diff options
Diffstat (limited to 'puppet/services')
| -rw-r--r-- | puppet/services/aodh-base.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/ceilometer-base.yaml | 8 | ||||
| -rw-r--r-- | puppet/services/cinder-base.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/glance-registry.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/gnocchi-api.yaml | 16 | ||||
| -rw-r--r-- | puppet/services/gnocchi-base.yaml | 6 | ||||
| -rw-r--r-- | puppet/services/heat-engine.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/ironic-base.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/keystone.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/manila-base.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/neutron-base.yaml | 7 | ||||
| -rw-r--r-- | puppet/services/neutron-ovs-agent.yaml | 4 | ||||
| -rw-r--r-- | puppet/services/neutron-server.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/nova-base.yaml | 33 | ||||
| -rw-r--r-- | puppet/services/nova-compute.yaml | 30 | ||||
| -rw-r--r-- | puppet/services/nova-libvirt.yaml | 6 | ||||
| -rw-r--r-- | puppet/services/nova-vncproxy.yaml | 10 | ||||
| -rw-r--r-- | puppet/services/sahara-base.yaml | 4 |
18 files changed, 113 insertions, 27 deletions
diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 30c3f416..6a9f5d75 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -85,7 +85,7 @@ outputs: aodh::keystone::auth::tenant: 'service' aodh::db::mysql::user: aodh aodh::db::mysql::password: {get_param: AodhPassword} - aodh::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} aodh::db::mysql::dbname: aodh aodh::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 5342cefb..59b4cc2a 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -35,6 +35,10 @@ parameters: default: false description: Whether to store events in ceilometer. type: boolean + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string KeystoneRegion: type: string default: 'regionOne' @@ -64,6 +68,7 @@ outputs: value: service_name: ceilometer_base config_settings: + ceilometer::debug: {get_param: Debug} ceilometer::db::database_connection: list_join: - '' @@ -103,7 +108,7 @@ outputs: ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} ceilometer::rabbit_port: {get_param: RabbitClientPort} ceilometer::db::mysql::user: ceilometer - ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} ceilometer::db::mysql::dbname: ceilometer ceilometer::db::mysql::allowed_hosts: - '%' @@ -111,3 +116,4 @@ outputs: ceilometer::rabbit_heartbeat_timeout_threshold: 60 ceilometer::db::database_db_max_retries: -1 ceilometer::db::database_max_retries: -1 + ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret} diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index f5d98afa..c554bf97 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -58,7 +58,7 @@ outputs: cinder::rabbit_password: {get_param: RabbitPassword} cinder::rabbit_port: {get_param: RabbitClientPort} cinder::db::mysql::user: cinder - cinder::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} cinder::db::mysql::dbname: cinder cinder::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index 40d18191..ca10fd12 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -45,7 +45,7 @@ outputs: glance::registry::debug: {get_param: Debug} glance::registry::workers: {get_param: GlanceWorkers} glance::db::mysql::user: glance - glance::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} glance::db::mysql::dbname: glance glance::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index d97626a6..265cb9f0 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -9,6 +9,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + GnocchiPassword: + description: The password for the gnocchi service and db account. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint resources: GnocchiServiceBase: @@ -29,6 +37,12 @@ outputs: dport: - 8041 - 13041 - - gnocchi::api::keystone_tenant: 'service' + gnocchi::api::keystone_tenant: 'service' + gnocchi::keystone::auth::tenant: 'service' + gnocchi::keystone::auth::region: {get_param: KeystoneRegion} + gnocchi::keystone::auth::password: {get_param: GnocchiPassword} + gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } + gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} + gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } step_config: | include ::tripleo::profile::base::gnocchi::api diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index fcd81b26..a072e8ef 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -60,9 +60,6 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' - gnocchi::keystone::auth::region: {get_param: KeystoneRegion} - gnocchi::keystone::auth::tenant: 'service' - gnocchi::keystone::auth::password: {get_param: GnocchiPassword} gnocchi::db::mysql::password: {get_param: GnocchiPassword} gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types' #Gnocchi API @@ -70,7 +67,6 @@ outputs: gnocchi::api::manage_service: false gnocchi::api::enabled: true gnocchi::api::service_name: 'httpd' - gnocchi::api::keystone_tenant: 'service' gnocchi::api::keystone_password: {get_param: GnocchiPassword} gnocchi::wsgi::apache::ssl: false gnocchi::storage::coordination_url: @@ -101,7 +97,7 @@ outputs: gnocchi::statsd::flush_delay: 10 gnocchi::statsd::archive_policy_name: 'low' gnocchi::db::mysql::user: gnocchi - gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} gnocchi::db::mysql::dbname: gnocchi gnocchi::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 13555a62..044ca880 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -58,7 +58,7 @@ outputs: heat::db::mysql::password: {get_param: HeatPassword} heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} heat::db::mysql::user: heat - heat::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} heat::db::mysql::dbname: heat heat::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index 41d2234a..508694ee 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -59,7 +59,7 @@ outputs: ironic::rabbit_use_ssl: {get_param: RabbitClientUseSSL} ironic::db::mysql::password: {get_param: IronicPassword} ironic::db::mysql::user: ironic - ironic::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} ironic::db::mysql::dbname: ironic ironic::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index d45ed86e..988c80ce 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -112,7 +112,7 @@ outputs: keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} keystone::db::mysql::user: keystone - keystone::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} keystone::db::mysql::dbname: keystone keystone::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index c156379b..663a9345 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -93,7 +93,7 @@ outputs: manila::rabbit_port: {get_param: RabbitClientPort} manila::debug: {get_param: Debug} manila::db::mysql::user: manila - manila::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} manila::db::mysql::dbname: manila manila::db::database_db_max_retries: -1 manila::db::database_max_retries: -1 diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index f6339c83..bc8dd8d1 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -42,6 +42,12 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + EnableConfigPurge: + type: boolean + default: true + description: > + Remove configuration that is not generated by TripleO. Setting + to false may result in configuration remnants after updates/upgrades. outputs: role_data: @@ -61,6 +67,7 @@ outputs: params: PLUGINS: {get_param: NeutronServicePlugins} neutron::debug: {get_param: Debug} + neutron::purge_config: {get_param: EnableConfigPurge} neutron::allow_overlapping_ips: true neutron::rabbit_heartbeat_timeout_threshold: 60 neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 7a97cd84..d52b8a26 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -9,9 +9,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - NeutronEnableTunnelling: - type: string - default: "True" NeutronEnableL2Pop: type: string description: > @@ -56,7 +53,6 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - neutron::agents::ml2::ovs::enable_tunneling: {get_param: NeutronEnableTunnelling} neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop} neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR} neutron::agents::ml2::ovs::bridge_mappings: diff --git a/puppet/services/neutron-server.yaml b/puppet/services/neutron-server.yaml index cd602e6e..c40b37b0 100644 --- a/puppet/services/neutron-server.yaml +++ b/puppet/services/neutron-server.yaml @@ -82,7 +82,7 @@ outputs: neutron::server::sync_db: true neutron::db::mysql::password: {get_param: NeutronPassword} neutron::db::mysql::user: neutron - neutron::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} neutron::db::mysql::dbname: ovs_neutron neutron::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 5bc94b2b..9b1b0760 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -17,6 +17,10 @@ parameters: description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true + NovaOVSBridge: + default: 'br-int' + description: Name of integration bridge used by Open vSwitch + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -39,6 +43,20 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + EnableConfigPurge: + type: boolean + default: true + description: > + Remove configuration that is not generated by TripleO. Setting + to false may result in configuration remnants after updates/upgrades. + NovaIPv6: + default: false + description: Enable IPv6 features in Nova + type: boolean + UpgradeLevelNovaCompute: + type: string + description: Nova Compute upgrade level + default: '' outputs: role_data: @@ -47,7 +65,7 @@ outputs: service_name: nova_base config_settings: nova::rabbit_password: {get_param: RabbitPassword} - nova::rabbit_user: {get_param: RabbitUserName} + nova::rabbit_userid: {get_param: RabbitUserName} nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} nova::rabbit_port: {get_param: RabbitClientPort} nova::database_connection: @@ -70,19 +88,20 @@ outputs: - '/nova_api' nova::db::mysql::password: {get_input: nova_password} nova::db::mysql::user: nova - nova::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} nova::db::mysql::dbname: nova nova::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" nova::db::mysql_api::password: {get_input: nova_password} nova::db::mysql_api::user: nova_api - nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} nova::db::mysql_api::dbname: nova_api nova::db::mysql_api::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" nova::debug: {get_param: Debug} + nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' nova::network::neutron::neutron_username: 'neutron' nova::network::neutron::dhcp_domain: '' @@ -96,16 +115,20 @@ outputs: nova::notification_driver: messagingv2 nova::network::neutron::neutron_auth_type: 'v3password' nova::db::mysql::user: nova - nova::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} nova::db::mysql::dbname: nova nova::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" nova::db::mysql_api::user: nova_api - nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} nova::db::mysql_api::dbname: nova_api nova::db::mysql_api::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" nova::db::database_db_max_retries: -1 nova::db::database_max_retries: -1 + nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} + nova::use_ipv6: {get_param: NovaIPv6} + nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute} + nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge} diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index bcc3a232..19f1f02a 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -15,6 +15,22 @@ parameters: CephClientUserName: default: openstack type: string + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean + NovaComputeLibvirtVifDriver: + default: '' + description: Libvirt VIF driver configuration for the network + type: string resources: NovaBase: @@ -37,6 +53,8 @@ outputs: tripleo::profile::base::nova::nova_compute_enabled: true nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend} + rbd_persistent_storage: {get_param: CinderEnableRbdBackend} nova::compute::rbd::rbd_keyring: list_join: - '.' @@ -45,13 +63,23 @@ outputs: nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"' nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' + nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend} + # TUNNELLED mode provides a security enhancement when using shared + # storage but is not supported when not using shared storage. + # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 + # In future versions of QEMU (2.6, mostly), danpb's native + # encryption work will obsolete the need to use TUNNELLED transport + # mode. + nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend} # Changing the default from 512MB. The current templates can not deploy # overclouds with swap. On an idle compute node, we see ~1024MB of RAM # used. 2048 is suggested to account for other possible operations for # example openvswitch. nova::compute::reserved_host_memory: 2048 + nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver} + step_config: | # TODO(emilien): figure how to deal with libvirt profile. - # We'll probably threat it like we do with Neutron plugins. + # We'll probably treat it like we do with Neutron plugins. # Until then, just include it in the default nova-compute role. include tripleo::profile::base::nova::compute::libvirt diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 939b6a09..d283de4f 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -9,6 +9,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + NovaComputeLibvirtType: + type: string + default: kvm resources: NovaBase: @@ -30,5 +33,8 @@ outputs: nova::compute::libvirt::migration_support: false tripleo::profile::base::nova::manage_migration: true tripleo::profile::base::nova::libvirt_enabled: true + nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType} + nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType} + step_config: | include tripleo::profile::base::nova::libvirt diff --git a/puppet/services/nova-vncproxy.yaml b/puppet/services/nova-vncproxy.yaml index 0b9cef38..a1517011 100644 --- a/puppet/services/nova-vncproxy.yaml +++ b/puppet/services/nova-vncproxy.yaml @@ -25,5 +25,15 @@ outputs: map_merge: - get_attr: [NovaBase, role_data, config_settings] - nova::vncproxy::enabled: true + nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} + # Remove brackets that may come if the IP address is IPv6. + # For DNS names and IPv4, this will just get NovaVNCProxyPublic + nova::vncproxy::common::vncproxy_host: + str_replace: + template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]} + params: + '[': '' + ']': '' + nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} step_config: | include tripleo::profile::base::nova::vncproxy diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index 7ec44a49..cac89e32 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -53,7 +53,7 @@ outputs: - '/sahara' sahara::db::mysql::password: {get_param: SaharaPassword} sahara::db::mysql::user: sahara - sahara::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + sahara::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} sahara::db::mysql::dbname: sahara sahara::db::mysql::allowed_hosts: - '%' @@ -68,8 +68,8 @@ outputs: sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } sahara::use_neutron: true sahara::plugins: + - ambari - cdh - - hdp - mapr - vanilla - spark |