aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--cinder-storage.yaml7
-rw-r--r--controller.yaml42
-rw-r--r--overcloud-resource-registry-puppet.yaml16
-rw-r--r--overcloud-without-mergepy.yaml1
-rw-r--r--puppet/cinder-storage-puppet.yaml7
-rw-r--r--puppet/controller-puppet.yaml72
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp13
7 files changed, 111 insertions, 47 deletions
diff --git a/cinder-storage.yaml b/cinder-storage.yaml
index 30eae1d9..aee67c9d 100644
--- a/cinder-storage.yaml
+++ b/cinder-storage.yaml
@@ -16,6 +16,11 @@ parameters:
default: 5000
description: The size of the loopback file used by the cinder LVM driver.
type: number
+ CinderPassword:
+ default: unset
+ description: The password for the cinder service and db account, used by cinder-api.
+ type: string
+ hidden: true
VirtualIP:
default: ''
type: string
@@ -146,7 +151,7 @@ resources:
config: {get_resource: BlockStorageConfig}
input_values:
controller_virtual_ip: {get_param: VirtualIP}
- cinder_dsn: {list_join: ['', ['mysql://cinder:unset@', {get_param: VirtualIP} , '/cinder']]}
+ cinder_dsn: {list_join: ['', ['mysql://cinder:', {get_param: CinderPassword}, '@', {get_param: VirtualIP} , '/cinder']]}
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
signal_transport: NO_SIGNAL
diff --git a/controller.yaml b/controller.yaml
index a2da3d39..403ef05a 100644
--- a/controller.yaml
+++ b/controller.yaml
@@ -11,7 +11,7 @@ parameters:
hidden: true
AdminToken:
default: unset
- description: The keystone auth secret.
+ description: The keystone auth secret and db password.
type: string
hidden: true
CeilometerBackend:
@@ -25,7 +25,7 @@ parameters:
hidden: true
CeilometerPassword:
default: unset
- description: The password for the ceilometer service account.
+ description: The password for the ceilometer service and db account.
type: string
hidden: true
CinderEnableIscsiBackend:
@@ -46,7 +46,7 @@ parameters:
type: number
CinderPassword:
default: unset
- description: The password for the cinder service account, used by cinder-api.
+ description: The password for the cinder service and db account, used by cinder-api.
type: string
hidden: true
CloudName:
@@ -137,7 +137,7 @@ parameters:
default: ''
GlancePassword:
default: unset
- description: The password for the glance service account, used by the glance services.
+ description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
GlancePort:
@@ -157,7 +157,7 @@ parameters:
- allowed_values: ['swift', 'file', 'rbd']
HeatPassword:
default: unset
- description: The password for the Heat service account, used by the Heat services.
+ description: The password for the Heat service and db account, used by the Heat services.
type: string
hidden: true
HeatStackDomainAdminPassword:
@@ -286,7 +286,7 @@ parameters:
type: string
NeutronPassword:
default: unset
- description: The password for the neutron service account, used by neutron agents.
+ description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
NeutronPublicInterface:
@@ -323,7 +323,7 @@ parameters:
type: string
NovaPassword:
default: unset
- description: The password for the nova service account, used by nova-api.
+ description: The password for the nova service and db account, used by nova-api.
type: string
hidden: true
NtpServer:
@@ -754,7 +754,9 @@ resources:
cinder_dsn:
list_join:
- ''
- - - 'mysql://cinder:unset@'
+ - - 'mysql://cinder:'
+ - {get_param: CinderPassword}
+ - '@'
- {get_param: VirtualIP}
- '/cinder'
glance_port: {get_param: GlancePort}
@@ -765,7 +767,9 @@ resources:
glance_dsn:
list_join:
- ''
- - - 'mysql://glance:unset@'
+ - - 'mysql://glance:'
+ - {get_param: GlancePassword}
+ - '@'
- {get_param: VirtualIP}
- '/glance'
heat_password: {get_param: HeatPassword}
@@ -774,7 +778,9 @@ resources:
heat_dsn:
list_join:
- ''
- - - 'mysql://heat:unset@'
+ - - 'mysql://heat:'
+ - {get_param: HeatPassword}
+ - '@'
- {get_param: VirtualIP}
- '/heat'
keystone_ca_certificate: {get_param: KeystoneCACertificate}
@@ -785,7 +791,9 @@ resources:
keystone_dsn:
list_join:
- ''
- - - 'mysql://keystone:unset@'
+ - - 'mysql://keystone:'
+ - {get_param: AdminToken}
+ - '@'
- {get_param: VirtualIP}
- '/keystone'
mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
@@ -815,7 +823,9 @@ resources:
neutron_dsn:
list_join:
- ''
- - - 'mysql://neutron:unset@'
+ - - 'mysql://neutron:'
+ - {get_param: NeutronPassword}
+ - '@'
- {get_param: VirtualIP}
- '/ovs_neutron?charset=utf8'
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
@@ -823,7 +833,9 @@ resources:
ceilometer_dsn:
list_join:
- ''
- - - 'mysql://ceilometer:unset@'
+ - - 'mysql://ceilometer:'
+ - {get_param: CeilometerPassword}
+ - '@'
- {get_param: VirtualIP}
- '/ceilometer'
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
@@ -832,7 +844,9 @@ resources:
nova_dsn:
list_join:
- ''
- - - 'mysql://nova:unset@'
+ - - 'mysql://nova:'
+ - {get_param: NovaPassword}
+ - '@'
- {get_param: VirtualIP}
- '/nova'
rabbit_username: {get_param: RabbitUserName}
diff --git a/overcloud-resource-registry-puppet.yaml b/overcloud-resource-registry-puppet.yaml
index b4c3b5a2..9fd64539 100644
--- a/overcloud-resource-registry-puppet.yaml
+++ b/overcloud-resource-registry-puppet.yaml
@@ -70,3 +70,19 @@ parameter_defaults:
MongoDbNetwork: internal_api
CinderApiNetwork: internal_api
CinderIscsiNetwork: storage
+ GlanceApiNetwork: storage
+ GlanceRegistryNetwork: internal_api
+ KeystoneAdminApiNetwork: internal_api
+ KeystonePublicApiNetwork: external
+ NeutronApiNetwork: internal_api
+ HeatApiNetwork: internal_api
+ HeatApiCfnNetwork: internal_api
+ HeatApiCloudwatchNetwork: internal_api
+ NovaApiNetwork: internal_api
+ NovaMetadataNetwork: internal_api
+ SwiftMgmtNetwork: storage_mgmt
+ SwiftProxyNetwork: storage
+ HorizonNetwork: external
+ MemcachedNetwork: internal_api
+ RabbitMqNetwork: internal_api
+ RedisNetwork: internal_api
diff --git a/overcloud-without-mergepy.yaml b/overcloud-without-mergepy.yaml
index b7ef0869..7c2c3a21 100644
--- a/overcloud-without-mergepy.yaml
+++ b/overcloud-without-mergepy.yaml
@@ -709,6 +709,7 @@ resources:
CinderLVMLoopDeviceSize: {get_param: CinderLVMLoopDeviceSize}
# Purpose of the dedicated BlockStorage nodes should be to use their local LVM
CinderEnableIscsiBackend: {get_param: CinderEnableIscsiBackend}
+ CinderPassword: {get_param: CinderPassword}
VirtualIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
KeyName: {get_param: KeyName}
Flavor: {get_param: OvercloudBlockStorageFlavor}
diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml
index c69a0f3c..007a489c 100644
--- a/puppet/cinder-storage-puppet.yaml
+++ b/puppet/cinder-storage-puppet.yaml
@@ -16,6 +16,11 @@ parameters:
default: 5000
description: The size of the loopback file used by the cinder LVM driver.
type: number
+ CinderPassword:
+ default: unset
+ description: The password for the cinder service and db account, used by cinder-api.
+ type: string
+ hidden: true
Debug:
default: ''
description: Set to True to enable debugging on all services.
@@ -158,7 +163,7 @@ resources:
config: {get_resource: BlockStorageConfig}
input_values:
debug: {get_param: Debug}
- cinder_dsn: {list_join: ['', ['mysql://cinder:unset@', {get_param: VirtualIP} , '/cinder']]}
+ cinder_dsn: {list_join: ['', ['mysql://cinder:', {get_param: CinderPassword}, '@', {get_param: VirtualIP} , '/cinder']]}
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
cinder_lvm_loop_device_size:
diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml
index b012b4f4..c7cc4b66 100644
--- a/puppet/controller-puppet.yaml
+++ b/puppet/controller-puppet.yaml
@@ -11,7 +11,7 @@ parameters:
hidden: true
AdminToken:
default: unset
- description: The keystone auth secret.
+ description: The keystone auth secret and db password.
type: string
hidden: true
CeilometerBackend:
@@ -25,7 +25,7 @@ parameters:
hidden: true
CeilometerPassword:
default: unset
- description: The password for the ceilometer service account.
+ description: The password for the ceilometer service and db account.
type: string
hidden: true
CinderEnableIscsiBackend:
@@ -46,7 +46,7 @@ parameters:
type: number
CinderPassword:
default: unset
- description: The password for the cinder service account, used by cinder-api.
+ description: The password for the cinder service and db account, used by cinder-api.
type: string
hidden: true
CloudName:
@@ -137,7 +137,7 @@ parameters:
default: ''
GlancePassword:
default: unset
- description: The password for the glance service account, used by the glance services.
+ description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
GlancePort:
@@ -157,7 +157,7 @@ parameters:
- allowed_values: ['swift', 'file', 'rbd']
HeatPassword:
default: unset
- description: The password for the Heat service account, used by the Heat services.
+ description: The password for the Heat service and db account, used by the Heat services.
type: string
hidden: true
HeatStackDomainAdminPassword:
@@ -290,7 +290,7 @@ parameters:
type: string
NeutronPassword:
default: unset
- description: The password for the neutron service account, used by neutron agents.
+ description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
NeutronPublicInterface:
@@ -327,7 +327,7 @@ parameters:
type: string
NovaPassword:
default: unset
- description: The password for the nova service account, used by nova-api.
+ description: The password for the nova service and db account, used by nova-api.
type: string
hidden: true
NtpServer:
@@ -545,7 +545,9 @@ resources:
cinder_dsn:
list_join:
- ''
- - - 'mysql://cinder:unset@'
+ - - 'mysql://cinder:'
+ - {get_param: CinderPassword}
+ - '@'
- {get_param: VirtualIP}
- '/cinder'
glance_port: {get_param: GlancePort}
@@ -558,7 +560,9 @@ resources:
glance_dsn:
list_join:
- ''
- - - 'mysql://glance:unset@'
+ - - 'mysql://glance:'
+ - {get_param: GlancePassword}
+ - '@'
- {get_param: VirtualIP}
- '/glance'
heat_password: {get_param: HeatPassword}
@@ -566,7 +570,9 @@ resources:
heat_dsn:
list_join:
- ''
- - - 'mysql://heat:unset@'
+ - - 'mysql://heat:'
+ - {get_param: HeatPassword}
+ - '@'
- {get_param: VirtualIP}
- '/heat'
keystone_ca_certificate: {get_param: KeystoneCACertificate}
@@ -577,7 +583,9 @@ resources:
keystone_dsn:
list_join:
- ''
- - - 'mysql://keystone:unset@'
+ - - 'mysql://keystone:'
+ - {get_param: AdminToken}
+ - '@'
- {get_param: VirtualIP}
- '/keystone'
keystone_identity_uri:
@@ -622,7 +630,9 @@ resources:
neutron_dsn:
list_join:
- ''
- - - 'mysql://neutron:unset@'
+ - - 'mysql://neutron:'
+ - {get_param: NeutronPassword}
+ - '@'
- {get_param: VirtualIP}
- '/ovs_neutron?charset=utf8'
neutron_url:
@@ -652,7 +662,9 @@ resources:
nova_dsn:
list_join:
- ''
- - - 'mysql://nova:unset@'
+ - - 'mysql://nova:'
+ - {get_param: NovaPassword}
+ - '@'
- {get_param: VirtualIP}
- '/nova'
pcsd_password: {get_param: PcsdPassword}
@@ -712,10 +724,10 @@ resources:
hacluster_pwd: {get_input: pcsd_password}
# Swift
- swift::proxy::proxy_local_net_ip: {get_input: controller_host}
+ swift::proxy::proxy_local_net_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
- swift::storage::all::storage_local_net_ip: {get_input: controller_host}
+ swift::storage::all::storage_local_net_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
swift::swift_hash_suffix: {get_input: swift_hash_suffix}
swift::proxy::authtoken::admin_password: {get_input: swift_password}
tripleo::ringbuilder::part_power: {get_input: swift_part_power}
@@ -746,10 +758,10 @@ resources:
# Glance
glance::api::bind_port: {get_input: glance_port}
- glance::api::bind_host: {get_input: controller_host}
+ glance::api::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
glance::api::auth_uri: {get_input: keystone_auth_uri}
glance::api::identity_uri: {get_input: keystone_identity_uri}
- glance::api::registry_host: {get_input: controller_host}
+ glance::api::registry_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
glance::api::keystone_password: {get_input: glance_password}
glance::api::debug: {get_input: debug}
# used to construct glance_api_servers
@@ -761,7 +773,7 @@ resources:
glance::api::database_connection: {get_input: glance_dsn}
glance::registry::keystone_password: {get_input: glance_password}
glance::registry::database_connection: {get_input: glance_dsn}
- glance::registry::bind_host: {get_input: controller_host}
+ glance::registry::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
glance::registry::auth_uri: {get_input: keystone_auth_uri}
glance::registry::identity_uri: {get_input: keystone_identity_uri}
glance::registry::debug: {get_input: debug}
@@ -783,9 +795,9 @@ resources:
heat::auth_uri: {get_input: keystone_auth_uri}
heat::identity_uri: {get_input: keystone_identity_uri}
heat::keystone_password: {get_input: heat_password}
- heat::api::bind_host: {get_input: controller_host}
- heat::api_cloudwatch::bind_host: {get_input: controller_host}
- heat::api_cfn::bind_host: {get_input: controller_host}
+ heat::api::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
+ heat::api_cloudwatch::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiCloudwatchNetwork]}]}
+ heat::api_cfn::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiCfnNetwork]}]}
heat::database_connection: {get_input: heat_dsn}
heat::instance_user: heat-admin
heat::debug: {get_input: debug}
@@ -798,8 +810,8 @@ resources:
keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
keystone::database_connection: {get_input: keystone_dsn}
- keystone::public_bind_host: {get_input: controller_host}
- keystone::admin_bind_host: {get_input: controller_host}
+ keystone::public_bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
+ keystone::admin_bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
keystone::debug: {get_input: debug}
# MongoDB
mongodb::server::bind_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
@@ -813,7 +825,7 @@ resources:
mysql_cluster_name: {get_input: mysql_cluster_name}
# Neutron
- neutron::bind_host: {get_input: controller_host}
+ neutron::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
neutron::rabbit_password: {get_input: rabbit_password}
neutron::rabbit_user: {get_input: rabbit_user}
neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
@@ -870,8 +882,8 @@ resources:
nova::debug: {get_input: debug}
nova::api::auth_uri: {get_input: keystone_auth_uri}
nova::api::identity_uri: {get_input: keystone_identity_uri}
- nova::api::api_bind_address: {get_input: controller_host}
- nova::api::metadata_listen: {get_input: controller_host}
+ nova::api::api_bind_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
+ nova::api::metadata_listen: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
nova::api::admin_password: {get_input: nova_password}
nova::database_connection: {get_input: nova_dsn}
nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
@@ -882,16 +894,16 @@ resources:
# Horizon
horizon::django_debug: {get_input: debug}
horizon::secret_key: {get_input: horizon_secret}
- horizon::bind_address: {get_input: controller_host}
+ horizon::bind_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
horizon::keystone_url: {get_input: keystone_auth_uri}
# Rabbit
- rabbitmq::node_ip_address: {get_input: controller_host}
+ rabbitmq::node_ip_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
# Redis
- redis::bind: {get_input: controller_host}
+ redis::bind: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
# Misc
- memcached::listen_ip: {get_input: controller_host}
+ memcached::listen_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
ntp::servers: {get_input: ntp_servers}
control_virtual_interface: {get_input: control_virtual_interface}
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index ef102272..191cc792 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -202,7 +202,8 @@ if hiera('step') >= 2 {
pacemaker::resource::ocf { 'galera' :
ocf_agent_name => 'heartbeat:galera',
- op_params => 'promote timeout=300s on-fail=block --master',
+ op_params => 'promote timeout=300s on-fail=block',
+ master_params => '',
meta_params => "master-max=${galera_nodes_count} ordered=true",
resource_params => "additional_parameters='--open-files-limit=16384' enable_creation=true wsrep_cluster_address='gcomm://${galera_nodes}'",
require => Class['::mysql::server'],
@@ -752,11 +753,21 @@ if hiera('step') >= 4 {
# Glance
pacemaker::resource::service { $::glance::params::registry_service_name :
clone_params => "interleave=true",
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
}
pacemaker::resource::service { $::glance::params::api_service_name :
clone_params => "interleave=true",
}
+ pacemaker::constraint::base { 'keystone-then-glance-registry-constraint':
+ constraint_type => 'order',
+ first_resource => "${::keystone::params::service_name}-clone",
+ second_resource => "${::glance::params::registry_service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
+ Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ }
pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint':
constraint_type => "order",
first_resource => "${::glance::params::registry_service_name}-clone",