aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/services')
-rw-r--r--puppet/services/README.rst14
-rw-r--r--puppet/services/horizon.yaml1
-rw-r--r--puppet/services/neutron-plugin-ml2-ovn.yaml11
-rw-r--r--puppet/services/opendaylight-ovs.yaml11
-rw-r--r--puppet/services/ovn-dbs.yaml40
-rw-r--r--puppet/services/services.yaml6
-rw-r--r--puppet/services/swift-proxy.yaml64
7 files changed, 116 insertions, 31 deletions
diff --git a/puppet/services/README.rst b/puppet/services/README.rst
index 856b306e..6e4e9c1d 100644
--- a/puppet/services/README.rst
+++ b/puppet/services/README.rst
@@ -74,3 +74,17 @@ step, "step2" for the second, etc.
6) Start control-plane services
7) Any additional online migration tasks (e.g data migrations)
+
+Nova Server Metadata Settings
+-----------------------------
+
+One can use the hook of type `OS::TripleO::ServiceServerMetadataHook` to pass
+entries to the nova instances' metadata. It is, however, disabled by default.
+In order to overwrite it one needs to define it in the resource registry. An
+implementation of this hook needs to conform to the following:
+
+* It needs to define an input called `RoleData` of json type. This gets as
+ input the contents of the `role_data` for each role's ServiceChain.
+
+* This needs to define an output called `metadata` which will be given to the
+ Nova Server resource as the instance's metadata.
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index e59dc202..d7f10757 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -61,6 +61,7 @@ outputs:
horizon::enable_secure_proxy_ssl_header: true
horizon::disable_password_reveal: true
horizon::enforce_password_check: true
+ horizon::disallow_iframe_embed: true
horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
horizon::vhost_extra_params:
diff --git a/puppet/services/neutron-plugin-ml2-ovn.yaml b/puppet/services/neutron-plugin-ml2-ovn.yaml
index e98ed497..20dfda6a 100644
--- a/puppet/services/neutron-plugin-ml2-ovn.yaml
+++ b/puppet/services/neutron-plugin-ml2-ovn.yaml
@@ -18,13 +18,6 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- OVNDbHost:
- description: IP address on which the OVN DB servers are listening
- type: string
- OVNNorthboundServerPort:
- description: Port of the OVN Northbound DB server
- type: number
- default: 6641
OVNDbConnectionTimeout:
description: Timeout in seconds for the OVSDB connection transaction
type: number
@@ -68,9 +61,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [NeutronMl2Base, role_data, config_settings]
- - ovn::northbound::port: {get_param: OVNNorthboundServerPort}
- tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_db_host: {get_param: OVNDbHost}
- neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
+ - neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
neutron::plugins::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
neutron::plugins::ovn::ovn_l3_mode: true
neutron::plugins::ovn::vif_type: {get_param: OVNVifType}
diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml
index 907ecddc..63d12fe2 100644
--- a/puppet/services/opendaylight-ovs.yaml
+++ b/puppet/services/opendaylight-ovs.yaml
@@ -8,6 +8,15 @@ parameters:
default: 8081
description: Set opendaylight service port
type: number
+ OpenDaylightUsername:
+ default: 'admin'
+ description: The username for the opendaylight server.
+ type: string
+ OpenDaylightPassword:
+ default: 'admin'
+ type: string
+ description: The password for the opendaylight server.
+ hidden: true
OpenDaylightConnectionProtocol:
description: L7 protocol used for REST access
type: string
@@ -46,6 +55,8 @@ outputs:
service_name: opendaylight_ovs
config_settings:
opendaylight::odl_rest_port: {get_param: OpenDaylightPort}
+ opendaylight::username: {get_param: OpenDaylightUsername}
+ opendaylight::password: {get_param: OpenDaylightPassword}
opendaylight_check_url: {get_param: OpenDaylightCheckURL}
opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml
new file mode 100644
index 00000000..302628d4
--- /dev/null
+++ b/puppet/services/ovn-dbs.yaml
@@ -0,0 +1,40 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OVN databases configured with puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ OVNNorthboundServerPort:
+ description: Port of the OVN Northbound DB server
+ type: number
+ default: 6641
+ OVNSouthboundServerPort:
+ description: Port of the OVN Southbound DB server
+ type: number
+ default: 6642
+
+outputs:
+ role_data:
+ description: Role data for the OVN northd service
+ value:
+ service_name: ovn_dbs
+ config_settings:
+ ovn::northbound::port: {get_param: OVNNorthboundServerPort}
+ ovn::southbound::port: {get_param: OVNSouthboundServerPort}
+ ovn::northd::dbs_listen_ip: {get_param: [ServiceNetMap, OvnDbsNetwork]}
+ step_config: |
+ include ::tripleo::profile::base::neutron::ovn_northd
diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml
index 13df5bbe..97f87061 100644
--- a/puppet/services/services.yaml
+++ b/puppet/services/services.yaml
@@ -42,6 +42,11 @@ resources:
LoggingConfiguration:
type: OS::TripleO::LoggingConfiguration
+ ServiceServerMetadataHook:
+ type: OS::TripleO::ServiceServerMetadataHook
+ properties:
+ RoleData: {get_attr: [ServiceChain, role_data]}
+
outputs:
role_data:
description: Combined Role data for this set of services.
@@ -113,3 +118,4 @@ outputs:
# Note we use distinct() here to filter any identical tasks, e.g yum update for all services
expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct()
data: {get_attr: [ServiceChain, role_data]}
+ service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index ba184ab0..94db9e41 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
OpenStack Swift Proxy service configured with Puppet
@@ -49,6 +49,18 @@ parameters:
default: guest
description: The username for RabbitMQ
type: string
+ SwiftCeilometerPipelineEnabled:
+ description: Set to False to disable the swift proxy ceilometer pipeline.
+ default: True
+ type: boolean
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+
+conditions:
+
+ ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]}
resources:
SwiftBase:
@@ -78,6 +90,8 @@ outputs:
swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
swift::proxy::ceilometer::nonblocking_notify: true
+ tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort}
+ tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled}
tripleo.swift_proxy.firewall_rules:
'122 swift proxy':
dport:
@@ -89,26 +103,34 @@ outputs:
- ResellerAdmin
swift::proxy::versioned_writes::allow_versioned_writes: true
swift::proxy::pipeline:
- - 'catch_errors'
- - 'healthcheck'
- - 'proxy-logging'
- - 'cache'
- - 'ratelimit'
- - 'bulk'
- - 'tempurl'
- - 'formpost'
- - 'authtoken'
- - 'keystone'
- - 'staticweb'
- - 'copy'
- - 'container-quotas'
- - 'account-quotas'
- - 'slo'
- - 'dlo'
- - 'versioned_writes'
- - 'ceilometer'
- - 'proxy-logging'
- - 'proxy-server'
+ yaql:
+ expression: $.data.pipeline.where($ != '')
+ data:
+ pipeline:
+ - 'catch_errors'
+ - 'healthcheck'
+ - 'proxy-logging'
+ - 'cache'
+ - 'ratelimit'
+ - 'bulk'
+ - 'tempurl'
+ - 'formpost'
+ - 'authtoken'
+ - 'keystone'
+ - 'staticweb'
+ - 'copy'
+ - 'container-quotas'
+ - 'account-quotas'
+ - 'slo'
+ - 'dlo'
+ - 'versioned_writes'
+ -
+ if:
+ - ceilometer_pipeline_enabled
+ - 'ceilometer'
+ - ''
+ - 'proxy-logging'
+ - 'proxy-server'
swift::proxy::account_autocreate: true
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples