diff options
Diffstat (limited to 'puppet/extraconfig')
11 files changed, 311 insertions, 12 deletions
diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml index 655fd0f2..71445800 100644 --- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml @@ -65,11 +65,18 @@ parameters: default: false NetworkNexusSwitchHeartbeatTime: type: number - description: Time interval to check the state of the Nexus device + description: > + Time interval to check the state of the Nexus device. The units of this + object are seconds. Setting this object to a value of 0 disables the + replay feature. default: 0 NetworkNexusSwitchReplayCount: type: number - description: Number of times to attempt config replay + description: > + This configuration item is OBSOLETE. The Nexus driver replay behavior + is to continue to attempt to connect to the down Nexus device with a + period equal to the heartbeat time interval. This was previously the + Number of times to attempt config replay. default: 3 NetworkNexusProviderVlanAutoCreate: type: boolean diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml index 7cefc24b..5942088c 100644 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -38,9 +38,15 @@ parameters: GlanceRbdPoolName: default: images type: string + GnocchiRbdPoolName: + default: metrics + type: string CephClientUserName: default: openstack type: string + CephIPv6: + default: False + type: boolean resources: CephClusterConfigImpl: @@ -54,7 +60,9 @@ resources: mapped_data: ceph_storage_count: {get_param: ceph_storage_count} enable_external_ceph: true - ceph::profile::params::mon_host: {get_param: ceph_external_mon_ips} + ceph_ipv6: {get_param: CephIPv6} + ceph_mon_host: {get_param: ceph_external_mon_ips} + ceph_mon_host_v6: {get_param: ceph_external_mon_ips} ceph::profile::params::fsid: {get_param: ceph_fsid} ceph::profile::params::client_keys: str_replace: @@ -63,7 +71,7 @@ resources: secret: 'CLIENT_KEY', mode: '0644', cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL' + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' } }" params: @@ -72,21 +80,31 @@ resources: NOVA_POOL: {get_param: NovaRbdPoolName} CINDER_POOL: {get_param: CinderRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} + GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} cinder_rbd_pool_name: {get_param: CinderRbdPoolName} glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} + gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} - glance::backend::rbd::rbd_store_pool: {get_param: CephClientUserName} + glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} nova::compute::rbd::rbd_keyring: list_join: - '.' - - 'client' - {get_param: CephClientUserName} + gnocchi::storage::ceph::ceph_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} ceph_client_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} - {get_param: NovaRbdPoolName} - {get_param: GlanceRbdPoolName} + - {get_param: GnocchiRbdPoolName} outputs: config_id: diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml new file mode 100644 index 00000000..49c77190 --- /dev/null +++ b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2015-04-30 + +description: Configure hieradata for Big Switch agents on compute node + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + NeutronBigswitchAgentEnabled: + description: The state of the neutron-bsn-agent service. + type: boolean + default: false + NeutronBigswitchLLDPEnabled: + description: The state of the neutron-bsn-lldp service. + type: boolean + default: true + + +resources: + NeutronBigswitchConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + neutron_bigswitch_data: + mapped_data: + neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent} + neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp} + + NeutronBigswitchDeployment: + type: OS::Heat::StructuredDeployment + properties: + name: NeutronBigswitchDeployment + config: {get_resource: NeutronBigswitchConfig} + server: {get_param: server} + input_values: + neutron_enable_bigswitch_agent: {get_param: NeutronBigswitchAgentEnabled} + neutron_enable_bigswitch_lldp: {get_param: NeutronBigswitchLLDPEnabled} + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: {get_attr: [NeutronBigswitchDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml new file mode 100644 index 00000000..e496553a --- /dev/null +++ b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml @@ -0,0 +1,47 @@ +heat_template_version: 2015-04-30 + +description: Compute node hieradata for Neutron OpenContrail configuration + +parameters: + server: + description: ID of the compute node to apply this config to + type: string + ContrailApiServerIp: + description: IP address of the OpenContrail API server + type: string + ContrailApiServerPort: + description: Port of the OpenContrail API + type: string + default: 8082 + +resources: + ComputeContrailConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + neutron_opencontrail_data: + mapped_data: + nova::network::neutron::network_api_class: nova.network.neutronv2.api.API + + contrail::vrouter::provision_vrouter::api_address: {get_input: contrail_api_server_ip} + contrail::vrouter::provision_vrouter::api_port: {get_input: contrail_api_server_port} + contrail::vrouter::provision_vrouter::keystone_admin_user: admin + contrail::vrouter::provision_vrouter::keystone_admin_tenant_name: admin + contrail::vrouter::provision_vrouter::keystone_admin_password: '"%{::admin_password}"' + + ComputeContrailDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: ComputeContrailConfig} + server: {get_param: server} + input_values: + contrail_api_server_ip: {get_param: ContrailApiServerIp} + contrail_api_server_port: {get_param: ContrailApiServerPort} + +outputs: + deploy_stdout: + description: Output of the extra hiera data deployment + value: {get_attr: [ComputeContrailDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml index 905f196d..9b6981bb 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-11-12 +heat_template_version: 2015-10-15 description: Configure hieradata for Cinder Dell Storage Center configuration diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml index c73608f1..36db334e 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-11-06 +heat_template_version: 2015-10-15 description: Configure hieradata for Cinder Eqlx configuration diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml index 1e652960..467f57cc 100644 --- a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml +++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml @@ -44,7 +44,6 @@ resources: datafiles: neutron_bigswitch_data: mapped_data: - neutron_enable_bigswitch_ml2: true neutron::plugins::ml2::bigswitch::restproxy::servers: {get_input: restproxy_servers} neutron::plugins::ml2::bigswitch::restproxy::server_auth: {get_input: restproxy_server_auth} neutron::plugins::ml2::bigswitch::restproxy::auto_sync_on_failure: {get_input: restproxy_auto_sync_on_failure} diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml new file mode 100644 index 00000000..5c686fe7 --- /dev/null +++ b/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml @@ -0,0 +1,62 @@ +heat_template_version: 2015-04-30 + +description: Controller hieradata for Neutron OpenContrail configuration + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + ContrailApiServerIp: + description: IP address of the OpenContrail API server + type: string + ContrailApiServerPort: + description: Port of the OpenContrail API + type: string + default: 8082 + ContrailMultiTenancy: + description: Whether to enable multi tenancy + type: boolean + default: false + ContrailExtensions: + description: List of OpenContrail extensions to be enabled + type: comma_delimited_list + default: '' + +resources: + ControllerContrailConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + neutron_opencontrail_data: + mapped_data: + neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions + + neutron::plugins::opencontrail::api_server_ip: {get_input: contrail_api_server_ip} + neutron::plugins::opencontrail::api_server_port: {get_input: contrail_api_server_port} + neutron::plugins::opencontrail::multi_tenancy: {get_input: contrail_multi_tenancy} + neutron::plugins::opencontrail::contrail_extensions: {get_input: contrail_extensions} + neutron::plugins::opencontrail::keystone_auth_url: '"%{hiera(''keystone_auth_uri'')}"' + neutron::plugins::opencontrail::keystone_admin_user: admin + neutron::plugins::opencontrail::keystone_admin_tenant_name: admin + neutron::plugins::opencontrail::keystone_admin_password: '"%{hiera(''admin_password'')}"' + neutron::plugins::opencontrail::keystone_admin_token: '"%{hiera(''keystone::admin_token'')}"' + + ControllerContrailDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: ControllerContrailConfig} + server: {get_param: server} + input_values: + contrail_api_server_ip: {get_param: ContrailApiServerIp} + contrail_api_server_port: {get_param: ContrailApiServerPort} + contrail_multi_tenancy: {get_param: ContrailMultiTenancy} + contrail_extensions: {get_param: ContrailExtensions} + + +outputs: + deploy_stdout: + description: Output of the extra hiera data deployment + value: {get_attr: [ControllerContrailDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml new file mode 100755 index 00000000..7c0a7ad2 --- /dev/null +++ b/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml @@ -0,0 +1,113 @@ +heat_template_version: 2015-04-30 + +description: Controller hieradata for Neutron PLUMgrid configuration + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + PLUMgridDirectorServer: + description: IP address of the PLUMgrid Director Server + type: string + default: 127.0.0.1 + PLUMgridDirectorServerPort: + description: Port of the PLUMgrid Director Server + type: string + default: 443 + PLUMgridUsername: + description: Username for PLUMgrid platform + type: string + PLUMgridPassword: + description: Password for PLUMgrid platform + type: string + hidden: true + PLUMgridServerTimeOut: + description: Request timeout duration (seconds) to PLUMgrid platform + type: string + default: 99 + PLUMgridNovaMetadataIP: + description: IP address of Nova Metadata + type: string + default: 169.254.169.254 + PLUMgridNovaMetadataPort: + description: Port of Nova Metadata + type: string + default: 8775 + PLUMgridL2GatewayVendor: + description: Vendor for L2 Gateway Switch + type: string + default: vendor + PLUMgridL2GatewayUsername: + description: Username for L2 Gateway Switch + type: string + default: username + PLUMgridL2GatewayPassword: + description: Password for L2 Gateway Switch + type: string + hidden: true + PLUMgridIdentityVersion: + description: Keystone Identity version + type: string + default: v2.0 + PLUMgridConnectorType: + description: Neutron Network Connector Type + type: string + default: distributed + PLUMgridNeutronPluginVersion: + description: PLUMgrid Neutron Plugin version + type: string + default: present + PLUMgridPlumlibVersion: + description: PLUMgrid Plumlib version + type: string + default: present + + +resources: + ControllerPLUMgridConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + neutron_plumgrid_data: + mapped_data: + neutron::plugins::plumgrid::director_server: {get_input: plumgrid_director_server} + neutron::plugins::plumgrid::director_server_port: {get_input: plumgrid_director_server_port} + neutron::plugins::plumgrid::username: {get_input: plumgrid_username} + neutron::plugins::plumgrid::password: {get_input: plumgrid_password} + neutron::plugins::plumgrid::nova_metadata_ip: {get_input: plumgrid_nova_metadata_ip} + neutron::plugins::plumgrid::nova_metadata_port: {get_input: plumgrid_nova_metadata_port} + neutron::plugins::plumgrid::l2gateway_vendor: {get_input: plumgrid_l2gateway_vendor} + neutron::plugins::plumgrid::l2gateway_sw_username: {get_input: plumgrid_l2gateway_sw_username} + neutron::plugins::plumgrid::l2gateway_sw_password: {get_input: plumgrid_l2gateway_sw_password} + neutron::plugins::plumgrid::connector_type: {get_input: plumgrid_connector_type} + neutron::plugins::plumgrid::identity_version: {get_input: plumgrid_identity_version} + neutron::plugins::plumgrid::package_ensure: {get_input: plumgrid_neutron_plugin_version} + neutron::plugins::plumgrid::plumlib_package_ensure: {get_input: plumgrid_plumlib_version} + + ControllerPLUMgridDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: ControllerPLUMgridConfig} + server: {get_param: server} + input_values: + plumgrid_director_server: {get_param: PLUMgridDirectorServer} + plumgrid_director_server_port: {get_param: PLUMgridDirectorServerPort} + plumgrid_username: {get_param: PLUMgridUsername} + plumgrid_password: {get_param: PLUMgridPassword} + plumgrid_nova_metadata_ip: {get_param: PLUMgridNovaMetadataIP} + plumgrid_nova_metadata_port: {get_param: PLUMgridNovaMetadataPort} + plumgrid_l2gateway_vendor: {get_param: PLUMgridL2GatewayVendor} + plumgrid_l2gateway_sw_username: {get_param: PLUMgridL2GatewayUsername} + plumgrid_l2gateway_sw_password: {get_param: PLUMgridL2GatewayPassword} + plumgrid_identity_version: {get_param: PLUMgridIdentityVersion} + plumgrid_connector_type: {get_param: PLUMgridConnectorType} + plumgrid_neutron_plugin_version: {get_param: PLUMgridNeutronPluginVersion} + plumgrid_plumlib_version: {get_param: PLUMgridPlumlibVersion} + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: {get_attr: [ControllerPLUMgridDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml index 5a36e951..f955034d 100644 --- a/puppet/extraconfig/tls/ca-inject.yaml +++ b/puppet/extraconfig/tls/ca-inject.yaml @@ -4,7 +4,7 @@ description: > This is a template which will inject the trusted anchor. parameters: - # Can be overriden via parameter_defaults in the environment + # Can be overridden via parameter_defaults in the environment SSLRootCertificate: description: > The content of a CA's SSL certificate file in PEM format. @@ -45,7 +45,7 @@ resources: cat > ${cacert_path} << EOF ${cacert_content} EOF - chmod 0440 ${cacert_path} + chmod 0444 ${cacert_path} chown root:root ${cacert_path} ${update_anchor_command} md5sum ${cacert_path} > ${heat_outputs_path}.root_cert_md5sum diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index 20bb3737..e281ef51 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -5,7 +5,7 @@ description: > for the load balancer using the given parameters. parameters: - # Can be overriden via parameter_defaults in the environment + # Can be overridden via parameter_defaults in the environment SSLCertificate: description: > The content of the SSL certificate (without Key) in PEM format. @@ -21,7 +21,7 @@ parameters: type: string hidden: true - # Can be overriden by parameter_defaults if the user wants to try deploying + # Can be overridden by parameter_defaults if the user wants to try deploying # this in a distro that doesn't support this path. DeployedSSLCertificatePath: default: '/etc/pki/tls/private/overcloud_endpoint.pem' @@ -63,6 +63,14 @@ resources: openssl rsa -noout -modulus -in ${cert_path} \ | openssl md5 | cut -c 10- \ > ${heat_outputs_path}.key_modulus + # We need to reload haproxy in case the certificate changed because + # puppet doesn't know the contents of the cert file. The pacemaker + # case is handled separately in a pacemaker-specific resource. + pacemaker_status=$(systemctl is-active pacemaker) + haproxy_status=$(systemctl is-active haproxy) + if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then + systemctl reload haproxy + fi ControllerTLSDeployment: type: OS::Heat::SoftwareDeployment |