summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/controller.yaml10
-rw-r--r--puppet/services/ca-certs.yaml35
-rw-r--r--puppet/services/ceilometer-api.yaml3
-rw-r--r--puppet/services/database/redis-base.yaml6
-rw-r--r--puppet/services/haproxy.yaml1
-rw-r--r--puppet/services/ironic-api.yaml6
-rw-r--r--puppet/services/ironic-conductor.yaml5
-rw-r--r--puppet/services/memcached.yaml6
-rw-r--r--puppet/services/neutron-ovs-dpdk-agent.yaml73
-rw-r--r--puppet/services/neutron-plugin-ml2.yaml8
-rw-r--r--puppet/services/neutron-sriov-agent.yaml58
-rw-r--r--puppet/services/nova-scheduler.yaml8
-rw-r--r--puppet/services/pacemaker/ceilometer-agent-central.yaml2
-rw-r--r--puppet/services/pacemaker/ceilometer-agent-notification.yaml2
-rw-r--r--puppet/services/pacemaker/ceilometer-api.yaml2
-rw-r--r--puppet/services/pacemaker/ceilometer-collector.yaml2
-rw-r--r--puppet/services/pacemaker/gnocchi-api.yaml2
-rw-r--r--puppet/services/pacemaker/gnocchi-metricd.yaml2
-rw-r--r--puppet/services/pacemaker/gnocchi-statsd.yaml2
-rw-r--r--puppet/services/sahara-api.yaml6
20 files changed, 221 insertions, 18 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index b5d3b6f8..28fd08da 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -414,7 +414,6 @@ resources:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
- neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
@@ -430,10 +429,7 @@ resources:
template: "NETWORK_subnet"
params:
NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
- redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
redis_vip: {get_param: RedisVirtualIP}
- sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
- memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
# Map heat metadata into hiera datafiles
@@ -494,7 +490,6 @@ resources:
# Neutron
neutron::bind_host: {get_input: neutron_api_network}
- neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
@@ -518,18 +513,13 @@ resources:
horizon::bind_address: {get_input: horizon_network}
horizon::keystone_url: {get_input: keystone_auth_uri}
- # Sahara
- sahara::host: {get_input: sahara_api_network}
-
# Redis
- redis::bind: {get_input: redis_network}
redis_vip: {get_input: redis_vip}
# Firewall
tripleo::firewall::manage_firewall: {get_input: manage_firewall}
tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
# Misc
memcached_ipv6: {get_input: memcached_ipv6}
- memcached::listen_ip: {get_input: memcached_network}
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
diff --git a/puppet/services/ca-certs.yaml b/puppet/services/ca-certs.yaml
new file mode 100644
index 00000000..1a534156
--- /dev/null
+++ b/puppet/services/ca-certs.yaml
@@ -0,0 +1,35 @@
+heat_template_version: 2016-04-08
+
+description: >
+ HAproxy service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ CAMap:
+ description: >
+ Map containing the CA certs and information needed for deploying them.
+ default: {}
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for injecting CA certificates.
+ value:
+ service_name: ca_certs
+ config_settings:
+ tripleo::trusted_cas::ca_map: {get_param: CAMap}
+ step_config: |
+ include ::tripleo::trusted_cas
diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml
index 85b9aacc..201a2b7b 100644
--- a/puppet/services/ceilometer-api.yaml
+++ b/puppet/services/ceilometer-api.yaml
@@ -47,6 +47,9 @@ outputs:
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
+ - ceilometer::api::service_name: 'httpd'
ceilometer::api::host: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
+ ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
+ ceilometer::wsgi::apache::ssl: false
step_config: |
include ::tripleo::profile::base::ceilometer::api
diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml
index 40711432..4ed3c007 100644
--- a/puppet/services/database/redis-base.yaml
+++ b/puppet/services/database/redis-base.yaml
@@ -32,6 +32,12 @@ outputs:
redis::requirepass: {get_param: RedisPassword}
redis::masterauth: {get_param: RedisPassword}
redis::sentinel_auth_pass: {get_param: RedisPassword}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ redis::bind: {get_param: [ServiceNetMap, RedisNetwork]}
redis::port: 6379
redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"'
redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"'
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index 8ac669a9..c0e1c113 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -75,6 +75,7 @@ outputs:
tripleo::haproxy::heat_cloudwatch: true
tripleo::haproxy::heat_cfn: true
tripleo::haproxy::horizon: true
+ tripleo::haproxy::ironic: true
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index 6b494256..d0516e1b 100644
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -50,6 +50,7 @@ outputs:
ironic::api::authtoken::username: 'ironic'
ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ ironic::api::host_ip: {get_input: ironic_api_network}
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
# This is used to build links in responses
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
@@ -59,5 +60,10 @@ outputs:
ironic::keystone::auth::auth_name: 'ironic'
ironic::keystone::auth::password: {get_param: IronicPassword }
ironic::keystone::auth::tenant: 'service'
+ tripleo.ironic_api.firewall_rules:
+ '133 ironic api':
+ dport:
+ - 6385
+ - 13385
step_config: |
include ::tripleo::profile::base::ironic::api
diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
index 9bc86a2c..27479f79 100644
--- a/puppet/services/ironic-conductor.yaml
+++ b/puppet/services/ironic-conductor.yaml
@@ -41,10 +41,15 @@ outputs:
- get_attr: [IronicBase, role_data, config_settings]
# FIXME: I have no idea why neutron_url is in "api" manifest
- ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
+ ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
ironic::enabled_drivers: {get_param: IronicEnabledDrivers}
# Prevent tftp_server from defaulting to my_ip setting, which is
# controller VIP, not a real IP.
ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network}
+ tripleo.ironic_conductor.firewall_rules:
+ '134 ironic conductor TFTP':
+ dport: 69
+ proto: udp
step_config: |
include ::tripleo::profile::base::ironic::conductor
diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml
index 59c639e8..3b47261e 100644
--- a/puppet/services/memcached.yaml
+++ b/puppet/services/memcached.yaml
@@ -25,6 +25,12 @@ outputs:
value:
service_name: memcached
config_settings:
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]}
tripleo.memcached.firewall_rules:
'121 memcached':
dport: 11211
diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml
new file mode 100644
index 00000000..1f1e14ab
--- /dev/null
+++ b/puppet/services/neutron-ovs-dpdk-agent.yaml
@@ -0,0 +1,73 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron OVS DPDK configured with Puppet for Compute Role
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ NeutronDpdkCoreList:
+ default: ""
+ description: List of cores to be used for DPDK Poll Mode Driver
+ type: string
+ NeutronDpdkMemoryChannels:
+ default: ""
+ description: Number of memory channels to be used for DPDK
+ type: string
+ NeutronDpdkSocketMemory:
+ default: ""
+ description: Memory allocated for each socket
+ type: string
+ NeutronDpdkDriverType:
+ default: "vfio-pci"
+ description: DPDK Driver type
+ type: string
+ # below parameters has to be set in neutron agent only for compute nodes.
+ # as of now there is no other usecase for these parameters except dpdk.
+ # should be moved to compute only ovs agent in case of any other usecases.
+ NeutronDatapathType:
+ default: ""
+ description: Datapath type for ovs bridges
+ type: string
+ NeutronVhostuserSocketDir:
+ default: ""
+ description: The vhost-user socket directory for OVS
+ type: string
+
+resources:
+
+ NeutronOvsAgent:
+ type: ./neutron-ovs-agent.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron OVS DPDK Agent service.
+ value:
+ service_name: neutron_ovs_dpdk_agent
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronOvsAgent, role_data, config_settings]
+ neutron::agents::ml2::ovs::enable_dpdk: true
+ neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType}
+ neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir}
+ vswitch::dpdk::core_list: {get_param: NeutronDpdkCoreList}
+ vswitch::dpdk::memory_channels: {get_param: NeutronDpdkMemoryChannels}
+ vswitch::dpdk::socket_mem: {get_param: NeutronDpdkSocketMemory}
+ vswitch::dpdk::driver_type: {get_param: NeutronDpdkDriverType}
+ step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]}
diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml
index 165b9687..5dbae3dc 100644
--- a/puppet/services/neutron-plugin-ml2.yaml
+++ b/puppet/services/neutron-plugin-ml2.yaml
@@ -60,7 +60,12 @@ parameters:
default: 'vxlan'
description: The tenant network type for Neutron.
type: comma_delimited_list
-
+ NeutronSupportedPCIVendorDevs:
+ description: |
+ List of supported pci vendor devices in the format VendorID:ProductID.
+ By default Intel & Mellanox SR-IOV capable NICs are supported.
+ type: comma_delimited_list
+ default: ['15b3:1004','8086:10ca']
resources:
NeutronBase:
@@ -118,6 +123,7 @@ outputs:
template: TYPES
params:
TYPES: {get_param: NeutronNetworkType}
+ neutron::plugins::ml2::supported_pci_vendor_devs: {get_param: NeutronSupportedPCIVendorDevs}
step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2
diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml
new file mode 100644
index 00000000..559500df
--- /dev/null
+++ b/puppet/services/neutron-sriov-agent.yaml
@@ -0,0 +1,58 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron SR-IOV nic agent configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: >
+ Mapping of service_name -> network name. Typically set via
+ parameter_defaults in the resource registry. This mapping overrides those
+ in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ NeutronPhysicalDevMappings:
+ description: >
+ List of <physical_network>:<physical device>
+ All physical networks listed in network_vlan_ranges
+ on the server should have mappings to appropriate
+ interfaces on each agent.
+ type: comma_delimited_list
+ default: ""
+ NeutronExcludeDevices:
+ description: >
+ List of <network_device>:<excluded_devices> mapping
+ network_device to the agent's node-specific list of virtual functions
+ that should not be used for virtual networking. excluded_devices is a
+ semicolon separated list of virtual functions to exclude from
+ network_device. The network_device in the mapping should appear in the
+ physical_device_mappings list.
+ type: comma_delimited_list
+ default: ""
+ NeutronSriovNumVFs:
+ description: >
+ Provide the list of VFs to be reserved for each SR-IOV interface.
+ Format "<interface_name1>:<numvfs1>","<interface_name2>:<numvfs2>"
+ Example "eth1:4096","eth2:128"
+ type: comma_delimited_list
+ default: ""
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the Neutron SR-IOV nic agent service.
+ value:
+ service_name: neutron_sriov_agent
+ config_settings:
+ neutron::agents::ml2::sriov::physical_device_mappings: {get_param: NeutronPhysicalDevMappings}
+ neutron::agents::ml2::sriov::exclude_devices: {get_param: NeutronExcludeDevices}
+ neutron::agents::ml2::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs}
+ step_config: |
+ include ::tripleo::profile::base::neutron::sriov
diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml
index 1e12b5ba..c8f2591d 100644
--- a/puppet/services/nova-scheduler.yaml
+++ b/puppet/services/nova-scheduler.yaml
@@ -22,6 +22,13 @@ parameters:
default: []
description: List of scheduler available filters
type: comma_delimited_list
+ NovaSchedulerDefaultFilters:
+ type: comma_delimited_list
+ default: []
+ description: >
+ An array of filters used by Nova to filter a node.These filters will be
+ applied in the order they are listed, so place your most restrictive
+ filters first to make the filtering process more efficient.
resources:
NovaBase:
@@ -41,5 +48,6 @@ outputs:
- get_attr: [NovaBase, role_data, config_settings]
- nova::scheduler::filter::ram_allocation_ratio: '1.0'
nova::scheduler::filter::scheduler_available_filters: {get_param: NovaSchedulerAvailableFilters}
+ nova::scheduler::filter::scheduler_default_filters: {get_param: NovaSchedulerDefaultFilters}
step_config: |
include tripleo::profile::base::nova::scheduler
diff --git a/puppet/services/pacemaker/ceilometer-agent-central.yaml b/puppet/services/pacemaker/ceilometer-agent-central.yaml
index ac4bdcf0..78714878 100644
--- a/puppet/services/pacemaker/ceilometer-agent-central.yaml
+++ b/puppet/services/pacemaker/ceilometer-agent-central.yaml
@@ -21,7 +21,7 @@ parameters:
resources:
CeilometerServiceBase:
- type: ../ceilometer-base.yaml
+ type: ../ceilometer-agent-central.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
diff --git a/puppet/services/pacemaker/ceilometer-agent-notification.yaml b/puppet/services/pacemaker/ceilometer-agent-notification.yaml
index 112dde1c..6290203a 100644
--- a/puppet/services/pacemaker/ceilometer-agent-notification.yaml
+++ b/puppet/services/pacemaker/ceilometer-agent-notification.yaml
@@ -21,7 +21,7 @@ parameters:
resources:
CeilometerServiceBase:
- type: ../ceilometer-base.yaml
+ type: ../ceilometer-agent-notification.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
diff --git a/puppet/services/pacemaker/ceilometer-api.yaml b/puppet/services/pacemaker/ceilometer-api.yaml
index f50e4a15..d130a4bb 100644
--- a/puppet/services/pacemaker/ceilometer-api.yaml
+++ b/puppet/services/pacemaker/ceilometer-api.yaml
@@ -21,7 +21,7 @@ parameters:
resources:
CeilometerServiceBase:
- type: ../ceilometer-base.yaml
+ type: ../ceilometer-api.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
diff --git a/puppet/services/pacemaker/ceilometer-collector.yaml b/puppet/services/pacemaker/ceilometer-collector.yaml
index 8d4348db..97da92e8 100644
--- a/puppet/services/pacemaker/ceilometer-collector.yaml
+++ b/puppet/services/pacemaker/ceilometer-collector.yaml
@@ -21,7 +21,7 @@ parameters:
resources:
CeilometerServiceBase:
- type: ../ceilometer-base.yaml
+ type: ../ceilometer-collector.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
diff --git a/puppet/services/pacemaker/gnocchi-api.yaml b/puppet/services/pacemaker/gnocchi-api.yaml
index 50bd3fa7..42c7131d 100644
--- a/puppet/services/pacemaker/gnocchi-api.yaml
+++ b/puppet/services/pacemaker/gnocchi-api.yaml
@@ -21,7 +21,7 @@ parameters:
resources:
GnocchiServiceBase:
- type: ../gnocchi-base.yaml
+ type: ../gnocchi-api.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
diff --git a/puppet/services/pacemaker/gnocchi-metricd.yaml b/puppet/services/pacemaker/gnocchi-metricd.yaml
index 0a6b03ea..177d7744 100644
--- a/puppet/services/pacemaker/gnocchi-metricd.yaml
+++ b/puppet/services/pacemaker/gnocchi-metricd.yaml
@@ -21,7 +21,7 @@ parameters:
resources:
GnocchiServiceBase:
- type: ../gnocchi-base.yaml
+ type: ../gnocchi-metricd.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
diff --git a/puppet/services/pacemaker/gnocchi-statsd.yaml b/puppet/services/pacemaker/gnocchi-statsd.yaml
index 12256d32..a247a514 100644
--- a/puppet/services/pacemaker/gnocchi-statsd.yaml
+++ b/puppet/services/pacemaker/gnocchi-statsd.yaml
@@ -21,7 +21,7 @@ parameters:
resources:
GnocchiServiceBase:
- type: ../gnocchi-base.yaml
+ type: ../gnocchi-statsd.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml
index 5715a8c3..fae9c434 100644
--- a/puppet/services/sahara-api.yaml
+++ b/puppet/services/sahara-api.yaml
@@ -54,6 +54,12 @@ outputs:
sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
sahara::keystone::auth::password: {get_param: SaharaPassword }
sahara::keystone::auth::region: {get_param: KeystoneRegion}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ sahara::host: {get_param: [ServiceNetMap, SaharaApiNetwork]}
tripleo.sahara_api.firewall_rules:
'132 sahara':
dport: