diff options
61 files changed, 1441 insertions, 1301 deletions
diff --git a/deployed-server/README.rst b/deployed-server/README.rst new file mode 100644 index 00000000..ce74e77b --- /dev/null +++ b/deployed-server/README.rst @@ -0,0 +1,129 @@ +TripleO with Deployed Servers +============================= + +The deployed-server set of templates can be used to deploy TripleO via +tripleo-heat-templates to servers that are already installed with a base +operating system. + +When OS::TripleO::Server is mapped to the deployed-server.yaml template via the +provided deployed-server-environment.yaml resource registry, Nova and Ironic +are not used to create any server instances. Heat continues to create the +SoftwareDeployment resources, and they are made available to the already +deployed and running servers. + +Template Usage +-------------- +To use these templates pass the included environment file to the deployment +command:: + + -e deployed-server/deployed-server-environment.yaml + +Deployed Server configuration +----------------------------- +It is currently assumed that the deployed servers being used have the required +set of software and packages already installed on them. These exact +requirements must match how such a server would look if it were deployed the +standard way via Ironic using the TripleO overcloud-full image. + +An easy way to help get this setup for development is to use an overcloud-full +image from an already existing TripleO setup. Create the vm's for the already +deployed server, and use the overcloud-full image as their disk. + +Each server must have a fqdn set that resolves to an IP address on a routable +network (e.g., the hostname should not resolve to 127.0.0.1). The hostname +will be detected on each server via the hostnamectl --static command. + +Each server also must have a route to the configured IP address on the +undercloud where the OpenStack services are listening. This is the value for +local_ip in the undercloud.conf. + +It's recommended that each server have at least 2 nic's. One used for external +management such as ssh, and one used for the OpenStack deployment itself. Since +the overcloud deployment will reconfigure networking on the configured nic to +be used by OpenStack, the external management nic is needed as a fallback so +that all connectivity is not lost in case of a configuration error. Be sure to +use correct nic config templates as needed, since the nodes will not receive +dhcp from the undercloud neutron-dhcp-agent service. + +For example, the net-config-static-bridge.yaml template could be used for +controllers, and the net-config-static.yaml template could be used for computes +by specifying: + +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: /home/stack/deployed-server/tripleo-heat-templates/net-config-static-bridge.yaml + OS::TripleO::Compute::Net::SoftwareConfig: /home/stack/deployed-server/tripleo-heat-templates/net-config-static.yaml + +In a setup where the first nic on the servers is used for external management, +set the nic's to be used for OpenStack to nic2: + +parameter_defaults: + NeutronPublicInterface: nic2 + HypervisorNeutronPublicInterface: nic2 + +The above nic config templates also require a route to the ctlplane network to +be defined. Define the needed parameters as necessary for your environment, for +example: + +parameter_defaults: + ControlPlaneDefaultRoute: 192.168.122.130 + ControlPlaneSubnetCidr: "24" + EC2MetadataIp: "192.0.2.1" + +In this example, 192.168.122.130 is the external management IP of an +undercloud, thus it is the default route for the configured local_ip value of +192.0.2.1. + + +os-collect-config +----------------- +os-collect-config on each deployed server must be manually configured to poll +the Heat API for the available SoftwareDeployments. An example configuration +for /etc/os-collect-config.conf looks like: + + [DEFAULT] + collectors=heat + command=os-refresh-config + + [heat] + # you can get these values from stackrc on the undercloud + user_id=<a user that can connect to heat> # note this must be the ID, not the username + password=<a password> + auth_url=<keystone url> + project_id=<project_id> # note, this must be the ID, not project name + stack_id=<stack_id> + resource_name=<resource_name> + +Note that the stack_id value is the id of the nested stack containing the +resource (identified by resource_name) implemented by the deployed-server.yaml +templates. + +Once the configuration for os-collect-config has been defined, the service +needs to be restarted. Once restarted, it will start polling Heat and applying +the SoftwareDeployments. + +A sample script at deployed-server/scripts/get-occ-config.sh is included that +will automatically generate the os-collect-config configuration needed on each +server, ssh to each server, copy the configuration, and restart the +os-collect-config service. + +.. warning:: + The get-occ-config.sh script is not intended for production use, as it + copies admin credentials to each of the deployed nodes. + +The script can only be used once the stack id's of the nested deployed-server +stacks have been created via Heat. This usually only takes a couple of minutes +once the deployment command has been started. Once the following output is seen +from the deployment command, the script should be ready to run: + + [Controller]: CREATE_IN_PROGRESS state changed + [NovaCompute]: CREATE_IN_PROGRESS state changed + +The user running the script must be able to ssh as root to each server. Define +the hostnames of the deployed servers you intend to use for each role type:: + + export controller_hosts="controller0 controller1 controller2" + export compute_hosts="compute0" + +Then run the script on the undercloud with a stackrc file sourced, and +the script will copy the needed os-collect-config.conf configuration to each +server and restart the os-collect-config service. diff --git a/deployed-server/deployed-server-config.yaml b/deployed-server/deployed-server-config.yaml new file mode 100644 index 00000000..8c59dc72 --- /dev/null +++ b/deployed-server/deployed-server-config.yaml @@ -0,0 +1,22 @@ +heat_template_version: 2014-10-16 +parameters: + user_data_format: + type: string + default: SOFTWARE_CONFIG + +resources: + # We just need something which returns a unique ID, but we can't + # use RandomString because RefId returns the value, not the physical + # resource ID, SoftwareConfig should work as it returns a UUID + deployed-server-config: + type: OS::Heat::SoftwareConfig + +outputs: + # FIXME(shardy) this is needed because TemplateResource returns an + # ARN not a UUID, which overflows the Deployment server_id column.. + user_data_format: + value: SOFTWARE_CONFIG + OS::stack_id: + value: {get_resource: deployed-server-config} + + diff --git a/deployed-server/deployed-server.yaml b/deployed-server/deployed-server.yaml new file mode 100644 index 00000000..81941047 --- /dev/null +++ b/deployed-server/deployed-server.yaml @@ -0,0 +1,122 @@ +heat_template_version: 2014-10-16 +parameters: + image: + type: string + default: unused + flavor: + type: string + default: unused + key_name: + type: string + default: unused + security_groups: + type: json + default: [] + # Require this so we can validate the parent passes the + # correct value + user_data_format: + type: string + user_data: + type: string + default: '' + name: + type: string + default: '' + image_update_policy: + type: string + default: '' + networks: + type: comma_delimited_list + default: '' + metadata: + type: json + default: {} + software_config_transport: + default: POLL_SERVER_CFN + type: string + scheduler_hints: + type: json + description: Optional scheduler hints to pass to nova + default: {} + +resources: + # We just need something which returns a unique ID, but we can't + # use RandomString because RefId returns the value, not the physical + # resource ID, SoftwareConfig should work as it returns a UUID + deployed-server: + type: OS::TripleO::DeployedServerConfig + properties: + user_data_format: SOFTWARE_CONFIG + + InstanceIdConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + instance-id: {get_attr: [deployed-server, "OS::stack_id"]} + + InstanceIdDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: InstanceIdConfig} + server: {get_resource: deployed-server} + + HostsEntryConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/bash + set -eux + mkdir -p $heat_outputs_path + host=$(hostnamectl --static) + echo -n "$host " > $heat_outputs_path.hosts_entry + host_ip=$(python -c "import socket; print socket.gethostbyname(\"$host\")") + echo -n "$host_ip " >> $heat_outputs_path.hosts_entry + echo >> $heat_outputs_path.hosts_entry + cat $heat_outputs_path.hosts_entry + echo -n $host_ip > $heat_outputs_path.ip_address + cat $heat_outputs_path.ip_address + echo -n $host > $heat_outputs_path.hostname + cat $heat_outputs_path.hostname + outputs: + - name: hosts_entry + description: hosts_entry + - name: ip_address + description: ip_address + - name: hostname + description: hostname + + HostsEntryDeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: HostsEntryConfig} + server: {get_resource: deployed-server} + + ControlPlanePort: + type: OS::Neutron::Port + properties: + network: ctlplane + name: + list_join: + - '-' + - - {get_attr: [HostsEntryDeployment, hostname]} + - ctlplane + - port + replacement_policy: AUTO + +outputs: + # FIXME(shardy) this is needed because TemplateResource returns an + # ARN not a UUID, which overflows the Deployment server_id column.. + OS::stack_id: + value: {get_attr: [deployed-server, "OS::stack_id"]} + networks: + value: + ctlplane: + - {get_attr: [ControlPlanePort, fixed_ips, 0, ip_address]} + name: + value: {get_attr: [HostsEntryDeployment, hostname]} + hosts_entry: + value: {get_attr: [HostsEntryDeployment, hosts_entry]} + ip_address: + value: {get_attr: [HostsEntryDeployment, ip_address]} diff --git a/deployed-server/scripts/get-occ-config.sh b/deployed-server/scripts/get-occ-config.sh new file mode 100755 index 00000000..b4cedea2 --- /dev/null +++ b/deployed-server/scripts/get-occ-config.sh @@ -0,0 +1,113 @@ +#!/bin/bash + +set -eux + +SLEEP_TIME=5 + +CONTROLLER_HOSTS=${CONTROLLER_HOSTS:-""} +COMPUTE_HOSTS=${COMPUTE_HOSTS:-""} +BLOCKSTORAGE_HOSTS=${BLOCKSTORAGE_HOSTS:-""} +OBJECTSTORAGE_HOSTS=${OBJECTSTORAGE_HOSTS:-""} +CEPHSTORAGE_HOSTS=${CEPHSTORAGE_HOSTS:-""} +SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"~/.ssh/id_rsa"} +SSH_OPTIONS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Verbose -o PasswordAuthentication=no -o ConnectionAttempts=32" + +read -a Controller_hosts_a <<< $CONTROLLER_HOSTS +read -a Compute_hosts_a <<< $COMPUTE_HOSTS +read -a BlockStorage_hosts_a <<< $BLOCKSTORAGE_HOSTS +read -a ObjectStorage_hosts_a <<< $OBJECTSTORAGE_HOSTS +read -a CephStorage_hosts_a <<< $CEPHSTORAGE_HOSTS + +roles="Controller Compute BlockStorage ObjectStorage CephStorage" +admin_user_id=$(openstack user show admin -c id -f value) +admin_project_id=$(openstack project show admin -c id -f value) + +function check_stack { + local stack_to_check=$1 + + if [ "$stack_to_check" = "|" ]; then + echo Stack not created + return 1 + fi + + echo Checking if $1 stack is created + set +e + heat resource-list $stack_to_check + rc=$? + set -e + + if [ ! "$rc" = "0" ]; then + echo Stack $1 not yet created + fi + + return $rc +} + + +for role in $roles; do + while ! check_stack overcloud; do + sleep $SLEEP_TIME + done + + rg_stack=$(heat resource-list overcloud | grep " $role " | awk '{print $4}') + while ! check_stack $rg_stack; do + sleep $SLEEP_TIME + rg_stack=$(heat resource-list overcloud | grep " $role " | awk '{print $4}') + done + + stacks=$(heat resource-list $rg_stack | grep OS::TripleO::$role | awk '{print $4}') + + i=0 + + for stack in $stacks; do + server_resource_name=$role + if [ "$server_resource_name" = "Compute" ]; then + server_resource_name="NovaCompute" + fi + + server_stack=$(heat resource-list $stack | grep " $server_resource_name " | awk '{print $4}') + while ! check_stack $server_stack; do + sleep $SLEEP_TIME + server_stack=$(heat resource-list $stack | grep " $server_resource_name " | awk '{print $4}') + done + + deployed_server_stack=$(heat resource-list $server_stack | grep "deployed-server" | awk '{print $4}') + + echo "======================" + echo "$role$i os-collect-config.conf configuration:" + + config=" +[DEFAULT] +collectors=heat +command=os-refresh-config +polling_interval=30 + +[heat] +user_id=$admin_user_id +password=$OS_PASSWORD +auth_url=$OS_AUTH_URL +project_id=$admin_project_id +stack_id=$deployed_server_stack +resource_name=deployed-server-config" + + echo "$config" + echo "======================" + echo + + + host= + eval host=\${${role}_hosts_a[i]} + if [ -n "$host" ]; then + # Delete the os-collect-config.conf template so our file won't get + # overwritten + ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo /bin/rm -f /usr/libexec/os-apply-config/templates/etc/os-collect-config.conf + ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host "echo \"$config\" > os-collect-config.conf" + ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo cp os-collect-config.conf /etc/os-collect-config.conf + ssh $SSH_OPTIONS -i $SUBNODES_SSH_KEY $host sudo systemctl restart os-collect-config + fi + + let i+=1 + + done + +done diff --git a/environments/deployed-server-environment.yaml b/environments/deployed-server-environment.yaml new file mode 100644 index 00000000..3c9e3459 --- /dev/null +++ b/environments/deployed-server-environment.yaml @@ -0,0 +1,3 @@ +resource_registry: + OS::TripleO::Server: ../deployed-server/deployed-server.yaml + OS::TripleO::DeployedServerConfig: ../deployed-server/deployed-server-config.yaml diff --git a/environments/docker.yaml b/environments/docker.yaml index a7e2504c..c03d8511 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -5,8 +5,6 @@ resource_registry: parameter_defaults: NovaImage: atomic-image - -parameter_defaults: # Defaults to 'tripleoupstream'. Specify a local docker registry # Example: 192.0.2.1:8787/tripleoupstream DockerNamespace: tripleoupstream diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml index 71b2c71a..289ec2e3 100644 --- a/environments/enable-tls.yaml +++ b/environments/enable-tls.yaml @@ -35,6 +35,7 @@ parameter_defaults: KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'} KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'} MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} + MysqlNoBracketsInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'} NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'} NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'} diff --git a/environments/network-isolation.yaml b/environments/network-isolation.yaml index c0420c5c..737d7d36 100644 --- a/environments/network-isolation.yaml +++ b/environments/network-isolation.yaml @@ -1,16 +1,15 @@ # Enable the creation of Neutron networks for isolated Overcloud # traffic and configure each role to assign ports (related # to that role) on these networks. -# Many networks are disabled by default because they are not used -# in a typical configuration. Override via parameter_defaults. resource_registry: OS::TripleO::Network::External: ../network/external.yaml OS::TripleO::Network::InternalApi: ../network/internal_api.yaml OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml OS::TripleO::Network::Storage: ../network/storage.yaml OS::TripleO::Network::Tenant: ../network/tenant.yaml - # Management network is optional and disabled by default - OS::TripleO::Network::Management: OS::Heat::None + # Management network is optional and disabled by default. + # To enable it, include environments/network-management.yaml + #OS::TripleO::Network::Management: ../network/management.yaml # Port assignments for the VIPs OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml @@ -19,13 +18,15 @@ resource_registry: OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml + # Port assignments for service virtual IPs for the controller role + OS::TripleO::Controller::Ports::RedisVipPort: ../network/ports/vip.yaml # Port assignments for the controller role OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant.yaml - OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/noop.yaml + #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management.yaml # Port assignments for the compute role OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml @@ -33,7 +34,7 @@ resource_registry: OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant.yaml - OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/noop.yaml + #OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management.yaml # Port assignments for the ceph storage role OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml @@ -41,7 +42,7 @@ resource_registry: OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml - OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/noop.yaml + #OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management.yaml # Port assignments for the swift storage role OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml @@ -49,7 +50,7 @@ resource_registry: OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml - OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/noop.yaml + #OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management.yaml # Port assignments for the block storage role OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml @@ -57,7 +58,5 @@ resource_registry: OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml - OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/noop.yaml + #OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml - # Port assignments for service virtual IPs for the controller role - OS::TripleO::Controller::Ports::RedisVipPort: ../network/ports/vip.yaml diff --git a/environments/neutron-midonet.yaml b/environments/neutron-midonet.yaml index 90b98ae8..c120d0b3 100644 --- a/environments/neutron-midonet.yaml +++ b/environments/neutron-midonet.yaml @@ -4,8 +4,10 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../net-config-linux-bridge.yaml # We have to avoid any ovs bridge. MidoNet is incompatible with its datapath OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None # Override the NeutronCorePlugin to use Nuage OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginMidonet + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-midonet.yaml parameter_defaults: EnableZookeeperOnController: true diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml index 28056b35..e157ae35 100644 --- a/environments/neutron-nuage-config.yaml +++ b/environments/neutron-nuage-config.yaml @@ -4,8 +4,10 @@ resource_registry: OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None # Override the NeutronCorePlugin to use Nuage OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginNuage + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-nuage.yaml parameter_defaults: NeutronNuageOSControllerIp: '0.0.0.0' diff --git a/environments/neutron-opencontrail.yaml b/environments/neutron-opencontrail.yaml index 340bac78..4895287e 100644 --- a/environments/neutron-opencontrail.yaml +++ b/environments/neutron-opencontrail.yaml @@ -6,8 +6,10 @@ resource_registry: OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None # Override the NeutronCorePlugin to use Nuage OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginOpencontrail + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-opencontrail.yaml parameter_defaults: NeutronCorePlugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2 diff --git a/environments/neutron-plumgrid.yaml b/environments/neutron-plumgrid.yaml index 08ace103..87946211 100755 --- a/environments/neutron-plumgrid.yaml +++ b/environments/neutron-plumgrid.yaml @@ -6,8 +6,10 @@ resource_registry: OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None # Override the Neutron core plugin to use PLUMgrid OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginPlumgrid + OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-plumgrid.yaml parameter_defaults: NeutronCorePlugin: networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2 diff --git a/environments/puppet-ceph-devel.yaml b/environments/puppet-ceph-devel.yaml index ad542bee..a9e459df 100644 --- a/environments/puppet-ceph-devel.yaml +++ b/environments/puppet-ceph-devel.yaml @@ -13,6 +13,7 @@ parameter_defaults: CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' NovaEnableRbdBackend: true CinderEnableRbdBackend: true GlanceBackend: rbd diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index 8043ccbf..6116dee6 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -33,6 +33,7 @@ resource_registry: OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml OS::TripleO::Services::HAproxy: ../puppet/services/pacemaker/haproxy.yaml OS::TripleO::Services::Memcached: ../puppet/services/pacemaker/memcached.yaml + OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml OS::TripleO::Services::NovaConductor: ../puppet/services/pacemaker/nova-conductor.yaml OS::TripleO::Services::MongoDb: ../puppet/services/pacemaker/database/mongodb.yaml @@ -40,3 +41,12 @@ resource_registry: OS::TripleO::Services::NovaScheduler: ../puppet/services/pacemaker/nova-scheduler.yaml OS::TripleO::Services::NovaConsoleauth: ../puppet/services/pacemaker/nova-consoleauth.yaml OS::TripleO::Services::NovaVncproxy: ../puppet/services/pacemaker/nova-vncproxy.yaml + OS::TripleO::Services::CeilometerApi: ../puppet/services/pacemaker/ceilometer-api.yaml + OS::TripleO::Services::CeilometerCollector: ../puppet/services/pacemaker/ceilometer-collector.yaml + OS::TripleO::Services::CeilometerAgentCentral: ../puppet/services/pacemaker/ceilometer-agent-central.yaml + OS::TripleO::Services::CeilometerAgentNotification: ../puppet/services/pacemaker/ceilometer-agent-notification.yaml + #Gnocchi services + OS::TripleO::Services::GnocchiApi: ../puppet/services/pacemaker/gnocchi-api.yaml + OS::TripleO::Services::GnocchiMetricd: ../puppet/services/pacemaker/gnocchi-metricd.yaml + OS::TripleO::Services::GnocchiStatsd: ../puppet/services/pacemaker/gnocchi-statsd.yaml + OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml diff --git a/environments/storage-environment.yaml b/environments/storage-environment.yaml index 2529ea14..0128cabd 100644 --- a/environments/storage-environment.yaml +++ b/environments/storage-environment.yaml @@ -61,3 +61,5 @@ parameter_defaults: # CephMonKey: '' ## Ceph admin key, e.g. 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' # CephAdminKey: '' + ## Ceph client key, e.g 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + # CephClientKey: '' diff --git a/net-config-static-bridge-with-external-dhcp.yaml b/net-config-static-bridge-with-external-dhcp.yaml new file mode 100644 index 00000000..6dbe5982 --- /dev/null +++ b/net-config-static-bridge-with-external-dhcp.yaml @@ -0,0 +1,99 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to drive os-net-config for a simple bridge configured + with a static IP address for the ctlplane network. + +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: + default: '' + description: IP address/subnet on the management network + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string + +resources: + OsNetConfigImpl: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + os_net_config: + network_config: + - + type: ovs_bridge + name: {get_input: bridge_name} + use_dhcp: true + members: + - + type: interface + name: {get_input: interface_name} + # force the MAC address of the bridge to this interface + primary: true + - + type: interface + # would like to do the following, but can't b/c of: + # https://bugs.launchpad.net/heat/+bug/1344284 + # name: + # list_join: + # - '/' + # - - {get_input: bridge_name} + # - ':0' + # So, just hardcode to br-ex:0 for now, br-ex is hardcoded in + # controller.yaml anyway. + name: br-ex:0 + addresses: + - + ip_netmask: + list_join: + - '/' + - - {get_param: ControlPlaneIp} + - {get_param: ControlPlaneSubnetCidr} + routes: + - + ip_netmask: 169.254.169.254/32 + next_hop: {get_param: EC2MetadataIp} + - + default: true + next_hop: {get_param: ControlPlaneDefaultRoute} + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: {get_resource: OsNetConfigImpl} diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index 591b0300..14250720 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -20,7 +20,6 @@ resource_registry: OS::TripleO::SwiftDevicesAndProxy::SoftwareConfig: puppet/swift-devices-and-proxy-config.yaml OS::TripleO::CephClusterConfig::SoftwareConfig: puppet/ceph-cluster-config.yaml OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml - OS::TripleO::BootstrapNode::SoftwareConfig: puppet/bootstrap-config.yaml # Tasks (for internal TripleO usage) OS::TripleO::Tasks::UpdateWorkflow: OS::Heat::None @@ -28,6 +27,9 @@ resource_registry: OS::TripleO::Tasks::ControllerPrePuppet: OS::Heat::None OS::TripleO::Tasks::ControllerPostPuppet: OS::Heat::None + + OS::TripleO::Server: OS::Nova::Server + # This creates the "heat-admin" user for all OS images by default # To disable, replace with firstboot/userdata_default.yaml OS::TripleO::NodeAdminUserData: firstboot/userdata_heat_admin.yaml @@ -142,17 +144,23 @@ resource_registry: OS::TripleO::Services::IronicApi: puppet/services/ironic-api.yaml OS::TripleO::Services::IronicConductor: puppet/services/ironic-conductor.yaml OS::TripleO::Services::Kernel: puppet/services/kernel.yaml + OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml OS::TripleO::Services::NeutronServer: puppet/services/neutron-server.yaml OS::TripleO::Services::NeutronCorePlugin: puppet/services/neutron-plugin-ml2.yaml + # can be the same as NeutronCorePlugin but some vendors install different + # things where VMs run + OS::TripleO::Services::ComputeNeutronCorePlugin: puppet/services/neutron-plugin-ml2.yaml # Neutron Core Plugin Vendors (these typically override NeutronCorePlugin) OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml OS::TripleO::Services::NeutronCorePluginOpencontrail: puppet/services/neutron-plugin-opencontrail.yaml OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml + OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml + OS::TripleO::Services::Pacemaker: OS::Heat::None OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml OS::TripleO::Services::Keepalived: puppet/services/keepalived.yaml @@ -173,6 +181,17 @@ resource_registry: OS::TripleO::Services::SwiftStorage: puppet/services/swift-storage.yaml OS::TripleO::Services::Snmp: puppet/services/snmp.yaml OS::TripleO::Services::Timezone: puppet/services/time/timezone.yaml + OS::TripleO::Services::CeilometerApi: puppet/services/ceilometer-api.yaml + OS::TripleO::Services::CeilometerCollector: puppet/services/ceilometer-collector.yaml + OS::TripleO::Services::CeilometerExpirer: puppet/services/ceilometer-expirer.yaml + OS::TripleO::Services::CeilometerAgentCentral: puppet/services/ceilometer-agent-central.yaml + OS::TripleO::Services::CeilometerAgentNotification: puppet/services/ceilometer-agent-notification.yaml + OS::TripleO::Services::ComputeCeilometerAgent: puppet/services/ceilometer-agent-compute.yaml + OS::TripleO::Services::Horizon: puppet/services/horizon.yaml + #Gnocchi services + OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml + OS::TripleO::Services::GnocchiMetricd: puppet/services/gnocchi-metricd.yaml + OS::TripleO::Services::GnocchiStatsd: puppet/services/gnocchi-statsd.yaml parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.yaml b/overcloud.yaml index 845b990e..aeb1c1bb 100644 --- a/overcloud.yaml +++ b/overcloud.yaml @@ -20,24 +20,6 @@ parameters: description: The password for the aodh services. type: string hidden: true - CeilometerBackend: - default: 'mongodb' - description: The ceilometer backend type. - type: string - CeilometerMeteringSecret: - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - description: The password for the ceilometer service account. - type: string - hidden: true - CeilometerMeterDispatcher: - default: 'database' - description: Dispatcher to process meter data - type: string - constraints: - - allowed_values: ['gnocchi', 'database'] CinderEnableNfsBackend: default: false description: Whether to enable or not the NFS backend for Cinder @@ -66,10 +48,6 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string - HorizonAllowedHosts: - default: '*' - description: A list of IP/Hostname allowed to connect to horizon - type: comma_delimited_list ImageUpdatePolicy: default: 'REBUILD_PRESERVE_EPHEMERAL' description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. @@ -90,38 +68,10 @@ parameters: default: false description: Enable IPv6 features in Memcached. type: boolean - NeutronBridgeMappings: - description: > - The OVS logical->physical bridge mappings to use. See the Neutron - documentation for details. Defaults to mapping br-ex - the external - bridge on hosts - to a physical name 'datacentre' which can be used - to create provider networks (and we use this for the default floating - network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name. - type: comma_delimited_list - default: "datacentre:br-ex" NeutronControlPlaneID: default: 'ctlplane' type: string description: Neutron ID or name for ctlplane network. - NeutronEnableTunnelling: - type: string - default: "True" - NeutronEnableL2Pop: - type: string - description: > - Enable/disable the L2 population feature in the Neutron agents. - default: "False" - NeutronFlatNetworks: - type: comma_delimited_list - default: 'datacentre' - description: > - If set, flat networks to configure in neutron plugins. Defaults to - 'datacentre' to permit external network creation. - NeutronNetworkType: - default: 'vxlan' - description: The tenant network type for Neutron. - type: comma_delimited_list NeutronPassword: description: The password for the neutron service account, used by neutron agents. type: string @@ -130,61 +80,6 @@ parameters: default: nic1 description: What interface to bridge onto br-ex for network nodes. type: string - NeutronMetadataProxySharedSecret: - description: Shared secret to prevent spoofing - type: string - hidden: true - NeutronTenantMtu: - description: > - The default MTU for tenant networks. For VXLAN/GRE tunneling, this should - be at least 50 bytes smaller than the MTU on the physical network. This - value will be used to set the MTU on the virtual Ethernet device. - This value will be used to construct the NeutronDnsmasqOptions, since that - will determine the MTU that is assigned to the VM host through DHCP. - default: "1400" - type: string - NeutronTunnelTypes: - default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. - type: comma_delimited_list - type: comma_delimited_list - NeutronCorePlugin: - default: 'ml2' - description: | - The core plugin for Neutron. The value should be the entrypoint to be loaded - from neutron.core_plugins namespace. - type: string - NeutronServicePlugins: - default: "router,qos" - description: | - Comma-separated list of service plugin entrypoints to be loaded from the - neutron.service_plugins namespace. - type: comma_delimited_list - NeutronTypeDrivers: - default: "vxlan,vlan,flat,gre" - description: | - Comma-separated list of network type driver entrypoints to be loaded. - type: comma_delimited_list - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. - type: comma_delimited_list - type: comma_delimited_list - NeutronAgentExtensions: - default: "qos" - description: | - Comma-separated list of extensions enabled for the Neutron agents. - type: comma_delimited_list - NeutronAllowL3AgentFailover: - default: 'False' - description: Allow automatic l3-agent failover - type: string - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string NovaIPv6: default: false description: Enable IPv6 features in Nova @@ -327,19 +222,6 @@ parameters: ] } type: json - GnocchiBackend: - default: file - description: The short name of the Gnocchi backend to use. Should be one - of swift, rbd or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] - GnocchiIndexerBackend: - default: 'mysql' - description: The short name of the Gnocchi indexer backend to use. - type: string - GnocchiPassword: - description: The password for the gnocchi service account. type: string hidden: true InstanceNameTemplate: @@ -389,12 +271,6 @@ parameters: description: How many replicas to use in the swift rings. # Compute-specific params - CeilometerComputeAgent: - description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly - type: string - default: '' - constraints: - - allowed_values: ['', Present] ComputeCount: type: number default: 1 @@ -409,13 +285,6 @@ parameters: default: nic1 description: What interface to add to the HypervisorNeutronPhysicalBridge. type: string - NeutronNetworkVLANRanges: - default: 'datacentre:1:1000' - description: > - The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). - type: comma_delimited_list NovaComputeDriver: type: string default: libvirt.LibvirtDriver @@ -512,6 +381,7 @@ parameters: - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL3Agent - OS::TripleO::Services::NeutronMetadataAgent @@ -522,6 +392,7 @@ parameters: - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::Redis - OS::TripleO::Services::NovaConductor - OS::TripleO::Services::MongoDb @@ -534,6 +405,16 @@ parameters: - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Controllers. @@ -549,6 +430,9 @@ parameters: - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Kernel + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::ComputeCeilometerAgent description: A list of service resources (configured in the Heat resource_registry) which represent nested stacks for each service that should get installed on the Compute Nodes. @@ -794,10 +678,6 @@ resources: properties: AdminPassword: {get_param: AdminPassword} AodhPassword: {get_param: AodhPassword} - CeilometerBackend: {get_param: CeilometerBackend} - CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret} - CeilometerPassword: {get_param: CeilometerPassword} - CeilometerMeterDispatcher: {get_param: CeilometerMeterDispatcher} CloudDomain: {get_param: CloudDomain} ControlVirtualInterface: {get_param: ControlVirtualInterface} controllerExtraConfig: {get_param: controllerExtraConfig} @@ -810,12 +690,8 @@ resources: ExtraConfig: {get_param: ExtraConfig} FencingConfig: {get_param: FencingConfig} Flavor: {get_param: OvercloudControlFlavor} - GnocchiPassword: {get_param: GnocchiPassword} - GnocchiBackend: {get_param: GnocchiBackend} - GnocchiIndexerBackend: {get_param: GnocchiIndexerBackend} HAProxySyslogAddress: {get_param: HAProxySyslogAddress} HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey} - HorizonAllowedHosts: {get_param: HorizonAllowedHosts} HorizonSecret: {get_resource: HorizonSecret} Image: {get_param: controllerImage} ImageUpdatePolicy: {get_param: ImageUpdatePolicy} @@ -826,10 +702,8 @@ resources: MysqlInnodbBufferPoolSize: {get_param: MysqlInnodbBufferPoolSize} MysqlMaxConnections: {get_param: MysqlMaxConnections} MysqlRootPassword: {get_attr: [MysqlRootPassword, value]} - NeutronTenantMtu: {get_param: NeutronTenantMtu} NeutronPublicInterface: {get_param: NeutronPublicInterface} NeutronPassword: {get_param: NeutronPassword} - NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret} NovaIPv6: {get_param: NovaIPv6} NovaPassword: {get_param: NovaPassword} PcsdPassword: {get_resource: PcsdPassword} @@ -877,9 +751,6 @@ resources: type: OS::TripleO::Compute properties: AdminPassword: {get_param: AdminPassword} - CeilometerComputeAgent: {get_param: CeilometerComputeAgent} - CeilometerMeteringSecret: {get_param: CeilometerMeteringSecret} - CeilometerPassword: {get_param: CeilometerPassword} CinderEnableNfsBackend: {get_param: CinderEnableNfsBackend} CinderEnableRbdBackend: {get_param: CinderEnableRbdBackend} Debug: {get_param: Debug} @@ -891,27 +762,10 @@ resources: KeyName: {get_param: KeyName} KeystoneAdminApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} KeystonePublicApiVirtualIP: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} - NeutronBridgeMappings: {get_param: NeutronBridgeMappings} - NeutronTenantMtu: {get_param: NeutronTenantMtu} - NeutronEnableTunnelling: {get_param: NeutronEnableTunnelling} - NeutronEnableL2Pop : {get_param: NeutronEnableL2Pop} - NeutronFlatNetworks: {get_param: NeutronFlatNetworks} - NeutronHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - NeutronNetworkType: {get_param: NeutronNetworkType} - NeutronTunnelTypes: {get_param: NeutronTunnelTypes} - NeutronNetworkVLANRanges: {get_param: NeutronNetworkVLANRanges} NeutronPassword: {get_param: NeutronPassword} NeutronPhysicalBridge: {get_param: HypervisorNeutronPhysicalBridge} NeutronPublicInterface: {get_param: HypervisorNeutronPublicInterface} - NeutronMetadataProxySharedSecret: {get_param: NeutronMetadataProxySharedSecret} - NeutronCorePlugin: {get_param: NeutronCorePlugin} - NeutronServicePlugins: {get_param: NeutronServicePlugins} - NeutronTypeDrivers: {get_param: NeutronTypeDrivers} - NeutronMechanismDrivers: {get_param: NeutronMechanismDrivers} - NeutronAgentExtensions: {get_param: NeutronAgentExtensions} # L3 HA and Failover is not relevant for Computes, should be removed - NeutronAllowL3AgentFailover: {get_param: NeutronAllowL3AgentFailover} - NeutronL3HA: {get_param: NeutronL3HA} NovaApiHost: {get_attr: [VipMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} NovaComputeDriver: {get_param: NovaComputeDriver} NovaComputeExtraConfig: {get_param: NovaComputeExtraConfig} @@ -1216,19 +1070,6 @@ resources: storage_virtual_ip: {get_attr: [VipMap, net_ip_map, storage]} storage_mgmt_virtual_ip: {get_attr: [VipMap, net_ip_map, storage_mgmt]} - ControllerBootstrapNodeConfig: - type: OS::TripleO::BootstrapNode::SoftwareConfig - properties: - bootstrap_nodeid: {get_attr: [Controller, resource.0.hostname]} - bootstrap_nodeid_ip: {get_attr: [Controller, resource.0.ip_address]} - - ControllerBootstrapNodeDeployment: - type: OS::Heat::StructuredDeployments - properties: - name: ControllerBootstrapNodeDeployment - config: {get_attr: [ControllerBootstrapNodeConfig, config_id]} - servers: {get_attr: [Controller, attributes, nova_server_resource]} - ControllerSwiftDeployment: type: OS::Heat::StructuredDeployments properties: @@ -1280,6 +1121,9 @@ resources: name: ControllerAllNodesDeployment config: {get_attr: [allNodesConfig, config_id]} servers: {get_attr: [Controller, attributes, nova_server_resource]} + input_values: + bootstrap_nodeid: {get_attr: [Controller, resource.0.hostname]} + bootstrap_nodeid_ip: {get_attr: [Controller, resource.0.ip_address]} ComputeAllNodesDeployment: type: OS::Heat::StructuredDeployments @@ -1287,6 +1131,9 @@ resources: name: ComputeAllNodesDeployment config: {get_attr: [allNodesConfig, config_id]} servers: {get_attr: [Compute, attributes, nova_server_resource]} + input_values: + bootstrap_nodeid: {get_attr: [Compute, resource.0.hostname]} + bootstrap_nodeid_ip: {get_attr: [Compute, resource.0.ip_address]} BlockStorageAllNodesDeployment: type: OS::Heat::StructuredDeployments @@ -1294,6 +1141,9 @@ resources: name: BlockStorageAllNodesDeployment config: {get_attr: [allNodesConfig, config_id]} servers: {get_attr: [BlockStorage, attributes, nova_server_resource]} + input_values: + bootstrap_nodeid: {get_attr: [BlockStorage, resource.0.hostname]} + bootstrap_nodeid_ip: {get_attr: [BlockStorage, resource.0.ip_address]} ObjectStorageAllNodesDeployment: type: OS::Heat::StructuredDeployments @@ -1301,6 +1151,9 @@ resources: name: ObjectStorageAllNodesDeployment config: {get_attr: [allNodesConfig, config_id]} servers: {get_attr: [ObjectStorage, attributes, nova_server_resource]} + input_values: + bootstrap_nodeid: {get_attr: [ObjectStorage, resource.0.hostname]} + bootstrap_nodeid_ip: {get_attr: [ObjectStorage, resource.0.ip_address]} CephStorageAllNodesDeployment: type: OS::Heat::StructuredDeployments @@ -1308,6 +1161,9 @@ resources: name: CephStorageAllNodesDeployment config: {get_attr: [allNodesConfig, config_id]} servers: {get_attr: [CephStorage, attributes, nova_server_resource]} + input_values: + bootstrap_nodeid: {get_attr: [CephStorage, resource.0.hostname]} + bootstrap_nodeid_ip: {get_attr: [CephStorage, resource.0.ip_address]} # All Nodes Validations AllNodesValidationConfig: @@ -1395,7 +1251,7 @@ resources: # Nested stack deployment runs after all other controller deployments ControllerNodesPostDeployment: type: OS::TripleO::ControllerPostDeployment - depends_on: [ControllerBootstrapNodeDeployment, ControllerAllNodesDeployment, ControllerSwiftDeployment, ControllerCephDeployment] + depends_on: [ControllerAllNodesDeployment, ControllerSwiftDeployment, ControllerCephDeployment] properties: servers: {get_attr: [Controller, attributes, nova_server_resource]} RoleData: {get_attr: [ControllerServiceChain, role_data]} diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 7602d8d0..55120912 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -108,6 +108,10 @@ resources: datafiles: RedHat: raw_data: {get_file: hieradata/RedHat.yaml} + bootstrap_node: + mapped_data: + bootstrap_nodeid: {get_input: bootstrap_nodeid} + bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip} all_nodes: mapped_data: controller_node_ips: diff --git a/puppet/bootstrap-config.yaml b/puppet/bootstrap-config.yaml deleted file mode 100644 index d88eebdf..00000000 --- a/puppet/bootstrap-config.yaml +++ /dev/null @@ -1,28 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'Bootstrap Config Puppet' - -parameters: - bootstrap_nodeid: - type: string - bootstrap_nodeid_ip: - type: string - -resources: - - BootstrapNodeConfigImpl: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - bootstrap_node: - mapped_data: - bootstrap_nodeid: {get_param: bootstrap_nodeid} - bootstrap_nodeid_ip: {get_param: bootstrap_nodeid_ip} - -outputs: - config_id: - description: The ID of the BootstrapNodeConfigImpl resource. - value: - {get_resource: BootstrapNodeConfigImpl} diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index 2e329989..db1fd09d 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -5,9 +5,6 @@ parameters: NovaRbdPoolName: default: vms type: string - GnocchiRbdPoolName: - default: metrics - type: string CephClientUserName: default: openstack type: string @@ -23,21 +20,12 @@ resources: ceph_cluster: mapped_data: nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} - gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} - gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} nova::compute::rbd::rbd_keyring: list_join: - '.' - - 'client' - {get_param: CephClientUserName} - gnocchi::storage::ceph::ceph_keyring: - list_join: - - '.' - - - '/etc/ceph/ceph' - - 'client' - - {get_param: CephClientUserName} - - 'keyring' outputs: config_id: diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index 8a43b673..b2948144 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -98,7 +98,7 @@ parameters: resources: CephStorage: - type: OS::Nova::Server + type: OS::TripleO::Server metadata: os-collect-config: command: {get_param: ConfigCommand} @@ -312,6 +312,12 @@ resources: get_param: UpdateIdentifier outputs: + ip_address: + description: IP address of the server in the ctlplane network + value: {get_attr: [CephStorage, networks, ctlplane, 0]} + hostname: + description: Hostname of the server + value: {get_attr: [CephStorage, name]} hosts_entry: value: str_replace: diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index d0f562ed..05918026 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -98,7 +98,7 @@ parameters: resources: BlockStorage: - type: OS::Nova::Server + type: OS::TripleO::Server metadata: os-collect-config: command: {get_param: ConfigCommand} @@ -313,6 +313,12 @@ resources: get_param: UpdateIdentifier outputs: + ip_address: + description: IP address of the server in the ctlplane network + value: {get_attr: [BlockStorage, networks, ctlplane, 0]} + hostname: + description: Hostname of the server + value: {get_attr: [BlockStorage, name]} hosts_entry: value: str_replace: diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 7ff0676b..8de9a19c 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -69,43 +69,6 @@ parameters: KeystonePublicApiVirtualIP: type: string default: '' - NeutronBridgeMappings: - description: > - The OVS logical->physical bridge mappings to use. See the Neutron - documentation for details. Defaults to mapping br-ex - the external - bridge on hosts - to a physical name 'datacentre' which can be used - to create provider networks (and we use this for the default floating - network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name. - type: comma_delimited_list - default: "datacentre:br-ex" - NeutronEnableTunnelling: - type: string - default: "True" - NeutronEnableL2Pop: - type: string - description: > - Enable/disable the L2 population feature in the Neutron agents. - default: "False" - NeutronFlatNetworks: - type: comma_delimited_list - default: 'datacentre' - description: > - If set, flat networks to configure in neutron plugins. - NeutronHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - NeutronNetworkType: - type: comma_delimited_list - description: The tenant network type for Neutron. - default: 'vxlan' - NeutronNetworkVLANRanges: - default: 'datacentre:1:1000' - description: > - The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). - type: comma_delimited_list NeutronPassword: description: The password for the neutron service account, used by neutron agents. type: string @@ -118,73 +81,6 @@ parameters: default: nic1 description: A port to add to the NeutronPhysicalBridge. type: string - NeutronTenantMtu: - description: > - The default MTU for tenant networks. For VXLAN/GRE tunneling, this should - be at least 50 bytes smaller than the MTU on the physical network. This - value will be used to set the MTU on the virtual Ethernet device. - This number is related to the value of NeutronDnsmasqOptions, since that - will determine the MTU that is assigned to the VM host through DHCP. - default: 1400 - type: number - NeutronTunnelTypes: - type: comma_delimited_list - description: | - The tunnel types for the Neutron tenant network. - default: 'vxlan' - NeutronTunnelIdRanges: - description: | - Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges - of GRE tunnel IDs that are available for tenant network allocation - default: ["1:4094", ] - type: comma_delimited_list - NeutronVniRanges: - description: | - Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges - of VXLAN VNI IDs that are available for tenant network allocation - default: ["1:4094", ] - type: comma_delimited_list - NeutronMetadataProxySharedSecret: - description: Shared secret to prevent spoofing - type: string - hidden: true - NeutronCorePlugin: - default: 'ml2' - description: | - The core plugin for Neutron. The value should be the entrypoint to be loaded - from neutron.core_plugins namespace. - type: string - NeutronServicePlugins: - default: "router,qos" - description: | - Comma-separated list of service plugin entrypoints to be loaded from the - neutron.service_plugins namespace. - type: comma_delimited_list - NeutronTypeDrivers: - default: "vxlan,vlan,flat,gre" - description: | - Comma-separated list of network type driver entrypoints to be loaded. - type: comma_delimited_list - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. - type: comma_delimited_list - NeutronAgentExtensions: - default: "qos" - description: | - Comma-separated list of extensions enabled for the Neutron agents. - type: comma_delimited_list - # Not relevant for Computes, should be removed - NeutronAllowL3AgentFailover: - default: 'True' - description: Allow automatic l3-agent failover - type: string - # Not relevant for Computes, should be removed - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string NodeIndex: type: number default: 0 @@ -324,7 +220,7 @@ parameters: resources: NovaCompute: - type: OS::Nova::Server + type: OS::TripleO::Server metadata: os-collect-config: command: {get_param: ConfigCommand} @@ -524,7 +420,6 @@ resources: nova::migration::live_migration_tunnelled: {get_input: nova_enable_rbd_backend} rbd_persistent_storage: {get_input: cinder_enable_rbd_backend} nova_password: {get_input: nova_password} - nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu} nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address} nova::vncproxy::common::vncproxy_protocol: {get_input: nova_vncproxy_protocol} nova::vncproxy::common::vncproxy_host: {get_input: nova_vncproxy_host} @@ -539,37 +434,17 @@ resources: ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret} ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url} - ceilometer_compute_agent: {get_input: ceilometer_compute_agent} nova::glance_api_servers: {get_input: glance_api_servers} neutron::debug: {get_input: debug} neutron::rabbit_password: {get_input: rabbit_password} neutron::rabbit_user: {get_input: rabbit_username} neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} neutron::rabbit_port: {get_input: rabbit_client_port} - neutron::plugins::ml2::flat_networks: {get_input: neutron_flat_networks} - neutron_host: {get_input: neutron_host} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} - neutron::network_device_mtu: {get_input: neutron_tenant_mtu} - neutron::plugins::ml2::tenant_network_types: {get_input: neutron_tenant_network_types} - neutron::agents::ml2::ovs::tunnel_types: {get_input: neutron_tunnel_types} - neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions} - neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} - neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} - neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} - neutron::agents::ml2::ovs::bridge_mappings: {get_input: neutron_bridge_mappings} - neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} - neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} - neutron_physical_bridge: {get_input: neutron_physical_bridge} - neutron_public_interface: {get_input: neutron_public_interface} nova::network::neutron::neutron_password: {get_input: neutron_password} nova::network::neutron::neutron_url: {get_input: neutron_internal_url} nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url} - neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} - neutron::core_plugin: {get_input: neutron_core_plugin} - neutron::service_plugins: {get_input: neutron_service_plugins} - neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers} - neutron::plugins::ml2::mechanism_drivers: {get_input: neutron_mechanism_drivers} keystone_public_api_virtual_ip: {get_input: keystone_vip} admin_password: {get_input: admin_password} tripleo::packages::enable_install: {get_input: enable_package_install} @@ -610,74 +485,10 @@ resources: upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} - ceilometer_compute_agent: {get_param: CeilometerComputeAgent} ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]} glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} - neutron_flat_networks: - str_replace: - template: NETWORKS - params: - NETWORKS: {get_param: NeutronFlatNetworks} - neutron_host: {get_param: NeutronHost} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} - neutron_tunnel_id_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronTunnelIdRanges} - neutron_vni_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronVniRanges} - neutron_tenant_network_types: - str_replace: - template: TYPES - params: - TYPES: {get_param: NeutronNetworkType} - neutron_tunnel_types: - str_replace: - template: TYPES - params: - TYPES: {get_param: NeutronTunnelTypes} - neutron_network_vlan_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronNetworkVLANRanges} - neutron_bridge_mappings: - str_replace: - template: MAPPINGS - params: - MAPPINGS: {get_param: NeutronBridgeMappings} - neutron_tenant_mtu: {get_param: NeutronTenantMtu} - neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} - neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} - neutron_physical_bridge: {get_param: NeutronPhysicalBridge} - neutron_public_interface: {get_param: NeutronPublicInterface} neutron_password: {get_param: NeutronPassword} - neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - neutron_core_plugin: {get_param: NeutronCorePlugin} - neutron_service_plugins: - str_replace: - template: PLUGINS - params: - PLUGINS: {get_param: NeutronServicePlugins} - neutron_type_drivers: - str_replace: - template: DRIVERS - params: - DRIVERS: {get_param: NeutronTypeDrivers} - neutron_mechanism_drivers: - str_replace: - template: MECHANISMS - params: - MECHANISMS: {get_param: NeutronMechanismDrivers} - neutron_agent_extensions: - str_replace: - template: AGENT_EXTENSIONS - params: - AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]} neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} keystone_vip: {get_param: KeystonePublicApiVirtualIP} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 0d6e4028..ee4311d6 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -12,34 +12,6 @@ parameters: description: The password for the aodh services. type: string hidden: true - #TODO(composable Redis): Remove the Redis password param - #As is used by ceilometer - CeilometerBackend: - default: 'mongodb' - description: The ceilometer backend type. - type: string - CeilometerMeteringSecret: - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - description: The password for the ceilometer service and db account. - type: string - hidden: true - CeilometerStoreEvents: - default: false - description: Whether to store events in ceilometer. - type: boolean - CeilometerMeterDispatcher: - default: 'database' - description: Dispatcher to process meter data - type: string - constraints: - - allowed_values: ['gnocchi', 'database'] - CeilometerWorkers: - default: 0 - description: Number of workers for Ceilometer service. - type: number controllerExtraConfig: default: {} description: | @@ -126,21 +98,6 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - GnocchiBackend: - default: file - description: The short name of the Gnocchi backend to use. Should be one - of swift, rbd, or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] - GnocchiIndexerBackend: - default: 'mysql' - description: The short name of the Gnocchi indexer backend to use. - type: string - GnocchiPassword: - description: The password for the gnocchi service and db account. - type: string - hidden: true HAProxyStatsPassword: description: Password for HAProxy stats endpoint type: string @@ -156,10 +113,6 @@ parameters: description: Auth encryption key for heat-engine type: string hidden: true - HorizonAllowedHosts: - default: '*' - description: A list of IP/Hostname allowed to connect to horizon - type: comma_delimited_list HorizonSecret: description: Secret key for Django type: string @@ -236,15 +189,6 @@ parameters: default: nic1 description: What interface to bridge onto br-ex for network nodes. type: string - NeutronTenantMtu: - description: > - The default MTU for tenant networks. For VXLAN/GRE tunneling, this should - be at least 50 bytes smaller than the MTU on the physical network. This - value will be used to set the MTU on the virtual Ethernet device. - This number is related to the value of NeutronDnsmasqOptions, since that - will determine the MTU that is assigned to the VM host through DHCP. - default: 1400 - type: number NovaEnableDBPurge: default: true description: | @@ -404,7 +348,7 @@ parameter_groups: resources: Controller: - type: OS::Nova::Server + type: OS::TripleO::Server metadata: os-collect-config: command: {get_param: ConfigCommand} @@ -557,12 +501,10 @@ resources: server: {get_resource: Controller} input_values: bootstack_nodeid: {get_attr: [Controller, name]} - ceilometer_workers: {get_param: CeilometerWorkers} haproxy_log_address: {get_param: HAProxySyslogAddress} haproxy_stats_password: {get_param: HAProxyStatsPassword} haproxy_stats_user: {get_param: HAProxyStatsUser} heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} - horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} admin_password: {get_param: AdminPassword} debug: {get_param: Debug} @@ -591,24 +533,15 @@ resources: CLUSTER: {get_param: MysqlClusterUniquePart} neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} neutron_password: {get_param: NeutronPassword} - neutron_tenant_mtu: {get_param: NeutronTenantMtu} neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] } neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] } - ceilometer_backend: {get_param: CeilometerBackend} - ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} - ceilometer_password: {get_param: CeilometerPassword} - ceilometer_store_events: {get_param: CeilometerStoreEvents} aodh_password: {get_param: AodhPassword} aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] } aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] } aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] } - ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher} - gnocchi_password: {get_param: GnocchiPassword} - gnocchi_backend: {get_param: GnocchiBackend} - gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend} ceilometer_coordination_url: list_join: - '' @@ -617,24 +550,6 @@ resources: - '@' - {get_param: RedisVirtualIPUri} - ':6379/' - ceilometer_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://ceilometer:' - - {get_param: CeilometerPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/ceilometer' - gnocchi_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://gnocchi:' - - {get_param: GnocchiPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/gnocchi' aodh_dsn: list_join: - '' @@ -647,10 +562,6 @@ resources: gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } - ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} - ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} - ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} - ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} nova_enable_db_purge: {get_param: NovaEnableDBPurge} nova_ipv6: {get_param: NovaIPv6} corosync_ipv6: {get_param: CorosyncIPv6} @@ -863,7 +774,6 @@ resources: # Neutron neutron::bind_host: {get_input: neutron_api_network} - neutron::network_device_mtu: {get_input: neutron_tenant_mtu} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network} neutron::keystone::auth::public_url: {get_input: neutron_public_url } @@ -873,33 +783,7 @@ resources: neutron::keystone::auth::region: {get_input: keystone_region} # Ceilometer - ceilometer_backend: {get_input: ceilometer_backend} - ceilometer_mysql_conn_string: {get_input: ceilometer_dsn} - ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret} - ceilometer::rabbit_userid: {get_input: rabbit_username} - ceilometer::rabbit_password: {get_input: rabbit_password} - ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - ceilometer::rabbit_port: {get_input: rabbit_client_port} - ceilometer::debug: {get_input: debug} ceilometer::api::host: {get_input: ceilometer_api_network} - ceilometer::api::keystone_password: {get_input: ceilometer_password} - ceilometer::api::auth_uri: {get_input: keystone_auth_uri} - ceilometer::api::identity_uri: {get_input: keystone_identity_uri} - ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} - ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url} - ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} - ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events} - ceilometer::db::mysql::password: {get_input: ceilometer_password} - ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher} - ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url } - ceilometer::dispatcher::gnocchi::filter_project: 'service' - ceilometer::dispatcher::gnocchi::archive_policy: 'low' - ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' - ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url } - ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url } - ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url } - ceilometer::keystone::auth::password: {get_input: ceilometer_password } - ceilometer::keystone::auth::region: {get_input: keystone_region} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} @@ -929,24 +813,14 @@ resources: aodh::keystone::auth::region: {get_input: keystone_region} # Gnocchi - gnocchi_backend: {get_input: gnocchi_backend} - gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend} - gnocchi_mysql_conn_string: {get_input: gnocchi_dsn} - gnocchi::debug: {get_input: debug} - gnocchi::wsgi::apache::ssl: false gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network} - gnocchi::api::service_name: 'httpd' gnocchi::api::host: {get_input: gnocchi_api_network} - gnocchi::api::keystone_password: {get_input: gnocchi_password} gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri} gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri} - gnocchi::db::mysql::password: {get_input: gnocchi_password} gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri} - gnocchi::storage::swift::swift_key: {get_input: gnocchi_password} gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url } gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url } gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url } - gnocchi::keystone::auth::password: {get_input: gnocchi_password } gnocchi::keystone::auth::region: {get_input: keystone_region} # Nova @@ -957,7 +831,6 @@ resources: nova::api::api_bind_address: {get_input: nova_api_network} nova::api::metadata_listen: {get_input: nova_metadata_network} nova::api::admin_password: {get_input: nova_password} - nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu} nova::database_connection: {get_input: nova_dsn} nova::api_database_connection: {get_input: nova_api_dsn} nova::glance_api_servers: {get_input: glance_api_servers} @@ -979,7 +852,6 @@ resources: # Horizon apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet} apache::ip: {get_input: horizon_network} - horizon::allowed_hosts: {get_input: horizon_allowed_hosts} horizon::django_debug: {get_input: debug} horizon::secret_key: {get_input: horizon_secret} horizon::bind_address: {get_input: horizon_network} diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 66613f0f..94f57c8a 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -4,7 +4,6 @@ nova::api::enabled: true nova::vncproxy::enabled: true # gnocchi -gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types' gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26' @@ -82,6 +81,7 @@ keystone::wsgi::apache::ssl: false swift::proxy::pipeline: - 'catch_errors' - 'healthcheck' + - 'proxy-logging' - 'cache' - 'ratelimit' - 'bulk' diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml index 8bf6e9b5..9aa14289 100644 --- a/puppet/hieradata/database.yaml +++ b/puppet/hieradata/database.yaml @@ -13,30 +13,6 @@ nova::db::mysql_api::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" -# Ironic -ironic::db::mysql::user: ironic -ironic::db::mysql::host: "%{hiera('mysql_virtual_ip')}" -ironic::db::mysql::dbname: ironic -ironic::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - -# Ceilometer -ceilometer::db::mysql::user: ceilometer -ceilometer::db::mysql::host: "%{hiera('mysql_virtual_ip')}" -ceilometer::db::mysql::dbname: ceilometer -ceilometer::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - -# Gnocchi -gnocchi::db::mysql::user: gnocchi -gnocchi::db::mysql::host: "%{hiera('mysql_virtual_ip')}" -gnocchi::db::mysql::dbname: gnocchi -gnocchi::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - # Aodh aodh::db::mysql::user: aodh aodh::db::mysql::host: "%{hiera('mysql_virtual_ip')}" diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index b25d62f8..ab7f846f 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -17,114 +17,6 @@ include ::tripleo::packages include ::tripleo::firewall if hiera('step') >= 4 { - - # When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique - exec { 'reset-iscsi-initiator-name': - command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi', - onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset', - }-> - - file { '/etc/iscsi/.initiator_reset': - ensure => present, - } - - nova_config { - 'DEFAULT/my_ip': value => $ipaddress; - 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; - } - - if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { - file { '/etc/libvirt/qemu.conf': - ensure => present, - content => hiera('midonet_libvirt_qemu_data') - } - } - - include ::neutron - include ::neutron::config - - # If the value of core plugin is set to 'nuage', - # include nuage agent, - # If the value of core plugin is set to 'midonet', - # include midonet agent, - # else use the default value of 'ml2' - if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { - include ::nuage::vrs - include ::nova::compute::neutron - - class { '::nuage::metadataagent': - nova_os_tenant_name => hiera('nova::api::admin_tenant_name'), - nova_os_password => hiera('nova_password'), - nova_metadata_ip => hiera('nova_metadata_node_ips'), - nova_auth_ip => hiera('keystone_public_api_virtual_ip'), - } - } - elsif hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { - - # TODO(devvesa) provide non-controller ips for these services - $zookeeper_node_ips = hiera('neutron_api_node_ips') - $cassandra_node_ips = hiera('neutron_api_node_ips') - - class { '::tripleo::network::midonet::agent': - zookeeper_servers => $zookeeper_node_ips, - cassandra_seeds => $cassandra_node_ips - } - } - elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { - - include ::contrail::vrouter - # NOTE: it's not possible to use this class without a functional - # contrail controller up and running - #class {'::contrail::vrouter::provision_vrouter': - # require => Class['contrail::vrouter'], - #} - } - elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { - # forward all ipv4 traffic - # this is required for the vms to pass through the gateways public interface - sysctl::value { 'net.ipv4.ip_forward': value => '1' } - - # ifc_ctl_pp needs to be invoked by root as part of the vif.py when a VM is powered on - file { '/etc/sudoers.d/ifc_ctl_sudoers': - ensure => file, - owner => root, - group => root, - mode => '0440', - content => "nova ALL=(root) NOPASSWD: /opt/pg/bin/ifc_ctl_pp *\n", - } - } - else { - - # NOTE: this code won't live in puppet-neutron until Neutron OVS agent - # can be gracefully restarted. See https://review.openstack.org/#/c/297211 - # In the meantime, it's safe to restart the agent on each change in neutron.conf, - # because Puppet changes are supposed to be done during bootstrap and upgrades. - # Some resource managed by Neutron_config (like messaging and logging options) require - # a restart of OVS agent. This code does it. - # In Newton, OVS agent will be able to be restarted gracefully so we'll drop the code - # from here and fix it in puppet-neutron. - Neutron_config<||> ~> Service['neutron-ovs-agent-service'] - - include ::neutron::plugins::ml2 - include ::neutron::agents::ml2::ovs - - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { - class { '::neutron::agents::n1kv_vem': - n1kv_source => hiera('n1kv_vem_source', undef), - n1kv_version => hiera('n1kv_vem_version', undef), - } - } - - if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::agents::bigswitch - } - } - - include ::ceilometer - include ::ceilometer::config - include ::ceilometer::agent::compute - include ::ceilometer::agent::auth - hiera_include('compute_classes') } diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index de84bcf8..a635ef73 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -16,59 +16,9 @@ include ::tripleo::packages include ::tripleo::firewall -$enable_load_balancer = hiera('enable_load_balancer', true) - if hiera('step') >= 2 { - - # MongoDB - if downcase(hiera('ceilometer_backend')) == 'mongodb' { - # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and - # without the brackets as 'members' argument for the 'mongodb_replset' - # resource. - if str2bool(hiera('mongodb::server::ipv6', false)) { - $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[') - $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') - $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') - } else { - $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') - $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') - } - $mongo_node_string = join($mongo_node_ips_with_port, ',') - - $mongodb_replset = hiera('mongodb::server::replset') - $ceilometer_mongodb_conn_string = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" - } - - if str2bool(hiera('enable_galera', true)) { - $mysql_config_file = '/etc/my.cnf.d/galera.cnf' - } else { - $mysql_config_file = '/etc/my.cnf.d/server.cnf' - } - # TODO Galara - # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we - # set bind-address to a hostname instead of an ip address; to move Mysql - # from internal_api on another network we'll have to customize both - # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap - class { '::mysql::server': - config_file => $mysql_config_file, - override_options => { - 'mysqld' => { - 'bind-address' => $::hostname, - 'max_connections' => hiera('mysql_max_connections'), - 'open_files_limit' => '-1', - }, - }, - remove_default_accounts => true, - } - # FIXME: this should only occur on the bootstrap host (ditto for db syncs) # Create all the database schemas - if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { - include ::gnocchi::db::mysql - } - if downcase(hiera('ceilometer_backend')) == 'mysql' { - include ::ceilometer::db::mysql - } include ::aodh::db::mysql } #END STEP 2 @@ -87,31 +37,6 @@ if hiera('step') >= 4 { } include ::nova::config - # Ceilometer - $ceilometer_backend = downcase(hiera('ceilometer_backend')) - case $ceilometer_backend { - /mysql/ : { - $ceilometer_database_connection = hiera('ceilometer_mysql_conn_string') - } - default : { - $ceilometer_database_connection = $ceilometer_mongodb_conn_string - } - } - include ::ceilometer - include ::ceilometer::config - include ::ceilometer::api - include ::ceilometer::agent::notification - include ::ceilometer::agent::central - include ::ceilometer::expirer - include ::ceilometer::collector - include ::ceilometer::agent::auth - include ::ceilometer::dispatcher::gnocchi - class { '::ceilometer::db' : - database_connection => $ceilometer_database_connection, - } - - Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } - # Aodh class { '::aodh' : database_connection => hiera('aodh_mysql_conn_string'), @@ -125,47 +50,6 @@ if hiera('step') >= 4 { include ::aodh::listener include ::aodh::client - # Horizon - include ::apache::mod::remoteip - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { - $_profile_support = 'cisco' - } else { - $_profile_support = 'None' - } - $neutron_options = merge({'profile_support' => $_profile_support },hiera('horizon::neutron_options',undef)) - - $memcached_ipv6 = hiera('memcached_ipv6', false) - if $memcached_ipv6 { - $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]') - } else { - $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1') - } - - class { '::horizon': - cache_server_ip => $horizon_memcached_servers, - neutron_options => $neutron_options, - } - - # Gnocchi - $gnocchi_database_connection = hiera('gnocchi_mysql_conn_string') - class { '::gnocchi': - database_connection => $gnocchi_database_connection, - } - include ::gnocchi::api - include ::gnocchi::wsgi::apache - include ::gnocchi::client - include ::gnocchi::db::sync - include ::gnocchi::storage - include ::gnocchi::metricd - include ::gnocchi::statsd - $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift')) - case $gnocchi_backend { - 'swift': { include ::gnocchi::storage::swift } - 'file': { include ::gnocchi::storage::file } - 'rbd': { include ::gnocchi::storage::ceph } - default: { fail('Unrecognized gnocchi_backend parameter.') } - } - hiera_include('controller_classes') } #END STEP 4 diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index d7b1ce54..c0f219ca 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -13,16 +13,9 @@ # License for the specific language governing permissions and limitations # under the License. -Pcmk_resource <| |> { - tries => 10, - try_sleep => 3, -} - # TODO(jistr): use pcs resource provider instead of just no-ops Service <| - tag == 'aodh-service' or - tag == 'ceilometer-service' or - tag == 'gnocchi-service' + tag == 'aodh-service' |> { hasrestart => true, restart => '/bin/true', @@ -41,233 +34,15 @@ if $::hostname == downcase(hiera('bootstrap_nodeid')) { $sync_db = false } -$enable_fencing = str2bool(hiera('enable_fencing', false)) and hiera('step') >= 5 -$enable_load_balancer = hiera('enable_load_balancer', true) - -# When to start and enable services which haven't been Pacemakerized -# FIXME: remove when we start all OpenStack services using Pacemaker -# (occurrences of this variable will be gradually replaced with false) -$non_pcmk_start = hiera('step') >= 5 - -if hiera('step') >= 1 { - - $pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G')) - $corosync_ipv6 = str2bool(hiera('corosync_ipv6', false)) - if $corosync_ipv6 { - $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000), '--ipv6' => '' } - } else { - $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000) } - } - class { '::pacemaker': - hacluster_pwd => hiera('hacluster_pwd'), - } -> - class { '::pacemaker::corosync': - cluster_members => $pacemaker_cluster_members, - setup_cluster => $pacemaker_master, - cluster_setup_extras => $cluster_setup_extras, - } - class { '::pacemaker::stonith': - disable => !$enable_fencing, - } - if $enable_fencing { - include ::tripleo::fencing - - # enable stonith after all Pacemaker resources have been created - Pcmk_resource<||> -> Class['tripleo::fencing'] - Pcmk_constraint<||> -> Class['tripleo::fencing'] - Exec <| tag == 'pacemaker_constraint' |> -> Class['tripleo::fencing'] - # enable stonith after all fencing devices have been created - Class['tripleo::fencing'] -> Class['pacemaker::stonith'] - } - - # FIXME(gfidente): sets 200secs as default start timeout op - # param; until we can use pcmk global defaults we'll still - # need to add it to every resource which redefines op params - Pacemaker::Resource::Service { - op_params => 'start timeout=200s stop timeout=200s', - } - - if downcase(hiera('ceilometer_backend')) == 'mongodb' { - include ::mongodb::params - } - - # Galera - if str2bool(hiera('enable_galera', true)) { - $mysql_config_file = '/etc/my.cnf.d/galera.cnf' - } else { - $mysql_config_file = '/etc/my.cnf.d/server.cnf' - } - $galera_nodes = downcase(hiera('galera_node_names', $::hostname)) - $galera_nodes_count = count(split($galera_nodes, ',')) - - # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we - # set bind-address to a hostname instead of an ip address; to move Mysql - # from internal_api on another network we'll have to customize both - # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap - $mysql_bind_host = hiera('mysql_bind_host') - $mysqld_options = { - 'mysqld' => { - 'skip-name-resolve' => '1', - 'binlog_format' => 'ROW', - 'default-storage-engine' => 'innodb', - 'innodb_autoinc_lock_mode' => '2', - 'innodb_locks_unsafe_for_binlog'=> '1', - 'query_cache_size' => '0', - 'query_cache_type' => '0', - 'bind-address' => $::hostname, - 'max_connections' => hiera('mysql_max_connections'), - 'open_files_limit' => '-1', - 'wsrep_on' => 'ON', - 'wsrep_provider' => '/usr/lib64/galera/libgalera_smm.so', - 'wsrep_cluster_name' => 'galera_cluster', - 'wsrep_cluster_address' => "gcomm://${galera_nodes}", - 'wsrep_slave_threads' => '1', - 'wsrep_certify_nonPK' => '1', - 'wsrep_max_ws_rows' => '131072', - 'wsrep_max_ws_size' => '1073741824', - 'wsrep_debug' => '0', - 'wsrep_convert_LOCK_to_trx' => '0', - 'wsrep_retry_autocommit' => '1', - 'wsrep_auto_increment_control' => '1', - 'wsrep_drupal_282555_workaround'=> '0', - 'wsrep_causal_reads' => '0', - 'wsrep_sst_method' => 'rsync', - 'wsrep_provider_options' => "gmcast.listen_addr=tcp://[${mysql_bind_host}]:4567;", - }, - } - - class { '::mysql::server': - create_root_user => false, - create_root_my_cnf => false, - config_file => $mysql_config_file, - override_options => $mysqld_options, - remove_default_accounts => $pacemaker_master, - service_manage => false, - service_enabled => false, - } - -} - if hiera('step') >= 2 { - - - # NOTE(gfidente): the following vars are needed on all nodes so they - # need to stay out of pacemaker_master conditional. - # The addresses mangling will hopefully go away when we'll be able to - # configure the connection string via hostnames, until then, we need to pass - # the list of IPv6 addresses *with* port and without the brackets as 'members' - # argument for the 'mongodb_replset' resource. - if str2bool(hiera('mongodb::server::ipv6', false)) { - $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[') - $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') - $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') - } else { - $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') - $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') - } - $mongodb_replset = hiera('mongodb::server::replset') - if $pacemaker_master { - - include ::pacemaker::resource_defaults - - # Create an openstack-core dummy resource. See RHBZ 1290121 - pacemaker::resource::ocf { 'openstack-core': - ocf_agent_name => 'heartbeat:Dummy', - clone_params => true, - } - - pacemaker::resource::ocf { 'galera' : - ocf_agent_name => 'heartbeat:galera', - op_params => 'promote timeout=300s on-fail=block', - master_params => '', - meta_params => "master-max=${galera_nodes_count} ordered=true", - resource_params => "additional_parameters='--open-files-limit=16384' enable_creation=true wsrep_cluster_address='gcomm://${galera_nodes}'", - require => Class['::mysql::server'], - before => Exec['galera-ready'], - } - - exec { 'galera-ready' : - command => '/usr/bin/clustercheck >/dev/null', - timeout => 30, - tries => 180, - try_sleep => 10, - environment => ['AVAILABLE_WHEN_READONLY=0'], - require => Exec['create-root-sysconfig-clustercheck'], - } - - # We add a clustercheck db user and we will switch /etc/sysconfig/clustercheck - # to it in a later step. We do this only on one node as it will replicate on - # the other members. We also make sure that the permissions are the minimum necessary - mysql_user { 'clustercheck@localhost': - ensure => 'present', - password_hash => mysql_password(hiera('mysql_clustercheck_password')), - require => Exec['galera-ready'], - } - - mysql_grant { 'clustercheck@localhost/*.*': - ensure => 'present', - options => ['GRANT'], - privileges => ['PROCESS'], - table => '*.*', - user => 'clustercheck@localhost', - } - - # Create all the database schemas - if downcase(hiera('ceilometer_backend')) == 'mysql' { - class { '::ceilometer::db::mysql': - require => Exec['galera-ready'], - } - } - - if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { - class { '::gnocchi::db::mysql': - require => Exec['galera-ready'], - } - } - class { '::aodh::db::mysql': require => Exec['galera-ready'], } } - # This step is to create a sysconfig clustercheck file with the root user and empty password - # on the first install only (because later on the clustercheck db user will be used) - # We are using exec and not file in order to not have duplicate definition errors in puppet - # when we later set the the file to contain the clustercheck data - exec { 'create-root-sysconfig-clustercheck': - command => "/bin/echo 'MYSQL_USERNAME=root\nMYSQL_PASSWORD=\'\'\nMYSQL_HOST=localhost\n' > /etc/sysconfig/clustercheck", - unless => '/bin/test -e /etc/sysconfig/clustercheck && grep -q clustercheck /etc/sysconfig/clustercheck', - } - - xinetd::service { 'galera-monitor' : - port => '9200', - server => '/usr/bin/clustercheck', - per_source => 'UNLIMITED', - log_on_success => '', - log_on_failure => 'HOST', - flags => 'REUSE', - service_type => 'UNLISTED', - user => 'root', - group => 'root', - require => Exec['create-root-sysconfig-clustercheck'], - } - } #END STEP 2 if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { - # At this stage we are guaranteed that the clustercheck db user exists - # so we switch the resource agent to use it. - $mysql_clustercheck_password = hiera('mysql_clustercheck_password') - file { '/etc/sysconfig/clustercheck' : - ensure => file, - mode => '0600', - owner => 'root', - group => 'root', - content => "MYSQL_USERNAME=clustercheck\n -MYSQL_PASSWORD='${mysql_clustercheck_password}'\n -MYSQL_HOST=localhost\n", - } - $nova_ipv6 = hiera('nova::use_ipv6', false) if $nova_ipv6 { $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') @@ -281,71 +56,6 @@ MYSQL_HOST=localhost\n", include ::nova::config - # Ceilometer - case downcase(hiera('ceilometer_backend')) { - /mysql/: { - $ceilometer_database_connection = hiera('ceilometer_mysql_conn_string') - } - default: { - $mongo_node_string = join($mongo_node_ips_with_port, ',') - $ceilometer_database_connection = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" - } - } - include ::ceilometer - include ::ceilometer::config - class { '::ceilometer::api' : - manage_service => false, - enabled => false, - } - class { '::ceilometer::agent::notification' : - manage_service => false, - enabled => false, - } - class { '::ceilometer::agent::central' : - manage_service => false, - enabled => false, - } - class { '::ceilometer::collector' : - manage_service => false, - enabled => false, - } - include ::ceilometer::expirer - class { '::ceilometer::db' : - database_connection => $ceilometer_database_connection, - sync_db => $sync_db, - } - include ::ceilometer::agent::auth - include ::ceilometer::dispatcher::gnocchi - - Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } - - # httpd/apache and horizon - # NOTE(gfidente): server-status can be consumed by the pacemaker resource agent - class { '::apache' : - service_enable => false, - # service_manage => false, # <-- not supported with horizon&apache mod_wsgi? - } - include ::apache::mod::remoteip - include ::apache::mod::status - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { - $_profile_support = 'cisco' - } else { - $_profile_support = 'None' - } - $neutron_options = merge({'profile_support' => $_profile_support },hiera('horizon::neutron_options',undef)) - - $memcached_ipv6 = hiera('memcached_ipv6', false) - if $memcached_ipv6 { - $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]') - } else { - $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1') - } - - class { '::horizon': - cache_server_ip => $horizon_memcached_servers, - neutron_options => $neutron_options, - } - # Aodh class { '::aodh' : database_connection => hiera('aodh_mysql_conn_string'), @@ -372,71 +82,12 @@ MYSQL_HOST=localhost\n", enabled => false, } - # Gnocchi - $gnocchi_database_connection = hiera('gnocchi_mysql_conn_string') - include ::gnocchi::client - if $sync_db { - include ::gnocchi::db::sync - } - include ::gnocchi::storage - $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift')) - case $gnocchi_backend { - 'swift': { include ::gnocchi::storage::swift } - 'file': { include ::gnocchi::storage::file } - 'rbd': { include ::gnocchi::storage::ceph } - default: { fail('Unrecognized gnocchi_backend parameter.') } - } - class { '::gnocchi': - database_connection => $gnocchi_database_connection, - } - class { '::gnocchi::api' : - manage_service => false, - enabled => false, - service_name => 'httpd', - } - class { '::gnocchi::wsgi::apache' : - ssl => false, - } - class { '::gnocchi::metricd' : - manage_service => false, - enabled => false, - } - class { '::gnocchi::statsd' : - manage_service => false, - enabled => false, - } - hiera_include('controller_classes') } #END STEP 4 if hiera('step') >= 5 { - # We now make sure that the root db password is set to a random one - # At first installation /root/.my.cnf will be empty and we connect without a root - # password. On second runs or updates /root/.my.cnf will already be populated - # with proper credentials. This step happens on every node because this sql - # statement does not automatically replicate across nodes. - $mysql_root_password = hiera('mysql::server::root_password') - exec { 'galera-set-root-password': - command => "/bin/touch /root/.my.cnf && /bin/echo \"UPDATE mysql.user SET Password = PASSWORD('${mysql_root_password}') WHERE user = 'root'; flush privileges;\" | /bin/mysql --defaults-extra-file=/root/.my.cnf -u root", - } - file { '/root/.my.cnf' : - ensure => file, - mode => '0600', - owner => 'root', - group => 'root', - content => "[client] -user=root -password=\"${mysql_root_password}\" - -[mysql] -user=root -password=\"${mysql_root_password}\"", - require => Exec['galera-set-root-password'], - } - $nova_enable_db_purge = hiera('nova_enable_db_purge', true) - if $nova_enable_db_purge { include ::nova::cron::archive_deleted_rows } @@ -452,15 +103,6 @@ password=\"${mysql_root_password}\"", require => [Pacemaker::Resource::Service[$::apache::params::service_name], Pacemaker::Resource::Ocf['openstack-core']], } - pacemaker::constraint::base { 'galera-then-openstack-core-constraint': - constraint_type => 'order', - first_resource => 'galera-master', - second_resource => 'openstack-core-clone', - first_action => 'promote', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['galera'], - Pacemaker::Resource::Ocf['openstack-core']], - } # Nova pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint': @@ -544,49 +186,12 @@ password=\"${mysql_root_password}\"", Pacemaker::Resource::Service[$::nova::params::conductor_service_name]], } - # Ceilometer and Aodh - case downcase(hiera('ceilometer_backend')) { - /mysql/: { - pacemaker::resource::service { $::ceilometer::params::agent_central_service_name: - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - } - default: { - pacemaker::resource::service { $::ceilometer::params::agent_central_service_name: - clone_params => 'interleave=true', - require => [Pacemaker::Resource::Ocf['openstack-core'], - Pacemaker::Resource::Service[$::mongodb::params::service_name]], - } - } - } - pacemaker::resource::service { $::ceilometer::params::collector_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::ceilometer::params::api_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::ceilometer::params::agent_notification_service_name : - clone_params => 'interleave=true', - } # Fedora doesn't know `require-all` parameter for constraints yet if $::operatingsystem == 'Fedora' { - $redis_ceilometer_constraint_params = undef $redis_aodh_constraint_params = undef } else { - $redis_ceilometer_constraint_params = 'require-all=false' $redis_aodh_constraint_params = 'require-all=false' } - pacemaker::constraint::base { 'redis-then-ceilometer-central-constraint': - constraint_type => 'order', - first_resource => 'redis-master', - second_resource => "${::ceilometer::params::agent_central_service_name}-clone", - first_action => 'promote', - second_action => 'start', - constraint_params => $redis_ceilometer_constraint_params, - require => [Pacemaker::Resource::Ocf['redis'], - Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name]], - } pacemaker::constraint::base { 'redis-then-aodh-evaluator-constraint': constraint_type => 'order', first_resource => 'redis-master', @@ -597,49 +202,6 @@ password=\"${mysql_root_password}\"", require => [Pacemaker::Resource::Ocf['redis'], Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name]], } - pacemaker::constraint::base { 'keystone-then-ceilometer-central-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::ceilometer::params::agent_central_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'keystone-then-ceilometer-notification-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::ceilometer::params::agent_notification_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint': - constraint_type => 'order', - first_resource => "${::ceilometer::params::agent_central_service_name}-clone", - second_resource => "${::ceilometer::params::collector_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], - Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]], - } - pacemaker::constraint::base { 'ceilometer-collector-then-ceilometer-api-constraint': - constraint_type => 'order', - first_resource => "${::ceilometer::params::collector_service_name}-clone", - second_resource => "${::ceilometer::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name], - Pacemaker::Resource::Service[$::ceilometer::params::api_service_name]], - } - pacemaker::constraint::colocation { 'ceilometer-api-with-ceilometer-collector-colocation': - source => "${::ceilometer::params::api_service_name}-clone", - target => "${::ceilometer::params::collector_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name], - Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]], - } # Aodh pacemaker::resource::service { $::aodh::params::evaluator_service_name : clone_params => 'interleave=true', @@ -682,41 +244,6 @@ password=\"${mysql_root_password}\"", require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], Pacemaker::Resource::Service[$::aodh::params::listener_service_name]], } - if downcase(hiera('ceilometer_backend')) == 'mongodb' { - pacemaker::constraint::base { 'mongodb-then-ceilometer-central-constraint': - constraint_type => 'order', - first_resource => "${::mongodb::params::service_name}-clone", - second_resource => "${::ceilometer::params::agent_central_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], - Pacemaker::Resource::Service[$::mongodb::params::service_name]], - } - } - - # gnocchi - pacemaker::resource::service { $::gnocchi::params::metricd_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::gnocchi::params::statsd_service_name : - clone_params => 'interleave=true', - } - pacemaker::constraint::base { 'gnocchi-metricd-then-gnocchi-statsd-constraint': - constraint_type => 'order', - first_resource => "${::gnocchi::params::metricd_service_name}-clone", - second_resource => "${::gnocchi::params::statsd_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name], - Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]], - } - pacemaker::constraint::colocation { 'gnocchi-statsd-with-metricd-colocation': - source => "${::gnocchi::params::statsd_service_name}-clone", - target => "${::gnocchi::params::metricd_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name], - Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]], - } # Horizon and Keystone pacemaker::resource::service { $::apache::params::service_name: diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml new file mode 100644 index 00000000..294e7dd2 --- /dev/null +++ b/puppet/services/ceilometer-agent-central.yaml @@ -0,0 +1,43 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Central Agent service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true + RedisVirtualIPUri: + type: string + default: '' + + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Central Agent role. + value: + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::agent::central::coordination_url: + list_join: + - '' + - - 'redis://:' + - {get_param: RedisPassword} + - '@' + - {get_param: RedisVirtualIPUri} + - ':6379/' + step_config: | + include ::tripleo::profile::base::ceilometer::agent::central diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml new file mode 100644 index 00000000..737836af --- /dev/null +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -0,0 +1,26 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Compute Agent service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Compute Agent role. + value: + config_settings: + get_attr: [CeilometerServiceBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::ceilometer::agent::compute diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml new file mode 100644 index 00000000..523dabb9 --- /dev/null +++ b/puppet/services/ceilometer-agent-notification.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Notification Agent service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Notification Agent role. + value: + config_settings: + get_attr: [CeilometerServiceBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::ceilometer::agent::notification diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml new file mode 100644 index 00000000..06c2ed12 --- /dev/null +++ b/puppet/services/ceilometer-api.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer API role. + value: + config_settings: + get_attr: [CeilometerServiceBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::ceilometer::api diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml new file mode 100644 index 00000000..1dea785f --- /dev/null +++ b/puppet/services/ceilometer-base.yaml @@ -0,0 +1,105 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CeilometerBackend: + default: 'mongodb' + description: The ceilometer backend type. + type: string + CeilometerMeteringSecret: + description: Secret shared by the ceilometer services. + type: string + hidden: true + CeilometerPassword: + description: The password for the ceilometer service account. + type: string + hidden: true + CeilometerMeterDispatcher: + default: 'gnocchi' + description: Dispatcher to process meter data + type: string + constraints: + - allowed_values: ['gnocchi', 'database'] + CeilometerWorkers: + default: 0 + description: Number of workers for Ceilometer service. + type: number + CeilometerStoreEvents: + default: false + description: Whether to store events in ceilometer. + type: boolean + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +outputs: + role_data: + description: Role data for the Ceilometer role. + value: + config_settings: + ceilometer::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - - '://ceilometer:' + - {get_param: CeilometerPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/ceilometer' + ceilometer_backend: {get_param: CeilometerBackend} + ceilometer::metering_secret: {get_param: CeilometerMeteringSecret} + # we include db_sync class in puppet-tripleo + ceilometer::db::sync_db: false + ceilometer::api::keystone_password: {get_param: CeilometerPassword} + ceilometer::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + ceilometer::api::keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} + ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents} + ceilometer::db::mysql::password: {get_param: CeilometerPassword} + ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher} + ceilometer::dispatcher::gnocchi::url: {get_param: [EndpointMap, GnocchiInternal, uri]} + ceilometer::dispatcher::gnocchi::filter_project: 'service' + ceilometer::dispatcher::gnocchi::archive_policy: 'low' + ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' + ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} + ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} + ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} + ceilometer::keystone::auth::password: {get_param: CeilometerPassword} + ceilometer::keystone::auth::region: {get_param: KeystoneRegion} + ceilometer::rabbit_userid: {get_param: RabbitUserName} + ceilometer::rabbit_password: {get_param: RabbitPassword} + ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + ceilometer::rabbit_port: {get_param: RabbitClientPort} + ceilometer::db::mysql::user: ceilometer + ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host]} + ceilometer::db::mysql::dbname: ceilometer + ceilometer::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml new file mode 100644 index 00000000..29627210 --- /dev/null +++ b/puppet/services/ceilometer-collector.yaml @@ -0,0 +1,26 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Collector service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Collector role. + value: + config_settings: + get_attr: [CeilometerServiceBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::ceilometer::collector diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml new file mode 100644 index 00000000..796abe1f --- /dev/null +++ b/puppet/services/ceilometer-expirer.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Expirer service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Expirer role. + value: + config_settings: + get_attr: [CeilometerServiceBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::ceilometer::expirer diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml new file mode 100644 index 00000000..3a23650b --- /dev/null +++ b/puppet/services/database/mysql.yaml @@ -0,0 +1,20 @@ +heat_template_version: 2016-04-08 + +description: > + MySQL service deployment using puppet + +parameters: + #Parameters not used EndpointMap + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Service MySQL using composable services. + value: + config_settings: + step_config: | + include ::tripleo::profile::base::database::mysql diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml new file mode 100644 index 00000000..a7b203b2 --- /dev/null +++ b/puppet/services/gnocchi-api.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + GnocchiServiceBase: + type: ./gnocchi-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::gnocchi::api diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml new file mode 100644 index 00000000..44f3c3c7 --- /dev/null +++ b/puppet/services/gnocchi-base.yaml @@ -0,0 +1,91 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + GnocchiBackend: + default: file + description: The short name of the Gnocchi backend to use. Should be one + of swift, rbd, or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd'] + GnocchiIndexerBackend: + default: 'mysql' + description: The short name of the Gnocchi indexer backend to use. + type: string + GnocchiPassword: + description: The password for the gnocchi service and db account. + type: string + hidden: true + GnocchiRbdPoolName: + default: metrics + type: string + CephClientUserName: + default: openstack + type: string + +outputs: + aux_parameters: + description: Additional parameters referenced outside the base file + value: + gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend} + role_data: + description: Shared role data for the Heat services. + value: + config_settings: + #Gnocchi engine + gnocchi::debug: {get_input: debug} + gnocchi::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://gnocchi:' + - {get_param: GnocchiPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/gnocchi' + gnocchi::keystone::auth::region: 'regionOne' + gnocchi::keystone::auth::tenant: 'service' + gnocchi::keystone::auth::password: {get_param: GnocchiPassword} + gnocchi::db::mysql::password: {get_param: GnocchiPassword} + gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types' + #Gnocchi API + tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} + gnocchi::api::manage_service: false + gnocchi::api::enabled: true + gnocchi::api::service_name: 'httpd' + gnocchi::api::keystone_tenant: 'service' + gnocchi::api::keystone_password: {get_param: GnocchiPassword} + gnocchi::wsgi::apache::ssl: false + gnocchi::storage::swift::swift_user: 'service:gnocchi' + gnocchi::storage::swift::swift_auth_version: 2 + gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword} + gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} + gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} + gnocchi::storage::ceph::ceph_keyring: + list_join: + - '.' + - - '/etc/ceph/ceph/' + - 'client/' + - {get_param: CephClientUserName} + - '/keyring' + #Gnocchi statsd + gnocchi::statsd::manage_service: false + gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26' + gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3' + gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616' + gnocchi::statsd::flush_delay: 10 + gnocchi::statsd::archive_policy_name: 'low' + gnocchi::db::mysql::user: gnocchi + gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlVirtual, host]} + gnocchi::db::mysql::dbname: gnocchi + gnocchi::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml new file mode 100644 index 00000000..bafc8dd0 --- /dev/null +++ b/puppet/services/gnocchi-metricd.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + GnocchiServiceBase: + type: ./gnocchi-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + - gnocchi::metricd::manage_service: false + step_config: | + include ::tripleo::profile::base::gnocchi::metricd diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml new file mode 100644 index 00000000..25abf490 --- /dev/null +++ b/puppet/services/gnocchi-statsd.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + GnocchiServiceBase: + type: ./gnocchi-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + - gnocchi::statsd::manage_service: false + step_config: | + include ::tripleo::profile::base::gnocchi::statsd diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml new file mode 100644 index 00000000..01cf5791 --- /dev/null +++ b/puppet/services/horizon.yaml @@ -0,0 +1,34 @@ +heat_template_version: 2016-04-08 + +description: > + Horizon service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + HorizonAllowedHosts: + default: '*' + description: A list of IP/Hostname allowed to connect to horizon + type: comma_delimited_list + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. + type: comma_delimited_list + +outputs: + role_data: + description: Role data for the Horizon role. + value: + config_settings: + horizon::allowed_hosts: {get_param: HorizonAllowedHosts} + neutron::plugins::ml2::mechanism_drivers: + str_replace: + template: MECHANISMS + params: + MECHANISMS: {get_param: NeutronMechanismDrivers} + step_config: | + include ::tripleo::profile::base::horizon diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index e1626d5b..5ab03fcb 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -38,6 +38,5 @@ outputs: ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri]} ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri]} ironic::keystone::auth::password: {get_param: IronicPassword } - step_config: | include ::tripleo::profile::base::ironic::api diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index 0eaa53cb..df82bb6c 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -41,7 +41,7 @@ outputs: description: Role data for the Ironic role. value: config_settings: - ironic_dsn: &ironic_dsn + ironic::database_connection: list_join: - '' - - {get_param: [EndpointMap, MysqlInternal, protocol]} @@ -51,14 +51,19 @@ outputs: - {get_param: [EndpointMap, MysqlInternal, host]} - '/ironic' ironic::admin_tenant_name: 'service' - ironic::database_connection: *ironic_dsn ironic::debug: {get_param: Debug} ironic::rabbit_userid: {get_param: RabbitUserName} ironic::rabbit_password: {get_param: RabbitPassword} ironic::rabbit_port: {get_param: RabbitClientPort} ironic::rabbit_use_ssl: {get_param: RabbitClientUseSSL} ironic::db::mysql::password: {get_param: IronicPassword} - ironic::keystone::auth::tenant: 'service' + ironic::db::mysql::user: ironic + ironic::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + ironic::db::mysql::dbname: ironic + ironic::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + ironic::keystone::auth::tenant: 'service' step_config: | include ::tripleo::profile::base::ironic diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 3fb3d9fd..26d4e0ed 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -31,6 +31,5 @@ outputs: # Prevent tftp_server from defaulting to my_ip setting, which is # controller VIP, not a real IP. ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network} - step_config: | include ::tripleo::profile::base::ironic::conductor diff --git a/puppet/services/neutron-compute-plugin-midonet.yaml b/puppet/services/neutron-compute-plugin-midonet.yaml new file mode 100644 index 00000000..c3b65c49 --- /dev/null +++ b/puppet/services/neutron-compute-plugin-midonet.yaml @@ -0,0 +1,19 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Compute Midonet plugin + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Neutron Compute Plumgrid plugin + value: + config_settings: + step_config: | + include ::tripleo::profile::base::neutron::agents::midonet diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml new file mode 100644 index 00000000..c5fbeeca --- /dev/null +++ b/puppet/services/neutron-compute-plugin-nuage.yaml @@ -0,0 +1,26 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Compute Nuage plugin + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaPassword: + description: The password for the nova service account, used by nova-api. + type: string + hidden: true + +outputs: + role_data: + description: Role data for the Neutron Compute Nuage plugin + value: + config_settings: + tripleo::profile::base::neutron::agents::nuage::nova_os_tenant_name: 'service' + tripleo::profile::base::neutron::agents::nuage::nova_os_password: {get_param: NovaPassword} + tripleo::profile::base::neutron::agents::nuage::nova_auth_ip: {get_param: [EndpointMap, KeystoneInternal, host]} + step_config: | + include ::tripleo::profile::base::neutron::agents::nuage diff --git a/puppet/services/neutron-compute-plugin-opencontrail.yaml b/puppet/services/neutron-compute-plugin-opencontrail.yaml new file mode 100644 index 00000000..2c79c56b --- /dev/null +++ b/puppet/services/neutron-compute-plugin-opencontrail.yaml @@ -0,0 +1,19 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Compute OpenContrail plugin + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Neutron Compute OpenContrail plugin + value: + config_settings: + step_config: | + include ::tripleo::profile::base::neutron::opencontrail::vrouter diff --git a/puppet/services/neutron-compute-plugin-plumgrid.yaml b/puppet/services/neutron-compute-plugin-plumgrid.yaml new file mode 100644 index 00000000..b8ec389e --- /dev/null +++ b/puppet/services/neutron-compute-plugin-plumgrid.yaml @@ -0,0 +1,19 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Compute Plumgrid plugin + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Neutron Compute Plumgrid plugin + value: + config_settings: + step_config: | + include tripleo::profile::base::neutron::plumgrid diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index 80ccf1c2..5d02bc90 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -13,22 +13,6 @@ parameters: default: 'False' description: If True, DHCP provide metadata route to VM. type: string - NeutronDnsmasqOptions: - default: 'dhcp-option-force=26,%MTU%' - description: > - Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU - to be set to the value of NeutronTenantMtu, which should be set to account - for tunnel overhead. - type: string - NeutronTenantMtu: - description: > - The default MTU for tenant networks. For VXLAN/GRE tunneling, this should - be at least 50 bytes smaller than the MTU on the physical network. This - value will be used to set the MTU on the virtual Ethernet device. - This value will be used to construct the NeutronDnsmasqOptions, since that - will determine the MTU that is assigned to the VM host through DHCP. - default: "1400" - type: string resources: @@ -42,12 +26,6 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - - neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf - tripleo::profile::base::neutron::dhcp: - str_replace: - template: {get_param: NeutronDnsmasqOptions} - params: - '%MTU%': {get_param: NeutronTenantMtu} - neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} + - neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} step_config: | include tripleo::profile::base::neutron::dhcp diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml new file mode 100644 index 00000000..dc1d6e40 --- /dev/null +++ b/puppet/services/pacemaker.yaml @@ -0,0 +1,19 @@ +heat_template_version: 2016-04-08 + +description: > + Pacemaker service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Pacemaker role. + value: + config_settings: + step_config: | + include ::tripleo::profile::base::pacemaker diff --git a/puppet/services/pacemaker/ceilometer-agent-central.yaml b/puppet/services/pacemaker/ceilometer-agent-central.yaml new file mode 100644 index 00000000..8fb7bd23 --- /dev/null +++ b/puppet/services/pacemaker/ceilometer-agent-central.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Central Agent service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CeilometerServiceBase: + type: ../ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Central Agent pacemaker role. + value: + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::agent::central::manage_service: false + ceilometer::agent::central::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::ceilometer::agent::central diff --git a/puppet/services/pacemaker/ceilometer-agent-notification.yaml b/puppet/services/pacemaker/ceilometer-agent-notification.yaml new file mode 100644 index 00000000..54709783 --- /dev/null +++ b/puppet/services/pacemaker/ceilometer-agent-notification.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Notification Agent service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CeilometerServiceBase: + type: ../ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Notification Agent pacemaker role. + value: + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::agent::notification::manage_service: false + ceilometer::agent::notification::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::ceilometer::agent::notification diff --git a/puppet/services/pacemaker/ceilometer-api.yaml b/puppet/services/pacemaker/ceilometer-api.yaml new file mode 100644 index 00000000..d45b1578 --- /dev/null +++ b/puppet/services/pacemaker/ceilometer-api.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer API service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CeilometerServiceBase: + type: ../ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer API pacemaker role. + value: + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::api::manage_service: false + ceilometer::api::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::ceilometer::api diff --git a/puppet/services/pacemaker/ceilometer-collector.yaml b/puppet/services/pacemaker/ceilometer-collector.yaml new file mode 100644 index 00000000..487a557c --- /dev/null +++ b/puppet/services/pacemaker/ceilometer-collector.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Collector service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CeilometerServiceBase: + type: ../ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Collector pacemaker role. + value: + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::collector::manage_service: false + ceilometer::collector::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::ceilometer::collector diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml new file mode 100644 index 00000000..1cecbfae --- /dev/null +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -0,0 +1,20 @@ +heat_template_version: 2016-04-08 + +description: > + MySQL with Pacemaker service deployment using puppet + +parameters: + #Parameters not used EndpointMap + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Service MySQL with Pacemaker using composable services. + value: + config_settings: + step_config: | + include ::tripleo::profile::pacemaker::database::mysql diff --git a/puppet/services/pacemaker/gnocchi-api.yaml b/puppet/services/pacemaker/gnocchi-api.yaml new file mode 100644 index 00000000..ac5355d9 --- /dev/null +++ b/puppet/services/pacemaker/gnocchi-api.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + GnocchiServiceBase: + type: ../gnocchi-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::gnocchi::api diff --git a/puppet/services/pacemaker/gnocchi-metricd.yaml b/puppet/services/pacemaker/gnocchi-metricd.yaml new file mode 100644 index 00000000..8a5562e6 --- /dev/null +++ b/puppet/services/pacemaker/gnocchi-metricd.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + GnocchiServiceBase: + type: ../gnocchi-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + - gnocchi::metricd::manage_service: false + tripleo::profile::pacemaker::gnocchi::gnocchi_indexer_backend: {get_attr: [GnocchiServiceBase, aux_parameters, gnocchi_indexer_backend]} + + step_config: | + include ::tripleo::profile::pacemaker::gnocchi::metricd diff --git a/puppet/services/pacemaker/gnocchi-statsd.yaml b/puppet/services/pacemaker/gnocchi-statsd.yaml new file mode 100644 index 00000000..8625b4e1 --- /dev/null +++ b/puppet/services/pacemaker/gnocchi-statsd.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + GnocchiServiceBase: + type: ../gnocchi-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + - gnocchi::statsd::manage_service: false + tripleo::profile::pacemaker::gnocchi::gnocchi_indexer_backend: {get_attr: [GnocchiServiceBase, aux_parameters, gnocchi_indexer_backend]} + step_config: | + include ::tripleo::profile::pacemaker::gnocchi::statsd diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index dc274dcd..9d049bd3 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -340,6 +340,12 @@ resources: get_param: UpdateIdentifier outputs: + ip_address: + description: IP address of the server in the ctlplane network + value: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + hostname: + description: Hostname of the server + value: {get_attr: [SwiftStorage, name]} hosts_entry: value: str_replace: |