summaryrefslogtreecommitdiffstats
path: root/puppet/controller.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/controller.yaml')
-rw-r--r--puppet/controller.yaml337
1 files changed, 17 insertions, 320 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 65e47b77..7650c1e8 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -4,10 +4,6 @@ description: >
OpenStack controller node configured by Puppet.
parameters:
- AodhPassword:
- description: The password for the aodh services.
- type: string
- hidden: true
controllerExtraConfig:
default: {}
description: |
@@ -27,22 +23,10 @@ parameters:
...
}
type: json
- ControlVirtualInterface:
- default: 'br-ex'
- description: Interface where virtual ip will be assigned.
- type: string
- CorosyncIPv6:
- default: false
- description: Enable IPv6 in Corosync
- type: boolean
Debug:
default: ''
description: Set to True to enable debugging on all services.
type: string
- EnableFencing:
- default: false
- description: Whether to enable fencing in Pacemaker or not.
- type: boolean
EnableLoadBalancer:
default: true
description: Whether to deploy a LoadBalancer on the Controller
@@ -53,63 +37,12 @@ parameters:
Additional hieradata to inject into the cluster, note that
ControllerExtraConfig takes precedence over ExtraConfig.
type: json
- FencingConfig:
- default: {}
- description: |
- Pacemaker fencing configuration. The JSON should have
- the following structure:
- {
- "devices": [
- {
- "agent": "AGENT_NAME",
- "host_mac": "HOST_MAC_ADDRESS",
- "params": {"PARAM_NAME": "PARAM_VALUE"}
- }
- ]
- }
- For instance:
- {
- "devices": [
- {
- "agent": "fence_xvm",
- "host_mac": "52:54:00:aa:bb:cc",
- "params": {
- "multicast_address": "225.0.0.12",
- "port": "baremetal_0",
- "manage_fw": true,
- "manage_key_file": true,
- "key_file": "/etc/fence_xvm.key",
- "key_file_password": "abcdef"
- }
- }
- ]
- }
- type: json
OvercloudControlFlavor:
description: Flavor for control nodes to request when deploying.
default: baremetal
type: string
constraints:
- custom_constraint: nova.flavor
- HAProxyStatsPassword:
- description: Password for HAProxy stats endpoint
- type: string
- HAProxyStatsUser:
- description: User for HAProxy stats endpoint
- default: admin
- type: string
- HAProxySyslogAddress:
- default: /dev/log
- description: Syslog address where HAproxy will send its log
- type: string
- HeatAuthEncryptionKey:
- description: Auth encryption key for heat-engine
- type: string
- hidden: true
- HorizonSecret:
- description: Secret key for Django
- type: string
- hidden: true
controllerImage:
type: string
default: overcloud-full
@@ -119,83 +52,23 @@ parameters:
default: 'REBUILD_PRESERVE_EPHEMERAL'
description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
type: string
- InstanceNameTemplate:
- default: 'instance-%08x'
- description: Template string to be used to generate instance names
- type: string
KeyName:
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
constraints:
- custom_constraint: nova.keypair
- ManageFirewall:
- default: false
- description: Whether to manage IPtables rules.
- type: boolean
- MemcachedIPv6:
- default: false
- description: Enable IPv6 features in Memcached.
- type: boolean
- PurgeFirewallRules:
- default: false
- description: Whether IPtables rules should be purged before setting up the new ones.
- type: boolean
- NeutronMetadataProxySharedSecret:
- description: Shared secret to prevent spoofing
- type: string
- hidden: true
- NeutronPassword:
- description: The password for the neutron service and db account, used by neutron agents.
- type: string
- hidden: true
NeutronPublicInterface:
default: nic1
description: What interface to bridge onto br-ex for network nodes.
type: string
- NovaEnableDBPurge:
- default: true
- description: |
- Whether to create cron job for purging soft deleted rows in Nova database.
- type: boolean
- NovaIPv6:
- default: false
- description: Enable IPv6 features in Nova
- type: boolean
- NovaPassword:
- description: The password for the nova service and db account, used by nova-api.
- type: string
- hidden: true
- PcsdPassword:
- type: string
- description: The password for the 'pcsd' user.
- hidden: true
- PublicVirtualInterface:
- default: 'br-ex'
- description: >
- Specifies the interface where the public-facing virtual ip will be assigned.
- This should be int_public when a VLAN is being used.
- type: string
- RedisPassword:
- description: The password for Redis
- type: string
- hidden: true
RedisVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
- RedisVirtualIPUri:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- description: An IP address which is wrapped in brackets in case of IPv6
- SwiftHashSuffix:
- description: A random string to be used as a salt when hashing to determine mappings
- in the ring.
- hidden: true
- type: string
- UpgradeLevelNovaCompute:
- type: string
- description: Nova Compute upgrade level
- default: ''
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -255,6 +128,9 @@ parameters:
ServiceNames:
type: comma_delimited_list
default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
ConfigCommand:
type: string
description: Command which will be run whenever configuration data changes
@@ -422,96 +298,9 @@ resources:
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
- haproxy_log_address: {get_param: HAProxySyslogAddress}
- haproxy_stats_password: {get_param: HAProxyStatsPassword}
- haproxy_stats_user: {get_param: HAProxyStatsUser}
- heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
- horizon_secret: {get_param: HorizonSecret}
- debug: {get_param: Debug}
- keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
- keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
- enable_fencing: {get_param: EnableFencing}
enable_load_balancer: {get_param: EnableLoadBalancer}
- manage_firewall: {get_param: ManageFirewall}
- purge_firewall_rules: {get_param: PurgeFirewallRules}
- neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
- aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
- aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
- ceilometer_coordination_url:
- list_join:
- - ''
- - - 'redis://:'
- - {get_param: RedisPassword}
- - '@'
- - {get_param: RedisVirtualIPUri}
- - ':6379/'
- nova_enable_db_purge: {get_param: NovaEnableDBPurge}
- nova_ipv6: {get_param: NovaIPv6}
- corosync_ipv6: {get_param: CorosyncIPv6}
- memcached_ipv6: {get_param: MemcachedIPv6}
- nova_password: {get_param: NovaPassword}
- upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
- instance_name_template: {get_param: InstanceNameTemplate}
- fencing_config: {get_param: FencingConfig}
- pcsd_password: {get_param: PcsdPassword}
- control_virtual_interface: {get_param: ControlVirtualInterface}
- public_virtual_interface: {get_param: PublicVirtualInterface}
- swift_hash_suffix: {get_param: SwiftHashSuffix}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
- swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
- glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
- glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
- glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
- heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
- keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
- keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
- manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
- mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongodbNetwork]}]}
- neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
- neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
- ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
- aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
- gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
- nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
- nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
- horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
- horizon_subnet:
- str_replace:
- template: "['SUBNET']"
- params:
- SUBNET:
- get_attr:
- - NetIpMap
- - net_ip_map
- - str_replace:
- template: "NETWORK_subnet"
- params:
- NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
- redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
redis_vip: {get_param: RedisVirtualIP}
- sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
- memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
- ceph_cluster_network:
- get_attr:
- - NetIpMap
- - net_ip_map
- - str_replace:
- template: "NETWORK_subnet"
- params:
- NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]}
- ceph_public_network:
- get_attr:
- - NetIpMap
- - net_ip_map
- - str_replace:
- template: "NETWORK_subnet"
- params:
- NETWORK: {get_param: [ServiceNetMap, CephPublicNetwork]}
- ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
- ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
# Map heat metadata into hiera datafiles
ControllerConfig:
@@ -529,8 +318,6 @@ resources:
- service_names
- controller
- swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
- - ceph_cluster # provided by CephClusterConfig
- - ceph
- bootstrap_node # provided by BootstrapNodeConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by vip-config
@@ -542,11 +329,13 @@ resources:
- neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
- midonet_data #Optionally provided by AllNodesExtraConfig
+ - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
merge_behavior: deeper
datafiles:
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
@@ -559,116 +348,17 @@ resources:
- {get_param: ControllerExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
- ceph:
- mapped_data:
- ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
- ceph::profile::params::public_network: {get_input: ceph_public_network}
- ceph::profile::params::public_addr: {get_input: ceph_public_ip}
controller:
mapped_data: # data supplied directly to this deployment configuration, etc
bootstack_nodeid: {get_input: bootstack_nodeid}
# Pacemaker
- enable_fencing: {get_input: enable_fencing}
enable_load_balancer: {get_input: enable_load_balancer}
- hacluster_pwd: {get_input: pcsd_password}
- corosync_ipv6: {get_input: corosync_ipv6}
- tripleo::fencing::config: {get_input: fencing_config}
-
- # Swift
- # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml
- swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
- swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
- swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
-
- # Glance
- glance::api::bind_host: {get_input: glance_api_network}
- glance::registry::bind_host: {get_input: glance_registry_network}
-
- # Heat
- heat::api::bind_host: {get_input: heat_api_network}
- heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
- heat::api_cfn::bind_host: {get_input: heat_api_network}
- heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
-
- # Keystone
- keystone::admin_bind_host: {get_input: keystone_admin_api_network}
- keystone::public_bind_host: {get_input: keystone_public_api_network}
- keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
- keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
-
- # Manila
- manila::api::bind_host: {get_input: manila_api_network}
-
- # MongoDB
- mongodb::server::bind_ip: {get_input: mongo_db_network}
-
- # Neutron
- neutron::bind_host: {get_input: neutron_api_network}
- neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
- neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
-
- # Aodh
- aodh::api::host: {get_input: aodh_api_network}
- aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
-
- # Ceilometer
- ceilometer::api::host: {get_input: ceilometer_api_network}
- snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
- snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
-
- # Gnocchi
- gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
- gnocchi::api::host: {get_input: gnocchi_api_network}
- gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri}
- gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri}
- gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
-
- # Nova
- nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
- nova::use_ipv6: {get_input: nova_ipv6}
- nova::api::auth_uri: {get_input: keystone_auth_uri}
- nova::api::identity_uri: {get_input: keystone_identity_uri}
- nova::api::api_bind_address: {get_input: nova_api_network}
- nova::api::metadata_listen: {get_input: nova_metadata_network}
- nova::api::admin_password: {get_input: nova_password}
- nova::glance_api_servers: {get_input: glance_api_servers}
- nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
- nova::api::instance_name_template: {get_input: instance_name_template}
- nova::vncproxy::host: {get_input: nova_api_network}
- nova_enable_db_purge: {get_input: nova_enable_db_purge}
-
- # Horizon
- apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
- apache::ip: {get_input: horizon_network}
- horizon::django_debug: {get_input: debug}
- horizon::secret_key: {get_input: horizon_secret}
- horizon::bind_address: {get_input: horizon_network}
- horizon::keystone_url: {get_input: keystone_auth_uri}
-
- # Sahara
- sahara::host: {get_input: sahara_api_network}
# Redis
- redis::bind: {get_input: redis_network}
redis_vip: {get_input: redis_vip}
- # Firewall
- tripleo::firewall::manage_firewall: {get_input: manage_firewall}
- tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
# Misc
- memcached_ipv6: {get_input: memcached_ipv6}
- memcached::listen_ip: {get_input: memcached_network}
- control_virtual_interface: {get_input: control_virtual_interface}
- public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface}
- tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface}
- tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address}
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
- tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user}
- tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password}
- tripleo::haproxy::redis_password: {get_input: redis_password}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
@@ -785,7 +475,14 @@ outputs:
description: Swift device formatted for swift-ring-builder
value:
str_replace:
- template: 'r1z1-IP:%PORT%/d1'
+ template:
+ list_join:
+ - ','
+ - ['r1z1-IP:%PORT%/d1']
+ - repeat:
+ template: 'r1z1-IP:%PORT%/DEVICE'
+ for_each:
+ DEVICE: {get_param: SwiftRawDisks}
params:
IP:
get_attr: