summaryrefslogtreecommitdiffstats
path: root/puppet/services
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/services')
-rw-r--r--puppet/services/barbican-api.yaml127
-rw-r--r--puppet/services/ceph-external.yaml26
-rw-r--r--puppet/services/cinder-api.yaml31
-rw-r--r--puppet/services/glance-base.yaml18
-rw-r--r--puppet/services/gnocchi-statsd.yaml4
-rw-r--r--puppet/services/horizon.yaml3
-rw-r--r--puppet/services/keystone.yaml3
-rw-r--r--puppet/services/manila-api.yaml30
-rw-r--r--puppet/services/manila-base.yaml22
-rw-r--r--puppet/services/manila-scheduler.yaml9
-rw-r--r--puppet/services/manila-share.yaml10
-rw-r--r--puppet/services/mistral-api.yaml52
-rw-r--r--puppet/services/mistral-base.yaml93
-rw-r--r--puppet/services/mistral-engine.yaml38
-rw-r--r--puppet/services/mistral-executor.yaml38
-rw-r--r--puppet/services/monitoring/sensu-client.yaml17
-rw-r--r--puppet/services/nova-api.yaml3
-rw-r--r--puppet/services/nova-libvirt.yaml7
-rw-r--r--puppet/services/nova-scheduler.yaml2
-rw-r--r--puppet/services/nova-vnc-proxy.yaml5
-rw-r--r--puppet/services/opendaylight-api.yaml5
-rw-r--r--puppet/services/opendaylight-ovs.yaml1
-rw-r--r--puppet/services/rabbitmq.yaml2
-rw-r--r--puppet/services/swift-proxy.yaml11
-rw-r--r--puppet/services/swift-ringbuilder.yaml7
-rw-r--r--puppet/services/swift-storage.yaml2
26 files changed, 520 insertions, 46 deletions
diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml
new file mode 100644
index 00000000..cf57680c
--- /dev/null
+++ b/puppet/services/barbican-api.yaml
@@ -0,0 +1,127 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Barbican API service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ BarbicanPassword:
+ description: The password for the barbican service account.
+ type: string
+ hidden: true
+ BarbicanWorkers:
+ description: Set the number of workers for barbican::wsgi::apache
+ default: '"%{::processorcount}"'
+ type: string
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+
+resources:
+
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Barbican API role.
+ value:
+ service_name: barbican_api
+ config_settings:
+ map_merge:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
+ - barbican::keystone::authtoken::password: {get_param: BarbicanPassword}
+ barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ barbican::keystone::authtoken::project_name: 'service'
+ barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]}
+ barbican::api::db_auto_create: false
+ barbican::api::enabled_certificate_plugins: ['simple_certificate']
+ barbican::api::logging::debug: {get_param: Debug}
+ barbican::api::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ barbican::api::rabbit_userid: {get_param: RabbitUserName}
+ barbican::api::rabbit_password: {get_param: RabbitPassword}
+ barbican::api::rabbit_port: {get_param: RabbitClientPort}
+ barbican::api::rabbit_heartbeat_timeout_threshold: 60
+ barbican::api::service_name: 'httpd'
+ barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
+ barbican::wsgi::apache::ssl: false
+ barbican::wsgi::apache::workers: {get_param: BarbicanWorkers}
+ barbican::wsgi::apache::servername:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
+ barbican::db::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://barbican:'
+ - {get_param: BarbicanPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/barbican'
+ tripleo.barbican_api.firewall_rules:
+ '117 barbican':
+ dport:
+ - 9311
+ - 13311
+ step_config: |
+ include ::tripleo::profile::base::barbican::api
+ service_config_settings:
+ mysql:
+ barbican::db::mysql::password: {get_param: BarbicanPassword}
+ barbican::db::mysql::user: barbican
+ barbican::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ barbican::db::mysql::dbname: barbican
+ barbican::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+ keystone:
+ barbican::keystone::auth::public_url: {get_param: [EndpointMap, BarbicanPublic, uri]}
+ barbican::keystone::auth::internal_url: {get_param: [EndpointMap, BarbicanInternal, uri]}
+ barbican::keystone::auth::admin_url: {get_param: [EndpointMap, BarbicanAdmin, uri]}
+ barbican::keystone::auth::password: {get_param: BarbicanPassword}
+ barbican::keystone::auth::region: {get_param: KeystoneRegion}
+ barbican::keystone::auth::tenant: 'service'
diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml
index 7d75074c..9120687b 100644
--- a/puppet/services/ceph-external.yaml
+++ b/puppet/services/ceph-external.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
Ceph External service.
@@ -27,9 +27,20 @@ parameters:
GlanceRbdPoolName:
default: images
type: string
+ GlanceBackend:
+ default: swift
+ description: The short name of the Glance backend to use. Should be one
+ of swift, rbd, or file
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'file', 'rbd']
GnocchiRbdPoolName:
default: metrics
type: string
+ NovaEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Nova
+ type: boolean
NovaRbdPoolName:
default: vms
type: string
@@ -51,6 +62,16 @@ parameters:
default: 'overcloud-ceph-external'
type: string
+conditions:
+ glance_multiple_locations:
+ and:
+ - equals:
+ - get_param: GlanceBackend
+ - rbd
+ - equals:
+ - get_param: NovaEnableRbdBackend
+ - true
+
outputs:
role_data:
description: Role data for the Ceph External service.
@@ -79,6 +100,7 @@ outputs:
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
service_config_settings:
- get_attr: [CephBase, role_data, service_config_settings]
+ glance_api:
+ glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}
step_config: |
include ::tripleo::profile::base::ceph::client
diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml
index 9c96acc4..fe48667a 100644
--- a/puppet/services/cinder-api.yaml
+++ b/puppet/services/cinder-api.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
OpenStack Cinder API service configured with Puppet
@@ -39,9 +39,23 @@ parameters:
default:
tag: openstack.cinder.api
path: /var/log/cinder/cinder-api.log
+ CinderWorkers:
+ type: string
+ description: Set the number of workers for cinder::wsgi::apache
+ default: '"%{::os_workers}"'
+
+conditions:
+ cinder_workers_zero: {equals : [{get_param: CinderWorkers}, 0]}
resources:
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
CinderBase:
type: ./cinder-base.yaml
properties:
@@ -61,6 +75,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
- cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
cinder::keystone::authtoken::password: {get_param: CinderPassword}
@@ -85,6 +100,20 @@ outputs:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
cinder::api::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
+ cinder::api::service_name: 'httpd'
+ cinder::wsgi::apache::ssl: false
+ cinder::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CinderApiNetwork]}
+ cinder::wsgi::apache::servername:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ -
+ if:
+ - cinder_workers_zero
+ - {}
+ - cinder::wsgi::apache::workers: {get_param: CinderWorkers}
step_config: |
include ::tripleo::profile::base::cinder::api
service_config_settings:
diff --git a/puppet/services/glance-base.yaml b/puppet/services/glance-base.yaml
index 3294fc0f..cc979af9 100644
--- a/puppet/services/glance-base.yaml
+++ b/puppet/services/glance-base.yaml
@@ -44,6 +44,21 @@ parameters:
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd']
+ GlanceNfsEnabled:
+ default: false
+ description: >
+ When using GlanceBackend 'file', mount NFS share for image storage.
+ type: boolean
+ GlanceNfsShare:
+ default: ''
+ description: >
+ NFS share to mount for image storage (when GlanceNfsEnabled is true)
+ type: string
+ GlanceNfsOptions:
+ default: 'intr,context=system_u:object_r:glance_var_lib_t:s0'
+ description: >
+ NFS mount options for image storage (when GlanceNfsEnabled is true)
+ type: string
GlanceRbdPoolName:
default: images
type: string
@@ -92,6 +107,9 @@ outputs:
glance::notify::rabbitmq::notification_driver: messagingv2
glance::registry::db::database_db_max_retries: -1
glance::registry::db::database_max_retries: -1
+ tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled}
+ tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare}
+ tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions}
service_config_settings:
keystone:
glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml
index 04339f46..983d6c91 100644
--- a/puppet/services/gnocchi-statsd.yaml
+++ b/puppet/services/gnocchi-statsd.yaml
@@ -39,5 +39,9 @@ outputs:
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
+ - tripleo.gnocchi_statsd.firewall_rules:
+ '140 gnocchi-statsd':
+ dport: 8125
+ proto: 'udp'
step_config: |
include ::tripleo::profile::base::gnocchi::statsd
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 6ea5ec4e..1e08415c 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -24,7 +24,8 @@ parameters:
type: json
HorizonAllowedHosts:
default: '*'
- description: A list of IP/Hostname allowed to connect to horizon
+ description: A list of IP/Hostname for the server Horizonis running on.
+ Used for header checks.
type: comma_delimited_list
HorizonSecret:
description: Secret key for Django
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index d424a0e8..1f83b680 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -83,7 +83,7 @@ parameters:
KeystoneWorkers:
type: string
description: Set the number of workers for keystone::wsgi::apache
- default: '"%{::processorcount}"'
+ default: '"%{::os_workers}"'
MonitoringSubscriptionKeystone:
default: 'overcloud-kestone'
type: string
@@ -134,6 +134,7 @@ outputs:
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/keystone'
keystone::admin_token: {get_param: AdminToken}
+ keystone::admin_password: {get_param: AdminPassword}
keystone::roles::admin::password: {get_param: AdminPassword}
keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml
index 4d3fd47c..5f4ab6ba 100644
--- a/puppet/services/manila-api.yaml
+++ b/puppet/services/manila-api.yaml
@@ -62,21 +62,15 @@ outputs:
step_config: |
include ::tripleo::profile::base::manila::api
service_config_settings:
- keystone:
- manila::keystone::auth::tenant: 'service'
- manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
- manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
- manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
- manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
- manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
- manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
- manila::keystone::auth::password: {get_param: ManilaPassword}
- manila::keystone::auth::region: {get_param: KeystoneRegion}
- mysql:
- manila::db::mysql::password: {get_param: ManilaPassword}
- manila::db::mysql::user: manila
- manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- manila::db::mysql::dbname: manila
- manila::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
+ map_merge:
+ - get_attr: [ManilaBase, role_data, service_config_settings]
+ - keystone:
+ manila::keystone::auth::tenant: 'service'
+ manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
+ manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
+ manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
+ manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]}
+ manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]}
+ manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
+ manila::keystone::auth::password: {get_param: ManilaPassword}
+ manila::keystone::auth::region: {get_param: KeystoneRegion}
diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml
index d228577a..844bd3a3 100644
--- a/puppet/services/manila-base.yaml
+++ b/puppet/services/manila-base.yaml
@@ -40,6 +40,10 @@ parameters:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ ManilaPassword:
+ description: The password for the manila service account.
+ type: string
+ hidden: true
outputs:
role_data:
@@ -54,3 +58,21 @@ outputs:
manila::debug: {get_param: Debug}
manila::db::database_db_max_retries: -1
manila::db::database_max_retries: -1
+ manila::sql_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://manila:'
+ - {get_param: ManilaPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/manila'
+ service_config_settings:
+ mysql:
+ manila::db::mysql::password: {get_param: ManilaPassword}
+ manila::db::mysql::user: manila
+ manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ manila::db::mysql::dbname: manila
+ manila::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml
index 474cc24f..d96b677b 100644
--- a/puppet/services/manila-scheduler.yaml
+++ b/puppet/services/manila-scheduler.yaml
@@ -57,14 +57,5 @@ outputs:
manila::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, NeutronAdmin, uri]}
manila::network::neutron::neutron_admin_password: {get_param: NeutronPassword}
- manila::sql_connection:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://manila:'
- - {get_param: ManilaPassword}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/manila'
step_config: |
include ::tripleo::profile::base::manila::scheduler
diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml
index e42d2fae..49c69fc1 100644
--- a/puppet/services/manila-share.yaml
+++ b/puppet/services/manila-share.yaml
@@ -21,6 +21,10 @@ parameters:
MonitoringSubscriptionManilaShare:
default: 'overcloud-manila-share'
type: string
+ ManilaPassword:
+ description: The password for the manila service account.
+ type: string
+ hidden: true
resources:
ManilaBase:
@@ -40,5 +44,11 @@ outputs:
map_merge:
- get_attr: [ManilaBase, role_data, config_settings]
- manila::volume::cinder::cinder_admin_tenant_name: 'service'
+ manila::keystone::authtoken::password: {get_param: ManilaPassword}
+ manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ manila::keystone::authtoken::project_name: 'service'
+ service_config_settings:
+ get_attr: [ManilaBase, role_data, service_config_settings]
step_config: |
include ::tripleo::profile::base::manila::share
diff --git a/puppet/services/mistral-api.yaml b/puppet/services/mistral-api.yaml
new file mode 100644
index 00000000..44d30358
--- /dev/null
+++ b/puppet/services/mistral-api.yaml
@@ -0,0 +1,52 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Openstack Mistral API service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MistralWorkers:
+ default: 1
+ description: The number of workers for the mistral-api.
+ type: number
+
+resources:
+ MistralBase:
+ type: ./mistral-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Mistral API role.
+ value:
+ service_name: mistral_api
+ config_settings:
+ map_merge:
+ - get_attr: [MistralBase, role_data, config_settings]
+ - mistral::api::api_workers: {get_param: MistralWorkers}
+ mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]}
+ tripleo.mistral_api.firewall_rules:
+ '133 mistral':
+ dport:
+ - 8989
+ - 13989
+ service_config_settings:
+ get_attr: [MistralBase, role_data, service_config_settings]
+ step_config: |
+ include ::tripleo::profile::base::mistral::api
diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml
new file mode 100644
index 00000000..a11624c0
--- /dev/null
+++ b/puppet/services/mistral-base.yaml
@@ -0,0 +1,93 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Openstack Mistral base service. Shared for all Mistral services.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ MistralPassword:
+ description: The password for the Mistral service and db account, used by the Mistral services.
+ type: string
+ hidden: true
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+
+outputs:
+ role_data:
+ description: Shared role data for the Mistral services.
+ value:
+ service_name: mistral_base
+ config_settings:
+ mistral::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://mistral:'
+ - {get_param: MistralPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/mistral'
+ mistral::rabbit_userid: {get_param: RabbitUserName}
+ mistral::rabbit_password: {get_param: RabbitPassword}
+ mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ mistral::rabbit_port: {get_param: RabbitClientPort}
+ mistral::debug: {get_param: Debug}
+ mistral::keystone_password: {get_param: MistralPassword}
+ mistral::keystone_tenant: 'service'
+ mistral::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ mistral::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]}
+ mistral::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ service_config_settings:
+ keystone:
+ mistral::keystone::auth::tenant: 'service'
+ mistral::keystone::auth::public_url: {get_param: [EndpointMap, MistralPublic, uri]}
+ mistral::keystone::auth::internal_url: {get_param: [EndpointMap, MistralInternal, uri]}
+ mistral::keystone::auth::admin_url: {get_param: [EndpointMap, MistralAdmin, uri]}
+ mistral::keystone::auth::password: {get_param: MistralPassword}
+ mistral::keystone::auth::region: {get_param: KeystoneRegion}
+ mysql:
+ mistral::db::mysql::user: mistral
+ mistral::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ mistral::db::mysql::dbname: mistral
+ mistral::db::mysql::password: {get_param: MistralPassword}
+ mistral::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/mistral-engine.yaml b/puppet/services/mistral-engine.yaml
new file mode 100644
index 00000000..10af670d
--- /dev/null
+++ b/puppet/services/mistral-engine.yaml
@@ -0,0 +1,38 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Openstack Mistral Engine service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ MistralBase:
+ type: ./mistral-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Mistral Engine role.
+ value:
+ service_name: mistral_engine
+ config_settings:
+ get_attr: [MistralBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::base::mistral::engine
diff --git a/puppet/services/mistral-executor.yaml b/puppet/services/mistral-executor.yaml
new file mode 100644
index 00000000..7afaf0db
--- /dev/null
+++ b/puppet/services/mistral-executor.yaml
@@ -0,0 +1,38 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Openstack Mistral API service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+ MistralBase:
+ type: ./mistral-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Mistral Executor role.
+ value:
+ service_name: mistral_executor
+ config_settings:
+ get_attr: [MistralBase, role_data, config_settings]
+ step_config: |
+ include ::tripleo::profile::base::mistral::executor
diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml
index 3f37e750..a26c7458 100644
--- a/puppet/services/monitoring/sensu-client.yaml
+++ b/puppet/services/monitoring/sensu-client.yaml
@@ -18,6 +18,13 @@ parameters:
Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ AdminPassword:
+ description: Keystone admin user password
+ type: string
+ KeystoneRegion:
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ type: string
SensuClientCustomConfig:
default: {}
description: Hash containing custom sensu-client variables.
@@ -44,6 +51,14 @@ outputs:
- sensu::api: false
sensu::client: true
sensu::server: false
- sensu::client_custom: {get_param: SensuClientCustomConfig}
+ sensu::client_custom:
+ map_merge:
+ - {get_param: SensuClientCustomConfig}
+ - openstack:
+ username: 'admin'
+ password: {get_param: AdminPassword}
+ auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ tenant_name: 'admin'
+ region: {get_param: KeystoneRegion}
step_config: |
include ::tripleo::profile::base::monitoring::sensu
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index ba7fb2e1..3cc238c1 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -88,8 +88,6 @@ outputs:
tripleo.nova_api.firewall_rules:
'113 nova_api':
dport:
- - 6080
- - 13080
- 8773
- 3773
- 8774
@@ -118,7 +116,6 @@ outputs:
'"%{::fqdn_$NETWORK}"'
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
- nova::wsgi::apache::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
nova::api::instance_name_template: {get_param: InstanceNameTemplate}
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index b5ca2437..70774bac 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -50,6 +50,13 @@ outputs:
tripleo::profile::base::nova::libvirt_enabled: true
nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
+ tripleo.nova_libvirt.firewall_rules:
+ '200 nova_libvirt':
+ dport:
+ - 16509
+ - 16514
+ - '49152-49215'
+ - '5900-5999'
step_config: |
include tripleo::profile::base::nova::libvirt
diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml
index d89e3e11..d4e5fff6 100644
--- a/puppet/services/nova-scheduler.yaml
+++ b/puppet/services/nova-scheduler.yaml
@@ -58,7 +58,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- - nova::scheduler::filter::ram_allocation_ratio: '1.0'
+ - nova::ram_allocation_ratio: '1.0'
nova::scheduler::filter::scheduler_available_filters: {get_param: NovaSchedulerAvailableFilters}
nova::scheduler::filter::scheduler_default_filters: {get_param: NovaSchedulerDefaultFilters}
step_config: |
diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml
index 85d59ae6..e6b0703f 100644
--- a/puppet/services/nova-vnc-proxy.yaml
+++ b/puppet/services/nova-vnc-proxy.yaml
@@ -57,5 +57,10 @@ outputs:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ tripleo.nova_vnc_proxy.firewall_rules:
+ '137 nova_vnc_proxy':
+ dport:
+ - 6080
+ - 13080
step_config: |
include tripleo::profile::base::nova::vncproxy
diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml
index 30351dfb..318c898e 100644
--- a/puppet/services/opendaylight-api.yaml
+++ b/puppet/services/opendaylight-api.yaml
@@ -8,10 +8,6 @@ parameters:
default: 8081
description: Set opendaylight service port
type: number
- EnableOpenDaylightOnController:
- default: false
- description: Whether to install OpenDaylight on control nodes.
- type: boolean
OpenDaylightUsername:
default: 'admin'
description: The username for the opendaylight server.
@@ -58,7 +54,6 @@ outputs:
service_name: opendaylight_api
config_settings:
opendaylight::odl_rest_port: {get_param: OpenDaylightPort}
- odl_on_controller: {get_param: EnableOpenDaylightOnController}
opendaylight::username: {get_param: OpenDaylightUsername}
opendaylight::password: {get_param: OpenDaylightPassword}
opendaylight::enable_l3: {get_param: OpenDaylightEnableL3}
diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml
index ea7410ca..268ca244 100644
--- a/puppet/services/opendaylight-ovs.yaml
+++ b/puppet/services/opendaylight-ovs.yaml
@@ -48,6 +48,7 @@ outputs:
opendaylight::odl_rest_port: {get_param: OpenDaylightPort}
opendaylight_check_url: {get_param: OpenDaylightCheckURL}
opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
+ neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
neutron::plugins::ovs::opendaylight::provider_mappings:
str_replace:
template: MAPPINGS
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index 5387529d..44a09a42 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -71,6 +71,7 @@ outputs:
rabbitmq::port: '5672'
rabbitmq::package_source: undef
rabbitmq::repos_ensure: false
+ rabbitmq::tcp_keepalive: true
rabbitmq_environment:
RABBITMQ_NODENAME: "rabbit@%{::hostname}"
RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
@@ -78,7 +79,6 @@ outputs:
inet_dist_listen_min: '25672'
inet_dist_listen_max: '25672'
rabbitmq_config_variables:
- tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]'
cluster_partition_handling: 'pause_minority'
queue_master_locator: '<<"min-masters">>'
loopback_users: '[]'
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index ed0d12cf..ae265448 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -41,6 +41,14 @@ parameters:
MonitoringSubscriptionSwiftProxy:
default: 'overcloud-swift-proxy'
type: string
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
resources:
SwiftBase:
@@ -66,6 +74,8 @@ outputs:
swift::proxy::authtoken::project_name: 'service'
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
swift::proxy::workers: {get_param: SwiftWorkers}
+ swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName}
+ swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
tripleo.swift_proxy.firewall_rules:
'122 swift proxy':
dport:
@@ -89,6 +99,7 @@ outputs:
- 'keystone'
- 'staticweb'
- 'versioned_writes'
+ - 'ceilometer'
- 'proxy-logging'
- 'proxy-server'
swift::proxy::account_autocreate: true
diff --git a/puppet/services/swift-ringbuilder.yaml b/puppet/services/swift-ringbuilder.yaml
index 8ed4e9f4..5c70b6ab 100644
--- a/puppet/services/swift-ringbuilder.yaml
+++ b/puppet/services/swift-ringbuilder.yaml
@@ -38,7 +38,10 @@ parameters:
default: {}
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
type: json
-
+ SwiftUseLocalDir:
+ default: true
+ description: 'Use a local directory for Swift storage services when building rings'
+ type: boolean
outputs:
role_data:
@@ -56,7 +59,7 @@ outputs:
expression: $.data.raw_disk_lists.flatten()
data:
raw_disk_lists:
- - [':%PORT%/d1']
+ - {if: [{get_param: SwiftUseLocalDir}, [':%PORT%/d1'], []]}
- repeat:
template: ':%PORT%/DEVICE'
for_each:
diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml
index 7fbb8d90..cffe78f5 100644
--- a/puppet/services/swift-storage.yaml
+++ b/puppet/services/swift-storage.yaml
@@ -86,7 +86,7 @@ outputs:
swift::storage::all::account_pipeline:
- healthcheck
- account-server
- swift::storage::disks: {get_param: SwiftRawDisks}
+ swift::storage::disks::args: {get_param: SwiftRawDisks}
swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
step_config: |
include ::tripleo::profile::base::swift::storage