aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/controller.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/controller.yaml')
-rw-r--r--puppet/controller.yaml313
1 files changed, 42 insertions, 271 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 93f0e03e..28fd08da 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -1,17 +1,9 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
OpenStack controller node configured by Puppet.
parameters:
- AdminPassword:
- description: The password for the keystone admin account, used for monitoring, querying neutron etc.
- type: string
- hidden: true
- AodhPassword:
- description: The password for the aodh services.
- type: string
- hidden: true
controllerExtraConfig:
default: {}
description: |
@@ -31,10 +23,6 @@ parameters:
...
}
type: json
- ControlVirtualInterface:
- default: 'br-ex'
- description: Interface where virtual ip will be assigned.
- type: string
CorosyncIPv6:
default: false
description: Enable IPv6 in Corosync
@@ -47,10 +35,6 @@ parameters:
default: false
description: Whether to enable fencing in Pacemaker or not.
type: boolean
- EnableGalera:
- default: true
- description: Whether to use Galera instead of regular MariaDB.
- type: boolean
EnableLoadBalancer:
default: true
description: Whether to deploy a LoadBalancer on the Controller
@@ -99,21 +83,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- HAProxyStatsPassword:
- description: Password for HAProxy stats endpoint
- type: string
- HAProxyStatsUser:
- description: User for HAProxy stats endpoint
- default: admin
- type: string
- HAProxySyslogAddress:
- default: /dev/log
- description: Syslog address where HAproxy will send its log
- type: string
- HeatAuthEncryptionKey:
- description: Auth encryption key for heat-engine
- type: string
- hidden: true
HorizonSecret:
description: Secret key for Django
type: string
@@ -137,10 +106,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.keypair
- KeystoneRegion:
- type: string
- default: 'regionOne'
- description: Keystone region for endpoint
ManageFirewall:
default: false
description: Whether to manage IPtables rules.
@@ -153,31 +118,6 @@ parameters:
default: false
description: Whether IPtables rules should be purged before setting up the new ones.
type: boolean
- MysqlClusterUniquePart:
- description: A unique identifier of the MySQL cluster the controller is in.
- type: string
- default: 'unset' # Has to be here because of the ignored empty value bug
- # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446
- # constraints:
- # - length: {min: 4, max: 10}
- MysqlInnodbBufferPoolSize:
- description: >
- Specifies the size of the buffer pool in megabytes. Setting to
- zero should be interpreted as "no value" and will defer to the
- lower level default.
- type: number
- default: 0
- MysqlMaxConnections:
- description: Configures MySQL max_connections config setting
- type: number
- default: 4096
- MysqlClustercheckPassword:
- type: string
- hidden: true
- MysqlRootPassword:
- type: string
- hidden: true
- default: '' # Has to be here because of the ignored empty value bug
NeutronMetadataProxySharedSecret:
description: Shared secret to prevent spoofing
type: string
@@ -207,34 +147,6 @@ parameters:
type: string
description: The password for the 'pcsd' user.
hidden: true
- PublicVirtualInterface:
- default: 'br-ex'
- description: >
- Specifies the interface where the public-facing virtual ip will be assigned.
- This should be int_public when a VLAN is being used.
- type: string
- RabbitCookie:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- hidden: true
- RabbitPassword:
- description: The password for RabbitMQ
- type: string
- hidden: true
- RabbitUserName:
- default: guest
- description: The username for RabbitMQ
- type: string
- RabbitClientUseSSL:
- default: false
- description: >
- Rabbit client subscriber parameter to specify
- an SSL connection to the RabbitMQ host.
- type: string
- RabbitClientPort:
- default: 5672
- description: Set rabbit subscriber port, change this if using SSL
- type: number
RedisPassword:
description: The password for Redis
type: string
@@ -246,22 +158,14 @@ parameters:
type: string
default: '' # Has to be here because of the ignored empty value bug
description: An IP address which is wrapped in brackets in case of IPv6
- SwiftHashSuffix:
- description: A random string to be used as a salt when hashing to determine mappings
- in the ring.
- hidden: true
- type: string
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
default: ''
- MysqlVirtualIP:
- type: string
- default: ''
- EnablePackageInstall:
- default: 'false'
- description: Set to true to enable package installation via Puppet
- type: boolean
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -301,7 +205,6 @@ parameters:
constraints:
- allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
CloudDomain:
- default: ''
type: string
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
@@ -489,45 +392,16 @@ resources:
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
- haproxy_log_address: {get_param: HAProxySyslogAddress}
- haproxy_stats_password: {get_param: HAProxyStatsPassword}
- haproxy_stats_user: {get_param: HAProxyStatsUser}
- heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
horizon_secret: {get_param: HorizonSecret}
- admin_password: {get_param: AdminPassword}
debug: {get_param: Debug}
keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
enable_fencing: {get_param: EnableFencing}
- enable_galera: {get_param: EnableGalera}
enable_load_balancer: {get_param: EnableLoadBalancer}
manage_firewall: {get_param: ManageFirewall}
purge_firewall_rules: {get_param: PurgeFirewallRules}
- mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize}
- mysql_max_connections: {get_param: MysqlMaxConnections}
- mysql_root_password: {get_param: MysqlRootPassword}
- mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
- mysql_cluster_name:
- str_replace:
- template: tripleo-CLUSTER
- params:
- CLUSTER: {get_param: MysqlClusterUniquePart}
neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
- aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
- aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
- ceilometer_coordination_url:
- list_join:
- - ''
- - - 'redis://:'
- - {get_param: RedisPassword}
- - '@'
- - {get_param: RedisVirtualIPUri}
- - ':6379/'
- gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
- gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
- gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
nova_ipv6: {get_param: NovaIPv6}
corosync_ipv6: {get_param: CorosyncIPv6}
@@ -537,38 +411,9 @@ resources:
instance_name_template: {get_param: InstanceNameTemplate}
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
- rabbit_username: {get_param: RabbitUserName}
- rabbit_password: {get_param: RabbitPassword}
- rabbit_cookie: {get_param: RabbitCookie}
- rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
- rabbit_client_port: {get_param: RabbitClientPort}
- control_virtual_interface: {get_param: ControlVirtualInterface}
- public_virtual_interface: {get_param: PublicVirtualInterface}
- swift_hash_suffix: {get_param: SwiftHashSuffix}
- enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
- swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
- cinder_iscsi_network:
- str_replace:
- template: "'IP'"
- params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
- cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
- glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
- glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
- heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
- keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
- keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
- keystone_region: {get_param: KeystoneRegion}
- manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
- mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
- neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
- ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
- aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
- gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
@@ -576,17 +421,15 @@ resources:
str_replace:
template: "['SUBNET']"
params:
- SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
- rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
- redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
+ SUBNET:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
redis_vip: {get_param: RedisVirtualIP}
- sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
- memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
- mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
- mysql_virtual_ip: {get_param: MysqlVirtualIP}
- ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
- ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
- ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
# Map heat metadata into hiera datafiles
@@ -605,13 +448,10 @@ resources:
- service_names
- controller
- swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
- - ceph_cluster # provided by CephClusterConfig
- - ceph
- bootstrap_node # provided by BootstrapNodeConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by vip-config
- '"%{::osfamily}"'
- - network
- cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
- cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
- cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
@@ -619,13 +459,17 @@ resources:
- neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
- midonet_data #Optionally provided by AllNodesExtraConfig
+ - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
merge_behavior: deeper
datafiles:
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
service_configs:
- mapped_data: {get_param: ServiceConfigSettings}
+ mapped_data:
+ map_replace:
+ - {get_param: ServiceConfigSettings}
+ - values: {get_attr: [NetIpMap, net_ip_map]}
controller_extraconfig:
mapped_data:
map_merge:
@@ -633,16 +477,6 @@ resources:
- {get_param: ControllerExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
- network:
- mapped_data:
- net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
- net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
- net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
- ceph:
- mapped_data:
- ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
- ceph::profile::params::public_network: {get_input: ceph_public_network}
- ceph::profile::params::public_addr: {get_input: ceph_public_ip}
controller:
mapped_data: # data supplied directly to this deployment configuration, etc
bootstack_nodeid: {get_input: bootstack_nodeid}
@@ -654,82 +488,17 @@ resources:
corosync_ipv6: {get_input: corosync_ipv6}
tripleo::fencing::config: {get_input: fencing_config}
- # Swift
- # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml
- swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
- swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
- swift::swift_hash_path_suffix: {get_input: swift_hash_suffix}
-
- # Cinder
- tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network}
- cinder::api::bind_host: {get_input: cinder_api_network}
-
- # Glance
- glance::api::bind_host: {get_input: glance_api_network}
- glance::registry::bind_host: {get_input: glance_registry_network}
-
- # Heat
- heat::api::bind_host: {get_input: heat_api_network}
- heat::api_cloudwatch::bind_host: {get_input: heat_api_network}
- heat::api_cfn::bind_host: {get_input: heat_api_network}
- heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key}
-
- # Keystone
- keystone::admin_bind_host: {get_input: keystone_admin_api_network}
- keystone::public_bind_host: {get_input: keystone_public_api_network}
- keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
- keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
-
- # Manila
- manila::api::bind_host: {get_input: manila_api_network}
-
- # MongoDB
- mongodb::server::bind_ip: {get_input: mongo_db_network}
-
- # MySQL
- admin_password: {get_input: admin_password}
- enable_galera: {get_input: enable_galera}
- mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size}
- mysql_max_connections: {get_input: mysql_max_connections}
- mysql::server::root_password: {get_input: mysql_root_password}
- mysql_clustercheck_password: {get_input: mysql_clustercheck_password}
- mysql_cluster_name: {get_input: mysql_cluster_name}
- mysql_bind_host: {get_input: mysql_network}
- mysql_virtual_ip: {get_input: mysql_virtual_ip}
-
# Neutron
neutron::bind_host: {get_input: neutron_api_network}
- neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
-
- # Aodh
- aodh::api::host: {get_input: aodh_api_network}
- aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
-
- # Ceilometer
- ceilometer::api::host: {get_input: ceilometer_api_network}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
- # Gnocchi
- gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
- gnocchi::api::host: {get_input: gnocchi_api_network}
- gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri}
- gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri}
- gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
- gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url }
- gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url }
- gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url }
- gnocchi::keystone::auth::region: {get_input: keystone_region}
-
# Nova
nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
nova::use_ipv6: {get_input: nova_ipv6}
- nova::api::auth_uri: {get_input: keystone_auth_uri}
- nova::api::identity_uri: {get_input: keystone_identity_uri}
nova::api::api_bind_address: {get_input: nova_api_network}
nova::api::metadata_listen: {get_input: nova_metadata_network}
- nova::api::admin_password: {get_input: nova_password}
nova::glance_api_servers: {get_input: glance_api_servers}
nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
nova::api::instance_name_template: {get_input: instance_name_template}
@@ -744,33 +513,14 @@ resources:
horizon::bind_address: {get_input: horizon_network}
horizon::keystone_url: {get_input: keystone_auth_uri}
- # Sahara
- sahara::host: {get_input: sahara_api_network}
-
- # RabbitMQ
- rabbitmq::node_ip_address: {get_input: rabbitmq_network}
- rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
# Redis
- redis::bind: {get_input: redis_network}
redis_vip: {get_input: redis_vip}
# Firewall
tripleo::firewall::manage_firewall: {get_input: manage_firewall}
tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
# Misc
memcached_ipv6: {get_input: memcached_ipv6}
- memcached::listen_ip: {get_input: memcached_network}
- control_virtual_interface: {get_input: control_virtual_interface}
- public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface}
- tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface}
- tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address}
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
- tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user}
- tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password}
- tripleo::haproxy::redis_password: {get_input: redis_password}
- tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
@@ -887,16 +637,37 @@ outputs:
description: Swift device formatted for swift-ring-builder
value:
str_replace:
- template: 'r1z1-IP:%PORT%/d1'
+ template:
+ list_join:
+ - ','
+ - ['r1z1-IP:%PORT%/d1']
+ - repeat:
+ template: 'r1z1-IP:%PORT%/DEVICE'
+ for_each:
+ DEVICE: {get_param: SwiftRawDisks}
params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
+ IP:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_uri"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
swift_proxy_memcache:
description: Swift proxy-memcache value
value:
str_replace:
template: "IP:11211"
params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
+ IP:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_uri"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]}
tls_key_modulus_md5:
description: MD5 checksum of the TLS Key Modulus
value: {get_attr: [NodeTLSData, key_modulus_md5]}