diff options
Diffstat (limited to 'puppet/manifests/overcloud_controller.pp')
-rw-r--r-- | puppet/manifests/overcloud_controller.pp | 243 |
1 files changed, 164 insertions, 79 deletions
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 70aebddd..d7bb025a 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -20,7 +20,9 @@ $enable_load_balancer = hiera('enable_load_balancer', true) if hiera('step') >= 1 { + create_resources(kmod::load, hiera('kernel_modules'), {}) create_resources(sysctl::value, hiera('sysctl_settings'), {}) + Exec <| tag == 'kmod::load' |> -> Sysctl <| |> $controller_node_ips = split(hiera('controller_node_ips'), ',') @@ -44,16 +46,26 @@ if hiera('step') >= 2 { # MongoDB if downcase(hiera('ceilometer_backend')) == 'mongodb' { include ::mongodb::globals - + include ::mongodb::client include ::mongodb::server - $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') + # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and + # without the brackets as 'members' argument for the 'mongodb_replset' + # resource. + if str2bool(hiera('mongodb::server::ipv6', false)) { + $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[') + $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + } else { + $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + } $mongo_node_string = join($mongo_node_ips_with_port, ',') $mongodb_replset = hiera('mongodb::server::replset') $ceilometer_mongodb_conn_string = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" if downcase(hiera('bootstrap_nodeid')) == $::hostname { mongodb_replset { $mongodb_replset : - members => $mongo_node_ips_with_port, + members => $mongo_node_ips_with_port_nobr, } } } @@ -83,11 +95,15 @@ if hiera('step') >= 2 { $mysql_config_file = '/etc/my.cnf.d/server.cnf' } # TODO Galara + # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we + # set bind-address to a hostname instead of an ip address; to move Mysql + # from internal_api on another network we'll have to customize both + # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap class { '::mysql::server': config_file => $mysql_config_file, override_options => { 'mysqld' => { - 'bind-address' => hiera('mysql_bind_host'), + 'bind-address' => $::hostname, 'max_connections' => hiera('mysql_max_connections'), 'open_files_limit' => '-1', }, @@ -100,23 +116,38 @@ if hiera('step') >= 2 { include ::keystone::db::mysql include ::glance::db::mysql include ::nova::db::mysql + include ::nova::db::mysql_api include ::neutron::db::mysql include ::cinder::db::mysql include ::heat::db::mysql include ::sahara::db::mysql + if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { + include ::gnocchi::db::mysql + } if downcase(hiera('ceilometer_backend')) == 'mysql' { include ::ceilometer::db::mysql + include ::aodh::db::mysql } $rabbit_nodes = hiera('rabbit_node_ips') if count($rabbit_nodes) > 1 { + + $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false)) + if $rabbit_ipv6 { + $rabbit_env = merge(hiera('rabbitmq_environment'), { + 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"' + }) + } else { + $rabbit_env = hiera('rabbitmq_environment') + } + class { '::rabbitmq': config_cluster => true, cluster_nodes => $rabbit_nodes, tcp_keepalive => false, config_kernel_variables => hiera('rabbitmq_kernel_variables'), config_variables => hiera('rabbitmq_config_variables'), - environment_variables => hiera('rabbitmq_environment'), + environment_variables => $rabbit_env, } rabbitmq_policy { 'ha-all@/': pattern => '^(?!amq\.).*', @@ -134,8 +165,15 @@ if hiera('step') >= 2 { $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) if $enable_ceph { + $mon_initial_members = downcase(hiera('ceph_mon_initial_members')) + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } class { '::ceph::profile::params': - mon_initial_members => downcase(hiera('ceph_mon_initial_members')), + mon_initial_members => $mon_initial_members, + mon_host => $mon_host, } include ::ceph::conf include ::ceph::profile::mon @@ -161,48 +199,21 @@ if hiera('step') >= 2 { } if str2bool(hiera('enable_external_ceph', false)) { + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } + class { '::ceph::profile::params': + mon_host => $mon_host, + } include ::ceph::conf include ::ceph::profile::client } } #END STEP 2 -if hiera('step') >= 3 { - - include ::keystone - include ::keystone::config - include ::keystone::roles::admin - include ::keystone::endpoint - - #TODO: need a cleanup-keystone-tokens.sh solution here - - file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]: - ensure => 'directory', - owner => 'keystone', - group => 'keystone', - require => Package['keystone'], - } - file { '/etc/keystone/ssl/certs/signing_cert.pem': - content => hiera('keystone_signing_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/certs'], - } - file { '/etc/keystone/ssl/private/signing_key.pem': - content => hiera('keystone_signing_key'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/private'], - } - file { '/etc/keystone/ssl/certs/ca.pem': - content => hiera('keystone_ca_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/certs'], - } +if hiera('step') >= 4 { $glance_backend = downcase(hiera('glance_backend', 'swift')) case $glance_backend { @@ -214,17 +225,25 @@ if hiera('step') >= 3 { $http_store = ['glance.store.http.Store'] $glance_store = concat($http_store, $backend_store) - # TODO: notifications, scrubber, etc. + # TODO: scrubber and other additional optional features include ::glance include ::glance::config class { '::glance::api': known_stores => $glance_store, } include ::glance::registry + include ::glance::notify::rabbitmq include join(['::glance::backend::', $glance_backend]) + $nova_ipv6 = hiera('nova::use_ipv6', false) + if $nova_ipv6 { + $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') + } else { + $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211') + } + class { '::nova' : - memcached_servers => suffix(hiera('memcache_node_ips'), ':11211'), + memcached_servers => $memcached_servers } include ::nova::config include ::nova::api @@ -246,7 +265,8 @@ if hiera('step') >= 3 { if hiera('enable_zookeeper_on_controller') { class {'::tripleo::cluster::zookeeper': zookeeper_server_ips => $zookeeper_node_ips, - zookeeper_client_ip => $ipaddress, + # TODO: create a 'bind' hiera key for zookeeper + zookeeper_client_ip => hiera('neutron::bind_host'), zookeeper_hostnames => hiera('controller_node_names') } } @@ -255,7 +275,8 @@ if hiera('step') >= 3 { if hiera('enable_cassandra_on_controller') { class {'::tripleo::cluster::cassandra': cassandra_servers => $cassandra_node_ips, - cassandra_ip => $ipaddress + # TODO: create a 'bind' hiera key for cassandra + cassandra_ip => hiera('neutron::bind_host'), } } @@ -266,10 +287,11 @@ if hiera('step') >= 3 { class {'::tripleo::network::midonet::api': zookeeper_servers => $zookeeper_node_ips, - vip => $ipaddress, - keystone_ip => $ipaddress, + vip => hiera('tripleo::loadbalancer::public_virtual_ip'), + keystone_ip => hiera('tripleo::loadbalancer::public_virtual_ip'), keystone_admin_token => hiera('keystone::admin_token'), - bind_address => $ipaddress, + # TODO: create a 'bind' hiera key for api + bind_address => hiera('neutron::bind_host'), admin_password => hiera('admin_password') } @@ -289,11 +311,21 @@ if hiera('step') >= 3 { include ::neutron::server include ::neutron::server::notifications - # If the value of core plugin is set to 'nuage', - # include nuage core plugin, and it does not - # need the l3, dhcp and metadata agents + # If the value of core plugin is set to 'nuage' or'opencontrail' or 'plumgrid', + # include nuage or opencontrail or plumgrid core plugins + # else use the default value of 'ml2' if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { include ::neutron::plugins::nuage + } elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { + include ::neutron::plugins::opencontrail + } + elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { + class { '::neutron::plugins::plumgrid' : + connection => hiera('neutron::server::database_connection'), + controller_priv_host => hiera('keystone_admin_api_vip'), + admin_password => hiera('admin_password'), + metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'), + } } else { include ::neutron::agents::l3 include ::neutron::agents::dhcp @@ -312,7 +344,7 @@ if hiera('step') >= 3 { if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { class {'::neutron::plugins::midonet': - midonet_api_ip => $ipaddress, + midonet_api_ip => hiera('tripleo::loadbalancer::public_virtual_ip'), keystone_tenant => hiera('neutron::server::auth_tenant'), keystone_password => hiera('neutron::server::auth_password') } @@ -344,8 +376,9 @@ if hiera('step') >= 3 { include ::neutron::plugins::ml2::cisco::type_nexus_vxlan } - if hiera('neutron_enable_bigswitch_ml2', false) { + if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { include ::neutron::plugins::ml2::bigswitch::restproxy + include ::neutron::agents::bigswitch } neutron_l3_agent_config { 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); @@ -363,10 +396,12 @@ if hiera('step') >= 3 { include ::cinder include ::cinder::config + include ::tripleo::ssl::cinder_config include ::cinder::api include ::cinder::glance include ::cinder::scheduler include ::cinder::volume + include ::cinder::ceilometer class { '::cinder::setup_test_volume': size => join([hiera('cinder_lvm_loop_device_size'), 'M']), } @@ -400,6 +435,7 @@ if hiera('step') >= 3 { $cinder_rbd_backend = 'tripleo_ceph' cinder::backend::rbd { $cinder_rbd_backend : + backend_host => hiera('cinder::host'), rbd_pool => hiera('cinder_rbd_pool_name'), rbd_user => hiera('ceph_client_user_name'), rbd_secret_uuid => hiera('ceph::profile::params::fsid'), @@ -410,10 +446,6 @@ if hiera('step') >= 3 { if hiera('cinder_enable_eqlx_backend', false) { $cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name') - cinder_config { - "${cinder_eqlx_backend}/host": value => 'hostgroup'; - } - cinder::backend::eqlx { $cinder_eqlx_backend : volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef), san_ip => hiera('cinder::backend::eqlx::san_ip', undef), @@ -421,7 +453,7 @@ if hiera('step') >= 3 { san_password => hiera('cinder::backend::eqlx::san_password', undef), san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef), eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef), - eqlx_pool => hiera('cinder::backend::eqlx::eqlx_lpool', undef), + eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef), eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef), eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef), eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef), @@ -431,10 +463,6 @@ if hiera('step') >= 3 { if hiera('cinder_enable_dellsc_backend', false) { $cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name') - cinder_config { - "${cinder_dellsc_backend}/host": value => 'hostgroup'; - } - cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend : volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef), san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef), @@ -443,7 +471,7 @@ if hiera('step') >= 3 { dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef), iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef), iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef), - dell_sc_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_port', undef), + dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef), dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef), dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef), } @@ -452,10 +480,6 @@ if hiera('step') >= 3 { if hiera('cinder_enable_netapp_backend', false) { $cinder_netapp_backend = hiera('cinder::backend::netapp::title') - cinder_config { - "${cinder_netapp_backend}/host": value => 'hostgroup'; - } - if hiera('cinder::backend::netapp::nfs_shares', undef) { $cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',') } @@ -504,7 +528,7 @@ if hiera('step') >= 3 { $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend]) class { '::cinder::backends' : - enabled_backends => $cinder_enabled_backends, + enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), } # swift proxy @@ -557,14 +581,32 @@ if hiera('step') >= 3 { include ::ceilometer::expirer include ::ceilometer::collector include ::ceilometer::agent::auth + include ::ceilometer::dispatcher::gnocchi class { '::ceilometer::db' : database_connection => $ceilometer_database_connection, } Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } + # Aodh + class { '::aodh' : + database_connection => $ceilometer_database_connection, + } + include ::aodh::db::sync + # To manage the upgrade: + Exec['ceilometer-dbsync'] -> Exec['aodh-db-sync'] + include ::aodh::auth + include ::aodh::api + include ::aodh::wsgi::apache + include ::aodh::evaluator + include ::aodh::notifier + include ::aodh::listener + include ::aodh::client + # Heat - include ::heat + class { '::heat' : + notification_driver => 'messaging', + } include ::heat::config include ::heat::api include ::heat::api_cfn @@ -584,11 +626,38 @@ if hiera('step') >= 3 { } $neutron_options = {'profile_support' => $_profile_support } + $memcached_ipv6 = hiera('memcached_ipv6', false) + if $memcached_ipv6 { + $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]') + } else { + $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1') + } + class { '::horizon': - cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'), + cache_server_ip => $horizon_memcached_servers, neutron_options => $neutron_options, } + # Gnocchi + $gnocchi_database_connection = hiera('gnocchi_mysql_conn_string') + class { '::gnocchi': + database_connection => $gnocchi_database_connection, + } + include ::gnocchi::api + include ::gnocchi::wsgi::apache + include ::gnocchi::client + include ::gnocchi::db::sync + include ::gnocchi::storage + include ::gnocchi::metricd + include ::gnocchi::statsd + $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift')) + case $gnocchi_backend { + 'swift': { include ::gnocchi::storage::swift } + 'file': { include ::gnocchi::storage::file } + 'rbd': { include ::gnocchi::storage::ceph } + default: { fail('Unrecognized gnocchi_backend parameter.') } + } + $snmpd_user = hiera('snmpd_readonly_user_name') snmp::snmpv3_user { $snmpd_user: authtype => 'MD5', @@ -596,28 +665,44 @@ if hiera('step') >= 3 { } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('controller_classes') -} #END STEP 3 +} #END STEP 4 -if hiera('step') >= 4 { - $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true) +if hiera('step') >= 5 { $nova_enable_db_purge = hiera('nova_enable_db_purge', true) $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) + $heat_enable_db_purge = hiera('heat_enable_db_purge', true) - if $keystone_enable_db_purge { - include ::keystone::cron::token_flush - } if $nova_enable_db_purge { include ::nova::cron::archive_deleted_rows } if $cinder_enable_db_purge { include ::cinder::cron::db_purge } -} #END STEP 4 + if $heat_enable_db_purge { + include ::heat::cron::purge_deleted + } + + if downcase(hiera('bootstrap_nodeid')) == $::hostname { + # Class ::heat::keystone::domain has to run on bootstrap node + # because it creates DB entities via API calls. + include ::heat::keystone::domain + + Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain'] + } else { + # On non-bootstrap node we don't need to create Keystone resources again + class { '::heat::keystone::domain': + manage_domain => false, + manage_user => false, + manage_role => false, + } + } + +} #END STEP 5 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} |