summaryrefslogtreecommitdiffstats
path: root/puppet/services
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/services')
-rw-r--r--puppet/services/README.rst32
-rw-r--r--puppet/services/apache.yaml33
-rw-r--r--puppet/services/ceilometer-base.yaml25
-rw-r--r--puppet/services/disabled/ceilometer-expirer.yaml1
-rw-r--r--puppet/services/kernel.yaml29
-rw-r--r--puppet/services/neutron-metadata.yaml9
6 files changed, 102 insertions, 27 deletions
diff --git a/puppet/services/README.rst b/puppet/services/README.rst
index 0fb1da65..7a18ef0c 100644
--- a/puppet/services/README.rst
+++ b/puppet/services/README.rst
@@ -19,21 +19,35 @@ environment to set per service parameters.
Apart from sevice specific inputs, there are few default parameters for all
the services. Following are the list of default parameters:
- * ServiceNetMap: Mapping of service_name -> network name. Typically set via
- parameter_defaults in the resource registry. This mapping overrides those
- in ServiceNetMapDefaults.
+ * ServiceNetMap: Mapping of service_name -> network name. Default mappings
+ for service to network names are defined in
+ ../network/service_net_map.j2.yaml, which may be overridden via
+ ServiceNetMap values added to a user environment file via
+ parameter_defaults.
- * EndpointMap: Mapping of service endpoint -> protocol. Typically set via
- parameter_defaults in the resource registry.
+ * EndpointMap: Mapping of service endpoint -> protocol. Contains a mapping of
+ endpoint data generated for all services, based on the data included in
+ ../network/endpoints/endpoint_data.yaml.
- * DefaultPasswords: Mapping of service -> default password. Used to help pass
- top level passwords managed by Heat into services.
+ * DefaultPasswords: Mapping of service -> default password. Used to pass some
+ passwords from the parent templates, this is a legacy interface and should
+ not be used by new services.
* RoleName: Name of the role on which this service is deployed. A service can
- be deployed in multiple roles.
+ be deployed in multiple roles. This is an internal parameter (should not be
+ set via environment file), which is fetched from the name attribute of the
+ roles_data.yaml template.
* RoleParameters: Parameter specific to a role on which the service is
- applied.
+ applied. Using the format "<RoleName>Parameters" in the parameter_defaults
+ of user environment file, parameters can be provided for a specific role.
+ For example, in order to provide a parameter specific to "Compute" role,
+ below is the format::
+
+ parameter_defaults:
+ ComputeParameters:
+ Param1: value
+
Config Settings
---------------
diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml
index ac371927..f3021060 100644
--- a/puppet/services/apache.yaml
+++ b/puppet/services/apache.yaml
@@ -84,21 +84,24 @@ outputs:
apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit }
apache::mod::remoteip::proxy_ips:
- "%{hiera('apache_remote_proxy_ips_network')}"
- -
- generate_service_certificates: true
- tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
- tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
- apache_certificates_specs:
- map_merge:
- repeat:
- template:
- httpd-NETWORK:
- service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
- service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
- hostname: "%{hiera('fqdn_NETWORK')}"
- principal: "HTTP/%{hiera('fqdn_NETWORK')}"
- for_each:
- NETWORK: {get_attr: [ApacheNetworks, value]}
+ - if:
+ - internal_tls_enabled
+ -
+ generate_service_certificates: true
+ tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
+ tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
+ apache_certificates_specs:
+ map_merge:
+ repeat:
+ template:
+ httpd-NETWORK:
+ service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
+ service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
+ hostname: "%{hiera('fqdn_NETWORK')}"
+ principal: "HTTP/%{hiera('fqdn_NETWORK')}"
+ for_each:
+ NETWORK: {get_attr: [ApacheNetworks, value]}
+ - {}
metadata_settings:
if:
- internal_tls_enabled
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index d2f08bec..e60eb425 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -38,9 +38,27 @@ parameters:
default: 0
description: Number of workers for Ceilometer service.
type: number
+ ManageEventPipeline:
+ default: false
+ description: Whether to manage event_pipeline.yaml.
+ type: boolean
EventPipelinePublishers:
- default: ['notifier://?topic=alarm.all']
- description: A list of publishers to put in event_pipeline.yaml.
+ default: ['gnocchi://']
+ description: >
+ A list of publishers to put in event_pipeline.yaml. When the
+ collector is used, override this with notifier:// publisher.
+ Set ManageEventPipeline to true for override to take effect.
+ type: comma_delimited_list
+ ManagePipeline:
+ default: false
+ description: Whether to manage pipeline.yaml.
+ type: boolean
+ PipelinePublishers:
+ default: ['gnocchi://']
+ description: >
+ A list of publishers to put in pipeline.yaml. When the
+ collector is used, override this with notifier:// publisher.
+ Set ManagePipeline to true for override to take effect.
type: comma_delimited_list
Debug:
default: ''
@@ -97,7 +115,10 @@ outputs:
ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword}
ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+ ceilometer::agent::notification::manage_event_pipeline: {get_param: ManageEventPipeline}
ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers}
+ ceilometer::agent::notification::manage_pipeline: {get_param: ManagePipeline}
+ ceilometer::agent::notification::pipeline_publishers: {get_param: PipelinePublishers}
ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion}
ceilometer::agent::auth::auth_tenant_name: 'service'
ceilometer::agent::auth::auth_user_domain_name: 'Default'
diff --git a/puppet/services/disabled/ceilometer-expirer.yaml b/puppet/services/disabled/ceilometer-expirer.yaml
index 560cc582..182193ec 100644
--- a/puppet/services/disabled/ceilometer-expirer.yaml
+++ b/puppet/services/disabled/ceilometer-expirer.yaml
@@ -20,6 +20,7 @@ parameters:
RoleParameters:
default: {}
description: Parameters specific to the role
+ type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index 697ec228..8121454b 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -34,6 +34,28 @@ parameters:
default: 0
description: Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys
type: number
+ NeighbourGcThreshold1:
+ default: 1024
+ description: Configures sysctl net.ipv4.neigh.default.gc_thresh1 value.
+ This is the minimum number of entries to keep in the ARP
+ cache. The garbage collector will not run if there are
+ fewer than this number of entries in the cache.
+ type: number
+ NeighbourGcThreshold2:
+ default: 2048
+ description: Configures sysctl net.ipv4.neigh.default.gc_thresh2 value.
+ This is the soft maximum number of entries to keep in the
+ ARP cache. The garbage collector will allow the number of
+ entries to exceed this for 5 seconds before collection will
+ be performed.
+ type: number
+ NeighbourGcThreshold3:
+ default: 4096
+ description: Configures sysctl net.ipv4.neigh.default.gc_thresh3 value.
+ This is the hard maximum number of entries to keep in the
+ ARP cache. The garbage collector will always run if there
+ are more than this number of entries in the cache.
+ type: number
outputs:
role_data:
@@ -94,5 +116,12 @@ outputs:
value: 1
fs.suid_dumpable:
value: 0
+ #avoid neighbour table overflow on large deployments
+ net.ipv4.neigh.default.gc_thresh1:
+ value: {get_param: NeighbourGcThreshold1}
+ net.ipv4.neigh.default.gc_thresh2:
+ value: {get_param: NeighbourGcThreshold2}
+ net.ipv4.neigh.default.gc_thresh3:
+ value: {get_param: NeighbourGcThreshold3}
step_config: |
include ::tripleo::profile::base::kernel
diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml
index 7d9c73eb..ec4a3df6 100644
--- a/puppet/services/neutron-metadata.yaml
+++ b/puppet/services/neutron-metadata.yaml
@@ -54,6 +54,9 @@ parameters:
tag: openstack.neutron.agent.metadata
path: /var/log/neutron/metadata-agent.log
+conditions:
+ neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
+
resources:
NeutronBase:
@@ -78,11 +81,15 @@ outputs:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
neutron::agents::metadata::auth_tenant: 'service'
neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
+ -
+ if:
+ - neutron_workers_unset
+ - {}
+ - neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
step_config: |
include tripleo::profile::base::neutron::metadata
upgrade_tasks: