summaryrefslogtreecommitdiffstats
path: root/puppet/services
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/services')
-rw-r--r--puppet/services/aodh-api.yaml6
-rw-r--r--puppet/services/barbican-api.yaml19
-rw-r--r--puppet/services/ceph-external.yaml8
-rw-r--r--puppet/services/ceph-rgw.yaml12
-rw-r--r--puppet/services/cinder-api.yaml17
-rw-r--r--puppet/services/haproxy.yaml12
-rw-r--r--puppet/services/heat-engine.yaml2
-rw-r--r--puppet/services/horizon.yaml70
-rw-r--r--puppet/services/keepalived.yaml14
-rw-r--r--puppet/services/keystone.yaml26
-rw-r--r--puppet/services/monitoring/sensu-base.yaml17
-rw-r--r--puppet/services/neutron-base.yaml7
-rw-r--r--puppet/services/neutron-l3.yaml22
-rw-r--r--puppet/services/nova-base.yaml94
-rw-r--r--puppet/services/opendaylight-ovs.yaml6
-rw-r--r--puppet/services/pacemaker/haproxy.yaml2
-rw-r--r--puppet/services/services.yaml21
17 files changed, 211 insertions, 144 deletions
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
index 48cc4af6..daed1665 100644
--- a/puppet/services/aodh-api.yaml
+++ b/puppet/services/aodh-api.yaml
@@ -21,11 +21,6 @@ parameters:
MonitoringSubscriptionAodhApi:
default: 'overcloud-ceilometer-aodh-api'
type: string
- EnableCombinationAlarms:
- default: false
- description: Combination alarms are deprecated in Newton, hence disabled
- by default. To enable, set this parameter to true.
- type: boolean
EnableInternalTLS:
type: boolean
default: false
@@ -83,7 +78,6 @@ outputs:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
- tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms}
service_config_settings:
get_attr: [AodhBase, role_data, service_config_settings]
step_config: |
diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml
index cf57680c..b266674f 100644
--- a/puppet/services/barbican-api.yaml
+++ b/puppet/services/barbican-api.yaml
@@ -52,6 +52,9 @@ parameters:
default: guest
description: The username for RabbitMQ
type: string
+ EnableInternalTLS:
+ type: boolean
+ default: false
resources:
@@ -85,7 +88,7 @@ outputs:
barbican::api::rabbit_heartbeat_timeout_threshold: 60
barbican::api::service_name: 'httpd'
barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
- barbican::wsgi::apache::ssl: false
+ barbican::wsgi::apache::ssl: {get_param: EnableInternalTLS}
barbican::wsgi::apache::workers: {get_param: BarbicanWorkers}
barbican::wsgi::apache::servername:
str_replace:
@@ -125,3 +128,17 @@ outputs:
barbican::keystone::auth::password: {get_param: BarbicanPassword}
barbican::keystone::auth::region: {get_param: KeystoneRegion}
barbican::keystone::auth::tenant: 'service'
+ nova_compute:
+ nova::compute::keymgr_api_class: >
+ castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+ nova::compute::barbican_endpoint:
+ get_param: [EndpointMap, BarbicanInternal, uri]
+ nova::compute::barbican_auth_endpoint:
+ get_param: [EndpointMap, KeystoneV3Internal, uri]
+ cinder_api:
+ cinder::api::keymgr_api_class: >
+ castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+ cinder::api::keymgr_encryption_api_url:
+ get_param: [EndpointMap, BarbicanInternal, uri]
+ cinder::api::keymgr_encryption_auth_url:
+ get_param: [EndpointMap, KeystoneV3Internal, uri]
diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml
index 9120687b..b708665f 100644
--- a/puppet/services/ceph-external.yaml
+++ b/puppet/services/ceph-external.yaml
@@ -99,6 +99,14 @@ outputs:
CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
+ ceph::profile::params::manage_repo: false
+ # FIXME(gfidente): we should not have to list the packages explicitly in
+ # the templates, but this should stay until the following is fixed:
+ # https://bugs.launchpad.net/puppet-ceph/+bug/1629933
+ ceph::params::packages:
+ - ceph-base
+ - ceph-mon
+ - ceph-osd
service_config_settings:
glance_api:
glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml
index 18a4b780..89c1a5ee 100644
--- a/puppet/services/ceph-rgw.yaml
+++ b/puppet/services/ceph-rgw.yaml
@@ -55,15 +55,9 @@ outputs:
- tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey}
tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken}
tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- ceph::profile::params::frontend_type: 'civetweb'
- ceph_rgw_civetweb_bind_address: {get_param: [ServiceNetMap, CephRgwNetwork]}
- ceph::profile::params::rgw_frontends:
- list_join:
- - ''
- - - 'civetweb port='
- - '%{hiera("ceph_rgw_civetweb_bind_address")}'
- - ':'
- - {get_param: [EndpointMap, CephRgwInternal, port]}
+ tripleo::profile::base::ceph::rgw::civetweb_bind_ip: {get_param: [ServiceNetMap, CephRgwNetwork]}
+ tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]}
+ ceph::params::user_radosgw: ceph
tripleo.ceph_rgw.firewall_rules:
'122 ceph rgw':
dport: {get_param: [EndpointMap, CephRgwInternal, port]}
diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml
index fe48667a..803d8b83 100644
--- a/puppet/services/cinder-api.yaml
+++ b/puppet/services/cinder-api.yaml
@@ -43,6 +43,9 @@ parameters:
type: string
description: Set the number of workers for cinder::wsgi::apache
default: '"%{::os_workers}"'
+ EnableInternalTLS:
+ type: boolean
+ default: false
conditions:
cinder_workers_zero: {equals : [{get_param: CinderWorkers}, 0]}
@@ -55,6 +58,7 @@ resources:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
CinderBase:
type: ./cinder-base.yaml
@@ -94,21 +98,26 @@ outputs:
dport:
- 8776
- 13776
+ cinder::api::bind_host:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
+ cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
+ cinder::api::service_name: 'httpd'
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
- cinder::api::service_name: 'httpd'
- cinder::wsgi::apache::ssl: false
cinder::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
cinder::wsgi::apache::servername:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
params:
- $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
-
if:
- cinder_workers_zero
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index 0813cb7e..c8edade5 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -34,16 +34,6 @@ parameters:
description: The password for Redis
type: string
hidden: true
- ControlVirtualInterface:
- default: 'br-ex'
- description: Interface where virtual ip will be assigned.
- type: string
- PublicVirtualInterface:
- default: 'br-ex'
- description: >
- Specifies the interface where the public-facing virtual ip will be assigned.
- This should be int_public when a VLAN is being used.
- type: string
MonitoringSubscriptionHaproxy:
default: 'overcloud-haproxy'
type: string
@@ -81,8 +71,6 @@ outputs:
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
tripleo::haproxy::redis_password: {get_param: RedisPassword}
- tripleo::haproxy::control_virtual_interface: {get_param: ControlVirtualInterface}
- tripleo::haproxy::public_virtual_interface: {get_param: PublicVirtualInterface}
tripleo::profile::base::haproxy::certificates_specs:
map_merge:
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml
index 20415eef..3f0e4105 100644
--- a/puppet/services/heat-engine.yaml
+++ b/puppet/services/heat-engine.yaml
@@ -105,4 +105,4 @@ outputs:
- "%{hiera('mysql_bind_host')}"
keystone:
# This is needed because the keystone profile handles creating the domain
- heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword}
+ tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword}
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 1e08415c..8eaf4044 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -24,7 +24,7 @@ parameters:
type: json
HorizonAllowedHosts:
default: '*'
- description: A list of IP/Hostname for the server Horizonis running on.
+ description: A list of IP/Hostname for the server Horizon is running on.
Used for header checks.
type: comma_delimited_list
HorizonSecret:
@@ -32,11 +32,6 @@ parameters:
type: string
hidden: true
default: ''
- NeutronMechanismDrivers:
- default: 'openvswitch'
- description: |
- The mechanism drivers for the Neutron tenant network.
- type: comma_delimited_list
MemcachedIPv6:
default: false
description: Enable IPv6 features in Memcached.
@@ -45,6 +40,10 @@ parameters:
default: 'overcloud-horizon'
type: string
+conditions:
+
+ debug_empty: {equals : [{get_param: Debug}, '']}
+
outputs:
role_data:
description: Role data for the Horizon role.
@@ -52,33 +51,36 @@ outputs:
service_name: horizon
monitoring_subscription: {get_param: MonitoringSubscriptionHorizon}
config_settings:
- horizon::allowed_hosts: {get_param: HorizonAllowedHosts}
- neutron::plugins::ml2::mechanism_drivers:
- str_replace:
- template: MECHANISMS
- params:
- MECHANISMS: {get_param: NeutronMechanismDrivers}
- tripleo.horizon.firewall_rules:
- '126 horizon':
- dport:
- - 80
- - 443
- horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
- horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
- horizon::vhost_extra_params:
- add_listen: false
- priority: 10
- access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
- horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
- horizon::django_debug: {get_param: Debug}
- horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
- horizon::secret_key:
- yaql:
- expression: $.data.passwords.where($ != '').first()
- data:
- passwords:
- - {get_param: HorizonSecret}
- - {get_param: [DefaultPasswords, horizon_secret]}
- memcached_ipv6: {get_param: MemcachedIPv6}
+ map_merge:
+ - horizon::allowed_hosts: {get_param: HorizonAllowedHosts}
+ tripleo.horizon.firewall_rules:
+ '126 horizon':
+ dport:
+ - 80
+ - 443
+ horizon::disable_password_reveal: true
+ horizon::enforce_password_check: true
+ horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
+ horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
+ horizon::vhost_extra_params:
+ add_listen: false
+ priority: 10
+ access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
+ options: ['FollowSymLinks','MultiViews']
+ horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
+ horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ horizon::secret_key:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: HorizonSecret}
+ - {get_param: [DefaultPasswords, horizon_secret]}
+ memcached_ipv6: {get_param: MemcachedIPv6}
+ -
+ if:
+ - debug_empty
+ - {}
+ - horizon::django_debug: {get_param: Debug}
step_config: |
include ::tripleo::profile::base::horizon
diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml
index 38cfbe22..fb0d32b6 100644
--- a/puppet/services/keepalived.yaml
+++ b/puppet/services/keepalived.yaml
@@ -19,14 +19,18 @@ parameters:
via parameter_defaults in the resource registry.
type: json
ControlVirtualInterface:
- default: 'br-ex'
- description: Interface where virtual ip will be assigned.
+ default: ''
+ description: >
+ Interface where virtual ip will be assigned. This value will be
+ automatically set by the deployment tool. Overriding here will
+ override automatic setting.
type: string
PublicVirtualInterface:
- default: 'br-ex'
+ default: ''
description: >
- Specifies the interface where the public-facing virtual ip will be assigned.
- This should be int_public when a VLAN is being used.
+ Interface where virtual ip will be assigned. This value will be
+ automatically set by the deployment tool. Overriding here will
+ override automatic setting.
type: string
MonitoringSubscriptionKeepalived:
default: 'overcloud-keepalived'
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 1f83b680..fe023a6a 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
OpenStack Keystone service configured with Puppet
@@ -32,6 +32,12 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ KeystoneTokenProvider:
+ description: The keystone token format
+ type: string
+ default: 'uuid'
+ constraints:
+ - allowed_values: ['uuid', 'fernet']
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -85,7 +91,7 @@ parameters:
description: Set the number of workers for keystone::wsgi::apache
default: '"%{::os_workers}"'
MonitoringSubscriptionKeystone:
- default: 'overcloud-kestone'
+ default: 'overcloud-keystone'
type: string
KeystoneCredential0:
type: string
@@ -93,6 +99,12 @@ parameters:
KeystoneCredential1:
type: string
description: The second Keystone credential key. Must be a valid key.
+ KeystoneFernetKey0:
+ type: string
+ description: The first Keystone fernet key. Must be a valid key.
+ KeystoneFernetKey1:
+ type: string
+ description: The second Keystone fernet key. Must be a valid key.
KeystoneLoggingSource:
type: json
default:
@@ -112,6 +124,9 @@ resources:
EndpointMap: {get_param: EndpointMap}
EnableInternalTLS: {get_param: EnableInternalTLS}
+conditions:
+ keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]}
+
outputs:
role_data:
description: Role data for the Keystone role.
@@ -138,6 +153,8 @@ outputs:
keystone::roles::admin::password: {get_param: AdminPassword}
keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+ keystone::token_provider: {get_param: KeystoneTokenProvider}
+ keystone::enable_fernet_setup: {if: [keystone_fernet_tokens, true, false]}
keystone::enable_proxy_headers_parsing: true
keystone::enable_credential_setup: true
keystone::credential_keys:
@@ -145,6 +162,11 @@ outputs:
content: {get_param: KeystoneCredential0}
'/etc/keystone/credential-keys/1':
content: {get_param: KeystoneCredential1}
+ keystone::fernet_keys:
+ '/etc/keystone/fernet-keys/0':
+ content: {get_param: KeystoneFernetKey0}
+ '/etc/keystone/fernet-keys/1':
+ content: {get_param: KeystoneFernetKey1}
keystone::debug: {get_param: Debug}
keystone::rabbit_userid: {get_param: RabbitUserName}
keystone::rabbit_password: {get_param: RabbitPassword}
diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml
index d7350d07..e5762328 100644
--- a/puppet/services/monitoring/sensu-base.yaml
+++ b/puppet/services/monitoring/sensu-base.yaml
@@ -43,7 +43,19 @@ parameters:
description: The RabbitMQ vhost used for monitoring purposes.
type: string
default: '/sensu'
-
+ SensuRedactVariables:
+ description: Variables from Sensu configuration, which have to be redacted.
+ type: array
+ default:
+ - password
+ - passwd
+ - pass
+ - api_key
+ - api_token
+ - access_key
+ - secret_key
+ - private_key
+ - secret
outputs:
role_data:
@@ -61,8 +73,7 @@ outputs:
sensu::rabbitmq_ssl: {get_param: MonitoringRabbitUseSSL}
sensu::rabbitmq_user: {get_param: MonitoringRabbitUserName}
sensu::rabbitmq_vhost: {get_param: MonitoringRabbitVhost}
- #sensu::redis_host: {get_param: MonitoringRedisHost}
- #sensu::redis_password: {get_param: MonitoringRedisPassword}
+ sensu::redact: {get_param: SensuRedactVariables}
sensu::sensu_plugin_provider: 'yum'
sensu::sensu_plugin_name: 'rubygem-sensu-plugin'
sensu::version: 'present'
diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml
index 6bb4ba08..0b2cef07 100644
--- a/puppet/services/neutron-base.yaml
+++ b/puppet/services/neutron-base.yaml
@@ -50,16 +50,13 @@ parameters:
to false may result in configuration remnants after updates/upgrades.
NeutronGlobalPhysnetMtu:
type: number
- default: 1496
+ default: 1500
description: |
MTU of the underlying physical network. Neutron uses this value to
calculate MTU for all virtual network components. For flat and VLAN
networks, neutron uses this value without modification. For overlay
networks such as VXLAN, neutron automatically subtracts the overlay
- protocol overhead from this value. The default value of 1496 is
- currently in effect to compensate for some additional overhead when
- deploying with some network configurations (e.g. network isolation over
- single network interfaces)
+ protocol overhead from this value.
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml
index a89e3d75..a2157555 100644
--- a/puppet/services/neutron-l3.yaml
+++ b/puppet/services/neutron-l3.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
OpenStack Neutron L3 agent configured with Puppet
@@ -43,6 +43,10 @@ parameters:
tag: openstack.neutron.agent.l3
path: /var/log/neutron/l3-agent.log
+conditions:
+
+ external_network_bridge_empty: {equals : [{get_param: NeutronExternalNetworkBridge}, "''"]}
+
resources:
NeutronBase:
@@ -63,12 +67,16 @@ outputs:
- neutron
config_settings:
map_merge:
- - get_attr: [NeutronBase, role_data, config_settings]
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::agents::l3::router_delete_namespaces: True
+ neutron::agents::l3::agent_mode: {get_param: NeutronL3AgentMode}
+ tripleo.neutron_l3.firewall_rules:
+ '106 neutron_l3 vrrp':
+ proto: vrrp
+ -
+ if:
+ - external_network_bridge_empty
+ - {}
- neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
- neutron::agents::l3::router_delete_namespaces: True
- neutron::agents::l3::agent_mode : {get_param: NeutronL3AgentMode}
- tripleo.neutron_l3.firewall_rules:
- '106 neutron_l3 vrrp':
- proto: vrrp
step_config: |
include tripleo::profile::base::neutron::l3
diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
index 8db00d8f..74a95d20 100644
--- a/puppet/services/nova-base.yaml
+++ b/puppet/services/nova-base.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
OpenStack Nova base service. Shared for all Nova services.
@@ -66,6 +66,9 @@ parameters:
type: string
description: Nova Compute upgrade level
default: ''
+conditions:
+
+ compute_upgrade_level_empty: {equals : [{get_param: UpgradeLevelNovaCompute}, '']}
outputs:
role_data:
@@ -73,45 +76,50 @@ outputs:
value:
service_name: nova_base
config_settings:
- nova::rabbit_password: {get_param: RabbitPassword}
- nova::rabbit_userid: {get_param: RabbitUserName}
- nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
- nova::rabbit_port: {get_param: RabbitClientPort}
- nova::database_connection:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://nova:'
- - {get_param: NovaPassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/nova'
- nova::api_database_connection:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://nova_api:'
- - {get_param: NovaPassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/nova_api'
- nova::debug: {get_param: Debug}
- nova::purge_config: {get_param: EnableConfigPurge}
- nova::network::neutron::neutron_project_name: 'service'
- nova::network::neutron::neutron_username: 'neutron'
- nova::network::neutron::dhcp_domain: ''
- nova::network::neutron::neutron_password: {get_param: NeutronPassword}
- nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
- nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]}
- nova::rabbit_heartbeat_timeout_threshold: 60
- nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL'
- nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed.
- nova::notify_on_state_change: 'vm_and_task_state'
- nova::notification_driver: messagingv2
- nova::network::neutron::neutron_auth_type: 'v3password'
- nova::db::database_db_max_retries: -1
- nova::db::database_max_retries: -1
- nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
- nova::use_ipv6: {get_param: NovaIPv6}
- nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute}
- nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge}
+ map_merge:
+ - nova::rabbit_password: {get_param: RabbitPassword}
+ nova::rabbit_userid: {get_param: RabbitUserName}
+ nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ nova::rabbit_port: {get_param: RabbitClientPort}
+ nova::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://nova:'
+ - {get_param: NovaPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/nova'
+ nova::api_database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://nova_api:'
+ - {get_param: NovaPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/nova_api'
+ nova::debug: {get_param: Debug}
+ nova::purge_config: {get_param: EnableConfigPurge}
+ nova::network::neutron::neutron_project_name: 'service'
+ nova::network::neutron::neutron_username: 'neutron'
+ nova::network::neutron::dhcp_domain: ''
+ nova::network::neutron::neutron_password: {get_param: NeutronPassword}
+ nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
+ nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]}
+ nova::rabbit_heartbeat_timeout_threshold: 60
+ nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL'
+ nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed.
+ nova::notify_on_state_change: 'vm_and_task_state'
+ nova::notification_driver: messagingv2
+ nova::network::neutron::neutron_auth_type: 'v3password'
+ nova::db::database_db_max_retries: -1
+ nova::db::database_max_retries: -1
+ nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
+ nova::use_ipv6: {get_param: NovaIPv6}
+ nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge}
+ -
+ if:
+ - compute_upgrade_level_empty
+ - {}
+ - nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute}
diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml
index 268ca244..907ecddc 100644
--- a/puppet/services/opendaylight-ovs.yaml
+++ b/puppet/services/opendaylight-ovs.yaml
@@ -54,5 +54,11 @@ outputs:
template: MAPPINGS
params:
MAPPINGS: {get_param: OpenDaylightProviderMappings}
+ tripleo.opendaylight_ovs.firewall_rules:
+ '118 neutron vxlan networks':
+ proto: 'udp'
+ dport: 4789
+ '136 neutron gre networks':
+ proto: 'gre'
step_config: |
include tripleo::profile::base::neutron::plugins::ovs::opendaylight
diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml
index 52104a71..e4115d64 100644
--- a/puppet/services/pacemaker/haproxy.yaml
+++ b/puppet/services/pacemaker/haproxy.yaml
@@ -38,7 +38,5 @@ outputs:
- get_attr: [LoadbalancerServiceBase, role_data, config_settings]
- tripleo::haproxy::haproxy_service_manage: false
tripleo::haproxy::mysql_clustercheck: true
- enable_keepalived: false
- tripleo::haproxy::keepalived: false
step_config: |
include ::tripleo::profile::pacemaker::haproxy
diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml
index 176fd235..ffe2d2d4 100644
--- a/puppet/services/services.yaml
+++ b/puppet/services/services.yaml
@@ -54,8 +54,8 @@ outputs:
data: {s_names: {get_attr: [ServiceChain, role_data, service_name]}}
monitoring_subscriptions:
yaql:
- expression: list($.data.where($ != null).select($.get('monitoring_subscription')).where($ != null))
- data: {get_attr: [ServiceChain, role_data]}
+ expression: list($.data.role_data.where($ != null).select($.get('monitoring_subscription')).where($ != null))
+ data: {role_data: {get_attr: [ServiceChain, role_data]}}
logging_sources:
# Transform the individual logging_source configuration from
# each service in the chain into a global list, adding some
@@ -78,8 +78,9 @@ outputs:
sources:
- {get_attr: [LoggingConfiguration, LoggingDefaultSources]}
- yaql:
- expression: list($.data.where($ != null).select($.get('logging_source')).where($ != null))
- data: {get_attr: [ServiceChain, role_data]}
+ expression: list($.data.role_data.where($ != null).select($.get('logging_source')).where($ != null))
+ data: {role_data: {get_attr: [ServiceChain, role_data]}}
+
- {get_attr: [LoggingConfiguration, LoggingExtraSources]}
default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]}
pos_file_path: {get_attr: [LoggingConfiguration, LoggingPosFilePath]}
@@ -93,17 +94,17 @@ outputs:
groups:
- [{get_attr: [LoggingConfiguration, LoggingDefaultGroups]}]
- yaql:
- expression: list($.data.where($ != null).select($.get('logging_groups')).where($ != null))
- data: {get_attr: [ServiceChain, role_data]}
+ expression: list($.data.role_data.where($ != null).select($.get('logging_groups')).where($ != null))
+ data: {role_data: {get_attr: [ServiceChain, role_data]}}
- [{get_attr: [LoggingConfiguration, LoggingExtraGroups]}]
config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}}
global_config_settings:
map_merge:
yaql:
- expression: list($.data.where($ != null).select($.get('global_config_settings')).where($ != null))
- data: {get_attr: [ServiceChain, role_data]}
+ expression: list($.data.role_data.where($ != null).select($.get('global_config_settings')).where($ != null))
+ data: {role_data: {get_attr: [ServiceChain, role_data]}}
service_config_settings:
yaql:
- expression: $.data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {})
- data: {get_attr: [ServiceChain, role_data]}
+ expression: $.data.role_data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {})
+ data: {role_data: {get_attr: [ServiceChain, role_data]}}
step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]}