diff options
Diffstat (limited to 'puppet/services')
70 files changed, 984 insertions, 129 deletions
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 65afffad..d3d9b5ad 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -21,6 +21,11 @@ parameters: MonitoringSubscriptionAodhApi: default: 'overcloud-ceilometer-aodh-api' type: string + EnableCombinationAlarms: + default: false + description: Combination alarms are deprecated in Newton, hence disabled + by default. To enable, set this parameter to true. + type: boolean resources: AodhBase: @@ -48,6 +53,12 @@ outputs: - get_attr: [AodhBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings] - aodh::wsgi::apache::ssl: false + aodh::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} aodh::api::service_name: 'httpd' tripleo.aodh_api.firewall_rules: '128 aodh-api': @@ -62,5 +73,8 @@ outputs: # internal_api_subnet - > IP/CIDR aodh::api::host: {get_param: [ServiceNetMap, AodhApiNetwork]} aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]} + tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms} + service_config_settings: + get_attr: [AodhBase, role_data, service_config_settings] step_config: | include tripleo::profile::base::aodh::api diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 187345ad..5314b837 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -87,12 +87,6 @@ outputs: aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } aodh::auth::auth_password: {get_param: AodhPassword} - aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]} - aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]} - aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]} - aodh::keystone::auth::password: {get_param: AodhPassword} - aodh::keystone::auth::region: {get_param: KeystoneRegion} - aodh::keystone::auth::tenant: 'service' aodh::db::mysql::user: aodh aodh::db::mysql::password: {get_param: AodhPassword} aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} @@ -102,3 +96,11 @@ outputs: - "%{hiera('mysql_bind_host')}" aodh::auth::auth_region: 'regionOne' aodh::auth::auth_tenant_name: 'service' + service_config_settings: + keystone: + aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]} + aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]} + aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]} + aodh::keystone::auth::password: {get_param: AodhPassword} + aodh::keystone::auth::region: {get_param: KeystoneRegion} + aodh::keystone::auth::tenant: 'service' diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index 7595e4c3..c9792019 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -5,6 +5,14 @@ description: > automatically via other services which run via Apache. parameters: + ApacheMaxRequestWorkers: + default: 256 + description: Maximum number of simultaneously processed requests. + type: number + ApacheServerLimit: + default: 256 + description: Maximum number of Apache processes. + type: number ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -38,5 +46,7 @@ outputs: template: "NETWORK_subnet" params: NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]} + apache::mod::prefork::maxclients: { get_param: ApacheMaxRequestWorkers } + apache::mod::prefork::serverlimit: { get_param: ApacheServerLimit } apache::mod::remoteip::proxy_ips: - "%{hiera('apache_remote_proxy_ips_network')}" diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index 5d980d79..2ae46d0e 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -25,6 +25,11 @@ parameters: MonitoringSubscriptionCeilometerCentral: default: 'overcloud-ceilometer-agent-central' type: string + CeilometerAgentCentralLoggingSource: + type: json + default: + tag: openstack.ceilometer.agent.central + path: /var/log/ceilometer/central.log resources: CeilometerServiceBase: @@ -40,6 +45,9 @@ outputs: value: service_name: ceilometer_agent_central monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral} + logging_source: {get_param: CeilometerAgentCentralLoggingSource} + logging_groups: + - ceilometer config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml index bedb8b04..ea403aa1 100644 --- a/puppet/services/ceilometer-agent-notification.yaml +++ b/puppet/services/ceilometer-agent-notification.yaml @@ -21,6 +21,11 @@ parameters: MonitoringSubscriptionCeilometerNotification: default: 'overcloud-ceilometer-agent-notification' type: string + CeilometerAgentNotificationLoggingSource: + type: json + default: + tag: openstack.ceilometer.agent.notification + path: /var/log/ceilometer/agent-notification.log resources: @@ -37,6 +42,9 @@ outputs: value: service_name: ceilometer_agent_notification monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerNotification} + logging_source: {get_param: CeilometerAgentNotificationLoggingSource} + logging_groups: + - ceilometer config_settings: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index 5df9f2b3..50431e3d 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -21,6 +21,11 @@ parameters: MonitoringSubscriptionCeilometerApi: default: 'overcloud-ceilometer-api' type: string + CeilometerApiLoggingSource: + type: json + default: + tag: openstack.ceilometer.api + path: /var/log/ceilometer/api.log resources: @@ -44,6 +49,9 @@ outputs: value: service_name: ceilometer_api monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerApi} + logging_source: {get_param: CeilometerApiLoggingSource} + logging_groups: + - ceilometer config_settings: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] @@ -63,5 +71,13 @@ outputs: ceilometer::api::host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} ceilometer::wsgi::apache::ssl: false + ceilometer::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} + service_config_settings: + get_attr: [CeilometerServiceBase, role_data, service_config_settings] step_config: | include ::tripleo::profile::base::ceilometer::api diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 62fdd5c1..25fccd9e 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -107,12 +107,6 @@ outputs: ceilometer::dispatcher::gnocchi::filter_project: 'service' ceilometer::dispatcher::gnocchi::archive_policy: 'low' ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' - ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} - ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} - ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} - ceilometer::keystone::auth::password: {get_param: CeilometerPassword} - ceilometer::keystone::auth::region: {get_param: KeystoneRegion} - ceilometer::keystone::auth::tenant: 'service' ceilometer::rabbit_userid: {get_param: RabbitUserName} ceilometer::rabbit_password: {get_param: RabbitPassword} ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} @@ -127,3 +121,11 @@ outputs: ceilometer::db::database_db_max_retries: -1 ceilometer::db::database_max_retries: -1 ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret} + service_config_settings: + keystone: + ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} + ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} + ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} + ceilometer::keystone::auth::password: {get_param: CeilometerPassword} + ceilometer::keystone::auth::region: {get_param: KeystoneRegion} + ceilometer::keystone::auth::tenant: 'service' diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml index 9dbb2759..4d15be8e 100644 --- a/puppet/services/ceilometer-collector.yaml +++ b/puppet/services/ceilometer-collector.yaml @@ -21,6 +21,11 @@ parameters: MonitoringSubscriptionCeilometerCollector: default: 'overcloud-ceilometer-collector' type: string + CeilometerCollectorLoggingSource: + type: json + default: + tag: openstack.ceilometer.collector + path: /var/log/ceilometer/collector.log resources: CeilometerServiceBase: @@ -30,13 +35,25 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + MongoDbBase: + type: ./database/mongodb-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + outputs: role_data: description: Role data for the Ceilometer Collector role. value: service_name: ceilometer_collector monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCollector} + logging_source: {get_param: CeilometerCollectorLoggingSource} + logging_groups: + - ceilometer config_settings: - get_attr: [CeilometerServiceBase, role_data, config_settings] + map_merge: + - get_attr: [MongoDbBase, role_data, config_settings] + - get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | include ::tripleo::profile::base::ceilometer::collector diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index a2b3f13e..552086ab 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -76,6 +76,9 @@ outputs: - get_attr: [CephBase, role_data, config_settings] - ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} ceph::profile::params::mon_key: {get_param: CephMonKey} + ceph::profile::params::osd_pool_default_pg_num: 32 + ceph::profile::params::osd_pool_default_pgp_num: 32 + ceph::profile::params::osd_pool_default_size: 3 # repeat returns items in a list, so we need to map_merge twice tripleo::profile::base::ceph::mon::ceph_pools: map_merge: @@ -90,9 +93,9 @@ outputs: - {get_param: GnocchiRbdPoolName} template: <%pool%>: - pg_num: 32 - pgp_num: 32 - size: 3 + pg_num: "%{hiera('ceph::profile::params::osd_pool_default_pg_num')}" + pgp_num: "%{hiera('ceph::profile::params::osd_pool_default_pgp_num')}" + size: "%{hiera('ceph::profile::params::osd_pool_default_size')}" - {get_param: CephPools} tripleo.ceph_mon.firewall_rules: '110 ceph_mon': diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml new file mode 100644 index 00000000..18a4b780 --- /dev/null +++ b/puppet/services/ceph-rgw.yaml @@ -0,0 +1,79 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph RadosGW service. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + AdminToken: + description: The keystone auth secret and db password. + type: string + hidden: true + CephRgwKey: + description: The cephx key for the radosgw client. Can be created + with ceph-authtool --gen-print-key. + type: string + hidden: true + SwiftPassword: + description: The password for the swift service account, used by the Ceph RGW services. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceph RadosGW service. + value: + service_name: ceph_rgw + config_settings: + map_merge: + - get_attr: [CephBase, role_data, config_settings] + - tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey} + tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken} + tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + ceph::profile::params::frontend_type: 'civetweb' + ceph_rgw_civetweb_bind_address: {get_param: [ServiceNetMap, CephRgwNetwork]} + ceph::profile::params::rgw_frontends: + list_join: + - '' + - - 'civetweb port=' + - '%{hiera("ceph_rgw_civetweb_bind_address")}' + - ':' + - {get_param: [EndpointMap, CephRgwInternal, port]} + tripleo.ceph_rgw.firewall_rules: + '122 ceph rgw': + dport: {get_param: [EndpointMap, CephRgwInternal, port]} + step_config: | + include ::tripleo::profile::base::ceph::rgw + service_config_settings: + keystone: + ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]} + ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} + ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} + ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} + ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} + ceph::rgw::keystone::auth::tenant: 'service' diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 94c94a65..875a3aa1 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -34,6 +34,11 @@ parameters: MonitoringSubscriptionCinderApi: default: 'overcloud-cinder-api' type: string + CinderApiLoggingSource: + type: json + default: + tag: openstack.cinder.api + path: /var/log/cinder/cinder-api.log resources: @@ -50,6 +55,9 @@ outputs: value: service_name: cinder_api monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi} + logging_source: {get_param: CinderApiLoggingSource} + logging_groups: + - cinder config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] @@ -57,19 +65,8 @@ outputs: cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} cinder::keystone::authtoken::password: {get_param: CinderPassword} cinder::keystone::authtoken::project_name: 'service' - cinder::keystone::auth::tenant: 'service' - cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]} - cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]} - cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} - cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} - cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} - cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} - cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]} - cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]} - cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]} - cinder::keystone::auth::password: {get_param: CinderPassword} - cinder::keystone::auth::region: {get_param: KeystoneRegion} cinder::api::enable_proxy_headers_parsing: true + cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' # TODO(emilien) move it to puppet-cinder cinder::config: @@ -90,3 +87,17 @@ outputs: cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]} step_config: | include ::tripleo::profile::base::cinder::api + service_config_settings: + keystone: + cinder::keystone::auth::tenant: 'service' + cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]} + cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]} + cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} + cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} + cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} + cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} + cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]} + cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]} + cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]} + cinder::keystone::auth::password: {get_param: CinderPassword} + cinder::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml index 1326e267..94c263ea 100644 --- a/puppet/services/cinder-scheduler.yaml +++ b/puppet/services/cinder-scheduler.yaml @@ -21,6 +21,11 @@ parameters: MonitoringSubscriptionCinderScheduler: default: 'overcloud-cinder-scheduler' type: string + CinderSchedulerLoggingSource: + type: json + default: + tag: openstack.cinder.scheduler + path: /var/log/cinder/cinder-scheduler.log resources: @@ -37,6 +42,9 @@ outputs: value: service_name: cinder_scheduler monitoring_subscription: {get_param: MonitoringSubscriptionCinderScheduler} + logging_source: {get_param: CinderSchedulerLoggingSource} + logging_groups: + - cinder config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index c84c784e..82e16f39 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -59,6 +59,11 @@ parameters: MonitoringSubscriptionCinderVolume: default: 'overcloud-cinder-volume' type: string + CinderVolumeLoggingSource: + type: json + default: + tag: openstack.cinder.volume + path: /var/log/cinder/cinder-volume.log resources: @@ -75,6 +80,9 @@ outputs: value: service_name: cinder_volume monitoring_subscription: {get_param: MonitoringSubscriptionCinderVolume} + logging_source: {get_param: CinderVolumeLoggingSource} + logging_groups: + - cinder config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml index 36962a34..01daeafe 100644 --- a/puppet/services/database/mongodb.yaml +++ b/puppet/services/database/mongodb.yaml @@ -19,6 +19,15 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MongoDbLoggingSource: + type: json + description: Fluentd logging configuration for mongodb. + default: + tag: database.mongodb + path: /var/log/mongodb/mongodb.log + format: >- + /(?<time>\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d+\+\d{4}) + (?<message>.*)$/ resources: MongoDbBase: @@ -33,6 +42,9 @@ outputs: description: Service mongodb using composable services. value: service_name: mongodb + logging_groups: + - mongodb + logging_source: {get_param: MongoDbLoggingSource} config_settings: map_merge: - get_attr: [MongoDbBase, role_data, config_settings] diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index b0eea481..094a7c9f 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -74,5 +74,11 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::bind_address: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index adc1b4cb..c399bf4e 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -45,9 +45,16 @@ parameters: constraints: - allowed_values: ['swift', 'file', 'rbd'] GlanceWorkers: - default: 0 - description: Number of workers for Glance service. - type: number + default: '' + description: | + Number of API worker processes for Glance. If left unset (empty string), the + default value will result in the configuration being left unset and a + system-dependent default value will be chosen (e.g.: number of + processors). Please note that this will create a large number of + processes on systems with a large number of CPUs resulting in excess + memory consumption. It is recommended that a suitable non-default value + be selected on such systems. + type: string GlanceRbdPoolName: default: images type: string @@ -76,6 +83,11 @@ parameters: MonitoringSubscriptionGlanceApi: default: 'overcloud-glance-api' type: string + GlanceApiLoggingSource: + type: json + default: + tag: openstack.glance.api + path: /var/log/glance/api.log outputs: role_data: @@ -83,6 +95,9 @@ outputs: value: service_name: glance_api monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi} + logging_source: {get_param: GlanceApiLoggingSource} + logging_groups: + - glance config_settings: glance::api::database_connection: list_join: @@ -101,6 +116,7 @@ outputs: template: "'REGISTRY_HOST'" params: REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]} + glance::api::registry_client_protocol: {get_param: [EndpointMap, GlanceRegistryInternal, protocol] } glance::api::authtoken::password: {get_param: GlancePassword} glance::api::enable_proxy_headers_parsing: true glance::api::debug: {get_param: Debug} @@ -119,11 +135,6 @@ outputs: glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort} glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]} - glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} - glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} - glance::keystone::auth::password: {get_param: GlancePassword } - glance::keystone::auth::region: {get_param: KeystoneRegion} glance::registry::db::database_db_max_retries: -1 glance::registry::db::database_max_retries: -1 tripleo.glance_api.firewall_rules: @@ -131,7 +142,6 @@ outputs: dport: - 9292 - 13292 - glance::keystone::auth::tenant: 'service' glance::api::authtoken::project_name: 'service' glance::api::pipeline: 'keystone' glance::api::show_image_direct_url: true @@ -144,3 +154,11 @@ outputs: glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]} step_config: | include ::tripleo::profile::base::glance::api + service_config_settings: + keystone: + glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]} + glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} + glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} + glance::keystone::auth::password: {get_param: GlancePassword } + glance::keystone::auth::region: {get_param: KeystoneRegion} + glance::keystone::auth::tenant: 'service' diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index d5f01d46..2b7b4345 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -27,12 +27,24 @@ parameters: type: string hidden: true GlanceWorkers: - default: 0 - description: Number of workers for Glance service. - type: number + default: '' + description: | + Number of worker processes for glance registry. If left unset (empty + string), the default value will result in the configuration being left + unset and a system-dependent default value will be chosen (e.g.: number of + processors). Please note that this will create a large number of processes + on systems with a large number of CPUs resulting in excess memory + consumption. It is recommended that a suitable non-default value be + selected on such systems. + type: string MonitoringSubscriptionGlanceRegistry: default: 'overcloud-glance-registry' type: string + GlanceRegistryLoggingSource: + type: json + default: + tag: openstack.glance.registry + path: /var/log/glance/registry.log outputs: role_data: @@ -40,6 +52,9 @@ outputs: value: service_name: glance_registry monitoring_subscription: {get_param: MonitoringSubscriptionGlanceRegistry} + logging_source: {get_param: GlanceRegistryLoggingSource} + logging_groups: + - glance config_settings: glance::registry::database_connection: list_join: diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index 650865e2..481a44cb 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -36,6 +36,11 @@ parameters: MonitoringSubscriptionGnocchiApi: default: 'overcloud-gnocchi-api' type: string + GnocchiApiLoggingSource: + type: json + default: + tag: openstack.gnocchi.api + path: /var/log/gnocchi/app.log resources: @@ -59,6 +64,9 @@ outputs: value: service_name: gnocchi_api monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi} + logging_source: {get_param: GnocchiApiLoggingSource} + logging_groups: + - gnocchi config_settings: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] @@ -70,17 +78,17 @@ outputs: - 13041 gnocchi::api::enabled: true gnocchi::api::service_name: 'httpd' - gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } - gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} - gnocchi::keystone::auth::password: {get_param: GnocchiPassword} - gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } - gnocchi::keystone::auth::region: {get_param: KeystoneRegion} - gnocchi::keystone::auth::tenant: 'service' gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword} gnocchi::keystone::authtoken::project_name: 'service' gnocchi::wsgi::apache::ssl: false + gnocchi::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples @@ -96,3 +104,11 @@ outputs: gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]} step_config: | include ::tripleo::profile::base::gnocchi::api + service_config_settings: + keystone: + gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } + gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} + gnocchi::keystone::auth::password: {get_param: GnocchiPassword} + gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } + gnocchi::keystone::auth::region: {get_param: KeystoneRegion} + gnocchi::keystone::auth::tenant: 'service' diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 61a69078..a47fec5a 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -33,6 +33,11 @@ parameters: MonitoringSubscriptionHeatApiCnf: default: 'overcloud-heat-api-cfn' type: string + HeatApiCfnLoggingSource: + type: json + default: + tag: openstack.heat.api.cfn + path: /var/log/heat/heat-api-cfn.log resources: HeatBase: @@ -48,16 +53,13 @@ outputs: value: service_name: heat_api_cfn monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf} + logging_source: {get_param: HeatApiCfnLoggingSource} + logging_groups: + - heat config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api_cfn::workers: {get_param: HeatWorkers} - heat::keystone::auth_cfn::tenant: 'service' - heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} - heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} - heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} - heat::keystone::auth_cfn::password: {get_param: HeatPassword} - heat::keystone::auth::region: {get_param: KeystoneRegion} tripleo.heat_api_cfn.firewall_rules: '125 heat_cfn': dport: @@ -72,3 +74,11 @@ outputs: heat::api_cfn::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api_cfn + service_config_settings: + keystone: + heat::keystone::auth_cfn::tenant: 'service' + heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} + heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} + heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} + heat::keystone::auth_cfn::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index c12e56ef..6dfeaaf3 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -25,6 +25,11 @@ parameters: MonitoringSubscriptionHeatApiCloudwatch: default: 'overcloud-heat-api-cloudwatch' type: string + HeatApiCloudwatchLoggingSource: + type: json + default: + tag: openstack.heat.api.cloudwatch + path: /var/log/heat/heat-api-cloudwatch.log resources: HeatBase: @@ -40,6 +45,9 @@ outputs: value: service_name: heat_api_cloudwatch monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCloudwatch} + logging_source: {get_param: HeatApiCloudwatchLoggingSource} + logging_groups: + - heat config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index 64b0c53b..2ea96fc0 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -33,6 +33,11 @@ parameters: MonitoringSubscriptionHeatApi: default: 'overcloud-heat-api' type: string + HeatApiLoggingSource: + type: json + default: + tag: openstack.heat.api + path: /var/log/heat/heat-api.log resources: HeatBase: @@ -48,16 +53,13 @@ outputs: value: service_name: heat_api monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi} + logging_source: {get_param: HeatApiLoggingSource} + logging_groups: + - heat config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api::workers: {get_param: HeatWorkers} - heat::keystone::auth::tenant: 'service' - heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} - heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} - heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} - heat::keystone::auth::password: {get_param: HeatPassword} - heat::keystone::auth::region: {get_param: KeystoneRegion} tripleo.heat_api.firewall_rules: '125 heat_api': dport: @@ -72,3 +74,11 @@ outputs: heat::api::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api + service_config_settings: + keystone: + heat::keystone::auth::tenant: 'service' + heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} + heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} + heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} + heat::keystone::auth::password: {get_param: HeatPassword} + heat::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 089bf531..1e7bec23 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -43,6 +43,11 @@ parameters: MonitoringSubscriptionHeatEngine: default: 'overcloud-heat-engine' type: string + HeatEngineLoggingSource: + type: json + default: + tag: openstack.heat.engine + path: /var/log/heat/heat-engine.log resources: HeatBase: @@ -58,6 +63,9 @@ outputs: value: service_name: heat_engine monitoring_subscription: {get_param: MonitoringSubscriptionHeatEngine} + logging_source: {get_param: HeatEngineLoggingSource} + logging_groups: + - heat config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 5c3f370e..19e54f5b 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -58,12 +58,6 @@ outputs: ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]} # This is used to build links in responses ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} - ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]} - ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} - ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} - ironic::keystone::auth::auth_name: 'ironic' - ironic::keystone::auth::password: {get_param: IronicPassword } - ironic::keystone::auth::tenant: 'service' tripleo.ironic_api.firewall_rules: '133 ironic api': dport: @@ -71,3 +65,11 @@ outputs: - 13385 step_config: | include ::tripleo::profile::base::ironic::api + service_config_settings: + keystone: + ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]} + ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} + ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} + ironic::keystone::auth::auth_name: 'ironic' + ironic::keystone::auth::password: {get_param: IronicPassword } + ironic::keystone::auth::tenant: 'service' diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index b321ecbe..b7a807fa 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -93,6 +93,11 @@ parameters: KeystoneCredential1: type: string description: The second Keystone credential key. Must be a valid key. + KeystoneLoggingSource: + type: json + default: + tag: openstack.keystone + path: /var/log/keystone/keystone.log resources: @@ -109,7 +114,9 @@ outputs: value: service_name: keystone monitoring_subscription: {get_param: MonitoringSubscriptionKeystone} - config_settings: + logging_source: {get_param: KeystoneLoggingSource} + logging_groups: + - keystone config_settings: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] @@ -148,7 +155,6 @@ outputs: keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} keystone::endpoint::region: {get_param: KeystoneRegion} keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} - keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} keystone::db::mysql::user: keystone keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} keystone::db::mysql::dbname: keystone @@ -165,7 +171,18 @@ outputs: value: 'keystone.contrib.ec2.backends.sql.Ec2' keystone::service_name: 'httpd' keystone::wsgi::apache::ssl: false - + keystone::wsgi::apache::servername: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} + keystone::wsgi::apache::servername_admin: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} # override via extraconfig: keystone::wsgi::apache::threads: 1 diff --git a/puppet/services/logging/fluentd-base.yaml b/puppet/services/logging/fluentd-base.yaml new file mode 100644 index 00000000..c8f67556 --- /dev/null +++ b/puppet/services/logging/fluentd-base.yaml @@ -0,0 +1,37 @@ +heat_template_version: 2016-04-08 + +description: Fluentd base service + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: > + Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + + +outputs: + role_data: + description: Role data for the Fluentd role. + value: + service_name: fluentd_base + config_settings: + fluentd::package_name: fluentd + fluentd::service_name: fluentd + fluentd::config_file: /etc/fluentd/fluent.conf + fluentd::config_owner: fluentd + fluentd::config_group: fluentd + fluentd::config_path: /etc/fluentd/config.d + fluentd::plugin_provider: yum + fluentd::service_provider: systemd + fluentd::repo_install: false diff --git a/puppet/services/logging/fluentd-client.yaml b/puppet/services/logging/fluentd-client.yaml new file mode 100644 index 00000000..3ae7110f --- /dev/null +++ b/puppet/services/logging/fluentd-client.yaml @@ -0,0 +1,64 @@ +heat_template_version: 2016-10-14 + +description: Fluentd client configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: > + Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + FluentdBase: + type: ./fluentd-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + + LoggingConfiguration: + type: OS::TripleO::LoggingConfiguration + +outputs: + role_data: + description: Role data for the Fluentd client role. + value: + service_name: fluentd_client + config_settings: + map_merge: + - get_attr: [FluentdBase, role_data, config_settings] + - tripleo::profile::base::logging::fluentd::fluentd_servers: + get_attr: [LoggingConfiguration, LoggingServers] + tripleo::profile::base::logging::fluentd::fluentd_filters: + yaql: + expression: > + $.data.filters.flatten().where($) + data: + filters: + - get_attr: [LoggingConfiguration, LoggingDefaultFilters] + - get_attr: [LoggingConfiguration, LoggingExtraFilters] + tripleo::profile::base::logging::fluentd::fluentd_pos_file_path: + get_attr: [LoggingConfiguration, LoggingPosFilePath] + tripleo::profile::base::logging::fluentd::fluentd_use_ssl: + get_attr: [LoggingConfiguration, LoggingUsesSSL] + tripleo::profile::base::logging::fluentd::fluentd_ssl_certificate: + get_attr: [LoggingConfiguration, LoggingSSLCertificate] + tripleo::profile::base::logging::fluentd::fluentd_ssl_key: + get_attr: [LoggingConfiguration, LoggingSSLKey] + tripleo::profile::base::logging::fluentd::fluentd_ssl_key_passphrase: + get_attr: [LoggingConfiguration, LoggingSSLKeyPassphrase] + tripleo::profile::base::logging::fluentd::fluentd_shared_key: + get_attr: [LoggingConfiguration, LoggingSharedKey] + step_config: | + include ::tripleo::profile::base::logging::fluentd diff --git a/puppet/services/logging/fluentd-config.yaml b/puppet/services/logging/fluentd-config.yaml new file mode 100644 index 00000000..e051781e --- /dev/null +++ b/puppet/services/logging/fluentd-config.yaml @@ -0,0 +1,154 @@ +heat_template_version: 2016-10-14 + +description: Fluentd logging configuration + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: > + Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + LoggingDefaultFormat: + description: > + Default format used to parse messages from log files. + type: string + default: >- + /(?<time>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d+) + (?<pid>\d+) + (?<priority>\S+) + (?<message>.*)$/ + LoggingPosFilePath: + description: > + Directory in which to place fluentd pos_file files (used to track + file position for the 'tail' input type). + type: string + default: /var/cache/fluentd + LoggingDefaultGroups: + description: > + Make fluentd user a member of these groups. Only override this parameter + if you want to modify the default list of groups. Use + LoggingExtraGroups to add the fluentd user to additional groups. + type: comma_delimited_list + default: + - root + LoggingExtraGroups: + description: > + Make fluentd user a member of these groups (in addition to + LoggingDefaultGroups and the groups provided by individual + composable services). + type: comma_delimited_list + default: [] + LoggingServers: + description: | + A list of destinations to which fluentd will forward log messages. Expects + a list of dictionaries of the form: + + - host: loghost1.example.com + port: 24224 + - host: loghost2.example.com + port: 24224 + type: json + default: [] + LoggingDefaultFilters: + description: > + A list of fluentd default filters. This will be passed verbatim + to the 'filter' key of a fluentd::config resource. Only override this + if you do not want the default set of filters; use LoggingExtraFilters + if you just want to add additional servers. + type: json + default: + - tag_pattern: '**' + type: record_transformer + record: + nodename: '${hostname}' + + - tag_pattern: 'openstack.**' + type: record_transformer + record: + component: '${tag_parts[1]}' + LoggingExtraFilters: + description: > + A list of additional fluentd filters. This will be passed + verbatim to the 'filter' key of a fluentd::config resource. + type: json + default: [] + LoggingUsesSSL: + description: > + A boolean value indicating whether or not we should forward log messages + use the secure_forward plugin. + type: boolean + default: false + LoggingSSLCertificate: + description: > + PEM-encoded SSL CA certificate for fluentd. + type: string + default: "" + LoggingSSLKey: + description: > + PEM-encoded key for fluentd CA certificate (used by in_secure_forward). + type: string + default: "" + LoggingSSLKeyPassphrase: + description: > + Passphrase for LoggingSSLKey (used by in_secure_forward). + type: string + default: "" + LoggingSharedKey: + description: > + Shared secret for fluentd secure-forward plugin. + type: string + default: "" + LoggingDefaultSources: + description: > + A list of default logging sources for fluentd. You should only override + this parameter if you wish to disable the default logging sources. Use + LoggingExtraSources to define additional source configurations. + type: json + default: [] + LoggingExtraSources: + description: > + A list of additional logging sources for fluentd. These will be combined + with the LoggingDefaultSources and any logging sources defined by + composable services. + type: json + default: [] + +outputs: + LoggingDefaultFormat: + value: {get_param: LoggingDefaultFormat} + LoggingDefaultFilters: + value: {get_param: LoggingDefaultFilters} + LoggingExtraFilters: + value: {get_param: LoggingExtraFilters} + LoggingDefaultGroups: + value: {get_param: LoggingDefaultGroups} + LoggingExtraGroups: + value: {get_param: LoggingExtraGroups} + LoggingPosFilePath: + value: {get_param: LoggingPosFilePath} + LoggingSSLCertificate: + value: {get_param: LoggingSSLCertificate} + LoggingSSLKey: + value: {get_param: LoggingSSLKey} + LoggingSSLKeyPassphrase: + value: {get_param: LoggingSSLKeyPassphrase} + LoggingServers: + value: {get_param: LoggingServers} + LoggingSharedKey: + value: {get_param: LoggingSharedKey} + LoggingUsesSSL: + value: {get_param: LoggingUsesSSL} + LoggingDefaultSources: + value: {get_param: LoggingDefaultSources} + LoggingExtraSources: + value: {get_param: LoggingExtraSources} diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index 2e43730d..531b4b0b 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -51,14 +51,6 @@ outputs: manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } manila::keystone::authtoken::project_name: 'service' - manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]} - manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]} - manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]} - manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]} - manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]} - manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]} - manila::keystone::auth::password: {get_param: ManilaPassword } - manila::keystone::auth::region: {get_param: KeystoneRegion } # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): @@ -66,6 +58,16 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]} + manila::api::enable_proxy_headers_parsing: true step_config: | include ::tripleo::profile::base::manila::api - + service_config_settings: + keystone: + manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]} + manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]} + manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]} + manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]} + manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]} + manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]} + manila::keystone::auth::password: {get_param: ManilaPassword} + manila::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index e4ca489a..8cfa20bd 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Neutron Server configured with Puppet @@ -39,7 +39,10 @@ parameters: type: string NeutronL3HA: default: false - description: Whether to enable HA for virtual routers + description: | + Whether to enable HA for virtual routers. While the default value is + 'false', L3 HA will be automatically enabled if the number of nodes hosting + controller configurations and DVR is disabled. type: boolean NovaPassword: description: The password for the nova service and db account, used by nova-api. @@ -56,6 +59,18 @@ parameters: MonitoringSubscriptionNeutronServer: default: 'overcloud-neutron-server' type: string + NeutronApiLoggingSource: + type: json + default: + tag: openstack.neutron.api + path: /var/log/neutron/server.log + ControllerCount: + description: | + Under normal conditions, this should not be overridden manually and is + set at deployment time. The default value is present to allow the + template to be used in environments that do not override it. + default: 1 + type: number resources: @@ -66,12 +81,27 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} +conditions: + + auto_enable_l3_ha: + and: + - not: + equals: + - get_param: ControllerCount + - 1 + - equals: + - get_param: NeutronEnableDVR + - false + outputs: role_data: description: Role data for the Neutron Server agent service. value: service_name: neutron_api monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer} + logging_source: {get_param: NeutronApiLoggingSource} + logging_groups: + - neutron config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] @@ -84,18 +114,12 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' - neutron::keystone::auth::tenant: 'service' - neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]} - neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } - neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } - neutron::keystone::auth::password: {get_param: NeutronPassword} - neutron::keystone::auth::region: {get_param: KeystoneRegion} neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} neutron::server::api_workers: {get_param: NeutronWorkers} neutron::server::rpc_workers: {get_param: NeutronWorkers} neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - neutron::server::l3_ha: {get_param: NeutronL3HA} + neutron::server::l3_ha: {if: ["auto_enable_l3_ha", true, {get_param: NeutronL3HA}]} neutron::keystone::authtoken::password: {get_param: NeutronPassword} neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] } @@ -131,3 +155,11 @@ outputs: neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]} step_config: | include tripleo::profile::base::neutron::server + service_config_settings: + keystone: + neutron::keystone::auth::tenant: 'service' + neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]} + neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } + neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } + neutron::keystone::auth::password: {get_param: NeutronPassword} + neutron::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index b2ad5dab..2cd08f98 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -34,6 +34,11 @@ parameters: MonitoringSubscriptionNeutronDhcp: default: 'overcloud-neutron-dhcp' type: string + NeutronDhcpAgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.dhcp + path: /var/log/neutron/dhcp-agent.log resources: @@ -50,6 +55,9 @@ outputs: value: service_name: neutron_dhcp monitoring_subscription: {get_param: MonitoringSubscriptionNeutronDhcp} + logging_source: {get_param: NeutronDhcpAgentLoggingSource} + logging_groups: + - neutron config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml index 5eb3e252..b6c29116 100644 --- a/puppet/services/neutron-l3-compute-dvr.yaml +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -29,6 +29,11 @@ parameters: MonitoringSubscriptionNeutronL3Dvr: default: 'overcloud-neutron-l3-dvr' type: string + NeutronL3ComputeAgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.l3-compute + path: /var/log/neutron/l3-agent.log resources: @@ -45,6 +50,9 @@ outputs: value: service_name: neutron_l3_compute_dvr monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3Dvr} + logging_source: {get_param: NeutronL3ComputeAgentLoggingSource} + logging_groups: + - neutron config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index de62a507..9e223374 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -37,6 +37,11 @@ parameters: MonitoringSubscriptionNeutronL3: default: 'overcloud-neutron-l3-agent' type: string + NeutronL3AgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.l3 + path: /var/log/neutron/l3-agent.log resources: @@ -53,6 +58,9 @@ outputs: value: service_name: neutron_l3 monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3} + logging_source: {get_param: NeutronL3AgentLoggingSource} + logging_groups: + - neutron config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 320ae0ce..8be4c6d6 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -23,9 +23,16 @@ parameters: type: string hidden: true NeutronWorkers: - default: 0 - description: Number of workers for Neutron service. - type: number + default: '' + description: | + Sets the number of worker processes for the neutron metadata agent. The + default value results in the configuration being left unset and a + system-dependent default will be chosen (usually the number of + processors). Please note that this can result in a large number of + processes and memory consumption on systems with a large core count. On + such systems it is recommended that a non-default value be selected that + matches the load requirements. + type: string NeutronPassword: description: The password for the neutron service and db account, used by neutron agents. type: string @@ -33,6 +40,11 @@ parameters: MonitoringSubscriptionNeutronMetadata: default: 'overcloud-neutron-metadata' type: string + NeutronMetadataAgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.metadata + path: /var/log/neutron/metadata-agent.log resources: @@ -49,6 +61,9 @@ outputs: value: service_name: neutron_metadata monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMetadata} + logging_source: {get_param: NeutronMetadataAgentLoggingSource} + logging_groups: + - neutron config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] @@ -57,11 +72,6 @@ outputs: neutron::agents::metadata::auth_password: {get_param: NeutronPassword} neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } neutron::agents::metadata::auth_tenant: 'service' - # NOTE: bind IP is found in Heat replacing the network name with the local node IP - # for the given network; replacement examples (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - neutron::agents::metadata::metadata_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]} + neutron::agents::metadata::metadata_ip: '"%{hiera(\"nova_metadata_vip\")}"' step_config: | include tripleo::profile::base::neutron::metadata diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index ade322ed..cbe65638 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -64,6 +64,11 @@ parameters: examples are: noop, openvswitch, iptables_hybrid. The default value of an empty string will result in a default supported configuration. type: string + NeutronOpenVswitchAgentLoggingSource: + type: json + default: + tag: openstack.neutron.agent.openvswitch + path: /var/log/neutron/openvswitch-agent.log resources: @@ -80,6 +85,9 @@ outputs: value: service_name: neutron_ovs_agent monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs} + logging_source: {get_param: NeutronOpenVswitchAgentLoggingSource} + logging_groups: + - neutron config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index e1dbd8e1..25ae0176 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -46,6 +46,11 @@ parameters: MonitoringSubscriptionNovaApi: default: 'overcloud-nova-api' type: string + NovaApiLoggingSource: + type: json + default: + tag: openstack.nova.api + path: /var/log/nova/nova-api.log resources: NovaBase: @@ -61,6 +66,9 @@ outputs: value: service_name: nova_api monitoring_subscription: {get_param: MonitoringSubscriptionNovaApi} + logging_source: {get_param: NovaApiLoggingSource} + logging_groups: + - nova config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] @@ -86,12 +94,6 @@ outputs: nova::api::default_floating_pool: 'public' nova::api::sync_db_api: true nova::api::enable_proxy_headers_parsing: true - nova::keystone::auth::tenant: 'service' - nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]} - nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]} - nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} - nova::keystone::auth::password: {get_param: NovaPassword} - nova::keystone::auth::region: {get_param: KeystoneRegion} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP @@ -105,3 +107,11 @@ outputs: step_config: | include tripleo::profile::base::nova::api + service_config_settings: + keystone: + nova::keystone::auth::tenant: 'service' + nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]} + nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]} + nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} + nova::keystone::auth::password: {get_param: NovaPassword} + nova::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index d1d7ae60..f7f2510e 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -70,6 +70,11 @@ parameters: MonitoringSubscriptionNovaCompute: default: 'overcloud-nova-compute' type: string + NovaComputeLoggingSource: + type: json + default: + tag: openstack.nova.compute + path: /var/log/nova/nova-compute.log resources: NovaBase: @@ -85,6 +90,9 @@ outputs: value: service_name: nova_compute monitoring_subscription: {get_param: MonitoringSubscriptionNovaCompute} + logging_source: {get_param: NovaComputeLoggingSource} + logging_groups: + - nova config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] @@ -129,6 +137,9 @@ outputs: # internal_api_subnet - > IP/CIDR nova::compute::vncserver_proxyclient_address: {get_param: [ServiceNetMap, NovaVncProxyNetwork]} nova::compute::vncproxy_host: {get_param: [EndpointMap, NovaPublic, host_nobrackets]} + nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} + nova::vncproxy::common::vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host_nobrackets]} + nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} step_config: | # TODO(emilien): figure how to deal with libvirt profile. # We'll probably treat it like we do with Neutron plugins. diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index 5dbc7cac..2671cdd3 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -25,6 +25,11 @@ parameters: MonitoringSubscriptionNovaConductor: default: 'overcloud-nova-conductor' type: string + NovaSchedulerLoggingSource: + type: json + default: + tag: openstack.nova.scheduler + path: /var/log/nova/nova-scheduler.log resources: NovaBase: @@ -40,6 +45,9 @@ outputs: value: service_name: nova_conductor monitoring_subscription: {get_param: MonitoringSubscriptionNovaConductor} + logging_source: {get_param: NovaSchedulerLoggingSource} + logging_groups: + - nova config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml index 13e3a26a..85e60420 100644 --- a/puppet/services/nova-consoleauth.yaml +++ b/puppet/services/nova-consoleauth.yaml @@ -21,6 +21,11 @@ parameters: MonitoringSubscriptionNovaConsoleauth: default: 'overcloud-nova-consoleauth' type: string + NovaConsoleauthLoggingSource: + type: json + default: + tag: openstack.nova.consoleauth + path: /var/log/nova/nova-consoleauth.log resources: NovaBase: @@ -36,6 +41,9 @@ outputs: value: service_name: nova_consoleauth monitoring_subscription: {get_param: MonitoringSubscriptionNovaConsoleauth} + logging_source: {get_param: NovaConsoleauthLoggingSource} + logging_groups: + - nova config_settings: get_attr: [NovaBase, role_data, config_settings] step_config: | diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml new file mode 100644 index 00000000..92373c56 --- /dev/null +++ b/puppet/services/nova-metadata.yaml @@ -0,0 +1,34 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova API service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaWorkers: + default: 0 + description: Number of workers for Nova API service. + type: number + +outputs: + role_data: + description: Role data for the Nova Metadata service. + value: + service_name: nova_metadata + config_settings: + nova::api::metadata_workers: {get_param: NovaWorkers} + nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + step_config: "" diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index 3ffc9c5a..d89e3e11 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -32,6 +32,11 @@ parameters: MonitoringSubscriptionNovaScheduler: default: 'overcloud-nova-scheduler' type: string + NovaSchedulerLoggingSource: + type: json + default: + tag: openstack.nova.scheduler + path: /var/log/nova/nova-scheduler.log resources: NovaBase: @@ -47,6 +52,9 @@ outputs: value: service_name: nova_scheduler monitoring_subscription: {get_param: MonitoringSubscriptionNovaScheduler} + logging_source: {get_param: NovaSchedulerLoggingSource} + logging_groups: + - nova config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml index 899fa353..85d59ae6 100644 --- a/puppet/services/nova-vnc-proxy.yaml +++ b/puppet/services/nova-vnc-proxy.yaml @@ -21,6 +21,11 @@ parameters: MonitoringSubscriptionNovaVNCProxy: default: 'overcloud-nova-vncproxy' type: string + NovaVncproxyLoggingSource: + type: json + default: + tag: openstack.nova.vncproxy + path: /var/log/nova/nova-vncproxy.log resources: NovaBase: @@ -36,6 +41,9 @@ outputs: value: service_name: nova_vnc_proxy monitoring_subscription: {get_param: MonitoringSubscriptionNovaVNCProxy} + logging_source: {get_param: NovaVncproxyLoggingSource} + logging_groups: + - nova config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index 5d1d666a..abfb9c80 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -66,6 +66,16 @@ parameters: ] } type: json + PacemakerLoggingSource: + type: json + default: + tag: system.pacemaker + path: /var/log/pacemaker.log,/var/log/cluster/corosync.log + format: >- + /^(?<time>[^ ]*\s*[^ ]* [^ ]*) + \[(?<pid>[^ ]*)\] + (?<host>[^ ]*) + (?<message>.*)$/ outputs: role_data: @@ -73,6 +83,9 @@ outputs: value: service_name: pacemaker monitoring_subscription: {get_param: MonitoringSubscriptionPacemaker} + logging_groups: + - haclient + logging_source: {get_param: PacemakerLoggingSource} config_settings: pacemaker::corosync::cluster_name: 'tripleo_cluster' pacemaker::corosync::manage_fw: false diff --git a/puppet/services/pacemaker/cinder-api.yaml b/puppet/services/pacemaker/cinder-api.yaml index e4bcfc3e..6823789e 100644 --- a/puppet/services/pacemaker/cinder-api.yaml +++ b/puppet/services/pacemaker/cinder-api.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: cinder_api monitoring_subscription: {get_attr: [CinderApiBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [CinderApiBase, role_data, logging_source]} + logging_groups: {get_attr: [CinderApiBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [CinderApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-scheduler.yaml b/puppet/services/pacemaker/cinder-scheduler.yaml index eb578e5c..15e44be2 100644 --- a/puppet/services/pacemaker/cinder-scheduler.yaml +++ b/puppet/services/pacemaker/cinder-scheduler.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: cinder_scheduler monitoring_subscription: {get_attr: [CinderSchedulerBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [CinderSchedulerBase, role_data, logging_source]} + logging_groups: {get_attr: [CinderSchedulerBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [CinderSchedulerBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index d5dedf34..11b9bf8f 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: cinder_volume monitoring_subscription: {get_attr: [CinderVolumeBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [CinderVolumeBase, role_data, logging_source]} + logging_groups: {get_attr: [CinderVolumeBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [CinderVolumeBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index d555ed0a..f6d4be20 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -35,6 +35,13 @@ outputs: value: service_name: mysql config_settings: - get_attr: [MysqlBase, role_data, config_settings] + map_merge: + - get_attr: [MysqlBase, role_data, config_settings] + - tripleo::profile::pacemaker::database::mysql::bind_address: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::pacemaker::database::mysql diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml index 684785af..20a439f6 100644 --- a/puppet/services/pacemaker/glance-api.yaml +++ b/puppet/services/pacemaker/glance-api.yaml @@ -58,6 +58,8 @@ outputs: value: service_name: glance_api monitoring_subscription: {get_attr: [GlanceApiBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [GlanceApiBase, role_data, logging_source]} + logging_groups: {get_attr: [GlanceApiBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [GlanceApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml index 5bcabcab..41f89fdd 100644 --- a/puppet/services/pacemaker/glance-registry.yaml +++ b/puppet/services/pacemaker/glance-registry.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: glance_registry monitoring_subscription: {get_attr: [GlanceRegistryBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [GlanceRegistryBase, role_data, logging_source]} + logging_groups: {get_attr: [GlanceRegistryBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [GlanceRegistryBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-api-cfn.yaml b/puppet/services/pacemaker/heat-api-cfn.yaml index eae01b58..dd25905b 100644 --- a/puppet/services/pacemaker/heat-api-cfn.yaml +++ b/puppet/services/pacemaker/heat-api-cfn.yaml @@ -33,6 +33,8 @@ outputs: value: service_name: heat_api_cfn monitoring_subscription: {get_attr: [HeatApiCfnBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [HeatApiCfnBase, role_data, logging_source]} + logging_groups: {get_attr: [HeatApiCfnBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [HeatApiCfnBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-api-cloudwatch.yaml b/puppet/services/pacemaker/heat-api-cloudwatch.yaml index 5608ae91..18d2a0d5 100644 --- a/puppet/services/pacemaker/heat-api-cloudwatch.yaml +++ b/puppet/services/pacemaker/heat-api-cloudwatch.yaml @@ -33,6 +33,8 @@ outputs: value: service_name: heat_api_cloudwatch monitoring_subscription: {get_attr: [HeatApiCloudwatchBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [HeatApiCloudwatchBase, role_data, logging_source]} + logging_groups: {get_attr: [HeatApiCloudwatchBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [HeatApiCloudwatchBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-api.yaml b/puppet/services/pacemaker/heat-api.yaml index 6fd790c4..43122cb0 100644 --- a/puppet/services/pacemaker/heat-api.yaml +++ b/puppet/services/pacemaker/heat-api.yaml @@ -33,6 +33,8 @@ outputs: value: service_name: heat_api monitoring_subscription: {get_attr: [HeatApiBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [HeatApiBase, role_data, logging_source]} + logging_groups: {get_attr: [HeatApiBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [HeatApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-engine.yaml b/puppet/services/pacemaker/heat-engine.yaml index b8c962a8..54bfdad2 100644 --- a/puppet/services/pacemaker/heat-engine.yaml +++ b/puppet/services/pacemaker/heat-engine.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: heat_engine monitoring_subscription: {get_attr: [HeatEngineBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [HeatEngineBase, role_data, logging_source]} + logging_groups: {get_attr: [HeatEngineBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [HeatEngineBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml index 0a479c9a..908b9bbd 100644 --- a/puppet/services/pacemaker/keystone.yaml +++ b/puppet/services/pacemaker/keystone.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: keystone monitoring_subscription: {get_attr: [KeystoneServiceBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [KeystoneServiceBase, role_data, logging_source]} + logging_groups: {get_attr: [KeystoneServiceBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [KeystoneServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml index 9b9e5849..7fca73d6 100644 --- a/puppet/services/pacemaker/neutron-dhcp.yaml +++ b/puppet/services/pacemaker/neutron-dhcp.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: neutron_dhcp monitoring_subscription: {get_attr: [NeutronDhcpBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NeutronDhcpBase, role_data, logging_source]} + logging_groups: {get_attr: [NeutronDhcpBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NeutronDhcpBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml index 21ac02d4..cdb87f50 100644 --- a/puppet/services/pacemaker/neutron-l3.yaml +++ b/puppet/services/pacemaker/neutron-l3.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: neutron_l3 monitoring_subscription: {get_attr: [NeutronL3Base, role_data, monitoring_subscription]} + logging_source: {get_attr: [NeutronL3Base, role_data, logging_source]} + logging_groups: {get_attr: [NeutronL3Base, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NeutronL3Base, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml index 8c22d42d..49a31eb5 100644 --- a/puppet/services/pacemaker/neutron-metadata.yaml +++ b/puppet/services/pacemaker/neutron-metadata.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: neutron_metadata monitoring_subscription: {get_attr: [NeutronMetadataBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NeutronMetadataBase, role_data, logging_source]} + logging_groups: {get_attr: [NeutronMetadataBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NeutronMetadataBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-ovs-agent.yaml b/puppet/services/pacemaker/neutron-ovs-agent.yaml index 18d60735..a2bd7c83 100644 --- a/puppet/services/pacemaker/neutron-ovs-agent.yaml +++ b/puppet/services/pacemaker/neutron-ovs-agent.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: neutron_ovs_agent monitoring_subscription: {get_attr: [NeutronOvsBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NeutronOvsBase, role_data, logging_source]} + logging_groups: {get_attr: [NeutronOvsBase, role_data, logging_groups]} config_settings: get_attr: [NeutronOvsBase, role_data, config_settings] step_config: | diff --git a/puppet/services/pacemaker/nova-api.yaml b/puppet/services/pacemaker/nova-api.yaml index 3d565348..b86e438a 100644 --- a/puppet/services/pacemaker/nova-api.yaml +++ b/puppet/services/pacemaker/nova-api.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: nova_api monitoring_subscription: {get_attr: [NovaApiBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NovaApiBase, role_data, logging_source]} + logging_groups: {get_attr: [NovaApiBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NovaApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-conductor.yaml b/puppet/services/pacemaker/nova-conductor.yaml index 9d55a48a..a0a766ec 100644 --- a/puppet/services/pacemaker/nova-conductor.yaml +++ b/puppet/services/pacemaker/nova-conductor.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: nova_conductor monitoring_subscription: {get_attr: [NovaConductorBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NovaConductorBase, role_data, logging_source]} + logging_groups: {get_attr: [NovaConductorBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NovaConductorBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-consoleauth.yaml b/puppet/services/pacemaker/nova-consoleauth.yaml index 814505fb..5d51eb47 100644 --- a/puppet/services/pacemaker/nova-consoleauth.yaml +++ b/puppet/services/pacemaker/nova-consoleauth.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: nova_consoleauth monitoring_subscription: {get_attr: [NovaConsoleauthBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NovaConsoleauthBase, role_data, logging_source]} + logging_groups: {get_attr: [NovaConsoleauthBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NovaConsoleauthBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-scheduler.yaml b/puppet/services/pacemaker/nova-scheduler.yaml index 27692268..8828ee11 100644 --- a/puppet/services/pacemaker/nova-scheduler.yaml +++ b/puppet/services/pacemaker/nova-scheduler.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: nova_scheduler monitoring_subscription: {get_attr: [NovaSchedulerBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NovaSchedulerBase, role_data, logging_source]} + logging_groups: {get_attr: [NovaSchedulerBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NovaSchedulerBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-vnc-proxy.yaml b/puppet/services/pacemaker/nova-vnc-proxy.yaml index d0c4f1d0..ebe84a03 100644 --- a/puppet/services/pacemaker/nova-vnc-proxy.yaml +++ b/puppet/services/pacemaker/nova-vnc-proxy.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: nova_vnc_proxy monitoring_subscription: {get_attr: [NovaVncproxyBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [NovaVncproxyBase, role_data, logging_source]} + logging_groups: {get_attr: [NovaVncproxyBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [NovaVncproxyBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml index 214e8dbb..3dfb7d94 100644 --- a/puppet/services/pacemaker/sahara-api.yaml +++ b/puppet/services/pacemaker/sahara-api.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: sahara_api monitoring_subscription: {get_attr: [SaharaApiBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [SaharaApiBase, role_data, logging_source]} + logging_groups: {get_attr: [SaharaApiBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [SaharaApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml index aa85115d..a06d11b3 100644 --- a/puppet/services/pacemaker/sahara-engine.yaml +++ b/puppet/services/pacemaker/sahara-engine.yaml @@ -34,6 +34,8 @@ outputs: value: service_name: sahara_engine monitoring_subscription: {get_attr: [SaharaEngineBase, role_data, monitoring_subscription]} + logging_source: {get_attr: [SaharaEngineBase, role_data, logging_source]} + logging_groups: {get_attr: [SaharaEngineBase, role_data, logging_groups]} config_settings: map_merge: - get_attr: [SaharaEngineBase, role_data, config_settings] diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index a0669dcd..52300a2f 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -58,7 +58,7 @@ outputs: dport: - 4369 - 5672 - - 35672 + - 25672 rabbitmq::delete_guest_user: false rabbitmq::wipe_db_on_cookie_change: true rabbitmq::port: '5672' @@ -66,10 +66,10 @@ outputs: rabbitmq::repos_ensure: false rabbitmq_environment: RABBITMQ_NODENAME: "rabbit@%{::hostname}" - RABBITMQ_SERVER_ERL_ARGS: '"+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' + RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' rabbitmq_kernel_variables: - inet_dist_listen_min: '35672' - inet_dist_listen_max: '35672' + inet_dist_listen_min: '25672' + inet_dist_listen_max: '25672' rabbitmq_config_variables: tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]' cluster_partition_handling: 'pause_minority' diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 7f15ca72..4f139b5f 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -33,6 +33,11 @@ parameters: MonitoringSubscriptionSaharaApi: default: 'overcloud-sahara-api' type: string + SaharaApiLoggingSource: + type: json + default: + tag: openstack.sahara.api + path: /var/log/sahara/sahara-api.log resources: SaharaBase: @@ -48,16 +53,14 @@ outputs: value: service_name: sahara_api monitoring_subscription: {get_param: MonitoringSubscriptionSaharaApi} + logging_source: {get_param: SaharaApiLoggingSource} + logging_groups: + - sahara config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} sahara::service::api::api_workers: {get_param: SaharaWorkers} - sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]} - sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} - sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} - sahara::keystone::auth::password: {get_param: SaharaPassword } - sahara::keystone::auth::region: {get_param: KeystoneRegion} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP @@ -71,3 +74,11 @@ outputs: - 13386 step_config: | include ::tripleo::profile::base::sahara::api + service_config_settings: + keystone: + sahara::keystone::auth::tenant: 'service' + sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]} + sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} + sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} + sahara::keystone::auth::password: {get_param: SaharaPassword } + sahara::keystone::auth::region: {get_param: KeystoneRegion} diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index c1ab8e8b..c3986b77 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -85,6 +85,5 @@ outputs: - storm sahara::rpc_backend: rabbit sahara::admin_tenant_name: 'service' - sahara::keystone::auth::tenant: 'service' sahara::db::database_db_max_retries: -1 sahara::db::database_max_retries: -1 diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index 9224fd5f..287c1c05 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -21,6 +21,11 @@ parameters: MonitoringSubscriptionSaharaEngine: default: 'overcloud-sahara-engine' type: string + SaharaEngineLoggingSource: + type: json + default: + tag: openstack.sahara.engine + path: /var/log/sahara/sahara-engine.log resources: SaharaBase: @@ -36,6 +41,9 @@ outputs: value: service_name: sahara_engine monitoring_subscription: {get_param: MonitoringSubscriptionSaharaEngine} + logging_source: {get_param: SaharaEngineLoggingSource} + logging_groups: + - sahara config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index b54a6d7a..7b5fa40c 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -39,6 +39,9 @@ resources: EndpointMap: {get_param: EndpointMap} DefaultPasswords: {get_param: DefaultPasswords} + LoggingConfiguration: + type: OS::TripleO::LoggingConfiguration + outputs: role_data: description: Combined Role data for this set of services. @@ -51,12 +54,56 @@ outputs: data: {s_names: {get_attr: [ServiceChain, role_data, service_name]}} monitoring_subscriptions: yaql: - expression: list($.data.subscriptions.where($ != null)) - data: {subscriptions: {get_attr: [ServiceChain, role_data, monitoring_subscription]}} + expression: list($.data.where($ != null).select($.get('monitoring_subscription')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} + logging_sources: + # Transform the individual logging_source configuration from + # each service in the chain into a global list, adding some + # default configuration at the same time. + yaql: + expression: > + let( + default_format => $.data.default_format, + pos_file_path => $.data.pos_file_path, + sources => $.data.sources.flatten() + ) -> + $sources.where($ != null).select({ + 'type' => 'tail', + 'tag' => $.tag, + 'path' => $.path, + 'format' => $.get('format', $default_format), + 'pos_file' => $.get('pos_file', $pos_file_path + '/' + $.tag + '.pos') + }) + data: + sources: + - {get_attr: [LoggingConfiguration, LoggingDefaultSources]} + - yaql: + expression: list($.data.where($ != null).select($.get('logging_sources')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} + - {get_attr: [LoggingConfiguration, LoggingExtraSources]} + default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]} + pos_file_path: {get_attr: [LoggingConfiguration, LoggingPosFilePath]} + logging_groups: + # Build a list of unique groups to which we should add the + # fluentd user. + yaql: + expression: > + set($.data.groups.flatten()).where($) + data: + groups: + - [{get_attr: [LoggingConfiguration, LoggingDefaultGroups]}] + - yaql: + expression: list($.data.where($ != null).select($.get('logging_groups')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} + - [{get_attr: [LoggingConfiguration, LoggingExtraGroups]}] config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} global_config_settings: map_merge: yaql: - expression: list($.data.configs.where($ != null)) - data: {configs: {get_attr: [ServiceChain, role_data, global_config_settings]}} + expression: list($.data.where($ != null).select($.get('global_config_settings')).where($ != null)) + data: {get_attr: [ServiceChain, role_data]} + service_config_settings: + yaql: + expression: $.data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) + data: {get_attr: [ServiceChain, role_data]} step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index d7b0cd7c..8b990bcd 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -66,25 +66,11 @@ outputs: swift::proxy::authtoken::project_name: 'service' swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} swift::proxy::workers: {get_param: SwiftWorkers} - swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} - swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} - swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} - swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} - swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} - swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} - swift::keystone::auth::password: {get_param: SwiftPassword} - swift::keystone::auth::region: {get_param: KeystoneRegion} tripleo.swift_proxy.firewall_rules: '122 swift proxy': dport: - 8080 - 13808 - swift::keystone::auth::tenant: 'service' - swift::keystone::auth::configure_s3_endpoint: false - swift::keystone::auth::operator_roles: - - admin - - swiftoperator - - ResellerAdmin swift::proxy::keystone::operator_roles: - admin - swiftoperator @@ -113,3 +99,19 @@ outputs: swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]} step_config: | include ::tripleo::profile::base::swift::proxy + service_config_settings: + keystone: + swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} + swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} + swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} + swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} + swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} + swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} + swift::keystone::auth::password: {get_param: SwiftPassword} + swift::keystone::auth::region: {get_param: KeystoneRegion} + swift::keystone::auth::tenant: 'service' + swift::keystone::auth::configure_s3_endpoint: false + swift::keystone::auth::operator_roles: + - admin + - swiftoperator + - ResellerAdmin |