summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/compute-role.yaml744
-rw-r--r--puppet/controller-role.yaml782
-rw-r--r--puppet/extraconfig/tls/tls-cert-inject.yaml1
-rw-r--r--puppet/role.role.j2.yaml240
-rw-r--r--puppet/services/database/mongodb.yaml6
-rw-r--r--puppet/services/haproxy-internal-tls-certmonger.yaml30
-rw-r--r--puppet/services/haproxy-public-tls-certmonger.yaml36
-rw-r--r--puppet/services/haproxy.yaml26
-rw-r--r--puppet/services/keystone.yaml4
-rw-r--r--puppet/services/neutron-base.yaml7
-rw-r--r--puppet/services/neutron-plugin-ml2-nuage.yaml99
-rw-r--r--puppet/services/neutron-plugin-ml2.yaml5
-rw-r--r--puppet/services/nova-compute.yaml5
-rw-r--r--puppet/services/nova-libvirt.yaml5
14 files changed, 370 insertions, 1620 deletions
diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml
deleted file mode 100644
index af45793e..00000000
--- a/puppet/compute-role.yaml
+++ /dev/null
@@ -1,744 +0,0 @@
-heat_template_version: pike
-
-description: >
- OpenStack hypervisor node configured via Puppet.
-
-parameters:
- ExtraConfig:
- default: {}
- description: |
- Additional hiera configuration to inject into the cluster. Note
- that NovaComputeExtraConfig takes precedence over ExtraConfig.
- type: json
- OvercloudComputeFlavor:
- description: Flavor for the nova compute node
- default: baremetal
- type: string
- constraints:
- - custom_constraint: nova.flavor
- NovaImage:
- type: string
- default: overcloud-full
- constraints:
- - custom_constraint: glance.image
- ImageUpdatePolicy:
- default: 'REBUILD_PRESERVE_EPHEMERAL'
- description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
- type: string
- KeyName:
- description: Name of an existing Nova key pair to enable SSH access to the instances
- type: string
- default: default
- constraints:
- - custom_constraint: nova.keypair
- NeutronPhysicalBridge:
- default: 'br-ex'
- description: An OVS bridge to create for accessing external networks.
- type: string
- NeutronPublicInterface:
- default: nic1
- description: Which interface to add to the NeutronPhysicalBridge.
- type: string
- NodeIndex:
- type: number
- default: 0
- NovaComputeExtraConfig:
- default: {}
- description: |
- NovaCompute specific configuration to inject into the cluster. Same
- structure as ExtraConfig.
- type: json
- NovaComputeIPs:
- default: {}
- type: json
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry.
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- UpdateIdentifier:
- default: ''
- type: string
- description: >
- Setting to a previously unused value during stack-update will trigger
- package update on all nodes
- Hostname:
- type: string
- default: '' # Defaults to Heat created hostname
- HostnameMap:
- type: json
- default: {}
- description: Optional mapping to override hostnames
- NetworkDeploymentActions:
- type: comma_delimited_list
- description: >
- Heat action when to apply network configuration changes
- default: ['CREATE']
- SoftwareConfigTransport:
- default: POLL_SERVER_CFN
- description: |
- How the server should receive the metadata required for software configuration.
- type: string
- constraints:
- - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
- CloudDomain:
- default: 'localdomain'
- type: string
- description: >
- The DNS domain used for the hosts. This must match the
- overcloud_domain_name configured on the undercloud.
- NovaComputeServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This option is
- role-specific and is merged with the values given to the ServerMetadata
- parameter.
- type: json
- ServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This applies to
- all roles and is merged with a role-specific metadata parameter.
- type: json
- NovaComputeSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- ServiceConfigSettings:
- type: json
- default: {}
- ServiceNames:
- type: comma_delimited_list
- default: []
- MonitoringSubscriptions:
- type: comma_delimited_list
- default: []
- ServiceMetadataSettings:
- type: json
- default: {}
- ConfigCommand:
- type: string
- description: Command which will be run whenever configuration data changes
- default: os-refresh-config --timeout 14400
- ConfigCollectSplay:
- type: number
- default: 30
- description: |
- Maximum amount of time to possibly to delay configuation collection
- polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
- the configuration collection to occur as soon as the collection process
- starts. This setting is used to prevent the configuration collection
- processes from polling all at the exact same time.
- UpgradeInitCommand:
- type: string
- description: |
- Command or script snippet to run on all overcloud nodes to
- initialize the upgrade process. E.g. a repository switch.
- default: ''
- UpgradeInitCommonCommand:
- type: string
- description: |
- Common commands required by the upgrades process. This should not
- normally be modified by the operator and is set and unset in the
- major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
- environment files.
- default: ''
- DeploymentServerBlacklistDict:
- default: {}
- type: json
- description: >
- Map of server hostnames to blacklist from any triggered
- deployments. If the value is 1, the server will be blacklisted. This
- parameter is generated from the parent template.
- RoleParameters:
- type: json
- description: Parameters specific to the role
- default: {}
- DeploymentSwiftDataMap:
- type: json
- description: |
- Map of servers to Swift container and object for storing deployment data.
- The keys are the Heat assigned hostnames, and the value is a map of the
- container/object name in Swift. Example value:
- overcloud-controller-0:
- container: overcloud-controller
- object: 0
- overcloud-controller-1:
- container: overcloud-controller
- object: 1
- overcloud-controller-2:
- container: overcloud-controller
- object: 2
- overcloud-novacompute-0:
- container: overcloud-compute
- object: 0
- default: {}
-
-conditions:
- deployment_swift_data_map_unset:
- equals:
- - get_param:
- - DeploymentSwiftDataMap
- - {get_param: Hostname}
- - ""
- server_not_blacklisted:
- not:
- equals:
- - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- - 1
-
-resources:
-
- NovaCompute:
- type: OS::TripleO::ComputeServer
- metadata:
- os-collect-config:
- command: {get_param: ConfigCommand}
- splay: {get_param: ConfigCollectSplay}
- properties:
- image: {get_param: NovaImage}
- image_update_policy:
- get_param: ImageUpdatePolicy
- flavor: {get_param: OvercloudComputeFlavor}
- key_name: {get_param: KeyName}
- networks:
- - network: ctlplane
- user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: UserData}
- name:
- str_replace:
- template: {get_param: Hostname}
- params: {get_param: HostnameMap}
- software_config_transport: {get_param: SoftwareConfigTransport}
- metadata:
- map_merge:
- - {get_param: ServerMetadata}
- - {get_param: NovaComputeServerMetadata}
- - {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: NovaComputeSchedulerHints}
- deployment_swift_data:
- if:
- - deployment_swift_data_map_unset
- - {}
- - {get_param: [DeploymentSwiftDataMap,
- {get_param: Hostname}]}
-
- # Combine the NodeAdminUserData and NodeUserData mime archives
- UserData:
- type: OS::Heat::MultipartMime
- properties:
- parts:
- - config: {get_resource: NodeAdminUserData}
- type: multipart
- - config: {get_resource: NodeUserData}
- type: multipart
- - config: {get_resource: RoleUserData}
- type: multipart
-
- # Creates the "heat-admin" user if configured via the environment
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeAdminUserData:
- type: OS::TripleO::NodeAdminUserData
-
- # For optional operator additional userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeUserData:
- type: OS::TripleO::NodeUserData
-
- # For optional operator role-specific userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- RoleUserData:
- type: OS::TripleO::Compute::NodeUserData
-
- ExternalPort:
- type: OS::TripleO::Compute::Ports::ExternalPort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- InternalApiPort:
- type: OS::TripleO::Compute::Ports::InternalApiPort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StoragePort:
- type: OS::TripleO::Compute::Ports::StoragePort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StorageMgmtPort:
- type: OS::TripleO::Compute::Ports::StorageMgmtPort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- TenantPort:
- type: OS::TripleO::Compute::Ports::TenantPort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- ManagementPort:
- type: OS::TripleO::Compute::Ports::ManagementPort
- properties:
- ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- IPPool: {get_param: NovaComputeIPs}
- NodeIndex: {get_param: NodeIndex}
-
- NetIpMap:
- type: OS::TripleO::Network::Ports::NetIpMap
- properties:
- ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- ExternalIp: {get_attr: [ExternalPort, ip_address]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
- InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
- StorageIp: {get_attr: [StoragePort, ip_address]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
- StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
- TenantIp: {get_attr: [TenantPort, ip_address]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
- ManagementIp: {get_attr: [ManagementPort, ip_address]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
- ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
-
- NetHostMap:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- external:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - external
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - external
- internal_api:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - internalapi
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - internalapi
- storage:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - storage
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - storage
- storage_mgmt:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - storagemgmt
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - storagemgmt
- tenant:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - tenant
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - tenant
- management:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - management
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - management
- ctlplane:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - ctlplane
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [NovaCompute, name]}
- - ctlplane
-
- PreNetworkConfig:
- type: OS::TripleO::Compute::PreNetworkConfig
- properties:
- server: {get_resource: NovaCompute}
- RoleParameters: {get_param: RoleParameters}
- ServiceNames: {get_param: ServiceNames}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
- NetworkConfig:
- type: OS::TripleO::Compute::Net::SoftwareConfig
- properties:
- ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
-
- NetworkDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: PreNetworkConfig
- properties:
- name: NetworkDeployment
- actions:
- if:
- - server_not_blacklisted
- - {get_param: NetworkDeploymentActions}
- - []
- config: {get_resource: NetworkConfig}
- server: {get_resource: NovaCompute}
- input_values:
- bridge_name: {get_param: NeutronPhysicalBridge}
- interface_name: {get_param: NeutronPublicInterface}
-
- NovaComputeUpgradeInitConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - "#!/bin/bash\n\n"
- - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- - get_param: UpgradeInitCommand
- - get_param: UpgradeInitCommonCommand
-
- # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
- # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- NovaComputeUpgradeInitDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: NovaComputeUpgradeInitDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- server: {get_resource: NovaCompute}
- config: {get_resource: NovaComputeUpgradeInitConfig}
-
- NovaComputeConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: hiera
- config:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - config_step
- - compute_extraconfig
- - extraconfig
- - service_names
- - service_configs
- - compute
- - bootstrap_node # provided by allNodesConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre
- - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre
- - nova_nuage_data # Optionally provided by ComputeExtraConfigPre
- - midonet_data # Optionally provided by AllNodesExtraConfig
- - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre
- - cisco_aci_data # Optionally provided by ComputeExtraConfigPre
- merge_behavior: deeper
- datafiles:
- service_names:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- compute_extraconfig: {get_param: NovaComputeExtraConfig}
- extraconfig: {get_param: ExtraConfig}
- compute:
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
- fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
-
- NovaComputeDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: NovaComputeUpgradeInitDeployment
- properties:
- name: NovaComputeDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- config: {get_resource: NovaComputeConfig}
- server: {get_resource: NovaCompute}
- input_values:
- enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
-
- # Resource for site-specific injection of root certificate
- NodeTLSCAData:
- depends_on: NovaComputeDeployment
- type: OS::TripleO::NodeTLSCAData
- properties:
- server: {get_resource: NovaCompute}
-
- # Hook for site-specific additional pre-deployment config, e.g extra hieradata
- ComputeExtraConfigPre:
- depends_on: NovaComputeDeployment
- type: OS::TripleO::ComputeExtraConfigPre
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: NovaCompute}
-
- # Hook for site-specific additional pre-deployment config,
- # applying to all nodes, e.g node registration/unregistration
- NodeExtraConfig:
- depends_on: [ComputeExtraConfigPre, NodeTLSCAData]
- type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: NovaCompute}
-
- UpdateConfig:
- type: OS::TripleO::Tasks::PackageUpdate
-
- UpdateDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: UpdateDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- config: {get_resource: UpdateConfig}
- server: {get_resource: NovaCompute}
- input_values:
- update_identifier:
- get_param: UpdateIdentifier
-
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- SshHostPubKey:
- type: OS::TripleO::Ssh::HostPubKey
- depends_on: NovaComputeDeployment
- properties:
- server: {get_resource: NovaCompute}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
-outputs:
- ip_address:
- description: IP address of the server in the ctlplane network
- value: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- external_ip_address:
- description: IP address of the server in the external network
- value: {get_attr: [ExternalPort, ip_address]}
- internal_api_ip_address:
- description: IP address of the server in the internal_api network
- value: {get_attr: [InternalApiPort, ip_address]}
- storage_ip_address:
- description: IP address of the server in the storage network
- value: {get_attr: [StoragePort, ip_address]}
- storage_mgmt_ip_address:
- description: IP address of the server in the storage_mgmt network
- value: {get_attr: [StorageMgmtPort, ip_address]}
- tenant_ip_address:
- description: IP address of the server in the tenant network
- value: {get_attr: [TenantPort, ip_address]}
- management_ip_address:
- description: IP address of the server in the management network
- value: {get_attr: [ManagementPort, ip_address]}
- deployed_server_port_map:
- description: |
- Map of Heat created hostname of the server to ip address. This is the
- hostname before it has been mapped with the HostnameMap parameter, and
- the IP address from the ctlplane network. This map can be used to construct
- the DeployedServerPortMap parameter when using split-stack.
- value:
- map_replace:
- - hostname:
- fixed_ips:
- - ip_address: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- - keys:
- hostname:
- list_join:
- - '-'
- - - {get_param: Hostname}
- - ctlplane
- deployed_server_deployment_swift_data_map:
- description:
- Map of Heat created hostname of the server to the Swift container and object
- used to created the temporary url for metadata polling with
- os-collect-config.
- value:
- map_replace:
- - hostname:
- container:
- str_split:
- - '/'
- - {get_attr: [NovaCompute, os_collect_config, request, metadata_url]}
- - 5
- object:
- str_split:
- - '?'
- - str_split:
- - '/'
- - {get_attr: [NovaCompute, os_collect_config, request, metadata_url]}
- - 6
- - 0
- - keys: {hostname: {get_param: Hostname}}
- hostname:
- description: Hostname of the server
- value: {get_attr: [NovaCompute, name]}
- hostname_map:
- description: Mapping of network names to hostnames
- value:
- external: {get_attr: [NetHostMap, value, external, fqdn]}
- internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- management: {get_attr: [NetHostMap, value, management, fqdn]}
- ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- hosts_entry:
- description: >
- Server's IP address and hostname in the /etc/hosts format
- value:
- str_replace:
- template: |
- PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
- STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
- TENANTIP TENANTHOST.DOMAIN TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
- CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [NovaCompute, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- known_hosts_entry:
- description: Entry for ssh known hosts
- value:
- str_replace:
- template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
-EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
-INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
-STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
-STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
-TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
-MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
-CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [NovaCompute, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
- nova_server_resource:
- description: Heat resource handle for the Nova compute server
- value:
- {get_resource: NovaCompute}
- condition: server_not_blacklisted
- os_collect_config:
- description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [NovaCompute, os_collect_config]}
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml
deleted file mode 100644
index 38589a4e..00000000
--- a/puppet/controller-role.yaml
+++ /dev/null
@@ -1,782 +0,0 @@
-heat_template_version: pike
-
-description: >
- OpenStack controller node configured by Puppet.
-
-parameters:
- controllerExtraConfig:
- default: {}
- description: |
- Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
- type: json
- ControllerExtraConfig:
- default: {}
- description: |
- Controller specific hiera configuration data to inject into the cluster.
- type: json
- ControllerIPs:
- default: {}
- description: >
- A network mapped list of IPs to assign to Controllers in the following form:
- {
- "internal_api": ["a.b.c.d", "e.f.g.h"],
- ...
- }
- type: json
- Debug:
- default: ''
- description: Set to True to enable debugging on all services.
- type: string
- ExtraConfig:
- default: {}
- description: |
- Additional hieradata to inject into the cluster, note that
- ControllerExtraConfig takes precedence over ExtraConfig.
- type: json
- OvercloudControlFlavor:
- description: Flavor for control nodes to request when deploying.
- default: baremetal
- type: string
- constraints:
- - custom_constraint: nova.flavor
- controllerImage:
- type: string
- default: overcloud-full
- constraints:
- - custom_constraint: glance.image
- ImageUpdatePolicy:
- default: 'REBUILD_PRESERVE_EPHEMERAL'
- description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
- type: string
- KeyName:
- default: default
- description: Name of an existing Nova key pair to enable SSH access to the instances
- type: string
- constraints:
- - custom_constraint: nova.keypair
- NeutronPhysicalBridge:
- default: 'br-ex'
- description: An OVS bridge to create for accessing external networks.
- type: string
- NeutronPublicInterface:
- default: nic1
- description: Which interface to add to the NeutronPhysicalBridge.
- type: string
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry.
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- UpdateIdentifier:
- default: ''
- type: string
- description: >
- Setting to a previously unused value during stack-update will trigger
- package update on all nodes
- Hostname:
- type: string
- default: '' # Defaults to Heat created hostname
- HostnameMap:
- type: json
- default: {}
- description: Optional mapping to override hostnames
- NetworkDeploymentActions:
- type: comma_delimited_list
- description: >
- Heat action when to apply network configuration changes
- default: ['CREATE']
- NodeIndex:
- type: number
- default: 0
- SoftwareConfigTransport:
- default: POLL_SERVER_CFN
- description: |
- How the server should receive the metadata required for software configuration.
- type: string
- constraints:
- - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
- CloudDomain:
- default: 'localdomain'
- type: string
- description: >
- The DNS domain used for the hosts. This must match the
- overcloud_domain_name configured on the undercloud.
- ControllerServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This option is
- role-specific and is merged with the values given to the ServerMetadata
- parameter.
- type: json
- ServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This applies to
- all roles and is merged with a role-specific metadata parameter.
- type: json
- ControllerSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- ServiceConfigSettings:
- type: json
- default: {}
- ServiceNames:
- type: comma_delimited_list
- default: []
- MonitoringSubscriptions:
- type: comma_delimited_list
- default: []
- ServiceMetadataSettings:
- type: json
- default: {}
- ConfigCommand:
- type: string
- description: Command which will be run whenever configuration data changes
- default: os-refresh-config --timeout 14400
- ConfigCollectSplay:
- type: number
- default: 30
- description: |
- Maximum amount of time to possibly to delay configuation collection
- polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
- the configuration collection to occur as soon as the collection process
- starts. This setting is used to prevent the configuration collection
- processes from polling all at the exact same time.
- UpgradeInitCommand:
- type: string
- description: |
- Command or script snippet to run on all overcloud nodes to
- initialize the upgrade process. E.g. a repository switch.
- default: ''
- UpgradeInitCommonCommand:
- type: string
- description: |
- Common commands required by the upgrades process. This should not
- normally be modified by the operator and is set and unset in the
- major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
- environment files.
- default: ''
- DeploymentServerBlacklistDict:
- default: {}
- type: json
- description: >
- Map of server hostnames to blacklist from any triggered
- deployments. If the value is 1, the server will be blacklisted. This
- parameter is generated from the parent template.
- RoleParameters:
- type: json
- description: Parameters specific to the role
- default: {}
- DeploymentSwiftDataMap:
- type: json
- description: |
- Map of servers to Swift container and object for storing deployment data.
- The keys are the Heat assigned hostnames, and the value is a map of the
- container/object name in Swift. Example value:
- overcloud-controller-0:
- container: overcloud-controller
- object: 0
- overcloud-controller-1:
- container: overcloud-controller
- object: 1
- overcloud-controller-2:
- container: overcloud-controller
- object: 2
- overcloud-novacompute-0:
- container: overcloud-compute
- object: 0
- default: {}
-
-parameter_groups:
-- label: deprecated
- description: Do not use deprecated params, they will be removed.
- parameters:
- - controllerExtraConfig
-
-conditions:
- server_not_blacklisted:
- not:
- equals:
- - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- - 1
- deployment_swift_data_map_unset:
- equals:
- - get_param:
- - DeploymentSwiftDataMap
- - {get_param: Hostname}
- - ""
-
-resources:
-
- Controller:
- type: OS::TripleO::ControllerServer
- metadata:
- os-collect-config:
- command: {get_param: ConfigCommand}
- splay: {get_param: ConfigCollectSplay}
- properties:
- image: {get_param: controllerImage}
- image_update_policy: {get_param: ImageUpdatePolicy}
- flavor: {get_param: OvercloudControlFlavor}
- key_name: {get_param: KeyName}
- networks:
- - network: ctlplane
- user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: UserData}
- name:
- str_replace:
- template: {get_param: Hostname}
- params: {get_param: HostnameMap}
- software_config_transport: {get_param: SoftwareConfigTransport}
- metadata:
- map_merge:
- - {get_param: ServerMetadata}
- - {get_param: ControllerServerMetadata}
- - {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: ControllerSchedulerHints}
- deployment_swift_data:
- if:
- - deployment_swift_data_map_unset
- - {}
- - {get_param: [DeploymentSwiftDataMap,
- {get_param: Hostname}]}
-
- # Combine the NodeAdminUserData and NodeUserData mime archives
- UserData:
- type: OS::Heat::MultipartMime
- properties:
- parts:
- - config: {get_resource: NodeAdminUserData}
- type: multipart
- - config: {get_resource: NodeUserData}
- type: multipart
- - config: {get_resource: RoleUserData}
- type: multipart
-
- # Creates the "heat-admin" user if configured via the environment
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeAdminUserData:
- type: OS::TripleO::NodeAdminUserData
-
- # For optional operator additional userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeUserData:
- type: OS::TripleO::NodeUserData
-
- # For optional operator role-specific userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- RoleUserData:
- type: OS::TripleO::Controller::NodeUserData
-
- ExternalPort:
- type: OS::TripleO::Controller::Ports::ExternalPort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- InternalApiPort:
- type: OS::TripleO::Controller::Ports::InternalApiPort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- StoragePort:
- type: OS::TripleO::Controller::Ports::StoragePort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- StorageMgmtPort:
- type: OS::TripleO::Controller::Ports::StorageMgmtPort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- TenantPort:
- type: OS::TripleO::Controller::Ports::TenantPort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- ManagementPort:
- type: OS::TripleO::Controller::Ports::ManagementPort
- properties:
- IPPool: {get_param: ControllerIPs}
- NodeIndex: {get_param: NodeIndex}
- ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
-
- NetIpMap:
- type: OS::TripleO::Network::Ports::NetIpMap
- properties:
- ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
- ExternalIp: {get_attr: [ExternalPort, ip_address]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
- InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
- StorageIp: {get_attr: [StoragePort, ip_address]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
- StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
- TenantIp: {get_attr: [TenantPort, ip_address]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
- ManagementIp: {get_attr: [ManagementPort, ip_address]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
- ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
-
- NetHostMap:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- external:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - external
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - external
- internal_api:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - internalapi
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - internalapi
- storage:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - storage
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - storage
- storage_mgmt:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - storagemgmt
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - storagemgmt
- tenant:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - tenant
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - tenant
- management:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - management
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - management
- ctlplane:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - ctlplane
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [Controller, name]}
- - ctlplane
-
- PreNetworkConfig:
- type: OS::TripleO::Controller::PreNetworkConfig
- properties:
- server: {get_resource: Controller}
- RoleParameters: {get_param: RoleParameters}
- ServiceNames: {get_param: ServiceNames}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
- NetworkConfig:
- type: OS::TripleO::Controller::Net::SoftwareConfig
- properties:
- ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
-
- NetworkDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: PreNetworkConfig
- properties:
- name: NetworkDeployment
- config: {get_resource: NetworkConfig}
- server: {get_resource: Controller}
- actions:
- if:
- - server_not_blacklisted
- - {get_param: NetworkDeploymentActions}
- - []
- input_values:
- bridge_name: {get_param: NeutronPhysicalBridge}
- interface_name: {get_param: NeutronPublicInterface}
-
- # Resource for site-specific injection of root certificate
- NodeTLSCAData:
- depends_on: NetworkDeployment
- type: OS::TripleO::NodeTLSCAData
- properties:
- server: {get_resource: Controller}
-
- # Resource for site-specific passing of private keys/certificates
- NodeTLSData:
- depends_on: NodeTLSCAData
- type: OS::TripleO::NodeTLSData
- properties:
- server: {get_resource: Controller}
- NodeIndex: {get_param: NodeIndex}
-
- ControllerUpgradeInitConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - "#!/bin/bash\n\n"
- - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- - get_param: UpgradeInitCommand
- - get_param: UpgradeInitCommonCommand
-
- # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
- # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- ControllerUpgradeInitDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: ControllerUpgradeInitDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- server: {get_resource: Controller}
- config: {get_resource: ControllerUpgradeInitConfig}
-
- ControllerDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: ControllerUpgradeInitDeployment
- properties:
- name: ControllerDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- config: {get_resource: ControllerConfig}
- server: {get_resource: Controller}
- input_values:
- enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
-
- # Map heat metadata into hiera datafiles
- ControllerConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: hiera
- config:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - config_step
- - controller_extraconfig
- - extraconfig
- - service_configs
- - service_names
- - controller
- - bootstrap_node # provided by BootstrapNodeConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
- - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
- - midonet_data #Optionally provided by AllNodesExtraConfig
- - cisco_aci_data # Optionally provided by ControllerExtraConfigPre
- merge_behavior: deeper
- datafiles:
- service_names:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- controller_extraconfig:
- map_merge:
- - {get_param: controllerExtraConfig}
- - {get_param: ControllerExtraConfig}
- extraconfig: {get_param: ExtraConfig}
- controller:
- # Misc
- tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
- fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
-
- # Hook for site-specific additional pre-deployment config, e.g extra hieradata
- ControllerExtraConfigPre:
- depends_on: ControllerDeployment
- type: OS::TripleO::ControllerExtraConfigPre
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: Controller}
-
- # Hook for site-specific additional pre-deployment config,
- # applying to all nodes, e.g node registration/unregistration
- NodeExtraConfig:
- depends_on: [ControllerExtraConfigPre, NodeTLSData]
- type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: Controller}
-
- UpdateConfig:
- type: OS::TripleO::Tasks::PackageUpdate
-
- UpdateDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: UpdateDeployment
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
- config: {get_resource: UpdateConfig}
- server: {get_resource: Controller}
- input_values:
- update_identifier:
- get_param: UpdateIdentifier
-
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- SshHostPubKey:
- type: OS::TripleO::Ssh::HostPubKey
- depends_on: ControllerDeployment
- properties:
- server: {get_resource: Controller}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
-outputs:
- ip_address:
- description: IP address of the server in the ctlplane network
- value: {get_attr: [Controller, networks, ctlplane, 0]}
- external_ip_address:
- description: IP address of the server in the external network
- value: {get_attr: [ExternalPort, ip_address]}
- internal_api_ip_address:
- description: IP address of the server in the internal_api network
- value: {get_attr: [InternalApiPort, ip_address]}
- storage_ip_address:
- description: IP address of the server in the storage network
- value: {get_attr: [StoragePort, ip_address]}
- storage_mgmt_ip_address:
- description: IP address of the server in the storage_mgmt network
- value: {get_attr: [StorageMgmtPort, ip_address]}
- tenant_ip_address:
- description: IP address of the server in the tenant network
- value: {get_attr: [TenantPort, ip_address]}
- management_ip_address:
- description: IP address of the server in the management network
- value: {get_attr: [ManagementPort, ip_address]}
- deployed_server_port_map:
- description:
- Map of Heat created hostname of the server to ip address. This is the
- hostname before it has been mapped with the HostnameMap parameter, and
- the IP address from the ctlplane network. This map can be used to construct
- the DeployedServerPortMap parameter when using split-stack.
- value:
- map_replace:
- - hostname:
- fixed_ips:
- - ip_address: {get_attr: [Controller, networks, ctlplane, 0]}
- - keys:
- hostname:
- list_join:
- - '-'
- - - {get_param: Hostname}
- - ctlplane
- deployed_server_deployment_swift_data_map:
- description:
- Map of Heat created hostname of the server to the Swift container and object
- used to created the temporary url for metadata polling with
- os-collect-config.
- value:
- map_replace:
- - hostname:
- container:
- str_split:
- - '/'
- - {get_attr: [Controller, os_collect_config, request, metadata_url]}
- - 5
- object:
- str_split:
- - '?'
- - str_split:
- - '/'
- - {get_attr: [Controller, os_collect_config, request, metadata_url]}
- - 6
- - 0
- - keys: {hostname: {get_param: Hostname}}
- hostname:
- description: Hostname of the server
- value: {get_attr: [Controller, name]}
- hostname_map:
- description: Mapping of network names to hostnames
- value:
- external: {get_attr: [NetHostMap, value, external, fqdn]}
- internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- management: {get_attr: [NetHostMap, value, management, fqdn]}
- ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- hosts_entry:
- description: >
- Server's IP address and hostname in the /etc/hosts format
- value:
- str_replace:
- template: |
- PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
- STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
- TENANTIP TENANTHOST.DOMAIN TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
- CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [Controller, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- known_hosts_entry:
- description: Entry for ssh known hosts
- value:
- str_replace:
- template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
-EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
-INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
-STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
-STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
-TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
-MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
-CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [Controller, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
- nova_server_resource:
- description: Heat resource handle for the Nova compute server
- value:
- {get_resource: Controller}
- condition: server_not_blacklisted
- tls_key_modulus_md5:
- description: MD5 checksum of the TLS Key Modulus
- value: {get_attr: [NodeTLSData, key_modulus_md5]}
- tls_cert_modulus_md5:
- description: MD5 checksum of the TLS Certificate Modulus
- value: {get_attr: [NodeTLSData, cert_modulus_md5]}
- os_collect_config:
- description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [Controller, os_collect_config]}
diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml
index 8cba4351..e81b1142 100644
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@@ -7,6 +7,7 @@ description: >
parameters:
# Can be overridden via parameter_defaults in the environment
SSLCertificate:
+ default: ''
description: >
The content of the SSL certificate (without Key) in PEM format.
type: string
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index 23d8896e..5453e65c 100644
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -1,27 +1,40 @@
-{# ## Some variables are set to enable rendering backwards compatible templates #}
-{# ## where a few parameter/resource names don't match the expected pattern #}
-{# ## FIXME: we need some way to deprecate the old inconsistent parameters #}
-{%- if role.name == 'Controller' -%}
- {%- set deprecated_extraconfig_param = 'controllerExtraConfig' -%}
-{% endif %}
+{#- ## Some variables are set to enable rendering backwards compatible templates #}
+{#- ## where a few parameter/resource names don't match the expected pattern #}
+{#- ## FIXME: we need some way to deprecate the old inconsistent parameters #}
+{%- set server_resource_name = role.deprecated_server_resource_name|default(role.name) -%}
heat_template_version: pike
description: 'OpenStack {{role.name}} node configured by Puppet'
parameters:
+{%- set default_flavor_name = 'baremetal' %}
+{%- if role.deprecated_param_flavor is defined %}
+ {{role.deprecated_param_flavor}}:
+ description: DEPRECATED Use Overcloud{{role.name}}Flavor instead.
+ default: {{default_flavor_name}}
+ type: string
+{%- endif %}
Overcloud{{role.name}}Flavor:
description: Flavor for the {{role.name}} node.
- default: baremetal
+ default: {{default_flavor_name}}
type: string
-{% if role.disable_constraints is not defined %}
+{%- if role.disable_constraints is not defined %}
constraints:
- custom_constraint: nova.flavor
-{% endif %}
+{%- endif %}
+{%- set default_image_name = 'overcloud-full' %}
+{%- if role.deprecated_param_image is defined %}
+ {{role.deprecated_param_image}}:
+ type: string
+ default: {{default_image_name}}
+ description: DEPRECATED Use {{role.name}}Image instead
+{%- endif %}
{{role.name}}Image:
type: string
- default: overcloud-full
-{% if role.disable_constraints is not defined %}
+ default: {{default_image_name}}
+ description: The disk image file to use for the role.
+{%- if role.disable_constraints is not defined %}
constraints:
- custom_constraint: glance.image
-{% endif %}
+{%- endif %}
ImageUpdatePolicy:
default: 'REBUILD_PRESERVE_EPHEMERAL'
description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
@@ -30,13 +43,13 @@ parameters:
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
default: default
-{% if role.disable_constraints is not defined %}
+{%- if role.disable_constraints is not defined %}
constraints:
- custom_constraint: nova.keypair
-{% endif %}
+{%- endif %}
NeutronPhysicalBridge:
default: 'br-ex'
- description: An OVS bridge to create for accessing tenant networks.
+ description: An OVS bridge to create for accessing external networks.
type: string
NeutronPublicInterface:
default: nic1
@@ -76,8 +89,8 @@ parameters:
description: |
Role specific additional hiera configuration to inject into the cluster.
type: json
-{%- if deprecated_extraconfig_param is defined %}
- {{deprecated_extraconfig_param}}:
+{%- if role.deprecated_param_extraconfig is defined %}
+ {{role.deprecated_param_extraconfig}}:
default: {}
description: |
DEPRECATED use {{role.name}}ExtraConfig instead
@@ -86,6 +99,12 @@ parameters:
{{role.name}}IPs:
default: {}
type: json
+{%- if role.deprecated_param_ips is defined %}
+ {{role.deprecated_param_ips}}:
+ default: {}
+ description: DEPRECATED - use {{role.name}}IPs instead
+ type: json
+{%- endif %}
NetworkDeploymentActions:
type: comma_delimited_list
description: >
@@ -112,6 +131,12 @@ parameters:
role-specific and is merged with the values given to the ServerMetadata
parameter.
type: json
+{%- if role.deprecated_param_metadata is defined %}
+ {{role.deprecated_param_metadata}}:
+ default: {}
+ description: DEPRECATED - use {{role.name}}ServerMetadata instead
+ type: json
+{%- endif %}
ServerMetadata:
default: {}
description: >
@@ -123,6 +148,12 @@ parameters:
type: json
description: Optional scheduler hints to pass to nova
default: {}
+{%- if role.deprecated_param_scheduler_hints is defined %}
+ {{role.deprecated_param_scheduler_hints}}:
+ type: json
+ description: DEPRECATED - use {{role.name}}SchedulerHints instead
+ default: {}
+{%- endif %}
NodeIndex:
type: number
default: 0
@@ -202,12 +233,16 @@ parameters:
object: 0
default: {}
-{% if deprecated_extraconfig_param is defined %}
+{% if role.uses_deprecated_params is defined %}
parameter_groups:
- label: deprecated
description: Do not use deprecated params, they will be removed.
parameters:
- - {{deprecated_extraconfig_param}}
+{%- for property in role %}
+{%- if property.startswith('deprecated_param_') %}
+ - {{role[property]}}
+{%- endif %}
+{%- endfor %}
{%- endif %}
conditions:
@@ -222,18 +257,48 @@ conditions:
- DeploymentSwiftDataMap
- {get_param: Hostname}
- ""
+{%- if role.deprecated_param_image is defined %}
+ deprecated_param_image_set:
+ not:
+ equals:
+ - {get_param: {{role.deprecated_param_image}}}
+ - {{default_image_name}}
+{%- endif %}
+{%- if role.deprecated_param_flavor is defined %}
+ deprecated_param_flavor_set:
+ not:
+ equals:
+ - {get_param: {{role.deprecated_param_flavor}}}
+ - {{default_flavor_name}}
+{%- endif %}
resources:
- {{role.name}}:
+ {{server_resource_name}}:
type: OS::TripleO::{{role.name}}Server
metadata:
os-collect-config:
command: {get_param: ConfigCommand}
splay: {get_param: ConfigCollectSplay}
properties:
- image: {get_param: {{role.name}}Image}
+ image:
+{%- if role.deprecated_param_image is defined %}
+ if:
+ - deprecated_param_image_set
+ - {get_param: {{role.deprecated_param_image}}}
+ - {get_param: {{role.name}}Image}
+{%- else %}
+ get_param: {{role.name}}Image
+{%- endif %}
image_update_policy: {get_param: ImageUpdatePolicy}
- flavor: {get_param: Overcloud{{role.name}}Flavor}
+ flavor:
+{%- if role.deprecated_param_flavor is defined %}
+ if:
+ - deprecated_param_flavor_set
+ - {get_param: {{role.deprecated_param_flavor}}}
+ - {get_param: Overcloud{{role.name}}Flavor}
+{%- else %}
+ get_param: Overcloud{{role.name}}Flavor
+{%- endif %}
key_name: {get_param: KeyName}
networks:
- network: ctlplane
@@ -247,9 +312,17 @@ resources:
metadata:
map_merge:
- {get_param: ServerMetadata}
+{%- if role.deprecated_param_metadata is defined %}
+ - {get_param: {{role.deprecated_param_metadata}}}
+{%- endif %}
- {get_param: {{role.name}}ServerMetadata}
- {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: {{role.name}}SchedulerHints}
+ scheduler_hints:
+ map_merge:
+{%- if role.deprecated_param_scheduler_hints is defined %}
+ - {get_param: {{role.deprecated_param_scheduler_hints}}}
+{%- endif %}
+ - {get_param: {{role.name}}SchedulerHints}
deployment_swift_data:
if:
- deployment_swift_data_map_unset
@@ -288,15 +361,20 @@ resources:
{{network.name}}Port:
type: OS::TripleO::{{role.name}}::Ports::{{network.name}}Port
properties:
- ControlPlaneIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
- IPPool: {get_param: {{role.name}}IPs}
+ ControlPlaneIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
+ IPPool:
+ map_merge:
+{%- if role.deprecated_param_ips is defined %}
+ - {get_param: {{role.deprecated_param_ips}}}
+{%- endif %}
+ - {get_param: {{role.name}}IPs}
NodeIndex: {get_param: NodeIndex}
{%- endfor %}
NetworkConfig:
type: OS::TripleO::{{role.name}}::Net::SoftwareConfig
properties:
- ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
{%- for network in networks %}
{{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
{%- endfor %}
@@ -304,7 +382,7 @@ resources:
NetIpMap:
type: OS::TripleO::Network::Ports::NetIpMap
properties:
- ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ ControlPlaneIp: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
{%- for network in networks %}
{{network.name}}Ip: {get_attr: [{{network.name}}Port, ip_address]}
{{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]}
@@ -320,91 +398,91 @@ resources:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- external
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- external
internal_api:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- internalapi
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- internalapi
storage:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- storage
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- storage
storage_mgmt:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- storagemgmt
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- storagemgmt
tenant:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- tenant
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- tenant
management:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- management
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- management
ctlplane:
fqdn:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- ctlplane
- {get_param: CloudDomain}
short:
list_join:
- '.'
- - - {get_attr: [{{role.name}}, name]}
+ - - {get_attr: [{{server_resource_name}}, name]}
- ctlplane
PreNetworkConfig:
type: OS::TripleO::{{role.name}}::PreNetworkConfig
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
RoleParameters: {get_param: RoleParameters}
ServiceNames: {get_param: ServiceNames}
deployment_actions: {get_attr: [DeploymentActions, value]}
@@ -415,7 +493,7 @@ resources:
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
actions: {get_param: NetworkDeploymentActions}
input_values:
bridge_name: {get_param: NeutronPhysicalBridge}
@@ -426,7 +504,7 @@ resources:
- {get_param: NetworkDeploymentActions}
- []
- {{role.name}}UpgradeInitConfig:
+ {{server_resource_name}}UpgradeInitConfig:
type: OS::Heat::SoftwareConfig
properties:
group: script
@@ -440,26 +518,26 @@ resources:
# Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
# but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- {{role.name}}UpgradeInitDeployment:
+ {{server_resource_name}}UpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
properties:
- name: {{role.name}}UpgradeInitDeployment
- server: {get_resource: {{role.name}}}
- config: {get_resource: {{role.name}}UpgradeInitConfig}
+ name: {{server_resource_name}}UpgradeInitDeployment
+ server: {get_resource: {{server_resource_name}}}
+ config: {get_resource: {{server_resource_name}}UpgradeInitConfig}
actions:
if:
- server_not_blacklisted
- ['CREATE', 'UPDATE']
- []
- {{role.name}}Deployment:
+ {{server_resource_name}}Deployment:
type: OS::Heat::StructuredDeployment
- depends_on: {{role.name}}UpgradeInitDeployment
+ depends_on: {{server_resource_name}}UpgradeInitDeployment
properties:
- name: {{role.name}}Deployment
- config: {get_resource: {{role.name}}Config}
- server: {get_resource: {{role.name}}}
+ name: {{server_resource_name}}Deployment
+ config: {get_resource: {{server_resource_name}}Config}
+ server: {get_resource: {{server_resource_name}}}
input_values:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
actions:
@@ -468,7 +546,7 @@ resources:
- ['CREATE', 'UPDATE']
- []
- {{role.name}}Config:
+ {{server_resource_name}}Config:
type: OS::Heat::StructuredConfig
properties:
group: hiera
@@ -486,6 +564,13 @@ resources:
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
+ # The following are required for compatibility with the Controller role
+ # where some vendor integrations added hieradata via ExtraConfigPre
+ - neutron_bigswitch_data # Optionally provided by Controller/ComputeExtraConfigPre
+ - neutron_cisco_data # Optionally provided by Controller/ComputeExtraConfigPre
+ - cisco_n1kv_data # Optionally provided by Controller/ComputeExtraConfigPre
+ - midonet_data #Optionally provided by AllNodesExtraConfig
+ - cisco_aci_data # Optionally provided by Controller/ComputeExtraConfigPre
merge_behavior: deeper
datafiles:
service_names:
@@ -497,10 +582,10 @@ resources:
- values: {get_attr: [NetIpMap, net_ip_map]}
{{role.name.lower()}}_extraconfig:
map_merge:
-{%- if deprecated_extraconfig_param is defined %}
- - {get_param: {{deprecated_extraconfig_param}}}
+{%- if role.deprecated_param_extraconfig is defined %}
+ - {get_param: {{role.deprecated_param_extraconfig}}}
{%- endif %}
- - {get_param: {{role.name}}ExtraConfig}
+ - {get_param: {{server_resource_name}}ExtraConfig}
extraconfig: {get_param: ExtraConfig}
{{role.name.lower()}}:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
@@ -513,16 +598,13 @@ resources:
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
- {%- if 'primary' in role.tags and 'controller' in role.tags %}
- tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
- {%- endif -%}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
depends_on: NetworkDeployment
type: OS::TripleO::NodeTLSCAData
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
{%- if 'primary' in role.tags and 'controller' in role.tags %}
# Resource for site-specific passing of private keys/certificates
@@ -530,19 +612,19 @@ resources:
depends_on: NodeTLSCAData
type: OS::TripleO::NodeTLSData
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
NodeIndex: {get_param: NodeIndex}
{%- endif -%}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
{{role.name}}ExtraConfigPre:
- depends_on: {{role.name}}Deployment
+ depends_on: {{server_resource_name}}Deployment
type: OS::TripleO::{{role.name}}ExtraConfigPre
# We have to use conditions here so that we don't break backwards
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
# Hook for site-specific additional pre-deployment config,
# applying to all nodes, e.g node registration/unregistration
@@ -559,7 +641,7 @@ resources:
# compatibility with templates everywhere
condition: server_not_blacklisted
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
UpdateConfig:
type: OS::TripleO::Tasks::PackageUpdate
@@ -570,7 +652,7 @@ resources:
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
input_values:
update_identifier:
get_param: UpdateIdentifier
@@ -591,18 +673,18 @@ resources:
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
- depends_on: {{role.name}}Deployment
+ depends_on: {{server_resource_name}}Deployment
properties:
- server: {get_resource: {{role.name}}}
+ server: {get_resource: {{server_resource_name}}}
deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
description: IP address of the server in the ctlplane network
- value: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ value: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
hostname:
description: Hostname of the server
- value: {get_attr: [{{role.name}}, name]}
+ value: {get_attr: [{{server_resource_name}}, name]}
hostname_map:
description: Mapping of network names to hostnames
value:
@@ -622,12 +704,12 @@ outputs:
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [{{role.name}}, name]}
+ PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
{%- for network in networks %}
{{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
{{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
{%- endfor %}
- CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
known_hosts_entry:
description: Entry for ssh known hosts
@@ -641,18 +723,18 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [{{role.name}}, name]}
+ PRIMARYHOST: {get_attr: [{{server_resource_name}}, name]}
{%- for network in networks %}
{{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]}
{{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]}
{%- endfor %}
- CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ CTLPLANEIP: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
nova_server_resource:
description: Heat resource handle for {{role.name}} server
value:
- {get_resource: {{role.name}}}
+ {get_resource: {{server_resource_name}}}
condition: server_not_blacklisted
deployed_server_port_map:
description: |
@@ -664,7 +746,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
map_replace:
- hostname:
fixed_ips:
- - ip_address: {get_attr: [{{role.name}}, networks, ctlplane, 0]}
+ - ip_address: {get_attr: [{{server_resource_name}}, networks, ctlplane, 0]}
- keys:
hostname:
list_join:
@@ -682,14 +764,14 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
container:
str_split:
- '/'
- - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]}
+ - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]}
- 5
object:
str_split:
- '?'
- str_split:
- '/'
- - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]}
+ - {get_attr: [{{server_resource_name}}, os_collect_config, request, metadata_url]}
- 6
- 0
- keys: {hostname: {get_param: Hostname}}
@@ -703,7 +785,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
{%- endif %}
os_collect_config:
description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [{{role.name}}, os_collect_config]}
+ value: {get_attr: [{{server_resource_name}}, os_collect_config]}
{%- for network in networks %}
{{network.name_lower|default(network.name.lower())}}_ip_address:
description: IP address of the server in the {{network.name}} network
diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml
index 04f34e24..dcead0f7 100644
--- a/puppet/services/database/mongodb.yaml
+++ b/puppet/services/database/mongodb.yaml
@@ -47,6 +47,11 @@ parameters:
EnableInternalTLS:
type: boolean
default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
conditions:
@@ -98,6 +103,7 @@ outputs:
generate_service_certificates: true
mongodb::server::ssl: true
mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem'
+ mongodb::server::ssl_ca: {get_param: InternalTLSCAFile}
mongodb_certificate_specs:
service_pem: '/etc/pki/tls/certs/mongodb.pem'
service_certificate: '/etc/pki/tls/certs/mongodb.crt'
diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml
index 3355a0d3..642685a8 100644
--- a/puppet/services/haproxy-internal-tls-certmonger.yaml
+++ b/puppet/services/haproxy-internal-tls-certmonger.yaml
@@ -30,6 +30,12 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ HAProxyInternalTLSCertsDirectory:
+ default: '/etc/pki/tls/certs/haproxy'
+ type: string
+ HAProxyInternalTLSKeysDirectory:
+ default: '/etc/pki/tls/private/haproxy'
+ type: string
resources:
@@ -55,16 +61,30 @@ outputs:
config_settings:
generate_service_certificates: true
tripleo::haproxy::use_internal_certificates: true
- tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
- tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
+ tripleo::certmonger::haproxy_dirs::certificate_dir:
+ get_param: HAProxyInternalTLSCertsDirectory
+ tripleo::certmonger::haproxy_dirs::key_dir:
+ get_param: HAProxyInternalTLSKeysDirectory
certificates_specs:
map_merge:
repeat:
template:
haproxy-NETWORK:
- service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.pem'
- service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.crt'
- service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-NETWORK.key'
+ service_pem:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-NETWORK.pem'
+ service_certificate:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-NETWORK.crt'
+ service_key:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSKeysDirectory}
+ - '/overcloud-haproxy-NETWORK.key'
hostname: "%{hiera('cloud_name_NETWORK')}"
postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml
index f1739f78..b2766c44 100644
--- a/puppet/services/haproxy-public-tls-certmonger.yaml
+++ b/puppet/services/haproxy-public-tls-certmonger.yaml
@@ -30,6 +30,12 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ HAProxyInternalTLSCertsDirectory:
+ default: '/etc/pki/tls/certs/haproxy'
+ type: string
+ HAProxyInternalTLSKeysDirectory:
+ default: '/etc/pki/tls/private/haproxy'
+ type: string
outputs:
role_data:
@@ -38,14 +44,32 @@ outputs:
service_name: haproxy_public_tls_certmonger
config_settings:
generate_service_certificates: true
- tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
- tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
- tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
+ tripleo::haproxy::service_certificate:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-external.pem'
+ tripleo::certmonger::haproxy_dirs::certificate_dir:
+ get_param: HAProxyInternalTLSCertsDirectory
+ tripleo::certmonger::haproxy_dirs::key_dir:
+ get_param: HAProxyInternalTLSKeysDirectory
certificates_specs:
haproxy-external:
- service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
- service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt'
- service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-external.key'
+ service_pem:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-external.pem'
+ service_certificate:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/overcloud-haproxy-external.crt'
+ service_key:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSKeysDirectory}
+ - '/overcloud-haproxy-external.key'
hostname: "%{hiera('cloud_name_external')}"
postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_external')}"
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index a37135da..6b2d028f 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -57,6 +57,16 @@ parameters:
MonitoringSubscriptionHaproxy:
default: 'overcloud-haproxy'
type: string
+ SSLCertificate:
+ default: ''
+ description: >
+ The content of the SSL certificate (without Key) in PEM format.
+ type: string
+ DeployedSSLCertificatePath:
+ default: '/etc/pki/tls/private/overcloud_endpoint.pem'
+ description: >
+ The filepath of the certificate as it will be stored in the controller.
+ type: string
InternalTLSCAFile:
default: '/etc/ipa/ca.crt'
type: string
@@ -68,6 +78,14 @@ parameters:
description: Specifies the default CRL PEM file to use for revocation if
TLS is used for services in the internal network.
+conditions:
+
+ public_tls_enabled:
+ not:
+ equals:
+ - {get_param: SSLCertificate}
+ - ""
+
resources:
HAProxyPublicTLS:
@@ -98,8 +116,6 @@ outputs:
monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
config_settings:
map_merge:
- - get_attr: [HAProxyPublicTLS, role_data, config_settings]
- - get_attr: [HAProxyInternalTLS, role_data, config_settings]
- tripleo.haproxy.firewall_rules:
'107 haproxy stats':
dport: 1993
@@ -115,6 +131,12 @@ outputs:
map_merge:
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
- get_attr: [HAProxyInternalTLS, role_data, certificates_specs]
+ - if:
+ - public_tls_enabled
+ - tripleo::haproxy::service_certificate: {get_param: DeployedSSLCertificatePath}
+ - {}
+ - get_attr: [HAProxyPublicTLS, role_data, config_settings]
+ - get_attr: [HAProxyInternalTLS, role_data, config_settings]
step_config: |
include ::tripleo::profile::base::haproxy
upgrade_tasks:
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 8796209b..218ba740 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -178,10 +178,10 @@ parameters:
Cron to purge expired tokens - Week Day
default: '*'
KeystoneCronTokenFlushMaxDelay:
- type: string
+ type: number
description: >
Cron to purge expired tokens - Max Delay
- default: '0'
+ default: 0
KeystoneCronTokenFlushDestination:
type: string
description: >
diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml
index b9556890..b6980045 100644
--- a/puppet/services/neutron-base.yaml
+++ b/puppet/services/neutron-base.yaml
@@ -69,6 +69,12 @@ parameters:
networks, neutron uses this value without modification. For overlay
networks such as VXLAN, neutron automatically subtracts the overlay
protocol overhead from this value.
+ NeutronDBSyncExtraParams:
+ default: ''
+ description: |
+ String of extra command line parameters to append to the neutron-db-manage
+ upgrade head command.
+ type: string
ServiceData:
default: {}
description: Dictionary packing service data
@@ -134,6 +140,7 @@ outputs:
neutron::db::database_max_retries: -1
neutron::db::sync::db_sync_timeout: {get_param: DatabaseSyncTimeout}
neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu}
+ neutron::db::sync::extra_params: {get_param: NeutronDBSyncExtraParams}
- if:
- dhcp_agents_zero
- {}
diff --git a/puppet/services/neutron-plugin-ml2-nuage.yaml b/puppet/services/neutron-plugin-ml2-nuage.yaml
new file mode 100644
index 00000000..a7dc2e8b
--- /dev/null
+++ b/puppet/services/neutron-plugin-ml2-nuage.yaml
@@ -0,0 +1,99 @@
+heat_template_version: pike
+
+description: >
+ OpenStack Neutron ML2/Nuage plugin configured with Puppet
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ # Config specific parameters, to be provided via parameter_defaults
+ NeutronNuageNetPartitionName:
+ description: Specifies the title that you will see on the VSD
+ type: string
+ default: 'default_name'
+
+ NeutronNuageVSDIp:
+ description: IP address and port of the Virtual Services Directory
+ type: string
+
+ NeutronNuageVSDUsername:
+ description: Username to be used to log into VSD
+ type: string
+
+ NeutronNuageVSDPassword:
+ description: Password to be used to log into VSD
+ type: string
+
+ NeutronNuageVSDOrganization:
+ description: Organization parameter required to log into VSD
+ type: string
+ default: 'organization'
+
+ NeutronNuageBaseURIVersion:
+ description: URI version to be used based on the VSD release
+ type: string
+ default: 'default_uri_version'
+
+ NeutronNuageCMSId:
+ description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD
+ type: string
+
+ UseForwardedFor:
+ description: Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy.
+ type: boolean
+ default: false
+
+resources:
+
+ NeutronML2Base:
+ type: ./neutron-plugin-ml2.yaml
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron ML2/Nuage plugin
+ value:
+ service_name: neutron_plugin_ml2_nuage
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronML2Base, role_data, config_settings]
+ - neutron::plugins::ml2::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName}
+ neutron::plugins::ml2::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp}
+ neutron::plugins::ml2::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername}
+ neutron::plugins::ml2::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword}
+ neutron::plugins::ml2::nuage::nuage_vsd_organization: {get_param: NeutronNuageVSDOrganization}
+ neutron::plugins::ml2::nuage::nuage_base_uri_version: {get_param: NeutronNuageBaseURIVersion}
+ neutron::plugins::ml2::nuage::nuage_cms_id: {get_param: NeutronNuageCMSId}
+ nova::api::use_forwarded_for: {get_param: UseForwardedFor}
+ step_config: |
+ include tripleo::profile::base::neutron::plugins::ml2
diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml
index dd757b5d..bc91374a 100644
--- a/puppet/services/neutron-plugin-ml2.yaml
+++ b/puppet/services/neutron-plugin-ml2.yaml
@@ -72,6 +72,10 @@ parameters:
default: 'vxlan'
description: The tenant network type for Neutron.
type: comma_delimited_list
+ NeutronFirewallDriver:
+ description: Firewall driver for realizing neutron security group function
+ type: string
+ default: 'openvswitch'
resources:
NeutronBase:
@@ -100,6 +104,7 @@ outputs:
neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges}
neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges}
neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
+ neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver}
step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index 6e1f3f56..36866a3a 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -170,6 +170,11 @@ outputs:
tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort}
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ nova::compute::rbd::rbd_keyring:
+ list_join:
+ - '.'
+ - - 'client'
+ - {get_param: CephClientUserName}
tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend}
rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index e2ae7260..04936c33 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -139,6 +139,11 @@ outputs:
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ nova::compute::rbd::rbd_keyring:
+ list_join:
+ - '.'
+ - - 'client'
+ - {get_param: CephClientUserName}
nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey}
nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID}
tripleo::profile::base::nova::migration::client::libvirt_enabled: true