diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | Makefile | 9 | ||||
| -rw-r--r-- | nagios3.yaml | 235 | ||||
| -rw-r--r-- | overcloud-source.yaml | 34 | ||||
| -rw-r--r-- | ssl-source.yaml | 3 | ||||
| -rw-r--r-- | swift-storage-source.yaml | 21 | ||||
| -rw-r--r-- | tuskar-source.yaml | 21 | ||||
| -rw-r--r-- | undercloud-source.yaml | 50 |
8 files changed, 236 insertions, 138 deletions
@@ -4,7 +4,6 @@ overcloud-with-block-storage.yaml overcloud-with-block-storage-nfs.yaml undercloud-bm.yaml undercloud-vm.yaml -undercloud-vm-tuskar.yaml undercloud-vm-ironic.yaml *.py[cod] @@ -3,7 +3,6 @@ generated_templates = \ overcloud-with-block-storage-nfs.yaml \ undercloud-vm.yaml \ undercloud-bm.yaml \ - undercloud-vm-tuskar.yaml \ undercloud-vm-ironic.yaml # Files included in overcloud-source.yaml via FileInclude @@ -12,13 +11,13 @@ overcloud_source_deps = nova-compute-instance.yaml all: $(generated_templates) overcloud.yaml: overcloud-source.yaml block-storage.yaml swift-deploy.yaml swift-source.yaml swift-storage-source.yaml ssl-source.yaml nova-compute-config.yaml $(overcloud_source_deps) - python ./tripleo_heat_merge/merge.py --scale NovaCompute=$${COMPUTESCALE:-'1'} --scale SwiftStorage=$${SWIFTSTORAGESCALE='0'} --scale BlockStorage=$${BLOCKSTORAGESCALE='0'} overcloud-source.yaml block-storage.yaml swift-source.yaml swift-storage-source.yaml ssl-source.yaml swift-deploy.yaml nova-compute-config.yaml > $@.tmp + python ./tripleo_heat_merge/merge.py --scale NovaCompute=$${COMPUTESCALE:-'1'} --scale controller=$${CONTROLSCALE:-'1'} --scale SwiftStorage=$${SWIFTSTORAGESCALE='0'} --scale BlockStorage=$${BLOCKSTORAGESCALE='0'} overcloud-source.yaml block-storage.yaml swift-source.yaml swift-storage-source.yaml ssl-source.yaml swift-deploy.yaml nova-compute-config.yaml > $@.tmp mv $@.tmp $@ overcloud-with-block-storage-nfs.yaml: overcloud-source.yaml block-storage-nfs.yaml nfs-server-source.yaml swift-source.yaml swift-storage-source.yaml ssl-source.yaml $(overcloud_source_deps) # $^ won't work here because we want to list nova-compute-instance.yaml as # a prerequisite but don't want to pass it into merge.py - python ./tripleo_heat_merge/merge.py --scale NovaCompute=$${COMPUTESCALE:-'1'} --scale SwiftStorage=$${SWIFTSTORAGESCALE='0'} --scale BlockStorage=$${BLOCKSTORAGESCALE:-'1'} overcloud-source.yaml block-storage-nfs.yaml nfs-server-source.yaml swift-source.yaml swift-storage-source.yaml ssl-source.yaml > $@.tmp + python ./tripleo_heat_merge/merge.py --scale NovaCompute=$${COMPUTESCALE:-'1'} --scale controller=$${CONTROLSCALE:-'1'} --scale SwiftStorage=$${SWIFTSTORAGESCALE='0'} --scale BlockStorage=$${BLOCKSTORAGESCALE:-'1'} overcloud-source.yaml block-storage-nfs.yaml nfs-server-source.yaml swift-source.yaml swift-storage-source.yaml ssl-source.yaml > $@.tmp mv $@.tmp $@ undercloud-vm.yaml: undercloud-source.yaml undercloud-vm-nova-config.yaml undercloud-vm-nova-deploy.yaml @@ -29,10 +28,6 @@ undercloud-bm.yaml: undercloud-source.yaml undercloud-bm-nova-config.yaml underc python ./tripleo_heat_merge/merge.py $^ > $@.tmp mv $@.tmp $@ -undercloud-vm-tuskar.yaml: undercloud-source.yaml undercloud-vm-source.yaml tuskar-source.yaml - python ./tripleo_heat_merge/merge.py $^ > $@.tmp - mv $@.tmp $@ - undercloud-vm-ironic.yaml: undercloud-source.yaml undercloud-vm-ironic-config.yaml undercloud-vm-ironic-deploy.yaml python ./tripleo_heat_merge/merge.py $^ > $@.tmp mv $@.tmp $@ diff --git a/nagios3.yaml b/nagios3.yaml index e60eb559..1e0a4615 100644 --- a/nagios3.yaml +++ b/nagios3.yaml @@ -1,103 +1,132 @@ -HeatTemplateFormatVersion: '2012-12-12' -Description: 'Nagios3' -Parameters: - KeyName: - Description: Name of an existing EC2 KeyPair to enable SSH access to the instance - Type: String - Default: default - AdmWebPasswd: - Description: Password for nagiosadmin web admin user. - Type: String - Default: nagiosadmin - NoEcho: true - NovaHostIp: - Description: nova ip. - Type: String - Default: 192.0.2.1 - NovaOsPassword: - Description: nova OS_PASSWORD. - Type: String - Default: unset - NoEcho: true - NovaOsUsername: - Description: nova OS_USERNAME. - Type: String - Default: admin - NovaOsTenantName: - Description: nova OS_TENANT_NAME. - Type: String - Default: admin - Nagios3ImageId: - Description: Nagios image. - Type: String - Default: nagios3 - InstanceType: - Description: Use this flavor. - Type: String - Default: baremetal - InitialIpSplitKey: - Description: Network name from nova list to get initial ip list from. - Type: String - Default: ctlplane - Apache2SnakeoilPem: - Description: Snakeoil PEM file. - Type: String - NoEcho: true - Default: | - ----- BEGIN PlaceHolder... - Apache2SnakeoilKey: - Description: Snakeoil Key file. - Type: String - NoEcho: true - Default: | - ----- BEGIN PlaceHolder... - PostfixMailHostname: - Description: Hostname for postfix.. - Type: String - Default: nagios3-nagios3 - PostfixMailDomain: - Description: Top level domain for postfix. - Type: String - Default: novalocal - PostfixDelayWarningTime: - Description: Amount of time to Delay warnnings. - Type: String - Default: 4h -Resources: - nagios3: - Metadata: - OpenStack::ImageBuilder::Elements: [ nagios3 ] - apache2: - snakeoil_pem: - Ref: Apache2SnakeoilPem - snakeoil_key: - Ref: Apache2SnakeoilKey - nagios3: - adm_web_passwd: - Ref: AdmWebPasswd - nova_host_ip: - Ref: NovaHostIp - nova_os_password: - Ref: NovaOsPassword - nova_os_username: - Ref: NovaOsUsername - nova_os_tenant_name: - Ref: NovaOsTenantName - initial_network_split_key: - Ref: InitialIpSplitKey - postfix: - mailhostname: - Ref: PostfixMailHostname - maildomain: - Ref: PostfixMailDomain - delay_warning_time: - Ref: PostfixDelayWarningTime - Type: AWS::EC2::Instance - Properties: - KeyName: - Ref: KeyName - ImageId: - Ref: Nagios3ImageId - InstanceType: {Ref: InstanceType} -Outputs: - Nagios3Host: {'Fn::Select': [ 0, {'Fn::Select': [ 'ctlplane', 'Fn::GetAtt': [ 'nagios3' , 'networks' ] ]} ]} +# Copyright 2014 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +heat_template_version: 2013-05-23 +description: Deploy Nagios +parameters: + adm_web_passwd: + type: string + description: Password for initial admin user + hidden: true + nova_os_auth_url: + type: string + default: '' + description: URL for Keystone to access Nova. + nova_os_password: + type: string + hidden: true + description: password to present to nova_host_ip. + default: '' + nova_os_username: + type: string + description: username to present to nova_host_ip. + default: '' + nova_os_tenant_name: + type: string + description: tenant name to present to nova_host_ip. + default: '' + monitor_networks: + type: json + description: Neutron networks to monitor. + default: [] + image: + type: string + description: Image for Nagios. + default: nagios + server_network: + type: string + description: Network id for server. + default: default-net + external_network: + type: string + description: Network to attach floating ips to. + default: ext-net + flavor: + type: string + description: What flavor to use for the nagios server. + default: m1.small + key_name: + type: string + description: What Nova SSH key to use for the nagios server. + default: default +resources: + nagios_config: + type: OS::Heat::StructuredConfig + properties: + config: + nagios3: + adm_web_passwd: { get_input: adm_web_passwd } + os_auth_url: { get_input: nova_os_auth_url } + os_password: { get_input: nova_os_password } + os_username: { get_input: nova_os_username } + os_tenant_name: { get_input: nova_os_tenant_name } + monitor_networks: { get_input: monitor_networks } + completion-signal: { get_input: deploy_signal_id } + nagios_security_group: + type: OS::Neutron::SecurityGroup + properties: + name: monitoring + rules: + - direction: ingress + port_range_max: 22 + port_range_min: 22 + protocol: tcp + - direction: ingress + port_range_max: 80 + port_range_min: 80 + protocol: tcp + - direction: ingress + protocol: icmp + - direction: egress + protocol: tcp + - direction: egress + protocol: udp + - direction: egress + protocol: icmp + nagios_net_port: + type: OS::Neutron::Port + properties: + network_id: { get_param: server_network } + security_groups: [ { get_resource: nagios_security_group } ] + nagios_server: + type: OS::Nova::Server + properties: + flavor: { get_param: flavor } + image: { get_param: image } + key_name: { get_param: key_name } + user_data_format: SOFTWARE_CONFIG + networks: + - network: { get_param: server_network } + port: { get_resource: nagios_net_port } + nagios_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network_id: { get_param: external_network } + port_id: { get_resource: nagios_net_port } + nagios_deploy: + type: OS::Heat::StructuredDeployment + properties: + server: { get_resource: nagios_server } + config: { get_resource: nagios_config } + input_values: + adm_web_passwd: { get_param: adm_web_passwd } + nova_os_auth_url: { get_param: nova_os_auth_url } + nova_os_password: { get_param: nova_os_password } + nova_os_username: { get_param: nova_os_username } + nova_os_tenant_name: { get_param: nova_os_tenant_name } + monitor_networks: { get_param: monitor_networks } +outputs: + nagios_address: + description: Address of Nagios admin interface. + value: { get_attr: [ nagios_floating_ip, floating_ip_address ] } diff --git a/overcloud-source.yaml b/overcloud-source.yaml index e3a440f9..7ecb92ce 100644 --- a/overcloud-source.yaml +++ b/overcloud-source.yaml @@ -244,6 +244,26 @@ Parameters: Default: [] Description: Should be used for arbitrary ips. Type: Json + KeystoneCACertificate: + Default: '' + Description: Keystone self-signed certificate authority certificate. + Type: String + NoEcho: true + KeystoneCAKey: + Default: '' + Description: Keystone certificate authority key. + Type: String + NoEcho: true + KeystoneSigningCertificate: + Default: '' + Description: Keystone certificate for verifying token validity. + Type: String + NoEcho: true + KeystoneSigningKey: + Default: '' + Description: Keystone key for signing tokens. + Type: String + NoEcho: true Resources: ControlVirtualIP: Type: OS::Neutron::Port @@ -389,6 +409,8 @@ Resources: get_input: controller_host db-password: unset glance: + registry: + host: {get_input: controller_virtual_ip} backend: swift db: mysql://glance:unset@localhost/glance host: @@ -418,12 +440,15 @@ Resources: db: mysql://keystone:unset@localhost/keystone host: get_input: controller_host + ca_key: {Ref: KeystoneCAKey} + ca_certificate: {Ref: KeystoneCACertificate} + signing_key: {Ref: KeystoneSigningKey} + signing_certificate: {Ref: KeystoneSigningCertificate} mysql: innodb_buffer_pool_size: {Ref: MysqlInnodbBufferPoolSize} neutron: flat-networks: {Ref: NeutronFlatNetworks} - host: - get_input: controller_host + host: {get_input: controller_virtual_ip} metadata_proxy_shared_secret: unset ovs: enable_tunneling: 'True' @@ -459,8 +484,7 @@ Resources: db: mysql://nova:unset@localhost/nova default_floating_pool: ext-net - host: - get_input: controller_host + host: {get_input: controller_virtual_ip} metadata-proxy: true service-password: Ref: NovaPassword @@ -598,6 +622,8 @@ Resources: - show - 'novalocal' - {Ref: CloudName} + controller_virtual_ip: + {'Fn::Select': [ip_address, 'Fn::Select': [0, 'Fn::GetAtt': [ControlVirtualIP, fixed_ips]]]} controller0SSLDeployment: Type: OS::Heat::StructuredDeployment Properties: diff --git a/ssl-source.yaml b/ssl-source.yaml index 1d6ac246..38d6d7ec 100644 --- a/ssl-source.yaml +++ b/ssl-source.yaml @@ -49,3 +49,6 @@ Resources: - name: 'cinder' accept: 13776 connect: 8776 + - name: 'ceilometer' + accept: 13777 + connect: 8777 diff --git a/swift-storage-source.yaml b/swift-storage-source.yaml index f20b2752..d9df5728 100644 --- a/swift-storage-source.yaml +++ b/swift-storage-source.yaml @@ -18,17 +18,34 @@ Resources: SwiftStorage0: Type: OS::Nova::Server Properties: - image: - {Ref: SwiftStorageImage} + image: {Ref: SwiftStorageImage} flavor: {Ref: OvercloudSwiftStorageFlavor} key_name: {Ref: KeyName} + user_data_format: SOFTWARE_CONFIG + SwiftKeystoneConfig: + Type: OS::Heat::StructuredConfig + Properties: + config: + keystone: + host: {get_input: keystone_host} + SwiftStorage0Keystone: + Type: OS::Heat::StructuredDeployment + Properties: + server: {Ref: SwiftStorage0} + config: {Ref: SwiftKeystoneConfig} + signal_transport: NO_SIGNAL + input_values: + keystone_host: {"Fn::Select": [ 0, {"Fn::Select": [ "ctlplane", {"Fn::GetAtt": [controller0, networks]} ]} ] } SwiftStorage0Deploy: Type: OS::Heat::StructuredDeployment Properties: server: {Ref: SwiftStorage0} config: {Ref: SwiftConfig} + signal_transport: NO_SIGNAL input_values: neutron_local_ip: {"Fn::Select": [ 0, {"Fn::Select": [ "ctlplane", {"Fn::GetAtt": [SwiftStorage0, networks]} ]} ] } + swift_hash_suffix: {Ref: SwiftHashSuffix} + swift_password: {Ref: SwiftPassword} swift_devices: Fn::Join: - ', ' diff --git a/tuskar-source.yaml b/tuskar-source.yaml deleted file mode 100644 index 6f84292d..00000000 --- a/tuskar-source.yaml +++ /dev/null @@ -1,21 +0,0 @@ -Parameters: - # NOTE(rpodolyaka): limitation of tuskar-api, see https://bugs.launchpad.net/tuskar/+bug/1235236 - OvercloudAdminPassword: - Default: unset - Description: The password of admin user of the overcloud (required by some services in the under cloud) - Type: String - OvercloudKeystoneHost: - Description: The Overcloud Host running Keystone - Type: String -Resources: - undercloudTuskarVm: - Type: AWS::AutoScaling::LaunchConfiguration - Metadata: - OpenStack::Role: undercloudConfig - tuskar: - db: mysql://tuskar:unset@localhost/tuskar?charset=utf8 - user: admin - tenant_name: admin - password: {Ref: AdminPassword} - overcloud-admin-password: {Ref: OvercloudAdminPassword} - overcloud-keystone-host: {Ref: OvercloudKeystoneHost} diff --git a/undercloud-source.yaml b/undercloud-source.yaml index 22bb23e8..ee8cf0b1 100644 --- a/undercloud-source.yaml +++ b/undercloud-source.yaml @@ -38,6 +38,44 @@ Parameters: Description: The user password for SNMPd with readonly rights running on all Overcloud nodes Type: String NoEcho: true + ExtraConfig: + Default: {} + Description: | + Additional configuration to inject into the cluster. The JSON should have + the following structure: + {"FILEKEY": + {"config: + [{"section": "SECTIONNAME", + "values": + [{"option": "OPTIONNAME", + "value": "VALUENAME" + } + ] + } + ] + } + } + For instance: + {"nova": + {"config": + [{"section": "default", + "values": + [{"option": "compute_manager", + "value": "ironic.nova.compute.manager.ClusterComputeManager" + } + ] + }, + {"section": "cells", + "values": + [{"option": "driver", + "value": "nova.cells.rpc_driver.CellsRPCDriver" + } + ] + } + ] + } + } + Type: Json Flavor: Default: baremetal Description: Flavor to request when deploying. @@ -224,6 +262,10 @@ Resources: ntp: servers: - {server: {Ref: NtpServer}, fudge: "stratum 0"} + undercloudPassthroughConfig: + Type: OS::Heat::StructuredConfig + Properties: + config: {get_input: passthrough_config} undercloud: Type: OS::Nova::Server Properties: @@ -274,3 +316,11 @@ Resources: - - 'http://' - {"Fn::Select": [ 0, "Fn::Select": [ ctlplane, { "Fn::GetAtt": [ undercloud, networks ]}]]} - ':8000/v1/waitcondition' + 00_undercloudPassthroughDeployment: + Type: OS::Heat::StructuredDeployment + Properties: + config: {Ref: undercloudPassthroughConfig} + server: {Ref: undercloud} + signal_transport: NO_SIGNAL + input_values: + passthrough_config: {Ref: ExtraConfig} |