aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/services')
-rw-r--r--puppet/services/aodh-api.yaml5
-rw-r--r--puppet/services/ceilometer-agent-compute.yaml5
-rw-r--r--puppet/services/ceilometer-base.yaml2
-rw-r--r--puppet/services/ceph-mon.yaml4
-rw-r--r--puppet/services/ceph-rgw.yaml2
-rw-r--r--puppet/services/cinder-backend-dellps.yaml4
-rw-r--r--puppet/services/cinder-backend-veritas-hyperscale.yaml56
-rw-r--r--puppet/services/congress.yaml1
-rw-r--r--puppet/services/database/mongodb-base.yaml4
-rw-r--r--puppet/services/database/mysql.yaml6
-rw-r--r--puppet/services/database/redis-base.yaml2
-rw-r--r--puppet/services/docker.yaml19
-rw-r--r--puppet/services/ec2-api.yaml2
-rw-r--r--puppet/services/external-swift-proxy.yaml2
-rw-r--r--puppet/services/haproxy.yaml2
-rw-r--r--puppet/services/heat-api-cfn.yaml4
-rw-r--r--puppet/services/heat-api-cloudwatch.yaml2
-rw-r--r--puppet/services/heat-api.yaml2
-rw-r--r--puppet/services/iscsid.yaml (renamed from puppet/services/network/contrail-provision.yaml)23
-rw-r--r--puppet/services/keystone.yaml1
-rw-r--r--puppet/services/manila-scheduler.yaml2
-rw-r--r--puppet/services/monitoring/sensu-base.yaml2
-rw-r--r--puppet/services/monitoring/sensu-client.yaml3
-rw-r--r--puppet/services/network/contrail-analytics.yaml31
-rw-r--r--puppet/services/network/contrail-base.yaml100
-rw-r--r--puppet/services/network/contrail-config.yaml8
-rw-r--r--puppet/services/network/contrail-control.yaml5
-rw-r--r--puppet/services/network/contrail-dpdk.yaml82
-rw-r--r--puppet/services/network/contrail-neutron-plugin.yaml4
-rw-r--r--puppet/services/network/contrail-tsn.yaml17
-rw-r--r--puppet/services/network/contrail-vrouter.yaml16
-rw-r--r--puppet/services/network/contrail-webui.yaml12
-rw-r--r--puppet/services/neutron-api.yaml2
-rw-r--r--puppet/services/neutron-compute-plugin-nuage.yaml2
-rw-r--r--puppet/services/neutron-l3-compute-dvr.yaml1
-rw-r--r--puppet/services/neutron-l3.yaml1
-rw-r--r--puppet/services/neutron-ovs-agent.yaml6
-rw-r--r--puppet/services/neutron-plugin-ml2.yaml4
-rw-r--r--puppet/services/nova-api.yaml2
-rw-r--r--puppet/services/nova-base.yaml2
-rw-r--r--puppet/services/nova-compute.yaml21
-rw-r--r--puppet/services/nova-conductor.yaml2
-rw-r--r--puppet/services/nova-libvirt.yaml38
-rw-r--r--puppet/services/nova-migration-target.yaml57
-rw-r--r--puppet/services/nova-placement.yaml2
-rw-r--r--puppet/services/opendaylight-api.yaml5
-rw-r--r--puppet/services/ovn-controller.yaml (renamed from puppet/services/neutron-compute-plugin-ovn.yaml)24
-rw-r--r--puppet/services/ovn-dbs.yaml14
-rw-r--r--puppet/services/pacemaker.yaml19
-rw-r--r--puppet/services/rabbitmq.yaml2
-rw-r--r--puppet/services/swift-proxy.yaml2
-rw-r--r--puppet/services/swift-storage.yaml1
-rw-r--r--puppet/services/tacker.yaml1
-rw-r--r--puppet/services/tripleo-packages.yaml2
-rw-r--r--puppet/services/tuned.yaml50
-rw-r--r--puppet/services/veritas-hyperscale-controller.yaml106
-rw-r--r--puppet/services/zaqar.yaml83
57 files changed, 710 insertions, 169 deletions
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
index d9b61ccd..f84edde0 100644
--- a/puppet/services/aodh-api.yaml
+++ b/puppet/services/aodh-api.yaml
@@ -30,6 +30,10 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ GnocchiExternalProject:
+ default: 'service'
+ description: Project name of resources creator in Gnocchi.
+ type: string
MonitoringSubscriptionAodhApi:
default: 'overcloud-ceilometer-aodh-api'
type: string
@@ -85,6 +89,7 @@ outputs:
aodh::wsgi::apache::wsgi_process_display_name: 'aodh_wsgi'
aodh::api::service_name: 'httpd'
aodh::api::enable_proxy_headers_parsing: true
+ aodh::api::gnocchi_external_project_owner: {get_param: GnocchiExternalProject}
aodh::policy::policies: {get_param: AodhApiPolicies}
tripleo.aodh_api.firewall_rules:
'128 aodh-api':
diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml
index 3cf51519..27bc50f3 100644
--- a/puppet/services/ceilometer-agent-compute.yaml
+++ b/puppet/services/ceilometer-agent-compute.yaml
@@ -39,6 +39,10 @@ parameters:
type: string
constraints:
- allowed_values: ['naive', 'libvirt_metadata', 'workload_partitioning']
+ RedisPassword:
+ description: The password for the redis service account.
+ type: string
+ hidden: true
resources:
CeilometerServiceBase:
@@ -61,6 +65,7 @@ outputs:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
- ceilometer::agent::compute::instance_discovery_method: {get_param: InstanceDiscoveryMethod}
+ - ceilometer_redis_password: {get_param: RedisPassword}
compute_namespace: true
service_config_settings:
get_attr: [CeilometerServiceBase, role_data, service_config_settings]
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index 9fc1530a..5cc020a9 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -51,6 +51,8 @@ parameters:
description: >
A list of publishers to put in event_pipeline.yaml. When the
collector is used, override this with notifier:// publisher.
+ If zaqar is enabled, you can also publish to a zaqar queue
+ by including "zaqar://?queue=queue_name" in this list.
Set ManageEventPipeline to true for override to take effect.
type: comma_delimited_list
ManagePipeline:
diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml
index 3e4f5b42..4fe6e908 100644
--- a/puppet/services/ceph-mon.yaml
+++ b/puppet/services/ceph-mon.yaml
@@ -172,6 +172,6 @@ outputs:
until: ceph_quorum_nodecheck.rc == 0
retries: {get_param: CephValidationRetries}
delay: {get_param: CephValidationDelay}
- - name: set crush tunables
+ - name: ceph osd crush tunables default
tags: step0
- shell: ceph osd crush tunables optimal
+ shell: ceph osd crush tunables default
diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml
index aa025684..29629461 100644
--- a/puppet/services/ceph-rgw.yaml
+++ b/puppet/services/ceph-rgw.yaml
@@ -40,7 +40,7 @@ parameters:
type: string
hidden: true
SwiftPassword:
- description: The password for the swift service account, used by the Ceph RGW services.
+ description: The password for the swift service account
type: string
hidden: true
KeystoneRegion:
diff --git a/puppet/services/cinder-backend-dellps.yaml b/puppet/services/cinder-backend-dellps.yaml
index caa2f2f7..388e49b7 100644
--- a/puppet/services/cinder-backend-dellps.yaml
+++ b/puppet/services/cinder-backend-dellps.yaml
@@ -31,6 +31,9 @@ parameters:
CinderDellPsSanPassword:
type: string
hidden: true
+ CinderDellPsSanPrivateKey:
+ type: string
+ default: ''
CinderDellPsSanThinProvision:
type: boolean
default: true
@@ -87,6 +90,7 @@ outputs:
cinder::backend::eqlx::san_ip: {get_param: CinderDellPsSanIp}
cinder::backend::eqlx::san_login: {get_param: CinderDellPsSanLogin}
cinder::backend::eqlx::san_password: {get_param: CinderDellPsSanPassword}
+ cinder::backend::eqlx::san_private_key: {get_param: CinderDellPsSanPrivateKey}
cinder::backend::eqlx::san_thin_provision: {get_param: CinderDellPsSanThinProvision}
cinder::backend::eqlx::eqlx_group_name: {get_param: CinderDellPsGroupname}
cinder::backend::eqlx::eqlx_pool: {get_param: CinderDellPsPool}
diff --git a/puppet/services/cinder-backend-veritas-hyperscale.yaml b/puppet/services/cinder-backend-veritas-hyperscale.yaml
new file mode 100644
index 00000000..11ceb2fd
--- /dev/null
+++ b/puppet/services/cinder-backend-veritas-hyperscale.yaml
@@ -0,0 +1,56 @@
+# Copyright (c) 2017 Veritas Technologies LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+heat_template_version: ocata
+
+description: >
+ Openstack Veritas HyperScale backend
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Veritas HyperScale backend.
+ value:
+ service_name: cinder_backend_veritas_hyperscale
+ config_settings:
+ tripleo::profile::base::cinder::volume::cinder_enable_vrts_hs_backend: true
+ step_config: |
+ include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml
index 31a4d3eb..f5d38b60 100644
--- a/puppet/services/congress.yaml
+++ b/puppet/services/congress.yaml
@@ -37,6 +37,7 @@ parameters:
Debug:
type: string
default: ''
+ description: Set to True to enable debugging on all services.
CongressDebug:
default: ''
description: Set to True to enable debugging Glance service.
diff --git a/puppet/services/database/mongodb-base.yaml b/puppet/services/database/mongodb-base.yaml
index 2881a5c6..c218e8b5 100644
--- a/puppet/services/database/mongodb-base.yaml
+++ b/puppet/services/database/mongodb-base.yaml
@@ -56,7 +56,3 @@ outputs:
mongodb::server::journal: false
mongodb::server::ipv6: {get_param: MongoDbIPv6}
mongodb::server::replset: {get_param: MongoDbReplset}
- # for now, we don't want to manage these services which are enabled
- # by default with recent changes in puppet-systemd.
- systemd::manage_networkd: false
- systemd::manage_resolved: false
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml
index 9b8386c1..abbe7a22 100644
--- a/puppet/services/database/mysql.yaml
+++ b/puppet/services/database/mysql.yaml
@@ -51,7 +51,7 @@ parameters:
description: Whether to use Galera instead of regular MariaDB.
type: boolean
NovaPassword:
- description: The password for the nova db account
+ description: The password for the nova service and db account
type: string
hidden: true
EnableInternalTLS:
@@ -96,10 +96,6 @@ outputs:
- {get_param: [DefaultPasswords, mysql_root_password]}
mysql_clustercheck_password: {get_param: MysqlClustercheckPassword}
enable_galera: {get_param: EnableGalera}
- # for now, we don't want to manage these services which are enabled
- # by default with recent changes in puppet-systemd.
- systemd::manage_networkd: false
- systemd::manage_resolved: false
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):
diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml
index d15b30cb..2a6a89e9 100644
--- a/puppet/services/database/redis-base.yaml
+++ b/puppet/services/database/redis-base.yaml
@@ -5,7 +5,7 @@ description: >
parameters:
RedisPassword:
- description: The password for Redis
+ description: The password for the redis service account.
type: string
hidden: true
RedisFDLimit:
diff --git a/puppet/services/docker.yaml b/puppet/services/docker.yaml
index d92b666b..d11ef66a 100644
--- a/puppet/services/docker.yaml
+++ b/puppet/services/docker.yaml
@@ -4,13 +4,11 @@ description: >
Configures docker on the host
parameters:
- DockerNamespace:
- description: namespace
- default: tripleoupstream
+ DockerInsecureRegistryAddress:
+ description: Optional. The IP Address and Port of an insecure docker
+ namespace that will be configured in /etc/sysconfig/docker.
type: string
- DockerNamespaceIsRegistry:
- type: boolean
- default: false
+ default: ''
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -38,14 +36,19 @@ parameters:
description: Parameters specific to the role
type: json
+conditions:
+ insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, '']}
+
outputs:
role_data:
description: Role data for the docker service
value:
service_name: docker
config_settings:
- tripleo::profile::base::docker::docker_namespace: {get_param: DockerNamespace}
- tripleo::profile::base::docker::insecure_registry: {get_param: DockerNamespaceIsRegistry}
+ if:
+ - insecure_registry_is_empty
+ - {}
+ - tripleo::profile::base::docker::insecure_registry_address: {get_param: DockerInsecureRegistryAddress}
step_config: |
include ::tripleo::profile::base::docker
upgrade_tasks:
diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml
index d5056c60..85fdb369 100644
--- a/puppet/services/ec2-api.yaml
+++ b/puppet/services/ec2-api.yaml
@@ -61,7 +61,7 @@ parameters:
path: /var/log/ec2api/ec2api.log
EnablePackageInstall:
default: 'false'
- description: Set to true to enable package installation via Puppet
+ description: Set to true to enable package installation at deploy time
type: boolean
Ec2ApiPolicies:
description: |
diff --git a/puppet/services/external-swift-proxy.yaml b/puppet/services/external-swift-proxy.yaml
index a4a25d9e..ac1f11ac 100644
--- a/puppet/services/external-swift-proxy.yaml
+++ b/puppet/services/external-swift-proxy.yaml
@@ -44,7 +44,7 @@ parameters:
type: string
default: 'service'
SwiftPassword:
- description: The password for the swift service account, used by the swift proxy services.
+ description: The password for the swift service account
type: string
hidden: true
KeystoneRegion:
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index 0af132e7..a37135da 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -51,7 +51,7 @@ parameters:
description: Whether or not to enable the HAProxy stats interface.
type: boolean
RedisPassword:
- description: The password for Redis
+ description: The password for the redis service account.
type: string
hidden: true
MonitoringSubscriptionHaproxy:
diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml
index 2c13cb30..28bb8658 100644
--- a/puppet/services/heat-api-cfn.yaml
+++ b/puppet/services/heat-api-cfn.yaml
@@ -130,6 +130,8 @@ outputs:
heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]}
heat::keystone::auth_cfn::password: {get_param: HeatPassword}
heat::keystone::auth_cfn::region: {get_param: KeystoneRegion}
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- name: Check if heat_api_cfn is deployed
command: systemctl is-enabled openstack-heat-api-cfn
@@ -151,5 +153,5 @@ outputs:
when: heat_api_cfn_apache.rc == 0
- name: Stop and disable heat_api_cfn service (pre-upgrade not under httpd)
tags: step1
- when: heat_api_cfn_apache.rc == 0
+ when: heat_api_cfn_enabled.rc == 0
service: name=openstack-heat-api-cfn state=stopped enabled=no
diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml
index b23dc895..689251a3 100644
--- a/puppet/services/heat-api-cloudwatch.yaml
+++ b/puppet/services/heat-api-cloudwatch.yaml
@@ -114,6 +114,8 @@ outputs:
- heat::wsgi::apache_api_cloudwatch::workers: {get_param: HeatWorkers}
step_config: |
include ::tripleo::profile::base::heat::api_cloudwatch
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- name: Check if heat_api_cloudwatch is deployed
command: systemctl is-enabled openstack-heat-api-cloudwatch
diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml
index 3349271c..51f52a71 100644
--- a/puppet/services/heat-api.yaml
+++ b/puppet/services/heat-api.yaml
@@ -137,6 +137,8 @@ outputs:
heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
heat::keystone::auth::password: {get_param: HeatPassword}
heat::keystone::auth::region: {get_param: KeystoneRegion}
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- name: Check is heat_api is deployed
command: systemctl is-enabled openstack-heat-api
diff --git a/puppet/services/network/contrail-provision.yaml b/puppet/services/iscsid.yaml
index f3a43224..222977e9 100644
--- a/puppet/services/network/contrail-provision.yaml
+++ b/puppet/services/iscsid.yaml
@@ -1,7 +1,7 @@
heat_template_version: pike
description: >
- Provision Contrail services after deployment
+ Configure iscsid
parameters:
ServiceData:
@@ -31,24 +31,11 @@ parameters:
via parameter_defaults in the resource registry.
type: json
-resources:
- ContrailBase:
- type: ./contrail-base.yaml
- properties:
- ServiceData: {get_param: ServiceData}
- ServiceNetMap: {get_param: ServiceNetMap}
- DefaultPasswords: {get_param: DefaultPasswords}
- EndpointMap: {get_param: EndpointMap}
- RoleName: {get_param: RoleName}
- RoleParameters: {get_param: RoleParameters}
-
outputs:
role_data:
- description: Contrail provisioning role
+ description: Role data for iscsid
value:
- service_name: contrail_provision
- config_settings:
- map_merge:
- - get_attr: [ContrailBase, role_data, config_settings]
+ service_name: iscsid
+ config_settings: {}
step_config: |
- include ::tripleo::network::contrail::provision
+ include ::tripleo::profile::base::iscsid
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 136c0ad4..8796209b 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -67,6 +67,7 @@ parameters:
Debug:
type: string
default: ''
+ description: Set to True to enable debugging on all services.
KeystoneDebug:
default: ''
description: Set to True to enable debugging Keystone service.
diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml
index 160b4e4a..7d43f685 100644
--- a/puppet/services/manila-scheduler.yaml
+++ b/puppet/services/manila-scheduler.yaml
@@ -32,7 +32,7 @@ parameters:
type: json
NovaPassword:
type: string
- description: The password for the nova service and db account, used by nova-api.
+ description: The password for the nova service and db account
hidden: true
NeutronPassword:
description: The password for the neutron service and db account, used by neutron agents.
diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml
index 24dda549..0f0fe957 100644
--- a/puppet/services/monitoring/sensu-base.yaml
+++ b/puppet/services/monitoring/sensu-base.yaml
@@ -44,7 +44,7 @@ parameters:
to the RabbitMQ host. Set MonitoringRabbitUseSSL to true without
specifying a private key or cert chain to use SSL transport,
but not cert auth.
- type: string
+ type: boolean
MonitoringRabbitSSLPrivateKey:
default: ''
description: Private key to be used by Sensu to connect to RabbitMQ host.
diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml
index f2b062e0..a9ffabe5 100644
--- a/puppet/services/monitoring/sensu-client.yaml
+++ b/puppet/services/monitoring/sensu-client.yaml
@@ -31,8 +31,9 @@ parameters:
via parameter_defaults in the resource registry.
type: json
AdminPassword:
- description: Keystone admin user password
+ description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
+ hidden: true
KeystoneRegion:
default: 'regionOne'
description: Keystone region for endpoint
diff --git a/puppet/services/network/contrail-analytics.yaml b/puppet/services/network/contrail-analytics.yaml
index 51ecbf29..c60ffcd0 100644
--- a/puppet/services/network/contrail-analytics.yaml
+++ b/puppet/services/network/contrail-analytics.yaml
@@ -33,6 +33,26 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ContrailAnalyticsCollectorHttp:
+ default: 8089
+ description: Contrail Analytics Collector http port
+ type: number
+ ContrailAnalyticsCollectorSandesh:
+ default: 8086
+ description: Contrail Analytics Collector sandesh port
+ type: number
+ ContrailAnalyticsHttp:
+ default: 8090
+ description: Contrail Analytics http port
+ type: number
+ ContrailAnalyticsRedis:
+ default: 6379
+ description: Contrail Analytics redis port
+ type: number
+ ContrailAnalyticsApi:
+ default: 8081
+ description: Contrail Analytics Api port
+ type: number
resources:
ContrailBase:
@@ -41,7 +61,6 @@ resources:
ServiceData: {get_param: ServiceData}
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
- EndpointMap: {get_param: EndpointMap}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
@@ -53,14 +72,14 @@ outputs:
config_settings:
map_merge:
- get_attr: [ContrailBase, role_data, config_settings]
- - contrail::analytics::collector_http_server_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, port]}
- contrail::analytics::collector_sandesh_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, port]}
+ - contrail::analytics::collector_http_server_port: {get_param: ContrailAnalyticsCollectorHttp}
+ contrail::analytics::collector_sandesh_port: {get_param: ContrailAnalyticsCollectorSandesh}
contrail::analytics::host_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]}
- contrail::analytics::http_server_port: {get_param: [EndpointMap, ContrailAnalyticsHttpInternal, port]}
+ contrail::analytics::http_server_port: {get_param: ContrailAnalyticsHttp}
contrail::analytics::listen_ip_address: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]}
contrail::analytics::redis_server: '127.0.0.1'
- contrail::analytics::redis_server_port: {get_param: [EndpointMap, ContrailAnalyticsRedisInternal, port]}
+ contrail::analytics::redis_server_port: {get_param: ContrailAnalyticsRedis}
contrail::analytics::rest_api_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]}
- contrail::analytics::rest_api_port: {get_param: [EndpointMap, ContrailAnalyticsApiInternal, port]}
+ contrail::analytics::rest_api_port: {get_param: ContrailAnalyticsApi}
step_config: |
include ::tripleo::network::contrail::analytics
diff --git a/puppet/services/network/contrail-base.yaml b/puppet/services/network/contrail-base.yaml
index 9ee8a651..77c30bd9 100644
--- a/puppet/services/network/contrail-base.yaml
+++ b/puppet/services/network/contrail-base.yaml
@@ -30,16 +30,16 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- ContrailAAAMode:
+ AAAMode:
description: AAAmode can be no-auth, cloud-admin or rbac
type: string
default: 'rbac'
- ContrailAAAModeAnalytics:
+ AAAModeAnalytics:
description: AAAmode for analytics can be no-auth, cloud-admin or rbac
type: string
default: 'no-auth'
AdminPassword:
- description: Keystone admin user password
+ description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
hidden: true
AdminTenantName:
@@ -47,25 +47,33 @@ parameters:
type: string
default: 'admin'
AdminToken:
- description: Keystone admin token
+ description: The keystone auth secret and db password.
type: string
hidden: true
AdminUser:
description: Keystone admin user name
type: string
default: 'admin'
- AuthPortSSL:
- default: 13357
- description: Keystone SSL port
- type: number
- AuthPortSSLPublic:
- default: 13000
- description: Keystone Public SSL port
- type: number
ContrailAuth:
default: 'keystone'
description: Keystone authentication method
type: string
+ ContrailAnalyticsVIP:
+ default: ''
+ description: Contrail Analytics Api Virtual IP address
+ type: string
+ ContrailConfigPort:
+ default: 8082
+ description: Contrail Config Api port
+ type: number
+ ContrailConfigVIP:
+ default: ''
+ description: Contrail Config Virtual IP address
+ type: string
+ ContrailDiscoveryPort:
+ default: 5998
+ description: Contrail Config Api port
+ type: number
ContrailInsecure:
default: false
description: Keystone insecure mode
@@ -74,6 +82,14 @@ parameters:
default: '127.0.0.1:12111'
description: Memcached server
type: string
+ ContrailVIP:
+ default: ''
+ description: Contrail VIP
+ type: string
+ ContrailWebuiVIP:
+ default: ''
+ description: Contrail Webui Virtual IP address
+ type: string
RabbitPassword:
description: The password for RabbitMQ
type: string
@@ -87,29 +103,49 @@ parameters:
description: Set rabbit subscriber port, change this if using SSL
type: number
+conditions:
+ contrail_config_vip_unset: {equals : [{get_param: ContrailConfigVIP}, '']}
+ contrail_analytics_vip_unset: {equals : [{get_param: ContrailAnalyticsVIP}, '']}
+ contrail_webui_vip_unset: {equals : [{get_param: ContrailWebuiVIP}, '']}
+
outputs:
role_data:
description: Shared role data for the Contrail services.
value:
service_name: contrail_base
config_settings:
- contrail::aaa_mode: {get_param: ContrailAAAMode}
- contrail::analytics_aaa_mode: {get_param: ContrailAAAModeAnalytics}
- contrail::admin_password: {get_param: AdminPassword}
- contrail::admin_tenant_name: {get_param: AdminTenantName}
- contrail::admin_token: {get_param: AdminToken}
- contrail::admin_user: {get_param: AdminUser}
- contrail::auth: {get_param: ContrailAuth}
- contrail::auth_host: {get_param: [EndpointMap, KeystonePublic, host] }
- contrail::auth_port: {get_param: [EndpointMap, KeystoneAdmin, port] }
- contrail::auth_port_ssl: {get_param: AuthPortSSL }
- contrail::auth_port_public: {get_param: [EndpointMap, KeystonePublic, port] }
- contrail::auth_port_ssl_public: {get_param: AuthPortSSLPublic }
- contrail::auth_protocol: {get_param: [EndpointMap, KeystoneInternal, protocol] }
- contrail::api_port: {get_param: [EndpointMap, ContrailConfigInternal, port] }
- contrail::disc_server_port: {get_param: [EndpointMap, ContrailDiscoveryInternal, port] }
- contrail::insecure: {get_param: ContrailInsecure}
- contrail::memcached_server: {get_param: ContrailMemcachedServer}
- contrail::rabbit_password: {get_param: RabbitPassword}
- contrail::rabbit_user: {get_param: RabbitUserName}
- contrail::rabbit_port: {get_param: RabbitClientPort}
+ map_merge:
+ - contrail::aaa_mode: {get_param: AAAMode}
+ contrail::analytics_aaa_mode: {get_param: AAAModeAnalytics}
+ contrail::admin_password: {get_param: AdminPassword}
+ contrail::admin_tenant_name: {get_param: AdminTenantName}
+ contrail::admin_token: {get_param: AdminToken}
+ contrail::admin_user: {get_param: AdminUser}
+ contrail::auth: {get_param: ContrailAuth}
+ contrail::auth_host: {get_param: [EndpointMap, KeystoneAdmin, host] }
+ contrail::auth_port: {get_param: [EndpointMap, KeystoneAdmin, port] }
+ contrail::auth_port_public: {get_param: [EndpointMap, KeystonePublic, port] }
+ contrail::auth_protocol: {get_param: [EndpointMap, KeystonePublic, protocol] }
+ contrail::api_port: {get_param: ContrailConfigPort }
+ contrail::disc_server_port: {get_param: ContrailDiscoveryPort }
+ contrail::insecure: {get_param: ContrailInsecure}
+ contrail::memcached_server: {get_param: ContrailMemcachedServer}
+ contrail::rabbit_password: {get_param: RabbitPassword}
+ contrail::rabbit_user: {get_param: RabbitUserName}
+ contrail::rabbit_port: {get_param: RabbitClientPort}
+ contrail::vip: {get_param: ContrailVIP}
+ -
+ if:
+ - contrail_config_vip_unset
+ - {}
+ - contrail_config_vip: {get_param: ContrailConfigVIP}
+ -
+ if:
+ - contrail_webui_vip_unset
+ - {}
+ - contrail_webui_vip: {get_param: ContrailWebuiVIP}
+ -
+ if:
+ - contrail_analytics_vip_unset
+ - {}
+ - contrail_analytics_vip: {get_param: ContrailAnalyticsVIP}
diff --git a/puppet/services/network/contrail-config.yaml b/puppet/services/network/contrail-config.yaml
index d11cf6d0..210c81d7 100644
--- a/puppet/services/network/contrail-config.yaml
+++ b/puppet/services/network/contrail-config.yaml
@@ -41,6 +41,10 @@ parameters:
description: Ifmap user password
type: string
default: 'api-server'
+ ContrailConfigPort:
+ default: 8082
+ description: Contrail Config Api port
+ type: number
resources:
ContrailBase:
@@ -64,8 +68,8 @@ outputs:
- contrail::config::ifmap_password: {get_param: ContrailConfigIfmapUserPassword}
contrail::config::ifmap_username: {get_param: ContrailConfigIfmapUserName}
contrail::config::listen_ip_address: {get_param: [ServiceNetMap, ContrailConfigNetwork]}
- contrail::config::listen_port: {get_param: [EndpointMap, ContrailConfigInternal, port] }
+ contrail::config::listen_port: {get_param: ContrailConfigPort}
contrail::config::redis_server: '127.0.0.1'
- contrail::config::host_ip: {get_param: [ServiceNetMap, ContrailConfigNetwork] }
+ contrail::config::host_ip: {get_param: [ServiceNetMap, ContrailConfigNetwork]}
step_config: |
include ::tripleo::network::contrail::config
diff --git a/puppet/services/network/contrail-control.yaml b/puppet/services/network/contrail-control.yaml
index 529160ee..20951b0b 100644
--- a/puppet/services/network/contrail-control.yaml
+++ b/puppet/services/network/contrail-control.yaml
@@ -41,6 +41,10 @@ parameters:
description: sda1/256 hmac key, e.g. echo -n "values" | openssl dgst -sha256 -hmac key -binary | base64
type: string
hidden: true
+ ContrailControlManageNamed:
+ description: named config file mgmt
+ type: string
+ default: true
resources:
ContrailBase:
@@ -64,5 +68,6 @@ outputs:
- contrail::control::asn: {get_param: ContrailControlASN }
contrail::control::host_ip: {get_param: [ServiceNetMap, ContrailControlNetwork]}
contrail::control::rndc_secret: {get_param: ContrailControlRNDCSecret}
+ contrail::control::manage_named: {get_param: ContrailControlManageNamed}
step_config: |
include ::tripleo::network::contrail::control
diff --git a/puppet/services/network/contrail-dpdk.yaml b/puppet/services/network/contrail-dpdk.yaml
new file mode 100644
index 00000000..65b2a2a1
--- /dev/null
+++ b/puppet/services/network/contrail-dpdk.yaml
@@ -0,0 +1,82 @@
+heat_template_version: pike
+
+description: >
+ OpenStack Neutron Compute OpenContrail plugin
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronMetadataProxySharedSecret:
+ description: Shared secret to prevent spoofing
+ type: string
+ hidden: true
+ ContrailVrouterPhysicalInterface:
+ default: 'eth0'
+ description: vRouter physical interface
+ type: string
+ ContrailVrouterGateway:
+ default: '192.168.24.1'
+ description: vRouter default gateway
+ type: string
+ ContrailVrouterNetmask:
+ default: '255.255.255.0'
+ description: vRouter netmask
+ type: string
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Compute OpenContrail plugin
+ value:
+ service_name: contrail_dpdk
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]}
+ contrail::vrouter::is_dpdk: 'true'
+ contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface}
+ contrail::vrouter::gateway: {get_param: ContrailVrouterGateway}
+ contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask}
+ contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
+ tripleo.neutron_compute_plugin_opencontrail.firewall_rules:
+ '111 neutron_compute_plugin_opencontrail proxy':
+ dport:
+ - 8097
+ - 8085
+ proto: tcp
+ step_config: |
+ include ::tripleo::network::contrail::vrouter
diff --git a/puppet/services/network/contrail-neutron-plugin.yaml b/puppet/services/network/contrail-neutron-plugin.yaml
index 95951fd5..50a6be48 100644
--- a/puppet/services/network/contrail-neutron-plugin.yaml
+++ b/puppet/services/network/contrail-neutron-plugin.yaml
@@ -33,7 +33,7 @@ parameters:
ContrailExtensions:
description: List of OpenContrail extensions to be enabled
type: comma_delimited_list
- default: ''
+ default: 'ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None'
resources:
ContrailBase:
@@ -54,7 +54,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [ContrailBase, role_data, config_settings]
- - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions
+ - neutron::api_extensions_path: '/usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions:/usr/lib/python2.7/site-packages/neutron_lbaas/extensions'
contrail::vrouter::contrail_extensions: {get_param: ContrailExtensions}
step_config: |
include tripleo::network::contrail::neutron_plugin
diff --git a/puppet/services/network/contrail-tsn.yaml b/puppet/services/network/contrail-tsn.yaml
index 469e18cc..a9655160 100644
--- a/puppet/services/network/contrail-tsn.yaml
+++ b/puppet/services/network/contrail-tsn.yaml
@@ -31,17 +31,18 @@ parameters:
via parameter_defaults in the resource registry.
type: json
NeutronMetadataProxySharedSecret:
- description: Metadata Secret
+ description: Shared secret to prevent spoofing
type: string
- VrouterPhysicalInterface:
+ hidden: true
+ ContrailVrouterPhysicalInterface:
default: 'eth0'
description: vRouter physical interface
type: string
- VrouterGateway:
+ ContrailVrouterGateway:
default: '192.168.24.1'
description: vRouter default gateway
type: string
- VrouterNetmask:
+ ContrailVrouterNetmask:
default: '255.255.255.0'
description: vRouter netmask
type: string
@@ -65,10 +66,10 @@ outputs:
config_settings:
map_merge:
- get_attr: [ContrailBase, role_data, config_settings]
- - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]}
- contrail::vrouter::physical_interface: {get_param: VrouterPhysicalInterface}
- contrail::vrouter::gateway: {get_param: VrouterGateway}
- contrail::vrouter::netmask: {get_param: VrouterNetmask}
+ - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]}
+ contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface}
+ contrail::vrouter::gateway: {get_param: ContrailVrouterGateway}
+ contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask}
contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
contrail::vrouter::is_tsn: 'true'
tripleo.neutron_compute_plugin_opencontrail.firewall_rules:
diff --git a/puppet/services/network/contrail-vrouter.yaml b/puppet/services/network/contrail-vrouter.yaml
index d36a5651..1773c367 100644
--- a/puppet/services/network/contrail-vrouter.yaml
+++ b/puppet/services/network/contrail-vrouter.yaml
@@ -31,7 +31,7 @@ parameters:
via parameter_defaults in the resource registry.
type: json
NeutronMetadataProxySharedSecret:
- description: Metadata Secret
+ description: Shared secret to prevent spoofing
type: string
hidden: true
ContrailVrouterPhysicalInterface:
@@ -46,6 +46,10 @@ parameters:
default: '255.255.255.0'
description: vRouter netmask
type: string
+ ContrailVrouterControlNodeIps:
+ description: List of Contrail Node IPs
+ type: comma_delimited_list
+ default: ''
resources:
ContrailBase:
@@ -66,14 +70,16 @@ outputs:
config_settings:
map_merge:
- get_attr: [ContrailBase, role_data, config_settings]
- - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]}
+ - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]}
contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface}
contrail::vrouter::gateway: {get_param: ContrailVrouterGateway}
contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask}
contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- tripleo.neutron_compute_plugin_opencontrail.firewall_rules:
- '111 neutron_compute_plugin_opencontrail proxy':
+ contrail::vrouter::control_node_ips: {get_param: ContrailVrouterControlNodeIps}
+ tripleo.contrail_vrouter.firewall_rules:
+ '111 contrail_vrouter_8085':
+ dport: 8085
+ '112 contrail_vrouter_8097':
dport: 8097
- proto: tcp
step_config: |
include ::tripleo::network::contrail::vrouter
diff --git a/puppet/services/network/contrail-webui.yaml b/puppet/services/network/contrail-webui.yaml
index aa73fb94..8f96643f 100644
--- a/puppet/services/network/contrail-webui.yaml
+++ b/puppet/services/network/contrail-webui.yaml
@@ -33,6 +33,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ContrailWebuiHttp:
+ default: 8080
+ description: Contrail Webui http port
+ type: number
+ ContrailWebuiHttps:
+ default: 8143
+ description: Contrail Webui https port
+ type: number
resources:
ContrailBase:
@@ -53,8 +61,8 @@ outputs:
config_settings:
map_merge:
- get_attr: [ContrailBase, role_data, config_settings]
- - contrail::webui::http_port: {get_param: [EndpointMap, ContrailWebuiHttpInternal, port] }
- contrail::webui::https_port: {get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] }
+ - contrail::webui::http_port: {get_param: ContrailWebuiHttp }
+ contrail::webui::https_port: {get_param: ContrailWebuiHttps }
contrail::webui::redis_ip: '127.0.0.1'
step_config: |
include ::tripleo::network::contrail::webui
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml
index d650b11f..459a968a 100644
--- a/puppet/services/neutron-api.yaml
+++ b/puppet/services/neutron-api.yaml
@@ -50,7 +50,7 @@ parameters:
description: Allow automatic l3-agent failover
type: string
NovaPassword:
- description: The password for the nova service and db account, used by nova-api.
+ description: The password for the nova service and db account
type: string
hidden: true
NeutronEnableDVR:
diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml
index 5842149f..f1a56530 100644
--- a/puppet/services/neutron-compute-plugin-nuage.yaml
+++ b/puppet/services/neutron-compute-plugin-nuage.yaml
@@ -31,7 +31,7 @@ parameters:
via parameter_defaults in the resource registry.
type: json
NovaPassword:
- description: The password for the nova service account, used by nova-api.
+ description: The password for the nova service and db account
type: string
hidden: true
NuageMetadataPort:
diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml
index 0d56b3b1..a3baf710 100644
--- a/puppet/services/neutron-l3-compute-dvr.yaml
+++ b/puppet/services/neutron-l3-compute-dvr.yaml
@@ -34,6 +34,7 @@ parameters:
Debug:
type: string
default: ''
+ description: Set to True to enable debugging on all services.
MonitoringSubscriptionNeutronL3Dvr:
default: 'overcloud-neutron-l3-dvr'
type: string
diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml
index 82371337..7ccf526a 100644
--- a/puppet/services/neutron-l3.yaml
+++ b/puppet/services/neutron-l3.yaml
@@ -33,6 +33,7 @@ parameters:
Debug:
type: string
default: ''
+ description: Set to True to enable debugging on all services.
NeutronL3AgentMode:
description: |
Agent mode for L3 agent. Must be one of legacy or dvr_snat.
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index 1d4029cf..7894f78b 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -32,8 +32,7 @@ parameters:
type: json
NeutronEnableL2Pop:
type: string
- description: >
- Enable/disable the L2 population feature in the Neutron agents.
+ description: Enable/disable the L2 population feature in the Neutron agents.
default: "False"
NeutronBridgeMappings:
description: >
@@ -47,8 +46,7 @@ parameters:
default: "datacentre:br-ex"
NeutronTunnelTypes:
default: 'vxlan'
- description: |
- The tunnel types for the Neutron tenant network.
+ description: The tunnel types for the Neutron tenant network.
type: comma_delimited_list
NeutronAgentExtensions:
default: "qos"
diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml
index d98d1620..dd757b5d 100644
--- a/puppet/services/neutron-plugin-ml2.yaml
+++ b/puppet/services/neutron-plugin-ml2.yaml
@@ -53,8 +53,8 @@ parameters:
default: 'datacentre:1:1000'
description: >
The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the
- Neutron documentation for permitted values. Defaults to permitting any
- VLAN on the 'datacentre' physical network (See NeutronBridgeMappings).
+ Neutron documentation for permitted values. Defaults to permitting VLANs
+ 1 to 1000 on the 'datacentre' physical network (See NeutronBridgeMappings).
type: comma_delimited_list
NeutronTunnelIdRanges:
description: |
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index a28f4672..b413fb12 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -35,7 +35,7 @@ parameters:
description: Number of workers for Nova services.
type: number
NovaPassword:
- description: The password for the nova service and db account, used by nova-api.
+ description: The password for the nova service and db account
type: string
hidden: true
KeystoneRegion:
diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
index 82f8bc13..08302ee9 100644
--- a/puppet/services/nova-base.yaml
+++ b/puppet/services/nova-base.yaml
@@ -41,7 +41,7 @@ parameters:
constraints:
- allowed_values: [ 'messagingv2', 'noop' ]
NovaPassword:
- description: The password for the nova service and db account, used by nova-api.
+ description: The password for the nova service and db account
type: string
hidden: true
NeutronPassword:
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index d0f8fda2..6e1f3f56 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -97,14 +97,20 @@ parameters:
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
- default: auto
+ default: ''
MigrationSshKey:
type: json
description: >
SSH key for migration.
Expects a dictionary with keys 'public_key' and 'private_key'.
Values should be identical to SSH public/private key files.
- default: {}
+ default:
+ public_key: ''
+ private_key: ''
+ MigrationSshPort:
+ default: 22
+ description: Target port for migration over ssh
+ type: number
resources:
NovaBase:
@@ -159,14 +165,9 @@ outputs:
NovaPCIPassthrough: {get_param: NovaPCIPassthrough}
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
- tripleo::profile::base::nova::manage_migration: true
- tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey}
- tripleo::profile::base::nova::migration_ssh_localaddrs:
- - "%{hiera('cold_migration_ssh_inbound_addr')}"
- - "%{hiera('live_migration_ssh_inbound_addr')}"
- live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
- cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]}
- tripleo::profile::base::nova::nova_compute_enabled: true
+ tripleo::profile::base::nova::migration::client::nova_compute_enabled: true
+ tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
+ tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend}
diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml
index a6638be0..5abad452 100644
--- a/puppet/services/nova-conductor.yaml
+++ b/puppet/services/nova-conductor.yaml
@@ -45,7 +45,7 @@ parameters:
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
- default: auto
+ default: ''
conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index 3a5d7536..e2ae7260 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -30,6 +30,20 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ CephClientUserName:
+ default: openstack
+ type: string
+ CephClientKey:
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ type: string
+ hidden: true
+ CephClusterFSID:
+ type: string
+ description: The Ceph cluster FSID. Must be a UUID.
+ CinderEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Cinder
+ type: boolean
NovaComputeLibvirtType:
type: string
default: kvm
@@ -70,6 +84,19 @@ parameters:
the InternalTLSCAFile parameter) is not desired. The current
default reflects TripleO's default CA, which is FreeIPA.
It will only be used if internal TLS is enabled.
+ MigrationSshKey:
+ type: json
+ description: >
+ SSH key for migration.
+ Expects a dictionary with keys 'public_key' and 'private_key'.
+ Values should be identical to SSH public/private key files.
+ default:
+ public_key: ''
+ private_key: ''
+ MigrationSshPort:
+ default: 22
+ description: Target port for migration over ssh
+ type: number
conditions:
@@ -111,8 +138,12 @@ outputs:
- nova::compute::libvirt::manage_libvirt_services: false
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
- tripleo::profile::base::nova::manage_migration: true
- tripleo::profile::base::nova::libvirt_enabled: true
+ nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
+ nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
+ tripleo::profile::base::nova::migration::client::libvirt_enabled: true
+ tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]}
+ tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents}
@@ -120,6 +151,7 @@ outputs:
nova::compute::libvirt::qemu::max_files: 32768
nova::compute::libvirt::qemu::max_processes: 131072
nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
+ rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
tripleo.nova_libvirt.firewall_rules:
'200 nova_libvirt':
dport:
@@ -132,7 +164,7 @@ outputs:
- use_tls_for_live_migration
-
generate_service_certificates: true
- tripleo::profile::base::nova::libvirt_tls: true
+ tripleo::profile::base::nova::migration::client::libvirt_tls: true
nova::migration::libvirt::live_migration_inbound_addr:
str_replace:
template:
diff --git a/puppet/services/nova-migration-target.yaml b/puppet/services/nova-migration-target.yaml
new file mode 100644
index 00000000..128abc2c
--- /dev/null
+++ b/puppet/services/nova-migration-target.yaml
@@ -0,0 +1,57 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Nova migration target configured with Puppet
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MigrationSshKey:
+ type: json
+ description: >
+ SSH key for migration.
+ Expects a dictionary with keys 'public_key' and 'private_key'.
+ Values should be identical to SSH public/private key files.
+ default:
+ public_key: ''
+ private_key: ''
+
+outputs:
+ role_data:
+ description: Role data for the Nova migration target service.
+ value:
+ service_name: nova_migration_target
+ config_settings:
+ tripleo::profile::base::nova::migration::target::ssh_authorized_keys:
+ - {get_param: [ MigrationSshKey, public_key ]}
+ tripleo::profile::base::nova::migration::target::ssh_localaddrs:
+ - "%{hiera('cold_migration_ssh_inbound_addr')}"
+ - "%{hiera('live_migration_ssh_inbound_addr')}"
+ live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
+ cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]}
+ step_config: |
+ include tripleo::profile::base::nova::migration::target
diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml
index 5cb4ef5c..916cefd9 100644
--- a/puppet/services/nova-placement.yaml
+++ b/puppet/services/nova-placement.yaml
@@ -35,7 +35,7 @@ parameters:
description: Number of workers for Nova services.
type: number
NovaPassword:
- description: The password for the nova service and db account, used by nova-placement.
+ description: The password for the nova service and db account
type: string
hidden: true
KeystoneRegion:
diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml
index da925181..472dbcce 100644
--- a/puppet/services/opendaylight-api.yaml
+++ b/puppet/services/opendaylight-api.yaml
@@ -58,6 +58,10 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ OpenDaylightManageRepositories:
+ description: Whether to manage the OpenDaylight repository
+ type: boolean
+ default: false
outputs:
role_data:
@@ -72,6 +76,7 @@ outputs:
opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP}
opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]}
opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
+ opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories}
tripleo.opendaylight_api.firewall_rules:
'137 opendaylight api':
dport:
diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/ovn-controller.yaml
index dfd87eda..30720448 100644
--- a/puppet/services/neutron-compute-plugin-ovn.yaml
+++ b/puppet/services/ovn-controller.yaml
@@ -1,7 +1,7 @@
heat_template_version: pike
description: >
- OpenStack Neutron Compute OVN agent
+ OpenStack OVN Controller agent
parameters:
EndpointMap:
@@ -45,23 +45,23 @@ parameters:
bridge on hosts - to a physical name 'datacentre' which can be used
to create provider networks (and we use this for the default floating
network) - if changing this either use different post-install network
- scripts or be sure to keep 'datacentre' as a mapping network name
+ scripts or be sure to keep 'datacentre' as a mapping network name.
type: comma_delimited_list
default: "datacentre:br-ex"
outputs:
role_data:
- description: Role data for the Neutron Compute OVN agent
+ description: Role data for the OVN Controller agent
value:
- service_name: neutron_compute_plugin_ovn
+ service_name: ovn_controller
config_settings:
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]}
ovn::controller::ovn_bridge_mappings: {get_param: NeutronBridgeMappings}
nova::compute::force_config_drive: true
- tripleo.neutron_compute_plugin_ovn.firewall_rules:
+ tripleo.ovn_controller.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'
dport: 4789
@@ -70,3 +70,17 @@ outputs:
dport: 6081
step_config: |
include ::tripleo::profile::base::neutron::agents::ovn
+ upgrade_tasks:
+ - name: Check if ovn_controller is deployed
+ command: systemctl is-enabled ovn-controller
+ tags: common
+ ignore_errors: True
+ register: ovn_controller_enabled
+ - name: "PreUpgrade step0,validation: Check service ovn-controller is running"
+ shell: /usr/bin/systemctl show 'ovn-controller' --property ActiveState | grep '\bactive\b'
+ when: ovn_controller_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop ovn-controller service
+ tags: step1
+ when: ovn_controller_enabled.rc == 0
+ service: name=ovn-controller state=stopped
diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml
index f6f3e3c8..2b98008b 100644
--- a/puppet/services/ovn-dbs.yaml
+++ b/puppet/services/ovn-dbs.yaml
@@ -57,3 +57,17 @@ outputs:
- {get_param: OVNSouthboundServerPort}
step_config: |
include ::tripleo::profile::base::neutron::ovn_northd
+ upgrade_tasks:
+ - name: Check if ovn_northd is deployed
+ command: systemctl is-enabled ovn-northd
+ tags: common
+ ignore_errors: True
+ register: ovn_northd_enabled
+ - name: "PreUpgrade step0,validation: Check service ovn-northd is running"
+ shell: /usr/bin/systemctl show 'ovn-northd' --property ActiveState | grep '\bactive\b'
+ when: ovn_northd_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop ovn-northd service
+ tags: step1
+ when: ovn_northd_enabled.rc == 0
+ service: name=ovn-northd state=stopped
diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml
index 893e8418..158d04bd 100644
--- a/puppet/services/pacemaker.yaml
+++ b/puppet/services/pacemaker.yaml
@@ -105,11 +105,6 @@ parameters:
description: Whether to deploy a LoadBalancer on the Controller
type: boolean
- PacemakerResources:
- type: comma_delimited_list
- description: List of resources managed by pacemaker
- default: ['rabbitmq', 'galera']
-
outputs:
role_data:
description: Role data for the Pacemaker role.
@@ -156,20 +151,8 @@ outputs:
async: 30
poll: 4
- name: Stop pacemaker cluster
- tags: step2
+ tags: step3
pacemaker_cluster: state=offline
- name: Start pacemaker cluster
tags: step4
pacemaker_cluster: state=online
- - name: Check pacemaker resource
- tags: step4
- pacemaker_is_active:
- resource: "{{ item }}"
- max_wait: 500
- with_items: {get_param: PacemakerResources}
- - name: Check pacemaker haproxy resource
- tags: step4
- pacemaker_is_active:
- resource: haproxy
- max_wait: 500
- when: {get_param: EnableLoadBalancer}
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index 66f5c4b6..5867721a 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -97,7 +97,7 @@ outputs:
NODE_PORT: ''
NODE_IP_ADDRESS: ''
RABBITMQ_NODENAME: "rabbit@%{::hostname}"
- RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
+ RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<15000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<15000:64/native>>}]"'
'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}"
rabbitmq_kernel_variables:
inet_dist_listen_min: '25672'
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index 283bb3f3..06e8180d 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -35,7 +35,7 @@ parameters:
description: Set to True to enable debugging on all services.
type: string
SwiftPassword:
- description: The password for the swift service account, used by the swift proxy services.
+ description: The password for the swift service account
type: string
hidden: true
SwiftProxyNodeTimeout:
diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml
index 40bc1368..f9c3cbae 100644
--- a/puppet/services/swift-storage.yaml
+++ b/puppet/services/swift-storage.yaml
@@ -130,6 +130,7 @@ outputs:
- openstack-swift-container-updater
- openstack-swift-container
- openstack-swift-object-auditor
+ - openstack-swift-object-expirer
- openstack-swift-object-replicator
- openstack-swift-object-updater
- openstack-swift-object
diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml
index 7661dd2f..541a2eb6 100644
--- a/puppet/services/tacker.yaml
+++ b/puppet/services/tacker.yaml
@@ -37,6 +37,7 @@ parameters:
Debug:
type: string
default: ''
+ description: Set to True to enable debugging on all services.
TackerDebug:
default: ''
description: Set to True to enable debugging Tacker service.
diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml
index e52dd71e..e471c2a6 100644
--- a/puppet/services/tripleo-packages.yaml
+++ b/puppet/services/tripleo-packages.yaml
@@ -32,7 +32,7 @@ parameters:
type: json
EnablePackageInstall:
default: 'false'
- description: Set to true to enable package installation via Puppet
+ description: Set to true to enable package installation at deploy time
type: boolean
outputs:
diff --git a/puppet/services/tuned.yaml b/puppet/services/tuned.yaml
new file mode 100644
index 00000000..f1dec931
--- /dev/null
+++ b/puppet/services/tuned.yaml
@@ -0,0 +1,50 @@
+heat_template_version: ocata
+
+description: >
+ Configure tuned
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ TunedProfileName:
+ default: ''
+ description: Tuned Profile to apply to the host
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for tuned
+ value:
+ service_name: tuned
+ config_settings:
+ map_replace:
+ - map_replace:
+ - tripleo::profile::base::tuned::profile: TunedProfileName
+ - values: {get_param: RoleParameters}
+ - values: {'TunedProfileName': {get_param: TunedProfileName}}
+ step_config: |
+ include ::tripleo::profile::base::tuned
diff --git a/puppet/services/veritas-hyperscale-controller.yaml b/puppet/services/veritas-hyperscale-controller.yaml
new file mode 100644
index 00000000..fe641ad6
--- /dev/null
+++ b/puppet/services/veritas-hyperscale-controller.yaml
@@ -0,0 +1,106 @@
+# Copyright (c) 2017 Veritas Technologies LLC.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+heat_template_version: ocata
+
+description: >
+ Openstack Veritas HyperScale backend
+
+parameters:
+ VrtsRabbitPassword:
+ type: string
+ description: The Rabbitmq password of the hyperscale user. Mandatory.
+ VrtsKeystonePassword:
+ type: string
+ description: The Keystone password of the hyperscale service. Mandatory.
+ VrtsMysqlPassword:
+ type: string
+ description: The MySQL password of the hyperscale user. Mandatory.
+ VrtsCtrlMgmtIP:
+ type: string
+ default: ''
+ description: The management IP of HyperScale. The value will be inferred
+ from the rest of the deployment settings if left blank.
+ VrtsDashboardIP:
+ type: string
+ default: ''
+ description: The dashboard IP of HyperScale. The value will be inferred
+ from the rest of the deployment settings if left blank.
+ VrtsZookeeperIP:
+ type: string
+ description: The IP of a node where Zookeeper is configured. Mandatory.
+ VrtsSSHPassword:
+ type: string
+ description: The SSH password of the hyperscale user. Mandatory.
+ VrtsConfigParam1:
+ type: string
+ default: ''
+ description: Additional config parameter. Optional.
+ VrtsConfigParam2:
+ type: string
+ default: ''
+ description: Additional config parameter. Optional.
+ VrtsConfigParam3:
+ type: string
+ default: ''
+ description: Additional config parameter. Optional.
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Install Veritas HyperScale packages for controller.
+ value:
+ service_name: veritas_hyperscale_controller
+ config_settings:
+ global_config_settings:
+ vrts_ctrl_mgmt_ip: {get_param: VrtsCtrlMgmtIP}
+ vrts_dashboard_ip: {get_param: VrtsDashboardIP}
+ vrts_zookeeper_ip: {get_param: VrtsZookeeperIP}
+ vrts_ssh_passwd: {get_param: VrtsSSHPassword}
+ vrts_config_param1: {get_param: VrtsConfigParam1}
+ vrts_config_param2: {get_param: VrtsConfigParam2}
+ vrts_config_param3: {get_param: VrtsConfigParam3}
+ step_config: |
+ include ::veritas_hyperscale::controller_pkg_inst
+ service_config_settings:
+ rabbitmq:
+ vrts_rabbitmq_passwd: {get_param: VrtsRabbitPassword}
+ keystone:
+ vrts_keystone_passwd: {get_param: VrtsKeystonePassword}
+ mysql:
+ vrts_mysql_passwd: {get_param: VrtsMysqlPassword}
diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml
index debdc742..4a1ad179 100644
--- a/puppet/services/zaqar.yaml
+++ b/puppet/services/zaqar.yaml
@@ -56,6 +56,14 @@ parameters:
type: string
description: Set the number of workers for zaqar::wsgi::apache
default: '%{::os_workers}'
+ ZaqarMessageStore:
+ type: string
+ description: The messaging store for Zaqar
+ default: mongodb
+ ZaqarManagementStore:
+ type: string
+ description: The management store for Zaqar
+ default: mongodb
EnableInternalTLS:
type: boolean
default: false
@@ -63,6 +71,8 @@ parameters:
conditions:
zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]}
service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']}
+ zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']}
+ zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']}
resources:
@@ -95,7 +105,7 @@ outputs:
- {get_param: ZaqarDebug }
zaqar::server::service_name: 'httpd'
zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
- zaqar::wsgi::apache::ssl: false
+ zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::message_pipeline: 'zaqar.notification.notifier'
zaqar::unreliable: true
@@ -105,28 +115,71 @@ outputs:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
+ zaqar::message_store: {get_param: ZaqarMessageStore}
+ zaqar::management_store: {get_param: ZaqarManagementStore}
+ -
+ if:
+ - zaqar_messaging_store_swift
+ -
+ zaqar::messaging::swift::uri:
+ list_join:
+ - ''
+ - ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service']
+ zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+ tripleo::profile::base::zaqar::messaging_store: 'swift'
+ - {}
+ -
+ if:
+ - zaqar_management_store_sqlalchemy
+ -
+ tripleo::profile::base::zaqar::management_store: 'sqlalchemy'
+ zaqar::management::sqlalchemy::uri:
+ make_url:
+ scheme: {get_param: [EndpointMap, MysqlInternal, protocol]}
+ username: zaqar
+ password: {get_param: ZaqarPassword}
+ host: {get_param: [EndpointMap, MysqlInternal, host]}
+ path: /zaqar
+ query:
+ read_default_file: /etc/my.cnf.d/tripleo.cnf
+ read_default_group: tripleo
+ - {}
-
if:
- zaqar_workers_zero
- {}
- zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers}
service_config_settings:
- keystone:
- zaqar::keystone::auth::password: {get_param: ZaqarPassword}
- zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
- zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
- zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
- zaqar::keystone::auth::region: {get_param: KeystoneRegion}
- zaqar::keystone::auth::tenant: 'service'
- zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
- zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
- zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
- zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
- zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
- zaqar::keystone::auth_websocket::tenant: 'service'
-
+ map_merge:
+ - keystone:
+ zaqar::keystone::auth::password: {get_param: ZaqarPassword}
+ zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]}
+ zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]}
+ zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]}
+ zaqar::keystone::auth::region: {get_param: KeystoneRegion}
+ zaqar::keystone::auth::tenant: 'service'
+ zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword}
+ zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]}
+ zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]}
+ zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]}
+ zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion}
+ zaqar::keystone::auth_websocket::tenant: 'service'
+ -
+ if:
+ - zaqar_management_store_sqlalchemy
+ - mysql:
+ zaqar::db::mysql::user: zaqar
+ zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ zaqar::db::mysql::dbname: zaqar
+ zaqar::db::mysql::password: {get_param: ZaqarPassword}
+ zaqar::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+ - {}
step_config: |
include ::tripleo::profile::base::zaqar
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
yaql:
expression: $.data.apache_upgrade + $.data.zaqar_upgrade