aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--environments/puppet-ceph-external.yaml8
-rw-r--r--overcloud-resource-registry-puppet.yaml2
-rw-r--r--overcloud.yaml11
-rw-r--r--puppet/ceph-storage-post.yaml1
-rw-r--r--puppet/ceph-storage.yaml20
-rw-r--r--puppet/cinder-storage-post.yaml1
-rw-r--r--puppet/compute-post.yaml1
-rw-r--r--puppet/compute.yaml17
-rw-r--r--puppet/controller-config-pacemaker.yaml1
-rw-r--r--puppet/controller-config.yaml1
-rw-r--r--puppet/controller.yaml105
-rw-r--r--puppet/services/aodh-api.yaml11
-rw-r--r--puppet/services/ceilometer-api.yaml7
-rw-r--r--puppet/services/ceph-base.yaml18
-rw-r--r--puppet/services/database/mongodb.yaml7
-rw-r--r--puppet/services/glance-api.yaml8
-rw-r--r--puppet/services/glance-registry.yaml7
-rw-r--r--puppet/services/gnocchi-api.yaml13
-rw-r--r--puppet/services/gnocchi-base.yaml1
-rw-r--r--puppet/services/gnocchi-metricd.yaml1
-rw-r--r--puppet/services/gnocchi-statsd.yaml1
-rw-r--r--puppet/services/heat-api-cfn.yaml7
-rw-r--r--puppet/services/heat-api-cloudwatch.yaml7
-rw-r--r--puppet/services/heat-api.yaml7
-rw-r--r--puppet/services/heat-engine.yaml14
-rw-r--r--puppet/services/keystone.yaml11
-rw-r--r--puppet/services/manila-api.yaml7
-rw-r--r--puppet/services/neutron-ovs-agent.yaml7
-rw-r--r--puppet/services/neutron-ovs-dpdk-agent.yaml73
-rw-r--r--puppet/services/neutron-plugin-ml2.yaml8
-rw-r--r--puppet/services/neutron-sriov-agent.yaml58
-rw-r--r--puppet/services/nova-compute.yaml9
-rw-r--r--puppet/services/nova-scheduler.yaml5
-rw-r--r--puppet/services/pacemaker/gnocchi-api.yaml2
-rw-r--r--puppet/services/pacemaker/gnocchi-metricd.yaml1
-rw-r--r--puppet/services/pacemaker/gnocchi-statsd.yaml1
-rw-r--r--puppet/services/swift-base.yaml33
-rw-r--r--puppet/services/swift-proxy.yaml106
-rw-r--r--puppet/services/swift-storage.yaml56
-rw-r--r--puppet/swift-storage-post.yaml1
-rw-r--r--puppet/swift-storage.yaml22
41 files changed, 426 insertions, 251 deletions
diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml
index 19cca657..06e4f7aa 100644
--- a/environments/puppet-ceph-external.yaml
+++ b/environments/puppet-ceph-external.yaml
@@ -2,9 +2,12 @@
# use of an externally managed Ceph cluster.
resource_registry:
OS::TripleO::Services::CephExternal: ../puppet/services/ceph-external.yaml
+ OS::TripleO::Services::CephMon: OS::Heat::None
+ OS::TripleO::Services::CephClient: OS::Heat::None
+ OS::TripleO::Services::CephOSD: OS::Heat::None
parameter_defaults:
- # NOTE: These example parameters are required when using Ceph External
+ # NOTE: These example parameters are required when using CephExternal
#CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19'
#CephClientKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
#CephExternalMonHost: '172.16.1.7, 172.16.1.8'
@@ -26,3 +29,6 @@ parameter_defaults:
# finally we disable the Cinder LVM backend
CinderEnableIscsiBackend: false
+
+ # Backward compatibility setting, will be removed in the future
+ CephAdminKey: ''
diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
index 817ff2c8..ab4d249f 100644
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -165,8 +165,10 @@ resource_registry:
OS::TripleO::Services::NeutronCorePluginOpencontrail: puppet/services/neutron-plugin-opencontrail.yaml
OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml
OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
+ # ComputeNeutronOvsAgent can be overriden to puppet/services/neutron-ovs-dpdk-agent.yaml also to enable DPDK
OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
OS::TripleO::Services::Pacemaker: OS::Heat::None
+ OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None
OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml
OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml
OS::TripleO::Services::Keepalived: puppet/services/keepalived.yaml
diff --git a/overcloud.yaml b/overcloud.yaml
index b37426f8..f96f6605 100644
--- a/overcloud.yaml
+++ b/overcloud.yaml
@@ -91,11 +91,6 @@ parameters:
may be implementation specific, e.g puppet hieradata. Any role specific
ExtraConfig, e.g controllerExtraConfig takes precedence over ExtraConfig.
type: json
- SwiftHashSuffix:
- description: A random string to be used as a salt when hashing to determine mappings in the ring.
- type: string
- hidden: true
-
# Compute-specific params
ComputeCount:
@@ -200,6 +195,7 @@ parameters:
- OS::TripleO::Services::ComputeNeutronMetadataAgent
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::NeutronSriovAgent
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the Compute Nodes.
@@ -403,7 +399,6 @@ resources:
properties:
CloudDomain: {get_param: CloudDomain}
controllerExtraConfig: {get_param: controllerExtraConfig}
- HeatAuthEncryptionKey: {get_resource: HeatAuthEncryptionKey}
HorizonSecret: {get_resource: HorizonSecret}
PcsdPassword: {get_resource: PcsdPassword}
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
@@ -439,9 +434,6 @@ resources:
CloudDomain: {get_param: CloudDomain}
NeutronPhysicalBridge: {get_param: HypervisorNeutronPhysicalBridge}
NeutronPublicInterface: {get_param: HypervisorNeutronPublicInterface}
- # L3 HA and Failover is not relevant for Computes, should be removed
- NovaApiHost: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaApiNetwork]}]}
- NovaPublicIP: {get_attr: [VipMap, net_ip_map, external]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
Hostname:
@@ -502,7 +494,6 @@ resources:
resource_def:
type: OS::TripleO::ObjectStorage
properties:
- HashSuffix: {get_param: SwiftHashSuffix}
UpdateIdentifier: {get_param: UpdateIdentifier}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
Hostname:
diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml
index 70baeb6e..a83e0cfe 100644
--- a/puppet/ceph-storage-post.yaml
+++ b/puppet/ceph-storage-post.yaml
@@ -38,6 +38,7 @@ resources:
enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
inputs:
- name: step
outputs:
diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml
index de5a9c39..829456b5 100644
--- a/puppet/ceph-storage.yaml
+++ b/puppet/ceph-storage.yaml
@@ -231,22 +231,6 @@ resources:
server: {get_resource: CephStorage}
input_values:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- ceph_cluster_network:
- get_attr:
- - NetIpMap
- - net_ip_map
- - str_replace:
- template: "NETWORK_subnet"
- params:
- NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]}
- ceph_public_network:
- get_attr:
- - NetIpMap
- - net_ip_map
- - str_replace:
- template: "NETWORK_subnet"
- params:
- NETWORK: {get_param: [ServiceNetMap, CephPublicNetwork]}
CephStorageConfig:
type: OS::Heat::StructuredConfig
@@ -261,8 +245,6 @@ resources:
- extraconfig
- service_names
- service_configs
- - ceph_cluster # provided by CephClusterConfig
- - ceph
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
merge_behavior: deeper
@@ -282,8 +264,6 @@ resources:
ceph:
mapped_data:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
- ceph::profile::params::public_network: {get_input: ceph_public_network}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml
index c3dd403e..6416c43e 100644
--- a/puppet/cinder-storage-post.yaml
+++ b/puppet/cinder-storage-post.yaml
@@ -37,6 +37,7 @@ resources:
enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
inputs:
- name: step
outputs:
diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml
index c1b37772..d0c6082c 100644
--- a/puppet/compute-post.yaml
+++ b/puppet/compute-post.yaml
@@ -38,6 +38,7 @@ resources:
enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
inputs:
- name: step
outputs:
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index c6dc94d6..1790aa0d 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -42,9 +42,6 @@ parameters:
NodeIndex:
type: number
default: 0
- NovaApiHost:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
NovaComputeExtraConfig:
default: {}
description: |
@@ -54,9 +51,6 @@ parameters:
NovaComputeIPs:
default: {}
type: json
- NovaPublicIP:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -264,7 +258,6 @@ resources:
- service_names
- service_configs
- compute
- - ceph_cluster # provided by CephClusterConfig
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre
@@ -272,6 +265,7 @@ resources:
- nova_nuage_data # Optionally provided by ComputeExtraConfigPre
- midonet_data # Optionally provided by AllNodesExtraConfig
- neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre
+ - cisco_aci_data # Optionally provided by ComputeExtraConfigPre
merge_behavior: deeper
datafiles:
service_names:
@@ -288,11 +282,6 @@ resources:
mapped_data: {get_param: ExtraConfig}
compute:
mapped_data:
- nova_api_host: {get_input: nova_api_host}
- nova::compute::vncproxy_host: {get_input: nova_public_ip}
- nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address}
- neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
-
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
NovaComputeDeployment:
@@ -303,10 +292,6 @@ resources:
config: {get_resource: NovaComputeConfig}
server: {get_resource: NovaCompute}
input_values:
- nova_public_ip: {get_param: NovaPublicIP}
- nova_api_host: {get_param: NovaApiHost}
- nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]}
- neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
# Resource for site-specific injection of root certificate
diff --git a/puppet/controller-config-pacemaker.yaml b/puppet/controller-config-pacemaker.yaml
index 5116cac7..b313f5de 100644
--- a/puppet/controller-config-pacemaker.yaml
+++ b/puppet/controller-config-pacemaker.yaml
@@ -23,6 +23,7 @@ resources:
enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
outputs:
- name: result
config:
diff --git a/puppet/controller-config.yaml b/puppet/controller-config.yaml
index cadba703..811c544d 100644
--- a/puppet/controller-config.yaml
+++ b/puppet/controller-config.yaml
@@ -23,6 +23,7 @@ resources:
enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
outputs:
- name: result
config:
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 1b2706ea..b5d3b6f8 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -4,10 +4,6 @@ description: >
OpenStack controller node configured by Puppet.
parameters:
- AodhPassword:
- description: The password for the aodh services.
- type: string
- hidden: true
controllerExtraConfig:
default: {}
description: |
@@ -87,10 +83,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- HeatAuthEncryptionKey:
- description: Auth encryption key for heat-engine
- type: string
- hidden: true
HorizonSecret:
description: Secret key for Django
type: string
@@ -166,11 +158,6 @@ parameters:
type: string
default: '' # Has to be here because of the ignored empty value bug
description: An IP address which is wrapped in brackets in case of IPv6
- SwiftHashSuffix:
- description: A random string to be used as a salt when hashing to determine mappings
- in the ring.
- hidden: true
- type: string
SwiftRawDisks:
default: {}
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
@@ -405,7 +392,6 @@ resources:
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
- heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
horizon_secret: {get_param: HorizonSecret}
debug: {get_param: Debug}
keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
@@ -416,17 +402,6 @@ resources:
manage_firewall: {get_param: ManageFirewall}
purge_firewall_rules: {get_param: PurgeFirewallRules}
neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
- aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
- aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
- ceilometer_coordination_url:
- list_join:
- - ''
- - - 'redis://:'
- - {get_param: RedisPassword}
- - '@'
- - {get_param: RedisVirtualIPUri}
- - ':6379/'
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
nova_ipv6: {get_param: NovaIPv6}
corosync_ipv6: {get_param: CorosyncIPv6}
@@ -436,23 +411,10 @@ resources:
instance_name_template: {get_param: InstanceNameTemplate}
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
- swift_hash_suffix: {get_param: SwiftHashSuffix}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
- swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
- glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
- glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
- heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
- keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
- keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
- manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
- mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongodbNetwork]}]}
neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
- ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
- aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
- gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
@@ -472,23 +434,6 @@ resources:
redis_vip: {get_param: RedisVirtualIP}
sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
- ceph_cluster_network:
- get_attr:
- - NetIpMap
- - net_ip_map
- - str_replace:
- template: "NETWORK_subnet"
- params:
- NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]}
- ceph_public_network:
- get_attr:
- - NetIpMap
- - net_ip_map
- - str_replace:
- template: "NETWORK_subnet"
- params:
- NETWORK: {get_param: [ServiceNetMap, CephPublicNetwork]}
- ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
# Map heat metadata into hiera datafiles
@@ -507,8 +452,6 @@ resources:
- service_names
- controller
- swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
- - ceph_cluster # provided by CephClusterConfig
- - ceph
- bootstrap_node # provided by BootstrapNodeConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by vip-config
@@ -520,6 +463,7 @@ resources:
- neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
- midonet_data #Optionally provided by AllNodesExtraConfig
+ - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
merge_behavior: deeper
datafiles:
service_names:
@@ -537,11 +481,6 @@ resources:
- {get_param: ControllerExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
- ceph:
- mapped_data:
- ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
- ceph::profile::params::public_network: {get_input: ceph_public_network}
- ceph::profile::params::public_addr: {get_input: ceph_public_ip}
controller:
mapped_data: # data supplied directly to this deployment configuration, etc
bootstack_nodeid: {get_input: bootstack_nodeid}
@@ -553,55 +492,13 @@ resources:
corosync_ipv6: {get_input: corosync_ipv6}
tripleo::fencing::config: {get_input: fencing_config}
- # Swift
- # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml
- swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
- swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
- swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
-
- # Glance
- glance::api::bind_host: {get_input: glance_api_network}
- glance::registry::bind_host: {get_input: glance_registry_network}
-
- # Heat
- heat::api::bind_host: {get_input: heat_api_network}
- heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
- heat::api_cfn::bind_host: {get_input: heat_api_network}
- heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
-
- # Keystone
- keystone::admin_bind_host: {get_input: keystone_admin_api_network}
- keystone::public_bind_host: {get_input: keystone_public_api_network}
- keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
- keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
-
- # Manila
- manila::api::bind_host: {get_input: manila_api_network}
-
- # MongoDB
- mongodb::server::bind_ip: {get_input: mongo_db_network}
-
# Neutron
neutron::bind_host: {get_input: neutron_api_network}
neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
-
- # Aodh
- aodh::api::host: {get_input: aodh_api_network}
- aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
-
- # Ceilometer
- ceilometer::api::host: {get_input: ceilometer_api_network}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
- # Gnocchi
- gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
- gnocchi::api::host: {get_input: gnocchi_api_network}
- gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri}
- gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri}
- gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
-
# Nova
nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
nova::use_ipv6: {get_input: nova_ipv6}
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
index ae0f0c2d..4308052b 100644
--- a/puppet/services/aodh-api.yaml
+++ b/puppet/services/aodh-api.yaml
@@ -37,11 +37,18 @@ outputs:
- get_attr: [AodhBase, role_data, config_settings]
- aodh::wsgi::apache::ssl: false
aodh::api::service_name: 'httpd'
- - tripleo.aodh_api.firewall_rules:
+ tripleo.aodh_api.firewall_rules:
'128 aodh-api':
dport:
- 8042
- 13042
-
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ aodh::api::host: {get_param: [ServiceNetMap, AodhApiNetwork]}
+ aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
step_config: |
include tripleo::profile::base::aodh::api
diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml
index 3a01a1f9..85b9aacc 100644
--- a/puppet/services/ceilometer-api.yaml
+++ b/puppet/services/ceilometer-api.yaml
@@ -41,5 +41,12 @@ outputs:
dport:
- 8777
- 13777
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ ceilometer::api::host: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
step_config: |
include ::tripleo::profile::base::ceilometer::api
diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml
index 415b77b6..4d98546d 100644
--- a/puppet/services/ceph-base.yaml
+++ b/puppet/services/ceph-base.yaml
@@ -4,7 +4,9 @@ description: >
Ceph base service. Shared by all Ceph services.
parameters:
+ # NOTE(gfidente): needs a default to cope with external Ceph deployments were we don't pass (and need) an Admin key
CephAdminKey:
+ default: ''
description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
@@ -77,6 +79,22 @@ outputs:
ceph::profile::params::manage_repo: false
ceph::profile::params::authentication_type: cephx
ceph::profile::params::fsid: {get_param: CephClusterFSID}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ ceph::profile::params::cluster_network:
+ str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]}
+ ceph::profile::params::public_network:
+ str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, CephPublicNetwork]}
+ ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephPublicNetwork]}
ceph::profile::params::client_keys:
str_replace:
template: "{
diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml
index b6eb4803..36962a34 100644
--- a/puppet/services/database/mongodb.yaml
+++ b/puppet/services/database/mongodb.yaml
@@ -45,5 +45,12 @@ outputs:
dport: 27018
'103 mongod':
dport: 27017
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ mongodb::server::bind_ip: {get_param: [ServiceNetMap, MongodbNetwork]}
step_config: |
include ::tripleo::profile::base::database::mongodb
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index 4954119f..d2376af3 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -131,6 +131,12 @@ outputs:
glance::api::keystone_tenant: 'service'
glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true
-
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]}
step_config: |
include ::tripleo::profile::base::glance::api
diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml
index d8861f70..06ef9379 100644
--- a/puppet/services/glance-registry.yaml
+++ b/puppet/services/glance-registry.yaml
@@ -66,5 +66,12 @@ outputs:
'112 glance_registry':
dport:
- 9191
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]}
step_config: |
include ::tripleo::profile::base::glance::registry
diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
index bc217743..d21e5b2b 100644
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@@ -56,7 +56,6 @@ outputs:
- 8041
- 13041
gnocchi::api::enabled: true
- gnocchi::api::manage_service: false
gnocchi::api::service_name: 'httpd'
gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
@@ -70,5 +69,17 @@ outputs:
gnocchi::keystone::authtoken::project_name: 'service'
gnocchi::wsgi::apache::ssl: false
tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
+ gnocchi::api::host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
+
+ gnocchi::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]}
step_config: |
include ::tripleo::profile::base::gnocchi::api
diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml
index ac5a17ca..9b9cafb8 100644
--- a/puppet/services/gnocchi-base.yaml
+++ b/puppet/services/gnocchi-base.yaml
@@ -85,7 +85,6 @@ outputs:
- {get_param: CephClientUserName}
- 'keyring'
#Gnocchi statsd
- gnocchi::statsd::manage_service: false
gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26'
gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3'
gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml
index df342ebd..205d0552 100644
--- a/puppet/services/gnocchi-metricd.yaml
+++ b/puppet/services/gnocchi-metricd.yaml
@@ -35,6 +35,5 @@ outputs:
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
- - gnocchi::metricd::manage_service: false
step_config: |
include ::tripleo::profile::base::gnocchi::metricd
diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml
index b6e63bf3..018ad2b1 100644
--- a/puppet/services/gnocchi-statsd.yaml
+++ b/puppet/services/gnocchi-statsd.yaml
@@ -35,6 +35,5 @@ outputs:
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
- - gnocchi::statsd::manage_service: false
step_config: |
include ::tripleo::profile::base::gnocchi::statsd
diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml
index 4f8900aa..a15ea32d 100644
--- a/puppet/services/heat-api-cfn.yaml
+++ b/puppet/services/heat-api-cfn.yaml
@@ -59,5 +59,12 @@ outputs:
dport:
- 8000
- 13800
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api_cfn
diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml
index 7a09aad0..6d645ee7 100644
--- a/puppet/services/heat-api-cloudwatch.yaml
+++ b/puppet/services/heat-api-cloudwatch.yaml
@@ -45,5 +45,12 @@ outputs:
dport:
- 8003
- 13003
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ heat::api_cloudwatch::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api_cloudwatch
diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml
index 3a5d2a13..ec3b0e37 100644
--- a/puppet/services/heat-api.yaml
+++ b/puppet/services/heat-api.yaml
@@ -59,5 +59,12 @@ outputs:
dport:
- 8004
- 13004
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]}
step_config: |
include ::tripleo::profile::base::heat::api
diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml
index fba80c5d..b230ec1d 100644
--- a/puppet/services/heat-engine.yaml
+++ b/puppet/services/heat-engine.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
Openstack Heat Engine service configured with Puppet
@@ -35,6 +35,11 @@ parameters:
description: Password for heat_stack_domain_admin user.
type: string
hidden: true
+ HeatAuthEncryptionKey:
+ description: Auth encryption key for heat-engine
+ type: string
+ hidden: true
+ default: ''
resources:
HeatBase:
@@ -76,5 +81,12 @@ outputs:
heat::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+ heat::engine::auth_encryption_key:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: HeatAuthEncryptionKey}
+ - {get_param: [DefaultPasswords, heat_auth_encryption_key]}
step_config: |
include ::tripleo::profile::base::heat::engine
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 0a5193df..c763c391 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -149,5 +149,16 @@ outputs:
- 13000
- 35357
- 13357
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ # NOTE: this applies to all 4 bind IP settings below...
+ keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
+ keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
+ keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
+ keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
step_config: |
include ::tripleo::profile::base::keystone
diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml
index 633e75ba..b3987747 100644
--- a/puppet/services/manila-api.yaml
+++ b/puppet/services/manila-api.yaml
@@ -55,6 +55,13 @@ outputs:
manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
manila::keystone::auth::password: {get_param: ManilaPassword }
manila::keystone::auth::region: {get_param: KeystoneRegion }
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]}
step_config: |
include ::tripleo::profile::base::manila::api
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index 5a0ad23c..1b19f90f 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -89,5 +89,12 @@ outputs:
template: AGENT_EXTENSIONS
params:
AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
step_config: |
include ::tripleo::profile::base::neutron::ovs
diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml
new file mode 100644
index 00000000..1f1e14ab
--- /dev/null
+++ b/puppet/services/neutron-ovs-dpdk-agent.yaml
@@ -0,0 +1,73 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron OVS DPDK configured with Puppet for Compute Role
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronDpdkCoreList:
+ default: ""
+ description: List of cores to be used for DPDK Poll Mode Driver
+ type: string
+ NeutronDpdkMemoryChannels:
+ default: ""
+ description: Number of memory channels to be used for DPDK
+ type: string
+ NeutronDpdkSocketMemory:
+ default: ""
+ description: Memory allocated for each socket
+ type: string
+ NeutronDpdkDriverType:
+ default: "vfio-pci"
+ description: DPDK Driver type
+ type: string
+ # below parameters has to be set in neutron agent only for compute nodes.
+ # as of now there is no other usecase for these parameters except dpdk.
+ # should be moved to compute only ovs agent in case of any other usecases.
+ NeutronDatapathType:
+ default: ""
+ description: Datapath type for ovs bridges
+ type: string
+ NeutronVhostuserSocketDir:
+ default: ""
+ description: The vhost-user socket directory for OVS
+ type: string
+
+resources:
+
+ NeutronOvsAgent:
+ type: ./neutron-ovs-agent.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron OVS DPDK Agent service.
+ value:
+ service_name: neutron_ovs_dpdk_agent
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronOvsAgent, role_data, config_settings]
+ neutron::agents::ml2::ovs::enable_dpdk: true
+ neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType}
+ neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir}
+ vswitch::dpdk::core_list: {get_param: NeutronDpdkCoreList}
+ vswitch::dpdk::memory_channels: {get_param: NeutronDpdkMemoryChannels}
+ vswitch::dpdk::socket_mem: {get_param: NeutronDpdkSocketMemory}
+ vswitch::dpdk::driver_type: {get_param: NeutronDpdkDriverType}
+ step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]}
diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml
index 165b9687..5dbae3dc 100644
--- a/puppet/services/neutron-plugin-ml2.yaml
+++ b/puppet/services/neutron-plugin-ml2.yaml
@@ -60,7 +60,12 @@ parameters:
default: 'vxlan'
description: The tenant network type for Neutron.
type: comma_delimited_list
-
+ NeutronSupportedPCIVendorDevs:
+ description: |
+ List of supported pci vendor devices in the format VendorID:ProductID.
+ By default Intel & Mellanox SR-IOV capable NICs are supported.
+ type: comma_delimited_list
+ default: ['15b3:1004','8086:10ca']
resources:
NeutronBase:
@@ -118,6 +123,7 @@ outputs:
template: TYPES
params:
TYPES: {get_param: NeutronNetworkType}
+ neutron::plugins::ml2::supported_pci_vendor_devs: {get_param: NeutronSupportedPCIVendorDevs}
step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2
diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml
new file mode 100644
index 00000000..559500df
--- /dev/null
+++ b/puppet/services/neutron-sriov-agent.yaml
@@ -0,0 +1,58 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron SR-IOV nic agent configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: >
+ Mapping of service_name -> network name. Typically set via
+ parameter_defaults in the resource registry. This mapping overrides those
+ in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ NeutronPhysicalDevMappings:
+ description: >
+ List of <physical_network>:<physical device>
+ All physical networks listed in network_vlan_ranges
+ on the server should have mappings to appropriate
+ interfaces on each agent.
+ type: comma_delimited_list
+ default: ""
+ NeutronExcludeDevices:
+ description: >
+ List of <network_device>:<excluded_devices> mapping
+ network_device to the agent's node-specific list of virtual functions
+ that should not be used for virtual networking. excluded_devices is a
+ semicolon separated list of virtual functions to exclude from
+ network_device. The network_device in the mapping should appear in the
+ physical_device_mappings list.
+ type: comma_delimited_list
+ default: ""
+ NeutronSriovNumVFs:
+ description: >
+ Provide the list of VFs to be reserved for each SR-IOV interface.
+ Format "<interface_name1>:<numvfs1>","<interface_name2>:<numvfs2>"
+ Example "eth1:4096","eth2:128"
+ type: comma_delimited_list
+ default: ""
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the Neutron SR-IOV nic agent service.
+ value:
+ service_name: neutron_sriov_agent
+ config_settings:
+ neutron::agents::ml2::sriov::physical_device_mappings: {get_param: NeutronPhysicalDevMappings}
+ neutron::agents::ml2::sriov::exclude_devices: {get_param: NeutronExcludeDevices}
+ neutron::agents::ml2::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs}
+ step_config: |
+ include ::tripleo::profile::base::neutron::sriov
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index 1a473a4e..dc962297 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -88,7 +88,14 @@ outputs:
# example openvswitch.
nova::compute::reserved_host_memory: 2048
nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
-
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ nova::compute::vncserver_proxyclient_address: {get_param: [ServiceNetMap, NovaVncProxyNetwork]}
+ nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host]}
step_config: |
# TODO(emilien): figure how to deal with libvirt profile.
# We'll probably treat it like we do with Neutron plugins.
diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml
index 78ff008b..1e12b5ba 100644
--- a/puppet/services/nova-scheduler.yaml
+++ b/puppet/services/nova-scheduler.yaml
@@ -18,6 +18,10 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ NovaSchedulerAvailableFilters:
+ default: []
+ description: List of scheduler available filters
+ type: comma_delimited_list
resources:
NovaBase:
@@ -36,5 +40,6 @@ outputs:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- nova::scheduler::filter::ram_allocation_ratio: '1.0'
+ nova::scheduler::filter::scheduler_available_filters: {get_param: NovaSchedulerAvailableFilters}
step_config: |
include tripleo::profile::base::nova::scheduler
diff --git a/puppet/services/pacemaker/gnocchi-api.yaml b/puppet/services/pacemaker/gnocchi-api.yaml
index 1f6ed461..50bd3fa7 100644
--- a/puppet/services/pacemaker/gnocchi-api.yaml
+++ b/puppet/services/pacemaker/gnocchi-api.yaml
@@ -35,5 +35,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
+ - gnocchi::metricd::manage_service: false
+ gnocchi::metricd::enabled: false
step_config: |
include ::tripleo::profile::pacemaker::gnocchi::api
diff --git a/puppet/services/pacemaker/gnocchi-metricd.yaml b/puppet/services/pacemaker/gnocchi-metricd.yaml
index cea27e9a..0a6b03ea 100644
--- a/puppet/services/pacemaker/gnocchi-metricd.yaml
+++ b/puppet/services/pacemaker/gnocchi-metricd.yaml
@@ -36,6 +36,7 @@ outputs:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
- gnocchi::metricd::manage_service: false
+ gnocchi::metricd::enabled: false
tripleo::profile::pacemaker::gnocchi::gnocchi_indexer_backend: {get_attr: [GnocchiServiceBase, aux_parameters, gnocchi_indexer_backend]}
step_config: |
diff --git a/puppet/services/pacemaker/gnocchi-statsd.yaml b/puppet/services/pacemaker/gnocchi-statsd.yaml
index 2e1531fc..12256d32 100644
--- a/puppet/services/pacemaker/gnocchi-statsd.yaml
+++ b/puppet/services/pacemaker/gnocchi-statsd.yaml
@@ -36,6 +36,7 @@ outputs:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
- gnocchi::statsd::manage_service: false
+ gnocchi::statsd::enabled: false
tripleo::profile::pacemaker::gnocchi::gnocchi_indexer_backend: {get_attr: [GnocchiServiceBase, aux_parameters, gnocchi_indexer_backend]}
step_config: |
include ::tripleo::profile::pacemaker::gnocchi::statsd
diff --git a/puppet/services/swift-base.yaml b/puppet/services/swift-base.yaml
new file mode 100644
index 00000000..741adb4d
--- /dev/null
+++ b/puppet/services/swift-base.yaml
@@ -0,0 +1,33 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Swift Proxy service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ SwiftHashSuffix:
+ description: A random string to be used as a salt when hashing to determine mappings
+ in the ring.
+ hidden: true
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the Swift common swift settings.
+ value:
+ service_name: swift_base
+ config_settings:
+ swift::swift_hash_path_suffix: {get_param: SwiftHashSuffix}
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index 6c2bb44b..cba08090 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -39,6 +39,13 @@ parameters:
default: 'regionOne'
description: Keystone region for endpoint
+resources:
+ SwiftBase:
+ type: ./swift-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
@@ -46,50 +53,59 @@ outputs:
value:
service_name: swift_proxy
config_settings:
- # Swift
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
- swift::proxy::authtoken::admin_tenant_name: 'service'
- swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
- swift::proxy::workers: {get_param: SwiftWorkers}
- swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
- swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
- swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
- swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
- swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
- swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
- swift::keystone::auth::password: {get_param: SwiftPassword}
- swift::keystone::auth::region: {get_param: KeystoneRegion}
- tripleo.swift_proxy.firewall_rules:
- '122 swift proxy':
- dport:
- - 8080
- - 13808
- swift::keystone::auth::tenant: 'service'
- swift::keystone::auth::configure_s3_endpoint: false
- swift::keystone::auth::operator_roles:
- - admin
- - swiftoperator
- - ResellerAdmin
- swift::proxy::keystone::operator_roles:
- - admin
- - swiftoperator
- - ResellerAdmin
- swift::proxy::pipeline:
- - 'catch_errors'
- - 'healthcheck'
- - 'proxy-logging'
- - 'cache'
- - 'ratelimit'
- - 'bulk'
- - 'tempurl'
- - 'formpost'
- - 'authtoken'
- - 'keystone'
- - 'staticweb'
- - 'proxy-logging'
- - 'proxy-server'
- swift::proxy::account_autocreate: true
+ map_merge:
+ - get_attr: [SwiftBase, role_data, config_settings]
+
+ - swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
+ swift::proxy::authtoken::admin_tenant_name: 'service'
+ swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
+ swift::proxy::workers: {get_param: SwiftWorkers}
+ swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
+ swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
+ swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
+ swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
+ swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
+ swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
+ swift::keystone::auth::password: {get_param: SwiftPassword}
+ swift::keystone::auth::region: {get_param: KeystoneRegion}
+ tripleo.swift_proxy.firewall_rules:
+ '122 swift proxy':
+ dport:
+ - 8080
+ - 13808
+ swift::keystone::auth::tenant: 'service'
+ swift::keystone::auth::configure_s3_endpoint: false
+ swift::keystone::auth::operator_roles:
+ - admin
+ - swiftoperator
+ - ResellerAdmin
+ swift::proxy::keystone::operator_roles:
+ - admin
+ - swiftoperator
+ - ResellerAdmin
+ swift::proxy::pipeline:
+ - 'catch_errors'
+ - 'healthcheck'
+ - 'proxy-logging'
+ - 'cache'
+ - 'ratelimit'
+ - 'bulk'
+ - 'tempurl'
+ - 'formpost'
+ - 'authtoken'
+ - 'keystone'
+ - 'staticweb'
+ - 'proxy-logging'
+ - 'proxy-server'
+ swift::proxy::account_autocreate: true
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
step_config: |
include ::tripleo::profile::base::swift::proxy
diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml
index 664a701f..6c7c3c7a 100644
--- a/puppet/services/swift-storage.yaml
+++ b/puppet/services/swift-storage.yaml
@@ -45,34 +45,44 @@ parameter_groups:
parameters:
- ControllerEnableSwiftStorage
+resources:
+ SwiftBase:
+ type: ./swift-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Swift Proxy role.
value:
service_name: swift_storage
config_settings:
- # Swift
- swift::storage::all::mount_check: {get_param: SwiftMountCheck}
- tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage}
- tripleo.swift_storage.firewall_rules:
- '123 swift storage':
- dport:
- - 873
- - 6000
- - 6001
- - 6002
- swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
- swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
- swift::storage::all::object_pipeline:
- - healthcheck
- - recon
- - object-server
- swift::storage::all::container_pipeline:
- - healthcheck
- - container-server
- swift::storage::all::account_pipeline:
- - healthcheck
- - account-server
- swift::storage::disks: {get_param: SwiftRawDisks}
+ map_merge:
+ - get_attr: [SwiftBase, role_data, config_settings]
+ - swift::storage::all::mount_check: {get_param: SwiftMountCheck}
+ tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage}
+ tripleo.swift_storage.firewall_rules:
+ '123 swift storage':
+ dport:
+ - 873
+ - 6000
+ - 6001
+ - 6002
+ swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
+ swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
+ swift::storage::all::object_pipeline:
+ - healthcheck
+ - recon
+ - object-server
+ swift::storage::all::container_pipeline:
+ - healthcheck
+ - container-server
+ swift::storage::all::account_pipeline:
+ - healthcheck
+ - account-server
+ swift::storage::disks: {get_param: SwiftRawDisks}
+ swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
step_config: |
include ::tripleo::profile::base::swift::storage
diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml
index 306a4d6e..859fad2c 100644
--- a/puppet/swift-storage-post.yaml
+++ b/puppet/swift-storage-post.yaml
@@ -36,6 +36,7 @@ resources:
enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
inputs:
- name: step
outputs:
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index 1f3022b8..b933c542 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -7,11 +7,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- HashSuffix:
- description: A random string to be used as a salt when hashing to determine mappings
- in the ring.
- hidden: true
- type: string
SwiftStorageImage:
default: overcloud-full
type: string
@@ -21,14 +16,6 @@ parameters:
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
- SnmpdReadonlyUserName:
- default: ro_snmp_user
- description: The user name for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- SnmpdReadonlyUserPassword:
- description: The user password for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- hidden: true
UpdateIdentifier:
default: ''
type: string
@@ -266,10 +253,6 @@ resources:
mapped_data: {get_param: ExtraConfig}
object:
mapped_data: # data supplied directly to this deployment configuration, etc
- swift::swift_hash_path_suffix: { get_input: swift_hash_suffix }
- swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
- snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
- snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
@@ -281,12 +264,7 @@ resources:
server: {get_resource: SwiftStorage}
config: {get_resource: SwiftStorageHieraConfig}
input_values:
- local_ip: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
- snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
- snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
- swift_hash_suffix: {get_param: HashSuffix}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
# Resource for site-specific injection of root certificate
NodeTLSCAData: