diff options
Diffstat (limited to 'puppet/controller-role.yaml')
-rw-r--r-- | puppet/controller-role.yaml | 597 |
1 files changed, 597 insertions, 0 deletions
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml new file mode 100644 index 00000000..05527b63 --- /dev/null +++ b/puppet/controller-role.yaml @@ -0,0 +1,597 @@ +heat_template_version: 2016-10-14 + +description: > + OpenStack controller node configured by Puppet. + +parameters: + controllerExtraConfig: + default: {} + description: | + Deprecated. Use ControllerExtraConfig via parameter_defaults instead. + type: json + ControllerExtraConfig: + default: {} + description: | + Controller specific hiera configuration data to inject into the cluster. + type: json + ControllerIPs: + default: {} + description: > + A network mapped list of IPs to assign to Controllers in the following form: + { + "internal_api": ["a.b.c.d", "e.f.g.h"], + ... + } + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + EnableLoadBalancer: + default: true + description: Whether to deploy a LoadBalancer on the Controller + type: boolean + ExtraConfig: + default: {} + description: | + Additional hieradata to inject into the cluster, note that + ControllerExtraConfig takes precedence over ExtraConfig. + type: json + OvercloudControlFlavor: + description: Flavor for control nodes to request when deploying. + default: baremetal + type: string + constraints: + - custom_constraint: nova.flavor + controllerImage: + type: string + default: overcloud-full + constraints: + - custom_constraint: glance.image + ImageUpdatePolicy: + default: 'REBUILD_PRESERVE_EPHEMERAL' + description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. + type: string + KeyName: + default: default + description: Name of an existing Nova key pair to enable SSH access to the instances + type: string + constraints: + - custom_constraint: nova.keypair + NeutronPublicInterface: + default: nic1 + description: What interface to bridge onto br-ex for network nodes. + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + UpdateIdentifier: + default: '' + type: string + description: > + Setting to a previously unused value during stack-update will trigger + package update on all nodes + Hostname: + type: string + default: '' # Defaults to Heat created hostname + HostnameMap: + type: json + default: {} + description: Optional mapping to override hostnames + NetworkDeploymentActions: + type: comma_delimited_list + description: > + Heat action when to apply network configuration changes + default: ['CREATE'] + NodeIndex: + type: number + default: 0 + SoftwareConfigTransport: + default: POLL_SERVER_CFN + description: | + How the server should receive the metadata required for software configuration. + type: string + constraints: + - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] + CloudDomain: + default: 'localdomain' + type: string + description: > + The DNS domain used for the hosts. This should match the dhcp_domain + configured in the Undercloud neutron. Defaults to localdomain. + ControllerServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. This option is + role-specific and is merged with the values given to the ServerMetadata + parameter. + type: json + ServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. This applies to + all roles and is merged with a role-specific metadata parameter. + type: json + ControllerSchedulerHints: + type: json + description: Optional scheduler hints to pass to nova + default: {} + ServiceConfigSettings: + type: json + default: {} + ServiceNames: + type: comma_delimited_list + default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] + ServiceMetadataSettings: + type: json + default: {} + ConfigCommand: + type: string + description: Command which will be run whenever configuration data changes + default: os-refresh-config --timeout 14400 + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - controllerExtraConfig + +resources: + + Controller: + type: OS::TripleO::Server + metadata: + os-collect-config: + command: {get_param: ConfigCommand} + properties: + image: {get_param: controllerImage} + image_update_policy: {get_param: ImageUpdatePolicy} + flavor: {get_param: OvercloudControlFlavor} + key_name: {get_param: KeyName} + networks: + - network: ctlplane + user_data_format: SOFTWARE_CONFIG + user_data: {get_resource: UserData} + name: + str_replace: + template: {get_param: Hostname} + params: {get_param: HostnameMap} + software_config_transport: {get_param: SoftwareConfigTransport} + metadata: + map_merge: + - {get_param: ServerMetadata} + - {get_param: ControllerServerMetadata} + - {get_param: ServiceMetadataSettings} + scheduler_hints: {get_param: ControllerSchedulerHints} + + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + - config: {get_resource: RoleUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeUserData: + type: OS::TripleO::NodeUserData + + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::Controller::NodeUserData + + ExternalPort: + type: OS::TripleO::Controller::Ports::ExternalPort + properties: + IPPool: {get_param: ControllerIPs} + NodeIndex: {get_param: NodeIndex} + ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} + + InternalApiPort: + type: OS::TripleO::Controller::Ports::InternalApiPort + properties: + IPPool: {get_param: ControllerIPs} + NodeIndex: {get_param: NodeIndex} + ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} + + StoragePort: + type: OS::TripleO::Controller::Ports::StoragePort + properties: + IPPool: {get_param: ControllerIPs} + NodeIndex: {get_param: NodeIndex} + ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} + + StorageMgmtPort: + type: OS::TripleO::Controller::Ports::StorageMgmtPort + properties: + IPPool: {get_param: ControllerIPs} + NodeIndex: {get_param: NodeIndex} + ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} + + TenantPort: + type: OS::TripleO::Controller::Ports::TenantPort + properties: + IPPool: {get_param: ControllerIPs} + NodeIndex: {get_param: NodeIndex} + ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} + + ManagementPort: + type: OS::TripleO::Controller::Ports::ManagementPort + properties: + IPPool: {get_param: ControllerIPs} + NodeIndex: {get_param: NodeIndex} + ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} + + NetIpMap: + type: OS::TripleO::Network::Ports::NetIpMap + properties: + ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} + ExternalIp: {get_attr: [ExternalPort, ip_address]} + ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} + ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} + InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} + InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} + StorageIp: {get_attr: [StoragePort, ip_address]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} + StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} + StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} + TenantIp: {get_attr: [TenantPort, ip_address]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} + TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} + ManagementIp: {get_attr: [ManagementPort, ip_address]} + ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} + ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - ctlplane + + NetworkConfig: + type: OS::TripleO::Controller::Net::SoftwareConfig + properties: + ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} + ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} + ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} + + NetworkDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + name: NetworkDeployment + config: {get_resource: NetworkConfig} + server: {get_resource: Controller} + actions: {get_param: NetworkDeploymentActions} + input_values: + bridge_name: br-ex + interface_name: {get_param: NeutronPublicInterface} + + # Resource for site-specific injection of root certificate + NodeTLSCAData: + depends_on: NetworkDeployment + type: OS::TripleO::NodeTLSCAData + properties: + server: {get_resource: Controller} + + # Resource for site-specific passing of private keys/certificates + NodeTLSData: + depends_on: NodeTLSCAData + type: OS::TripleO::NodeTLSData + properties: + server: {get_resource: Controller} + NodeIndex: {get_param: NodeIndex} + + ControllerUpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + + # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty + # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first + ControllerUpgradeInitDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment + properties: + name: ControllerUpgradeInitDeployment + server: {get_resource: Controller} + config: {get_resource: ControllerUpgradeInitConfig} + + ControllerDeployment: + type: OS::TripleO::SoftwareDeployment + depends_on: ControllerUpgradeInitDeployment + properties: + name: ControllerDeployment + config: {get_resource: ControllerConfig} + server: {get_resource: Controller} + input_values: + bootstack_nodeid: {get_attr: [Controller, name]} + enable_load_balancer: {get_param: EnableLoadBalancer} + enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + + # Map heat metadata into hiera datafiles + ControllerConfig: + type: OS::Heat::StructuredConfig + properties: + group: hiera + config: + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - controller_extraconfig + - extraconfig + - service_configs + - service_names + - controller + - bootstrap_node # provided by BootstrapNodeConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre + - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre + - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre + - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre + - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre + - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre + - midonet_data #Optionally provided by AllNodesExtraConfig + - cisco_aci_data # Optionally provided by ControllerExtraConfigPre + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + controller_extraconfig: + map_merge: + - {get_param: controllerExtraConfig} + - {get_param: ControllerExtraConfig} + extraconfig: {get_param: ExtraConfig} + controller: + # data supplied directly to this deployment configuration, etc + bootstack_nodeid: {get_input: bootstack_nodeid} + # Pacemaker + enable_load_balancer: {get_input: enable_load_balancer} + + # Misc + tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} + + # Hook for site-specific additional pre-deployment config, e.g extra hieradata + ControllerExtraConfigPre: + depends_on: ControllerDeployment + type: OS::TripleO::ControllerExtraConfigPre + properties: + server: {get_resource: Controller} + + # Hook for site-specific additional pre-deployment config, + # applying to all nodes, e.g node registration/unregistration + NodeExtraConfig: + depends_on: [ControllerExtraConfigPre, NodeTLSData] + type: OS::TripleO::NodeExtraConfig + properties: + server: {get_resource: Controller} + + UpdateConfig: + type: OS::TripleO::Tasks::PackageUpdate + + UpdateDeployment: + type: OS::Heat::SoftwareDeployment + properties: + name: UpdateDeployment + config: {get_resource: UpdateConfig} + server: {get_resource: Controller} + input_values: + update_identifier: + get_param: UpdateIdentifier + +outputs: + ip_address: + description: IP address of the server in the ctlplane network + value: {get_attr: [Controller, networks, ctlplane, 0]} + external_ip_address: + description: IP address of the server in the external network + value: {get_attr: [ExternalPort, ip_address]} + internal_api_ip_address: + description: IP address of the server in the internal_api network + value: {get_attr: [InternalApiPort, ip_address]} + storage_ip_address: + description: IP address of the server in the storage network + value: {get_attr: [StoragePort, ip_address]} + storage_mgmt_ip_address: + description: IP address of the server in the storage_mgmt network + value: {get_attr: [StorageMgmtPort, ip_address]} + tenant_ip_address: + description: IP address of the server in the tenant network + value: {get_attr: [TenantPort, ip_address]} + management_ip_address: + description: IP address of the server in the management network + value: {get_attr: [ManagementPort, ip_address]} + hostname: + description: Hostname of the server + value: {get_attr: [Controller, name]} + hostname_map: + description: Mapping of network names to hostnames + value: + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} + hosts_entry: + description: > + Server's IP address and hostname in the /etc/hosts format + value: + str_replace: + template: | + PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST + EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST + STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST + TENANTIP TENANTHOST.DOMAIN TENANTHOST + MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST + CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST + params: + PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} + DOMAIN: {get_param: CloudDomain} + PRIMARYHOST: {get_attr: [Controller, name]} + EXTERNALIP: {get_attr: [ExternalPort, ip_address]} + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} + INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} + STORAGEIP: {get_attr: [StoragePort, ip_address]} + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} + STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} + TENANTIP: {get_attr: [TenantPort, ip_address]} + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} + MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} + CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]} + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} + nova_server_resource: + description: Heat resource handle for the Nova compute server + value: + {get_resource: Controller} + tls_key_modulus_md5: + description: MD5 checksum of the TLS Key Modulus + value: {get_attr: [NodeTLSData, key_modulus_md5]} + tls_cert_modulus_md5: + description: MD5 checksum of the TLS Certificate Modulus + value: {get_attr: [NodeTLSData, cert_modulus_md5]} |