diff options
Diffstat (limited to 'puppet/services')
| -rw-r--r-- | puppet/services/ceilometer-agent-central.yaml | 6 | ||||
| -rw-r--r-- | puppet/services/ceph-base.yaml | 3 | ||||
| -rw-r--r-- | puppet/services/ceph-mon.yaml | 35 | ||||
| -rw-r--r-- | puppet/services/cinder-api.yaml | 21 | ||||
| -rw-r--r-- | puppet/services/cinder-base.yaml | 1 | ||||
| -rw-r--r-- | puppet/services/glance-api.yaml | 5 | ||||
| -rw-r--r-- | puppet/services/heat-api-cfn.yaml | 1 | ||||
| -rw-r--r-- | puppet/services/heat-api.yaml | 1 | ||||
| -rw-r--r-- | puppet/services/heat-base.yaml | 1 | ||||
| -rw-r--r-- | puppet/services/neutron-base.yaml | 1 | ||||
| -rw-r--r-- | puppet/services/neutron-server.yaml | 14 | ||||
| -rw-r--r-- | puppet/services/nova-api.yaml | 14 | ||||
| -rw-r--r-- | puppet/services/nova-base.yaml | 8 | ||||
| -rw-r--r-- | puppet/services/pacemaker/sahara-api.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/pacemaker/sahara-engine.yaml | 6 | ||||
| -rw-r--r-- | puppet/services/sahara-api.yaml | 14 | ||||
| -rw-r--r-- | puppet/services/sahara-base.yaml | 28 | ||||
| -rw-r--r-- | puppet/services/sahara-engine.yaml | 24 |
18 files changed, 124 insertions, 61 deletions
diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index 80f656d0..a51ec2df 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -13,10 +13,6 @@ parameters: description: The password for the redis service account. type: string hidden: true - RedisVirtualIPUri: - type: string - default: '' - resources: CeilometerServiceBase: @@ -38,7 +34,7 @@ outputs: - - 'redis://:' - {get_param: RedisPassword} - '@' - - {get_param: RedisVirtualIPUri} + - "%{hiera('redis_vip')}" - ':6379/' step_config: | include ::tripleo::profile::base::ceilometer::agent::central diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index bce52f36..47028610 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -58,9 +58,6 @@ outputs: config_settings: tripleo::profile::base::ceph::ceph_ipv6: {get_param: CephIPv6} tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage} - ceph::profile::params::osd_pool_default_pg_num: 32 - ceph::profile::params::osd_pool_default_pgp_num: 32 - ceph::profile::params::osd_pool_default_size: 3 ceph::profile::params::osd_pool_default_min_size: 1 ceph::profile::params::osds: {/srv/data: {}} ceph::profile::params::manage_repo: false diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index f48515e5..074d941d 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -31,6 +31,19 @@ parameters: NovaRbdPoolName: default: vms type: string + CephPools: + description: > + It can be used to override settings for one of the predefined pools, or to create + additional ones. Example: + { + "volumes": { + "size": 5, + "pg_num: 128, + "pgp_num": 128 + } + } + default: {} + type: json resources: CephBase: @@ -46,12 +59,24 @@ outputs: - get_attr: [CephBase, role_data, config_settings] - ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} ceph::profile::params::mon_key: {get_param: CephMonKey} + # repeat returns items in a list, so we need to map_merge twice tripleo::profile::base::ceph::mon::ceph_pools: - - {get_param: CinderRbdPoolName} - - {get_param: CinderBackupRbdPoolName} - - {get_param: NovaRbdPoolName} - - {get_param: GlanceRbdPoolName} - - {get_param: GnocchiRbdPoolName} + map_merge: + - map_merge: + repeat: + for_each: + <%pool%>: + - {get_param: CinderRbdPoolName} + - {get_param: CinderBackupRbdPoolName} + - {get_param: NovaRbdPoolName} + - {get_param: GlanceRbdPoolName} + - {get_param: GnocchiRbdPoolName} + template: + <%pool%>: + pg_num: 32 + pgp_num: 32 + size: 3 + - {get_param: CephPools} tripleo.ceph_mon.firewall_rules: '110 ceph_mon': dport: diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 5e58dee9..4f383456 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -18,6 +18,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint resources: @@ -34,10 +38,19 @@ outputs: config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] - - cinder::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - cinder::api::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - cinder::api::keystone_password: {get_param: CinderPassword} - cinder::api::keystone_tenant: 'service' + - cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + cinder::keystone::authtoken::password: {get_param: CinderPassword} + cinder::keystone::authtoken::project_name: 'service' + cinder::keystone::auth::tenant: 'service' + cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]} + cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]} + cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} + cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} + cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} + cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} + cinder::keystone::auth::password: {get_param: CinderPassword} + cinder::keystone::auth::region: {get_param: KeystoneRegion} cinder::api::enable_proxy_headers_parsing: true cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' # TODO(emilien) move it to puppet-cinder diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index d923e7c6..f5d98afa 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -64,7 +64,6 @@ outputs: - '%' - "%{hiera('mysql_bind_host')}" cinder::rabbit_heartbeat_timeout_threshold: 60 - cinder::keystone::auth::tenant: 'service' cinder::host: hostgroup cinder::cron::db_purge::destination: '/dev/null' cinder::db::database_db_max_retries: -1 diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 99065789..bb14546f 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -60,6 +60,10 @@ parameters: Rabbit client subscriber parameter to specify an SSL connection to the RabbitMQ host. type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint outputs: role_data: @@ -106,6 +110,7 @@ outputs: glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} glance::keystone::auth::password: {get_param: GlancePassword } + glance::keystone::auth::region: {get_param: KeystoneRegion} glance::registry::db::database_db_max_retries: -1 glance::registry::db::database_max_retries: -1 tripleo.glance_api.firewall_rules: diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index f8832dd8..c3a3b7ae 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -35,6 +35,7 @@ outputs: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api_cfn::workers: {get_param: HeatWorkers} + heat::keystone::auth_cfn::tenant: 'service' heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index c0e7a690..b4402a17 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -35,6 +35,7 @@ outputs: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api::workers: {get_param: HeatWorkers} + heat::keystone::auth::tenant: 'service' heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index 01f2a51b..091a4e9b 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -47,7 +47,6 @@ outputs: value: 'role:admin' heat::rabbit_heartbeat_timeout_threshold: 60 heat::keystone_tenant: 'service' - heat::keystone::auth::tenant: 'service' heat::keystone::domain::domain_name: 'heat_stack' heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 3f8ac7e8..f6339c83 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -64,6 +64,5 @@ outputs: neutron::allow_overlapping_ips: true neutron::rabbit_heartbeat_timeout_threshold: 60 neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed - neutron::keystone::auth::tenant: 'service' neutron::db::database_db_max_retries: -1 neutron::db::database_max_retries: -1 diff --git a/puppet/services/neutron-server.yaml b/puppet/services/neutron-server.yaml index d64fd66d..cd602e6e 100644 --- a/puppet/services/neutron-server.yaml +++ b/puppet/services/neutron-server.yaml @@ -33,6 +33,10 @@ parameters: description: Enable Neutron DVR. default: false type: boolean + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint resources: @@ -56,14 +60,18 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' + neutron::keystone::auth::tenant: 'service' + neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]} + neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } + neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } + neutron::keystone::auth::password: {get_param: NeutronPassword} + neutron::keystone::auth::region: {get_param: KeystoneRegion} neutron::server::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::server::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - neutron::server::auth_tenant: 'service' - neutron::server::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } neutron::server::api_workers: {get_param: NeutronWorkers} neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron::server::l3_ha: {get_param: NeutronL3HA} - neutron::server::auth_password: {get_param: NeutronPassword} + neutron::server::password: {get_param: NeutronPassword} neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] } neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 045a8614..d560edb4 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -13,6 +13,14 @@ parameters: default: 0 description: Number of workers for Nova API service. type: number + NovaPassword: + description: The password for the nova service and db account, used by nova-api. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint resources: NovaBase: @@ -47,5 +55,11 @@ outputs: nova::api::default_floating_pool: 'public' nova::api::sync_db_api: true nova::api::enable_proxy_headers_parsing: true + nova::keystone::auth::tenant: 'service' + nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]} + nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]} + nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} + nova::keystone::auth::password: {get_param: NovaPassword} + nova::keystone::auth::region: {get_param: KeystoneRegion} step_config: | include tripleo::profile::base::nova::api diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index e3379821..5bc94b2b 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -13,6 +13,10 @@ parameters: description: The password for the nova service and db account, used by nova-api. type: string hidden: true + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true RabbitPassword: description: The password for RabbitMQ type: string @@ -82,13 +86,15 @@ outputs: nova::network::neutron::neutron_project_name: 'service' nova::network::neutron::neutron_username: 'neutron' nova::network::neutron::dhcp_domain: '' + nova::network::neutron::neutron_password: {get_param: NeutronPassword} + nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} + nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} nova::rabbit_heartbeat_timeout_threshold: 60 nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed. nova::notify_on_state_change: 'vm_and_task_state' nova::notification_driver: messagingv2 nova::network::neutron::neutron_auth_type: 'v3password' - nova::keystone::auth::tenant: 'service' nova::db::mysql::user: nova nova::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} nova::db::mysql::dbname: nova diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml index ac05a01a..a06afb2d 100644 --- a/puppet/services/pacemaker/sahara-api.yaml +++ b/puppet/services/pacemaker/sahara-api.yaml @@ -28,4 +28,4 @@ outputs: - sahara::service::api::manage_service: false sahara::service::api::enabled: false step_config: | - include ::tripleo::profile::pacemaker::sahara + include ::tripleo::profile::pacemaker::sahara::api diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml index f6bd8f61..a1191f87 100644 --- a/puppet/services/pacemaker/sahara-engine.yaml +++ b/puppet/services/pacemaker/sahara-engine.yaml @@ -27,7 +27,5 @@ outputs: - get_attr: [SaharaEngineBase, role_data, config_settings] - sahara::service::engine::manage_service: false sahara::service::engine::enabled: false - # No puppet manifests since sahara-engine is included in - # ::tripleo::profile::pacemaker::sahara which is maintained alongside of - # pacemaker/sahara-api.yaml. - step_config: + step_config: | + include ::tripleo::profile::pacemaker::sahara::engine diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 7ca9bbd5..85324312 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -10,7 +10,6 @@ parameters: via parameter_defaults in the resource registry. type: json SaharaPassword: - default: unset description: The password for the sahara service account, used by sahara-api. type: string hidden: true @@ -18,9 +17,6 @@ parameters: default: 0 description: The number of workers for the sahara-api. type: number - SaharaApiVirtualIP: - type: string - default: '' KeystoneRegion: type: string default: 'regionOne' @@ -29,6 +25,8 @@ parameters: resources: SaharaBase: type: ./sahara-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} outputs: role_data: @@ -38,12 +36,8 @@ outputs: config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] - - sahara::host: {get_param: SaharaApiVirtualIP} - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} - sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - sahara::admin_password: {get_param: SaharaPassword} - sahara::service::api::api_workers: {get_param: SaharaApiWorkers} + - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} + sahara::service::api::api_workers: {get_param: SaharaWorkers} sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]} sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index 2f8cd91b..7ec44a49 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -4,6 +4,11 @@ description: > OpenStack Sahara base service. Shared for all Sahara services. parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json RabbitPassword: description: The password for RabbitMQ type: string @@ -22,6 +27,10 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + SaharaPassword: + description: The password for the sahara service account, used by sahara-api. + type: string + hidden: true Debug: type: string default: '' @@ -33,11 +42,30 @@ outputs: value: service_name: sahara_base config_settings: + sahara::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://sahara:' + - {get_param: SaharaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/sahara' + sahara::db::mysql::password: {get_param: SaharaPassword} + sahara::db::mysql::user: sahara + sahara::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + sahara::db::mysql::dbname: sahara + sahara::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} sahara::rabbit_port: {get_param: RabbitClientPort} sahara::debug: {get_param: Debug} + sahara::admin_password: {get_param: SaharaPassword} + sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } sahara::use_neutron: true sahara::plugins: - cdh diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index 074f83c7..de2ac7ef 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -9,15 +9,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - SaharaPassword: - default: unset - description: The password for the sahara service account, used by sahara-api. - type: string - hidden: true resources: SaharaBase: type: ./sahara-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} outputs: role_data: @@ -27,22 +24,5 @@ outputs: config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] - - sahara_dsn: &sahara_dsn - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://sahara:' - - {get_param: SaharaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/sahara' - sahara::database_connection: *sahara_dsn - sahara::db::mysql::password: {get_param: SaharaPassword} - sahara::db::mysql::user: sahara - sahara::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} - sahara::db::mysql::dbname: sahara - sahara::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" step_config: | include ::tripleo::profile::base::sahara::engine |