diff options
Diffstat (limited to 'puppet/services')
57 files changed, 710 insertions, 169 deletions
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index d9b61ccd..f84edde0 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -30,6 +30,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + GnocchiExternalProject: + default: 'service' + description: Project name of resources creator in Gnocchi. + type: string MonitoringSubscriptionAodhApi: default: 'overcloud-ceilometer-aodh-api' type: string @@ -85,6 +89,7 @@ outputs: aodh::wsgi::apache::wsgi_process_display_name: 'aodh_wsgi' aodh::api::service_name: 'httpd' aodh::api::enable_proxy_headers_parsing: true + aodh::api::gnocchi_external_project_owner: {get_param: GnocchiExternalProject} aodh::policy::policies: {get_param: AodhApiPolicies} tripleo.aodh_api.firewall_rules: '128 aodh-api': diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml index 3cf51519..27bc50f3 100644 --- a/puppet/services/ceilometer-agent-compute.yaml +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -39,6 +39,10 @@ parameters: type: string constraints: - allowed_values: ['naive', 'libvirt_metadata', 'workload_partitioning'] + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true resources: CeilometerServiceBase: @@ -61,6 +65,7 @@ outputs: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] - ceilometer::agent::compute::instance_discovery_method: {get_param: InstanceDiscoveryMethod} + - ceilometer_redis_password: {get_param: RedisPassword} compute_namespace: true service_config_settings: get_attr: [CeilometerServiceBase, role_data, service_config_settings] diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 9fc1530a..5cc020a9 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -51,6 +51,8 @@ parameters: description: > A list of publishers to put in event_pipeline.yaml. When the collector is used, override this with notifier:// publisher. + If zaqar is enabled, you can also publish to a zaqar queue + by including "zaqar://?queue=queue_name" in this list. Set ManageEventPipeline to true for override to take effect. type: comma_delimited_list ManagePipeline: diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index 3e4f5b42..4fe6e908 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -172,6 +172,6 @@ outputs: until: ceph_quorum_nodecheck.rc == 0 retries: {get_param: CephValidationRetries} delay: {get_param: CephValidationDelay} - - name: set crush tunables + - name: ceph osd crush tunables default tags: step0 - shell: ceph osd crush tunables optimal + shell: ceph osd crush tunables default diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index aa025684..29629461 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -40,7 +40,7 @@ parameters: type: string hidden: true SwiftPassword: - description: The password for the swift service account, used by the Ceph RGW services. + description: The password for the swift service account type: string hidden: true KeystoneRegion: diff --git a/puppet/services/cinder-backend-dellps.yaml b/puppet/services/cinder-backend-dellps.yaml index caa2f2f7..388e49b7 100644 --- a/puppet/services/cinder-backend-dellps.yaml +++ b/puppet/services/cinder-backend-dellps.yaml @@ -31,6 +31,9 @@ parameters: CinderDellPsSanPassword: type: string hidden: true + CinderDellPsSanPrivateKey: + type: string + default: '' CinderDellPsSanThinProvision: type: boolean default: true @@ -87,6 +90,7 @@ outputs: cinder::backend::eqlx::san_ip: {get_param: CinderDellPsSanIp} cinder::backend::eqlx::san_login: {get_param: CinderDellPsSanLogin} cinder::backend::eqlx::san_password: {get_param: CinderDellPsSanPassword} + cinder::backend::eqlx::san_private_key: {get_param: CinderDellPsSanPrivateKey} cinder::backend::eqlx::san_thin_provision: {get_param: CinderDellPsSanThinProvision} cinder::backend::eqlx::eqlx_group_name: {get_param: CinderDellPsGroupname} cinder::backend::eqlx::eqlx_pool: {get_param: CinderDellPsPool} diff --git a/puppet/services/cinder-backend-veritas-hyperscale.yaml b/puppet/services/cinder-backend-veritas-hyperscale.yaml new file mode 100644 index 00000000..11ceb2fd --- /dev/null +++ b/puppet/services/cinder-backend-veritas-hyperscale.yaml @@ -0,0 +1,56 @@ +# Copyright (c) 2017 Veritas Technologies LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: ocata + +description: > + Openstack Veritas HyperScale backend + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Veritas HyperScale backend. + value: + service_name: cinder_backend_veritas_hyperscale + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_vrts_hs_backend: true + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 31a4d3eb..f5d38b60 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -37,6 +37,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. CongressDebug: default: '' description: Set to True to enable debugging Glance service. diff --git a/puppet/services/database/mongodb-base.yaml b/puppet/services/database/mongodb-base.yaml index 2881a5c6..c218e8b5 100644 --- a/puppet/services/database/mongodb-base.yaml +++ b/puppet/services/database/mongodb-base.yaml @@ -56,7 +56,3 @@ outputs: mongodb::server::journal: false mongodb::server::ipv6: {get_param: MongoDbIPv6} mongodb::server::replset: {get_param: MongoDbReplset} - # for now, we don't want to manage these services which are enabled - # by default with recent changes in puppet-systemd. - systemd::manage_networkd: false - systemd::manage_resolved: false diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 9b8386c1..abbe7a22 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -51,7 +51,7 @@ parameters: description: Whether to use Galera instead of regular MariaDB. type: boolean NovaPassword: - description: The password for the nova db account + description: The password for the nova service and db account type: string hidden: true EnableInternalTLS: @@ -96,10 +96,6 @@ outputs: - {get_param: [DefaultPasswords, mysql_root_password]} mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} enable_galera: {get_param: EnableGalera} - # for now, we don't want to manage these services which are enabled - # by default with recent changes in puppet-systemd. - systemd::manage_networkd: false - systemd::manage_resolved: false # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index d15b30cb..2a6a89e9 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -5,7 +5,7 @@ description: > parameters: RedisPassword: - description: The password for Redis + description: The password for the redis service account. type: string hidden: true RedisFDLimit: diff --git a/puppet/services/docker.yaml b/puppet/services/docker.yaml index d92b666b..d11ef66a 100644 --- a/puppet/services/docker.yaml +++ b/puppet/services/docker.yaml @@ -4,13 +4,11 @@ description: > Configures docker on the host parameters: - DockerNamespace: - description: namespace - default: tripleoupstream + DockerInsecureRegistryAddress: + description: Optional. The IP Address and Port of an insecure docker + namespace that will be configured in /etc/sysconfig/docker. type: string - DockerNamespaceIsRegistry: - type: boolean - default: false + default: '' EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -38,14 +36,19 @@ parameters: description: Parameters specific to the role type: json +conditions: + insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, '']} + outputs: role_data: description: Role data for the docker service value: service_name: docker config_settings: - tripleo::profile::base::docker::docker_namespace: {get_param: DockerNamespace} - tripleo::profile::base::docker::insecure_registry: {get_param: DockerNamespaceIsRegistry} + if: + - insecure_registry_is_empty + - {} + - tripleo::profile::base::docker::insecure_registry_address: {get_param: DockerInsecureRegistryAddress} step_config: | include ::tripleo::profile::base::docker upgrade_tasks: diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml index d5056c60..85fdb369 100644 --- a/puppet/services/ec2-api.yaml +++ b/puppet/services/ec2-api.yaml @@ -61,7 +61,7 @@ parameters: path: /var/log/ec2api/ec2api.log EnablePackageInstall: default: 'false' - description: Set to true to enable package installation via Puppet + description: Set to true to enable package installation at deploy time type: boolean Ec2ApiPolicies: description: | diff --git a/puppet/services/external-swift-proxy.yaml b/puppet/services/external-swift-proxy.yaml index a4a25d9e..ac1f11ac 100644 --- a/puppet/services/external-swift-proxy.yaml +++ b/puppet/services/external-swift-proxy.yaml @@ -44,7 +44,7 @@ parameters: type: string default: 'service' SwiftPassword: - description: The password for the swift service account, used by the swift proxy services. + description: The password for the swift service account type: string hidden: true KeystoneRegion: diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 0af132e7..a37135da 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -51,7 +51,7 @@ parameters: description: Whether or not to enable the HAProxy stats interface. type: boolean RedisPassword: - description: The password for Redis + description: The password for the redis service account. type: string hidden: true MonitoringSubscriptionHaproxy: diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 2c13cb30..28bb8658 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -130,6 +130,8 @@ outputs: heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} heat::keystone::auth_cfn::password: {get_param: HeatPassword} heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Check if heat_api_cfn is deployed command: systemctl is-enabled openstack-heat-api-cfn @@ -151,5 +153,5 @@ outputs: when: heat_api_cfn_apache.rc == 0 - name: Stop and disable heat_api_cfn service (pre-upgrade not under httpd) tags: step1 - when: heat_api_cfn_apache.rc == 0 + when: heat_api_cfn_enabled.rc == 0 service: name=openstack-heat-api-cfn state=stopped enabled=no diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index b23dc895..689251a3 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -114,6 +114,8 @@ outputs: - heat::wsgi::apache_api_cloudwatch::workers: {get_param: HeatWorkers} step_config: | include ::tripleo::profile::base::heat::api_cloudwatch + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Check if heat_api_cloudwatch is deployed command: systemctl is-enabled openstack-heat-api-cloudwatch diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index 3349271c..51f52a71 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -137,6 +137,8 @@ outputs: heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} heat::keystone::auth::password: {get_param: HeatPassword} heat::keystone::auth::region: {get_param: KeystoneRegion} + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Check is heat_api is deployed command: systemctl is-enabled openstack-heat-api diff --git a/puppet/services/network/contrail-provision.yaml b/puppet/services/iscsid.yaml index f3a43224..222977e9 100644 --- a/puppet/services/network/contrail-provision.yaml +++ b/puppet/services/iscsid.yaml @@ -1,7 +1,7 @@ heat_template_version: pike description: > - Provision Contrail services after deployment + Configure iscsid parameters: ServiceData: @@ -31,24 +31,11 @@ parameters: via parameter_defaults in the resource registry. type: json -resources: - ContrailBase: - type: ./contrail-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - outputs: role_data: - description: Contrail provisioning role + description: Role data for iscsid value: - service_name: contrail_provision - config_settings: - map_merge: - - get_attr: [ContrailBase, role_data, config_settings] + service_name: iscsid + config_settings: {} step_config: | - include ::tripleo::network::contrail::provision + include ::tripleo::profile::base::iscsid diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 136c0ad4..8796209b 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -67,6 +67,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. KeystoneDebug: default: '' description: Set to True to enable debugging Keystone service. diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml index 160b4e4a..7d43f685 100644 --- a/puppet/services/manila-scheduler.yaml +++ b/puppet/services/manila-scheduler.yaml @@ -32,7 +32,7 @@ parameters: type: json NovaPassword: type: string - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account hidden: true NeutronPassword: description: The password for the neutron service and db account, used by neutron agents. diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml index 24dda549..0f0fe957 100644 --- a/puppet/services/monitoring/sensu-base.yaml +++ b/puppet/services/monitoring/sensu-base.yaml @@ -44,7 +44,7 @@ parameters: to the RabbitMQ host. Set MonitoringRabbitUseSSL to true without specifying a private key or cert chain to use SSL transport, but not cert auth. - type: string + type: boolean MonitoringRabbitSSLPrivateKey: default: '' description: Private key to be used by Sensu to connect to RabbitMQ host. diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml index f2b062e0..a9ffabe5 100644 --- a/puppet/services/monitoring/sensu-client.yaml +++ b/puppet/services/monitoring/sensu-client.yaml @@ -31,8 +31,9 @@ parameters: via parameter_defaults in the resource registry. type: json AdminPassword: - description: Keystone admin user password + description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string + hidden: true KeystoneRegion: default: 'regionOne' description: Keystone region for endpoint diff --git a/puppet/services/network/contrail-analytics.yaml b/puppet/services/network/contrail-analytics.yaml index 51ecbf29..c60ffcd0 100644 --- a/puppet/services/network/contrail-analytics.yaml +++ b/puppet/services/network/contrail-analytics.yaml @@ -33,6 +33,26 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ContrailAnalyticsCollectorHttp: + default: 8089 + description: Contrail Analytics Collector http port + type: number + ContrailAnalyticsCollectorSandesh: + default: 8086 + description: Contrail Analytics Collector sandesh port + type: number + ContrailAnalyticsHttp: + default: 8090 + description: Contrail Analytics http port + type: number + ContrailAnalyticsRedis: + default: 6379 + description: Contrail Analytics redis port + type: number + ContrailAnalyticsApi: + default: 8081 + description: Contrail Analytics Api port + type: number resources: ContrailBase: @@ -41,7 +61,6 @@ resources: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} @@ -53,14 +72,14 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::analytics::collector_http_server_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, port]} - contrail::analytics::collector_sandesh_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, port]} + - contrail::analytics::collector_http_server_port: {get_param: ContrailAnalyticsCollectorHttp} + contrail::analytics::collector_sandesh_port: {get_param: ContrailAnalyticsCollectorSandesh} contrail::analytics::host_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} - contrail::analytics::http_server_port: {get_param: [EndpointMap, ContrailAnalyticsHttpInternal, port]} + contrail::analytics::http_server_port: {get_param: ContrailAnalyticsHttp} contrail::analytics::listen_ip_address: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} contrail::analytics::redis_server: '127.0.0.1' - contrail::analytics::redis_server_port: {get_param: [EndpointMap, ContrailAnalyticsRedisInternal, port]} + contrail::analytics::redis_server_port: {get_param: ContrailAnalyticsRedis} contrail::analytics::rest_api_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} - contrail::analytics::rest_api_port: {get_param: [EndpointMap, ContrailAnalyticsApiInternal, port]} + contrail::analytics::rest_api_port: {get_param: ContrailAnalyticsApi} step_config: | include ::tripleo::network::contrail::analytics diff --git a/puppet/services/network/contrail-base.yaml b/puppet/services/network/contrail-base.yaml index 9ee8a651..77c30bd9 100644 --- a/puppet/services/network/contrail-base.yaml +++ b/puppet/services/network/contrail-base.yaml @@ -30,16 +30,16 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - ContrailAAAMode: + AAAMode: description: AAAmode can be no-auth, cloud-admin or rbac type: string default: 'rbac' - ContrailAAAModeAnalytics: + AAAModeAnalytics: description: AAAmode for analytics can be no-auth, cloud-admin or rbac type: string default: 'no-auth' AdminPassword: - description: Keystone admin user password + description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true AdminTenantName: @@ -47,25 +47,33 @@ parameters: type: string default: 'admin' AdminToken: - description: Keystone admin token + description: The keystone auth secret and db password. type: string hidden: true AdminUser: description: Keystone admin user name type: string default: 'admin' - AuthPortSSL: - default: 13357 - description: Keystone SSL port - type: number - AuthPortSSLPublic: - default: 13000 - description: Keystone Public SSL port - type: number ContrailAuth: default: 'keystone' description: Keystone authentication method type: string + ContrailAnalyticsVIP: + default: '' + description: Contrail Analytics Api Virtual IP address + type: string + ContrailConfigPort: + default: 8082 + description: Contrail Config Api port + type: number + ContrailConfigVIP: + default: '' + description: Contrail Config Virtual IP address + type: string + ContrailDiscoveryPort: + default: 5998 + description: Contrail Config Api port + type: number ContrailInsecure: default: false description: Keystone insecure mode @@ -74,6 +82,14 @@ parameters: default: '127.0.0.1:12111' description: Memcached server type: string + ContrailVIP: + default: '' + description: Contrail VIP + type: string + ContrailWebuiVIP: + default: '' + description: Contrail Webui Virtual IP address + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -87,29 +103,49 @@ parameters: description: Set rabbit subscriber port, change this if using SSL type: number +conditions: + contrail_config_vip_unset: {equals : [{get_param: ContrailConfigVIP}, '']} + contrail_analytics_vip_unset: {equals : [{get_param: ContrailAnalyticsVIP}, '']} + contrail_webui_vip_unset: {equals : [{get_param: ContrailWebuiVIP}, '']} + outputs: role_data: description: Shared role data for the Contrail services. value: service_name: contrail_base config_settings: - contrail::aaa_mode: {get_param: ContrailAAAMode} - contrail::analytics_aaa_mode: {get_param: ContrailAAAModeAnalytics} - contrail::admin_password: {get_param: AdminPassword} - contrail::admin_tenant_name: {get_param: AdminTenantName} - contrail::admin_token: {get_param: AdminToken} - contrail::admin_user: {get_param: AdminUser} - contrail::auth: {get_param: ContrailAuth} - contrail::auth_host: {get_param: [EndpointMap, KeystonePublic, host] } - contrail::auth_port: {get_param: [EndpointMap, KeystoneAdmin, port] } - contrail::auth_port_ssl: {get_param: AuthPortSSL } - contrail::auth_port_public: {get_param: [EndpointMap, KeystonePublic, port] } - contrail::auth_port_ssl_public: {get_param: AuthPortSSLPublic } - contrail::auth_protocol: {get_param: [EndpointMap, KeystoneInternal, protocol] } - contrail::api_port: {get_param: [EndpointMap, ContrailConfigInternal, port] } - contrail::disc_server_port: {get_param: [EndpointMap, ContrailDiscoveryInternal, port] } - contrail::insecure: {get_param: ContrailInsecure} - contrail::memcached_server: {get_param: ContrailMemcachedServer} - contrail::rabbit_password: {get_param: RabbitPassword} - contrail::rabbit_user: {get_param: RabbitUserName} - contrail::rabbit_port: {get_param: RabbitClientPort} + map_merge: + - contrail::aaa_mode: {get_param: AAAMode} + contrail::analytics_aaa_mode: {get_param: AAAModeAnalytics} + contrail::admin_password: {get_param: AdminPassword} + contrail::admin_tenant_name: {get_param: AdminTenantName} + contrail::admin_token: {get_param: AdminToken} + contrail::admin_user: {get_param: AdminUser} + contrail::auth: {get_param: ContrailAuth} + contrail::auth_host: {get_param: [EndpointMap, KeystoneAdmin, host] } + contrail::auth_port: {get_param: [EndpointMap, KeystoneAdmin, port] } + contrail::auth_port_public: {get_param: [EndpointMap, KeystonePublic, port] } + contrail::auth_protocol: {get_param: [EndpointMap, KeystonePublic, protocol] } + contrail::api_port: {get_param: ContrailConfigPort } + contrail::disc_server_port: {get_param: ContrailDiscoveryPort } + contrail::insecure: {get_param: ContrailInsecure} + contrail::memcached_server: {get_param: ContrailMemcachedServer} + contrail::rabbit_password: {get_param: RabbitPassword} + contrail::rabbit_user: {get_param: RabbitUserName} + contrail::rabbit_port: {get_param: RabbitClientPort} + contrail::vip: {get_param: ContrailVIP} + - + if: + - contrail_config_vip_unset + - {} + - contrail_config_vip: {get_param: ContrailConfigVIP} + - + if: + - contrail_webui_vip_unset + - {} + - contrail_webui_vip: {get_param: ContrailWebuiVIP} + - + if: + - contrail_analytics_vip_unset + - {} + - contrail_analytics_vip: {get_param: ContrailAnalyticsVIP} diff --git a/puppet/services/network/contrail-config.yaml b/puppet/services/network/contrail-config.yaml index d11cf6d0..210c81d7 100644 --- a/puppet/services/network/contrail-config.yaml +++ b/puppet/services/network/contrail-config.yaml @@ -41,6 +41,10 @@ parameters: description: Ifmap user password type: string default: 'api-server' + ContrailConfigPort: + default: 8082 + description: Contrail Config Api port + type: number resources: ContrailBase: @@ -64,8 +68,8 @@ outputs: - contrail::config::ifmap_password: {get_param: ContrailConfigIfmapUserPassword} contrail::config::ifmap_username: {get_param: ContrailConfigIfmapUserName} contrail::config::listen_ip_address: {get_param: [ServiceNetMap, ContrailConfigNetwork]} - contrail::config::listen_port: {get_param: [EndpointMap, ContrailConfigInternal, port] } + contrail::config::listen_port: {get_param: ContrailConfigPort} contrail::config::redis_server: '127.0.0.1' - contrail::config::host_ip: {get_param: [ServiceNetMap, ContrailConfigNetwork] } + contrail::config::host_ip: {get_param: [ServiceNetMap, ContrailConfigNetwork]} step_config: | include ::tripleo::network::contrail::config diff --git a/puppet/services/network/contrail-control.yaml b/puppet/services/network/contrail-control.yaml index 529160ee..20951b0b 100644 --- a/puppet/services/network/contrail-control.yaml +++ b/puppet/services/network/contrail-control.yaml @@ -41,6 +41,10 @@ parameters: description: sda1/256 hmac key, e.g. echo -n "values" | openssl dgst -sha256 -hmac key -binary | base64 type: string hidden: true + ContrailControlManageNamed: + description: named config file mgmt + type: string + default: true resources: ContrailBase: @@ -64,5 +68,6 @@ outputs: - contrail::control::asn: {get_param: ContrailControlASN } contrail::control::host_ip: {get_param: [ServiceNetMap, ContrailControlNetwork]} contrail::control::rndc_secret: {get_param: ContrailControlRNDCSecret} + contrail::control::manage_named: {get_param: ContrailControlManageNamed} step_config: | include ::tripleo::network::contrail::control diff --git a/puppet/services/network/contrail-dpdk.yaml b/puppet/services/network/contrail-dpdk.yaml new file mode 100644 index 00000000..65b2a2a1 --- /dev/null +++ b/puppet/services/network/contrail-dpdk.yaml @@ -0,0 +1,82 @@ +heat_template_version: pike + +description: > + OpenStack Neutron Compute OpenContrail plugin + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronMetadataProxySharedSecret: + description: Shared secret to prevent spoofing + type: string + hidden: true + ContrailVrouterPhysicalInterface: + default: 'eth0' + description: vRouter physical interface + type: string + ContrailVrouterGateway: + default: '192.168.24.1' + description: vRouter default gateway + type: string + ContrailVrouterNetmask: + default: '255.255.255.0' + description: vRouter netmask + type: string + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Neutron Compute OpenContrail plugin + value: + service_name: contrail_dpdk + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]} + contrail::vrouter::is_dpdk: 'true' + contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface} + contrail::vrouter::gateway: {get_param: ContrailVrouterGateway} + contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask} + contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + tripleo.neutron_compute_plugin_opencontrail.firewall_rules: + '111 neutron_compute_plugin_opencontrail proxy': + dport: + - 8097 + - 8085 + proto: tcp + step_config: | + include ::tripleo::network::contrail::vrouter diff --git a/puppet/services/network/contrail-neutron-plugin.yaml b/puppet/services/network/contrail-neutron-plugin.yaml index 95951fd5..50a6be48 100644 --- a/puppet/services/network/contrail-neutron-plugin.yaml +++ b/puppet/services/network/contrail-neutron-plugin.yaml @@ -33,7 +33,7 @@ parameters: ContrailExtensions: description: List of OpenContrail extensions to be enabled type: comma_delimited_list - default: '' + default: 'ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None' resources: ContrailBase: @@ -54,7 +54,7 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions + - neutron::api_extensions_path: '/usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions:/usr/lib/python2.7/site-packages/neutron_lbaas/extensions' contrail::vrouter::contrail_extensions: {get_param: ContrailExtensions} step_config: | include tripleo::network::contrail::neutron_plugin diff --git a/puppet/services/network/contrail-tsn.yaml b/puppet/services/network/contrail-tsn.yaml index 469e18cc..a9655160 100644 --- a/puppet/services/network/contrail-tsn.yaml +++ b/puppet/services/network/contrail-tsn.yaml @@ -31,17 +31,18 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string - VrouterPhysicalInterface: + hidden: true + ContrailVrouterPhysicalInterface: default: 'eth0' description: vRouter physical interface type: string - VrouterGateway: + ContrailVrouterGateway: default: '192.168.24.1' description: vRouter default gateway type: string - VrouterNetmask: + ContrailVrouterNetmask: default: '255.255.255.0' description: vRouter netmask type: string @@ -65,10 +66,10 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]} - contrail::vrouter::physical_interface: {get_param: VrouterPhysicalInterface} - contrail::vrouter::gateway: {get_param: VrouterGateway} - contrail::vrouter::netmask: {get_param: VrouterNetmask} + - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]} + contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface} + contrail::vrouter::gateway: {get_param: ContrailVrouterGateway} + contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask} contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} contrail::vrouter::is_tsn: 'true' tripleo.neutron_compute_plugin_opencontrail.firewall_rules: diff --git a/puppet/services/network/contrail-vrouter.yaml b/puppet/services/network/contrail-vrouter.yaml index d36a5651..1773c367 100644 --- a/puppet/services/network/contrail-vrouter.yaml +++ b/puppet/services/network/contrail-vrouter.yaml @@ -31,7 +31,7 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronMetadataProxySharedSecret: - description: Metadata Secret + description: Shared secret to prevent spoofing type: string hidden: true ContrailVrouterPhysicalInterface: @@ -46,6 +46,10 @@ parameters: default: '255.255.255.0' description: vRouter netmask type: string + ContrailVrouterControlNodeIps: + description: List of Contrail Node IPs + type: comma_delimited_list + default: '' resources: ContrailBase: @@ -66,14 +70,16 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]} + - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]} contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface} contrail::vrouter::gateway: {get_param: ContrailVrouterGateway} contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask} contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - tripleo.neutron_compute_plugin_opencontrail.firewall_rules: - '111 neutron_compute_plugin_opencontrail proxy': + contrail::vrouter::control_node_ips: {get_param: ContrailVrouterControlNodeIps} + tripleo.contrail_vrouter.firewall_rules: + '111 contrail_vrouter_8085': + dport: 8085 + '112 contrail_vrouter_8097': dport: 8097 - proto: tcp step_config: | include ::tripleo::network::contrail::vrouter diff --git a/puppet/services/network/contrail-webui.yaml b/puppet/services/network/contrail-webui.yaml index aa73fb94..8f96643f 100644 --- a/puppet/services/network/contrail-webui.yaml +++ b/puppet/services/network/contrail-webui.yaml @@ -33,6 +33,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ContrailWebuiHttp: + default: 8080 + description: Contrail Webui http port + type: number + ContrailWebuiHttps: + default: 8143 + description: Contrail Webui https port + type: number resources: ContrailBase: @@ -53,8 +61,8 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::webui::http_port: {get_param: [EndpointMap, ContrailWebuiHttpInternal, port] } - contrail::webui::https_port: {get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] } + - contrail::webui::http_port: {get_param: ContrailWebuiHttp } + contrail::webui::https_port: {get_param: ContrailWebuiHttps } contrail::webui::redis_ip: '127.0.0.1' step_config: | include ::tripleo::network::contrail::webui diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index d650b11f..459a968a 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -50,7 +50,7 @@ parameters: description: Allow automatic l3-agent failover type: string NovaPassword: - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true NeutronEnableDVR: diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml index 5842149f..f1a56530 100644 --- a/puppet/services/neutron-compute-plugin-nuage.yaml +++ b/puppet/services/neutron-compute-plugin-nuage.yaml @@ -31,7 +31,7 @@ parameters: via parameter_defaults in the resource registry. type: json NovaPassword: - description: The password for the nova service account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true NuageMetadataPort: diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml index 0d56b3b1..a3baf710 100644 --- a/puppet/services/neutron-l3-compute-dvr.yaml +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -34,6 +34,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. MonitoringSubscriptionNeutronL3Dvr: default: 'overcloud-neutron-l3-dvr' type: string diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 82371337..7ccf526a 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -33,6 +33,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. NeutronL3AgentMode: description: | Agent mode for L3 agent. Must be one of legacy or dvr_snat. diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 1d4029cf..7894f78b 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -32,8 +32,7 @@ parameters: type: json NeutronEnableL2Pop: type: string - description: > - Enable/disable the L2 population feature in the Neutron agents. + description: Enable/disable the L2 population feature in the Neutron agents. default: "False" NeutronBridgeMappings: description: > @@ -47,8 +46,7 @@ parameters: default: "datacentre:br-ex" NeutronTunnelTypes: default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. + description: The tunnel types for the Neutron tenant network. type: comma_delimited_list NeutronAgentExtensions: default: "qos" diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index d98d1620..dd757b5d 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -53,8 +53,8 @@ parameters: default: 'datacentre:1:1000' description: > The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). + Neutron documentation for permitted values. Defaults to permitting VLANs + 1 to 1000 on the 'datacentre' physical network (See NeutronBridgeMappings). type: comma_delimited_list NeutronTunnelIdRanges: description: | diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index a28f4672..b413fb12 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -35,7 +35,7 @@ parameters: description: Number of workers for Nova services. type: number NovaPassword: - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true KeystoneRegion: diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 82f8bc13..08302ee9 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -41,7 +41,7 @@ parameters: constraints: - allowed_values: [ 'messagingv2', 'noop' ] NovaPassword: - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true NeutronPassword: diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index d0f8fda2..6e1f3f56 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -97,14 +97,20 @@ parameters: UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level - default: auto + default: '' MigrationSshKey: type: json description: > SSH key for migration. Expects a dictionary with keys 'public_key' and 'private_key'. Values should be identical to SSH public/private key files. - default: {} + default: + public_key: '' + private_key: '' + MigrationSshPort: + default: 22 + description: Target port for migration over ssh + type: number resources: NovaBase: @@ -159,14 +165,9 @@ outputs: NovaPCIPassthrough: {get_param: NovaPCIPassthrough} # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false - tripleo::profile::base::nova::manage_migration: true - tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey} - tripleo::profile::base::nova::migration_ssh_localaddrs: - - "%{hiera('cold_migration_ssh_inbound_addr')}" - - "%{hiera('live_migration_ssh_inbound_addr')}" - live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} - cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]} - tripleo::profile::base::nova::nova_compute_enabled: true + tripleo::profile::base::nova::migration::client::nova_compute_enabled: true + tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]} + tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend} diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index a6638be0..5abad452 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -45,7 +45,7 @@ parameters: UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level - default: auto + default: '' conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 3a5d7536..e2ae7260 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -30,6 +30,20 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + CephClientUserName: + default: openstack + type: string + CephClientKey: + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClusterFSID: + type: string + description: The Ceph cluster FSID. Must be a UUID. + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean NovaComputeLibvirtType: type: string default: kvm @@ -70,6 +84,19 @@ parameters: the InternalTLSCAFile parameter) is not desired. The current default reflects TripleO's default CA, which is FreeIPA. It will only be used if internal TLS is enabled. + MigrationSshKey: + type: json + description: > + SSH key for migration. + Expects a dictionary with keys 'public_key' and 'private_key'. + Values should be identical to SSH public/private key files. + default: + public_key: '' + private_key: '' + MigrationSshPort: + default: 22 + description: Target port for migration over ssh + type: number conditions: @@ -111,8 +138,12 @@ outputs: - nova::compute::libvirt::manage_libvirt_services: false # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false - tripleo::profile::base::nova::manage_migration: true - tripleo::profile::base::nova::libvirt_enabled: true + nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey} + nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID} + tripleo::profile::base::nova::migration::client::libvirt_enabled: true + tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]} + tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort} nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType} nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType} nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents} @@ -120,6 +151,7 @@ outputs: nova::compute::libvirt::qemu::max_files: 32768 nova::compute::libvirt::qemu::max_processes: 131072 nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + rbd_persistent_storage: {get_param: CinderEnableRbdBackend} tripleo.nova_libvirt.firewall_rules: '200 nova_libvirt': dport: @@ -132,7 +164,7 @@ outputs: - use_tls_for_live_migration - generate_service_certificates: true - tripleo::profile::base::nova::libvirt_tls: true + tripleo::profile::base::nova::migration::client::libvirt_tls: true nova::migration::libvirt::live_migration_inbound_addr: str_replace: template: diff --git a/puppet/services/nova-migration-target.yaml b/puppet/services/nova-migration-target.yaml new file mode 100644 index 00000000..128abc2c --- /dev/null +++ b/puppet/services/nova-migration-target.yaml @@ -0,0 +1,57 @@ +heat_template_version: ocata + +description: > + OpenStack Nova migration target configured with Puppet + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MigrationSshKey: + type: json + description: > + SSH key for migration. + Expects a dictionary with keys 'public_key' and 'private_key'. + Values should be identical to SSH public/private key files. + default: + public_key: '' + private_key: '' + +outputs: + role_data: + description: Role data for the Nova migration target service. + value: + service_name: nova_migration_target + config_settings: + tripleo::profile::base::nova::migration::target::ssh_authorized_keys: + - {get_param: [ MigrationSshKey, public_key ]} + tripleo::profile::base::nova::migration::target::ssh_localaddrs: + - "%{hiera('cold_migration_ssh_inbound_addr')}" + - "%{hiera('live_migration_ssh_inbound_addr')}" + live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]} + step_config: | + include tripleo::profile::base::nova::migration::target diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 5cb4ef5c..916cefd9 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -35,7 +35,7 @@ parameters: description: Number of workers for Nova services. type: number NovaPassword: - description: The password for the nova service and db account, used by nova-placement. + description: The password for the nova service and db account type: string hidden: true KeystoneRegion: diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index da925181..472dbcce 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -58,6 +58,10 @@ parameters: default: {} description: Parameters specific to the role type: json + OpenDaylightManageRepositories: + description: Whether to manage the OpenDaylight repository + type: boolean + default: false outputs: role_data: @@ -72,6 +76,7 @@ outputs: opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP} opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} + opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories} tripleo.opendaylight_api.firewall_rules: '137 opendaylight api': dport: diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/ovn-controller.yaml index dfd87eda..30720448 100644 --- a/puppet/services/neutron-compute-plugin-ovn.yaml +++ b/puppet/services/ovn-controller.yaml @@ -1,7 +1,7 @@ heat_template_version: pike description: > - OpenStack Neutron Compute OVN agent + OpenStack OVN Controller agent parameters: EndpointMap: @@ -45,23 +45,23 @@ parameters: bridge on hosts - to a physical name 'datacentre' which can be used to create provider networks (and we use this for the default floating network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name + scripts or be sure to keep 'datacentre' as a mapping network name. type: comma_delimited_list default: "datacentre:br-ex" outputs: role_data: - description: Role data for the Neutron Compute OVN agent + description: Role data for the OVN Controller agent value: - service_name: neutron_compute_plugin_ovn + service_name: ovn_controller config_settings: ovn::southbound::port: {get_param: OVNSouthboundServerPort} ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType} ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]} ovn::controller::ovn_bridge_mappings: {get_param: NeutronBridgeMappings} nova::compute::force_config_drive: true - tripleo.neutron_compute_plugin_ovn.firewall_rules: + tripleo.ovn_controller.firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 @@ -70,3 +70,17 @@ outputs: dport: 6081 step_config: | include ::tripleo::profile::base::neutron::agents::ovn + upgrade_tasks: + - name: Check if ovn_controller is deployed + command: systemctl is-enabled ovn-controller + tags: common + ignore_errors: True + register: ovn_controller_enabled + - name: "PreUpgrade step0,validation: Check service ovn-controller is running" + shell: /usr/bin/systemctl show 'ovn-controller' --property ActiveState | grep '\bactive\b' + when: ovn_controller_enabled.rc == 0 + tags: step0,validation + - name: Stop ovn-controller service + tags: step1 + when: ovn_controller_enabled.rc == 0 + service: name=ovn-controller state=stopped diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml index f6f3e3c8..2b98008b 100644 --- a/puppet/services/ovn-dbs.yaml +++ b/puppet/services/ovn-dbs.yaml @@ -57,3 +57,17 @@ outputs: - {get_param: OVNSouthboundServerPort} step_config: | include ::tripleo::profile::base::neutron::ovn_northd + upgrade_tasks: + - name: Check if ovn_northd is deployed + command: systemctl is-enabled ovn-northd + tags: common + ignore_errors: True + register: ovn_northd_enabled + - name: "PreUpgrade step0,validation: Check service ovn-northd is running" + shell: /usr/bin/systemctl show 'ovn-northd' --property ActiveState | grep '\bactive\b' + when: ovn_northd_enabled.rc == 0 + tags: step0,validation + - name: Stop ovn-northd service + tags: step1 + when: ovn_northd_enabled.rc == 0 + service: name=ovn-northd state=stopped diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index 893e8418..158d04bd 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -105,11 +105,6 @@ parameters: description: Whether to deploy a LoadBalancer on the Controller type: boolean - PacemakerResources: - type: comma_delimited_list - description: List of resources managed by pacemaker - default: ['rabbitmq', 'galera'] - outputs: role_data: description: Role data for the Pacemaker role. @@ -156,20 +151,8 @@ outputs: async: 30 poll: 4 - name: Stop pacemaker cluster - tags: step2 + tags: step3 pacemaker_cluster: state=offline - name: Start pacemaker cluster tags: step4 pacemaker_cluster: state=online - - name: Check pacemaker resource - tags: step4 - pacemaker_is_active: - resource: "{{ item }}" - max_wait: 500 - with_items: {get_param: PacemakerResources} - - name: Check pacemaker haproxy resource - tags: step4 - pacemaker_is_active: - resource: haproxy - max_wait: 500 - when: {get_param: EnableLoadBalancer} diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 66f5c4b6..5867721a 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -97,7 +97,7 @@ outputs: NODE_PORT: '' NODE_IP_ADDRESS: '' RABBITMQ_NODENAME: "rabbit@%{::hostname}" - RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' + RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<15000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<15000:64/native>>}]"' 'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}" rabbitmq_kernel_variables: inet_dist_listen_min: '25672' diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 283bb3f3..06e8180d 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -35,7 +35,7 @@ parameters: description: Set to True to enable debugging on all services. type: string SwiftPassword: - description: The password for the swift service account, used by the swift proxy services. + description: The password for the swift service account type: string hidden: true SwiftProxyNodeTimeout: diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index 40bc1368..f9c3cbae 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -130,6 +130,7 @@ outputs: - openstack-swift-container-updater - openstack-swift-container - openstack-swift-object-auditor + - openstack-swift-object-expirer - openstack-swift-object-replicator - openstack-swift-object-updater - openstack-swift-object diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index 7661dd2f..541a2eb6 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -37,6 +37,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. TackerDebug: default: '' description: Set to True to enable debugging Tacker service. diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index e52dd71e..e471c2a6 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -32,7 +32,7 @@ parameters: type: json EnablePackageInstall: default: 'false' - description: Set to true to enable package installation via Puppet + description: Set to true to enable package installation at deploy time type: boolean outputs: diff --git a/puppet/services/tuned.yaml b/puppet/services/tuned.yaml new file mode 100644 index 00000000..f1dec931 --- /dev/null +++ b/puppet/services/tuned.yaml @@ -0,0 +1,50 @@ +heat_template_version: ocata + +description: > + Configure tuned + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + TunedProfileName: + default: '' + description: Tuned Profile to apply to the host + type: string + +outputs: + role_data: + description: Role data for tuned + value: + service_name: tuned + config_settings: + map_replace: + - map_replace: + - tripleo::profile::base::tuned::profile: TunedProfileName + - values: {get_param: RoleParameters} + - values: {'TunedProfileName': {get_param: TunedProfileName}} + step_config: | + include ::tripleo::profile::base::tuned diff --git a/puppet/services/veritas-hyperscale-controller.yaml b/puppet/services/veritas-hyperscale-controller.yaml new file mode 100644 index 00000000..fe641ad6 --- /dev/null +++ b/puppet/services/veritas-hyperscale-controller.yaml @@ -0,0 +1,106 @@ +# Copyright (c) 2017 Veritas Technologies LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: ocata + +description: > + Openstack Veritas HyperScale backend + +parameters: + VrtsRabbitPassword: + type: string + description: The Rabbitmq password of the hyperscale user. Mandatory. + VrtsKeystonePassword: + type: string + description: The Keystone password of the hyperscale service. Mandatory. + VrtsMysqlPassword: + type: string + description: The MySQL password of the hyperscale user. Mandatory. + VrtsCtrlMgmtIP: + type: string + default: '' + description: The management IP of HyperScale. The value will be inferred + from the rest of the deployment settings if left blank. + VrtsDashboardIP: + type: string + default: '' + description: The dashboard IP of HyperScale. The value will be inferred + from the rest of the deployment settings if left blank. + VrtsZookeeperIP: + type: string + description: The IP of a node where Zookeeper is configured. Mandatory. + VrtsSSHPassword: + type: string + description: The SSH password of the hyperscale user. Mandatory. + VrtsConfigParam1: + type: string + default: '' + description: Additional config parameter. Optional. + VrtsConfigParam2: + type: string + default: '' + description: Additional config parameter. Optional. + VrtsConfigParam3: + type: string + default: '' + description: Additional config parameter. Optional. + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Install Veritas HyperScale packages for controller. + value: + service_name: veritas_hyperscale_controller + config_settings: + global_config_settings: + vrts_ctrl_mgmt_ip: {get_param: VrtsCtrlMgmtIP} + vrts_dashboard_ip: {get_param: VrtsDashboardIP} + vrts_zookeeper_ip: {get_param: VrtsZookeeperIP} + vrts_ssh_passwd: {get_param: VrtsSSHPassword} + vrts_config_param1: {get_param: VrtsConfigParam1} + vrts_config_param2: {get_param: VrtsConfigParam2} + vrts_config_param3: {get_param: VrtsConfigParam3} + step_config: | + include ::veritas_hyperscale::controller_pkg_inst + service_config_settings: + rabbitmq: + vrts_rabbitmq_passwd: {get_param: VrtsRabbitPassword} + keystone: + vrts_keystone_passwd: {get_param: VrtsKeystonePassword} + mysql: + vrts_mysql_passwd: {get_param: VrtsMysqlPassword} diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index debdc742..4a1ad179 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -56,6 +56,14 @@ parameters: type: string description: Set the number of workers for zaqar::wsgi::apache default: '%{::os_workers}' + ZaqarMessageStore: + type: string + description: The messaging store for Zaqar + default: mongodb + ZaqarManagementStore: + type: string + description: The management store for Zaqar + default: mongodb EnableInternalTLS: type: boolean default: false @@ -63,6 +71,8 @@ parameters: conditions: zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]} service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']} + zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']} + zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']} resources: @@ -95,7 +105,7 @@ outputs: - {get_param: ZaqarDebug } zaqar::server::service_name: 'httpd' zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} - zaqar::wsgi::apache::ssl: false + zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS} zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::message_pipeline: 'zaqar.notification.notifier' zaqar::unreliable: true @@ -105,28 +115,71 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} + zaqar::message_store: {get_param: ZaqarMessageStore} + zaqar::management_store: {get_param: ZaqarManagementStore} + - + if: + - zaqar_messaging_store_swift + - + zaqar::messaging::swift::uri: + list_join: + - '' + - ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service'] + zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + tripleo::profile::base::zaqar::messaging_store: 'swift' + - {} + - + if: + - zaqar_management_store_sqlalchemy + - + tripleo::profile::base::zaqar::management_store: 'sqlalchemy' + zaqar::management::sqlalchemy::uri: + make_url: + scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} + username: zaqar + password: {get_param: ZaqarPassword} + host: {get_param: [EndpointMap, MysqlInternal, host]} + path: /zaqar + query: + read_default_file: /etc/my.cnf.d/tripleo.cnf + read_default_group: tripleo + - {} - if: - zaqar_workers_zero - {} - zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers} service_config_settings: - keystone: - zaqar::keystone::auth::password: {get_param: ZaqarPassword} - zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} - zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} - zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} - zaqar::keystone::auth::region: {get_param: KeystoneRegion} - zaqar::keystone::auth::tenant: 'service' - zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} - zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} - zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} - zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} - zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} - zaqar::keystone::auth_websocket::tenant: 'service' - + map_merge: + - keystone: + zaqar::keystone::auth::password: {get_param: ZaqarPassword} + zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} + zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} + zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} + zaqar::keystone::auth::region: {get_param: KeystoneRegion} + zaqar::keystone::auth::tenant: 'service' + zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} + zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} + zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} + zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} + zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} + zaqar::keystone::auth_websocket::tenant: 'service' + - + if: + - zaqar_management_store_sqlalchemy + - mysql: + zaqar::db::mysql::user: zaqar + zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + zaqar::db::mysql::dbname: zaqar + zaqar::db::mysql::password: {get_param: ZaqarPassword} + zaqar::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + - {} step_config: | include ::tripleo::profile::base::zaqar + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: yaql: expression: $.data.apache_upgrade + $.data.zaqar_upgrade |