diff options
Diffstat (limited to 'puppet/controller.yaml')
| -rw-r--r-- | puppet/controller.yaml | 443 |
1 files changed, 300 insertions, 143 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml index ea19c711..8ad0ef28 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -4,17 +4,15 @@ description: > OpenStack controller node configured by Puppet. parameters: - AdminEmail: - default: 'admin@example.com' - description: The email for the keystone admin account. - type: string - hidden: true AdminPassword: description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true - AdminToken: - description: The keystone auth secret and db password. + AodhApiVirtualIP: + type: string + default: '' + AodhPassword: + description: The password for the aodh services. type: string hidden: true CeilometerApiVirtualIP: @@ -32,6 +30,16 @@ parameters: description: The password for the ceilometer service and db account. type: string hidden: true + CeilometerStoreEvents: + default: false + description: Whether to store events in ceilometer. + type: boolean + CeilometerMeterDispatcher: + default: 'database' + description: Dispatcher to process meter data + type: string + constraints: + - allowed_values: ['gnocchi', 'database'] CinderApiVirtualIP: type: string default: '' @@ -57,11 +65,11 @@ parameters: description: Whether to enable or not the Rbd backend for Cinder type: boolean CinderISCSIHelper: - default: tgtadm + default: lioadm description: The iSCSI helper to use with cinder. type: string CinderLVMLoopDeviceSize: - default: 5000 + default: 10280 description: The size of the loopback file used by the cinder LVM driver. type: number CinderNfsMountOptions: @@ -107,6 +115,10 @@ parameters: default: 'br-ex' description: Interface where virtual ip will be assigned. type: string + CorosyncIPv6: + default: false + description: Enable IPv6 in Corosync + type: boolean Debug: default: '' description: Set to True to enable debugging on all services. @@ -217,6 +229,31 @@ parameters: Mount options for Pacemaker mount used as Glance storage. Effective when GlanceFilePcmkManage is true. type: string + GnocchiBackend: + default: file + description: The short name of the Gnocchi backend to use. Should be one + of swift, rbd, or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd'] + GnocchiIndexerBackend: + default: 'mysql' + description: The short name of the Gnocchi indexer backend to use. + type: string + GnocchiApiVirtualIP: + type: string + default: '' + GnocchiPassword: + description: The password for the gnocchi service and db account. + type: string + hidden: true + HAProxyStatsPassword: + description: Password for HAProxy stats endpoint + type: string + HAProxyStatsUser: + description: User for HAProxy stats endpoint + default: admin + type: string HAProxySyslogAddress: default: /dev/log description: Syslog address where HAproxy will send its log @@ -230,7 +267,7 @@ parameters: type: string hidden: true HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. + description: Password for heat_stack_domain_admin user. type: string hidden: true HeatAuthEncryptionKey: @@ -245,6 +282,11 @@ parameters: default: 0 description: Number of workers for Heat service. type: number + HeatEnableDBPurge: + type: boolean + default: true + description: | + Whether to create cron job for purging soft deleted rows in the Heat database. HorizonSecret: description: Secret key for Django type: string @@ -268,43 +310,6 @@ parameters: type: string constraints: - custom_constraint: nova.keypair - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string - KeystoneEnableDBPurge: - default: true - description: | - Whether to create cron job for purging soft deleted rows in Keystone database. - type: boolean - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneSSLCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSSLCertificateKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneNotificationDriver: - description: Comma-separated list of Oslo notification drivers used by Keystone - default: ['messaging'] - type: comma_delimited_list - KeystoneNotificationFormat: - description: The Keystone notification format - default: 'basic' - type: string - constraints: - - allowed_values: [ 'basic', 'cadf' ] KeystoneRegion: type: string default: 'regionOne' @@ -313,14 +318,14 @@ parameters: default: false description: Whether to manage IPtables rules. type: boolean + MemcachedIPv6: + default: false + description: Enable IPv6 features in Memcached. + type: boolean PurgeFirewallRules: default: false description: Whether IPtables rules should be purged before setting up the new ones. type: boolean - KeystoneWorkers: - default: 0 - description: Number of workers for Keystone service. - type: number SaharaApiVirtualIP: type: string default: '' @@ -492,6 +497,15 @@ parameters: default: '' description: If set, the public interface is a vlan with this device as the raw device. type: string + NeutronTenantMtu: + description: > + The default MTU for tenant networks. For VXLAN/GRE tunneling, this should + be at least 50 bytes smaller than the MTU on the physical network. This + value will be used to set the MTU on the virtual Ethernet device. + This number is related to the value of NeutronDnsmasqOptions, since that + will determine the MTU that is assigned to the VM host through DHCP. + default: 1400 + type: number NeutronTunnelTypes: default: 'vxlan' description: | @@ -510,7 +524,7 @@ parameters: default: ["1:4094", ] type: comma_delimited_list NeutronPluginExtensions: - default: "qos" + default: "qos,port_security" description: | Comma-separated list of extensions enabled for the Neutron plugin. type: comma_delimited_list @@ -531,6 +545,10 @@ parameters: description: | Whether to create cron job for purging soft deleted rows in Nova database. type: boolean + NovaIPv6: + default: false + description: Enable IPv6 features in Nova + type: boolean NovaPassword: description: The password for the nova service and db account, used by nova-api. type: string @@ -543,6 +561,10 @@ parameters: default: false description: Should MongoDb journaling be disabled type: boolean + MongoDbIPv6: + default: false + description: Enable IPv6 if Mongo DB VIP is IPv6 + type: boolean NtpServer: default: '' description: Comma-separated list of ntp servers @@ -565,7 +587,6 @@ parameters: default: '' # Has to be here because of the ignored empty value bug hidden: true RabbitPassword: - default: guest description: The password for RabbitMQ type: string hidden: true @@ -587,9 +608,21 @@ parameters: default: 16384 description: Configures RabbitMQ FD limit type: string + RabbitIPv6: + default: false + description: Enable IPv6 in RabbitMQ + type: boolean + RedisPassword: + type: string + description: The password to access the Redis service + hidden: true RedisVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug + RedisVirtualIPUri: + type: string + default: '' # Has to be here because of the ignored empty value bug + description: An IP address which is wrapped in brackets in case of IPv6 SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -615,6 +648,10 @@ parameters: default: 10 description: Partition Power to use when building Swift rings type: number + SwiftRingBuild: + default: true + description: Whether to manage Swift rings or not + type: boolean SwiftPassword: description: The password for the swift service account, used by the swift proxy services. @@ -635,12 +672,19 @@ parameters: default: 'UTC' description: The timezone to be set on controller nodes. type: string + UpgradeLevelNovaCompute: + type: string + description: Nova Compute upgrade level + default: '' VirtualIP: # DEPRECATED: use per service settings instead type: string default: '' # Has to be here because of the ignored empty value bug HeatApiVirtualIP: type: string default: '' + HeatApiVirtualIPUri: + type: string + default: '' GlanceApiVirtualIP: type: string default: '' @@ -650,10 +694,7 @@ parameters: MysqlVirtualIP: type: string default: '' - KeystoneAdminApiVirtualIP: - type: string - default: '' - KeystonePublicApiVirtualIP: + MysqlVirtualIPUri: type: string default: '' NeutronApiVirtualIP: @@ -682,6 +723,10 @@ parameters: Hostname: type: string default: '' # Defaults to Heat created hostname + HostnameMap: + type: json + default: {} + description: Optional mapping to override hostnames NetworkDeploymentActions: type: comma_delimited_list description: > @@ -713,6 +758,9 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + ServiceConfigSettings: + type: json + default: {} resources: @@ -727,7 +775,10 @@ resources: - network: ctlplane user_data_format: SOFTWARE_CONFIG user_data: {get_resource: UserData} - name: {get_param: Hostname} + name: + str_replace: + template: {get_param: Hostname} + params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} scheduler_hints: {get_param: SchedulerHints} @@ -790,6 +841,8 @@ resources: ManagementPort: type: OS::TripleO::Controller::Ports::ManagementPort properties: + IPPool: {get_param: ControllerIPs} + NodeIndex: {get_param: NodeIndex} ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} NetIpMap: @@ -797,11 +850,17 @@ resources: properties: ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} ExternalIp: {get_attr: [ExternalPort, ip_address]} + ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} StorageIp: {get_attr: [StoragePort, ip_address]} + StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} TenantIp: {get_attr: [TenantPort, ip_address]} + TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} ManagementIp: {get_attr: [ManagementPort, ip_address]} + ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} NetIpSubnetMap: type: OS::TripleO::Network::Ports::NetIpSubnetMap @@ -865,7 +924,6 @@ resources: cinder_workers: {get_param: CinderWorkers} glance_workers: {get_param: GlanceWorkers} heat_workers: {get_param: HeatWorkers} - keystone_workers: {get_param: KeystoneWorkers} nova_workers: {get_param: NovaWorkers} neutron_workers: {get_param: NeutronWorkers} swift_workers: {get_param: SwiftWorkers} @@ -873,30 +931,31 @@ resources: neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} haproxy_log_address: {get_param: HAProxySyslogAddress} + haproxy_stats_password: {get_param: HAProxyStatsPassword} + haproxy_stats_user: {get_param: HAProxyStatsUser} heat.watch_server_url: list_join: - '' - - 'http://' - - {get_param: HeatApiVirtualIP} + - {get_param: HeatApiVirtualIPUri} - ':8003' heat.metadata_server_url: list_join: - '' - - 'http://' - - {get_param: HeatApiVirtualIP} + - {get_param: HeatApiVirtualIPUri} - ':8000' heat.waitcondition_server_url: list_join: - '' - - 'http://' - - {get_param: HeatApiVirtualIP} + - {get_param: HeatApiVirtualIPUri} - ':8000/v1/waitcondition' heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} + heat_enable_db_purge: {get_param: HeatEnableDBPurge} horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} - admin_email: {get_param: AdminEmail} admin_password: {get_param: AdminPassword} - admin_token: {get_param: AdminToken} neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} debug: {get_param: Debug} cinder_enable_db_purge: {get_param: CinderEnableDBPurge} @@ -919,7 +978,7 @@ resources: - - 'mysql+pymysql://cinder:' - {get_param: CinderPassword} - '@' - - {get_param: MysqlVirtualIP} + - {get_param: MysqlVirtualIPUri} - '/cinder' glance_port: {get_param: [EndpointMap, GlanceInternal, port]} glance_password: {get_param: GlancePassword} @@ -936,7 +995,7 @@ resources: - - 'mysql+pymysql://glance:' - {get_param: GlancePassword} - '@' - - {get_param: MysqlVirtualIP} + - {get_param: MysqlVirtualIPUri} - '/glance' heat_password: {get_param: HeatPassword} heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} @@ -946,28 +1005,10 @@ resources: - - 'mysql+pymysql://heat:' - {get_param: HeatPassword} - '@' - - {get_param: MysqlVirtualIP} + - {get_param: MysqlVirtualIPUri} - '/heat' - keystone_ca_certificate: {get_param: KeystoneCACertificate} - keystone_signing_key: {get_param: KeystoneSigningKey} - keystone_signing_certificate: {get_param: KeystoneSigningCertificate} - keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} - keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} - keystone_notification_driver: {get_param: KeystoneNotificationDriver} - keystone_notification_format: {get_param: KeystoneNotificationFormat} - keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} - keystone_dsn: - list_join: - - '' - - - 'mysql+pymysql://keystone:' - - {get_param: AdminToken} - - '@' - - {get_param: MysqlVirtualIP} - - '/keystone' keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] } - keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } enable_fencing: {get_param: EnableFencing} enable_galera: {get_param: EnableGalera} @@ -1061,6 +1102,7 @@ resources: params: AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} neutron_password: {get_param: NeutronPassword} + neutron_tenant_mtu: {get_param: NeutronTenantMtu} neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions} neutron_dsn: list_join: @@ -1068,33 +1110,53 @@ resources: - - 'mysql+pymysql://neutron:' - {get_param: NeutronPassword} - '@' - - {get_param: MysqlVirtualIP} + - {get_param: MysqlVirtualIPUri} - '/ovs_neutron?charset=utf8' neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] } neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } - neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri_no_suffix ] } + neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] } ceilometer_backend: {get_param: CeilometerBackend} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} + ceilometer_store_events: {get_param: CeilometerStoreEvents} + aodh_password: {get_param: AodhPassword} + ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher} + gnocchi_password: {get_param: GnocchiPassword} + gnocchi_backend: {get_param: GnocchiBackend} + gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend} ceilometer_coordination_url: list_join: - '' - - - 'redis://' - - {get_param: RedisVirtualIP} - - ':6379' + - - 'redis://:' + - {get_param: RedisPassword} + - '@' + - {get_param: RedisVirtualIPUri} + - ':6379/' ceilometer_dsn: list_join: - '' - - 'mysql+pymysql://ceilometer:' - {get_param: CeilometerPassword} - '@' - - {get_param: MysqlVirtualIP} + - {get_param: MysqlVirtualIPUri} - '/ceilometer' + gnocchi_dsn: + list_join: + - '' + - - 'mysql+pymysql://gnocchi:' + - {get_param: GnocchiPassword} + - '@' + - {get_param: MysqlVirtualIPUri} + - '/gnocchi' + gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} nova_enable_db_purge: {get_param: NovaEnableDBPurge} + nova_ipv6: {get_param: NovaIPv6} + corosync_ipv6: {get_param: CorosyncIPv6} + memcached_ipv6: {get_param: MemcachedIPv6} nova_password: {get_param: NovaPassword} nova_dsn: list_join: @@ -1102,8 +1164,17 @@ resources: - - 'mysql+pymysql://nova:' - {get_param: NovaPassword} - '@' - - {get_param: MysqlVirtualIP} + - {get_param: MysqlVirtualIPUri} - '/nova' + nova_api_dsn: + list_join: + - '' + - - 'mysql+pymysql://nova_api:' + - {get_param: NovaPassword} + - '@' + - {get_param: MysqlVirtualIPUri} + - '/nova_api' + upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute} instance_name_template: {get_param: InstanceNameTemplate} fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} @@ -1112,15 +1183,10 @@ resources: rabbit_cookie: {get_param: RabbitCookie} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} + rabbit_ipv6: {get_param: RabbitIPv6} + rabbit_fd_limit: {get_param: RabbitFDLimit} mongodb_no_journal: {get_param: MongoDbNoJournal} - # We need to force this into quotes or hiera will return integer causing - # the puppet module validation regexp to fail. - # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401 - rabbit_fd_limit: - str_replace: - template: "'LIMIT'" - params: - LIMIT: {get_param: RabbitFDLimit} + mongodb_ipv6: {get_param: MongoDbIPv6} ntp_servers: {get_param: NtpServer} timezone: {get_param: TimeZone} control_virtual_interface: {get_param: ControlVirtualInterface} @@ -1128,6 +1194,7 @@ resources: swift_hash_suffix: {get_param: SwiftHashSuffix} swift_password: {get_param: SwiftPassword} swift_part_power: {get_param: SwiftPartPower} + swift_ring_build: {get_param: SwiftRingBuild} swift_replicas: {get_param: SwiftReplicas} swift_min_part_hours: {get_param: SwiftMinPartHours} swift_mount_check: {get_param: SwiftMountCheck} @@ -1140,11 +1207,15 @@ resources: - - 'mysql://sahara:' - {get_param: SaharaPassword} - '@' - - {get_param: MysqlVirtualIP} + - {get_param: MysqlVirtualIPUri} - '/sahara' swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} - cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} + cinder_iscsi_network: + str_replace: + template: "'IP'" + params: + IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} @@ -1158,11 +1229,14 @@ resources: neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} + aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]} + gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]} nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} + redis_password: {get_param: RedisPassword} redis_vip: {get_param: RedisVirtualIP} sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} @@ -1184,6 +1258,7 @@ resources: - heat_config_%{::deploy_config_name} - controller_extraconfig - extraconfig + - service_configs - controller - database - object @@ -1203,7 +1278,11 @@ resources: - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre - midonet_data #Optionally provided by AllNodesExtraConfig + - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre + - neutron_plumgrid_data # Optionally provided by ControllerExtraConfigPre datafiles: + service_configs: + mapped_data: {get_param: ServiceConfigSettings} controller_extraconfig: mapped_data: {get_param: ControllerExtraConfig} extraconfig: @@ -1215,7 +1294,7 @@ resources: mapped_data: ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} ceph::profile::params::public_network: {get_input: ceph_public_network} - ceph::mon::public_addr: {get_input: ceph_public_ip} + ceph::profile::params::public_addr: {get_input: ceph_public_ip} database: raw_data: {get_file: hieradata/database.yaml} object: @@ -1229,6 +1308,7 @@ resources: enable_fencing: {get_input: enable_fencing} enable_load_balancer: {get_input: enable_load_balancer} hacluster_pwd: {get_input: pcsd_password} + corosync_ipv6: {get_input: corosync_ipv6} tripleo::fencing::config: {get_input: fencing_config} # Swift @@ -1239,15 +1319,12 @@ resources: swift::swift_hash_suffix: {get_input: swift_hash_suffix} swift::proxy::authtoken::admin_password: {get_input: swift_password} swift::proxy::workers: {get_input: swift_workers} + tripleo::ringbuilder::build_ring: { get_input: swift_ring_build } tripleo::ringbuilder::part_power: {get_input: swift_part_power} tripleo::ringbuilder::replicas: {get_input: swift_replicas} tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} swift_mount_check: {get_input: swift_mount_check} - # NOTE(dprince): build_ring support is currently not wired in. - # See: https://review.openstack.org/#/c/109225/ - tripleo::ringbuilder::build_ring: True - # Cinder cinder_enable_db_purge: {get_input: cinder_enable_db_purge} cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} @@ -1301,6 +1378,9 @@ resources: glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype} glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage} glance_file_pcmk_options: {get_input: glance_file_pcmk_options} + glance::notify::rabbitmq::rabbit_userid: {get_input: rabbit_username} + glance::notify::rabbitmq::rabbit_password: {get_input: rabbit_password} + glance::notify::rabbitmq::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} # Heat heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} @@ -1322,41 +1402,21 @@ resources: heat::api_cloudwatch::workers: {get_input: heat_workers} heat::api_cfn::bind_host: {get_input: heat_api_network} heat::api_cfn::workers: {get_input: heat_workers} + heat::engine::num_engine_workers: {get_input: heat_workers} heat::database_connection: {get_input: heat_dsn} heat::debug: {get_input: debug} heat::db::mysql::password: {get_input: heat_password} - + heat_enable_db_purge: {get_input: heat_enable_db_purge} + heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password} # Keystone - keystone::admin_token: {get_input: admin_token} - keystone_ca_certificate: {get_input: keystone_ca_certificate} - keystone_signing_key: {get_input: keystone_signing_key} - keystone_signing_certificate: {get_input: keystone_signing_certificate} - keystone_ssl_certificate: {get_input: keystone_ssl_certificate} - keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key} - keystone::database_connection: {get_input: keystone_dsn} - keystone::public_bind_host: {get_input: keystone_public_api_network} keystone::admin_bind_host: {get_input: keystone_admin_api_network} - keystone::debug: {get_input: debug} - keystone::db::mysql::password: {get_input: admin_token} - keystone::rabbit_userid: {get_input: rabbit_username} - keystone::rabbit_password: {get_input: rabbit_password} - keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - keystone::rabbit_port: {get_input: rabbit_client_port} - keystone::notification_driver: {get_input: keystone_notification_driver} - keystone::notification_format: {get_input: keystone_notification_format} - keystone::roles::admin::email: {get_input: admin_email} - keystone::roles::admin::password: {get_input: admin_password} - keystone::endpoint::public_url: {get_input: keystone_public_url} - keystone::endpoint::internal_url: {get_input: keystone_internal_url} - keystone::endpoint::admin_url: {get_input: keystone_identity_uri} - keystone::endpoint::region: {get_input: keystone_region} - keystone::admin_workers: {get_input: keystone_workers} - keystone::public_workers: {get_input: keystone_workers} - keystone_enable_db_purge: {get_input: keystone_enable_db_purge} - + keystone::public_bind_host: {get_input: keystone_public_api_network} + keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network} + keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network} # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} mongodb::server::nojournal: {get_input: mongodb_no_journal} + mongodb::server::ipv6: {get_input: mongodb_ipv6} # MySQL admin_password: {get_input: admin_password} enable_galera: {get_input: enable_galera} @@ -1381,6 +1441,7 @@ resources: neutron::server::database_connection: {get_input: neutron_dsn} neutron::server::api_workers: {get_input: neutron_workers} neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge} + neutron::network_device_mtu: {get_input: neutron_tenant_mtu} neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata} @@ -1406,7 +1467,7 @@ resources: neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} - neutron::agents::ml2::ovs:bridge_mappings: {get_input: neutron_bridge_mappings} + neutron::agents::ml2::ovs::bridge_mappings: {get_input: neutron_bridge_mappings} neutron_public_interface: {get_input: neutron_public_interface} neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route} @@ -1426,7 +1487,7 @@ resources: neutron::keystone::auth::password: {get_input: neutron_password } neutron::keystone::auth::region: {get_input: keystone_region} neutron::server::notifications::nova_url: {get_input: nova_internal_url} - neutron::server::notifications::auth_url: {get_input: neutron_admin_auth_url} + neutron::server::notifications::auth_url: {get_input: neutron_auth_url} neutron::server::notifications::tenant_name: 'service' neutron::server::notifications::project_name: 'service' neutron::server::notifications::password: {get_input: nova_password} @@ -1447,16 +1508,58 @@ resources: ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri} ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} + ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events} ceilometer::db::mysql::password: {get_input: ceilometer_password} + ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher} + ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url } + ceilometer::dispatcher::gnocchi::filter_project: 'service' + ceilometer::dispatcher::gnocchi::archive_policy: 'low' + ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} + # Aodh + aodh::rabbit_userid: {get_input: rabbit_username} + aodh::rabbit_password: {get_input: rabbit_password} + aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + aodh::rabbit_port: {get_input: rabbit_client_port} + aodh::debug: {get_input: debug} + aodh::wsgi::apache::ssl: false + aodh::wsgi::apache::bind_host: {get_input: aodh_api_network} + aodh::api::service_name: 'httpd' + aodh::api::host: {get_input: aodh_api_network} + aodh::api::keystone_password: {get_input: aodh_password} + aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri} + aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri} + aodh::auth::auth_password: {get_input: aodh_password} + aodh::db::mysql::password: {get_input: aodh_password} + # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination + aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url} + + # Gnocchi + gnocchi_backend: {get_input: gnocchi_backend} + gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend} + gnocchi_mysql_conn_string: {get_input: gnocchi_dsn} + gnocchi::debug: {get_input: debug} + gnocchi::wsgi::apache::ssl: false + gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network} + gnocchi::api::service_name: 'httpd' + gnocchi::api::host: {get_input: gnocchi_api_network} + gnocchi::api::keystone_password: {get_input: gnocchi_password} + gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri} + gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri} + gnocchi::db::mysql::password: {get_input: gnocchi_password} + gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri} + gnocchi::storage::swift::swift_key: {get_input: gnocchi_password} + # Nova nova::rabbit_userid: {get_input: rabbit_username} nova::rabbit_password: {get_input: rabbit_password} nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} nova::rabbit_port: {get_input: rabbit_client_port} + nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute} nova::debug: {get_input: debug} + nova::use_ipv6: {get_input: nova_ipv6} nova::api::auth_uri: {get_input: keystone_auth_uri} nova::api::identity_uri: {get_input: keystone_identity_uri} nova::api::api_bind_address: {get_input: nova_api_network} @@ -1465,15 +1568,18 @@ resources: nova::api::osapi_compute_workers: {get_input: nova_workers} nova::api::ec2_workers: {get_input: nova_workers} nova::api::metadata_workers: {get_input: nova_workers} + nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu} nova::database_connection: {get_input: nova_dsn} + nova::api_database_connection: {get_input: nova_api_dsn} nova::glance_api_servers: {get_input: glance_api_servers} nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} nova::api::instance_name_template: {get_input: instance_name_template} - nova::network::neutron::neutron_admin_password: {get_input: neutron_password} + nova::network::neutron::neutron_password: {get_input: neutron_password} nova::network::neutron::neutron_url: {get_input: neutron_internal_url} - nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} + nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url} nova::vncproxy::host: {get_input: nova_api_network} nova::db::mysql::password: {get_input: nova_password} + nova::db::mysql_api::password: {get_input: nova_password} nova_enable_db_purge: {get_input: nova_enable_db_purge} # Horizon @@ -1513,13 +1619,18 @@ resources: rabbitmq::file_limit: {get_input: rabbit_fd_limit} rabbitmq::default_user: {get_input: rabbit_username} rabbitmq::default_pass: {get_input: rabbit_password} + rabbit_ipv6: {get_input: rabbit_ipv6} # Redis redis::bind: {get_input: redis_network} + redis::requirepass: {get_input: redis_password} + redis::masterauth: {get_input: redis_password} + redis::sentinel_auth_pass: {get_input: redis_password} redis_vip: {get_input: redis_vip} # Firewall tripleo::firewall::manage_firewall: {get_input: manage_firewall} tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules} # Misc + memcached_ipv6: {get_input: memcached_ipv6} memcached::listen_ip: {get_input: memcached_network} neutron_public_interface_ip: {get_input: neutron_public_interface_ip} ntp::servers: {get_input: ntp_servers} @@ -1530,6 +1641,9 @@ resources: tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address} tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} + tripleo::loadbalancer::haproxy_stats_user: {get_input: haproxy_stats_user} + tripleo::loadbalancer::haproxy_stats_password: {get_input: haproxy_stats_password} + tripleo::loadbalancer::redis_password: {get_input: redis_password} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -1598,11 +1712,54 @@ outputs: Server's IP address and hostname in the /etc/hosts format value: str_replace: - template: IP HOST.DOMAIN HOST + template: | + PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST + EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST + STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST + TENANTIP TENANTHOST.DOMAIN TENANTHOST + MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} + PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} - HOST: {get_attr: [Controller, name]} + PRIMARYHOST: {get_attr: [Controller, name]} + EXTERNALIP: {get_attr: [ExternalPort, ip_address]} + EXTERNALHOST: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - external + INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} + INTERNAL_APIHOST: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - internalapi + STORAGEIP: {get_attr: [StoragePort, ip_address]} + STORAGEHOST: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storage + STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} + STORAGE_MGMTHOST: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storagemgmt + TENANTIP: {get_attr: [TenantPort, ip_address]} + TENANTHOST: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - tenant + MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} + MANAGEMENTHOST: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - management nova_server_resource: description: Heat resource handle for the Nova compute server value: @@ -1613,14 +1770,14 @@ outputs: str_replace: template: 'r1z1-IP:%PORT%/d1' params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} + IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} swift_proxy_memcache: description: Swift proxy-memcache value value: str_replace: template: "IP:11211" params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} + IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} config_identifier: description: identifier which changes if the controller configuration may need re-applying value: |