diff options
Diffstat (limited to 'puppet')
20 files changed, 221 insertions, 18 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml index b5d3b6f8..28fd08da 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -414,7 +414,6 @@ resources: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]} neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} @@ -430,10 +429,7 @@ resources: template: "NETWORK_subnet" params: NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} - redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} redis_vip: {get_param: RedisVirtualIP} - sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} - memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]} # Map heat metadata into hiera datafiles @@ -494,7 +490,6 @@ resources: # Neutron neutron::bind_host: {get_input: neutron_api_network} - neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} @@ -518,18 +513,13 @@ resources: horizon::bind_address: {get_input: horizon_network} horizon::keystone_url: {get_input: keystone_auth_uri} - # Sahara - sahara::host: {get_input: sahara_api_network} - # Redis - redis::bind: {get_input: redis_network} redis_vip: {get_input: redis_vip} # Firewall tripleo::firewall::manage_firewall: {get_input: manage_firewall} tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules} # Misc memcached_ipv6: {get_input: memcached_ipv6} - memcached::listen_ip: {get_input: memcached_network} tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} diff --git a/puppet/services/ca-certs.yaml b/puppet/services/ca-certs.yaml new file mode 100644 index 00000000..1a534156 --- /dev/null +++ b/puppet/services/ca-certs.yaml @@ -0,0 +1,35 @@ +heat_template_version: 2016-04-08 + +description: > + HAproxy service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CAMap: + description: > + Map containing the CA certs and information needed for deploying them. + default: {} + type: json + +outputs: + role_data: + description: Role data for injecting CA certificates. + value: + service_name: ca_certs + config_settings: + tripleo::trusted_cas::ca_map: {get_param: CAMap} + step_config: | + include ::tripleo::trusted_cas diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index 85b9aacc..201a2b7b 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -47,6 +47,9 @@ outputs: # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR + - ceilometer::api::service_name: 'httpd' ceilometer::api::host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} + ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} + ceilometer::wsgi::apache::ssl: false step_config: | include ::tripleo::profile::base::ceilometer::api diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index 40711432..4ed3c007 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -32,6 +32,12 @@ outputs: redis::requirepass: {get_param: RedisPassword} redis::masterauth: {get_param: RedisPassword} redis::sentinel_auth_pass: {get_param: RedisPassword} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + redis::bind: {get_param: [ServiceNetMap, RedisNetwork]} redis::port: 6379 redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"' redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"' diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 8ac669a9..c0e1c113 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -75,6 +75,7 @@ outputs: tripleo::haproxy::heat_cloudwatch: true tripleo::haproxy::heat_cfn: true tripleo::haproxy::horizon: true + tripleo::haproxy::ironic: true tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser} tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 6b494256..d0516e1b 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -50,6 +50,7 @@ outputs: ironic::api::authtoken::username: 'ironic' ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + ironic::api::host_ip: {get_input: ironic_api_network} ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]} # This is used to build links in responses ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} @@ -59,5 +60,10 @@ outputs: ironic::keystone::auth::auth_name: 'ironic' ironic::keystone::auth::password: {get_param: IronicPassword } ironic::keystone::auth::tenant: 'service' + tripleo.ironic_api.firewall_rules: + '133 ironic api': + dport: + - 6385 + - 13385 step_config: | include ::tripleo::profile::base::ironic::api diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 9bc86a2c..27479f79 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -41,10 +41,15 @@ outputs: - get_attr: [IronicBase, role_data, config_settings] # FIXME: I have no idea why neutron_url is in "api" manifest - ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} + ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} ironic::enabled_drivers: {get_param: IronicEnabledDrivers} # Prevent tftp_server from defaulting to my_ip setting, which is # controller VIP, not a real IP. ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network} + tripleo.ironic_conductor.firewall_rules: + '134 ironic conductor TFTP': + dport: 69 + proto: udp step_config: | include ::tripleo::profile::base::ironic::conductor diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml index 59c639e8..3b47261e 100644 --- a/puppet/services/memcached.yaml +++ b/puppet/services/memcached.yaml @@ -25,6 +25,12 @@ outputs: value: service_name: memcached config_settings: + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]} tripleo.memcached.firewall_rules: '121 memcached': dport: 11211 diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml new file mode 100644 index 00000000..1f1e14ab --- /dev/null +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -0,0 +1,73 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron OVS DPDK configured with Puppet for Compute Role + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronDpdkCoreList: + default: "" + description: List of cores to be used for DPDK Poll Mode Driver + type: string + NeutronDpdkMemoryChannels: + default: "" + description: Number of memory channels to be used for DPDK + type: string + NeutronDpdkSocketMemory: + default: "" + description: Memory allocated for each socket + type: string + NeutronDpdkDriverType: + default: "vfio-pci" + description: DPDK Driver type + type: string + # below parameters has to be set in neutron agent only for compute nodes. + # as of now there is no other usecase for these parameters except dpdk. + # should be moved to compute only ovs agent in case of any other usecases. + NeutronDatapathType: + default: "" + description: Datapath type for ovs bridges + type: string + NeutronVhostuserSocketDir: + default: "" + description: The vhost-user socket directory for OVS + type: string + +resources: + + NeutronOvsAgent: + type: ./neutron-ovs-agent.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron OVS DPDK Agent service. + value: + service_name: neutron_ovs_dpdk_agent + config_settings: + map_merge: + - get_attr: [NeutronOvsAgent, role_data, config_settings] + neutron::agents::ml2::ovs::enable_dpdk: true + neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType} + neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir} + vswitch::dpdk::core_list: {get_param: NeutronDpdkCoreList} + vswitch::dpdk::memory_channels: {get_param: NeutronDpdkMemoryChannels} + vswitch::dpdk::socket_mem: {get_param: NeutronDpdkSocketMemory} + vswitch::dpdk::driver_type: {get_param: NeutronDpdkDriverType} + step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]} diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index 165b9687..5dbae3dc 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -60,7 +60,12 @@ parameters: default: 'vxlan' description: The tenant network type for Neutron. type: comma_delimited_list - + NeutronSupportedPCIVendorDevs: + description: | + List of supported pci vendor devices in the format VendorID:ProductID. + By default Intel & Mellanox SR-IOV capable NICs are supported. + type: comma_delimited_list + default: ['15b3:1004','8086:10ca'] resources: NeutronBase: @@ -118,6 +123,7 @@ outputs: template: TYPES params: TYPES: {get_param: NeutronNetworkType} + neutron::plugins::ml2::supported_pci_vendor_devs: {get_param: NeutronSupportedPCIVendorDevs} step_config: | include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml new file mode 100644 index 00000000..559500df --- /dev/null +++ b/puppet/services/neutron-sriov-agent.yaml @@ -0,0 +1,58 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron SR-IOV nic agent configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: > + Mapping of service_name -> network name. Typically set via + parameter_defaults in the resource registry. This mapping overrides those + in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + NeutronPhysicalDevMappings: + description: > + List of <physical_network>:<physical device> + All physical networks listed in network_vlan_ranges + on the server should have mappings to appropriate + interfaces on each agent. + type: comma_delimited_list + default: "" + NeutronExcludeDevices: + description: > + List of <network_device>:<excluded_devices> mapping + network_device to the agent's node-specific list of virtual functions + that should not be used for virtual networking. excluded_devices is a + semicolon separated list of virtual functions to exclude from + network_device. The network_device in the mapping should appear in the + physical_device_mappings list. + type: comma_delimited_list + default: "" + NeutronSriovNumVFs: + description: > + Provide the list of VFs to be reserved for each SR-IOV interface. + Format "<interface_name1>:<numvfs1>","<interface_name2>:<numvfs2>" + Example "eth1:4096","eth2:128" + type: comma_delimited_list + default: "" + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Neutron SR-IOV nic agent service. + value: + service_name: neutron_sriov_agent + config_settings: + neutron::agents::ml2::sriov::physical_device_mappings: {get_param: NeutronPhysicalDevMappings} + neutron::agents::ml2::sriov::exclude_devices: {get_param: NeutronExcludeDevices} + neutron::agents::ml2::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs} + step_config: | + include ::tripleo::profile::base::neutron::sriov diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index 1e12b5ba..c8f2591d 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -22,6 +22,13 @@ parameters: default: [] description: List of scheduler available filters type: comma_delimited_list + NovaSchedulerDefaultFilters: + type: comma_delimited_list + default: [] + description: > + An array of filters used by Nova to filter a node.These filters will be + applied in the order they are listed, so place your most restrictive + filters first to make the filtering process more efficient. resources: NovaBase: @@ -41,5 +48,6 @@ outputs: - get_attr: [NovaBase, role_data, config_settings] - nova::scheduler::filter::ram_allocation_ratio: '1.0' nova::scheduler::filter::scheduler_available_filters: {get_param: NovaSchedulerAvailableFilters} + nova::scheduler::filter::scheduler_default_filters: {get_param: NovaSchedulerDefaultFilters} step_config: | include tripleo::profile::base::nova::scheduler diff --git a/puppet/services/pacemaker/ceilometer-agent-central.yaml b/puppet/services/pacemaker/ceilometer-agent-central.yaml index ac4bdcf0..78714878 100644 --- a/puppet/services/pacemaker/ceilometer-agent-central.yaml +++ b/puppet/services/pacemaker/ceilometer-agent-central.yaml @@ -21,7 +21,7 @@ parameters: resources: CeilometerServiceBase: - type: ../ceilometer-base.yaml + type: ../ceilometer-agent-central.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} diff --git a/puppet/services/pacemaker/ceilometer-agent-notification.yaml b/puppet/services/pacemaker/ceilometer-agent-notification.yaml index 112dde1c..6290203a 100644 --- a/puppet/services/pacemaker/ceilometer-agent-notification.yaml +++ b/puppet/services/pacemaker/ceilometer-agent-notification.yaml @@ -21,7 +21,7 @@ parameters: resources: CeilometerServiceBase: - type: ../ceilometer-base.yaml + type: ../ceilometer-agent-notification.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} diff --git a/puppet/services/pacemaker/ceilometer-api.yaml b/puppet/services/pacemaker/ceilometer-api.yaml index f50e4a15..d130a4bb 100644 --- a/puppet/services/pacemaker/ceilometer-api.yaml +++ b/puppet/services/pacemaker/ceilometer-api.yaml @@ -21,7 +21,7 @@ parameters: resources: CeilometerServiceBase: - type: ../ceilometer-base.yaml + type: ../ceilometer-api.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} diff --git a/puppet/services/pacemaker/ceilometer-collector.yaml b/puppet/services/pacemaker/ceilometer-collector.yaml index 8d4348db..97da92e8 100644 --- a/puppet/services/pacemaker/ceilometer-collector.yaml +++ b/puppet/services/pacemaker/ceilometer-collector.yaml @@ -21,7 +21,7 @@ parameters: resources: CeilometerServiceBase: - type: ../ceilometer-base.yaml + type: ../ceilometer-collector.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} diff --git a/puppet/services/pacemaker/gnocchi-api.yaml b/puppet/services/pacemaker/gnocchi-api.yaml index 50bd3fa7..42c7131d 100644 --- a/puppet/services/pacemaker/gnocchi-api.yaml +++ b/puppet/services/pacemaker/gnocchi-api.yaml @@ -21,7 +21,7 @@ parameters: resources: GnocchiServiceBase: - type: ../gnocchi-base.yaml + type: ../gnocchi-api.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} diff --git a/puppet/services/pacemaker/gnocchi-metricd.yaml b/puppet/services/pacemaker/gnocchi-metricd.yaml index 0a6b03ea..177d7744 100644 --- a/puppet/services/pacemaker/gnocchi-metricd.yaml +++ b/puppet/services/pacemaker/gnocchi-metricd.yaml @@ -21,7 +21,7 @@ parameters: resources: GnocchiServiceBase: - type: ../gnocchi-base.yaml + type: ../gnocchi-metricd.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} diff --git a/puppet/services/pacemaker/gnocchi-statsd.yaml b/puppet/services/pacemaker/gnocchi-statsd.yaml index 12256d32..a247a514 100644 --- a/puppet/services/pacemaker/gnocchi-statsd.yaml +++ b/puppet/services/pacemaker/gnocchi-statsd.yaml @@ -21,7 +21,7 @@ parameters: resources: GnocchiServiceBase: - type: ../gnocchi-base.yaml + type: ../gnocchi-statsd.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 5715a8c3..fae9c434 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -54,6 +54,12 @@ outputs: sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} sahara::keystone::auth::password: {get_param: SaharaPassword } sahara::keystone::auth::region: {get_param: KeystoneRegion} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + sahara::host: {get_param: [ServiceNetMap, SaharaApiNetwork]} tripleo.sahara_api.firewall_rules: '132 sahara': dport: |