diff options
Diffstat (limited to 'puppet/controller.yaml')
-rw-r--r-- | puppet/controller.yaml | 313 |
1 files changed, 42 insertions, 271 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 93f0e03e..28fd08da 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -1,17 +1,9 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack controller node configured by Puppet. parameters: - AdminPassword: - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - AodhPassword: - description: The password for the aodh services. - type: string - hidden: true controllerExtraConfig: default: {} description: | @@ -31,10 +23,6 @@ parameters: ... } type: json - ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. - type: string CorosyncIPv6: default: false description: Enable IPv6 in Corosync @@ -47,10 +35,6 @@ parameters: default: false description: Whether to enable fencing in Pacemaker or not. type: boolean - EnableGalera: - default: true - description: Whether to use Galera instead of regular MariaDB. - type: boolean EnableLoadBalancer: default: true description: Whether to deploy a LoadBalancer on the Controller @@ -99,21 +83,6 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - HAProxyStatsPassword: - description: Password for HAProxy stats endpoint - type: string - HAProxyStatsUser: - description: User for HAProxy stats endpoint - default: admin - type: string - HAProxySyslogAddress: - default: /dev/log - description: Syslog address where HAproxy will send its log - type: string - HeatAuthEncryptionKey: - description: Auth encryption key for heat-engine - type: string - hidden: true HorizonSecret: description: Secret key for Django type: string @@ -137,10 +106,6 @@ parameters: type: string constraints: - custom_constraint: nova.keypair - KeystoneRegion: - type: string - default: 'regionOne' - description: Keystone region for endpoint ManageFirewall: default: false description: Whether to manage IPtables rules. @@ -153,31 +118,6 @@ parameters: default: false description: Whether IPtables rules should be purged before setting up the new ones. type: boolean - MysqlClusterUniquePart: - description: A unique identifier of the MySQL cluster the controller is in. - type: string - default: 'unset' # Has to be here because of the ignored empty value bug - # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446 - # constraints: - # - length: {min: 4, max: 10} - MysqlInnodbBufferPoolSize: - description: > - Specifies the size of the buffer pool in megabytes. Setting to - zero should be interpreted as "no value" and will defer to the - lower level default. - type: number - default: 0 - MysqlMaxConnections: - description: Configures MySQL max_connections config setting - type: number - default: 4096 - MysqlClustercheckPassword: - type: string - hidden: true - MysqlRootPassword: - type: string - hidden: true - default: '' # Has to be here because of the ignored empty value bug NeutronMetadataProxySharedSecret: description: Shared secret to prevent spoofing type: string @@ -207,34 +147,6 @@ parameters: type: string description: The password for the 'pcsd' user. hidden: true - PublicVirtualInterface: - default: 'br-ex' - description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. - type: string - RabbitCookie: - type: string - default: '' # Has to be here because of the ignored empty value bug - hidden: true - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number RedisPassword: description: The password for Redis type: string @@ -246,22 +158,14 @@ parameters: type: string default: '' # Has to be here because of the ignored empty value bug description: An IP address which is wrapped in brackets in case of IPv6 - SwiftHashSuffix: - description: A random string to be used as a salt when hashing to determine mappings - in the ring. - hidden: true - type: string + SwiftRawDisks: + default: {} + description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' + type: json UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level default: '' - MysqlVirtualIP: - type: string - default: '' - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -301,7 +205,6 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: - default: '' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -489,45 +392,16 @@ resources: server: {get_resource: Controller} input_values: bootstack_nodeid: {get_attr: [Controller, name]} - haproxy_log_address: {get_param: HAProxySyslogAddress} - haproxy_stats_password: {get_param: HAProxyStatsPassword} - haproxy_stats_user: {get_param: HAProxyStatsUser} - heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} horizon_secret: {get_param: HorizonSecret} - admin_password: {get_param: AdminPassword} debug: {get_param: Debug} keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } enable_fencing: {get_param: EnableFencing} - enable_galera: {get_param: EnableGalera} enable_load_balancer: {get_param: EnableLoadBalancer} manage_firewall: {get_param: ManageFirewall} purge_firewall_rules: {get_param: PurgeFirewallRules} - mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} - mysql_max_connections: {get_param: MysqlMaxConnections} - mysql_root_password: {get_param: MysqlRootPassword} - mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} - mysql_cluster_name: - str_replace: - template: tripleo-CLUSTER - params: - CLUSTER: {get_param: MysqlClusterUniquePart} neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] } - aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] } - aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] } - ceilometer_coordination_url: - list_join: - - '' - - - 'redis://:' - - {get_param: RedisPassword} - - '@' - - {get_param: RedisVirtualIPUri} - - ':6379/' - gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} - gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } - gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } nova_enable_db_purge: {get_param: NovaEnableDBPurge} nova_ipv6: {get_param: NovaIPv6} corosync_ipv6: {get_param: CorosyncIPv6} @@ -537,38 +411,9 @@ resources: instance_name_template: {get_param: InstanceNameTemplate} fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - rabbit_cookie: {get_param: RabbitCookie} - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_client_port: {get_param: RabbitClientPort} - control_virtual_interface: {get_param: ControlVirtualInterface} - public_virtual_interface: {get_param: PublicVirtualInterface} - swift_hash_suffix: {get_param: SwiftHashSuffix} - enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} - swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} - cinder_iscsi_network: - str_replace: - template: "'IP'" - params: - IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} - cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} - glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]} - heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} - keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} - keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} - keystone_region: {get_param: KeystoneRegion} - manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]} - mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} - ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} - aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]} - gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]} nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} @@ -576,17 +421,15 @@ resources: str_replace: template: "['SUBNET']" params: - SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} - rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} - redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} + SUBNET: + get_attr: + - NetIpMap + - net_ip_map + - str_replace: + template: "NETWORK_subnet" + params: + NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} redis_vip: {get_param: RedisVirtualIP} - sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} - memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} - mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - mysql_virtual_ip: {get_param: MysqlVirtualIP} - ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} - ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} - ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]} # Map heat metadata into hiera datafiles @@ -605,13 +448,10 @@ resources: - service_names - controller - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - - ceph_cluster # provided by CephClusterConfig - - ceph - bootstrap_node # provided by BootstrapNodeConfig - all_nodes # provided by allNodesConfig - vip_data # provided by vip-config - '"%{::osfamily}"' - - network - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre @@ -619,13 +459,17 @@ resources: - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre - midonet_data #Optionally provided by AllNodesExtraConfig + - cisco_aci_data # Optionally provided by ControllerExtraConfigPre merge_behavior: deeper datafiles: service_names: mapped_data: service_names: {get_param: ServiceNames} service_configs: - mapped_data: {get_param: ServiceConfigSettings} + mapped_data: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} controller_extraconfig: mapped_data: map_merge: @@ -633,16 +477,6 @@ resources: - {get_param: ControllerExtraConfig} extraconfig: mapped_data: {get_param: ExtraConfig} - network: - mapped_data: - net_ip_map: {get_attr: [NetIpMap, net_ip_map]} - net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]} - net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]} - ceph: - mapped_data: - ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} - ceph::profile::params::public_network: {get_input: ceph_public_network} - ceph::profile::params::public_addr: {get_input: ceph_public_ip} controller: mapped_data: # data supplied directly to this deployment configuration, etc bootstack_nodeid: {get_input: bootstack_nodeid} @@ -654,82 +488,17 @@ resources: corosync_ipv6: {get_input: corosync_ipv6} tripleo::fencing::config: {get_input: fencing_config} - # Swift - # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml - swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network} - swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} - swift::swift_hash_path_suffix: {get_input: swift_hash_suffix} - - # Cinder - tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network} - cinder::api::bind_host: {get_input: cinder_api_network} - - # Glance - glance::api::bind_host: {get_input: glance_api_network} - glance::registry::bind_host: {get_input: glance_registry_network} - - # Heat - heat::api::bind_host: {get_input: heat_api_network} - heat::api_cloudwatch::bind_host: {get_input: heat_api_network} - heat::api_cfn::bind_host: {get_input: heat_api_network} - heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key} - - # Keystone - keystone::admin_bind_host: {get_input: keystone_admin_api_network} - keystone::public_bind_host: {get_input: keystone_public_api_network} - keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network} - keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network} - - # Manila - manila::api::bind_host: {get_input: manila_api_network} - - # MongoDB - mongodb::server::bind_ip: {get_input: mongo_db_network} - - # MySQL - admin_password: {get_input: admin_password} - enable_galera: {get_input: enable_galera} - mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} - mysql_max_connections: {get_input: mysql_max_connections} - mysql::server::root_password: {get_input: mysql_root_password} - mysql_clustercheck_password: {get_input: mysql_clustercheck_password} - mysql_cluster_name: {get_input: mysql_cluster_name} - mysql_bind_host: {get_input: mysql_network} - mysql_virtual_ip: {get_input: mysql_virtual_ip} - # Neutron neutron::bind_host: {get_input: neutron_api_network} - neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network} - - # Aodh - aodh::api::host: {get_input: aodh_api_network} - aodh::wsgi::apache::bind_host: {get_input: aodh_api_network} - - # Ceilometer - ceilometer::api::host: {get_input: ceilometer_api_network} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - # Gnocchi - gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network} - gnocchi::api::host: {get_input: gnocchi_api_network} - gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri} - gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri} - gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri} - gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url } - gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url } - gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url } - gnocchi::keystone::auth::region: {get_input: keystone_region} - # Nova nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute} nova::use_ipv6: {get_input: nova_ipv6} - nova::api::auth_uri: {get_input: keystone_auth_uri} - nova::api::identity_uri: {get_input: keystone_identity_uri} nova::api::api_bind_address: {get_input: nova_api_network} nova::api::metadata_listen: {get_input: nova_metadata_network} - nova::api::admin_password: {get_input: nova_password} nova::glance_api_servers: {get_input: glance_api_servers} nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} nova::api::instance_name_template: {get_input: instance_name_template} @@ -744,33 +513,14 @@ resources: horizon::bind_address: {get_input: horizon_network} horizon::keystone_url: {get_input: keystone_auth_uri} - # Sahara - sahara::host: {get_input: sahara_api_network} - - # RabbitMQ - rabbitmq::node_ip_address: {get_input: rabbitmq_network} - rabbitmq::erlang_cookie: {get_input: rabbit_cookie} # Redis - redis::bind: {get_input: redis_network} redis_vip: {get_input: redis_vip} # Firewall tripleo::firewall::manage_firewall: {get_input: manage_firewall} tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules} # Misc memcached_ipv6: {get_input: memcached_ipv6} - memcached::listen_ip: {get_input: memcached_network} - control_virtual_interface: {get_input: control_virtual_interface} - public_virtual_interface: {get_input: public_virtual_interface} - tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface} - tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface} - tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface} - tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface} - tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address} tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} - tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user} - tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password} - tripleo::haproxy::redis_password: {get_input: redis_password} - tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} # Hook for site-specific additional pre-deployment config, e.g extra hieradata @@ -887,16 +637,37 @@ outputs: description: Swift device formatted for swift-ring-builder value: str_replace: - template: 'r1z1-IP:%PORT%/d1' + template: + list_join: + - ',' + - ['r1z1-IP:%PORT%/d1'] + - repeat: + template: 'r1z1-IP:%PORT%/DEVICE' + for_each: + DEVICE: {get_param: SwiftRawDisks} params: - IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} + IP: + get_attr: + - NetIpMap + - net_ip_map + - str_replace: + template: "NETWORK_uri" + params: + NETWORK: {get_param: [ServiceNetMap, SwiftMgmtNetwork]} swift_proxy_memcache: description: Swift proxy-memcache value value: str_replace: template: "IP:11211" params: - IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} + IP: + get_attr: + - NetIpMap + - net_ip_map + - str_replace: + template: "NETWORK_uri" + params: + NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]} tls_key_modulus_md5: description: MD5 checksum of the TLS Key Modulus value: {get_attr: [NodeTLSData, key_modulus_md5]} |