diff options
Diffstat (limited to 'puppet/services')
46 files changed, 763 insertions, 129 deletions
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml new file mode 100644 index 00000000..ab51212c --- /dev/null +++ b/puppet/services/aodh-api.yaml @@ -0,0 +1,37 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + AodhBase: + type: ./aodh-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Aodh API service. + value: + service_name: aodh_api + config_settings: + map_merge: + - get_attr: [AodhBase, role_data, config_settings] + - aodh::wsgi::apache::ssl: false + aodh::api::service_name: 'httpd' + aodh::api::keystone_tenant: 'service' + - tripleo.aodh_api.firewall_rules: + '128 aodh-api': + dport: + - 8042 + - 13042 + + step_config: | + include tripleo::profile::base::aodh::api diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml new file mode 100644 index 00000000..6a9f5d75 --- /dev/null +++ b/puppet/services/aodh-base.yaml @@ -0,0 +1,94 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + AodhPassword: + description: The password for the aodh services. + type: string + hidden: true + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +outputs: + role_data: + description: Role data for the Aodh role. + value: + service_name: aodh_base + config_settings: + aodh::evaluator::coordination_url: + list_join: + - '' + - - 'redis://:' + - {get_param: RedisPassword} + - '@' + - "%{hiera('redis_vip')}" + - ':6379/' + aodh::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://aodh:' + - {get_param: AodhPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/aodh' + aodh::debug: {get_param: Debug} + aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri] } + aodh::rabbit_userid: {get_param: RabbitUserName} + aodh::rabbit_password: {get_param: RabbitPassword} + aodh::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + aodh::rabbit_port: {get_param: RabbitClientPort} + aodh::api::keystone_password: {get_param: AodhPassword} + aodh::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + aodh::api::keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + aodh::auth::auth_password: {get_param: AodhPassword} + aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]} + aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]} + aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]} + aodh::keystone::auth::password: {get_param: AodhPassword} + aodh::keystone::auth::region: {get_param: KeystoneRegion} + aodh::keystone::auth::tenant: 'service' + aodh::db::mysql::user: aodh + aodh::db::mysql::password: {get_param: AodhPassword} + aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + aodh::db::mysql::dbname: aodh + aodh::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + aodh::auth::auth_region: 'regionOne' + aodh::auth::auth_tenant_name: 'service' diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml new file mode 100644 index 00000000..103f691a --- /dev/null +++ b/puppet/services/aodh-evaluator.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh Evaluator service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + AodhBase: + type: ./aodh-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Aodh Evaluator service. + value: + service_name: aodh_evaluator + config_settings: + get_attr: [AodhBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::aodh::evaluator diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml new file mode 100644 index 00000000..01caf8b5 --- /dev/null +++ b/puppet/services/aodh-listener.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh Listener service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + AodhBase: + type: ./aodh-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Aodh Listener service. + value: + service_name: aodh_listener + config_settings: + get_attr: [AodhBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::aodh::listener diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml new file mode 100644 index 00000000..de07f780 --- /dev/null +++ b/puppet/services/aodh-notifier.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh Notifier service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + AodhBase: + type: ./aodh-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Aodh Notifier service. + value: + service_name: aodh_notifier + config_settings: + get_attr: [AodhBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::aodh::notifier diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index 80f656d0..a51ec2df 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -13,10 +13,6 @@ parameters: description: The password for the redis service account. type: string hidden: true - RedisVirtualIPUri: - type: string - default: '' - resources: CeilometerServiceBase: @@ -38,7 +34,7 @@ outputs: - - 'redis://:' - {get_param: RedisPassword} - '@' - - {get_param: RedisVirtualIPUri} + - "%{hiera('redis_vip')}" - ':6379/' step_config: | include ::tripleo::profile::base::ceilometer::agent::central diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index db5a82b1..59b4cc2a 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -35,6 +35,10 @@ parameters: default: false description: Whether to store events in ceilometer. type: boolean + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string KeystoneRegion: type: string default: 'regionOne' @@ -64,6 +68,7 @@ outputs: value: service_name: ceilometer_base config_settings: + ceilometer::debug: {get_param: Debug} ceilometer::db::database_connection: list_join: - '' @@ -83,7 +88,7 @@ outputs: ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents} - ceilometer::agent::auth::auth_region: 'regionOne' + ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion} ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_endpoint_type: 'internalURL' ceilometer::db::mysql::password: {get_param: CeilometerPassword} @@ -103,9 +108,12 @@ outputs: ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} ceilometer::rabbit_port: {get_param: RabbitClientPort} ceilometer::db::mysql::user: ceilometer - ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} ceilometer::db::mysql::dbname: ceilometer ceilometer::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" ceilometer::rabbit_heartbeat_timeout_threshold: 60 + ceilometer::db::database_db_max_retries: -1 + ceilometer::db::database_max_retries: -1 + ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret} diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index bce52f36..47028610 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -58,9 +58,6 @@ outputs: config_settings: tripleo::profile::base::ceph::ceph_ipv6: {get_param: CephIPv6} tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage} - ceph::profile::params::osd_pool_default_pg_num: 32 - ceph::profile::params::osd_pool_default_pgp_num: 32 - ceph::profile::params::osd_pool_default_size: 3 ceph::profile::params::osd_pool_default_min_size: 1 ceph::profile::params::osds: {/srv/data: {}} ceph::profile::params::manage_repo: false diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index f48515e5..28c3e5df 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -31,6 +31,19 @@ parameters: NovaRbdPoolName: default: vms type: string + CephPools: + description: > + It can be used to override settings for one of the predefined pools, or to create + additional ones. Example: + { + "volumes": { + "size": 5, + "pg_num": 128, + "pgp_num": 128 + } + } + default: {} + type: json resources: CephBase: @@ -46,12 +59,24 @@ outputs: - get_attr: [CephBase, role_data, config_settings] - ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} ceph::profile::params::mon_key: {get_param: CephMonKey} + # repeat returns items in a list, so we need to map_merge twice tripleo::profile::base::ceph::mon::ceph_pools: - - {get_param: CinderRbdPoolName} - - {get_param: CinderBackupRbdPoolName} - - {get_param: NovaRbdPoolName} - - {get_param: GlanceRbdPoolName} - - {get_param: GnocchiRbdPoolName} + map_merge: + - map_merge: + repeat: + for_each: + <%pool%>: + - {get_param: CinderRbdPoolName} + - {get_param: CinderBackupRbdPoolName} + - {get_param: NovaRbdPoolName} + - {get_param: GlanceRbdPoolName} + - {get_param: GnocchiRbdPoolName} + template: + <%pool%>: + pg_num: 32 + pgp_num: 32 + size: 3 + - {get_param: CephPools} tripleo.ceph_mon.firewall_rules: '110 ceph_mon': dport: diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 5e58dee9..3568cb06 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -18,6 +18,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint resources: @@ -34,10 +38,22 @@ outputs: config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] - - cinder::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - cinder::api::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - cinder::api::keystone_password: {get_param: CinderPassword} - cinder::api::keystone_tenant: 'service' + - cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + cinder::keystone::authtoken::password: {get_param: CinderPassword} + cinder::keystone::authtoken::project_name: 'service' + cinder::keystone::auth::tenant: 'service' + cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]} + cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]} + cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} + cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} + cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} + cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} + cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]} + cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]} + cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]} + cinder::keystone::auth::password: {get_param: CinderPassword} + cinder::keystone::auth::region: {get_param: KeystoneRegion} cinder::api::enable_proxy_headers_parsing: true cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' # TODO(emilien) move it to puppet-cinder diff --git a/puppet/services/cinder-backup.yaml b/puppet/services/cinder-backup.yaml new file mode 100644 index 00000000..25e82c87 --- /dev/null +++ b/puppet/services/cinder-backup.yaml @@ -0,0 +1,47 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Backup service configured with Puppet + +parameters: + CinderBackupBackend: + default: swift + description: The short name of the Cinder Backup backend to use. + type: string + constraints: + - allowed_values: ['swift', 'ceph'] + CinderBackupRbdPoolName: + default: backups + type: string + CephClientUserName: + default: openstack + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderBase: + type: ./cinder-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder Backup role. + value: + service_name: cinder_backup + config_settings: + map_merge: + - get_attr: [CinderBase, role_data, config_settings] + - cinder::backup::ceph::backup_ceph_user: {get_param: CephClientUserName} + cinder::backup::ceph::backup_ceph_pool: {get_param: CinderBackupRbdPoolName} + cinder::backup::swift::backup_swift_container: volumebackups + step_config: + str_replace: + template: "include ::tripleo::profile::base::cinder::backup::DRIVER" + params: + DRIVER: {get_param: CinderBackupBackend} diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index b224cd65..c554bf97 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -58,12 +58,13 @@ outputs: cinder::rabbit_password: {get_param: RabbitPassword} cinder::rabbit_port: {get_param: RabbitClientPort} cinder::db::mysql::user: cinder - cinder::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} cinder::db::mysql::dbname: cinder cinder::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" cinder::rabbit_heartbeat_timeout_threshold: 60 - cinder::keystone::auth::tenant: 'service' cinder::host: hostgroup cinder::cron::db_purge::destination: '/dev/null' + cinder::db::database_db_max_retries: -1 + cinder::db::database_max_retries: -1 diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 00751f51..bb14546f 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -60,6 +60,10 @@ parameters: Rabbit client subscriber parameter to specify an SSL connection to the RabbitMQ host. type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint outputs: role_data: @@ -106,6 +110,9 @@ outputs: glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} glance::keystone::auth::password: {get_param: GlancePassword } + glance::keystone::auth::region: {get_param: KeystoneRegion} + glance::registry::db::database_db_max_retries: -1 + glance::registry::db::database_max_retries: -1 tripleo.glance_api.firewall_rules: '112 glance_api': dport: diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index 5ad4bb9a..ca10fd12 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -45,11 +45,13 @@ outputs: glance::registry::debug: {get_param: Debug} glance::registry::workers: {get_param: GlanceWorkers} glance::db::mysql::user: glance - glance::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} glance::db::mysql::dbname: glance glance::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + glance::registry::db::database_db_max_retries: -1 + glance::registry::db::database_max_retries: -1 tripleo.glance_registry.firewall_rules: '112 glance_registry': diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index d97626a6..19c77612 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -9,6 +9,21 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + GnocchiPassword: + description: The password for the gnocchi service and db account. + type: string + hidden: true + GnocchiBackend: + default: file + description: The short name of the Gnocchi backend to use. Should be one + of swift, rbd, or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd'] + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint resources: GnocchiServiceBase: @@ -29,6 +44,20 @@ outputs: dport: - 8041 - 13041 - - gnocchi::api::keystone_tenant: 'service' + gnocchi::api::enabled: true + gnocchi::api::manage_service: false + gnocchi::api::service_name: 'httpd' + gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } + gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} + gnocchi::keystone::auth::password: {get_param: GnocchiPassword} + gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } + gnocchi::keystone::auth::region: {get_param: KeystoneRegion} + gnocchi::keystone::auth::tenant: 'service' + gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword} + gnocchi::keystone::authtoken::project_name: 'service' + gnocchi::wsgi::apache::ssl: false + tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} step_config: | include ::tripleo::profile::base::gnocchi::api diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index 5c1e015e..844d1469 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -9,13 +9,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - GnocchiBackend: - default: file - description: The short name of the Gnocchi backend to use. Should be one - of swift, rbd, or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] GnocchiIndexerBackend: default: 'mysql' description: The short name of the Gnocchi indexer backend to use. @@ -30,6 +23,14 @@ parameters: CephClientUserName: default: openstack type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true outputs: aux_parameters: @@ -52,19 +53,16 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' - gnocchi::keystone::auth::region: 'regionOne' - gnocchi::keystone::auth::tenant: 'service' - gnocchi::keystone::auth::password: {get_param: GnocchiPassword} gnocchi::db::mysql::password: {get_param: GnocchiPassword} gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types' - #Gnocchi API - tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} - gnocchi::api::manage_service: false - gnocchi::api::enabled: true - gnocchi::api::service_name: 'httpd' - gnocchi::api::keystone_tenant: 'service' - gnocchi::api::keystone_password: {get_param: GnocchiPassword} - gnocchi::wsgi::apache::ssl: false + gnocchi::storage::coordination_url: + list_join: + - '' + - - 'redis://:' + - {get_param: RedisPassword} + - '@' + - "%{hiera('redis_vip')}" + - ':6379/' gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword} @@ -85,10 +83,8 @@ outputs: gnocchi::statsd::flush_delay: 10 gnocchi::statsd::archive_policy_name: 'low' gnocchi::db::mysql::user: gnocchi - gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} gnocchi::db::mysql::dbname: gnocchi gnocchi::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" - gnocchi::auth::auth_region: 'regionOne' - gnocchi::auth::auth_tenant_name: 'service' diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index f8832dd8..c3a3b7ae 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -35,6 +35,7 @@ outputs: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api_cfn::workers: {get_param: HeatWorkers} + heat::keystone::auth_cfn::tenant: 'service' heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index c0e7a690..b4402a17 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -35,6 +35,7 @@ outputs: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api::workers: {get_param: HeatWorkers} + heat::keystone::auth::tenant: 'service' heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index c40136f5..091a4e9b 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -47,7 +47,6 @@ outputs: value: 'role:admin' heat::rabbit_heartbeat_timeout_threshold: 60 heat::keystone_tenant: 'service' - heat::keystone::auth::tenant: 'service' heat::keystone::domain::domain_name: 'heat_stack' heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' @@ -56,3 +55,5 @@ outputs: heat::cron::purge_deleted::age_type: 'days' heat::cron::purge_deleted::maxdelay: 3600 heat::cron::purge_deleted::destination: '/dev/null' + heat::db::database_db_max_retries: -1 + heat::db::database_max_retries: -1 diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 13555a62..044ca880 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -58,7 +58,7 @@ outputs: heat::db::mysql::password: {get_param: HeatPassword} heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} heat::db::mysql::user: heat - heat::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} heat::db::mysql::dbname: heat heat::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 949cdf31..a85c0c55 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -35,9 +35,18 @@ outputs: # the VIP, but rather a real IP of the controller. - ironic::my_ip: {get_param: [EndpointMap, MysqlInternal, host]} ironic::api::admin_password: {get_param: IronicPassword} - ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri]} - ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri]} + ironic::api::admin_tenant_name: 'service' + ironic::api::admin_user: 'ironic' + ironic::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + ironic::api::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]} + # This is used to build links in responses + ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri]} + ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri]} + ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri]} + ironic::keystone::auth::auth_name: 'ironic' ironic::keystone::auth::password: {get_param: IronicPassword } + ironic::keystone::auth::tenant: 'service' step_config: | include ::tripleo::profile::base::ironic::api diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index 41d2234a..ea7e7ee3 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -51,7 +51,6 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ironic' - ironic::admin_tenant_name: 'service' ironic::debug: {get_param: Debug} ironic::rabbit_userid: {get_param: RabbitUserName} ironic::rabbit_password: {get_param: RabbitPassword} @@ -59,12 +58,10 @@ outputs: ironic::rabbit_use_ssl: {get_param: RabbitClientUseSSL} ironic::db::mysql::password: {get_param: IronicPassword} ironic::db::mysql::user: ironic - ironic::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} ironic::db::mysql::dbname: ironic ironic::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" - - ironic::keystone::auth::tenant: 'service' step_config: | include ::tripleo::profile::base::ironic diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index a3bce305..01325333 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -28,7 +28,10 @@ outputs: config_settings: map_merge: - get_attr: [IronicBase, role_data, config_settings] - - ironic::enabled_drivers: {get_param: IronicEnabledDrivers} + # FIXME: I have no idea why neutron_url is in "api" manifest + - ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} + ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} + ironic::enabled_drivers: {get_param: IronicEnabledDrivers} # Prevent tftp_server from defaulting to my_ip setting, which is # controller VIP, not a real IP. ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network} diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 79c0dcc2..988c80ce 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -4,24 +4,11 @@ description: > OpenStack Keystone service configured with Puppet parameters: - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string KeystoneEnableDBPurge: default: true description: | Whether to create cron job for purging soft deleted rows in Keystone database. type: boolean - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true KeystoneSSLCertificate: default: '' description: Keystone certificate for verifying token validity. @@ -105,9 +92,6 @@ outputs: - '/keystone' keystone::admin_token: {get_param: AdminToken} keystone::roles::admin::password: {get_param: AdminPassword} - keystone_ca_certificate: {get_param: KeystoneCACertificate} - keystone_signing_key: {get_param: KeystoneSigningKey} - keystone_signing_certificate: {get_param: KeystoneSigningCertificate} keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} keystone::enable_proxy_headers_parsing: true @@ -128,7 +112,7 @@ outputs: keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} keystone::db::mysql::user: keystone - keystone::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} keystone::db::mysql::dbname: keystone keystone::db::mysql::allowed_hosts: - '%' @@ -147,6 +131,8 @@ outputs: keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} # override via extraconfig: keystone::wsgi::apache::threads: 1 + keystone::db::database_db_max_retries: -1 + keystone::db::database_max_retries: -1 tripleo.keystone.firewall_rules: '111 keystone': dport: diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index ccae4467..389fa2e3 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -35,9 +35,12 @@ outputs: - manila::api::keystone_password: {get_param: ManilaPassword} manila::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} manila::api::keystone_auth_host: {get_param: [EndpointMap, ManilaInternal, host]} - manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaPublic, uri]} - manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaInternal, uri]} - manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaAdmin, uri]} + manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]} + manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]} + manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]} + manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]} + manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]} + manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]} manila::keystone::auth::password: {get_param: ManilaPassword } manila::keystone::auth::region: {get_param: KeystoneRegion } manila::api::keystone_tenant: 'service' diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index c156379b..663a9345 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -93,7 +93,7 @@ outputs: manila::rabbit_port: {get_param: RabbitClientPort} manila::debug: {get_param: Debug} manila::db::mysql::user: manila - manila::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} manila::db::mysql::dbname: manila manila::db::database_db_max_retries: -1 manila::db::database_max_retries: -1 diff --git a/puppet/services/neutron-server.yaml b/puppet/services/neutron-api.yaml index 1c7cef49..c0c8122c 100644 --- a/puppet/services/neutron-server.yaml +++ b/puppet/services/neutron-api.yaml @@ -29,6 +29,14 @@ parameters: description: The password for the nova service and db account, used by nova-api. type: string hidden: true + NeutronEnableDVR: + description: Enable Neutron DVR. + default: false + type: boolean + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint resources: @@ -39,7 +47,7 @@ outputs: role_data: description: Role data for the Neutron Server agent service. value: - service_name: neutron_server + service_name: neutron_api config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] @@ -52,14 +60,18 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' + neutron::keystone::auth::tenant: 'service' + neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]} + neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } + neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } + neutron::keystone::auth::password: {get_param: NeutronPassword} + neutron::keystone::auth::region: {get_param: KeystoneRegion} neutron::server::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::server::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - neutron::server::auth_tenant: 'service' - neutron::server::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } neutron::server::api_workers: {get_param: NeutronWorkers} neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron::server::l3_ha: {get_param: NeutronL3HA} - neutron::server::auth_password: {get_param: NeutronPassword} + neutron::server::password: {get_param: NeutronPassword} neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] } neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } @@ -70,7 +82,7 @@ outputs: neutron::server::sync_db: true neutron::db::mysql::password: {get_param: NeutronPassword} neutron::db::mysql::user: neutron - neutron::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} neutron::db::mysql::dbname: ovs_neutron neutron::db::mysql::allowed_hosts: - '%' @@ -85,5 +97,6 @@ outputs: dport: 4789 '106 vrrp': proto: vrrp + neutron::server::router_distributed: {get_param: NeutronEnableDVR} step_config: | include tripleo::profile::base::neutron::server diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index c1134824..bc8dd8d1 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -42,6 +42,12 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + EnableConfigPurge: + type: boolean + default: true + description: > + Remove configuration that is not generated by TripleO. Setting + to false may result in configuration remnants after updates/upgrades. outputs: role_data: @@ -61,7 +67,9 @@ outputs: params: PLUGINS: {get_param: NeutronServicePlugins} neutron::debug: {get_param: Debug} + neutron::purge_config: {get_param: EnableConfigPurge} neutron::allow_overlapping_ips: true neutron::rabbit_heartbeat_timeout_threshold: 60 neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed - neutron::keystone::auth::tenant: 'service' + neutron::db::database_db_max_retries: -1 + neutron::db::database_max_retries: -1 diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml new file mode 100644 index 00000000..f10b5922 --- /dev/null +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -0,0 +1,37 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron L3 agent for DVR enabled compute nodes + configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + type: string + default: '' + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. + type: string + default: 'br-ex' + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for DVR L3 Agent on Compute Nodes + value: + service_name: neutron_l3_compute_dvr + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} + neutron::agents::l3::agent_mode : 'dvr' + step_config: | + include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index a7232a39..ede41935 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -16,6 +16,15 @@ parameters: description: Name of bridge used for external network traffic. type: string default: 'br-ex' + NeutronL3AgentMode: + description: | + Agent mode for L3 agent. Must be one of legacy or dvr_snat. + default: 'legacy' + type: string + constraints: + - allowed_values: + - legacy + - dvr_snat resources: @@ -32,5 +41,6 @@ outputs: - get_attr: [NeutronBase, role_data, config_settings] - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} neutron::agents::l3::router_delete_namespaces: True + neutron::agents::l3::agent_mode : {get_param: NeutronL3AgentMode} step_config: | include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index d8679f2e..d52b8a26 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -9,9 +9,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - NeutronEnableTunnelling: - type: string - default: "True" NeutronEnableL2Pop: type: string description: > @@ -37,6 +34,11 @@ parameters: description: | Comma-separated list of extensions enabled for the Neutron agents. type: comma_delimited_list + NeutronEnableDVR: + default: False + description: | + Enable support for distributed routing in the OVS Agent. + type: boolean resources: @@ -51,8 +53,8 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - neutron::agents::ml2::ovs::enable_tunneling: {get_param: NeutronEnableTunnelling} neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop} + neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR} neutron::agents::ml2::ovs::bridge_mappings: str_replace: template: MAPPINGS diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 045a8614..d560edb4 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -13,6 +13,14 @@ parameters: default: 0 description: Number of workers for Nova API service. type: number + NovaPassword: + description: The password for the nova service and db account, used by nova-api. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint resources: NovaBase: @@ -47,5 +55,11 @@ outputs: nova::api::default_floating_pool: 'public' nova::api::sync_db_api: true nova::api::enable_proxy_headers_parsing: true + nova::keystone::auth::tenant: 'service' + nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]} + nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]} + nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} + nova::keystone::auth::password: {get_param: NovaPassword} + nova::keystone::auth::region: {get_param: KeystoneRegion} step_config: | include tripleo::profile::base::nova::api diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 21dbacd2..9b1b0760 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -13,6 +13,14 @@ parameters: description: The password for the nova service and db account, used by nova-api. type: string hidden: true + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + NovaOVSBridge: + default: 'br-int' + description: Name of integration bridge used by Open vSwitch + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -35,6 +43,20 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + EnableConfigPurge: + type: boolean + default: true + description: > + Remove configuration that is not generated by TripleO. Setting + to false may result in configuration remnants after updates/upgrades. + NovaIPv6: + default: false + description: Enable IPv6 features in Nova + type: boolean + UpgradeLevelNovaCompute: + type: string + description: Nova Compute upgrade level + default: '' outputs: role_data: @@ -43,7 +65,7 @@ outputs: service_name: nova_base config_settings: nova::rabbit_password: {get_param: RabbitPassword} - nova::rabbit_user: {get_param: RabbitUserName} + nova::rabbit_userid: {get_param: RabbitUserName} nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} nova::rabbit_port: {get_param: RabbitClientPort} nova::database_connection: @@ -66,38 +88,47 @@ outputs: - '/nova_api' nova::db::mysql::password: {get_input: nova_password} nova::db::mysql::user: nova - nova::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} nova::db::mysql::dbname: nova nova::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" nova::db::mysql_api::password: {get_input: nova_password} nova::db::mysql_api::user: nova_api - nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} nova::db::mysql_api::dbname: nova_api nova::db::mysql_api::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" nova::debug: {get_param: Debug} + nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' nova::network::neutron::neutron_username: 'neutron' nova::network::neutron::dhcp_domain: '' + nova::network::neutron::neutron_password: {get_param: NeutronPassword} + nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} + nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} nova::rabbit_heartbeat_timeout_threshold: 60 nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed. nova::notify_on_state_change: 'vm_and_task_state' nova::notification_driver: messagingv2 nova::network::neutron::neutron_auth_type: 'v3password' - nova::keystone::auth::tenant: 'service' nova::db::mysql::user: nova - nova::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} nova::db::mysql::dbname: nova nova::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" nova::db::mysql_api::user: nova_api - nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} nova::db::mysql_api::dbname: nova_api nova::db::mysql_api::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + nova::db::database_db_max_retries: -1 + nova::db::database_max_retries: -1 + nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} + nova::use_ipv6: {get_param: NovaIPv6} + nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute} + nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge} diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index bcc3a232..19f1f02a 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -15,6 +15,22 @@ parameters: CephClientUserName: default: openstack type: string + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean + NovaComputeLibvirtVifDriver: + default: '' + description: Libvirt VIF driver configuration for the network + type: string resources: NovaBase: @@ -37,6 +53,8 @@ outputs: tripleo::profile::base::nova::nova_compute_enabled: true nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend} + rbd_persistent_storage: {get_param: CinderEnableRbdBackend} nova::compute::rbd::rbd_keyring: list_join: - '.' @@ -45,13 +63,23 @@ outputs: nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"' nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' + nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend} + # TUNNELLED mode provides a security enhancement when using shared + # storage but is not supported when not using shared storage. + # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 + # In future versions of QEMU (2.6, mostly), danpb's native + # encryption work will obsolete the need to use TUNNELLED transport + # mode. + nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend} # Changing the default from 512MB. The current templates can not deploy # overclouds with swap. On an idle compute node, we see ~1024MB of RAM # used. 2048 is suggested to account for other possible operations for # example openvswitch. nova::compute::reserved_host_memory: 2048 + nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver} + step_config: | # TODO(emilien): figure how to deal with libvirt profile. - # We'll probably threat it like we do with Neutron plugins. + # We'll probably treat it like we do with Neutron plugins. # Until then, just include it in the default nova-compute role. include tripleo::profile::base::nova::compute::libvirt diff --git a/puppet/services/nova-ironic.yaml b/puppet/services/nova-ironic.yaml new file mode 100644 index 00000000..7373c404 --- /dev/null +++ b/puppet/services/nova-ironic.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Compute service configured with Puppet and using Ironic + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + IronicPassword: + description: The password for the Ironic service and db account, used by the Ironic services + type: string + hidden: true + +resources: + NovaBase: + type: ./nova-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Compute service with Ironic. + value: + service_name: nova_ironic + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - nova::compute::force_config_drive: true + nova::compute::reserved_host_memory: '0' + nova::compute::vnc_enabled: false + nova::ironic::common::admin_password: {get_param: IronicPassword} + nova::ironic::common::admin_tenant_name: 'service' + nova::ironic::common::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri]} + nova::ironic::common::admin_username: 'ironic' + nova::ironic::common::api_endpoint: {get_param: [EndpointMap, IronicInternal, uri]} + nova::network::neutron::dhcp_domain: '' + nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager' + step_config: | + include tripleo::profile::base::nova::compute::ironic diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 939b6a09..d283de4f 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -9,6 +9,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + NovaComputeLibvirtType: + type: string + default: kvm resources: NovaBase: @@ -30,5 +33,8 @@ outputs: nova::compute::libvirt::migration_support: false tripleo::profile::base::nova::manage_migration: true tripleo::profile::base::nova::libvirt_enabled: true + nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType} + nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType} + step_config: | include tripleo::profile::base::nova::libvirt diff --git a/puppet/services/nova-vncproxy.yaml b/puppet/services/nova-vncproxy.yaml index 0b9cef38..a1517011 100644 --- a/puppet/services/nova-vncproxy.yaml +++ b/puppet/services/nova-vncproxy.yaml @@ -25,5 +25,15 @@ outputs: map_merge: - get_attr: [NovaBase, role_data, config_settings] - nova::vncproxy::enabled: true + nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} + # Remove brackets that may come if the IP address is IPv6. + # For DNS names and IPv4, this will just get NovaVNCProxyPublic + nova::vncproxy::common::vncproxy_host: + str_replace: + template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]} + params: + '[': '' + ']': '' + nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} step_config: | include tripleo::profile::base::nova::vncproxy diff --git a/puppet/services/pacemaker/cinder-backup.yaml b/puppet/services/pacemaker/cinder-backup.yaml new file mode 100644 index 00000000..706717e4 --- /dev/null +++ b/puppet/services/pacemaker/cinder-backup.yaml @@ -0,0 +1,49 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Backup service with Pacemaker configured with Puppet + +parameters: + CinderBackupBackend: + default: swift + description: The short name of the Cinder Backup backend to use. + type: string + constraints: + - allowed_values: ['swift', 'ceph'] + CinderBackupRbdPoolName: + default: backups + type: string + CephClientUserName: + default: openstack + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderBackupBase: + type: ../cinder-backup.yaml + properties: + EndpointMap: {get_param: EndpointMap} + CinderBackupBackend: {get_param: CinderBackupBackend} + CinderBackupRbdPoolName: {get_param: CinderBackupRbdPoolName} + CephClientUserName: {get_param: CephClientUserName} + +outputs: + role_data: + description: Role data for the Cinder Backup role. + value: + service_name: cinder_backup + config_settings: + map_merge: + - get_attr: [CinderBackupBase, role_data, config_settings] + - cinder::backup::manage_service: false + cinder::backup::enabled: false + step_config: + list_join: + - "\n" + - - get_attr: [CinderBackupBase, role_data, step_config] + - "include ::tripleo::profile::pacemaker::cinder::backup" diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml index 811a6697..c450530b 100644 --- a/puppet/services/pacemaker/haproxy.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -27,5 +27,6 @@ outputs: - tripleo::haproxy::haproxy_service_manage: false tripleo::haproxy::mysql_clustercheck: true enable_keepalived: false + tripleo::haproxy::keepalived: false step_config: | include ::tripleo::profile::pacemaker::haproxy diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml index ac05a01a..a06afb2d 100644 --- a/puppet/services/pacemaker/sahara-api.yaml +++ b/puppet/services/pacemaker/sahara-api.yaml @@ -28,4 +28,4 @@ outputs: - sahara::service::api::manage_service: false sahara::service::api::enabled: false step_config: | - include ::tripleo::profile::pacemaker::sahara + include ::tripleo::profile::pacemaker::sahara::api diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml index f6bd8f61..a1191f87 100644 --- a/puppet/services/pacemaker/sahara-engine.yaml +++ b/puppet/services/pacemaker/sahara-engine.yaml @@ -27,7 +27,5 @@ outputs: - get_attr: [SaharaEngineBase, role_data, config_settings] - sahara::service::engine::manage_service: false sahara::service::engine::enabled: false - # No puppet manifests since sahara-engine is included in - # ::tripleo::profile::pacemaker::sahara which is maintained alongside of - # pacemaker/sahara-api.yaml. - step_config: + step_config: | + include ::tripleo::profile::pacemaker::sahara::engine diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 7ca9bbd5..85324312 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -10,7 +10,6 @@ parameters: via parameter_defaults in the resource registry. type: json SaharaPassword: - default: unset description: The password for the sahara service account, used by sahara-api. type: string hidden: true @@ -18,9 +17,6 @@ parameters: default: 0 description: The number of workers for the sahara-api. type: number - SaharaApiVirtualIP: - type: string - default: '' KeystoneRegion: type: string default: 'regionOne' @@ -29,6 +25,8 @@ parameters: resources: SaharaBase: type: ./sahara-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} outputs: role_data: @@ -38,12 +36,8 @@ outputs: config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] - - sahara::host: {get_param: SaharaApiVirtualIP} - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} - sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - sahara::admin_password: {get_param: SaharaPassword} - sahara::service::api::api_workers: {get_param: SaharaApiWorkers} + - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} + sahara::service::api::api_workers: {get_param: SaharaWorkers} sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]} sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index 3e320128..cac89e32 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -4,6 +4,11 @@ description: > OpenStack Sahara base service. Shared for all Sahara services. parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json RabbitPassword: description: The password for RabbitMQ type: string @@ -22,6 +27,10 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + SaharaPassword: + description: The password for the sahara service account, used by sahara-api. + type: string + hidden: true Debug: type: string default: '' @@ -33,15 +42,34 @@ outputs: value: service_name: sahara_base config_settings: + sahara::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://sahara:' + - {get_param: SaharaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/sahara' + sahara::db::mysql::password: {get_param: SaharaPassword} + sahara::db::mysql::user: sahara + sahara::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + sahara::db::mysql::dbname: sahara + sahara::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} sahara::rabbit_port: {get_param: RabbitClientPort} sahara::debug: {get_param: Debug} + sahara::admin_password: {get_param: SaharaPassword} + sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } sahara::use_neutron: true sahara::plugins: + - ambari - cdh - - hdp - mapr - vanilla - spark @@ -49,3 +77,5 @@ outputs: sahara::rpc_backend: rabbit sahara::admin_tenant_name: 'service' sahara::keystone::auth::tenant: 'service' + sahara::db::database_db_max_retries: -1 + sahara::db::database_max_retries: -1 diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index 074f83c7..de2ac7ef 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -9,15 +9,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - SaharaPassword: - default: unset - description: The password for the sahara service account, used by sahara-api. - type: string - hidden: true resources: SaharaBase: type: ./sahara-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} outputs: role_data: @@ -27,22 +24,5 @@ outputs: config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] - - sahara_dsn: &sahara_dsn - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://sahara:' - - {get_param: SaharaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/sahara' - sahara::database_connection: *sahara_dsn - sahara::db::mysql::password: {get_param: SaharaPassword} - sahara::db::mysql::user: sahara - sahara::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} - sahara::db::mysql::dbname: sahara - sahara::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" step_config: | include ::tripleo::profile::base::sahara::engine diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml new file mode 100644 index 00000000..bd87eee8 --- /dev/null +++ b/puppet/services/tripleo-firewall.yaml @@ -0,0 +1,19 @@ +heat_template_version: 2016-04-08 + +description: > + TripleO Firewall settings + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the TripleO firewall settings + value: + service_name: tripleo_firewall + step_config: | + include ::tripleo::firewall diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml new file mode 100644 index 00000000..b02a0a8e --- /dev/null +++ b/puppet/services/tripleo-packages.yaml @@ -0,0 +1,25 @@ +heat_template_version: 2016-04-08 + +description: > + TripleO Package installation settings + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation via Puppet + type: boolean + +outputs: + role_data: + description: Role data for the TripleO package settings + value: + service_name: tripleo_packages + config_settings: + tripleo::packages::enable_install: {get_param: EnablePackageInstall} + step_config: | + include ::tripleo::packages |