diff options
Diffstat (limited to 'puppet/services')
-rw-r--r-- | puppet/services/ceph-base.yaml | 6 | ||||
-rw-r--r-- | puppet/services/keepalived.yaml | 3 | ||||
-rw-r--r-- | puppet/services/logging/fluentd-config.yaml | 2 | ||||
-rw-r--r-- | puppet/services/manila-backend-cephfs.yaml | 2 | ||||
-rw-r--r-- | puppet/services/neutron-api.yaml | 9 | ||||
-rw-r--r-- | puppet/services/neutron-l3.yaml | 3 | ||||
-rw-r--r-- | puppet/services/neutron-ovs-agent.yaml | 6 | ||||
-rw-r--r-- | puppet/services/opendaylight-api.yaml | 11 | ||||
-rw-r--r-- | puppet/services/services.yaml | 2 | ||||
-rw-r--r-- | puppet/services/tripleo-firewall.yaml | 2 |
10 files changed, 24 insertions, 22 deletions
diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index ce8d9158..adb17b26 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -75,6 +75,12 @@ outputs: ceph::profile::params::manage_repo: false ceph::profile::params::authentication_type: cephx ceph::profile::params::fsid: {get_param: CephClusterFSID} + # FIXME(gfidente): we should not have to list the packages explicitly in the templates, + # but this has to stay until https://bugs.launchpad.net/puppet-ceph/+bug/1629933 is fixed + ceph::params::packages: + - ceph-base + - ceph-mon + - ceph-osd # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index 2b069d67..38cfbe22 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -41,5 +41,8 @@ outputs: config_settings: tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface} tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface} + tripleo.keepalived.firewall_rules: + '106 keepalived vrrp': + proto: vrrp step_config: | include ::tripleo::profile::base::keepalived diff --git a/puppet/services/logging/fluentd-config.yaml b/puppet/services/logging/fluentd-config.yaml index e051781e..58b423fd 100644 --- a/puppet/services/logging/fluentd-config.yaml +++ b/puppet/services/logging/fluentd-config.yaml @@ -70,7 +70,7 @@ parameters: - tag_pattern: '**' type: record_transformer record: - nodename: '${hostname}' + host: '${hostname}' - tag_pattern: 'openstack.**' type: record_transformer diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 89a36d21..37b0a1d2 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -33,7 +33,7 @@ parameters: default: 'cephfs' ManilaCephFSNativeCephFSConfPath: type: string - default: '/etc/ceph/cephfs.conf' + default: '/etc/ceph/ceph.conf' ManilaCephFSNativeCephFSAuthId: type: string default: 'manila' diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 3b531ab3..c2b6b6f7 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -145,16 +145,11 @@ outputs: neutron::server::notifications::password: {get_param: NovaPassword} neutron::keystone::authtoken::project_name: 'service' neutron::server::sync_db: true - tripleo.neutron_server.firewall_rules: - '114 neutron server': + tripleo.neutron_api.firewall_rules: + '114 neutron api': dport: - 9696 - 13696 - '118 neutron vxlan networks': - proto: 'udp' - dport: 4789 - '106 vrrp': - proto: vrrp neutron::server::router_distributed: {get_param: NeutronEnableDVR} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 9e223374..a89e3d75 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -67,5 +67,8 @@ outputs: - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} neutron::agents::l3::router_delete_namespaces: True neutron::agents::l3::agent_mode : {get_param: NeutronL3AgentMode} + tripleo.neutron_l3.firewall_rules: + '106 neutron_l3 vrrp': + proto: vrrp step_config: | include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index cbe65638..cca0deee 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -117,5 +117,11 @@ outputs: # internal_api_subnet - > IP/CIDR neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver} + tripleo.neutron_ovs_agent.firewall_rules: + '118 neutron vxlan networks': + proto: 'udp' + dport: 4789 + '136 neutron gre networks': + proto: 'gre' step_config: | include ::tripleo::profile::base::neutron::ovs diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index d2ee036e..30351dfb 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -33,14 +33,6 @@ parameters: description: List of features to install with ODL type: comma_delimited_list default: ["odl-netvirt-openstack","odl-netvirt-ui"] - OpenDaylightConnectionProtocol: - description: L7 protocol used for REST access - type: string - default: 'http' - OpenDaylightCheckURL: - description: URL postfix to verify ODL has finished starting up - type: string - default: 'restconf/operational/network-topology:network-topology/topology/netvirt:1' OpenDaylightApiVirtualIP: type: string default: '' @@ -67,14 +59,11 @@ outputs: config_settings: opendaylight::odl_rest_port: {get_param: OpenDaylightPort} odl_on_controller: {get_param: EnableOpenDaylightOnController} - opendaylight_check_url: {get_param: OpenDaylightCheckURL} opendaylight::username: {get_param: OpenDaylightUsername} opendaylight::password: {get_param: OpenDaylightPassword} opendaylight::enable_l3: {get_param: OpenDaylightEnableL3} opendaylight::extra_features: {get_param: OpenDaylightFeatures} opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP} - opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpenDaylightApiNetwork]} step_config: | include tripleo::profile::base::neutron::opendaylight - include tripleo::profile::base::neutron::plugins::ovs::opendaylight diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index 7b5fa40c..176fd235 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -78,7 +78,7 @@ outputs: sources: - {get_attr: [LoggingConfiguration, LoggingDefaultSources]} - yaql: - expression: list($.data.where($ != null).select($.get('logging_sources')).where($ != null)) + expression: list($.data.where($ != null).select($.get('logging_source')).where($ != null)) data: {get_attr: [ServiceChain, role_data]} - {get_attr: [LoggingConfiguration, LoggingExtraSources]} default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]} diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml index f6ec458f..7eb39905 100644 --- a/puppet/services/tripleo-firewall.yaml +++ b/puppet/services/tripleo-firewall.yaml @@ -19,7 +19,7 @@ parameters: via parameter_defaults in the resource registry. type: json ManageFirewall: - default: false + default: true description: Whether to manage IPtables rules. type: boolean PurgeFirewallRules: |