summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/blockstorage-role.yaml1
-rw-r--r--puppet/cephstorage-role.yaml1
-rw-r--r--puppet/compute-role.yaml1
-rw-r--r--puppet/config.role.j2.yaml17
-rw-r--r--puppet/controller-role.yaml1
-rw-r--r--puppet/objectstorage-role.yaml1
-rw-r--r--puppet/role.role.j2.yaml1
-rw-r--r--puppet/services/aodh-api.yaml6
-rw-r--r--puppet/services/barbican-api.yaml14
-rw-r--r--puppet/services/ceilometer-base.yaml7
-rw-r--r--puppet/services/haproxy.yaml12
-rw-r--r--puppet/services/horizon.yaml1
-rw-r--r--puppet/services/keepalived.yaml14
-rw-r--r--puppet/services/keystone.yaml11
-rw-r--r--puppet/services/neutron-api.yaml38
-rw-r--r--puppet/services/panko-api.yaml84
-rw-r--r--puppet/services/panko-base.yaml74
-rw-r--r--puppet/services/swift-proxy.yaml1
18 files changed, 233 insertions, 52 deletions
diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml
index 8b695fff..34f10a21 100644
--- a/puppet/blockstorage-role.yaml
+++ b/puppet/blockstorage-role.yaml
@@ -66,6 +66,7 @@ parameters:
constraints:
- allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
CloudDomain:
+ default: 'localdomain'
type: string
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml
index f7e29b70..0854330e 100644
--- a/puppet/cephstorage-role.yaml
+++ b/puppet/cephstorage-role.yaml
@@ -72,6 +72,7 @@ parameters:
constraints:
- allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
CloudDomain:
+ default: 'localdomain'
type: string
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml
index 4d77d6d3..070f19c5 100644
--- a/puppet/compute-role.yaml
+++ b/puppet/compute-role.yaml
@@ -87,6 +87,7 @@ parameters:
constraints:
- allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
CloudDomain:
+ default: 'localdomain'
type: string
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
diff --git a/puppet/config.role.j2.yaml b/puppet/config.role.j2.yaml
index e59a0216..552c59b2 100644
--- a/puppet/config.role.j2.yaml
+++ b/puppet/config.role.j2.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-04-30
+heat_template_version: 2016-10-14
description: >
A software config which runs puppet on the {{role}} role
@@ -12,6 +12,14 @@ parameters:
type: string
description: Config manifests that will be used to step through the deployment.
default: ''
+ PuppetTags:
+ type: string
+ description: List of comma-separated tags to limit puppet catalog to.
+ default: ''
+
+conditions:
+
+ puppet_tags_empty: {equals : [{get_param: PuppetTags}, '']}
resources:
@@ -24,6 +32,13 @@ resources:
enable_hiera: True
enable_facter: False
modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
+ tags:
+ if:
+ - puppet_tags_empty
+ - ''
+ - list_join:
+ - ','
+ - ['file,concat,file_line', {get_param: PuppetTags}]
outputs:
- name: result
inputs:
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml
index b1433b04..3fc691a0 100644
--- a/puppet/controller-role.yaml
+++ b/puppet/controller-role.yaml
@@ -101,6 +101,7 @@ parameters:
constraints:
- allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
CloudDomain:
+ default: 'localdomain'
type: string
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml
index d7681d10..be638c56 100644
--- a/puppet/objectstorage-role.yaml
+++ b/puppet/objectstorage-role.yaml
@@ -66,6 +66,7 @@ parameters:
constraints:
- allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
CloudDomain:
+ default: 'localdomain'
type: string
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index 5b419f80..ad5e4794 100644
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -72,6 +72,7 @@ parameters:
constraints:
- allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
CloudDomain:
+ default: 'localdomain'
type: string
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
index 48cc4af6..daed1665 100644
--- a/puppet/services/aodh-api.yaml
+++ b/puppet/services/aodh-api.yaml
@@ -21,11 +21,6 @@ parameters:
MonitoringSubscriptionAodhApi:
default: 'overcloud-ceilometer-aodh-api'
type: string
- EnableCombinationAlarms:
- default: false
- description: Combination alarms are deprecated in Newton, hence disabled
- by default. To enable, set this parameter to true.
- type: boolean
EnableInternalTLS:
type: boolean
default: false
@@ -83,7 +78,6 @@ outputs:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
- tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms}
service_config_settings:
get_attr: [AodhBase, role_data, service_config_settings]
step_config: |
diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml
index ab6b0ec7..b266674f 100644
--- a/puppet/services/barbican-api.yaml
+++ b/puppet/services/barbican-api.yaml
@@ -128,3 +128,17 @@ outputs:
barbican::keystone::auth::password: {get_param: BarbicanPassword}
barbican::keystone::auth::region: {get_param: KeystoneRegion}
barbican::keystone::auth::tenant: 'service'
+ nova_compute:
+ nova::compute::keymgr_api_class: >
+ castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+ nova::compute::barbican_endpoint:
+ get_param: [EndpointMap, BarbicanInternal, uri]
+ nova::compute::barbican_auth_endpoint:
+ get_param: [EndpointMap, KeystoneV3Internal, uri]
+ cinder_api:
+ cinder::api::keymgr_api_class: >
+ castellan.key_manager.barbican_key_manager.BarbicanKeyManager
+ cinder::api::keymgr_encryption_api_url:
+ get_param: [EndpointMap, BarbicanInternal, uri]
+ cinder::api::keymgr_encryption_auth_url:
+ get_param: [EndpointMap, KeystoneV3Internal, uri]
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index 4ace7526..ded1bc03 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -36,6 +36,12 @@ parameters:
type: string
constraints:
- allowed_values: ['gnocchi', 'database']
+ CeilometerEventDispatcher:
+ default: ['gnocchi']
+ description: Comma-separated list of Dispatchers to process events data
+ type: comma_delimited_list
+ constraints:
+ - allowed_values: ['panko', 'gnocchi', 'database']
CeilometerWorkers:
default: 0
description: Number of workers for Ceilometer service.
@@ -102,6 +108,7 @@ outputs:
ceilometer::agent::auth::auth_tenant_name: 'service'
ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher}
+ ceilometer::collector::event_dispatcher: {get_param: CeilometerEventDispatcher}
ceilometer::dispatcher::gnocchi::url: {get_param: [EndpointMap, GnocchiInternal, uri]}
ceilometer::dispatcher::gnocchi::filter_project: 'service'
ceilometer::dispatcher::gnocchi::archive_policy: 'low'
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index 0813cb7e..c8edade5 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -34,16 +34,6 @@ parameters:
description: The password for Redis
type: string
hidden: true
- ControlVirtualInterface:
- default: 'br-ex'
- description: Interface where virtual ip will be assigned.
- type: string
- PublicVirtualInterface:
- default: 'br-ex'
- description: >
- Specifies the interface where the public-facing virtual ip will be assigned.
- This should be int_public when a VLAN is being used.
- type: string
MonitoringSubscriptionHaproxy:
default: 'overcloud-haproxy'
type: string
@@ -81,8 +71,6 @@ outputs:
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
tripleo::haproxy::redis_password: {get_param: RedisPassword}
- tripleo::haproxy::control_virtual_interface: {get_param: ControlVirtualInterface}
- tripleo::haproxy::public_virtual_interface: {get_param: PublicVirtualInterface}
tripleo::profile::base::haproxy::certificates_specs:
map_merge:
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index f9b19349..8eaf4044 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -66,6 +66,7 @@ outputs:
add_listen: false
priority: 10
access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
+ options: ['FollowSymLinks','MultiViews']
horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
horizon::secret_key:
diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml
index 38cfbe22..fb0d32b6 100644
--- a/puppet/services/keepalived.yaml
+++ b/puppet/services/keepalived.yaml
@@ -19,14 +19,18 @@ parameters:
via parameter_defaults in the resource registry.
type: json
ControlVirtualInterface:
- default: 'br-ex'
- description: Interface where virtual ip will be assigned.
+ default: ''
+ description: >
+ Interface where virtual ip will be assigned. This value will be
+ automatically set by the deployment tool. Overriding here will
+ override automatic setting.
type: string
PublicVirtualInterface:
- default: 'br-ex'
+ default: ''
description: >
- Specifies the interface where the public-facing virtual ip will be assigned.
- This should be int_public when a VLAN is being used.
+ Interface where virtual ip will be assigned. This value will be
+ automatically set by the deployment tool. Overriding here will
+ override automatic setting.
type: string
MonitoringSubscriptionKeepalived:
default: 'overcloud-keepalived'
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index d819e043..fe023a6a 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -99,6 +99,12 @@ parameters:
KeystoneCredential1:
type: string
description: The second Keystone credential key. Must be a valid key.
+ KeystoneFernetKey0:
+ type: string
+ description: The first Keystone fernet key. Must be a valid key.
+ KeystoneFernetKey1:
+ type: string
+ description: The second Keystone fernet key. Must be a valid key.
KeystoneLoggingSource:
type: json
default:
@@ -156,6 +162,11 @@ outputs:
content: {get_param: KeystoneCredential0}
'/etc/keystone/credential-keys/1':
content: {get_param: KeystoneCredential1}
+ keystone::fernet_keys:
+ '/etc/keystone/fernet-keys/0':
+ content: {get_param: KeystoneFernetKey0}
+ '/etc/keystone/fernet-keys/1':
+ content: {get_param: KeystoneFernetKey1}
keystone::debug: {get_param: Debug}
keystone::rabbit_userid: {get_param: RabbitUserName}
keystone::rabbit_password: {get_param: RabbitPassword}
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml
index 408eb795..5fd9d7a2 100644
--- a/puppet/services/neutron-api.yaml
+++ b/puppet/services/neutron-api.yaml
@@ -57,26 +57,20 @@ parameters:
default:
tag: openstack.neutron.api
path: /var/log/neutron/server.log
- ControllerCount:
- description: |
- Under normal conditions, this should not be overridden manually and is
- set at deployment time. The default value is present to allow the
- template to be used in environments that do not override it.
- default: 1
- type: number
# DEPRECATED: the following options are deprecated and are currently maintained
# for backwards compatibility. They will be removed in the Ocata cycle.
NeutronL3HA:
- default: false
+ default: ''
+ type: string
description: |
- Whether to enable HA for virtual routers. While the default value is
- 'false', L3 HA will be automatically enabled if the number of nodes
- hosting controller configurations and DVR is disabled. This parameter is
- being deprecated in Newton and is scheduled to be removed in Ocata.
- Future releases will enable L3 HA by default if it is appropriate for the
- deployment type. Alternate mechanisms will be available to override.
- type: boolean
+ Whether to enable HA for virtual routers. When not set, L3 HA will be
+ automatically enabled if the number of nodes hosting controller
+ configurations and DVR is disabled. Valid values are 'true' or 'false'
+ This parameter is being deprecated in Newton and is scheduled to be
+ removed in Ocata. Future releases will enable L3 HA by default if it is
+ appropriate for the deployment type. Alternate mechanisms will be
+ available to override.
parameter_groups:
- label: deprecated
@@ -97,18 +91,6 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
-conditions:
-
- auto_enable_l3_ha:
- and:
- - not:
- equals:
- - get_param: ControllerCount
- - 1
- - equals:
- - get_param: NeutronEnableDVR
- - false
-
outputs:
role_data:
description: Role data for the Neutron Server agent service.
@@ -135,7 +117,6 @@ outputs:
neutron::server::api_workers: {get_param: NeutronWorkers}
neutron::server::rpc_workers: {get_param: NeutronWorkers}
neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
- neutron::server::l3_ha: {if: ["auto_enable_l3_ha", true, {get_param: NeutronL3HA}]}
neutron::server::enable_proxy_headers_parsing: true
neutron::keystone::authtoken::password: {get_param: NeutronPassword}
@@ -158,6 +139,7 @@ outputs:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
+ tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA}
step_config: |
include tripleo::profile::base::neutron::server
service_config_settings:
diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml
new file mode 100644
index 00000000..63f631a0
--- /dev/null
+++ b/puppet/services/panko-api.yaml
@@ -0,0 +1,84 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Panko API service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionPankoApi:
+ default: 'overcloud-ceilometer-panko-api'
+ type: string
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+resources:
+ PankoBase:
+ type: ./panko-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
+
+outputs:
+ role_data:
+ description: Role data for the Panko API service.
+ value:
+ service_name: panko_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionPankoApi}
+ config_settings:
+ map_merge:
+ - get_attr: [PankoBase, role_data, config_settings]
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
+ - panko::wsgi::apache::ssl: {get_param: EnableInternalTLS}
+ panko::wsgi::apache::servername:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
+ panko::api::service_name: 'httpd'
+ panko::api::enable_proxy_headers_parsing: true
+ tripleo.panko_api.firewall_rules:
+ '140 panko-api':
+ dport:
+ - 8779
+ - 13779
+ panko::api::host:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ panko::wsgi::apache::bind_host: {get_param: [ServiceNetMap, PankoApiNetwork]}
+ service_config_settings:
+ get_attr: [PankoBase, role_data, service_config_settings]
+ step_config: |
+ include tripleo::profile::base::panko::api
diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml
new file mode 100644
index 00000000..32754a55
--- /dev/null
+++ b/puppet/services/panko-base.yaml
@@ -0,0 +1,74 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Panko service configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ PankoPassword:
+ description: The password for the panko services.
+ type: string
+ hidden: true
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+
+outputs:
+ role_data:
+ description: Role data for the Panko role.
+ value:
+ service_name: panko_base
+ config_settings:
+ panko_redis_password: {get_param: RedisPassword}
+ panko::db::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://panko:'
+ - {get_param: PankoPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/panko'
+ panko::debug: {get_param: Debug}
+ panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
+ panko::keystone::authtoken::project_name: 'service'
+ panko::keystone::authtoken::password: {get_param: PankoPassword}
+ panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ panko::auth::auth_password: {get_param: PankoPassword}
+ panko::auth::auth_region: 'regionOne'
+ panko::auth::auth_tenant_name: 'service'
+ service_config_settings:
+ keystone:
+ panko::keystone::auth::public_url: {get_param: [EndpointMap, PankoPublic, uri]}
+ panko::keystone::auth::internal_url: {get_param: [EndpointMap, PankoInternal, uri]}
+ panko::keystone::auth::admin_url: {get_param: [EndpointMap, PankoAdmin, uri]}
+ panko::keystone::auth::password: {get_param: PankoPassword}
+ panko::keystone::auth::region: {get_param: KeystoneRegion}
+ panko::keystone::auth::tenant: 'service'
+ mysql:
+ panko::db::mysql::user: panko
+ panko::db::mysql::password: {get_param: PankoPassword}
+ panko::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ panko::db::mysql::dbname: panko
+ panko::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index ba1d99f1..129f9b10 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -77,6 +77,7 @@ outputs:
swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName}
swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword}
swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]}
+ swift::proxy::ceilometer::nonblocking_notify: true
tripleo.swift_proxy.firewall_rules:
'122 swift proxy':
dport: