diff options
Diffstat (limited to 'puppet/services')
118 files changed, 2461 insertions, 75 deletions
diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml new file mode 100644 index 00000000..80f656d0 --- /dev/null +++ b/puppet/services/ceilometer-agent-central.yaml @@ -0,0 +1,44 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Central Agent service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true + RedisVirtualIPUri: + type: string + default: '' + + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Central Agent role. + value: + service_name: ceilometer_agent_central + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::agent::central::coordination_url: + list_join: + - '' + - - 'redis://:' + - {get_param: RedisPassword} + - '@' + - {get_param: RedisVirtualIPUri} + - ':6379/' + step_config: | + include ::tripleo::profile::base::ceilometer::agent::central diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml new file mode 100644 index 00000000..181c64d2 --- /dev/null +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Compute Agent service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Compute Agent role. + value: + service_name: ceilometer_agent_compute + config_settings: + get_attr: [CeilometerServiceBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::ceilometer::agent::compute diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml new file mode 100644 index 00000000..58e28a3d --- /dev/null +++ b/puppet/services/ceilometer-agent-notification.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Notification Agent service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Notification Agent role. + value: + service_name: ceilometer_agent_notification + config_settings: + get_attr: [CeilometerServiceBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::ceilometer::agent::notification diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml new file mode 100644 index 00000000..c5c143b0 --- /dev/null +++ b/puppet/services/ceilometer-api.yaml @@ -0,0 +1,35 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer API role. + value: + service_name: ceilometer_api + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - tripleo.ceilometer_api.firewall_rules: + '124 ceilometer': + dport: + - 8777 + - 13777 + - ceilometer::api::keystone_tenant: 'service' + step_config: | + include ::tripleo::profile::base::ceilometer::api diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml new file mode 100644 index 00000000..db5a82b1 --- /dev/null +++ b/puppet/services/ceilometer-base.yaml @@ -0,0 +1,111 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CeilometerBackend: + default: 'mongodb' + description: The ceilometer backend type. + type: string + CeilometerMeteringSecret: + description: Secret shared by the ceilometer services. + type: string + hidden: true + CeilometerPassword: + description: The password for the ceilometer service account. + type: string + hidden: true + CeilometerMeterDispatcher: + default: 'gnocchi' + description: Dispatcher to process meter data + type: string + constraints: + - allowed_values: ['gnocchi', 'database'] + CeilometerWorkers: + default: 0 + description: Number of workers for Ceilometer service. + type: number + CeilometerStoreEvents: + default: false + description: Whether to store events in ceilometer. + type: boolean + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +outputs: + role_data: + description: Role data for the Ceilometer role. + value: + service_name: ceilometer_base + config_settings: + ceilometer::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - - '://ceilometer:' + - {get_param: CeilometerPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/ceilometer' + ceilometer_backend: {get_param: CeilometerBackend} + ceilometer::metering_secret: {get_param: CeilometerMeteringSecret} + # we include db_sync class in puppet-tripleo + ceilometer::db::sync_db: false + ceilometer::api::keystone_password: {get_param: CeilometerPassword} + ceilometer::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + ceilometer::api::keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} + ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents} + ceilometer::agent::auth::auth_region: 'regionOne' + ceilometer::agent::auth::auth_tenant_name: 'service' + ceilometer::agent::auth::auth_endpoint_type: 'internalURL' + ceilometer::db::mysql::password: {get_param: CeilometerPassword} + ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher} + ceilometer::dispatcher::gnocchi::url: {get_param: [EndpointMap, GnocchiInternal, uri]} + ceilometer::dispatcher::gnocchi::filter_project: 'service' + ceilometer::dispatcher::gnocchi::archive_policy: 'low' + ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' + ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} + ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} + ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} + ceilometer::keystone::auth::password: {get_param: CeilometerPassword} + ceilometer::keystone::auth::region: {get_param: KeystoneRegion} + ceilometer::keystone::auth::tenant: 'service' + ceilometer::rabbit_userid: {get_param: RabbitUserName} + ceilometer::rabbit_password: {get_param: RabbitPassword} + ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + ceilometer::rabbit_port: {get_param: RabbitClientPort} + ceilometer::db::mysql::user: ceilometer + ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + ceilometer::db::mysql::dbname: ceilometer + ceilometer::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + ceilometer::rabbit_heartbeat_timeout_threshold: 60 diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml new file mode 100644 index 00000000..7a7bc19d --- /dev/null +++ b/puppet/services/ceilometer-collector.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Collector service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Collector role. + value: + service_name: ceilometer_collector + config_settings: + get_attr: [CeilometerServiceBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::ceilometer::collector diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml new file mode 100644 index 00000000..c960e6dc --- /dev/null +++ b/puppet/services/ceilometer-expirer.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Expirer service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + + +resources: + CeilometerServiceBase: + type: ./ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Expirer role. + value: + service_name: ceilometer_expirer + config_settings: + get_attr: [CeilometerServiceBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::ceilometer::expirer diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml new file mode 100644 index 00000000..bec4340e --- /dev/null +++ b/puppet/services/ceph-base.yaml @@ -0,0 +1,92 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph base service. Shared by all Ceph services. + +parameters: + CephAdminKey: + description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true + CephClientKey: + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClientUserName: + default: openstack + type: string + CephClusterFSID: + type: string + description: The Ceph cluster FSID. Must be a UUID. + CephIPv6: + default: False + type: boolean + CinderRbdPoolName: + default: volumes + type: string + CinderBackupRbdPoolName: + default: backups + type: string + GlanceRbdPoolName: + default: images + type: string + GnocchiRbdPoolName: + default: metrics + type: string + NovaRbdPoolName: + default: vms + type: string + # DEPRECATED options for compatibility with overcloud.yaml + # This should be removed and manipulation of the ControllerServices list + # used instead, but we need client support for that first + ControllerEnableCephStorage: + default: false + description: Whether to deploy Ceph Storage (OSD) on the Controller + type: boolean + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - ControllerEnableCephStorage + +outputs: + role_data: + description: Role data for the Ceph base service. + value: + service_name: ceph_base + config_settings: + tripleo::profile::base::ceph::ceph_ipv6: {get_param: CephIPv6} + tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage} + ceph::profile::params::fsid: {get_param: CephClusterFSID} + ceph::profile::params::client_keys: + str_replace: + template: "{ + client.admin: { + secret: 'ADMIN_KEY', + mode: '0600', + cap_mon: 'allow *', + cap_osd: 'allow *', + cap_mds: 'allow *' + }, + client.bootstrap-osd: { + secret: 'ADMIN_KEY', + keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring', + cap_mon: 'allow profile bootstrap-osd' + }, + client.CLIENT_USER: { + secret: 'CLIENT_KEY', + mode: '0644', + cap_mon: 'allow r', + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' + } + }" + params: + CLIENT_USER: {get_param: CephClientUserName} + CLIENT_KEY: {get_param: CephClientKey} + ADMIN_KEY: {get_param: CephAdminKey} + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} diff --git a/puppet/services/ceph-client.yaml b/puppet/services/ceph-client.yaml new file mode 100644 index 00000000..33bbbe58 --- /dev/null +++ b/puppet/services/ceph-client.yaml @@ -0,0 +1,25 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph Client service. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CephBase: + type: ./ceph-base.yaml + +outputs: + role_data: + description: Role data for the Cinder OSD service. + value: + service_name: ceph_client + config_settings: + get_attr: [CephBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::ceph::client diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml new file mode 100644 index 00000000..f6fe26db --- /dev/null +++ b/puppet/services/ceph-external.yaml @@ -0,0 +1,64 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph External service. + +parameters: + CephClientKey: + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClientUserName: + default: openstack + type: string + CephClusterFSID: + type: string + description: The Ceph cluster FSID. Must be a UUID. + CephExternalMonHost: + default: '' + type: string + description: List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments. + CinderRbdPoolName: + default: volumes + type: string + CinderBackupRbdPoolName: + default: backups + type: string + GlanceRbdPoolName: + default: images + type: string + GnocchiRbdPoolName: + default: metrics + type: string + NovaRbdPoolName: + default: vms + type: string + +outputs: + role_data: + description: Role data for the Ceph External service. + value: + service_name: ceph_external + config_settings: + tripleo::profile::base::ceph::ceph_mon_host: {get_param: CephExternalMonHost} + ceph::profile::params::fsid: {get_param: CephClusterFSID} + ceph::profile::params::client_keys: + str_replace: + template: "{ + client.CLIENT_USER: { + secret: 'CLIENT_KEY', + mode: '0644', + cap_mon: 'allow r', + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' + } + }" + params: + CLIENT_USER: {get_param: CephClientUserName} + CLIENT_KEY: {get_param: CephClientKey} + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + step_config: | + include ::tripleo::profile::base::ceph::client diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml new file mode 100644 index 00000000..f48515e5 --- /dev/null +++ b/puppet/services/ceph-mon.yaml @@ -0,0 +1,60 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph Monitor service. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CephIPv6: + default: False + type: boolean + CephMonKey: + description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true + CinderRbdPoolName: + default: volumes + type: string + CinderBackupRbdPoolName: + default: backups + type: string + GlanceRbdPoolName: + default: images + type: string + GnocchiRbdPoolName: + default: metrics + type: string + NovaRbdPoolName: + default: vms + type: string + +resources: + CephBase: + type: ./ceph-base.yaml + +outputs: + role_data: + description: Role data for the Ceph Monitor service. + value: + service_name: ceph_mon + config_settings: + map_merge: + - get_attr: [CephBase, role_data, config_settings] + - ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} + ceph::profile::params::mon_key: {get_param: CephMonKey} + tripleo::profile::base::ceph::mon::ceph_pools: + - {get_param: CinderRbdPoolName} + - {get_param: CinderBackupRbdPoolName} + - {get_param: NovaRbdPoolName} + - {get_param: GlanceRbdPoolName} + - {get_param: GnocchiRbdPoolName} + tripleo.ceph_mon.firewall_rules: + '110 ceph_mon': + dport: + - 6789 + step_config: | + include ::tripleo::profile::base::ceph::mon diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml new file mode 100644 index 00000000..21cefb34 --- /dev/null +++ b/puppet/services/ceph-osd.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph OSD service. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CephBase: + type: ./ceph-base.yaml + +outputs: + role_data: + description: Role data for the Cinder OSD service. + value: + service_name: ceph_osd + config_settings: + map_merge: + - get_attr: [CephBase, role_data, config_settings] + - tripleo.ceph_osd.firewall_rules: + '111 ceph_osd': + dport: + - '6800-7300' + step_config: | + include ::tripleo::profile::base::ceph::osd diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index c53bef6f..5e58dee9 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -30,13 +30,26 @@ outputs: role_data: description: Role data for the Cinder API role. value: + service_name: cinder_api config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] - cinder::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} cinder::api::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} cinder::api::keystone_password: {get_param: CinderPassword} + cinder::api::keystone_tenant: 'service' + cinder::api::enable_proxy_headers_parsing: true + cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' + # TODO(emilien) move it to puppet-cinder + cinder::config: + DEFAULT/swift_catalog_info: + value: 'object-store:swift:internalURL' cinder::glance::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge} + tripleo.cinder_api.firewall_rules: + '119 cinder': + dport: + - 8776 + - 13776 step_config: | include ::tripleo::profile::base::cinder::api diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index 85682448..b224cd65 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -40,6 +40,7 @@ outputs: role_data: description: Role data for the Cinder base service. value: + service_name: cinder_base config_settings: cinder::database_connection: list_join: @@ -56,3 +57,13 @@ outputs: cinder::rabbit_userid: {get_param: RabbitUserName} cinder::rabbit_password: {get_param: RabbitPassword} cinder::rabbit_port: {get_param: RabbitClientPort} + cinder::db::mysql::user: cinder + cinder::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + cinder::db::mysql::dbname: cinder + cinder::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + cinder::rabbit_heartbeat_timeout_threshold: 60 + cinder::keystone::auth::tenant: 'service' + cinder::host: hostgroup + cinder::cron::db_purge::destination: '/dev/null' diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml index 6bdf86bc..e03090a2 100644 --- a/puppet/services/cinder-scheduler.yaml +++ b/puppet/services/cinder-scheduler.yaml @@ -21,7 +21,10 @@ outputs: role_data: description: Role data for the Cinder Scheduler role. value: + service_name: cinder_scheduler config_settings: - get_attr: [CinderBase, role_data, config_settings] + map_merge: + - get_attr: [CinderBase, role_data, config_settings] + - cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler step_config: | include ::tripleo::profile::base::cinder::scheduler diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index d28f40e6..9f49bc06 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -36,6 +36,12 @@ parameters: NFS servers used by Cinder NFS backend. Effective when CinderEnableNfsBackend is true. type: comma_delimited_list + CinderRbdPoolName: + default: volumes + type: string + CephClientUserName: + default: openstack + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -53,6 +59,7 @@ outputs: role_data: description: Role data for the Cinder Volume role. value: + service_name: cinder_volume config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] @@ -67,5 +74,10 @@ outputs: SERVERS: {get_param: CinderNfsServers} tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper} + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: {get_param: CinderRbdPoolName} + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName} + tripleo.cinder_volume.firewall_rules: + '120 iscsi initiator': + dport: 3260 step_config: | include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/database/mongodb-base.yaml b/puppet/services/database/mongodb-base.yaml index ecd1d319..b8761320 100644 --- a/puppet/services/database/mongodb-base.yaml +++ b/puppet/services/database/mongodb-base.yaml @@ -24,7 +24,9 @@ outputs: role_data: description: Role data for the MongoDB base service. value: + service_name: mongodb_base config_settings: mongodb::server::nojournal: {get_param: MongoDbNoJournal} + mongodb::server::journal: false mongodb::server::ipv6: {get_param: MongoDbIPv6} - mongodb::server::replset: {get_param: MongoDbReplset}
\ No newline at end of file + mongodb::server::replset: {get_param: MongoDbReplset} diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml index c0488700..6885cfd6 100644 --- a/puppet/services/database/mongodb.yaml +++ b/puppet/services/database/mongodb.yaml @@ -19,10 +19,18 @@ outputs: role_data: description: Service mongodb using composable services. value: + service_name: mongodb config_settings: map_merge: - get_attr: [MongoDbBase, role_data, config_settings] - tripleo::profile::base::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]} mongodb::server::service_manage: True + tripleo.mongodb.firewall_rules: + '101 mongodb_config': + dport: 27019 + '102 mongodb_sharding': + dport: 27018 + '103 mongod': + dport: 27017 step_config: | - include ::tripleo::profile::base::database::mongodb
\ No newline at end of file + include ::tripleo::profile::base::database::mongodb diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml new file mode 100644 index 00000000..6f8f91b5 --- /dev/null +++ b/puppet/services/database/mysql.yaml @@ -0,0 +1,37 @@ +heat_template_version: 2016-04-08 + +description: > + MySQL service deployment using puppet + +parameters: + #Parameters not used EndpointMap + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Service MySQL using composable services. + value: + service_name: mysql + config_settings: + # The Galera package should work in cluster and + # non-cluster modes based on the config file. + # We set the package name here explicitly so + # that it matches what we pre-install + # in tripleo-puppet-elements. + mysql::server::package_name: 'mariadb-galera-server' + mysql::server::manage_config_file: true + tripleo.mysql.firewall_rules: + '104 mysql galera': + dport: + - 873 + - 3306 + - 4444 + - 4567 + - 4568 + - 9200 + step_config: | + include ::tripleo::profile::base::database::mysql diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index 77b3c9f0..fe8c0659 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -13,9 +13,13 @@ outputs: role_data: description: Role data for the redis role. value: + service_name: redis_base config_settings: - redis::requirepass: {get_param: RedisPassword} - redis::masterauth: {get_param: RedisPassword} - redis::sentinel_auth_pass: {get_param: RedisPassword} - tripleo::loadbalancer::redis_password: {get_param: RedisPassword} - + redis::requirepass: {get_param: RedisPassword} + redis::masterauth: {get_param: RedisPassword} + redis::sentinel_auth_pass: {get_param: RedisPassword} + redis::port: 6379 + redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"' + redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"' + redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' + tripleo::loadbalancer::redis_password: {get_param: RedisPassword} diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml index 2669592a..ef005f77 100644 --- a/puppet/services/database/redis.yaml +++ b/puppet/services/database/redis.yaml @@ -18,8 +18,14 @@ outputs: role_data: description: Role data for the redis role. value: + service_name: redis config_settings: map_merge: - get_attr: [RedisBase, role_data, config_settings] + - tripleo.redis.firewall_rules: + '108 redis': + dport: + - 6379 + - 26379 step_config: | include ::tripleo::profile::base::database::redis diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 89e6ee0f..b0eeadeb 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -9,6 +9,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + CephClientUserName: + default: openstack + type: string Debug: default: '' description: Set to True to enable debugging on all services. @@ -36,6 +39,9 @@ parameters: default: 0 description: Number of workers for Glance service. type: number + GlanceRbdPoolName: + default: images + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -59,6 +65,7 @@ outputs: role_data: description: Role data for the Glance API role. value: + service_name: glance_api config_settings: glance::api::database_connection: list_join: @@ -85,6 +92,9 @@ outputs: glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::backend::swift::swift_store_user: service:glance glance::backend::swift::swift_store_key: {get_param: GlancePassword} + glance::backend::swift::swift_store_create_container_on_put: true + glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} glance_backend: {get_param: GlanceBackend} glance::db::mysql::password: {get_param: GlancePassword} glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName} @@ -95,5 +105,15 @@ outputs: glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} glance::keystone::auth::password: {get_param: GlancePassword } + tripleo.glance_api.firewall_rules: + '112 glance_api': + dport: + - 9292 + - 13292 + glance::keystone::auth::tenant: 'service' + glance::api::keystone_tenant: 'service' + glance::api::pipeline: 'keystone' + glance::api::show_image_direct_url: true + step_config: | include ::tripleo::profile::base::glance::api diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index 6f2f0372..5ad4bb9a 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -26,6 +26,7 @@ outputs: role_data: description: Role data for the Glance Registry role. value: + service_name: glance_registry config_settings: glance::registry::database_connection: list_join: @@ -37,9 +38,22 @@ outputs: - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' glance::registry::keystone_password: {get_param: GlancePassword} + glance::registry::keystone_tenant: 'service' + glance::registry::pipeline: 'keystone' glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } glance::registry::debug: {get_param: Debug} glance::registry::workers: {get_param: GlanceWorkers} + glance::db::mysql::user: glance + glance::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + glance::db::mysql::dbname: glance + glance::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + + tripleo.glance_registry.firewall_rules: + '112 glance_registry': + dport: + - 9191 step_config: | include ::tripleo::profile::base::glance::registry diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml new file mode 100644 index 00000000..d97626a6 --- /dev/null +++ b/puppet/services/gnocchi-api.yaml @@ -0,0 +1,34 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + GnocchiServiceBase: + type: ./gnocchi-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + service_name: gnocchi_api + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + - tripleo.gnocchi_api.firewall_rules: + '129 gnocchi-api': + dport: + - 8041 + - 13041 + - gnocchi::api::keystone_tenant: 'service' + step_config: | + include ::tripleo::profile::base::gnocchi::api diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml new file mode 100644 index 00000000..5c1e015e --- /dev/null +++ b/puppet/services/gnocchi-base.yaml @@ -0,0 +1,94 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + GnocchiBackend: + default: file + description: The short name of the Gnocchi backend to use. Should be one + of swift, rbd, or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd'] + GnocchiIndexerBackend: + default: 'mysql' + description: The short name of the Gnocchi indexer backend to use. + type: string + GnocchiPassword: + description: The password for the gnocchi service and db account. + type: string + hidden: true + GnocchiRbdPoolName: + default: metrics + type: string + CephClientUserName: + default: openstack + type: string + +outputs: + aux_parameters: + description: Additional parameters referenced outside the base file + value: + gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend} + role_data: + description: Shared role data for the Heat services. + value: + service_name: gnocchi_base + config_settings: + #Gnocchi engine + gnocchi::debug: {get_input: debug} + gnocchi::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://gnocchi:' + - {get_param: GnocchiPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/gnocchi' + gnocchi::keystone::auth::region: 'regionOne' + gnocchi::keystone::auth::tenant: 'service' + gnocchi::keystone::auth::password: {get_param: GnocchiPassword} + gnocchi::db::mysql::password: {get_param: GnocchiPassword} + gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types' + #Gnocchi API + tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} + gnocchi::api::manage_service: false + gnocchi::api::enabled: true + gnocchi::api::service_name: 'httpd' + gnocchi::api::keystone_tenant: 'service' + gnocchi::api::keystone_password: {get_param: GnocchiPassword} + gnocchi::wsgi::apache::ssl: false + gnocchi::storage::swift::swift_user: 'service:gnocchi' + gnocchi::storage::swift::swift_auth_version: 2 + gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword} + gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} + gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} + gnocchi::storage::ceph::ceph_keyring: + list_join: + - '.' + - - '/etc/ceph/ceph' + - 'client' + - {get_param: CephClientUserName} + - 'keyring' + #Gnocchi statsd + gnocchi::statsd::manage_service: false + gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26' + gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3' + gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616' + gnocchi::statsd::flush_delay: 10 + gnocchi::statsd::archive_policy_name: 'low' + gnocchi::db::mysql::user: gnocchi + gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + gnocchi::db::mysql::dbname: gnocchi + gnocchi::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + gnocchi::auth::auth_region: 'regionOne' + gnocchi::auth::auth_tenant_name: 'service' diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml new file mode 100644 index 00000000..8041c6f4 --- /dev/null +++ b/puppet/services/gnocchi-metricd.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + GnocchiServiceBase: + type: ./gnocchi-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + service_name: gnocchi_metricd + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + - gnocchi::metricd::manage_service: false + step_config: | + include ::tripleo::profile::base::gnocchi::metricd diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml new file mode 100644 index 00000000..9c8e6897 --- /dev/null +++ b/puppet/services/gnocchi-statsd.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + GnocchiServiceBase: + type: ./gnocchi-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + service_name: gnocchi_statsd + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + - gnocchi::statsd::manage_service: false + step_config: | + include ::tripleo::profile::base::gnocchi::statsd diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 844637bc..902a1c3f 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -14,5 +14,31 @@ outputs: role_data: description: Role data for the HAproxy role. value: + service_name: haproxy + config_settings: + tripleo.haproxy.firewall_rules: + '107 haproxy stats': + dport: 1993 + # TODO(emilien) make it composable to find which services are actually running + tripleo::haproxy::keystone_admin: true + tripleo::haproxy::keystone_public: true + tripleo::haproxy::neutron: true + tripleo::haproxy::cinder: true + tripleo::haproxy::glance_api: true + tripleo::haproxy::glance_registry: true + tripleo::haproxy::nova_osapi: true + tripleo::haproxy::nova_metadata: true + tripleo::haproxy::nova_novncproxy: true + tripleo::haproxy::mysql: true + tripleo::haproxy::redis: true + tripleo::haproxy::sahara: true + tripleo::haproxy::swift_proxy_server: true + tripleo::haproxy::ceilometer: true + tripleo::haproxy::aodh: true + tripleo::haproxy::gnocchi: true + tripleo::haproxy::heat_api: true + tripleo::haproxy::heat_cloudwatch: true + tripleo::haproxy::heat_cfn: true + tripleo::haproxy::horizon: true step_config: | include ::tripleo::profile::base::haproxy diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index c1f26c15..f8832dd8 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -30,6 +30,7 @@ outputs: role_data: description: Role data for the Heat CloudFormation API role. value: + service_name: heat_api_cfn config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] @@ -39,5 +40,10 @@ outputs: heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} heat::keystone::auth_cfn::password: {get_param: HeatPassword} heat::keystone::auth::region: {get_param: KeystoneRegion} + tripleo.heat_api_cfn.firewall_rules: + '125 heat_cfn': + dport: + - 8000 + - 13800 step_config: | include ::tripleo::profile::base::heat::api_cfn diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index 2c56951b..b4669ac3 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -22,9 +22,15 @@ outputs: role_data: description: Role data for the Heat Cloudwatch API role. value: + service_name: heat_api_cloudwatch config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api_cloudwatch::workers: {get_param: HeatWorkers} + tripleo.heat_api_cloudwatch.firewall_rules: + '125 heat_cloudwatch': + dport: + - 8003 + - 13003 step_config: | include ::tripleo::profile::base::heat::api_cloudwatch diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index d3461e63..c0e7a690 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -30,6 +30,7 @@ outputs: role_data: description: Role data for the Heat API role. value: + service_name: heat_api config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] @@ -39,5 +40,10 @@ outputs: heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} heat::keystone::auth::password: {get_param: HeatPassword} heat::keystone::auth::region: {get_param: KeystoneRegion} + tripleo.heat_api.firewall_rules: + '125 heat_api': + dport: + - 8004 + - 13004 step_config: | include ::tripleo::profile::base::heat::api diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index 8617df27..c40136f5 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -31,6 +31,7 @@ outputs: role_data: description: Shared role data for the Heat services. value: + service_name: heat_base config_settings: heat::rabbit_userid: {get_param: RabbitUserName} heat::rabbit_password: {get_param: RabbitPassword} @@ -38,3 +39,20 @@ outputs: heat::rabbit_port: {get_param: RabbitClientPort} heat::debug: {get_param: Debug} heat::enable_proxy_headers_parsing: true + # We need this because the default heat policy.json no longer works on TripleO + # https://git.openstack.org/cgit/openstack/heat/commit/?id=ac86702172ddf01f5bdc3f3cd99d2e32ad9b7024 + heat::policy::policies: + context_is_admin: + key: 'context_is_admin' + value: 'role:admin' + heat::rabbit_heartbeat_timeout_threshold: 60 + heat::keystone_tenant: 'service' + heat::keystone::auth::tenant: 'service' + heat::keystone::domain::domain_name: 'heat_stack' + heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' + heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' + heat::auth_plugin: 'password' + heat::cron::purge_deleted::age: 30 + heat::cron::purge_deleted::age_type: 'days' + heat::cron::purge_deleted::maxdelay: 3600 + heat::cron::purge_deleted::destination: '/dev/null' diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 4a5ec2c0..13555a62 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -35,10 +35,13 @@ outputs: role_data: description: Role data for the Heat Engine role. value: + service_name: heat_engine config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::engine::num_engine_workers: {get_param: HeatWorkers} + heat::engine::configure_delegated_roles: false + heat::engine::trusts_delegated_roles: [] tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge} heat::database_connection: list_join: @@ -54,5 +57,11 @@ outputs: heat::keystone_password: {get_param: HeatPassword} heat::db::mysql::password: {get_param: HeatPassword} heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} + heat::db::mysql::user: heat + heat::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + heat::db::mysql::dbname: heat + heat::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" step_config: | include ::tripleo::profile::base::heat::engine diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml new file mode 100644 index 00000000..64cf450a --- /dev/null +++ b/puppet/services/horizon.yaml @@ -0,0 +1,46 @@ +heat_template_version: 2016-04-08 + +description: > + Horizon service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + HorizonAllowedHosts: + default: '*' + description: A list of IP/Hostname allowed to connect to horizon + type: comma_delimited_list + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. + type: comma_delimited_list + +outputs: + role_data: + description: Role data for the Horizon role. + value: + service_name: horizon + config_settings: + horizon::allowed_hosts: {get_param: HorizonAllowedHosts} + neutron::plugins::ml2::mechanism_drivers: + str_replace: + template: MECHANISMS + params: + MECHANISMS: {get_param: NeutronMechanismDrivers} + tripleo.horizon.firewall_rules: + '126 horizon': + dport: + - 80 + - 443 + horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache + horizon::django_session_engine: 'django.contrib.sessions.backends.cache' + horizon::vhost_extra_params: + add_listen: false + priority: 10 + access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' + step_config: | + include ::tripleo::profile::base::horizon diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml new file mode 100644 index 00000000..949cdf31 --- /dev/null +++ b/puppet/services/ironic-api.yaml @@ -0,0 +1,43 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ironic API configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + IronicPassword: + description: The password for the Ironic service and db account, used by the Ironic services + type: string + hidden: true + +resources: + IronicBase: + type: ./ironic-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ironic API role. + value: + service_name: ironic_api + config_settings: + map_merge: + - get_attr: [IronicBase, role_data, config_settings] + # NOTE(dtantsur): the my_ip parameter is heavily overloaded in + # ironic. It's used as a default value for e.g. TFTP server IP, + # glance and neutron endpoints, virtual console IP. We override + # the TFTP server IP in ironic-conductor.yaml as it should not be + # the VIP, but rather a real IP of the controller. + - ironic::my_ip: {get_param: [EndpointMap, MysqlInternal, host]} + ironic::api::admin_password: {get_param: IronicPassword} + ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri]} + ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri]} + ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri]} + ironic::keystone::auth::password: {get_param: IronicPassword } + step_config: | + include ::tripleo::profile::base::ironic::api diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml new file mode 100644 index 00000000..41d2234a --- /dev/null +++ b/puppet/services/ironic-base.yaml @@ -0,0 +1,70 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ironic services configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + IronicPassword: + description: The password for the Ironic service and db account, used by the Ironic services + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + +outputs: + role_data: + description: Role data for the Ironic role. + value: + service_name: ironic_base + config_settings: + ironic::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://ironic:' + - {get_param: IronicPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/ironic' + ironic::admin_tenant_name: 'service' + ironic::debug: {get_param: Debug} + ironic::rabbit_userid: {get_param: RabbitUserName} + ironic::rabbit_password: {get_param: RabbitPassword} + ironic::rabbit_port: {get_param: RabbitClientPort} + ironic::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + ironic::db::mysql::password: {get_param: IronicPassword} + ironic::db::mysql::user: ironic + ironic::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + ironic::db::mysql::dbname: ironic + ironic::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + + ironic::keystone::auth::tenant: 'service' + step_config: | + include ::tripleo::profile::base::ironic diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml new file mode 100644 index 00000000..a3bce305 --- /dev/null +++ b/puppet/services/ironic-conductor.yaml @@ -0,0 +1,36 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ironic conductor configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + IronicEnabledDrivers: + default: ['pxe_ipmitool', 'agent_ipmitool'] + description: Enabled Ironic drivers + type: comma_delimited_list + +resources: + IronicBase: + type: ./ironic-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ironic conductor role. + value: + service_name: ironic_conductor + config_settings: + map_merge: + - get_attr: [IronicBase, role_data, config_settings] + - ironic::enabled_drivers: {get_param: IronicEnabledDrivers} + # Prevent tftp_server from defaulting to my_ip setting, which is + # controller VIP, not a real IP. + ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network} + step_config: | + include ::tripleo::profile::base::ironic::conductor diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index 09ce26b5..95a401c6 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -14,5 +14,6 @@ outputs: role_data: description: Role data for the Keepalived role. value: + service_name: keepalived step_config: | include ::tripleo::profile::base::keepalived diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml new file mode 100644 index 00000000..50ebe925 --- /dev/null +++ b/puppet/services/kernel.yaml @@ -0,0 +1,40 @@ +heat_template_version: 2016-04-08 + +description: > + Load kernel modules with kmod and configure kernel options with sysctl. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Kernel modules + value: + service_name: kernel + config_settings: + kernel_modules: + nf_conntrack: {} + sysctl_settings: + net.ipv4.tcp_keepalive_intvl: + value: 1 + net.ipv4.tcp_keepalive_probes: + value: 5 + net.ipv4.tcp_keepalive_time: + value: 5 + net.nf_conntrack_max: + value: 500000 + net.netfilter.nf_conntrack_max: + value: 500000 + # prevent neutron bridges from autoconfiguring ipv6 addresses + net.ipv6.conf.default.accept_ra: + value: 0 + net.ipv6.conf.default.autoconf: + value: 0 + net.core.netdev_max_backlog: + value: 10000 + step_config: | + include ::tripleo::profile::base::kernel diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 25d92d4a..48e74875 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -45,10 +45,6 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint - KeystoneWorkers: - default: 0 - description: Number of workers for Keystone service. - type: number EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -88,11 +84,15 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number - + KeystoneWorkers: + type: string + description: Set the number of workers for keystone::wsgi::apache + default: '"%{::processorcount}"' outputs: role_data: description: Role data for the Keystone role. value: + service_name: keystone config_settings: keystone::database_connection: list_join: @@ -124,9 +124,36 @@ outputs: keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} keystone::endpoint::region: {get_param: KeystoneRegion} - keystone::admin_workers: {get_param: KeystoneWorkers} - keystone::public_workers: {get_param: KeystoneWorkers} keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} + keystone::db::mysql::user: keystone + keystone::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + keystone::db::mysql::dbname: keystone + keystone::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + keystone::rabbit_heartbeat_timeout_threshold: 60 + keystone::cron::token_flush::maxdelay: 3600 + keystone::roles::admin::service_tenant: 'service' + keystone::roles::admin::admin_tenant: 'admin' + keystone::cron::token_flush::destination: '/dev/null' + keystone::config::keystone_config: + DEFAULT/secure_proxy_ssl_header: + value: 'HTTP_X_FORWARDED_PROTO' + ec2/driver: + value: 'keystone.contrib.ec2.backends.sql.Ec2' + keystone::service_name: 'httpd' + keystone::wsgi::apache::ssl: false + + keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} + # override via extraconfig: + keystone::wsgi::apache::threads: 1 + tripleo.keystone.firewall_rules: + '111 keystone': + dport: + - 5000 + - 13000 + - 35357 + - 13357 step_config: | include ::tripleo::profile::base::keystone diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml index fcd0adca..ceb29b55 100644 --- a/puppet/services/memcached.yaml +++ b/puppet/services/memcached.yaml @@ -14,6 +14,10 @@ outputs: role_data: description: Role data for the Memcached role. value: + service_name: memcached config_settings: + tripleo.memcached.firewall_rules: + '121 memcached': + dport: 11211 step_config: | include ::tripleo::profile::base::memcached diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 8bd8d989..c1134824 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -47,6 +47,7 @@ outputs: role_data: description: Role data for the Neutron base service. value: + service_name: neutron_base config_settings: neutron::rabbit_password: {get_param: RabbitPassword} neutron::rabbit_user: {get_param: RabbitUserName} @@ -60,3 +61,7 @@ outputs: params: PLUGINS: {get_param: NeutronServicePlugins} neutron::debug: {get_param: Debug} + neutron::allow_overlapping_ips: true + neutron::rabbit_heartbeat_timeout_threshold: 60 + neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed + neutron::keystone::auth::tenant: 'service' diff --git a/puppet/services/neutron-compute-plugin-midonet.yaml b/puppet/services/neutron-compute-plugin-midonet.yaml new file mode 100644 index 00000000..200aaa1b --- /dev/null +++ b/puppet/services/neutron-compute-plugin-midonet.yaml @@ -0,0 +1,20 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Compute Midonet plugin + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Neutron Compute Plumgrid plugin + value: + service_name: neutron_compute_plugin_midonet + config_settings: + step_config: | + include ::tripleo::profile::base::neutron::agents::midonet diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml new file mode 100644 index 00000000..44aac571 --- /dev/null +++ b/puppet/services/neutron-compute-plugin-nuage.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Compute Nuage plugin + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaPassword: + description: The password for the nova service account, used by nova-api. + type: string + hidden: true + +outputs: + role_data: + description: Role data for the Neutron Compute Nuage plugin + value: + service_name: neutron_compute_plugin_nuage + config_settings: + tripleo::profile::base::neutron::agents::nuage::nova_os_tenant_name: 'service' + tripleo::profile::base::neutron::agents::nuage::nova_os_password: {get_param: NovaPassword} + tripleo::profile::base::neutron::agents::nuage::nova_auth_ip: {get_param: [EndpointMap, KeystoneInternal, host]} + step_config: | + include ::tripleo::profile::base::neutron::agents::nuage diff --git a/puppet/services/neutron-compute-plugin-opencontrail.yaml b/puppet/services/neutron-compute-plugin-opencontrail.yaml new file mode 100644 index 00000000..fb6d640c --- /dev/null +++ b/puppet/services/neutron-compute-plugin-opencontrail.yaml @@ -0,0 +1,20 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Compute OpenContrail plugin + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Neutron Compute OpenContrail plugin + value: + service_name: neutron_compute_plugin_opencontrail + config_settings: + step_config: | + include ::tripleo::profile::base::neutron::opencontrail::vrouter diff --git a/puppet/services/neutron-compute-plugin-plumgrid.yaml b/puppet/services/neutron-compute-plugin-plumgrid.yaml new file mode 100644 index 00000000..ad1e3465 --- /dev/null +++ b/puppet/services/neutron-compute-plugin-plumgrid.yaml @@ -0,0 +1,20 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Compute Plumgrid plugin + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Neutron Compute Plumgrid plugin + value: + service_name: neutron_compute_plugin_plumgrid + config_settings: + step_config: | + include tripleo::profile::base::neutron::plumgrid diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index 80ccf1c2..322e018d 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -13,22 +13,6 @@ parameters: default: 'False' description: If True, DHCP provide metadata route to VM. type: string - NeutronDnsmasqOptions: - default: 'dhcp-option-force=26,%MTU%' - description: > - Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU - to be set to the value of NeutronTenantMtu, which should be set to account - for tunnel overhead. - type: string - NeutronTenantMtu: - description: > - The default MTU for tenant networks. For VXLAN/GRE tunneling, this should - be at least 50 bytes smaller than the MTU on the physical network. This - value will be used to set the MTU on the virtual Ethernet device. - This value will be used to construct the NeutronDnsmasqOptions, since that - will determine the MTU that is assigned to the VM host through DHCP. - default: "1400" - type: string resources: @@ -39,15 +23,18 @@ outputs: role_data: description: Role data for the Neutron DHCP agent service. value: + service_name: neutron_dhcp config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - - neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf - tripleo::profile::base::neutron::dhcp: - str_replace: - template: {get_param: NeutronDnsmasqOptions} - params: - '%MTU%': {get_param: NeutronTenantMtu} - neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} + - neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} + tripleo.neutron_dhcp.firewall_rules: + '115 neutron dhcp input': + proto: 'udp' + dport: 67 + '116 neutron dhcp output': + proto: 'udp' + chain: 'OUTPUT' + dport: 68 step_config: | include tripleo::profile::base::neutron::dhcp diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 20c82dc1..a7232a39 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -26,9 +26,11 @@ outputs: role_data: description: Role data for the Neutron L3 agent service. value: + service_name: neutron_l3 config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} + neutron::agents::l3::router_delete_namespaces: True step_config: | include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index e221b3a1..73d8c3da 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -31,6 +31,7 @@ outputs: role_data: description: Role data for the Neutron Metadata agent service. value: + service_name: neutron_metadata config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] @@ -38,5 +39,6 @@ outputs: neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers} neutron::agents::metadata::auth_password: {get_param: NeutronPassword} neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + neutron::agents::metadata::auth_tenant: 'service' step_config: | include tripleo::profile::base::neutron::metadata diff --git a/puppet/services/neutron-midonet.yaml b/puppet/services/neutron-midonet.yaml new file mode 100644 index 00000000..ccc0b0dd --- /dev/null +++ b/puppet/services/neutron-midonet.yaml @@ -0,0 +1,49 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Midonet plugin and services + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + AdminPassword: + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + AdminToken: + description: The keystone auth secret and db password. + type: string + hidden: true + EnableZookeeperOnController: + label: Enable Zookeeper On Controller + description: 'Whether enable Zookeeper cluster on Controller' + type: boolean + default: false + EnableCassandraOnController: + label: Enable Cassandra On Controller + description: 'Whether enable Cassandra cluster on Controller' + type: boolean + default: false + +outputs: + role_data: + description: Role data for the Neutron Midonet plugin and services + value: + service_name: neutron_midonet + config_settings: + tripleo::profile::base::neutron::midonet::admin_password: {get_param: AdminPassword} + tripleo::profile::base::neutron::midonet::keystone_admin_token: {get_param: AdminToken} + tripleo::profile::base::neutron::midonet::neutron_auth_password: {get_param: NeutronPassword} + tripleo::profile::base::neutron::midonet::zk_on_controller: {get_param: EnableZookeeperOnController} + tripleo::profile::base::neutron::midonet::neutron_auth_tenant: 'service' + enable_cassandra_on_controller: {get_param: EnableCassandraOnController} + neutron::service_plugins: [] + step_config: | + include tripleo::profile::base::neutron::plugins::midonet diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 0e1dbb29..d8679f2e 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -47,6 +47,7 @@ outputs: role_data: description: Role data for the Neutron OVS agent service. value: + service_name: neutron_ovs_agent config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index 435a6de0..158122ed 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -61,6 +61,7 @@ outputs: role_data: description: Role data for the Neutron ML2 plugin. value: + service_name: neutron_plugin_ml2 config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] @@ -106,4 +107,4 @@ outputs: TYPES: {get_param: NeutronNetworkType} step_config: | - include ::tripleo::profile::base::neutron::ml2 + include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/neutron-plugin-nuage.yaml b/puppet/services/neutron-plugin-nuage.yaml new file mode 100644 index 00000000..5f228f96 --- /dev/null +++ b/puppet/services/neutron-plugin-nuage.yaml @@ -0,0 +1,76 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Nuage plugin + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + # Config specific parameters, to be provided via parameter_defaults + NeutronNuageOSControllerIp: + description: IP address of the OpenStack Controller + type: string + + NeutronNuageNetPartitionName: + description: Specifies the title that you will see on the VSD + type: string + default: 'default_name' + + NeutronNuageVSDIp: + description: IP address and port of the Virtual Services Directory + type: string + + NeutronNuageVSDUsername: + description: Username to be used to log into VSD + type: string + + NeutronNuageVSDPassword: + description: Password to be used to log into VSD + type: string + + NeutronNuageVSDOrganization: + description: Organization parameter required to log into VSD + type: string + default: 'organization' + + NeutronNuageBaseURIVersion: + description: URI version to be used based on the VSD release + type: string + default: 'default_uri_version' + + NeutronNuageCMSId: + description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD + type: string + + UseForwardedFor: + description: Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy. + type: boolean + default: false + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for the Neutron Nuage plugin + value: + service_name: neutron_plugin_nuage + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::plugins::nuage::nuage_oscontroller_ip: {get_param: NeutronNuageOSControllerIp} + neutron::plugins::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName} + neutron::plugins::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp} + neutron::plugins::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername} + neutron::plugins::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword} + neutron::plugins::nuage::nuage_vsd_organization: {get_param: NeutronNuageVSDOrganization} + neutron::plugins::nuage::nuage_base_uri_version: {get_param: NeutronNuageBaseURIVersion} + neutron::plugins::nuage::nuage_cms_id: {get_param: NeutronNuageCMSId} + nova::api::use_forwarded_for: {get_param: UseForwardedFor} + step_config: | + include tripleo::profile::base::neutron::plugins::nuage diff --git a/puppet/services/neutron-plugin-opencontrail.yaml b/puppet/services/neutron-plugin-opencontrail.yaml new file mode 100644 index 00000000..ed6a2c04 --- /dev/null +++ b/puppet/services/neutron-plugin-opencontrail.yaml @@ -0,0 +1,61 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Opencontrail plugin + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + AdminPassword: + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + AdminToken: + description: The keystone auth secret and db password. + type: string + hidden: true + ContrailApiServerIp: + description: IP address of the OpenContrail API server + type: string + ContrailApiServerPort: + description: Port of the OpenContrail API + type: string + default: 8082 + ContrailMultiTenancy: + description: Whether to enable multi tenancy + type: boolean + default: false + ContrailExtensions: + description: List of OpenContrail extensions to be enabled + type: comma_delimited_list + default: '' + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for the Neutron Opencontrail plugin + value: + service_name: neutron_plugin_opencontrail + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions + + neutron::plugins::opencontrail::api_server_ip: {get_param: ContrailApiServerIp} + neutron::plugins::opencontrail::api_server_port: {get_param: ContrailApiServerPort} + neutron::plugins::opencontrail::multi_tenancy: {get_param: ContrailMultiTenancy} + neutron::plugins::opencontrail::contrail_extensions: {get_param: ContrailExtensions} + neutron::plugins::opencontrail::keystone_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri] } + neutron::plugins::opencontrail::keystone_admin_user: admin + neutron::plugins::opencontrail::keystone_admin_tenant_name: admin + neutron::plugins::opencontrail::keystone_admin_password: {get_param: AdminPassword} + neutron::plugins::opencontrail::keystone_admin_token: {get_param: AdminToken} + step_config: | + include tripleo::profile::base::neutron::plugins::opencontrail diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml index 68766674..5488bed7 100644 --- a/puppet/services/neutron-plugin-plumgrid.yaml +++ b/puppet/services/neutron-plugin-plumgrid.yaml @@ -80,6 +80,7 @@ outputs: role_data: description: Role data for the Neutron Plumgrid plugin value: + service_name: neutron_plugin_plumgrid config_settings: neutron::plugins::plumgrid::connection: list_join: diff --git a/puppet/services/neutron-server.yaml b/puppet/services/neutron-server.yaml index b84958cd..1c7cef49 100644 --- a/puppet/services/neutron-server.yaml +++ b/puppet/services/neutron-server.yaml @@ -22,9 +22,9 @@ parameters: description: Allow automatic l3-agent failover type: string NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string + default: false + description: Whether to enable HA for virtual routers + type: boolean NovaPassword: description: The password for the nova service and db account, used by nova-api. type: string @@ -39,10 +39,11 @@ outputs: role_data: description: Role data for the Neutron Server agent service. value: + service_name: neutron_server config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - neutron_dsn: &neutron_dsn + neutron::server::database_connection: list_join: - '' - - {get_param: [EndpointMap, MysqlInternal, protocol]} @@ -53,8 +54,8 @@ outputs: - '/ovs_neutron' neutron::server::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::server::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + neutron::server::auth_tenant: 'service' neutron::server::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - neutron::server::database_connection: *neutron_dsn neutron::server::api_workers: {get_param: NeutronWorkers} neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron::server::l3_ha: {get_param: NeutronL3HA} @@ -65,6 +66,24 @@ outputs: neutron::server::notifications::tenant_name: 'service' neutron::server::notifications::project_name: 'service' neutron::server::notifications::password: {get_param: NovaPassword} + neutron::server::project_name: 'service' + neutron::server::sync_db: true neutron::db::mysql::password: {get_param: NeutronPassword} + neutron::db::mysql::user: neutron + neutron::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + neutron::db::mysql::dbname: ovs_neutron + neutron::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + tripleo.neutron_server.firewall_rules: + '114 neutron server': + dport: + - 9696 + - 13696 + '118 neutron vxlan networks': + proto: 'udp' + dport: 4789 + '106 vrrp': + proto: vrrp step_config: | include tripleo::profile::base::neutron::server diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index f31df371..045a8614 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -17,15 +17,35 @@ parameters: resources: NovaBase: type: ./nova-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Nova API service. value: + service_name: nova_api config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] - nova::api::osapi_compute_workers: {get_param: NovaWorkers} - - nova::api::metadata_workers: {get_param: NovaWorkers} + nova::api::metadata_workers: {get_param: NovaWorkers} + nova::cron::archive_deleted_rows::hour: '"*/12"' + nova::cron::archive_deleted_rows::destination: '"/dev/null"' + tripleo.nova_api.firewall_rules: + '113 nova_api': + dport: + - 6080 + - 13080 + - 8773 + - 3773 + - 8774 + - 13774 + - 8775 + nova::api::admin_tenant_name: 'service' + nova::api::enabled: true + nova::api::default_floating_pool: 'public' + nova::api::sync_db_api: true + nova::api::enable_proxy_headers_parsing: true step_config: | include tripleo::profile::base::nova::api diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 7de14f68..21dbacd2 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -4,6 +4,15 @@ description: > OpenStack Nova base service. Shared for all Nova services. parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaPassword: + description: The password for the nova service and db account, used by nova-api. + type: string + hidden: true RabbitPassword: description: The password for RabbitMQ type: string @@ -29,11 +38,66 @@ parameters: outputs: role_data: - description: Role data for the Neutron base service. + description: Role data for the Nova base service. value: + service_name: nova_base config_settings: nova::rabbit_password: {get_param: RabbitPassword} nova::rabbit_user: {get_param: RabbitUserName} nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} nova::rabbit_port: {get_param: RabbitClientPort} + nova::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://nova:' + - {get_param: NovaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/nova' + nova::api_database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://nova_api:' + - {get_param: NovaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/nova_api' + nova::db::mysql::password: {get_input: nova_password} + nova::db::mysql::user: nova + nova::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql::dbname: nova + nova::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + nova::db::mysql_api::password: {get_input: nova_password} + nova::db::mysql_api::user: nova_api + nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql_api::dbname: nova_api + nova::db::mysql_api::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" nova::debug: {get_param: Debug} + nova::network::neutron::neutron_project_name: 'service' + nova::network::neutron::neutron_username: 'neutron' + nova::network::neutron::dhcp_domain: '' + nova::rabbit_heartbeat_timeout_threshold: 60 + nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' + nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed. + nova::notify_on_state_change: 'vm_and_task_state' + nova::notification_driver: messagingv2 + nova::network::neutron::neutron_auth_type: 'v3password' + nova::keystone::auth::tenant: 'service' + nova::db::mysql::user: nova + nova::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql::dbname: nova + nova::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + nova::db::mysql_api::user: nova_api + nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql_api::dbname: nova_api + nova::db::mysql_api::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 0844aa85..bcc3a232 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -9,17 +9,49 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + NovaRbdPoolName: + default: vms + type: string + CephClientUserName: + default: openstack + type: string resources: NovaBase: type: ./nova-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} outputs: role_data: - description: Role data for the Nova Conductor service. + description: Role data for the Nova Compute service. value: + service_name: nova_compute config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] + - nova::compute::libvirt::manage_libvirt_services: false + # we manage migration in nova common puppet profile + nova::compute::libvirt::migration_support: false + tripleo::profile::base::nova::manage_migration: true + tripleo::profile::base::nova::nova_compute_enabled: true + nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} + nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} + nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"' + nova::compute::instance_usage_audit: true + nova::compute::instance_usage_audit_period: 'hour' + # Changing the default from 512MB. The current templates can not deploy + # overclouds with swap. On an idle compute node, we see ~1024MB of RAM + # used. 2048 is suggested to account for other possible operations for + # example openvswitch. + nova::compute::reserved_host_memory: 2048 step_config: | - include tripleo::profile::base::nova::compute + # TODO(emilien): figure how to deal with libvirt profile. + # We'll probably threat it like we do with Neutron plugins. + # Until then, just include it in the default nova-compute role. + include tripleo::profile::base::nova::compute::libvirt diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index 412dd275..5964f883 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -17,11 +17,14 @@ parameters: resources: NovaBase: type: ./nova-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Nova Conductor service. value: + service_name: nova_conductor config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml index 791c5449..5fbce1b1 100644 --- a/puppet/services/nova-consoleauth.yaml +++ b/puppet/services/nova-consoleauth.yaml @@ -13,11 +13,14 @@ parameters: resources: NovaBase: type: ./nova-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Nova Consoleauth service. value: + service_name: nova_consoleauth config_settings: get_attr: [NovaBase, role_data, config_settings] step_config: | diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml new file mode 100644 index 00000000..939b6a09 --- /dev/null +++ b/puppet/services/nova-libvirt.yaml @@ -0,0 +1,34 @@ +heat_template_version: 2016-04-08 + +description: > + Libvirt service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + NovaBase: + type: ./nova-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Libvirt service. + value: + service_name: nova_libvirt + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + # we include ::nova::compute::libvirt::services in nova/libvirt profile + - nova::compute::libvirt::manage_libvirt_services: false + # we manage migration in nova common puppet profile + nova::compute::libvirt::migration_support: false + tripleo::profile::base::nova::manage_migration: true + tripleo::profile::base::nova::libvirt_enabled: true + step_config: | + include tripleo::profile::base::nova::libvirt diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index 65ed6643..bd6e5116 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -13,11 +13,14 @@ parameters: resources: NovaBase: type: ./nova-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Nova Scheduler service. value: + service_name: nova_scheduler config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/nova-vncproxy.yaml b/puppet/services/nova-vncproxy.yaml index 93a25ab2..0b9cef38 100644 --- a/puppet/services/nova-vncproxy.yaml +++ b/puppet/services/nova-vncproxy.yaml @@ -13,12 +13,17 @@ parameters: resources: NovaBase: type: ./nova-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} outputs: role_data: description: Role data for the Nova Vncproxy service. value: + service_name: nova_vncproxy config_settings: - get_attr: [NovaBase, role_data, config_settings] + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - nova::vncproxy::enabled: true step_config: | include tripleo::profile::base::nova::vncproxy diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml new file mode 100644 index 00000000..b0ebb7d4 --- /dev/null +++ b/puppet/services/pacemaker.yaml @@ -0,0 +1,35 @@ +heat_template_version: 2016-04-08 + +description: > + Pacemaker service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Pacemaker role. + value: + service_name: pacemaker + config_settings: + pacemaker::corosync::cluster_name: 'tripleo_cluster' + pacemaker::corosync::manage_fw: false + pacemaker::resource_defaults::defaults: + resource-stickiness: { value: INFINITY } + corosync_token_timeout: 10000 + tripleo.pacemaker.firewall_rules: + '130 pacemaker tcp': + proto: 'tcp' + dport: + - 2224 + - 3121 + - 21064 + '131 pacemaker udp': + proto: 'udp' + dport: 5405 + step_config: | + include ::tripleo::profile::base::pacemaker diff --git a/puppet/services/pacemaker/ceilometer-agent-central.yaml b/puppet/services/pacemaker/ceilometer-agent-central.yaml new file mode 100644 index 00000000..471b9f7a --- /dev/null +++ b/puppet/services/pacemaker/ceilometer-agent-central.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Central Agent service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CeilometerServiceBase: + type: ../ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Central Agent pacemaker role. + value: + service_name: ceilometer_agent_central + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::agent::central::manage_service: false + ceilometer::agent::central::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::ceilometer::agent::central diff --git a/puppet/services/pacemaker/ceilometer-agent-notification.yaml b/puppet/services/pacemaker/ceilometer-agent-notification.yaml new file mode 100644 index 00000000..2530848f --- /dev/null +++ b/puppet/services/pacemaker/ceilometer-agent-notification.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Notification Agent service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CeilometerServiceBase: + type: ../ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Notification Agent pacemaker role. + value: + service_name: ceilometer_agent_notification + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::agent::notification::manage_service: false + ceilometer::agent::notification::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::ceilometer::agent::notification diff --git a/puppet/services/pacemaker/ceilometer-api.yaml b/puppet/services/pacemaker/ceilometer-api.yaml new file mode 100644 index 00000000..f1885372 --- /dev/null +++ b/puppet/services/pacemaker/ceilometer-api.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer API service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CeilometerServiceBase: + type: ../ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer API pacemaker role. + value: + service_name: ceilometer_api + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::api::manage_service: false + ceilometer::api::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::ceilometer::api diff --git a/puppet/services/pacemaker/ceilometer-collector.yaml b/puppet/services/pacemaker/ceilometer-collector.yaml new file mode 100644 index 00000000..8d31e1aa --- /dev/null +++ b/puppet/services/pacemaker/ceilometer-collector.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ceilometer Collector service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CeilometerServiceBase: + type: ../ceilometer-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ceilometer Collector pacemaker role. + value: + service_name: ceilometer_collector + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::collector::manage_service: false + ceilometer::collector::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::ceilometer::collector diff --git a/puppet/services/pacemaker/cinder-api.yaml b/puppet/services/pacemaker/cinder-api.yaml index 0f66cc06..706a189b 100644 --- a/puppet/services/pacemaker/cinder-api.yaml +++ b/puppet/services/pacemaker/cinder-api.yaml @@ -21,6 +21,7 @@ outputs: role_data: description: Role data for the Cinder API role. value: + service_name: cinder_api config_settings: map_merge: - get_attr: [CinderApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-scheduler.yaml b/puppet/services/pacemaker/cinder-scheduler.yaml index d1472c00..350d7126 100644 --- a/puppet/services/pacemaker/cinder-scheduler.yaml +++ b/puppet/services/pacemaker/cinder-scheduler.yaml @@ -21,6 +21,7 @@ outputs: role_data: description: Role data for the Cinder Scheduler role. value: + service_name: cinder_scheduler config_settings: map_merge: - get_attr: [CinderSchedulerBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index ee4e6cea..7b6e9a77 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -21,6 +21,7 @@ outputs: role_data: description: Role data for the Cinder Volume role. value: + service_name: cinder_volume config_settings: map_merge: - get_attr: [CinderVolumeBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/core.yaml b/puppet/services/pacemaker/core.yaml new file mode 100644 index 00000000..1c0c043c --- /dev/null +++ b/puppet/services/pacemaker/core.yaml @@ -0,0 +1,20 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Core (fake) service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Core role. + value: + service_name: core + config_settings: {} + step_config: | + include ::tripleo::profile::pacemaker::core
\ No newline at end of file diff --git a/puppet/services/pacemaker/database/mongodb.yaml b/puppet/services/pacemaker/database/mongodb.yaml index b2e9e0bb..c09f93a9 100644 --- a/puppet/services/pacemaker/database/mongodb.yaml +++ b/puppet/services/pacemaker/database/mongodb.yaml @@ -19,6 +19,7 @@ outputs: role_data: description: Service mongodb using composable services. value: + service_name: mongodb config_settings: map_merge: - get_attr: [MongoDbBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml new file mode 100644 index 00000000..cc9dc946 --- /dev/null +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -0,0 +1,21 @@ +heat_template_version: 2016-04-08 + +description: > + MySQL with Pacemaker service deployment using puppet + +parameters: + #Parameters not used EndpointMap + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Service MySQL with Pacemaker using composable services. + value: + service_name: mysql + config_settings: + step_config: | + include ::tripleo::profile::pacemaker::database::mysql diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml index 0e46f8a3..3cd8d168 100644 --- a/puppet/services/pacemaker/database/redis.yaml +++ b/puppet/services/pacemaker/database/redis.yaml @@ -18,11 +18,11 @@ outputs: role_data: description: Role data for the Redis pacemaker role. value: + service_name: redis config_settings: map_merge: - get_attr: [RedisBase, role_data, config_settings] - - tripleo::profile::pacemaker::database::redis::redis_vip: {get_input: redis_vip} - redis::service_manage: false + - redis::service_manage: false redis::notify_service: false step_config: | include ::tripleo::profile::pacemaker::database::redis diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml index 5a581dca..0fc17b22 100644 --- a/puppet/services/pacemaker/glance-api.yaml +++ b/puppet/services/pacemaker/glance-api.yaml @@ -45,6 +45,7 @@ outputs: role_data: description: Role data for the Glance role. value: + service_name: glance_api config_settings: map_merge: - get_attr: [GlanceApiBase, role_data, config_settings] @@ -52,6 +53,7 @@ outputs: glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} + glance_file_pcmk_directory: '/var/lib/glance/images' glance::api::manage_service: false glance::api::enabled: false step_config: | diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml index 8b88cb93..ae7aa307 100644 --- a/puppet/services/pacemaker/glance-registry.yaml +++ b/puppet/services/pacemaker/glance-registry.yaml @@ -21,6 +21,7 @@ outputs: role_data: description: Role data for the Glance role. value: + service_name: glance_registry config_settings: map_merge: - get_attr: [GlanceRegistryBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/gnocchi-api.yaml b/puppet/services/pacemaker/gnocchi-api.yaml new file mode 100644 index 00000000..bcd73e61 --- /dev/null +++ b/puppet/services/pacemaker/gnocchi-api.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + GnocchiServiceBase: + type: ../gnocchi-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + service_name: gnocchi_api + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::gnocchi::api diff --git a/puppet/services/pacemaker/gnocchi-metricd.yaml b/puppet/services/pacemaker/gnocchi-metricd.yaml new file mode 100644 index 00000000..ec487e89 --- /dev/null +++ b/puppet/services/pacemaker/gnocchi-metricd.yaml @@ -0,0 +1,31 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + GnocchiServiceBase: + type: ../gnocchi-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + service_name: gnocchi_metricd + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + - gnocchi::metricd::manage_service: false + tripleo::profile::pacemaker::gnocchi::gnocchi_indexer_backend: {get_attr: [GnocchiServiceBase, aux_parameters, gnocchi_indexer_backend]} + + step_config: | + include ::tripleo::profile::pacemaker::gnocchi::metricd diff --git a/puppet/services/pacemaker/gnocchi-statsd.yaml b/puppet/services/pacemaker/gnocchi-statsd.yaml new file mode 100644 index 00000000..d1106524 --- /dev/null +++ b/puppet/services/pacemaker/gnocchi-statsd.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + Gnocchi service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + GnocchiServiceBase: + type: ../gnocchi-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Gnocchi role. + value: + service_name: gnocchi_statsd + config_settings: + map_merge: + - get_attr: [GnocchiServiceBase, role_data, config_settings] + - gnocchi::statsd::manage_service: false + tripleo::profile::pacemaker::gnocchi::gnocchi_indexer_backend: {get_attr: [GnocchiServiceBase, aux_parameters, gnocchi_indexer_backend]} + step_config: | + include ::tripleo::profile::pacemaker::gnocchi::statsd diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml index c2ca2816..811a6697 100644 --- a/puppet/services/pacemaker/haproxy.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -20,6 +20,7 @@ outputs: role_data: description: Role data for the HAproxy with pacemaker role. value: + service_name: haproxy config_settings: map_merge: - get_attr: [LoadbalancerServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-api-cfn.yaml b/puppet/services/pacemaker/heat-api-cfn.yaml index 5833c42d..8f2c561a 100644 --- a/puppet/services/pacemaker/heat-api-cfn.yaml +++ b/puppet/services/pacemaker/heat-api-cfn.yaml @@ -20,12 +20,11 @@ outputs: role_data: description: Role data for the Heat CloudFormation API role. value: + service_name: heat_api_cfn config_settings: map_merge: - get_attr: [HeatApiCfnBase, role_data, config_settings] - heat::api_cfn::manage_service: false heat::api_cfn::enabled: false - step_config: - # No puppet manifests since heat-api-cfn is included in - # ::tripleo::profile::pacemaker::heat which is maintained alongside of - # pacemaker/heat-api.yaml. + step_config: | + include ::tripleo::profile::pacemaker::heat::api_cfn diff --git a/puppet/services/pacemaker/heat-api-cloudwatch.yaml b/puppet/services/pacemaker/heat-api-cloudwatch.yaml index 8b67702c..a08e0262 100644 --- a/puppet/services/pacemaker/heat-api-cloudwatch.yaml +++ b/puppet/services/pacemaker/heat-api-cloudwatch.yaml @@ -20,12 +20,11 @@ outputs: role_data: description: Role data for the Heat Cloudwatch API role. value: + service_name: heat_api_cloudwatch config_settings: map_merge: - get_attr: [HeatApiCloudwatchBase, role_data, config_settings] - heat::api_cloudwatch::manage_service: false heat::api_cloudwatch::enabled: false - step_config: - # No puppet manifests since heat-api-cloudwatch is included in - # ::tripleo::profile::pacemaker::heat which is maintained alongside of - # pacemaker/heat-api.yaml. + step_config: | + include ::tripleo::profile::pacemaker::heat::api_cloudwatch diff --git a/puppet/services/pacemaker/heat-api.yaml b/puppet/services/pacemaker/heat-api.yaml index 6628e8dd..5cf25516 100644 --- a/puppet/services/pacemaker/heat-api.yaml +++ b/puppet/services/pacemaker/heat-api.yaml @@ -20,10 +20,11 @@ outputs: role_data: description: Role data for the Heat API role. value: + service_name: heat_api config_settings: map_merge: - get_attr: [HeatApiBase, role_data, config_settings] - heat::api::manage_service: false heat::api::enabled: false step_config: | - include ::tripleo::profile::pacemaker::heat + include ::tripleo::profile::pacemaker::heat::api diff --git a/puppet/services/pacemaker/heat-engine.yaml b/puppet/services/pacemaker/heat-engine.yaml index e1195780..4d41cbe4 100644 --- a/puppet/services/pacemaker/heat-engine.yaml +++ b/puppet/services/pacemaker/heat-engine.yaml @@ -21,12 +21,11 @@ outputs: role_data: description: Role data for the Heat engine role. value: + service_name: heat_engine config_settings: map_merge: - get_attr: [HeatEngineBase, role_data, config_settings] - heat::engine::manage_service: false heat::engine::enabled: false - step_config: - # No puppet manifests since heat-engine is included in - # ::tripleo::profile::pacemaker::heat which is maintained alongside of - # pacemaker/heat-api.yaml. + step_config: | + include ::tripleo::profile::pacemaker::heat::engine diff --git a/puppet/services/pacemaker/horizon.yaml b/puppet/services/pacemaker/horizon.yaml new file mode 100644 index 00000000..f8b5ad0c --- /dev/null +++ b/puppet/services/pacemaker/horizon.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + Horizon service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + HorizonBase: + type: ../horizon.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Horizon role. + value: + service_name: horizon + config_settings: + get_attr: [HorizonBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::horizon + include ::tripleo::profile::pacemaker::apache diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml index 04e90368..f5f136d3 100644 --- a/puppet/services/pacemaker/keystone.yaml +++ b/puppet/services/pacemaker/keystone.yaml @@ -21,6 +21,7 @@ outputs: role_data: description: Role data for the Keystone pacemaker role. value: + service_name: keystone config_settings: map_merge: - get_attr: [KeystoneServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/memcached.yaml b/puppet/services/pacemaker/memcached.yaml index 9a11855e..43cd528e 100644 --- a/puppet/services/pacemaker/memcached.yaml +++ b/puppet/services/pacemaker/memcached.yaml @@ -19,6 +19,7 @@ outputs: role_data: description: Role data for the Memcached pacemaker role. value: + service_name: memcached config_settings: map_merge: - get_attr: [MemcachedServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml index 6f514379..3a5ada47 100644 --- a/puppet/services/pacemaker/neutron-dhcp.yaml +++ b/puppet/services/pacemaker/neutron-dhcp.yaml @@ -21,6 +21,7 @@ outputs: role_data: description: Role data for the Neutron DHCP role. value: + service_name: neutron_dhcp config_settings: map_merge: - get_attr: [NeutronDhcpBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml index cb9c32d9..a4f2c0e1 100644 --- a/puppet/services/pacemaker/neutron-l3.yaml +++ b/puppet/services/pacemaker/neutron-l3.yaml @@ -21,6 +21,7 @@ outputs: role_data: description: Role data for the Neutron L3 role. value: + service_name: neutron_l3 config_settings: map_merge: - get_attr: [NeutronL3Base, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml index 1c74b26f..9b322f22 100644 --- a/puppet/services/pacemaker/neutron-metadata.yaml +++ b/puppet/services/pacemaker/neutron-metadata.yaml @@ -21,6 +21,7 @@ outputs: role_data: description: Role data for the Neutron Metadata role. value: + service_name: neutron_metadata config_settings: map_merge: - get_attr: [NeutronMetadataBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-midonet.yaml b/puppet/services/pacemaker/neutron-midonet.yaml new file mode 100644 index 00000000..e93ed661 --- /dev/null +++ b/puppet/services/pacemaker/neutron-midonet.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Midonet with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronMidonetBase: + type: ../neutron-midonet.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron Midonet plugin. + value: + service_name: neutron_midonet + config_settings: + map_merge: + - get_attr: [NeutronMidonetBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::neutron::plugins::midonet diff --git a/puppet/services/pacemaker/neutron-ovs-agent.yaml b/puppet/services/pacemaker/neutron-ovs-agent.yaml index a17d7a61..b2260de9 100644 --- a/puppet/services/pacemaker/neutron-ovs-agent.yaml +++ b/puppet/services/pacemaker/neutron-ovs-agent.yaml @@ -19,6 +19,7 @@ outputs: role_data: description: Role data for the Neutron OVS agent service. value: + service_name: neutron_ovs_agent config_settings: get_attr: [NeutronOvsBase, role_data, config_settings] step_config: | diff --git a/puppet/services/pacemaker/neutron-plugin-ml2.yaml b/puppet/services/pacemaker/neutron-plugin-ml2.yaml index ac9d2402..dc10d093 100644 --- a/puppet/services/pacemaker/neutron-plugin-ml2.yaml +++ b/puppet/services/pacemaker/neutron-plugin-ml2.yaml @@ -19,10 +19,11 @@ outputs: role_data: description: Role data for the Neutron ML2 plugin. value: + service_name: neutron_plugin_ml2 config_settings: map_merge: - get_attr: [NeutronMl2Base, role_data, config_settings] - neutron::agents::ml2::ovs::enabled: false neutron::agents::ml2::ovs::manage_service: false step_config: | - include ::tripleo::profile::pacemaker::neutron::ml2 + include ::tripleo::profile::pacemaker::neutron::plugins::ml2 diff --git a/puppet/services/pacemaker/neutron-plugin-nuage.yaml b/puppet/services/pacemaker/neutron-plugin-nuage.yaml new file mode 100644 index 00000000..414c046c --- /dev/null +++ b/puppet/services/pacemaker/neutron-plugin-nuage.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Nuage Plugin with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronPluginNuageBase: + type: ../neutron-plugin-nuage.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron Nuage plugin. + value: + service_name: neutron_plugin_nuage + config_settings: + map_merge: + - get_attr: [NeutronPluginNuageBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::neutron::plugins::nuage diff --git a/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml b/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml new file mode 100644 index 00000000..1d385d83 --- /dev/null +++ b/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron OpenContrail Plugin with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronPluginOpenContrail: + type: ../neutron-plugin-nuage.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron OpenContrail plugin. + value: + service_name: neutron_plugin_opencontrail + config_settings: + map_merge: + - get_attr: [NeutronPluginOpenContrail, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::neutron::plugins::opencontrail diff --git a/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml index c2e8eaac..69f5fd27 100644 --- a/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml +++ b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml @@ -21,6 +21,7 @@ outputs: role_data: description: Role data for the Neutron PLUMgrid plugin. value: + service_name: neutron_plugin_plumgrid config_settings: map_merge: - get_attr: [NeutronPluginPlumgridBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-server.yaml b/puppet/services/pacemaker/neutron-server.yaml index 60599e7e..b0f739dc 100644 --- a/puppet/services/pacemaker/neutron-server.yaml +++ b/puppet/services/pacemaker/neutron-server.yaml @@ -9,6 +9,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + NeutronL3HA: + default: true + description: Whether to enable HA for virtual routers + type: boolean resources: @@ -21,10 +25,12 @@ outputs: role_data: description: Role data for the Neutron Server. value: + service_name: neutron_server config_settings: map_merge: - get_attr: [NeutronServerBase, role_data, config_settings] - neutron::server::enabled: false neutron::server::manage_service: false + neutron::server::l3_ha: {get_param: NeutronL3HA} step_config: | include ::tripleo::profile::pacemaker::neutron::server diff --git a/puppet/services/pacemaker/nova-api.yaml b/puppet/services/pacemaker/nova-api.yaml index 1b5011b6..2d497ab5 100644 --- a/puppet/services/pacemaker/nova-api.yaml +++ b/puppet/services/pacemaker/nova-api.yaml @@ -21,6 +21,7 @@ outputs: role_data: description: Role data for the Nova API role. value: + service_name: nova_api config_settings: map_merge: - get_attr: [NovaApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-conductor.yaml b/puppet/services/pacemaker/nova-conductor.yaml index a484f0df..1f57cf08 100644 --- a/puppet/services/pacemaker/nova-conductor.yaml +++ b/puppet/services/pacemaker/nova-conductor.yaml @@ -21,6 +21,7 @@ outputs: role_data: description: Role data for the Nova Conductor role. value: + service_name: nova_conductor config_settings: map_merge: - get_attr: [NovaConductorBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-consoleauth.yaml b/puppet/services/pacemaker/nova-consoleauth.yaml index f9b6b058..bbab8bea 100644 --- a/puppet/services/pacemaker/nova-consoleauth.yaml +++ b/puppet/services/pacemaker/nova-consoleauth.yaml @@ -21,6 +21,7 @@ outputs: role_data: description: Role data for the Nova Consoleauth role. value: + service_name: nova_consoleauth config_settings: map_merge: - get_attr: [NovaConsoleauthBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-scheduler.yaml b/puppet/services/pacemaker/nova-scheduler.yaml index 0032cbe6..bf2c62bc 100644 --- a/puppet/services/pacemaker/nova-scheduler.yaml +++ b/puppet/services/pacemaker/nova-scheduler.yaml @@ -21,6 +21,7 @@ outputs: role_data: description: Role data for the Nova Scheduler role. value: + service_name: nova_scheduler config_settings: map_merge: - get_attr: [NovaSchedulerBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-vncproxy.yaml b/puppet/services/pacemaker/nova-vncproxy.yaml index 52395240..0353d924 100644 --- a/puppet/services/pacemaker/nova-vncproxy.yaml +++ b/puppet/services/pacemaker/nova-vncproxy.yaml @@ -21,6 +21,7 @@ outputs: role_data: description: Role data for the Nova Vncproxy role. value: + service_name: nova_vncproxy config_settings: map_merge: - get_attr: [NovaVncproxyBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml index 20fb2e40..b01caeea 100644 --- a/puppet/services/pacemaker/rabbitmq.yaml +++ b/puppet/services/pacemaker/rabbitmq.yaml @@ -20,6 +20,7 @@ outputs: role_data: description: Role data for the RabbitMQ pacemaker role. value: + service_name: rabbitmq config_settings: map_merge: - get_attr: [RabbitMQServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml index a5db77c4..ac05a01a 100644 --- a/puppet/services/pacemaker/sahara-api.yaml +++ b/puppet/services/pacemaker/sahara-api.yaml @@ -21,6 +21,7 @@ outputs: role_data: description: Role data for the Sahara API role. value: + service_name: sahara_api config_settings: map_merge: - get_attr: [SaharaApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml index 129f88bf..f6bd8f61 100644 --- a/puppet/services/pacemaker/sahara-engine.yaml +++ b/puppet/services/pacemaker/sahara-engine.yaml @@ -21,6 +21,7 @@ outputs: role_data: description: Role data for the Sahara Engine role. value: + service_name: sahara_engine config_settings: map_merge: - get_attr: [SaharaEngineBase, role_data, config_settings] diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 581b4ba4..4c02f359 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -18,7 +18,7 @@ parameters: type: string hidden: true RabbitFDLimit: - default: 16384 + default: 65536 description: Configures RabbitMQ FD limit type: string RabbitIPv6: @@ -30,10 +30,32 @@ outputs: role_data: description: Role data for the RabbitMQ role. value: + service_name: rabbitmq config_settings: rabbitmq::file_limit: {get_param: RabbitFDLimit} rabbitmq::default_user: {get_param: RabbitUserName} rabbitmq::default_pass: {get_param: RabbitPassword} rabbit_ipv6: {get_param: RabbitIPv6} + tripleo.rabbitmq.firewall_rules: + '109 rabbitmq': + dport: + - 4369 + - 5672 + - 35672 + rabbitmq::delete_guest_user: false + rabbitmq::wipe_db_on_cookie_change: true + rabbitmq::port: '5672' + rabbitmq::package_source: undef + rabbitmq::repos_ensure: false + rabbitmq_environment: + RABBITMQ_NODENAME: "rabbit@%{::hostname}" + RABBITMQ_SERVER_ERL_ARGS: '"+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' + rabbitmq_kernel_variables: + inet_dist_listen_min: '35672' + inet_dist_listen_max: '35672' + rabbitmq_config_variables: + tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]' + cluster_partition_handling: 'pause_minority' + loopback_users: '[]' step_config: | include ::tripleo::profile::base::rabbitmq diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 93bf7385..7ca9bbd5 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -34,6 +34,7 @@ outputs: role_data: description: Role data for the Sahara API role. value: + service_name: sahara_api config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] @@ -48,5 +49,10 @@ outputs: sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} sahara::keystone::auth::password: {get_param: SaharaPassword } sahara::keystone::auth::region: {get_param: KeystoneRegion} + tripleo.sahara_api.firewall_rules: + '132 sahara': + dport: + - 8386 + - 13386 step_config: | include ::tripleo::profile::base::sahara::api diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index 275d7536..3e320128 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -31,6 +31,7 @@ outputs: role_data: description: Role data for the Sahara base service. value: + service_name: sahara_base config_settings: sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} @@ -46,3 +47,5 @@ outputs: - spark - storm sahara::rpc_backend: rabbit + sahara::admin_tenant_name: 'service' + sahara::keystone::auth::tenant: 'service' diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index 17ef49fa..074f83c7 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -23,19 +23,26 @@ outputs: role_data: description: Role data for the Sahara Engine role. value: + service_name: sahara_engine config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] - sahara_dsn: &sahara_dsn list_join: - '' - - - {get_param: [EndpointMap, MysqlVirtual, protocol]} + - - {get_param: [EndpointMap, MysqlInternal, protocol]} - '://sahara:' - {get_param: SaharaPassword} - '@' - - {get_param: [EndpointMap, MysqlVirtual, host]} + - {get_param: [EndpointMap, MysqlInternal, host]} - '/sahara' sahara::database_connection: *sahara_dsn sahara::db::mysql::password: {get_param: SaharaPassword} + sahara::db::mysql::user: sahara + sahara::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + sahara::db::mysql::dbname: sahara + sahara::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" step_config: | include ::tripleo::profile::base::sahara::engine diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index 7ed880fc..c9a952a5 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > Utility stack to convert an array of services into a set of combined @@ -27,9 +27,14 @@ resources: EndpointMap: {get_param: EndpointMap} outputs: - config_settings: - description: Configuration settings. - value: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} - step_config: - description: Step configuration. - value: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} + role_data: + description: Combined Role data for this set of services. + value: + service_names: + # Filter any null/None service_names which may be present due to mapping + # of services to OS::Heat::None + yaql: + expression: list($.data.s_names.where($ != null)) + data: {s_names: {get_attr: [ServiceChain, role_data, service_name]}} + config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} + step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml new file mode 100644 index 00000000..458f444b --- /dev/null +++ b/puppet/services/snmp.yaml @@ -0,0 +1,36 @@ +heat_template_version: 2016-04-08 + +description: > + SNMP client configured with Puppet, to facilitate Ceilometer Hardware + monitoring in the undercloud. This service is required to enable hardware + monitoring. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + +outputs: + role_data: + description: Role data for the SNMP services + value: + service_name: snmp + config_settings: + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + tripleo.snmp.firewall_rules: + '127 snmp': + dport: 161 + proto: 'udp' + step_config: | + include ::tripleo::profile::base::snmp diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index a86aeaf5..99af7499 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -17,6 +17,10 @@ parameters: description: The password for the swift service account, used by the swift proxy services. type: string hidden: true + SwiftProxyNodeTimeout: + default: 60 + description: Timeout for requests going from swift-proxy to swift a/c/o services. + type: number SwiftWorkers: default: 0 description: Number of workers for Swift service. @@ -31,11 +35,14 @@ outputs: role_data: description: Role data for the Swift proxy service. value: + service_name: swift_proxy config_settings: # Swift swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} swift::proxy::authtoken::admin_password: {get_param: SwiftPassword} + swift::proxy::authtoken::admin_tenant_name: 'service' + swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} swift::proxy::workers: {get_param: SwiftWorkers} swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} @@ -45,5 +52,35 @@ outputs: swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} swift::keystone::auth::password: {get_param: SwiftPassword} swift::keystone::auth::region: {get_param: KeystoneRegion} + tripleo.swift_proxy.firewall_rules: + '122 swift proxy': + dport: + - 8080 + - 13808 + swift::keystone::auth::tenant: 'service' + swift::keystone::auth::configure_s3_endpoint: false + swift::keystone::auth::operator_roles: + - admin + - swiftoperator + - ResellerAdmin + swift::proxy::keystone::operator_roles: + - admin + - swiftoperator + - ResellerAdmin + swift::proxy::pipeline: + - 'catch_errors' + - 'healthcheck' + - 'proxy-logging' + - 'cache' + - 'ratelimit' + - 'bulk' + - 'tempurl' + - 'formpost' + - 'authtoken' + - 'keystone' + - 'staticweb' + - 'proxy-logging' + - 'proxy-server' + swift::proxy::account_autocreate: true step_config: | include ::tripleo::profile::base::swift::proxy diff --git a/puppet/services/swift-ringbuilder.yaml b/puppet/services/swift-ringbuilder.yaml new file mode 100644 index 00000000..0b17c73c --- /dev/null +++ b/puppet/services/swift-ringbuilder.yaml @@ -0,0 +1,40 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Swift Ringbuilder + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SwiftMinPartHours: + type: number + default: 1 + description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. + SwiftPartPower: + default: 10 + description: Partition Power to use when building Swift rings + type: number + SwiftRingBuild: + default: true + description: Whether to manage Swift rings or not + type: boolean + SwiftReplicas: + type: number + default: 3 + description: How many replicas to use in the swift rings. + +outputs: + role_data: + description: Role data for Swift Ringbuilder configuration. + value: + service_name: swift_ringbuilder + config_settings: + tripleo::profile::base::swift::ringbuilder::build_ring: {get_param: SwiftRingBuild} + tripleo::profile::base::swift::ringbuilder::replicas: {get_param: SwiftReplicas} + swift::ringbuilder::part_power: {get_param: SwiftPartPower} + swift::ringbuilder::min_part_hours: {get_param: SwiftMinPartHours} + step_config: | + include ::tripleo::profile::base::swift::ringbuilder diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml new file mode 100644 index 00000000..74679231 --- /dev/null +++ b/puppet/services/swift-storage.yaml @@ -0,0 +1,64 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Swift Storage service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + SwiftMountCheck: + default: false + description: Value of mount_check in Swift account/container/object -server.conf + type: boolean + + # DEPRECATED options for compatibility with overcloud.yaml + # This should be removed and manipulation of the ControllerServices list + # used instead, but we need client support for that first + ControllerEnableSwiftStorage: + default: true + description: Whether to enable Swift Storage on the Controller + type: boolean + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - ControllerEnableSwiftStorage + +outputs: + role_data: + description: Role data for the Swift Proxy role. + value: + service_name: swift_storage + config_settings: + # Swift + swift::storage::all::mount_check: {get_param: SwiftMountCheck} + tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage} + tripleo.swift_storage.firewall_rules: + '123 swift storage': + dport: + - 873 + - 6000 + - 6001 + - 6002 + swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' + swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' + swift::storage::all::object_pipeline: + - healthcheck + - recon + - object-server + swift::storage::all::container_pipeline: + - healthcheck + - container-server + swift::storage::all::account_pipeline: + - healthcheck + - account-server + step_config: | + include ::tripleo::profile::base::swift::storage diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml new file mode 100644 index 00000000..59d25dd2 --- /dev/null +++ b/puppet/services/time/ntp.yaml @@ -0,0 +1,32 @@ +heat_template_version: 2016-04-08 + +description: > + NTP service deployment using puppet, this YAML file + creates the interface between the HOT template + and the puppet manifest that actually installs + and configure NTP. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NtpServer: + default: [] + description: NTP servers + type: comma_delimited_list + +outputs: + role_data: + description: Role ntp using composable services. + value: + service_name: ntp + config_settings: + ntp::ntpservers: {get_param: NtpServer} + tripleo.ntp.firewall_rules: + '105 ntp': + dport: 123 + proto: udp + step_config: | + include ::ntp diff --git a/puppet/services/time/timezone.yaml b/puppet/services/time/timezone.yaml new file mode 100644 index 00000000..805c9050 --- /dev/null +++ b/puppet/services/time/timezone.yaml @@ -0,0 +1,25 @@ +heat_template_version: 2016-04-08 + +description: > + Composable Timezone service + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + TimeZone: + default: 'UTC' + description: The timezone to be set on the overcloud. + type: string + +outputs: + role_data: + description: Timezone role using composable services. + value: + service_name: timezone + config_settings: + timezone::timezone: {get_param: TimeZone} + step_config: | + include ::timezone |