diff options
Diffstat (limited to 'puppet/manifests')
| -rw-r--r-- | puppet/manifests/overcloud_cephstorage.pp | 16 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_compute.pp | 11 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 43 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 59 |
4 files changed, 119 insertions, 10 deletions
diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index cf2626ac..6c5dda42 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -21,7 +21,21 @@ if count(hiera('ntp::servers')) > 0 { include ::ntp } +if str2bool(hiera('ceph_osd_selinux_permissive', true)) { + exec { 'set selinux to permissive on boot': + command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", + onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", + path => ["/usr/bin", "/usr/sbin"], + } + + exec { 'set selinux to permissive': + command => "setenforce 0", + onlyif => "which setenforce && getenforce | grep -i 'enforcing'", + path => ["/usr/bin", "/usr/sbin"], + } -> Class['ceph::profile::osd'] +} + include ::ceph::profile::client include ::ceph::profile::osd -hiera_include('ceph_classes')
\ No newline at end of file +hiera_include('ceph_classes') diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index d36cf0b0..e6fa9471 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -53,6 +53,17 @@ if $nova_enable_rbd_backend { } } +if hiera('cinder_enable_nfs_backend', false) { + if ($::selinux != "false") { + selboolean { 'virt_use_nfs': + value => on, + persistent => true, + } -> Package['nfs-utils'] + } + + package {'nfs-utils': } -> Service['nova-compute'] +} + include ::nova::compute::libvirt include ::nova::network::neutron include ::neutron diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 0b23a632..b001d667 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -133,6 +133,20 @@ if hiera('step') >= 2 { } if str2bool(hiera('enable_ceph_storage', 'false')) { + if str2bool(hiera('ceph_osd_selinux_permissive', true)) { + exec { 'set selinux to permissive on boot': + command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", + onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", + path => ["/usr/bin", "/usr/sbin"], + } + + exec { 'set selinux to permissive': + command => "setenforce 0", + onlyif => "which setenforce && getenforce | grep -i 'enforcing'", + path => ["/usr/bin", "/usr/sbin"], + } -> Class['ceph::profile::osd'] + } + include ::ceph::profile::client include ::ceph::profile::osd } @@ -193,7 +207,10 @@ if hiera('step') >= 3 { include ::glance::registry include join(['::glance::backend::', $glance_backend]) - include ::nova + class { '::nova' : + memcached_servers => suffix(hiera('memcache_node_ips'), ':11211'), + } + include ::nova::config include ::nova::api include ::nova::cert include ::nova::conductor @@ -311,7 +328,25 @@ if hiera('step') >= 3 { } } - $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_netapp_backend]) + if hiera('cinder_enable_nfs_backend', false) { + $cinder_nfs_backend = 'tripleo_nfs' + + if ($::selinux != "false") { + selboolean { 'virt_use_nfs': + value => on, + persistent => true, + } -> Package['nfs-utils'] + } + + package {'nfs-utils': } -> + cinder::backend::nfs { $cinder_nfs_backend : + nfs_servers => hiera('cinder_nfs_servers'), + nfs_mount_options => hiera('cinder_nfs_mount_options'), + nfs_shares_config => '/etc/cinder/shares-nfs.conf', + } + } + + $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_netapp_backend, $cinder_nfs_backend]) class { '::cinder::backends' : enabled_backends => $cinder_enabled_backends, } @@ -400,3 +435,7 @@ if hiera('step') >= 3 { hiera_include('controller_classes') } #END STEP 3 + +if hiera('step') >= 4 { + include ::keystone::cron::token_flush +} #END STEP 4 diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 6a41d16d..cfd30f13 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -74,6 +74,13 @@ if hiera('step') >= 1 { Class['tripleo::fencing'] -> Class['pacemaker::stonith'] } + # FIXME(gfidente): sets 90secs as default start timeout op + # param; until we can use pcmk global defaults we'll still + # need to add it to every resource which redefines op params + Pacemaker::Resource::Service { + op_params => 'start timeout=90s', + } + # Only configure RabbitMQ in this step, don't start it yet to # avoid races where non-master nodes attempt to start without # config (eg. binding on 0.0.0.0) @@ -442,6 +449,20 @@ MYSQL_HOST=localhost\n", } if str2bool(hiera('enable_ceph_storage', 'false')) { + if str2bool(hiera('ceph_osd_selinux_permissive', true)) { + exec { 'set selinux to permissive on boot': + command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", + onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", + path => ["/usr/bin", "/usr/sbin"], + } + + exec { 'set selinux to permissive': + command => "setenforce 0", + onlyif => "which setenforce && getenforce | grep -i 'enforcing'", + path => ["/usr/bin", "/usr/sbin"], + } -> Class['ceph::profile::osd'] + } + include ::ceph::profile::client include ::ceph::profile::osd } @@ -513,7 +534,11 @@ if hiera('step') >= 3 { } include join(['::glance::backend::', $glance_backend]) - include ::nova + class { '::nova' : + memcached_servers => suffix(hiera('memcache_node_ips'), ':11211'), + } + + include ::nova::config class { '::nova::api' : sync_db => $sync_db, @@ -670,7 +695,25 @@ if hiera('step') >= 3 { } } - $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_netapp_backend]) + if hiera('cinder_enable_nfs_backend', false) { + $cinder_nfs_backend = 'tripleo_nfs' + + if ($::selinux != "false") { + selboolean { 'virt_use_nfs': + value => on, + persistent => true, + } -> Package['nfs-utils'] + } + + package {'nfs-utils': } -> + cinder::backend::nfs { $cinder_nfs_backend: + nfs_servers => hiera('cinder_nfs_servers'), + nfs_mount_options => hiera('cinder_nfs_mount_options'), + nfs_shares_config => '/etc/cinder/shares-nfs.conf', + } + } + + $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_netapp_backend, $cinder_nfs_backend]) class { '::cinder::backends' : enabled_backends => $cinder_enabled_backends, } @@ -816,6 +859,8 @@ if hiera('step') >= 3 { } #END STEP 3 if hiera('step') >= 4 { + include ::keystone::cron::token_flush + if $pacemaker_master { # Keystone @@ -1044,24 +1089,24 @@ if hiera('step') >= 4 { # Nova pacemaker::resource::service { $::nova::params::api_service_name : clone_params => "interleave=true", - op_params => "monitor start-delay=10s", + op_params => "start timeout=90s monitor start-delay=10s", } pacemaker::resource::service { $::nova::params::conductor_service_name : clone_params => "interleave=true", - op_params => "monitor start-delay=10s", + op_params => "start timeout=90s monitor start-delay=10s", } pacemaker::resource::service { $::nova::params::consoleauth_service_name : clone_params => "interleave=true", - op_params => "monitor start-delay=10s", + op_params => "start timeout=90s monitor start-delay=10s", require => Pacemaker::Resource::Service[$::keystone::params::service_name], } pacemaker::resource::service { $::nova::params::vncproxy_service_name : clone_params => "interleave=true", - op_params => "monitor start-delay=10s", + op_params => "start timeout=90s monitor start-delay=10s", } pacemaker::resource::service { $::nova::params::scheduler_service_name : clone_params => "interleave=true", - op_params => "monitor start-delay=10s", + op_params => "start timeout=90s monitor start-delay=10s", } pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint': |