summaryrefslogtreecommitdiffstats
path: root/puppet/services
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/services')
-rw-r--r--puppet/services/ceph-mon.yaml4
-rw-r--r--puppet/services/cinder-backend-veritas-hyperscale.yaml56
-rw-r--r--puppet/services/database/mongodb-base.yaml4
-rw-r--r--puppet/services/database/mysql.yaml4
-rw-r--r--puppet/services/docker.yaml19
-rw-r--r--puppet/services/heat-api-cfn.yaml2
-rw-r--r--puppet/services/heat-api-cloudwatch.yaml2
-rw-r--r--puppet/services/heat-api.yaml2
-rw-r--r--puppet/services/iscsid.yaml (renamed from puppet/services/network/contrail-provision.yaml)23
-rw-r--r--puppet/services/network/contrail-analytics.yaml31
-rw-r--r--puppet/services/network/contrail-base.yaml96
-rw-r--r--puppet/services/network/contrail-config.yaml8
-rw-r--r--puppet/services/network/contrail-control.yaml5
-rw-r--r--puppet/services/network/contrail-dpdk.yaml82
-rw-r--r--puppet/services/network/contrail-neutron-plugin.yaml4
-rw-r--r--puppet/services/network/contrail-tsn.yaml14
-rw-r--r--puppet/services/network/contrail-vrouter.yaml14
-rw-r--r--puppet/services/network/contrail-webui.yaml12
-rw-r--r--puppet/services/neutron-plugin-ml2.yaml4
-rw-r--r--puppet/services/nova-compute.yaml19
-rw-r--r--puppet/services/nova-libvirt.yaml20
-rw-r--r--puppet/services/nova-migration-target.yaml57
-rw-r--r--puppet/services/pacemaker.yaml19
-rw-r--r--puppet/services/rabbitmq.yaml2
-rw-r--r--puppet/services/swift-storage.yaml1
-rw-r--r--puppet/services/veritas-hyperscale-controller.yaml70
-rw-r--r--puppet/services/zaqar.yaml79
27 files changed, 517 insertions, 136 deletions
diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml
index 3e4f5b42..4fe6e908 100644
--- a/puppet/services/ceph-mon.yaml
+++ b/puppet/services/ceph-mon.yaml
@@ -172,6 +172,6 @@ outputs:
until: ceph_quorum_nodecheck.rc == 0
retries: {get_param: CephValidationRetries}
delay: {get_param: CephValidationDelay}
- - name: set crush tunables
+ - name: ceph osd crush tunables default
tags: step0
- shell: ceph osd crush tunables optimal
+ shell: ceph osd crush tunables default
diff --git a/puppet/services/cinder-backend-veritas-hyperscale.yaml b/puppet/services/cinder-backend-veritas-hyperscale.yaml
new file mode 100644
index 00000000..11ceb2fd
--- /dev/null
+++ b/puppet/services/cinder-backend-veritas-hyperscale.yaml
@@ -0,0 +1,56 @@
+# Copyright (c) 2017 Veritas Technologies LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+heat_template_version: ocata
+
+description: >
+ Openstack Veritas HyperScale backend
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Veritas HyperScale backend.
+ value:
+ service_name: cinder_backend_veritas_hyperscale
+ config_settings:
+ tripleo::profile::base::cinder::volume::cinder_enable_vrts_hs_backend: true
+ step_config: |
+ include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/database/mongodb-base.yaml b/puppet/services/database/mongodb-base.yaml
index 2881a5c6..c218e8b5 100644
--- a/puppet/services/database/mongodb-base.yaml
+++ b/puppet/services/database/mongodb-base.yaml
@@ -56,7 +56,3 @@ outputs:
mongodb::server::journal: false
mongodb::server::ipv6: {get_param: MongoDbIPv6}
mongodb::server::replset: {get_param: MongoDbReplset}
- # for now, we don't want to manage these services which are enabled
- # by default with recent changes in puppet-systemd.
- systemd::manage_networkd: false
- systemd::manage_resolved: false
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml
index f39c9712..abbe7a22 100644
--- a/puppet/services/database/mysql.yaml
+++ b/puppet/services/database/mysql.yaml
@@ -96,10 +96,6 @@ outputs:
- {get_param: [DefaultPasswords, mysql_root_password]}
mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
enable_galera: {get_param: EnableGalera}
- # for now, we don't want to manage these services which are enabled
- # by default with recent changes in puppet-systemd.
- systemd::manage_networkd: false
- systemd::manage_resolved: false
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
diff --git a/puppet/services/docker.yaml b/puppet/services/docker.yaml
index d92b666b..d11ef66a 100644
--- a/puppet/services/docker.yaml
+++ b/puppet/services/docker.yaml
@@ -4,13 +4,11 @@ description: >
Configures docker on the host
parameters:
- DockerNamespace:
- description: namespace
- default: tripleoupstream
+ DockerInsecureRegistryAddress:
+ description: Optional. The IP Address and Port of an insecure docker
+ namespace that will be configured in /etc/sysconfig/docker.
type: string
- DockerNamespaceIsRegistry:
- type: boolean
- default: false
+ default: ''
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -38,14 +36,19 @@ parameters:
description: Parameters specific to the role
type: json
+conditions:
+ insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, '']}
+
outputs:
role_data:
description: Role data for the docker service
value:
service_name: docker
config_settings:
- tripleo::profile::base::docker::docker_namespace: {get_param: DockerNamespace}
- tripleo::profile::base::docker::insecure_registry: {get_param: DockerNamespaceIsRegistry}
+ if:
+ - insecure_registry_is_empty
+ - {}
+ - tripleo::profile::base::docker::insecure_registry_address: {get_param: DockerInsecureRegistryAddress}
step_config: |
include ::tripleo::profile::base::docker
upgrade_tasks:
diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml
index 2c13cb30..070bd7c7 100644
--- a/puppet/services/heat-api-cfn.yaml
+++ b/puppet/services/heat-api-cfn.yaml
@@ -130,6 +130,8 @@ outputs:
heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
heat::keystone::auth_cfn::password: {get_param: HeatPassword}
heat::keystone::auth_cfn::region: {get_param: KeystoneRegion}
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- name: Check if heat_api_cfn is deployed
command: systemctl is-enabled openstack-heat-api-cfn
diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml
index b23dc895..689251a3 100644
--- a/puppet/services/heat-api-cloudwatch.yaml
+++ b/puppet/services/heat-api-cloudwatch.yaml
@@ -114,6 +114,8 @@ outputs:
- heat::wsgi::apache_api_cloudwatch::workers: {get_param: HeatWorkers}
step_config: |
include ::tripleo::profile::base::heat::api_cloudwatch
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- name: Check if heat_api_cloudwatch is deployed
command: systemctl is-enabled openstack-heat-api-cloudwatch
diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml
index 3349271c..51f52a71 100644
--- a/puppet/services/heat-api.yaml
+++ b/puppet/services/heat-api.yaml
@@ -137,6 +137,8 @@ outputs:
heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
heat::keystone::auth::password: {get_param: HeatPassword}
heat::keystone::auth::region: {get_param: KeystoneRegion}
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- name: Check is heat_api is deployed
command: systemctl is-enabled openstack-heat-api
diff --git a/puppet/services/network/contrail-provision.yaml b/puppet/services/iscsid.yaml
index f3a43224..9510df3b 100644
--- a/puppet/services/network/contrail-provision.yaml
+++ b/puppet/services/iscsid.yaml
@@ -1,7 +1,7 @@
heat_template_version: pike
description: >
- Provision Contrail services after deployment
+ Configure iscsid
parameters:
ServiceData:
@@ -31,24 +31,11 @@ parameters:
via parameter_defaults in the resource registry.
type: json
-resources:
- ContrailBase:
- type: ./contrail-base.yaml
- properties:
- ServiceData: {get_param: ServiceData}
- ServiceNetMap: {get_param: ServiceNetMap}
- DefaultPasswords: {get_param: DefaultPasswords}
- EndpointMap: {get_param: EndpointMap}
- RoleName: {get_param: RoleName}
- RoleParameters: {get_param: RoleParameters}
-
outputs:
role_data:
- description: Contrail provisioning role
+ description: Role data for iscsid
value:
- service_name: contrail_provision
- config_settings:
- map_merge:
- - get_attr: [ContrailBase, role_data, config_settings]
+ service_name: iscsid
+ config_setting: {}
step_config: |
- include ::tripleo::network::contrail::provision
+ include ::tripleo::profile::base::iscsid
diff --git a/puppet/services/network/contrail-analytics.yaml b/puppet/services/network/contrail-analytics.yaml
index 51ecbf29..c60ffcd0 100644
--- a/puppet/services/network/contrail-analytics.yaml
+++ b/puppet/services/network/contrail-analytics.yaml
@@ -33,6 +33,26 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ContrailAnalyticsCollectorHttp:
+ default: 8089
+ description: Contrail Analytics Collector http port
+ type: number
+ ContrailAnalyticsCollectorSandesh:
+ default: 8086
+ description: Contrail Analytics Collector sandesh port
+ type: number
+ ContrailAnalyticsHttp:
+ default: 8090
+ description: Contrail Analytics http port
+ type: number
+ ContrailAnalyticsRedis:
+ default: 6379
+ description: Contrail Analytics redis port
+ type: number
+ ContrailAnalyticsApi:
+ default: 8081
+ description: Contrail Analytics Api port
+ type: number
resources:
ContrailBase:
@@ -41,7 +61,6 @@ resources:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
- EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
@@ -53,14 +72,14 @@ outputs:
config_settings:
map_merge:
- get_attr: [ContrailBase, role_data, config_settings]
- - contrail::analytics::collector_http_server_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, port]}
- contrail::analytics::collector_sandesh_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, port]}
+ - contrail::analytics::collector_http_server_port: {get_param: ContrailAnalyticsCollectorHttp}
+ contrail::analytics::collector_sandesh_port: {get_param: ContrailAnalyticsCollectorSandesh}
contrail::analytics::host_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]}
- contrail::analytics::http_server_port: {get_param: [EndpointMap, ContrailAnalyticsHttpInternal, port]}
+ contrail::analytics::http_server_port: {get_param: ContrailAnalyticsHttp}
contrail::analytics::listen_ip_address: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]}
contrail::analytics::redis_server: '127.0.0.1'
- contrail::analytics::redis_server_port: {get_param: [EndpointMap, ContrailAnalyticsRedisInternal, port]}
+ contrail::analytics::redis_server_port: {get_param: ContrailAnalyticsRedis}
contrail::analytics::rest_api_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]}
- contrail::analytics::rest_api_port: {get_param: [EndpointMap, ContrailAnalyticsApiInternal, port]}
+ contrail::analytics::rest_api_port: {get_param: ContrailAnalyticsApi}
step_config: |
include ::tripleo::network::contrail::analytics
diff --git a/puppet/services/network/contrail-base.yaml b/puppet/services/network/contrail-base.yaml
index 542c3d76..77c30bd9 100644
--- a/puppet/services/network/contrail-base.yaml
+++ b/puppet/services/network/contrail-base.yaml
@@ -30,11 +30,11 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- ContrailAAAMode:
+ AAAMode:
description: AAAmode can be no-auth, cloud-admin or rbac
type: string
default: 'rbac'
- ContrailAAAModeAnalytics:
+ AAAModeAnalytics:
description: AAAmode for analytics can be no-auth, cloud-admin or rbac
type: string
default: 'no-auth'
@@ -54,18 +54,26 @@ parameters:
description: Keystone admin user name
type: string
default: 'admin'
- AuthPortSSL:
- default: 13357
- description: Keystone SSL port
- type: number
- AuthPortSSLPublic:
- default: 13000
- description: Keystone Public SSL port
- type: number
ContrailAuth:
default: 'keystone'
description: Keystone authentication method
type: string
+ ContrailAnalyticsVIP:
+ default: ''
+ description: Contrail Analytics Api Virtual IP address
+ type: string
+ ContrailConfigPort:
+ default: 8082
+ description: Contrail Config Api port
+ type: number
+ ContrailConfigVIP:
+ default: ''
+ description: Contrail Config Virtual IP address
+ type: string
+ ContrailDiscoveryPort:
+ default: 5998
+ description: Contrail Config Api port
+ type: number
ContrailInsecure:
default: false
description: Keystone insecure mode
@@ -74,6 +82,14 @@ parameters:
default: '127.0.0.1:12111'
description: Memcached server
type: string
+ ContrailVIP:
+ default: ''
+ description: Contrail VIP
+ type: string
+ ContrailWebuiVIP:
+ default: ''
+ description: Contrail Webui Virtual IP address
+ type: string
RabbitPassword:
description: The password for RabbitMQ
type: string
@@ -87,29 +103,49 @@ parameters:
description: Set rabbit subscriber port, change this if using SSL
type: number
+conditions:
+ contrail_config_vip_unset: {equals : [{get_param: ContrailConfigVIP}, '']}
+ contrail_analytics_vip_unset: {equals : [{get_param: ContrailAnalyticsVIP}, '']}
+ contrail_webui_vip_unset: {equals : [{get_param: ContrailWebuiVIP}, '']}
+
outputs:
role_data:
description: Shared role data for the Contrail services.
value:
service_name: contrail_base
config_settings:
- contrail::aaa_mode: {get_param: ContrailAAAMode}
- contrail::analytics_aaa_mode: {get_param: ContrailAAAModeAnalytics}
- contrail::admin_password: {get_param: AdminPassword}
- contrail::admin_tenant_name: {get_param: AdminTenantName}
- contrail::admin_token: {get_param: AdminToken}
- contrail::admin_user: {get_param: AdminUser}
- contrail::auth: {get_param: ContrailAuth}
- contrail::auth_host: {get_param: [EndpointMap, KeystonePublic, host] }
- contrail::auth_port: {get_param: [EndpointMap, KeystoneAdmin, port] }
- contrail::auth_port_ssl: {get_param: AuthPortSSL }
- contrail::auth_port_public: {get_param: [EndpointMap, KeystonePublic, port] }
- contrail::auth_port_ssl_public: {get_param: AuthPortSSLPublic }
- contrail::auth_protocol: {get_param: [EndpointMap, KeystoneInternal, protocol] }
- contrail::api_port: {get_param: [EndpointMap, ContrailConfigInternal, port] }
- contrail::disc_server_port: {get_param: [EndpointMap, ContrailDiscoveryInternal, port] }
- contrail::insecure: {get_param: ContrailInsecure}
- contrail::memcached_server: {get_param: ContrailMemcachedServer}
- contrail::rabbit_password: {get_param: RabbitPassword}
- contrail::rabbit_user: {get_param: RabbitUserName}
- contrail::rabbit_port: {get_param: RabbitClientPort}
+ map_merge:
+ - contrail::aaa_mode: {get_param: AAAMode}
+ contrail::analytics_aaa_mode: {get_param: AAAModeAnalytics}
+ contrail::admin_password: {get_param: AdminPassword}
+ contrail::admin_tenant_name: {get_param: AdminTenantName}
+ contrail::admin_token: {get_param: AdminToken}
+ contrail::admin_user: {get_param: AdminUser}
+ contrail::auth: {get_param: ContrailAuth}
+ contrail::auth_host: {get_param: [EndpointMap, KeystoneAdmin, host] }
+ contrail::auth_port: {get_param: [EndpointMap, KeystoneAdmin, port] }
+ contrail::auth_port_public: {get_param: [EndpointMap, KeystonePublic, port] }
+ contrail::auth_protocol: {get_param: [EndpointMap, KeystonePublic, protocol] }
+ contrail::api_port: {get_param: ContrailConfigPort }
+ contrail::disc_server_port: {get_param: ContrailDiscoveryPort }
+ contrail::insecure: {get_param: ContrailInsecure}
+ contrail::memcached_server: {get_param: ContrailMemcachedServer}
+ contrail::rabbit_password: {get_param: RabbitPassword}
+ contrail::rabbit_user: {get_param: RabbitUserName}
+ contrail::rabbit_port: {get_param: RabbitClientPort}
+ contrail::vip: {get_param: ContrailVIP}
+ -
+ if:
+ - contrail_config_vip_unset
+ - {}
+ - contrail_config_vip: {get_param: ContrailConfigVIP}
+ -
+ if:
+ - contrail_webui_vip_unset
+ - {}
+ - contrail_webui_vip: {get_param: ContrailWebuiVIP}
+ -
+ if:
+ - contrail_analytics_vip_unset
+ - {}
+ - contrail_analytics_vip: {get_param: ContrailAnalyticsVIP}
diff --git a/puppet/services/network/contrail-config.yaml b/puppet/services/network/contrail-config.yaml
index d11cf6d0..210c81d7 100644
--- a/puppet/services/network/contrail-config.yaml
+++ b/puppet/services/network/contrail-config.yaml
@@ -41,6 +41,10 @@ parameters:
description: Ifmap user password
type: string
default: 'api-server'
+ ContrailConfigPort:
+ default: 8082
+ description: Contrail Config Api port
+ type: number
resources:
ContrailBase:
@@ -64,8 +68,8 @@ outputs:
- contrail::config::ifmap_password: {get_param: ContrailConfigIfmapUserPassword}
contrail::config::ifmap_username: {get_param: ContrailConfigIfmapUserName}
contrail::config::listen_ip_address: {get_param: [ServiceNetMap, ContrailConfigNetwork]}
- contrail::config::listen_port: {get_param: [EndpointMap, ContrailConfigInternal, port] }
+ contrail::config::listen_port: {get_param: ContrailConfigPort}
contrail::config::redis_server: '127.0.0.1'
- contrail::config::host_ip: {get_param: [ServiceNetMap, ContrailConfigNetwork] }
+ contrail::config::host_ip: {get_param: [ServiceNetMap, ContrailConfigNetwork]}
step_config: |
include ::tripleo::network::contrail::config
diff --git a/puppet/services/network/contrail-control.yaml b/puppet/services/network/contrail-control.yaml
index 529160ee..20951b0b 100644
--- a/puppet/services/network/contrail-control.yaml
+++ b/puppet/services/network/contrail-control.yaml
@@ -41,6 +41,10 @@ parameters:
description: sda1/256 hmac key, e.g. echo -n "values" | openssl dgst -sha256 -hmac key -binary | base64
type: string
hidden: true
+ ContrailControlManageNamed:
+ description: named config file mgmt
+ type: string
+ default: true
resources:
ContrailBase:
@@ -64,5 +68,6 @@ outputs:
- contrail::control::asn: {get_param: ContrailControlASN }
contrail::control::host_ip: {get_param: [ServiceNetMap, ContrailControlNetwork]}
contrail::control::rndc_secret: {get_param: ContrailControlRNDCSecret}
+ contrail::control::manage_named: {get_param: ContrailControlManageNamed}
step_config: |
include ::tripleo::network::contrail::control
diff --git a/puppet/services/network/contrail-dpdk.yaml b/puppet/services/network/contrail-dpdk.yaml
new file mode 100644
index 00000000..1f331894
--- /dev/null
+++ b/puppet/services/network/contrail-dpdk.yaml
@@ -0,0 +1,82 @@
+heat_template_version: pike
+
+description: >
+ OpenStack Neutron Compute OpenContrail plugin
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronMetadataProxySharedSecret:
+ description: Metadata Secret
+ type: string
+ hidden: true
+ ContrailVrouterPhysicalInterface:
+ default: 'eth0'
+ description: vRouter physical interface
+ type: string
+ ContrailVrouterGateway:
+ default: '192.168.24.1'
+ description: vRouter default gateway
+ type: string
+ ContrailVrouterNetmask:
+ default: '255.255.255.0'
+ description: vRouter netmask
+ type: string
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Compute OpenContrail plugin
+ value:
+ service_name: contrail_dpdk
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]}
+ contrail::vrouter::is_dpdk: 'true'
+ contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface}
+ contrail::vrouter::gateway: {get_param: ContrailVrouterGateway}
+ contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask}
+ contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
+ tripleo.neutron_compute_plugin_opencontrail.firewall_rules:
+ '111 neutron_compute_plugin_opencontrail proxy':
+ dport:
+ - 8097
+ - 8085
+ proto: tcp
+ step_config: |
+ include ::tripleo::network::contrail::vrouter
diff --git a/puppet/services/network/contrail-neutron-plugin.yaml b/puppet/services/network/contrail-neutron-plugin.yaml
index 95951fd5..50a6be48 100644
--- a/puppet/services/network/contrail-neutron-plugin.yaml
+++ b/puppet/services/network/contrail-neutron-plugin.yaml
@@ -33,7 +33,7 @@ parameters:
ContrailExtensions:
description: List of OpenContrail extensions to be enabled
type: comma_delimited_list
- default: ''
+ default: 'ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None'
resources:
ContrailBase:
@@ -54,7 +54,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [ContrailBase, role_data, config_settings]
- - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions
+ - neutron::api_extensions_path: '/usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions:/usr/lib/python2.7/site-packages/neutron_lbaas/extensions'
contrail::vrouter::contrail_extensions: {get_param: ContrailExtensions}
step_config: |
include tripleo::network::contrail::neutron_plugin
diff --git a/puppet/services/network/contrail-tsn.yaml b/puppet/services/network/contrail-tsn.yaml
index 469e18cc..058b9dc9 100644
--- a/puppet/services/network/contrail-tsn.yaml
+++ b/puppet/services/network/contrail-tsn.yaml
@@ -33,15 +33,15 @@ parameters:
NeutronMetadataProxySharedSecret:
description: Metadata Secret
type: string
- VrouterPhysicalInterface:
+ ContrailVrouterPhysicalInterface:
default: 'eth0'
description: vRouter physical interface
type: string
- VrouterGateway:
+ ContrailVrouterGateway:
default: '192.168.24.1'
description: vRouter default gateway
type: string
- VrouterNetmask:
+ ContrailVrouterNetmask:
default: '255.255.255.0'
description: vRouter netmask
type: string
@@ -65,10 +65,10 @@ outputs:
config_settings:
map_merge:
- get_attr: [ContrailBase, role_data, config_settings]
- - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]}
- contrail::vrouter::physical_interface: {get_param: VrouterPhysicalInterface}
- contrail::vrouter::gateway: {get_param: VrouterGateway}
- contrail::vrouter::netmask: {get_param: VrouterNetmask}
+ - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]}
+ contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface}
+ contrail::vrouter::gateway: {get_param: ContrailVrouterGateway}
+ contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask}
contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
contrail::vrouter::is_tsn: 'true'
tripleo.neutron_compute_plugin_opencontrail.firewall_rules:
diff --git a/puppet/services/network/contrail-vrouter.yaml b/puppet/services/network/contrail-vrouter.yaml
index d36a5651..981fe2fb 100644
--- a/puppet/services/network/contrail-vrouter.yaml
+++ b/puppet/services/network/contrail-vrouter.yaml
@@ -46,6 +46,10 @@ parameters:
default: '255.255.255.0'
description: vRouter netmask
type: string
+ ContrailVrouterControlNodeIps:
+ description: List of Contrail Node IPs
+ type: comma_delimited_list
+ default: ''
resources:
ContrailBase:
@@ -66,14 +70,16 @@ outputs:
config_settings:
map_merge:
- get_attr: [ContrailBase, role_data, config_settings]
- - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]}
+ - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]}
contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface}
contrail::vrouter::gateway: {get_param: ContrailVrouterGateway}
contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask}
contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- tripleo.neutron_compute_plugin_opencontrail.firewall_rules:
- '111 neutron_compute_plugin_opencontrail proxy':
+ contrail::vrouter::control_node_ips: {get_param: ContrailVrouterControlNodeIps}
+ tripleo.contrail_vrouter.firewall_rules:
+ '111 contrail_vrouter_8085':
+ dport: 8085
+ '112 contrail_vrouter_8097':
dport: 8097
- proto: tcp
step_config: |
include ::tripleo::network::contrail::vrouter
diff --git a/puppet/services/network/contrail-webui.yaml b/puppet/services/network/contrail-webui.yaml
index aa73fb94..8f96643f 100644
--- a/puppet/services/network/contrail-webui.yaml
+++ b/puppet/services/network/contrail-webui.yaml
@@ -33,6 +33,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ContrailWebuiHttp:
+ default: 8080
+ description: Contrail Webui http port
+ type: number
+ ContrailWebuiHttps:
+ default: 8143
+ description: Contrail Webui https port
+ type: number
resources:
ContrailBase:
@@ -53,8 +61,8 @@ outputs:
config_settings:
map_merge:
- get_attr: [ContrailBase, role_data, config_settings]
- - contrail::webui::http_port: {get_param: [EndpointMap, ContrailWebuiHttpInternal, port] }
- contrail::webui::https_port: {get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] }
+ - contrail::webui::http_port: {get_param: ContrailWebuiHttp }
+ contrail::webui::https_port: {get_param: ContrailWebuiHttps }
contrail::webui::redis_ip: '127.0.0.1'
step_config: |
include ::tripleo::network::contrail::webui
diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml
index d98d1620..dd757b5d 100644
--- a/puppet/services/neutron-plugin-ml2.yaml
+++ b/puppet/services/neutron-plugin-ml2.yaml
@@ -53,8 +53,8 @@ parameters:
default: 'datacentre:1:1000'
description: >
The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
- Neutron documentation for permitted values. Defaults to permitting any
- VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
+ Neutron documentation for permitted values. Defaults to permitting VLANs
+ 1 to 1000 on the 'datacentre' physical network (See NeutronBridgeMappings).
type: comma_delimited_list
NeutronTunnelIdRanges:
description: |
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index d0f8fda2..a12bfd0f 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -104,7 +104,13 @@ parameters:
SSH key for migration.
Expects a dictionary with keys 'public_key' and 'private_key'.
Values should be identical to SSH public/private key files.
- default: {}
+ default:
+ public_key: ''
+ private_key: ''
+ MigrationSshPort:
+ default: 22
+ description: Target port for migration over ssh
+ type: number
resources:
NovaBase:
@@ -159,14 +165,9 @@ outputs:
NovaPCIPassthrough: {get_param: NovaPCIPassthrough}
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
- tripleo::profile::base::nova::manage_migration: true
- tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey}
- tripleo::profile::base::nova::migration_ssh_localaddrs:
- - "%{hiera('cold_migration_ssh_inbound_addr')}"
- - "%{hiera('live_migration_ssh_inbound_addr')}"
- live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
- cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]}
- tripleo::profile::base::nova::nova_compute_enabled: true
+ tripleo::profile::base::nova::migration::client::nova_compute_enabled: true
+ tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
+ tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend}
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index 1c2958e3..e2ae7260 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -84,6 +84,19 @@ parameters:
the InternalTLSCAFile parameter) is not desired. The current
default reflects TripleO's default CA, which is FreeIPA.
It will only be used if internal TLS is enabled.
+ MigrationSshKey:
+ type: json
+ description: >
+ SSH key for migration.
+ Expects a dictionary with keys 'public_key' and 'private_key'.
+ Values should be identical to SSH public/private key files.
+ default:
+ public_key: ''
+ private_key: ''
+ MigrationSshPort:
+ default: 22
+ description: Target port for migration over ssh
+ type: number
conditions:
@@ -125,11 +138,12 @@ outputs:
- nova::compute::libvirt::manage_libvirt_services: false
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
- tripleo::profile::base::nova::manage_migration: true
- tripleo::profile::base::nova::libvirt_enabled: true
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
+ tripleo::profile::base::nova::migration::client::libvirt_enabled: true
+ tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
+ tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents}
@@ -150,7 +164,7 @@ outputs:
- use_tls_for_live_migration
-
generate_service_certificates: true
- tripleo::profile::base::nova::libvirt_tls: true
+ tripleo::profile::base::nova::migration::client::libvirt_tls: true
nova::migration::libvirt::live_migration_inbound_addr:
str_replace:
template:
diff --git a/puppet/services/nova-migration-target.yaml b/puppet/services/nova-migration-target.yaml
new file mode 100644
index 00000000..128abc2c
--- /dev/null
+++ b/puppet/services/nova-migration-target.yaml
@@ -0,0 +1,57 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Nova migration target configured with Puppet
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MigrationSshKey:
+ type: json
+ description: >
+ SSH key for migration.
+ Expects a dictionary with keys 'public_key' and 'private_key'.
+ Values should be identical to SSH public/private key files.
+ default:
+ public_key: ''
+ private_key: ''
+
+outputs:
+ role_data:
+ description: Role data for the Nova migration target service.
+ value:
+ service_name: nova_migration_target
+ config_settings:
+ tripleo::profile::base::nova::migration::target::ssh_authorized_keys:
+ - {get_param: [ MigrationSshKey, public_key ]}
+ tripleo::profile::base::nova::migration::target::ssh_localaddrs:
+ - "%{hiera('cold_migration_ssh_inbound_addr')}"
+ - "%{hiera('live_migration_ssh_inbound_addr')}"
+ live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
+ cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]}
+ step_config: |
+ include tripleo::profile::base::nova::migration::target
diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml
index 893e8418..158d04bd 100644
--- a/puppet/services/pacemaker.yaml
+++ b/puppet/services/pacemaker.yaml
@@ -105,11 +105,6 @@ parameters:
description: Whether to deploy a LoadBalancer on the Controller
type: boolean
- PacemakerResources:
- type: comma_delimited_list
- description: List of resources managed by pacemaker
- default: ['rabbitmq', 'galera']
-
outputs:
role_data:
description: Role data for the Pacemaker role.
@@ -156,20 +151,8 @@ outputs:
async: 30
poll: 4
- name: Stop pacemaker cluster
- tags: step2
+ tags: step3
pacemaker_cluster: state=offline
- name: Start pacemaker cluster
tags: step4
pacemaker_cluster: state=online
- - name: Check pacemaker resource
- tags: step4
- pacemaker_is_active:
- resource: "{{ item }}"
- max_wait: 500
- with_items: {get_param: PacemakerResources}
- - name: Check pacemaker haproxy resource
- tags: step4
- pacemaker_is_active:
- resource: haproxy
- max_wait: 500
- when: {get_param: EnableLoadBalancer}
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index 66f5c4b6..5867721a 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -97,7 +97,7 @@ outputs:
NODE_PORT: ''
NODE_IP_ADDRESS: ''
RABBITMQ_NODENAME: "rabbit@%{::hostname}"
- RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
+ RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<15000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<15000:64/native>>}]"'
'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}"
rabbitmq_kernel_variables:
inet_dist_listen_min: '25672'
diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml
index 40bc1368..f9c3cbae 100644
--- a/puppet/services/swift-storage.yaml
+++ b/puppet/services/swift-storage.yaml
@@ -130,6 +130,7 @@ outputs:
- openstack-swift-container-updater
- openstack-swift-container
- openstack-swift-object-auditor
+ - openstack-swift-object-expirer
- openstack-swift-object-replicator
- openstack-swift-object-updater
- openstack-swift-object
diff --git a/puppet/services/veritas-hyperscale-controller.yaml b/puppet/services/veritas-hyperscale-controller.yaml
new file mode 100644
index 00000000..bcb9e38f
--- /dev/null
+++ b/puppet/services/veritas-hyperscale-controller.yaml
@@ -0,0 +1,70 @@
+# Copyright (c) 2017 Veritas Technologies LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+heat_template_version: ocata
+
+description: >
+ Openstack Veritas HyperScale backend
+
+parameters:
+ VrtsRabbitPassword:
+ type: string
+ default: ''
+ VrtsKeystonePassword:
+ type: string
+ default: ''
+ VrtsMysqlPassword:
+ type: string
+ default: ''
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Install Veritas HyperScale packages for controller.
+ value:
+ service_name: veritas_hyperscale_controller
+ config_settings:
+ step_config: |
+ include ::veritas_hyperscale::controller_pkg_inst
+ service_config_settings:
+ rabbitmq:
+ vrts_rabbitmq_passwd: {get_param: VrtsRabbitPassword}
+ keystone:
+ vrts_keystone_passwd: {get_param: VrtsKeystonePassword}
+ mysql:
+ vrts_mysql_passwd: {get_param: VrtsMysqlPassword}
diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml
index debdc742..21857423 100644
--- a/puppet/services/zaqar.yaml
+++ b/puppet/services/zaqar.yaml
@@ -56,6 +56,14 @@ parameters:
type: string
description: Set the number of workers for zaqar::wsgi::apache
default: '%{::os_workers}'
+ ZaqarMessageStore:
+ type: string
+ description: The messaging store for Zaqar
+ default: mongodb
+ ZaqarManagementStore:
+ type: string
+ description: The management store for Zaqar
+ default: mongodb
EnableInternalTLS:
type: boolean
default: false
@@ -63,6 +71,8 @@ parameters:
conditions:
zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]}
service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']}
+ zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']}
+ zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}
resources:
@@ -105,26 +115,67 @@ outputs:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
+ zaqar::message_store: {get_param: ZaqarMessageStore}
+ zaqar::management_store: {get_param: ZaqarManagementStore}
+ -
+ if:
+ - zaqar_messaging_store_swift
+ -
+ zaqar::messaging::swift::uri:
+ list_join:
+ - ''
+ - ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service']
+ zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+ tripleo::profile::base::zaqar::messaging_store: 'swift'
+ - {}
+ -
+ if:
+ - zaqar_management_store_sqlalchemy
+ -
+ tripleo::profile::base::zaqar::management_store: 'sqlalchemy'
+ zaqar::management::sqlalchemy::uri:
+ make_url:
+ scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+ username: zaqar
+ password: {get_param: ZaqarPassword}
+ host: {get_param: [EndpointMap, MysqlInternal, host]}
+ path: /zaqar
+ query:
+ read_default_file: /etc/my.cnf.d/tripleo.cnf
+ read_default_group: tripleo
+ - {}
-
if:
- zaqar_workers_zero
- {}
- zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers}
service_config_settings:
- keystone:
- zaqar::keystone::auth::password: {get_param: ZaqarPassword}
- zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
- zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
- zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
- zaqar::keystone::auth::region: {get_param: KeystoneRegion}
- zaqar::keystone::auth::tenant: 'service'
- zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
- zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
- zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
- zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
- zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
- zaqar::keystone::auth_websocket::tenant: 'service'
-
+ map_merge:
+ - keystone:
+ zaqar::keystone::auth::password: {get_param: ZaqarPassword}
+ zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
+ zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
+ zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
+ zaqar::keystone::auth::region: {get_param: KeystoneRegion}
+ zaqar::keystone::auth::tenant: 'service'
+ zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
+ zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
+ zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
+ zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
+ zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
+ zaqar::keystone::auth_websocket::tenant: 'service'
+ -
+ if:
+ - zaqar_management_store_sqlalchemy
+ - mysql:
+ zaqar::db::mysql::user: zaqar
+ zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ zaqar::db::mysql::dbname: zaqar
+ zaqar::db::mysql::password: {get_param: ZaqarPassword}
+ zaqar::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+ - {}
step_config: |
include ::tripleo::profile::base::zaqar
upgrade_tasks: