,16 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionMemcached: + default: 'overcloud-memcached' + type: string outputs: role_data: description: Role data for the Memcached role. value: service_name: memcached + monitoring_subscription: {get_param: MonitoringSubscriptionMemcached} config_settings: # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml new file mode 100644 index 00000000..d7350d07 --- /dev/null +++ b/puppet/services/monitoring/sensu-base.yaml @@ -0,0 +1,68 @@ +heat_template_version: 2016-04-08 + +description: Sensu base service + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + type: json + MonitoringRabbitHost: + description: RabbitMQ host Sensu has to connect to. + type: string + default: '' + MonitoringRabbitPort: + default: 5672 + description: Set RabbitMQ subscriber port, change this if using SSL. + type: number + MonitoringRabbitUseSSL: + default: false + description: > + RabbitMQ client subscriber parameter to specify an SSL connection + to the RabbitMQ host. + type: string + MonitoringRabbitPassword: + description: The RabbitMQ password used for monitoring purposes. + type: string + hidden: true + MonitoringRabbitUserName: + description: The RabbitMQ username used for monitoring purposes. + type: string + default: sensu + MonitoringRabbitVhost: + description: The RabbitMQ vhost used for monitoring purposes. + type: string + default: '/sensu' + + +outputs: + role_data: + description: Role data for the Sensu role. + value: + service_name: sensu_base + config_settings: + sensu::enterprise: false + sensu::enterprise_dashboard: false + sensu::install_repo: false + sensu::manage_user: false + sensu::rabbitmq_host: {get_param: MonitoringRabbitHost} + sensu::rabbitmq_password: {get_param: MonitoringRabbitPassword} + sensu::rabbitmq_port: {get_param: MonitoringRabbitPort} + sensu::rabbitmq_ssl: {get_param: MonitoringRabbitUseSSL} + sensu::rabbitmq_user: {get_param: MonitoringRabbitUserName} + sensu::rabbitmq_vhost: {get_param: MonitoringRabbitVhost} + #sensu::redis_host: {get_param: MonitoringRedisHost} + #sensu::redis_password: {get_param: MonitoringRedisPassword} + sensu::sensu_plugin_provider: 'yum' + sensu::sensu_plugin_name: 'rubygem-sensu-plugin' + sensu::version: 'present' diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml new file mode 100644 index 00000000..3f37e750 --- /dev/null +++ b/puppet/services/monitoring/sensu-client.yaml @@ -0,0 +1,49 @@ +heat_template_version: 2016-04-08 + +description: Sensu client configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: > + Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SensuClientCustomConfig: + default: {} + description: Hash containing custom sensu-client variables. + type: json + label: Custom configuration for Sensu Client variables + +resources: + SensuBase: + type: ./sensu-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Sensu client role. + value: + service_name: sensu_client + monitoring_subscription: all + config_settings: + map_merge: + - get_attr: [SensuBase, role_data, config_settings] + - sensu::api: false + sensu::client: true + sensu::server: false + sensu::client_custom: {get_param: SensuClientCustomConfig} + step_config: | + include ::tripleo::profile::base::monitoring::sensu diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 35ac32db..da4ec26b 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -46,6 +46,9 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionNeutronServer: + default: 'overcloud-neutron-server' + type: string resources: @@ -61,6 +64,7 @@ outputs: description: Role data for the Neutron Server agent service. value: service_name: neutron_api + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer} config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] @@ -79,19 +83,19 @@ outputs: neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } neutron::keystone::auth::password: {get_param: NeutronPassword} neutron::keystone::auth::region: {get_param: KeystoneRegion} - neutron::server::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - neutron::server::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} neutron::server::api_workers: {get_param: NeutronWorkers} neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron::server::l3_ha: {get_param: NeutronL3HA} - neutron::server::password: {get_param: NeutronPassword} + neutron::keystone::authtoken::password: {get_param: NeutronPassword} neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] } neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } neutron::server::notifications::tenant_name: 'service' neutron::server::notifications::project_name: 'service' neutron::server::notifications::password: {get_param: NovaPassword} - neutron::server::project_name: 'service' + neutron::keystone::authtoken::project_name: 'service' neutron::server::sync_db: true neutron::db::mysql::password: {get_param: NeutronPassword} neutron::db::mysql::user: neutron @@ -111,5 +115,11 @@ outputs: '106 vrrp': proto: vrrp neutron::server::router_distributed: {get_param: NeutronEnableDVR} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]} step_config: | include tripleo::profile::base::neutron::server diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 39ffea24..4eb417c0 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -48,6 +48,15 @@ parameters: description: > Remove configuration that is not generated by TripleO. Setting to false may result in configuration remnants after updates/upgrades. + NeutronGlobalPhysnetMtu: + type: number + default: 1500 + description: | + MTU of the underlying physical network. Neutron uses this value to + calculate MTU for all virtual network components. For flat and VLAN + networks, neutron uses this value without modification. For overlay + networks such as VXLAN, neutron automatically subtracts the overlay + protocol overhead from this value. ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -87,3 +96,4 @@ outputs: neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed neutron::db::database_db_max_retries: -1 neutron::db::database_max_retries: -1 + neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu} diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index 513cb2d4..b2ad5dab 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -31,6 +31,9 @@ parameters: default: false description: If True, DHCP always provides metadata route to VM. type: boolean + MonitoringSubscriptionNeutronDhcp: + default: 'overcloud-neutron-dhcp' + type: string resources: @@ -46,6 +49,7 @@ outputs: description: Role data for the Neutron DHCP agent service. value: service_name: neutron_dhcp + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronDhcp} config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml index 0f3c2a70..5eb3e252 100644 --- a/puppet/services/neutron-l3-compute-dvr.yaml +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -26,6 +26,9 @@ parameters: description: Name of bridge used for external network traffic. type: string default: 'br-ex' + MonitoringSubscriptionNeutronL3Dvr: + default: 'overcloud-neutron-l3-dvr' + type: string resources: @@ -41,6 +44,7 @@ outputs: description: Role data for DVR L3 Agent on Compute Nodes value: service_name: neutron_l3_compute_dvr + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3Dvr} config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 54beee6b..de62a507 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -34,6 +34,9 @@ parameters: - allowed_values: - legacy - dvr_snat + MonitoringSubscriptionNeutronL3: + default: 'overcloud-neutron-l3-agent' + type: string resources: @@ -49,6 +52,7 @@ outputs: description: Role data for the Neutron L3 agent service. value: service_name: neutron_l3 + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3} config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index b9ec277a..320ae0ce 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -30,6 +30,9 @@ parameters: description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true + MonitoringSubscriptionNeutronMetadata: + default: 'overcloud-neutron-metadata' + type: string resources: @@ -45,6 +48,7 @@ outputs: description: Role data for the Neutron Metadata agent service. value: service_name: neutron_metadata + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMetadata} config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] @@ -53,5 +57,11 @@ outputs: neutron::agents::metadata::auth_password: {get_param: NeutronPassword} neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } neutron::agents::metadata::auth_tenant: 'service' + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + neutron::agents::metadata::metadata_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]} step_config: | include tripleo::profile::base::neutron::metadata diff --git a/puppet/services/neutron-midonet.yaml b/puppet/services/neutron-midonet.yaml index 48830d81..0de256c0 100644 --- a/puppet/services/neutron-midonet.yaml +++ b/puppet/services/neutron-midonet.yaml @@ -40,12 +40,16 @@ parameters: description: 'Whether enable Cassandra cluster on Controller' type: boolean default: false + MonitoringSubscriptionNeutronMidonet: + default: 'overcloud-neutron-midonet' + type: string outputs: role_data: description: Role data for the Neutron Midonet plugin and services value: service_name: neutron_midonet + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMidonet} config_settings: tripleo::profile::base::neutron::midonet::admin_password: {get_param: AdminPassword} tripleo::profile::base::neutron::midonet::keystone_admin_token: {get_param: AdminToken} diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 1b19f90f..36b609fc 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -53,6 +53,9 @@ parameters: description: | Enable ARP responder feature in the OVS Agent. type: boolean + MonitoringSubscriptionNeutronOvs: + default: 'overcloud-neutron-ovs-agent' + type: string resources: @@ -68,6 +71,7 @@ outputs: description: Role data for the Neutron OVS agent service. value: service_name: neutron_ovs_agent + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs} config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index 1f1e14ab..8ee98a3d 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -19,13 +19,15 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronDpdkCoreList: - default: "" description: List of cores to be used for DPDK Poll Mode Driver type: string + constraints: + - allowed_pattern: "[0-9,-]+" NeutronDpdkMemoryChannels: - default: "" description: Number of memory channels to be used for DPDK type: string + constraints: + - allowed_pattern: "[0-9]+" NeutronDpdkSocketMemory: default: "" description: Memory allocated for each socket diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml index 559500df..b9a93394 100644 --- a/puppet/services/neutron-sriov-agent.yaml +++ b/puppet/services/neutron-sriov-agent.yaml @@ -53,6 +53,6 @@ outputs: config_settings: neutron::agents::ml2::sriov::physical_device_mappings: {get_param: NeutronPhysicalDevMappings} neutron::agents::ml2::sriov::exclude_devices: {get_param: NeutronExcludeDevices} - neutron::agents::ml2::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs} + tripleo::host::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs} step_config: | include ::tripleo::profile::base::neutron::sriov diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index c2bd395e..e1dbd8e1 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -30,6 +30,22 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + NeutronMetadataProxySharedSecret: + description: Shared secret to prevent spoofing + type: string + hidden: true + InstanceNameTemplate: + default: 'instance-%08x' + description: Template string to be used to generate instance names + type: string + NovaEnableDBPurge: + default: true + description: | + Whether to create cron job for purging soft deleted rows in Nova database. + type: boolean + MonitoringSubscriptionNovaApi: + default: 'overcloud-nova-api' + type: string resources: NovaBase: @@ -44,6 +60,7 @@ outputs: description: Role data for the Nova API service. value: service_name: nova_api + monitoring_subscription: {get_param: MonitoringSubscriptionNovaApi} config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] @@ -75,5 +92,16 @@ outputs: nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} nova::keystone::auth::password: {get_param: NovaPassword} nova::keystone::auth::region: {get_param: KeystoneRegion} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + nova::api::api_bind_address: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + nova::api::instance_name_template: {get_param: InstanceNameTemplate} + nova_enable_db_purge: {get_param: NovaEnableDBPurge} + step_config: | include tripleo::profile::base::nova::api diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 471ece34..24a63bb4 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -95,14 +95,14 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_api' - nova::db::mysql::password: {get_input: nova_password} + nova::db::mysql::password: {get_param: NovaPassword} nova::db::mysql::user: nova nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} nova::db::mysql::dbname: nova nova::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" - nova::db::mysql_api::password: {get_input: nova_password} + nova::db::mysql_api::password: {get_param: NovaPassword} nova::db::mysql_api::user: nova_api nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} nova::db::mysql_api::dbname: nova_api diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 6bc1c187..ccdcb52f 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -60,6 +60,16 @@ parameters: Ex. NovaVcpuPinSet: ['4-12','^8'] will reserve cores from 4-12 excluding 8 type: comma_delimited_list default: [] + NovaReservedHostMemory: + description: > + Reserved RAM for host processes. + type: number + default: 2048 + constraints: + - range: { min: 512 } + MonitoringSubscriptionNovaCompute: + default: 'overcloud-nova-compute' + type: string resources: NovaBase: @@ -74,6 +84,7 @@ outputs: description: Role data for the Nova Compute service. value: service_name: nova_compute + monitoring_subscription: {get_param: MonitoringSubscriptionNovaCompute} config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] @@ -84,6 +95,7 @@ outputs: params: JSON_PARAM: {get_param: NovaPCIPassthrough} nova::compute::vcpu_pin_set: {get_param: NovaVcpuPinSet} + nova::compute::reserved_host_memory: {get_param: NovaReservedHostMemory} # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false tripleo::profile::base::nova::manage_migration: true @@ -108,11 +120,6 @@ outputs: # encryption work will obsolete the need to use TUNNELLED transport # mode. nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend} - # Changing the default from 512MB. The current templates can not deploy - # overclouds with swap. On an idle compute node, we see ~1024MB of RAM - # used. 2048 is suggested to account for other possible operations for - # example openvswitch. - nova::compute::reserved_host_memory: 2048 nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver} # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index 0b6169da..5dbc7cac 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -22,6 +22,9 @@ parameters: default: 0 description: Number of workers for Nova Conductor service. type: number + MonitoringSubscriptionNovaConductor: + default: 'overcloud-nova-conductor' + type: string resources: NovaBase: @@ -36,6 +39,7 @@ outputs: description: Role data for the Nova Conductor service. value: service_name: nova_conductor + monitoring_subscription: {get_param: MonitoringSubscriptionNovaConductor} config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml index 67ff2ec3..13e3a26a 100644 --- a/puppet/services/nova-consoleauth.yaml +++ b/puppet/services/nova-consoleauth.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionNovaConsoleauth: + default: 'overcloud-nova-consoleauth' + type: string resources: NovaBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Nova Consoleauth service. value: service_name: nova_consoleauth + monitoring_subscription: {get_param: MonitoringSubscriptionNovaConsoleauth} config_settings: get_attr: [NovaBase, role_data, config_settings] step_config: | diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 1ebec974..b5ca2437 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -21,6 +21,9 @@ parameters: NovaComputeLibvirtType: type: string default: kvm + MonitoringSubscriptionNovaLibvirt: + default: 'overcloud-nova-libvirt' + type: string resources: NovaBase: @@ -35,6 +38,7 @@ outputs: description: Role data for the Libvirt service. value: service_name: nova_libvirt + monitoring_subscription: {get_param: MonitoringSubscriptionNovaLibvirt} config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index c8f2591d..3ffc9c5a 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -29,6 +29,9 @@ parameters: An array of filters used by Nova to filter a node.These filters will be applied in the order they are listed, so place your most restrictive filters first to make the filtering process more efficient. + MonitoringSubscriptionNovaScheduler: + default: 'overcloud-nova-scheduler' + type: string resources: NovaBase: @@ -43,6 +46,7 @@ outputs: description: Role data for the Nova Scheduler service. value: service_name: nova_scheduler + monitoring_subscription: {get_param: MonitoringSubscriptionNovaScheduler} config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/nova-vncproxy.yaml b/puppet/services/nova-vncproxy.yaml index 0a1785d8..ce15fccc 100644 --- a/puppet/services/nova-vncproxy.yaml +++ b/puppet/services/nova-vncproxy.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionNovaVNCProxy: + default: 'overcloud-nova-vncproxy' + type: string resources: NovaBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Nova Vncproxy service. value: service_name: nova_vncproxy + monitoring_subscription: {get_param: MonitoringSubscriptionNovaVNCProxy} config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] @@ -46,5 +50,11 @@ outputs: '[': '' ']': '' nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]} step_config: | include tripleo::profile::base::nova::vncproxy diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index ac5b85c8..31016761 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -18,12 +18,16 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionPacemaker: + default: 'overcloud-pacemaker' + type: string outputs: role_data: description: Role data for the Pacemaker role. value: service_name: pacemaker + monitoring_subscription: {get_param: MonitoringSubscriptionPacemaker} config_settings: pacemaker::corosync::cluster_name: 'tripleo_cluster' pacemaker::corosync::manage_fw: false diff --git a/puppet/services/pacemaker/ceilometer-agent-central.yaml b/puppet/services/pacemaker/ceilometer-agent-central.yaml index 78714878..5dcb62ca 100644 --- a/puppet/services/pacemaker/ceilometer-agent-central.yaml +++ b/puppet/services/pacemaker/ceilometer-agent-central.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCeilometerCentral: + default: 'overcloud-ceilometer-agent-central' + type: string resources: CeilometerServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Ceilometer Central Agent pacemaker role. value: service_name: ceilometer_agent_central + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral} config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/ceilometer-agent-notification.yaml b/puppet/services/pacemaker/ceilometer-agent-notification.yaml index 6290203a..dbe14499 100644 --- a/puppet/services/pacemaker/ceilometer-agent-notification.yaml +++ b/puppet/services/pacemaker/ceilometer-agent-notification.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCeilometerNotification: + default: 'overcloud-ceilometer-agent-notification' + type: string resources: CeilometerServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Ceilometer Notification Agent pacemaker role. value: service_name: ceilometer_agent_notification + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerNotification} config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/ceilometer-api.yaml b/puppet/services/pacemaker/ceilometer-api.yaml index d130a4bb..4b6c18f6 100644 --- a/puppet/services/pacemaker/ceilometer-api.yaml +++ b/puppet/services/pacemaker/ceilometer-api.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCeilometerApi: + default: 'overcloud-ceilometer-api' + type: string resources: CeilometerServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Ceilometer API pacemaker role. value: service_name: ceilometer_api + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerApi} config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/ceilometer-collector.yaml b/puppet/services/pacemaker/ceilometer-collector.yaml index 97da92e8..4c919515 100644 --- a/puppet/services/pacemaker/ceilometer-collector.yaml +++ b/puppet/services/pacemaker/ceilometer-collector.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCeilometerCollector: + default: 'overcloud-ceilometer-collector' + type: string resources: CeilometerServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Ceilometer Collector pacemaker role. value: service_name: ceilometer_collector + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCollector} config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-api.yaml b/puppet/services/pacemaker/cinder-api.yaml index 7c83037d..e4bcfc3e 100644 --- a/puppet/services/pacemaker/cinder-api.yaml +++ b/puppet/services/pacemaker/cinder-api.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Cinder API role. value: service_name: cinder_api + monitoring_subscription: {get_attr: [CinderApiBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [CinderApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-backup.yaml b/puppet/services/pacemaker/cinder-backup.yaml index 7e940c7e..2ebc7680 100644 --- a/puppet/services/pacemaker/cinder-backup.yaml +++ b/puppet/services/pacemaker/cinder-backup.yaml @@ -48,6 +48,7 @@ outputs: description: Role data for the Cinder Backup role. value: service_name: cinder_backup + monitoring_subscription: {get_attr: [CinderBackupBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [CinderBackupBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-scheduler.yaml b/puppet/services/pacemaker/cinder-scheduler.yaml index 6f26b412..eb578e5c 100644 --- a/puppet/services/pacemaker/cinder-scheduler.yaml +++ b/puppet/services/pacemaker/cinder-scheduler.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Cinder Scheduler role. value: service_name: cinder_scheduler + monitoring_subscription: {get_attr: [CinderSchedulerBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [CinderSchedulerBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index ffcdb529..d5dedf34 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Cinder Volume role. value: service_name: cinder_volume + monitoring_subscription: {get_attr: [CinderVolumeBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [CinderVolumeBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml index ef4ba79a..684785af 100644 --- a/puppet/services/pacemaker/glance-api.yaml +++ b/puppet/services/pacemaker/glance-api.yaml @@ -57,6 +57,7 @@ outputs: description: Role data for the Glance role. value: service_name: glance_api + monitoring_subscription: {get_attr: [GlanceApiBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [GlanceApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml index e417f09f..5bcabcab 100644 --- a/puppet/services/pacemaker/glance-registry.yaml +++ b/puppet/services/pacemaker/glance-registry.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Glance role. value: service_name: glance_registry + monitoring_subscription: {get_attr: [GlanceRegistryBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [GlanceRegistryBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/gnocchi-api.yaml b/puppet/services/pacemaker/gnocchi-api.yaml index 42c7131d..6a9161fa 100644 --- a/puppet/services/pacemaker/gnocchi-api.yaml +++ b/puppet/services/pacemaker/gnocchi-api.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionGnocchiApi: + default: 'overcloud-gnocchi-api' + type: string resources: GnocchiServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Gnocchi role. value: service_name: gnocchi_api + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi} config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/gnocchi-metricd.yaml b/puppet/services/pacemaker/gnocchi-metricd.yaml index 177d7744..0f36b5d5 100644 --- a/puppet/services/pacemaker/gnocchi-metricd.yaml +++ b/puppet/services/pacemaker/gnocchi-metricd.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionGnocchiMetricd: + default: 'overcloud-gnocchi-metricd' + type: string resources: GnocchiServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Gnocchi role. value: service_name: gnocchi_metricd + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiMetricd} config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/gnocchi-statsd.yaml b/puppet/services/pacemaker/gnocchi-statsd.yaml index a247a514..b9afc590 100644 --- a/puppet/services/pacemaker/gnocchi-statsd.yaml +++ b/puppet/services/pacemaker/gnocchi-statsd.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionGnocchiStatsd: + default: 'overcloud-gnocchi-statsd' + type: string resources: GnocchiServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Gnocchi role. value: service_name: gnocchi_statsd + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiStatsd} config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml index de028339..52104a71 100644 --- a/puppet/services/pacemaker/haproxy.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -32,6 +32,7 @@ outputs: description: Role data for the HAproxy with pacemaker role. value: service_name: haproxy + monitoring_subscription: {get_attr: [LoadbalancerServiceBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [LoadbalancerServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-api-cfn.yaml b/puppet/services/pacemaker/heat-api-cfn.yaml index 155a35ec..eae01b58 100644 --- a/puppet/services/pacemaker/heat-api-cfn.yaml +++ b/puppet/services/pacemaker/heat-api-cfn.yaml @@ -32,6 +32,7 @@ outputs: description: Role data for the Heat CloudFormation API role. value: service_name: heat_api_cfn + monitoring_subscription: {get_attr: [HeatApiCfnBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [HeatApiCfnBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-api-cloudwatch.yaml b/puppet/services/pacemaker/heat-api-cloudwatch.yaml index 85927650..5608ae91 100644 --- a/puppet/services/pacemaker/heat-api-cloudwatch.yaml +++ b/puppet/services/pacemaker/heat-api-cloudwatch.yaml @@ -32,6 +32,7 @@ outputs: description: Role data for the Heat Cloudwatch API role. value: service_name: heat_api_cloudwatch + monitoring_subscription: {get_attr: [HeatApiCloudwatchBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [HeatApiCloudwatchBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-api.yaml b/puppet/services/pacemaker/heat-api.yaml index d7220619..6fd790c4 100644 --- a/puppet/services/pacemaker/heat-api.yaml +++ b/puppet/services/pacemaker/heat-api.yaml @@ -32,6 +32,7 @@ outputs: description: Role data for the Heat API role. value: service_name: heat_api + monitoring_subscription: {get_attr: [HeatApiBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [HeatApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-engine.yaml b/puppet/services/pacemaker/heat-engine.yaml index 579f5f10..b8c962a8 100644 --- a/puppet/services/pacemaker/heat-engine.yaml +++ b/puppet/services/pacemaker/heat-engine.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Heat engine role. value: service_name: heat_engine + monitoring_subscription: {get_attr: [HeatEngineBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [HeatEngineBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/horizon.yaml b/puppet/services/pacemaker/horizon.yaml index bd1ff046..18de23ae 100644 --- a/puppet/services/pacemaker/horizon.yaml +++ b/puppet/services/pacemaker/horizon.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Horizon role. value: service_name: horizon + monitoring_subscription: {get_attr: [HorizonBase, role_data, monitoring_subscription]} config_settings: get_attr: [HorizonBase, role_data, config_settings] step_config: | diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml index 701f01f1..0a479c9a 100644 --- a/puppet/services/pacemaker/keystone.yaml +++ b/puppet/services/pacemaker/keystone.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Keystone pacemaker role. value: service_name: keystone + monitoring_subscription: {get_attr: [KeystoneServiceBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [KeystoneServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/manila-share.yaml b/puppet/services/pacemaker/manila-share.yaml index 7479eb08..cabc31a0 100644 --- a/puppet/services/pacemaker/manila-share.yaml +++ b/puppet/services/pacemaker/manila-share.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the manila-share pacemaker role. value: service_name: manila_share + monitoring_subscription: {get_attr: [ManilaShareBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [ManilaShareBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/memcached.yaml b/puppet/services/pacemaker/memcached.yaml index e612d775..04b895b6 100644 --- a/puppet/services/pacemaker/memcached.yaml +++ b/puppet/services/pacemaker/memcached.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Memcached pacemaker role. value: service_name: memcached + monitoring_subscription: {get_attr: [MemcachedServiceBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [MemcachedServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml index f5f785e3..9b9e5849 100644 --- a/puppet/services/pacemaker/neutron-dhcp.yaml +++ b/puppet/services/pacemaker/neutron-dhcp.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Neutron DHCP role. value: service_name: neutron_dhcp + monitoring_subscription: {get_attr: [NeutronDhcpBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NeutronDhcpBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml index 87176632..21ac02d4 100644 --- a/puppet/services/pacemaker/neutron-l3.yaml +++ b/puppet/services/pacemaker/neutron-l3.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Neutron L3 role. value: service_name: neutron_l3 + monitoring_subscription: {get_attr: [NeutronL3Base, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NeutronL3Base, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml index e00c2424..8c22d42d 100644 --- a/puppet/services/pacemaker/neutron-metadata.yaml +++ b/puppet/services/pacemaker/neutron-metadata.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Neutron Metadata role. value: service_name: neutron_metadata + monitoring_subscription: {get_attr: [NeutronMetadataBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NeutronMetadataBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-midonet.yaml b/puppet/services/pacemaker/neutron-midonet.yaml index fb39ea44..fdd5dafb 100644 --- a/puppet/services/pacemaker/neutron-midonet.yaml +++ b/puppet/services/pacemaker/neutron-midonet.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Neutron Midonet plugin. value: service_name: neutron_midonet + monitoring_subscription: {get_attr: [NeutronMidonetBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NeutronMidonetBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-ovs-agent.yaml b/puppet/services/pacemaker/neutron-ovs-agent.yaml index 353c2958..18d60735 100644 --- a/puppet/services/pacemaker/neutron-ovs-agent.yaml +++ b/puppet/services/pacemaker/neutron-ovs-agent.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Neutron OVS agent service. value: service_name: neutron_ovs_agent + monitoring_subscription: {get_attr: [NeutronOvsBase, role_data, monitoring_subscription]} config_settings: get_attr: [NeutronOvsBase, role_data, config_settings] step_config: | diff --git a/puppet/services/pacemaker/neutron-server.yaml b/puppet/services/pacemaker/neutron-server.yaml index fc04e5ee..33bc2d99 100644 --- a/puppet/services/pacemaker/neutron-server.yaml +++ b/puppet/services/pacemaker/neutron-server.yaml @@ -37,6 +37,7 @@ outputs: description: Role data for the Neutron Server. value: service_name: neutron_server + monitoring_subscription: {get_attr: [NeutronServerBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NeutronServerBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-api.yaml b/puppet/services/pacemaker/nova-api.yaml index 709761e7..3d565348 100644 --- a/puppet/services/pacemaker/nova-api.yaml +++ b/puppet/services/pacemaker/nova-api.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Nova API role. value: service_name: nova_api + monitoring_subscription: {get_attr: [NovaApiBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NovaApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-conductor.yaml b/puppet/services/pacemaker/nova-conductor.yaml index 7a2313c7..9d55a48a 100644 --- a/puppet/services/pacemaker/nova-conductor.yaml +++ b/puppet/services/pacemaker/nova-conductor.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Nova Conductor role. value: service_name: nova_conductor + monitoring_subscription: {get_attr: [NovaConductorBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NovaConductorBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-consoleauth.yaml b/puppet/services/pacemaker/nova-consoleauth.yaml index 77550c80..814505fb 100644 --- a/puppet/services/pacemaker/nova-consoleauth.yaml +++ b/puppet/services/pacemaker/nova-consoleauth.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Nova Consoleauth role. value: service_name: nova_consoleauth + monitoring_subscription: {get_attr: [NovaConsoleauthBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NovaConsoleauthBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-scheduler.yaml b/puppet/services/pacemaker/nova-scheduler.yaml index 2571ec43..27692268 100644 --- a/puppet/services/pacemaker/nova-scheduler.yaml +++ b/puppet/services/pacemaker/nova-scheduler.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Nova Scheduler role. value: service_name: nova_scheduler + monitoring_subscription: {get_attr: [NovaSchedulerBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NovaSchedulerBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-vncproxy.yaml b/puppet/services/pacemaker/nova-vncproxy.yaml index e536826e..0ec5de68 100644 --- a/puppet/services/pacemaker/nova-vncproxy.yaml +++ b/puppet/services/pacemaker/nova-vncproxy.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Nova Vncproxy role. value: service_name: nova_vncproxy + monitoring_subscription: {get_attr: [NovaVncproxyBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NovaVncproxyBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml index 3eb01398..f3fa2d28 100644 --- a/puppet/services/pacemaker/rabbitmq.yaml +++ b/puppet/services/pacemaker/rabbitmq.yaml @@ -32,6 +32,7 @@ outputs: description: Role data for the RabbitMQ pacemaker role. value: service_name: rabbitmq + monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [RabbitMQServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml index e20b7a08..214e8dbb 100644 --- a/puppet/services/pacemaker/sahara-api.yaml +++ b/puppet/services/pacemaker/sahara-api.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Sahara API role. value: service_name: sahara_api + monitoring_subscription: {get_attr: [SaharaApiBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [SaharaApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml index 07de74ca..aa85115d 100644 --- a/puppet/services/pacemaker/sahara-engine.yaml +++ b/puppet/services/pacemaker/sahara-engine.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Sahara Engine role. value: service_name: sahara_engine + monitoring_subscription: {get_attr: [SaharaEngineBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [SaharaEngineBase, role_data, config_settings] diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 06595b07..a0669dcd 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -38,12 +38,16 @@ parameters: type: string default: '' hidden: true + MonitoringSubscriptionRabbitmq: + default: 'overcloud-rabbitmq' + type: string outputs: role_data: description: Role data for the RabbitMQ role. value: service_name: rabbitmq + monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq} config_settings: rabbitmq::file_limit: {get_param: RabbitFDLimit} rabbitmq::default_user: {get_param: RabbitUserName} diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index fae9c434..7f15ca72 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -30,6 +30,9 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionSaharaApi: + default: 'overcloud-sahara-api' + type: string resources: SaharaBase: @@ -44,6 +47,7 @@ outputs: description: Role data for the Sahara API role. value: service_name: sahara_api + monitoring_subscription: {get_param: MonitoringSubscriptionSaharaApi} config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index fcf4d485..9224fd5f 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionSaharaEngine: + default: 'overcloud-sahara-engine' + type: string resources: SaharaBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Sahara Engine role. value: service_name: sahara_engine + monitoring_subscription: {get_param: MonitoringSubscriptionSaharaEngine} config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index bb40001a..669e2872 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -49,5 +49,9 @@ outputs: yaql: expression: list($.data.s_names.where($ != null)) data: {s_names: {get_attr: [ServiceChain, role_data, service_name]}} + monitoring_subscriptions: + yaql: + expression: list($.data.subscriptions.where($ != null)) + data: {subscriptions: {get_attr: [ServiceChain, role_data, monitoring_subscription]}} config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index cba08090..d7b0cd7c 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -38,6 +38,9 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionSwiftProxy: + default: 'overcloud-swift-proxy' + type: string resources: SwiftBase: @@ -52,14 +55,15 @@ outputs: description: Role data for the Swift proxy service. value: service_name: swift_proxy + monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy} config_settings: map_merge: - get_attr: [SwiftBase, role_data, config_settings] - swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - swift::proxy::authtoken::admin_password: {get_param: SwiftPassword} - swift::proxy::authtoken::admin_tenant_name: 'service' + swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + swift::proxy::authtoken::password: {get_param: SwiftPassword} + swift::proxy::authtoken::project_name: 'service' swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} swift::proxy::workers: {get_param: SwiftWorkers} swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index 6c7c3c7a..91d52569 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -30,6 +30,9 @@ parameters: default: {} description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' type: json + MonitoringSubscriptionSwiftStorage: + default: 'overcloud-swift-storage' + type: string # DEPRECATED options for compatibility with overcloud.yaml # This should be removed and manipulation of the ControllerServices list @@ -58,6 +61,7 @@ outputs: description: Role data for the Swift Proxy role. value: service_name: swift_storage + monitoring_subscription: {get_param: MonitoringSubscriptionSwiftStorage} config_settings: map_merge: - get_attr: [SwiftBase, role_data, config_settings] diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index b933c542..a5bb1403 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -84,6 +84,9 @@ parameters: ServiceNames: type: comma_delimited_list default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -242,6 +245,7 @@ resources: service_names: mapped_data: service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} service_configs: mapped_data: map_replace: diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index d75aeb4f..7b3d3473 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -17,6 +17,8 @@ import traceback import yaml +required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords'] + def exit_usage(): print('Usage %s <yaml file or directory>' % sys.argv[0]) sys.exit(1) @@ -40,7 +42,6 @@ def validate_service(filename, tpl): % filename) return 1 if 'parameters' in tpl: - required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords'] for param in required_params: if param not in tpl['parameters']: print('ERROR: parameter %s is required for %s.' @@ -64,6 +65,8 @@ def validate(filename): return 1 # yaml is OK, now walk the parameters and output a warning for unused ones for p in tpl.get('parameters', {}): + if p in required_params: + continue str_p = '\'%s\'' % p in_resources = str_p in str(tpl.get('resources', {})) in_outputs = str_p in str(tpl.get('outputs', {})) |