diff options
Diffstat (limited to 'puppet/services')
| -rw-r--r-- | puppet/services/README.rst | 14 | ||||
| -rw-r--r-- | puppet/services/ceilometer-base.yaml | 10 | ||||
| -rw-r--r-- | puppet/services/horizon.yaml | 1 | ||||
| -rw-r--r-- | puppet/services/neutron-sriov-agent.yaml | 5 | ||||
| -rw-r--r-- | puppet/services/opendaylight-ovs.yaml | 11 | ||||
| -rw-r--r-- | puppet/services/panko-base.yaml | 1 | ||||
| -rw-r--r-- | puppet/services/rabbitmq.yaml | 4 | ||||
| -rw-r--r-- | puppet/services/services.yaml | 6 | ||||
| -rw-r--r-- | puppet/services/swift-proxy.yaml | 64 |
9 files changed, 91 insertions, 25 deletions
diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 856b306e..6e4e9c1d 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -74,3 +74,17 @@ step, "step2" for the second, etc. 6) Start control-plane services 7) Any additional online migration tasks (e.g data migrations) + +Nova Server Metadata Settings +----------------------------- + +One can use the hook of type `OS::TripleO::ServiceServerMetadataHook` to pass +entries to the nova instances' metadata. It is, however, disabled by default. +In order to overwrite it one needs to define it in the resource registry. An +implementation of this hook needs to conform to the following: + +* It needs to define an input called `RoleData` of json type. This gets as + input the contents of the `role_data` for each role's ServiceChain. + +* This needs to define an output called `metadata` which will be given to the + Nova Server resource as the instance's metadata. diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 060ae32d..24c71cbb 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -50,6 +50,14 @@ parameters: default: false description: Whether to store events in ceilometer. type: boolean + EnableLegacyCeilometerApi: + default: false + description: Enable legacy ceilometer Api service if needed. + type: boolean + EventPipelinePublishers: + default: ['notifier://?topic=alarm.all'] + description: A list of publishers to put in event_pipeline.yaml. + type: comma_delimited_list Debug: default: '' description: Set to True to enable debugging on all services. @@ -93,6 +101,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ceilometer' + enable_legacy_ceilometer_api: {get_param: EnableLegacyCeilometerApi} ceilometer_backend: {get_param: CeilometerBackend} ceilometer::metering_secret: {get_param: CeilometerMeteringSecret} # we include db_sync class in puppet-tripleo @@ -104,6 +113,7 @@ outputs: ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents} + ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers} ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion} ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_endpoint_type: 'internalURL' diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 3cdd069c..d7f10757 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -58,6 +58,7 @@ outputs: dport: - 80 - 443 + horizon::enable_secure_proxy_ssl_header: true horizon::disable_password_reveal: true horizon::enforce_password_check: true horizon::disallow_iframe_embed: true diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml index 44f7f242..0ab066d7 100644 --- a/puppet/services/neutron-sriov-agent.yaml +++ b/puppet/services/neutron-sriov-agent.yaml @@ -25,6 +25,7 @@ parameters: All physical networks listed in network_vlan_ranges on the server should have mappings to appropriate interfaces on each agent. + Example "tenant0:ens2f0,tenant1:ens2f1" type: comma_delimited_list default: "" NeutronExcludeDevices: @@ -40,8 +41,8 @@ parameters: NeutronSriovNumVFs: description: > Provide the list of VFs to be reserved for each SR-IOV interface. - Format "<interface_name1>:<numvfs1>","<interface_name2>:<numvfs2>" - Example "eth1:4096","eth2:128" + Format "<interface_name1>:<numvfs1>,<interface_name2>:<numvfs2>" + Example "eth1:4096,eth2:128" type: comma_delimited_list default: "" diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 907ecddc..63d12fe2 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -8,6 +8,15 @@ parameters: default: 8081 description: Set opendaylight service port type: number + OpenDaylightUsername: + default: 'admin' + description: The username for the opendaylight server. + type: string + OpenDaylightPassword: + default: 'admin' + type: string + description: The password for the opendaylight server. + hidden: true OpenDaylightConnectionProtocol: description: L7 protocol used for REST access type: string @@ -46,6 +55,8 @@ outputs: service_name: opendaylight_ovs config_settings: opendaylight::odl_rest_port: {get_param: OpenDaylightPort} + opendaylight::username: {get_param: OpenDaylightUsername} + opendaylight::password: {get_param: OpenDaylightPassword} opendaylight_check_url: {get_param: OpenDaylightCheckURL} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml index 32754a55..af9c5353 100644 --- a/puppet/services/panko-base.yaml +++ b/puppet/services/panko-base.yaml @@ -37,7 +37,6 @@ outputs: value: service_name: panko_base config_settings: - panko_redis_password: {get_param: RedisPassword} panko::db::database_connection: list_join: - '' diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index b77e0a91..08f3f6bc 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -73,6 +73,8 @@ outputs: rabbitmq::repos_ensure: false rabbitmq::tcp_keepalive: true rabbitmq_environment: + NODE_PORT: '' + NODE_IP_ADDRESS: '' RABBITMQ_NODENAME: "rabbit@%{::hostname}" RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' rabbitmq_kernel_variables: @@ -95,7 +97,7 @@ outputs: # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]} + rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]} rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues} step_config: | include ::tripleo::profile::base::rabbitmq diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index 13df5bbe..97f87061 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -42,6 +42,11 @@ resources: LoggingConfiguration: type: OS::TripleO::LoggingConfiguration + ServiceServerMetadataHook: + type: OS::TripleO::ServiceServerMetadataHook + properties: + RoleData: {get_attr: [ServiceChain, role_data]} + outputs: role_data: description: Combined Role data for this set of services. @@ -113,3 +118,4 @@ outputs: # Note we use distinct() here to filter any identical tasks, e.g yum update for all services expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() data: {get_attr: [ServiceChain, role_data]} + service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]} diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index ba184ab0..94db9e41 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Swift Proxy service configured with Puppet @@ -49,6 +49,18 @@ parameters: default: guest description: The username for RabbitMQ type: string + SwiftCeilometerPipelineEnabled: + description: Set to False to disable the swift proxy ceilometer pipeline. + default: True + type: boolean + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +conditions: + + ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]} resources: SwiftBase: @@ -78,6 +90,8 @@ outputs: swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} swift::proxy::ceilometer::nonblocking_notify: true + tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort} + tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled} tripleo.swift_proxy.firewall_rules: '122 swift proxy': dport: @@ -89,26 +103,34 @@ outputs: - ResellerAdmin swift::proxy::versioned_writes::allow_versioned_writes: true swift::proxy::pipeline: - - 'catch_errors' - - 'healthcheck' - - 'proxy-logging' - - 'cache' - - 'ratelimit' - - 'bulk' - - 'tempurl' - - 'formpost' - - 'authtoken' - - 'keystone' - - 'staticweb' - - 'copy' - - 'container-quotas' - - 'account-quotas' - - 'slo' - - 'dlo' - - 'versioned_writes' - - 'ceilometer' - - 'proxy-logging' - - 'proxy-server' + yaql: + expression: $.data.pipeline.where($ != '') + data: + pipeline: + - 'catch_errors' + - 'healthcheck' + - 'proxy-logging' + - 'cache' + - 'ratelimit' + - 'bulk' + - 'tempurl' + - 'formpost' + - 'authtoken' + - 'keystone' + - 'staticweb' + - 'copy' + - 'container-quotas' + - 'account-quotas' + - 'slo' + - 'dlo' + - 'versioned_writes' + - + if: + - ceilometer_pipeline_enabled + - 'ceilometer' + - '' + - 'proxy-logging' + - 'proxy-server' swift::proxy::account_autocreate: true # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples |