diff options
Diffstat (limited to 'puppet/services')
-rw-r--r-- | puppet/services/README.rst | 32 | ||||
-rw-r--r-- | puppet/services/apache.yaml | 33 | ||||
-rw-r--r-- | puppet/services/ceilometer-base.yaml | 25 | ||||
-rw-r--r-- | puppet/services/disabled/ceilometer-expirer.yaml | 1 | ||||
-rw-r--r-- | puppet/services/kernel.yaml | 29 | ||||
-rw-r--r-- | puppet/services/neutron-metadata.yaml | 9 |
6 files changed, 102 insertions, 27 deletions
diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 0fb1da65..7a18ef0c 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -19,21 +19,35 @@ environment to set per service parameters. Apart from sevice specific inputs, there are few default parameters for all the services. Following are the list of default parameters: - * ServiceNetMap: Mapping of service_name -> network name. Typically set via - parameter_defaults in the resource registry. This mapping overrides those - in ServiceNetMapDefaults. + * ServiceNetMap: Mapping of service_name -> network name. Default mappings + for service to network names are defined in + ../network/service_net_map.j2.yaml, which may be overridden via + ServiceNetMap values added to a user environment file via + parameter_defaults. - * EndpointMap: Mapping of service endpoint -> protocol. Typically set via - parameter_defaults in the resource registry. + * EndpointMap: Mapping of service endpoint -> protocol. Contains a mapping of + endpoint data generated for all services, based on the data included in + ../network/endpoints/endpoint_data.yaml. - * DefaultPasswords: Mapping of service -> default password. Used to help pass - top level passwords managed by Heat into services. + * DefaultPasswords: Mapping of service -> default password. Used to pass some + passwords from the parent templates, this is a legacy interface and should + not be used by new services. * RoleName: Name of the role on which this service is deployed. A service can - be deployed in multiple roles. + be deployed in multiple roles. This is an internal parameter (should not be + set via environment file), which is fetched from the name attribute of the + roles_data.yaml template. * RoleParameters: Parameter specific to a role on which the service is - applied. + applied. Using the format "<RoleName>Parameters" in the parameter_defaults + of user environment file, parameters can be provided for a specific role. + For example, in order to provide a parameter specific to "Compute" role, + below is the format:: + + parameter_defaults: + ComputeParameters: + Param1: value + Config Settings --------------- diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index ac371927..f3021060 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -84,21 +84,24 @@ outputs: apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit } apache::mod::remoteip::proxy_ips: - "%{hiera('apache_remote_proxy_ips_network')}" - - - generate_service_certificates: true - tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' - tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' - apache_certificates_specs: - map_merge: - repeat: - template: - httpd-NETWORK: - service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt' - service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' - hostname: "%{hiera('fqdn_NETWORK')}" - principal: "HTTP/%{hiera('fqdn_NETWORK')}" - for_each: - NETWORK: {get_attr: [ApacheNetworks, value]} + - if: + - internal_tls_enabled + - + generate_service_certificates: true + tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' + tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' + apache_certificates_specs: + map_merge: + repeat: + template: + httpd-NETWORK: + service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt' + service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' + hostname: "%{hiera('fqdn_NETWORK')}" + principal: "HTTP/%{hiera('fqdn_NETWORK')}" + for_each: + NETWORK: {get_attr: [ApacheNetworks, value]} + - {} metadata_settings: if: - internal_tls_enabled diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index d2f08bec..e60eb425 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -38,9 +38,27 @@ parameters: default: 0 description: Number of workers for Ceilometer service. type: number + ManageEventPipeline: + default: false + description: Whether to manage event_pipeline.yaml. + type: boolean EventPipelinePublishers: - default: ['notifier://?topic=alarm.all'] - description: A list of publishers to put in event_pipeline.yaml. + default: ['gnocchi://'] + description: > + A list of publishers to put in event_pipeline.yaml. When the + collector is used, override this with notifier:// publisher. + Set ManageEventPipeline to true for override to take effect. + type: comma_delimited_list + ManagePipeline: + default: false + description: Whether to manage pipeline.yaml. + type: boolean + PipelinePublishers: + default: ['gnocchi://'] + description: > + A list of publishers to put in pipeline.yaml. When the + collector is used, override this with notifier:// publisher. + Set ManagePipeline to true for override to take effect. type: comma_delimited_list Debug: default: '' @@ -97,7 +115,10 @@ outputs: ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + ceilometer::agent::notification::manage_event_pipeline: {get_param: ManageEventPipeline} ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers} + ceilometer::agent::notification::manage_pipeline: {get_param: ManagePipeline} + ceilometer::agent::notification::pipeline_publishers: {get_param: PipelinePublishers} ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion} ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_user_domain_name: 'Default' diff --git a/puppet/services/disabled/ceilometer-expirer.yaml b/puppet/services/disabled/ceilometer-expirer.yaml index 560cc582..182193ec 100644 --- a/puppet/services/disabled/ceilometer-expirer.yaml +++ b/puppet/services/disabled/ceilometer-expirer.yaml @@ -20,6 +20,7 @@ parameters: RoleParameters: default: {} description: Parameters specific to the role + type: json EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 697ec228..8121454b 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -34,6 +34,28 @@ parameters: default: 0 description: Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys type: number + NeighbourGcThreshold1: + default: 1024 + description: Configures sysctl net.ipv4.neigh.default.gc_thresh1 value. + This is the minimum number of entries to keep in the ARP + cache. The garbage collector will not run if there are + fewer than this number of entries in the cache. + type: number + NeighbourGcThreshold2: + default: 2048 + description: Configures sysctl net.ipv4.neigh.default.gc_thresh2 value. + This is the soft maximum number of entries to keep in the + ARP cache. The garbage collector will allow the number of + entries to exceed this for 5 seconds before collection will + be performed. + type: number + NeighbourGcThreshold3: + default: 4096 + description: Configures sysctl net.ipv4.neigh.default.gc_thresh3 value. + This is the hard maximum number of entries to keep in the + ARP cache. The garbage collector will always run if there + are more than this number of entries in the cache. + type: number outputs: role_data: @@ -94,5 +116,12 @@ outputs: value: 1 fs.suid_dumpable: value: 0 + #avoid neighbour table overflow on large deployments + net.ipv4.neigh.default.gc_thresh1: + value: {get_param: NeighbourGcThreshold1} + net.ipv4.neigh.default.gc_thresh2: + value: {get_param: NeighbourGcThreshold2} + net.ipv4.neigh.default.gc_thresh3: + value: {get_param: NeighbourGcThreshold3} step_config: | include ::tripleo::profile::base::kernel diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 7d9c73eb..ec4a3df6 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -54,6 +54,9 @@ parameters: tag: openstack.neutron.agent.metadata path: /var/log/neutron/metadata-agent.log +conditions: + neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']} + resources: NeutronBase: @@ -78,11 +81,15 @@ outputs: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret} - neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers} neutron::agents::metadata::auth_password: {get_param: NeutronPassword} neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } neutron::agents::metadata::auth_tenant: 'service' neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}" + - + if: + - neutron_workers_unset + - {} + - neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers} step_config: | include tripleo::profile::base::neutron::metadata upgrade_tasks: |