summaryrefslogtreecommitdiffstats
path: root/puppet/manifests/overcloud_controller_pacemaker.pp
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/manifests/overcloud_controller_pacemaker.pp')
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp344
1 files changed, 232 insertions, 112 deletions
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index a9adbd5d..db3d8652 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -34,12 +34,14 @@ $enable_load_balancer = hiera('enable_load_balancer', true)
# When to start and enable services which haven't been Pacemakerized
# FIXME: remove when we start all OpenStack services using Pacemaker
-# (occurences of this variable will be gradually replaced with false)
+# (occurrences of this variable will be gradually replaced with false)
$non_pcmk_start = hiera('step') >= 4
if hiera('step') >= 1 {
+ create_resources(kmod::load, hiera('kernel_modules'), {})
create_resources(sysctl::value, hiera('sysctl_settings'), {})
+ Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
include ::timezone
@@ -60,6 +62,12 @@ if hiera('step') >= 1 {
}
$pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G'))
+ $corosync_ipv6 = str2bool(hiera('corosync_ipv6', false))
+ if $corosync_ipv6 {
+ $cluster_setup_extras = { '--ipv6' => '' }
+ } else {
+ $cluster_setup_extras = {}
+ }
user { 'hacluster':
ensure => present,
} ->
@@ -67,8 +75,9 @@ if hiera('step') >= 1 {
hacluster_pwd => hiera('hacluster_pwd'),
} ->
class { '::pacemaker::corosync':
- cluster_members => $pacemaker_cluster_members,
- setup_cluster => $pacemaker_master,
+ cluster_members => $pacemaker_cluster_members,
+ setup_cluster => $pacemaker_master,
+ cluster_setup_extras => $cluster_setup_extras,
}
class { '::pacemaker::stonith':
disable => !$enable_fencing,
@@ -91,12 +100,21 @@ if hiera('step') >= 1 {
# avoid races where non-master nodes attempt to start without
# config (eg. binding on 0.0.0.0)
# The module ignores erlang_cookie if cluster_config is false
+ $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false))
+ if $rabbit_ipv6 {
+ $rabbit_env = merge(hiera('rabbitmq_environment'), {
+ 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"'
+ })
+ } else {
+ $rabbit_env = hiera('rabbitmq_environment')
+ }
+
class { '::rabbitmq':
service_manage => false,
tcp_keepalive => false,
config_kernel_variables => hiera('rabbitmq_kernel_variables'),
config_variables => hiera('rabbitmq_config_variables'),
- environment_variables => hiera('rabbitmq_environment'),
+ environment_variables => $rabbit_env,
} ->
file { '/var/lib/rabbitmq/.erlang.cookie':
ensure => file,
@@ -109,6 +127,7 @@ if hiera('step') >= 1 {
if downcase(hiera('ceilometer_backend')) == 'mongodb' {
include ::mongodb::globals
+ include ::mongodb::client
class { '::mongodb::server' :
service_manage => false,
}
@@ -134,6 +153,11 @@ if hiera('step') >= 1 {
$galera_nodes = downcase(hiera('galera_node_names', $::hostname))
$galera_nodes_count = count(split($galera_nodes, ','))
+ # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we
+ # set bind-address to a hostname instead of an ip address; to move Mysql
+ # from internal_api on another network we'll have to customize both
+ # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap
+ $mysql_bind_host = hiera('mysql_bind_host')
$mysqld_options = {
'mysqld' => {
'skip-name-resolve' => '1',
@@ -143,7 +167,7 @@ if hiera('step') >= 1 {
'innodb_locks_unsafe_for_binlog'=> '1',
'query_cache_size' => '0',
'query_cache_type' => '0',
- 'bind-address' => hiera('mysql_bind_host'),
+ 'bind-address' => $::hostname,
'max_connections' => hiera('mysql_max_connections'),
'open_files_limit' => '-1',
'wsrep_provider' => '/usr/lib64/galera/libgalera_smm.so',
@@ -158,8 +182,8 @@ if hiera('step') >= 1 {
'wsrep_auto_increment_control' => '1',
'wsrep_drupal_282555_workaround'=> '0',
'wsrep_causal_reads' => '0',
- 'wsrep_notify_cmd' => '',
'wsrep_sst_method' => 'rsync',
+ 'wsrep_provider_options' => "gmcast.listen_addr=tcp://[${mysql_bind_host}]:4567;",
},
}
@@ -178,8 +202,19 @@ if hiera('step') >= 1 {
if hiera('step') >= 2 {
# NOTE(gfidente): the following vars are needed on all nodes so they
- # need to stay out of pacemaker_master conditional
- $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017')
+ # need to stay out of pacemaker_master conditional.
+ # The addresses mangling will hopefully go away when we'll be able to
+ # configure the connection string via hostnames, until then, we need to pass
+ # the list of IPv6 addresses *with* port and without the brackets as 'members'
+ # argument for the 'mongodb_replset' resource.
+ if str2bool(hiera('mongodb::server::ipv6', false)) {
+ $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[')
+ $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017')
+ $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017')
+ } else {
+ $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017')
+ $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017')
+ }
$mongodb_replset = hiera('mongodb::server::replset')
if $pacemaker_master {
@@ -188,6 +223,11 @@ if hiera('step') >= 2 {
include ::pacemaker::resource_defaults
+ # Create an openstack-core dummy resource. See RHBZ 1290121
+ pacemaker::resource::ocf { 'openstack-core':
+ ocf_agent_name => 'heartbeat:Dummy',
+ clone_params => true,
+ }
# FIXME: we should not have to access tripleo::loadbalancer class
# parameters here to configure pacemaker VIPs. The configuration
# of pacemaker VIPs could move into puppet-tripleo or we should
@@ -197,8 +237,14 @@ if hiera('step') >= 2 {
}
$control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip')
+ if is_ipv6_address($control_vip) {
+ $control_vip_netmask = '64'
+ } else {
+ $control_vip_netmask = '32'
+ }
pacemaker::resource::ip { 'control_vip':
- ip_address => $control_vip,
+ ip_address => $control_vip,
+ cidr_netmask => $control_vip_netmask,
}
pacemaker::constraint::base { 'control_vip-then-haproxy':
constraint_type => 'order',
@@ -219,9 +265,15 @@ if hiera('step') >= 2 {
}
$public_vip = hiera('tripleo::loadbalancer::public_virtual_ip')
+ if is_ipv6_address($public_vip) {
+ $public_vip_netmask = '64'
+ } else {
+ $public_vip_netmask = '32'
+ }
if $public_vip and $public_vip != $control_vip {
pacemaker::resource::ip { 'public_vip':
- ip_address => $public_vip,
+ ip_address => $public_vip,
+ cidr_netmask => $public_vip_netmask,
}
pacemaker::constraint::base { 'public_vip-then-haproxy':
constraint_type => 'order',
@@ -243,9 +295,15 @@ if hiera('step') >= 2 {
}
$redis_vip = hiera('redis_vip')
+ if is_ipv6_address($redis_vip) {
+ $redis_vip_netmask = '64'
+ } else {
+ $redis_vip_netmask = '32'
+ }
if $redis_vip and $redis_vip != $control_vip {
pacemaker::resource::ip { 'redis_vip':
- ip_address => $redis_vip,
+ ip_address => $redis_vip,
+ cidr_netmask => $redis_vip_netmask,
}
pacemaker::constraint::base { 'redis_vip-then-haproxy':
constraint_type => 'order',
@@ -267,9 +325,15 @@ if hiera('step') >= 2 {
}
$internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip')
+ if is_ipv6_address($internal_api_vip) {
+ $internal_api_vip_netmask = '64'
+ } else {
+ $internal_api_vip_netmask = '32'
+ }
if $internal_api_vip and $internal_api_vip != $control_vip {
pacemaker::resource::ip { 'internal_api_vip':
- ip_address => $internal_api_vip,
+ ip_address => $internal_api_vip,
+ cidr_netmask => $internal_api_vip_netmask,
}
pacemaker::constraint::base { 'internal_api_vip-then-haproxy':
constraint_type => 'order',
@@ -291,9 +355,15 @@ if hiera('step') >= 2 {
}
$storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip')
+ if is_ipv6_address($storage_vip) {
+ $storage_vip_netmask = '64'
+ } else {
+ $storage_vip_netmask = '32'
+ }
if $storage_vip and $storage_vip != $control_vip {
pacemaker::resource::ip { 'storage_vip':
- ip_address => $storage_vip,
+ ip_address => $storage_vip,
+ cidr_netmask => $storage_vip_netmask,
}
pacemaker::constraint::base { 'storage_vip-then-haproxy':
constraint_type => 'order',
@@ -315,9 +385,15 @@ if hiera('step') >= 2 {
}
$storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip')
+ if is_ipv6_address($storage_mgmt_vip) {
+ $storage_mgmt_vip_netmask = '64'
+ } else {
+ $storage_mgmt_vip_netmask = '32'
+ }
if $storage_mgmt_vip and $storage_mgmt_vip != $control_vip {
pacemaker::resource::ip { 'storage_mgmt_vip':
- ip_address => $storage_mgmt_vip,
+ ip_address => $storage_mgmt_vip,
+ cidr_netmask => $storage_mgmt_vip_netmask,
}
pacemaker::constraint::base { 'storage_mgmt_vip-then-haproxy':
constraint_type => 'order',
@@ -349,6 +425,7 @@ if hiera('step') >= 2 {
ocf_agent_name => 'heartbeat:rabbitmq-cluster',
resource_params => 'set_policy=\'ha-all ^(?!amq\.).* {"ha-mode":"all"}\'',
clone_params => 'ordered=true interleave=true',
+ meta_params => 'notify=true',
require => Class['::rabbitmq'],
}
@@ -366,7 +443,7 @@ if hiera('step') >= 2 {
before => Mongodb_replset[$mongodb_replset],
}
mongodb_replset { $mongodb_replset :
- members => $mongo_node_ips_with_port,
+ members => $mongo_node_ips_with_port_nobr,
}
}
@@ -430,6 +507,9 @@ MYSQL_HOST=localhost\n",
class { '::nova::db::mysql':
require => Exec['galera-ready'],
}
+ class { '::nova::db::mysql_api':
+ require => Exec['galera-ready'],
+ }
class { '::neutron::db::mysql':
require => Exec['galera-ready'],
}
@@ -458,8 +538,15 @@ MYSQL_HOST=localhost\n",
$enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false)
if $enable_ceph {
+ $mon_initial_members = downcase(hiera('ceph_mon_initial_members'))
+ if str2bool(hiera('ceph_ipv6', false)) {
+ $mon_host = hiera('ceph_mon_host_v6')
+ } else {
+ $mon_host = hiera('ceph_mon_host')
+ }
class { '::ceph::profile::params':
- mon_initial_members => downcase(hiera('ceph_mon_initial_members')),
+ mon_initial_members => $mon_initial_members,
+ mon_host => $mon_host,
}
include ::ceph::conf
include ::ceph::profile::mon
@@ -485,6 +572,14 @@ MYSQL_HOST=localhost\n",
}
if str2bool(hiera('enable_external_ceph', false)) {
+ if str2bool(hiera('ceph_ipv6', false)) {
+ $mon_host = hiera('ceph_mon_host_v6')
+ } else {
+ $mon_host = hiera('ceph_mon_host')
+ }
+ class { '::ceph::profile::params':
+ mon_host => $mon_host,
+ }
include ::ceph::conf
include ::ceph::profile::client
}
@@ -495,9 +590,10 @@ MYSQL_HOST=localhost\n",
if hiera('step') >= 3 {
class { '::keystone':
- sync_db => $sync_db,
- manage_service => false,
- enabled => false,
+ sync_db => $sync_db,
+ manage_service => false,
+ enabled => false,
+ enable_bootstrap => $pacemaker_master,
}
include ::keystone::config
@@ -565,16 +661,25 @@ if hiera('step') >= 3 {
manage_service => false,
enabled => false,
}
+ include ::glance::notify::rabbitmq
include join(['::glance::backend::', $glance_backend])
+ $nova_ipv6 = hiera('nova::use_ipv6', false)
+ if $nova_ipv6 {
+ $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211')
+ } else {
+ $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211')
+ }
+
class { '::nova' :
- memcached_servers => suffix(hiera('memcache_node_ips'), ':11211'),
+ memcached_servers => $memcached_servers
}
include ::nova::config
class { '::nova::api' :
sync_db => $sync_db,
+ sync_db_api => $sync_db,
manage_service => false,
enabled => false,
}
@@ -611,8 +716,9 @@ if hiera('step') >= 3 {
if hiera('enable_zookeeper_on_controller') {
class {'::tripleo::cluster::zookeeper':
zookeeper_server_ips => $zookeeper_node_ips,
- zookeeper_client_ip => $ipaddress,
- zookeeper_hostnames => hiera('controller_node_names')
+ # TODO: create a 'bind' hiera key for zookeeper
+ zookeeper_client_ip => hiera('neutron::bind_host'),
+ zookeeper_hostnames => split(hiera('controller_node_names'), ',')
}
}
@@ -620,7 +726,8 @@ if hiera('step') >= 3 {
if hiera('enable_cassandra_on_controller') {
class {'::tripleo::cluster::cassandra':
cassandra_servers => $cassandra_node_ips,
- cassandra_ip => $ipaddress
+ # TODO: create a 'bind' hiera key for cassandra
+ cassandra_ip => hiera('neutron::bind_host'),
}
}
@@ -630,11 +737,12 @@ if hiera('step') >= 3 {
}
class {'::tripleo::network::midonet::api':
- zookeeper_servers => hiera('neutron_api_node_ips'),
- vip => $public_vip,
- keystone_ip => $public_vip,
+ zookeeper_servers => $zookeeper_node_ips,
+ vip => hiera('tripleo::loadbalancer::public_virtual_ip'),
+ keystone_ip => hiera('tripleo::loadbalancer::public_virtual_ip'),
keystone_admin_token => hiera('keystone::admin_token'),
- bind_address => $ipaddress,
+ # TODO: create a 'bind' hiera key for api
+ bind_address => hiera('neutron::bind_host'),
admin_password => hiera('admin_password')
}
@@ -659,9 +767,12 @@ if hiera('step') >= 3 {
if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' {
include ::neutron::plugins::nuage
}
+ if hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' {
+ include ::neutron::plugins::opencontrail
+ }
if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
class {'::neutron::plugins::midonet':
- midonet_api_ip => $public_vip,
+ midonet_api_ip => hiera('tripleo::loadbalancer::public_virtual_ip'),
keystone_tenant => hiera('neutron::server::auth_tenant'),
keystone_password => hiera('neutron::server::auth_password')
}
@@ -718,8 +829,9 @@ if hiera('step') >= 3 {
}
}
- if hiera('neutron_enable_bigswitch_ml2', false) {
+ if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') {
include ::neutron::plugins::ml2::bigswitch::restproxy
+ include ::neutron::agents::bigswitch
}
neutron_l3_agent_config {
'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false);
@@ -727,9 +839,13 @@ if hiera('step') >= 3 {
neutron_dhcp_agent_config {
'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false);
}
+ neutron_config {
+ 'DEFAULT/notification_driver': value => 'messaging';
+ }
include ::cinder
include ::cinder::config
+ include ::tripleo::ssl::cinder_config
class { '::cinder::api':
sync_db => $sync_db,
manage_service => false,
@@ -744,6 +860,7 @@ if hiera('step') >= 3 {
enabled => false,
}
include ::cinder::glance
+ include ::cinder::ceilometer
class { '::cinder::setup_test_volume':
size => join([hiera('cinder_lvm_loop_device_size'), 'M']),
}
@@ -787,10 +904,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_eqlx_backend', false) {
$cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name')
- cinder_config {
- "${cinder_eqlx_backend}/host": value => 'hostgroup';
- }
-
cinder::backend::eqlx { $cinder_eqlx_backend :
volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef),
san_ip => hiera('cinder::backend::eqlx::san_ip', undef),
@@ -798,7 +911,7 @@ if hiera('step') >= 3 {
san_password => hiera('cinder::backend::eqlx::san_password', undef),
san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef),
eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef),
- eqlx_pool => hiera('cinder::backend::eqlx::eqlx_lpool', undef),
+ eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef),
eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef),
eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef),
eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef),
@@ -808,10 +921,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_dellsc_backend', false) {
$cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name')
- cinder_config {
- "${cinder_dellsc_backend}/host": value => 'hostgroup';
- }
-
cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend :
volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef),
san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef),
@@ -820,7 +929,7 @@ if hiera('step') >= 3 {
dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef),
iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef),
iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef),
- dell_sc_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_port', undef),
+ dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef),
dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef),
dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef),
}
@@ -829,10 +938,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_netapp_backend', false) {
$cinder_netapp_backend = hiera('cinder::backend::netapp::title')
- cinder_config {
- "${cinder_netapp_backend}/host": value => 'hostgroup';
- }
-
if hiera('cinder::backend::netapp::nfs_shares', undef) {
$cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',')
}
@@ -881,7 +986,7 @@ if hiera('step') >= 3 {
$cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend])
class { '::cinder::backends' :
- enabled_backends => $cinder_enabled_backends,
+ enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')),
}
class { '::sahara':
@@ -982,7 +1087,8 @@ if hiera('step') >= 3 {
# Heat
include ::heat::config
class { '::heat' :
- sync_db => $sync_db,
+ sync_db => $sync_db,
+ notification_driver => 'messaging',
}
class { '::heat::api' :
manage_service => false,
@@ -1007,6 +1113,7 @@ if hiera('step') >= 3 {
service_enable => false,
# service_manage => false, # <-- not supported with horizon&apache mod_wsgi?
}
+ include ::keystone::wsgi::apache
include ::apache::mod::status
if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
$_profile_support = 'cisco'
@@ -1026,7 +1133,7 @@ if hiera('step') >= 3 {
}
class { '::snmp':
agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
+ snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
hiera_include('controller_classes')
@@ -1037,6 +1144,7 @@ if hiera('step') >= 4 {
$keystone_enable_db_purge = hiera('keystone_enable_db_purge', true)
$nova_enable_db_purge = hiera('nova_enable_db_purge', true)
$cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
+ $heat_enable_db_purge = hiera('heat_enable_db_purge', true)
if $keystone_enable_db_purge {
include ::keystone::cron::token_flush
@@ -1047,60 +1155,65 @@ if hiera('step') >= 4 {
if $cinder_enable_db_purge {
include ::cinder::cron::db_purge
}
+ if $heat_enable_db_purge {
+ include ::heat::cron::purge_deleted
+ }
if $pacemaker_master {
- # Keystone
- pacemaker::resource::service { $::keystone::params::service_name :
- clone_params => 'interleave=true',
- verify_on_create => true,
- require => [File['/etc/keystone/ssl/certs/ca.pem'],
- File['/etc/keystone/ssl/private/signing_key.pem'],
- File['/etc/keystone/ssl/certs/signing_cert.pem']],
- }
if $enable_load_balancer {
pacemaker::constraint::base { 'haproxy-then-keystone-constraint':
constraint_type => 'order',
first_resource => 'haproxy-clone',
- second_resource => "${::keystone::params::service_name}-clone",
+ second_resource => 'openstack-core-clone',
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
}
+
+ pacemaker::constraint::base { 'openstack-core-then-httpd-constraint':
+ constraint_type => 'order',
+ first_resource => 'openstack-core-clone',
+ second_resource => "${::apache::params::service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::apache::params::service_name],
+ Pacemaker::Resource::Ocf['openstack-core']],
+ }
pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint':
constraint_type => 'order',
first_resource => 'rabbitmq-clone',
- second_resource => "${::keystone::params::service_name}-clone",
+ second_resource => 'openstack-core-clone',
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Ocf['rabbitmq'],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
- pacemaker::constraint::base { 'memcached-then-keystone-constraint':
+ pacemaker::constraint::base { 'memcached-then-openstack-core-constraint':
constraint_type => 'order',
first_resource => 'memcached-clone',
- second_resource => "${::keystone::params::service_name}-clone",
+ second_resource => 'openstack-core-clone',
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service['memcached'],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
- pacemaker::constraint::base { 'galera-then-keystone-constraint':
+ pacemaker::constraint::base { 'galera-then-openstack-core-constraint':
constraint_type => 'order',
first_resource => 'galera-master',
- second_resource => "${::keystone::params::service_name}-clone",
+ second_resource => 'openstack-core-clone',
first_action => 'promote',
second_action => 'start',
require => [Pacemaker::Resource::Ocf['galera'],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
# Cinder
pacemaker::resource::service { $::cinder::params::api_service :
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Ocf['openstack-core'],
}
pacemaker::resource::service { $::cinder::params::scheduler_service :
clone_params => 'interleave=true',
@@ -1109,12 +1222,12 @@ if hiera('step') >= 4 {
pacemaker::constraint::base { 'keystone-then-cinder-api-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => 'openstack-core-clone',
second_resource => "${::cinder::params::api_service}-clone",
first_action => 'start',
second_action => 'start',
- require => [Pacemaker::Resource::Service[$::cinder::params::api_service],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ require => [Pacemaker::Resource::Ocf['openstack-core'],
+ Pacemaker::Resource::Service[$::cinder::params::api_service]],
}
pacemaker::constraint::base { 'cinder-api-then-cinder-scheduler-constraint':
constraint_type => 'order',
@@ -1152,25 +1265,25 @@ if hiera('step') >= 4 {
# Sahara
pacemaker::resource::service { $::sahara::params::api_service_name :
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Ocf['openstack-core'],
}
pacemaker::resource::service { $::sahara::params::engine_service_name :
clone_params => 'interleave=true',
}
pacemaker::constraint::base { 'keystone-then-sahara-api-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => 'openstack-core-clone',
second_resource => "${::sahara::params::api_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
# Glance
pacemaker::resource::service { $::glance::params::registry_service_name :
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Ocf['openstack-core'],
}
pacemaker::resource::service { $::glance::params::api_service_name :
clone_params => 'interleave=true',
@@ -1178,12 +1291,12 @@ if hiera('step') >= 4 {
pacemaker::constraint::base { 'keystone-then-glance-registry-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => 'openstack-core-clone',
second_resource => "${::glance::params::registry_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint':
constraint_type => 'order',
@@ -1221,12 +1334,12 @@ if hiera('step') >= 4 {
} ->
pacemaker::resource::service { $::neutron::params::server_service:
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name]
+ require => Pacemaker::Resource::Ocf['openstack-core']
}
} else {
pacemaker::resource::service { $::neutron::params::server_service:
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name]
+ require => Pacemaker::Resource::Ocf['openstack-core']
}
}
if hiera('neutron::enable_l3_agent', true) {
@@ -1298,38 +1411,37 @@ if hiera('step') >= 4 {
Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
}
}
-
pacemaker::constraint::base { 'keystone-to-neutron-server-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => 'openstack-core-clone',
second_resource => "${::neutron::params::server_service}-clone",
first_action => 'start',
second_action => 'start',
- require => [Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => [Pacemaker::Resource::Ocf['openstack-core'],
Pacemaker::Resource::Service[$::neutron::params::server_service]],
}
if hiera('neutron::enable_ovs_agent',true) {
- pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint':
+ pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint':
constraint_type => 'order',
- first_resource => "${::neutron::params::server_service}-clone",
- second_resource => "${::neutron::params::ovs_agent_service}-clone",
+ first_resource => "${::neutron::params::ovs_agent_service}-clone",
+ second_resource => "${::neutron::params::dhcp_agent_service}-clone",
first_action => 'start',
second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::server_service],
- Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
+ require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service],
+ Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]],
}
}
if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_ovs_agent',true) {
- pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint':
+ pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint':
constraint_type => 'order',
- first_resource => "${::neutron::params::ovs_agent_service}-clone",
- second_resource => "${::neutron::params::dhcp_agent_service}-clone",
+ first_resource => "${::neutron::params::server_service}-clone",
+ second_resource => "${::neutron::params::ovs_agent_service}-clone",
first_action => 'start',
second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]],
+ require => [Pacemaker::Resource::Service[$::neutron::params::server_service],
+ Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
+ }
- }
pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation':
source => "${::neutron::params::dhcp_agent_service}-clone",
target => "${::neutron::params::ovs_agent_service}-clone",
@@ -1415,34 +1527,29 @@ if hiera('step') >= 4 {
# Nova
pacemaker::resource::service { $::nova::params::api_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s',
}
pacemaker::resource::service { $::nova::params::conductor_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s',
}
pacemaker::resource::service { $::nova::params::consoleauth_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Ocf['openstack-core'],
}
pacemaker::resource::service { $::nova::params::vncproxy_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s',
}
pacemaker::resource::service { $::nova::params::scheduler_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s',
}
pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => 'openstack-core-clone',
second_resource => "${::nova::params::consoleauth_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
pacemaker::constraint::base { 'nova-consoleauth-then-nova-vncproxy-constraint':
constraint_type => 'order',
@@ -1512,16 +1619,16 @@ if hiera('step') >= 4 {
# Ceilometer
case downcase(hiera('ceilometer_backend')) {
/mysql/: {
- pacemaker::resource::service { $::ceilometer::params::agent_central_service_name :
+ pacemaker::resource::service { $::ceilometer::params::agent_central_service_name:
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Ocf['openstack-core'],
}
}
default: {
- pacemaker::resource::service { $::ceilometer::params::agent_central_service_name :
+ pacemaker::resource::service { $::ceilometer::params::agent_central_service_name:
clone_params => 'interleave=true',
- require => [Pacemaker::Resource::Service[$::keystone::params::service_name],
- Pacemaker::Resource::Service[$::mongodb::params::service_name]],
+ require => [Pacemaker::Resource::Ocf['openstack-core'],
+ Pacemaker::Resource::Service[$::mongodb::params::service_name]],
}
}
}
@@ -1557,12 +1664,12 @@ if hiera('step') >= 4 {
}
pacemaker::constraint::base { 'keystone-then-ceilometer-central-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => 'openstack-core-clone',
second_resource => "${::ceilometer::params::agent_central_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint':
constraint_type => 'order',
@@ -1632,12 +1739,12 @@ if hiera('step') >= 4 {
}
pacemaker::constraint::base { 'keystone-then-heat-api-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => 'openstack-core-clone',
second_resource => "${::heat::params::api_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::heat::params::api_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint':
constraint_type => 'order',
@@ -1697,9 +1804,13 @@ if hiera('step') >= 4 {
Pacemaker::Resource::Service[$::ceilometer::params::agent_notification_service_name]],
}
- # Horizon
- pacemaker::resource::service { $::horizon::params::http_service:
- clone_params => 'interleave=true',
+ # Horizon and Keystone
+ pacemaker::resource::service { $::apache::params::service_name:
+ clone_params => 'interleave=true',
+ verify_on_create => true,
+ require => [File['/etc/keystone/ssl/certs/ca.pem'],
+ File['/etc/keystone/ssl/private/signing_key.pem'],
+ File['/etc/keystone/ssl/certs/signing_cert.pem']],
}
#VSM
@@ -1736,12 +1847,21 @@ if hiera('step') >= 5 {
if $pacemaker_master {
class {'::keystone::roles::admin' :
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
} ->
class {'::keystone::endpoint' :
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
}
+ include ::heat::keystone::domain
+ Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain']
+ } else {
+ # On non-master controller we don't need to create Keystone resources again
+ class { '::heat::keystone::domain':
+ manage_domain => false,
+ manage_user => false,
+ manage_role => false,
+ }
}
} #END STEP 5