diff options
-rw-r--r-- | cinder-storage.yaml | 7 | ||||
-rw-r--r-- | controller.yaml | 42 | ||||
-rw-r--r-- | overcloud-resource-registry-puppet.yaml | 16 | ||||
-rw-r--r-- | overcloud-without-mergepy.yaml | 1 | ||||
-rw-r--r-- | puppet/cinder-storage-puppet.yaml | 7 | ||||
-rw-r--r-- | puppet/controller-puppet.yaml | 72 | ||||
-rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 13 |
7 files changed, 111 insertions, 47 deletions
diff --git a/cinder-storage.yaml b/cinder-storage.yaml index 30eae1d9..aee67c9d 100644 --- a/cinder-storage.yaml +++ b/cinder-storage.yaml @@ -16,6 +16,11 @@ parameters: default: 5000 description: The size of the loopback file used by the cinder LVM driver. type: number + CinderPassword: + default: unset + description: The password for the cinder service and db account, used by cinder-api. + type: string + hidden: true VirtualIP: default: '' type: string @@ -146,7 +151,7 @@ resources: config: {get_resource: BlockStorageConfig} input_values: controller_virtual_ip: {get_param: VirtualIP} - cinder_dsn: {list_join: ['', ['mysql://cinder:unset@', {get_param: VirtualIP} , '/cinder']]} + cinder_dsn: {list_join: ['', ['mysql://cinder:', {get_param: CinderPassword}, '@', {get_param: VirtualIP} , '/cinder']]} snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} signal_transport: NO_SIGNAL diff --git a/controller.yaml b/controller.yaml index a2da3d39..403ef05a 100644 --- a/controller.yaml +++ b/controller.yaml @@ -11,7 +11,7 @@ parameters: hidden: true AdminToken: default: unset - description: The keystone auth secret. + description: The keystone auth secret and db password. type: string hidden: true CeilometerBackend: @@ -25,7 +25,7 @@ parameters: hidden: true CeilometerPassword: default: unset - description: The password for the ceilometer service account. + description: The password for the ceilometer service and db account. type: string hidden: true CinderEnableIscsiBackend: @@ -46,7 +46,7 @@ parameters: type: number CinderPassword: default: unset - description: The password for the cinder service account, used by cinder-api. + description: The password for the cinder service and db account, used by cinder-api. type: string hidden: true CloudName: @@ -137,7 +137,7 @@ parameters: default: '' GlancePassword: default: unset - description: The password for the glance service account, used by the glance services. + description: The password for the glance service and db account, used by the glance services. type: string hidden: true GlancePort: @@ -157,7 +157,7 @@ parameters: - allowed_values: ['swift', 'file', 'rbd'] HeatPassword: default: unset - description: The password for the Heat service account, used by the Heat services. + description: The password for the Heat service and db account, used by the Heat services. type: string hidden: true HeatStackDomainAdminPassword: @@ -286,7 +286,7 @@ parameters: type: string NeutronPassword: default: unset - description: The password for the neutron service account, used by neutron agents. + description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true NeutronPublicInterface: @@ -323,7 +323,7 @@ parameters: type: string NovaPassword: default: unset - description: The password for the nova service account, used by nova-api. + description: The password for the nova service and db account, used by nova-api. type: string hidden: true NtpServer: @@ -754,7 +754,9 @@ resources: cinder_dsn: list_join: - '' - - - 'mysql://cinder:unset@' + - - 'mysql://cinder:' + - {get_param: CinderPassword} + - '@' - {get_param: VirtualIP} - '/cinder' glance_port: {get_param: GlancePort} @@ -765,7 +767,9 @@ resources: glance_dsn: list_join: - '' - - - 'mysql://glance:unset@' + - - 'mysql://glance:' + - {get_param: GlancePassword} + - '@' - {get_param: VirtualIP} - '/glance' heat_password: {get_param: HeatPassword} @@ -774,7 +778,9 @@ resources: heat_dsn: list_join: - '' - - - 'mysql://heat:unset@' + - - 'mysql://heat:' + - {get_param: HeatPassword} + - '@' - {get_param: VirtualIP} - '/heat' keystone_ca_certificate: {get_param: KeystoneCACertificate} @@ -785,7 +791,9 @@ resources: keystone_dsn: list_join: - '' - - - 'mysql://keystone:unset@' + - - 'mysql://keystone:' + - {get_param: AdminToken} + - '@' - {get_param: VirtualIP} - '/keystone' mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} @@ -815,7 +823,9 @@ resources: neutron_dsn: list_join: - '' - - - 'mysql://neutron:unset@' + - - 'mysql://neutron:' + - {get_param: NeutronPassword} + - '@' - {get_param: VirtualIP} - '/ovs_neutron?charset=utf8' ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} @@ -823,7 +833,9 @@ resources: ceilometer_dsn: list_join: - '' - - - 'mysql://ceilometer:unset@' + - - 'mysql://ceilometer:' + - {get_param: CeilometerPassword} + - '@' - {get_param: VirtualIP} - '/ceilometer' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} @@ -832,7 +844,9 @@ resources: nova_dsn: list_join: - '' - - - 'mysql://nova:unset@' + - - 'mysql://nova:' + - {get_param: NovaPassword} + - '@' - {get_param: VirtualIP} - '/nova' rabbit_username: {get_param: RabbitUserName} diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml index b4c3b5a2..9fd64539 100644 --- a/overcloud-resource-registry-puppet.yaml +++ b/overcloud-resource-registry-puppet.yaml @@ -70,3 +70,19 @@ parameter_defaults: MongoDbNetwork: internal_api CinderApiNetwork: internal_api CinderIscsiNetwork: storage + GlanceApiNetwork: storage + GlanceRegistryNetwork: internal_api + KeystoneAdminApiNetwork: internal_api + KeystonePublicApiNetwork: external + NeutronApiNetwork: internal_api + HeatApiNetwork: internal_api + HeatApiCfnNetwork: internal_api + HeatApiCloudwatchNetwork: internal_api + NovaApiNetwork: internal_api + NovaMetadataNetwork: internal_api + SwiftMgmtNetwork: storage_mgmt + SwiftProxyNetwork: storage + HorizonNetwork: external + MemcachedNetwork: internal_api + RabbitMqNetwork: internal_api + RedisNetwork: internal_api diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml index b7ef0869..7c2c3a21 100644 --- a/overcloud-without-mergepy.yaml +++ b/overcloud-without-mergepy.yaml @@ -709,6 +709,7 @@ resources: CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize} # Purpose of the dedicated BlockStorage nodes should be to use their local LVM CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend} + CinderPassword: {get_param: CinderPassword} VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} KeyName: {get_param: KeyName} Flavor: {get_param: OvercloudBlockStorageFlavor} diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml index c69a0f3c..007a489c 100644 --- a/puppet/cinder-storage-puppet.yaml +++ b/puppet/cinder-storage-puppet.yaml @@ -16,6 +16,11 @@ parameters: default: 5000 description: The size of the loopback file used by the cinder LVM driver. type: number + CinderPassword: + default: unset + description: The password for the cinder service and db account, used by cinder-api. + type: string + hidden: true Debug: default: '' description: Set to True to enable debugging on all services. @@ -158,7 +163,7 @@ resources: config: {get_resource: BlockStorageConfig} input_values: debug: {get_param: Debug} - cinder_dsn: {list_join: ['', ['mysql://cinder:unset@', {get_param: VirtualIP} , '/cinder']]} + cinder_dsn: {list_join: ['', ['mysql://cinder:', {get_param: CinderPassword}, '@', {get_param: VirtualIP} , '/cinder']]} snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} cinder_lvm_loop_device_size: diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml index b012b4f4..c7cc4b66 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller-puppet.yaml @@ -11,7 +11,7 @@ parameters: hidden: true AdminToken: default: unset - description: The keystone auth secret. + description: The keystone auth secret and db password. type: string hidden: true CeilometerBackend: @@ -25,7 +25,7 @@ parameters: hidden: true CeilometerPassword: default: unset - description: The password for the ceilometer service account. + description: The password for the ceilometer service and db account. type: string hidden: true CinderEnableIscsiBackend: @@ -46,7 +46,7 @@ parameters: type: number CinderPassword: default: unset - description: The password for the cinder service account, used by cinder-api. + description: The password for the cinder service and db account, used by cinder-api. type: string hidden: true CloudName: @@ -137,7 +137,7 @@ parameters: default: '' GlancePassword: default: unset - description: The password for the glance service account, used by the glance services. + description: The password for the glance service and db account, used by the glance services. type: string hidden: true GlancePort: @@ -157,7 +157,7 @@ parameters: - allowed_values: ['swift', 'file', 'rbd'] HeatPassword: default: unset - description: The password for the Heat service account, used by the Heat services. + description: The password for the Heat service and db account, used by the Heat services. type: string hidden: true HeatStackDomainAdminPassword: @@ -290,7 +290,7 @@ parameters: type: string NeutronPassword: default: unset - description: The password for the neutron service account, used by neutron agents. + description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true NeutronPublicInterface: @@ -327,7 +327,7 @@ parameters: type: string NovaPassword: default: unset - description: The password for the nova service account, used by nova-api. + description: The password for the nova service and db account, used by nova-api. type: string hidden: true NtpServer: @@ -545,7 +545,9 @@ resources: cinder_dsn: list_join: - '' - - - 'mysql://cinder:unset@' + - - 'mysql://cinder:' + - {get_param: CinderPassword} + - '@' - {get_param: VirtualIP} - '/cinder' glance_port: {get_param: GlancePort} @@ -558,7 +560,9 @@ resources: glance_dsn: list_join: - '' - - - 'mysql://glance:unset@' + - - 'mysql://glance:' + - {get_param: GlancePassword} + - '@' - {get_param: VirtualIP} - '/glance' heat_password: {get_param: HeatPassword} @@ -566,7 +570,9 @@ resources: heat_dsn: list_join: - '' - - - 'mysql://heat:unset@' + - - 'mysql://heat:' + - {get_param: HeatPassword} + - '@' - {get_param: VirtualIP} - '/heat' keystone_ca_certificate: {get_param: KeystoneCACertificate} @@ -577,7 +583,9 @@ resources: keystone_dsn: list_join: - '' - - - 'mysql://keystone:unset@' + - - 'mysql://keystone:' + - {get_param: AdminToken} + - '@' - {get_param: VirtualIP} - '/keystone' keystone_identity_uri: @@ -622,7 +630,9 @@ resources: neutron_dsn: list_join: - '' - - - 'mysql://neutron:unset@' + - - 'mysql://neutron:' + - {get_param: NeutronPassword} + - '@' - {get_param: VirtualIP} - '/ovs_neutron?charset=utf8' neutron_url: @@ -652,7 +662,9 @@ resources: nova_dsn: list_join: - '' - - - 'mysql://nova:unset@' + - - 'mysql://nova:' + - {get_param: NovaPassword} + - '@' - {get_param: VirtualIP} - '/nova' pcsd_password: {get_param: PcsdPassword} @@ -712,10 +724,10 @@ resources: hacluster_pwd: {get_input: pcsd_password} # Swift - swift::proxy::proxy_local_net_ip: {get_input: controller_host} + swift::proxy::proxy_local_net_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri} swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri} - swift::storage::all::storage_local_net_ip: {get_input: controller_host} + swift::storage::all::storage_local_net_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} swift::swift_hash_suffix: {get_input: swift_hash_suffix} swift::proxy::authtoken::admin_password: {get_input: swift_password} tripleo::ringbuilder::part_power: {get_input: swift_part_power} @@ -746,10 +758,10 @@ resources: # Glance glance::api::bind_port: {get_input: glance_port} - glance::api::bind_host: {get_input: controller_host} + glance::api::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} glance::api::auth_uri: {get_input: keystone_auth_uri} glance::api::identity_uri: {get_input: keystone_identity_uri} - glance::api::registry_host: {get_input: controller_host} + glance::api::registry_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} glance::api::keystone_password: {get_input: glance_password} glance::api::debug: {get_input: debug} # used to construct glance_api_servers @@ -761,7 +773,7 @@ resources: glance::api::database_connection: {get_input: glance_dsn} glance::registry::keystone_password: {get_input: glance_password} glance::registry::database_connection: {get_input: glance_dsn} - glance::registry::bind_host: {get_input: controller_host} + glance::registry::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} glance::registry::auth_uri: {get_input: keystone_auth_uri} glance::registry::identity_uri: {get_input: keystone_identity_uri} glance::registry::debug: {get_input: debug} @@ -783,9 +795,9 @@ resources: heat::auth_uri: {get_input: keystone_auth_uri} heat::identity_uri: {get_input: keystone_identity_uri} heat::keystone_password: {get_input: heat_password} - heat::api::bind_host: {get_input: controller_host} - heat::api_cloudwatch::bind_host: {get_input: controller_host} - heat::api_cfn::bind_host: {get_input: controller_host} + heat::api::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} + heat::api_cloudwatch::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiCloudwatchNetwork]}]} + heat::api_cfn::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiCfnNetwork]}]} heat::database_connection: {get_input: heat_dsn} heat::instance_user: heat-admin heat::debug: {get_input: debug} @@ -798,8 +810,8 @@ resources: keystone_ssl_certificate: {get_input: keystone_ssl_certificate} keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key} keystone::database_connection: {get_input: keystone_dsn} - keystone::public_bind_host: {get_input: controller_host} - keystone::admin_bind_host: {get_input: controller_host} + keystone::public_bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} + keystone::admin_bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} keystone::debug: {get_input: debug} # MongoDB mongodb::server::bind_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} @@ -813,7 +825,7 @@ resources: mysql_cluster_name: {get_input: mysql_cluster_name} # Neutron - neutron::bind_host: {get_input: controller_host} + neutron::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} neutron::rabbit_password: {get_input: rabbit_password} neutron::rabbit_user: {get_input: rabbit_user} neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} @@ -870,8 +882,8 @@ resources: nova::debug: {get_input: debug} nova::api::auth_uri: {get_input: keystone_auth_uri} nova::api::identity_uri: {get_input: keystone_identity_uri} - nova::api::api_bind_address: {get_input: controller_host} - nova::api::metadata_listen: {get_input: controller_host} + nova::api::api_bind_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} + nova::api::metadata_listen: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} nova::api::admin_password: {get_input: nova_password} nova::database_connection: {get_input: nova_dsn} nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} @@ -882,16 +894,16 @@ resources: # Horizon horizon::django_debug: {get_input: debug} horizon::secret_key: {get_input: horizon_secret} - horizon::bind_address: {get_input: controller_host} + horizon::bind_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} horizon::keystone_url: {get_input: keystone_auth_uri} # Rabbit - rabbitmq::node_ip_address: {get_input: controller_host} + rabbitmq::node_ip_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} # Redis - redis::bind: {get_input: controller_host} + redis::bind: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} # Misc - memcached::listen_ip: {get_input: controller_host} + memcached::listen_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} neutron_public_interface_ip: {get_input: neutron_public_interface_ip} ntp::servers: {get_input: ntp_servers} control_virtual_interface: {get_input: control_virtual_interface} diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index ef102272..191cc792 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -202,7 +202,8 @@ if hiera('step') >= 2 { pacemaker::resource::ocf { 'galera' : ocf_agent_name => 'heartbeat:galera', - op_params => 'promote timeout=300s on-fail=block --master', + op_params => 'promote timeout=300s on-fail=block', + master_params => '', meta_params => "master-max=${galera_nodes_count} ordered=true", resource_params => "additional_parameters='--open-files-limit=16384' enable_creation=true wsrep_cluster_address='gcomm://${galera_nodes}'", require => Class['::mysql::server'], @@ -752,11 +753,21 @@ if hiera('step') >= 4 { # Glance pacemaker::resource::service { $::glance::params::registry_service_name : clone_params => "interleave=true", + require => Pacemaker::Resource::Service[$::keystone::params::service_name], } pacemaker::resource::service { $::glance::params::api_service_name : clone_params => "interleave=true", } + pacemaker::constraint::base { 'keystone-then-glance-registry-constraint': + constraint_type => 'order', + first_resource => "${::keystone::params::service_name}-clone", + second_resource => "${::glance::params::registry_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], + Pacemaker::Resource::Service[$::keystone::params::service_name]], + } pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint': constraint_type => "order", first_resource => "${::glance::params::registry_service_name}-clone", |