summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/compute.yaml181
-rw-r--r--puppet/services/ceilometer-base.yaml6
-rw-r--r--puppet/services/ceph-mon.yaml2
-rw-r--r--puppet/services/cinder-backup.yaml47
-rw-r--r--puppet/services/gnocchi-base.yaml12
-rw-r--r--puppet/services/nova-base.yaml18
-rw-r--r--puppet/services/nova-compute.yaml30
-rw-r--r--puppet/services/nova-libvirt.yaml6
-rw-r--r--puppet/services/nova-vncproxy.yaml10
-rw-r--r--puppet/services/pacemaker/cinder-backup.yaml49
10 files changed, 177 insertions, 184 deletions
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index f8aef35f..bd2eee18 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -4,36 +4,6 @@ description: >
OpenStack hypervisor node configured via Puppet.
parameters:
- AdminPassword:
- description: The password for the keystone admin account, used for monitoring, querying neutron etc.
- type: string
- hidden: true
- CeilometerComputeAgent:
- description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
- type: string
- default: ''
- constraints:
- - allowed_values: ['', Present]
- CeilometerMeteringSecret:
- description: Secret shared by the ceilometer services.
- type: string
- hidden: true
- CeilometerPassword:
- description: The password for the ceilometer service account.
- type: string
- hidden: true
- CinderEnableNfsBackend:
- default: false
- description: Whether to enable or not the NFS backend for Cinder
- type: boolean
- CinderEnableRbdBackend:
- default: false
- description: Whether to enable or not the Rbd backend for Cinder
- type: boolean
- Debug:
- default: ''
- description: Set to True to enable debugging on all services.
- type: string
ExtraConfig:
default: {}
description: |
@@ -46,9 +16,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- GlanceHost:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
NovaImage:
type: string
default: overcloud-full
@@ -64,16 +31,6 @@ parameters:
default: default
constraints:
- custom_constraint: nova.keypair
- KeystoneAdminApiVirtualIP:
- type: string
- default: ''
- KeystonePublicApiVirtualIP:
- type: string
- default: ''
- NeutronPassword:
- description: The password for the neutron service account, used by neutron agents.
- type: string
- hidden: true
NeutronPhysicalBridge:
default: 'br-ex'
description: An OVS bridge to create for accessing external networks.
@@ -88,9 +45,6 @@ parameters:
NovaApiHost:
type: string
default: '' # Has to be here because of the ignored empty value bug
- NovaComputeDriver:
- type: string
- default: libvirt.LibvirtDriver
NovaComputeExtraConfig:
default: {}
description: |
@@ -100,61 +54,9 @@ parameters:
NovaComputeIPs:
default: {}
type: json
- NovaComputeLibvirtType:
- type: string
- default: kvm
- NovaComputeLibvirtVifDriver:
- default: ''
- description: Libvirt VIF driver configuration for the network
- type: string
- NovaEnableRbdBackend:
- default: false
- description: Whether to enable or not the Rbd backend for Nova
- type: boolean
- NovaIPv6:
- default: false
- description: Enable IPv6 features in Nova
- type: boolean
- NovaPassword:
- description: The password for the nova service account, used by nova-api.
- type: string
- hidden: true
NovaPublicIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
- NovaOVSBridge:
- default: 'br-int'
- description: Name of integration bridge used by Open vSwitch
- type: string
- NovaSecurityGroupAPI:
- default: 'neutron'
- description: The full class name of the security API class
- type: string
- RabbitHost:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- RabbitPassword:
- description: The password for RabbitMQ
- type: string
- hidden: true
- RabbitUserName:
- default: guest
- description: The username for RabbitMQ
- type: string
- RabbitClientUseSSL:
- default: false
- description: >
- Rabbit client subscriber parameter to specify
- an SSL connection to the RabbitMQ host.
- type: string
- RabbitClientPort:
- default: 5672
- description: Set rabbit subscriber port, change this if using SSL
- type: number
- UpgradeLevelNovaCompute:
- type: string
- description: Nova Compute upgrade level
- default: ''
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation via Puppet
@@ -390,59 +292,11 @@ resources:
mapped_data: {get_param: ExtraConfig}
compute:
mapped_data:
- cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
- nova::use_ipv6: {get_input: nova_ipv6}
- nova::debug: {get_input: debug}
- nova::rabbit_userid: {get_input: rabbit_username}
- nova::rabbit_password: {get_input: rabbit_password}
- nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- nova::rabbit_port: {get_input: rabbit_client_port}
- nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
- nova_compute_driver: {get_input: nova_compute_driver}
- # TODO(emilien): move libvirt & migration parameters in libvirt profile
- # used to deploy libvirt/kvm dependencies:
- nova::compute::libvirt::services::libvirt_virt_type: {get_input: nova_compute_libvirt_type}
- # used to configured nova.conf:
- nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type}
- nova::compute::neutron::libvirt_vif_driver: {get_input: nova_compute_libvirt_vif_driver}
nova_api_host: {get_input: nova_api_host}
nova::compute::vncproxy_host: {get_input: nova_public_ip}
- nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend}
- # TUNNELLED mode provides a security enhancement when using shared storage but is not
- # supported when not using shared storage.
- # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12
- # In future versions of QEMU (2.6, mostly), Dan's native encryption
- # work will obsolete the need to use TUNNELLED transport mode.
- nova::migration::live_migration_tunnelled: {get_input: nova_enable_rbd_backend}
- rbd_persistent_storage: {get_input: cinder_enable_rbd_backend}
- nova_password: {get_input: nova_password}
nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address}
- nova::vncproxy::common::vncproxy_protocol: {get_input: nova_vncproxy_protocol}
- nova::vncproxy::common::vncproxy_host: {get_input: nova_vncproxy_host}
- nova::vncproxy::common::vncproxy_port: {get_input: nova_vncproxy_port}
- nova::network::neutron::neutron_ovs_bridge: {get_input: nova_ovs_bridge}
- nova::network::neutron::security_group_api: {get_input: nova_security_group_api}
- ceilometer::debug: {get_input: debug}
- ceilometer::rabbit_userid: {get_input: rabbit_username}
- ceilometer::rabbit_password: {get_input: rabbit_password}
- ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- ceilometer::rabbit_port: {get_input: rabbit_client_port}
- ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret}
- ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
- ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url}
- nova::glance_api_servers: {get_input: glance_api_servers}
- neutron::debug: {get_input: debug}
- neutron::rabbit_password: {get_input: rabbit_password}
- neutron::rabbit_user: {get_input: rabbit_username}
- neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- neutron::rabbit_port: {get_input: rabbit_client_port}
neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
- nova::network::neutron::neutron_password: {get_input: neutron_password}
- nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
- nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
- keystone_public_api_virtual_ip: {get_input: keystone_vip}
- admin_password: {get_input: admin_password}
tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
@@ -454,45 +308,10 @@ resources:
config: {get_resource: NovaComputeConfig}
server: {get_resource: NovaCompute}
input_values:
- cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
- debug: {get_param: Debug}
- nova_compute_driver: {get_param: NovaComputeDriver}
- nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType}
- nova_compute_libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
nova_public_ip: {get_param: NovaPublicIP}
nova_api_host: {get_param: NovaApiHost}
- nova_password: {get_param: NovaPassword}
- nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend}
- nova_ipv6: {get_param: NovaIPv6}
- cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]}
- nova_vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
- # Remove brackets that may come if the IP address is IPv6.
- # For DNS names and IPv4, this will just get the NovaVNCProxyPublic value
- nova_vncproxy_host:
- str_replace:
- template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]}
- params:
- '[': ''
- ']': ''
- nova_vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
- nova_ovs_bridge: {get_param: NovaOVSBridge}
- nova_security_group_api: {get_param: NovaSecurityGroupAPI}
- upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
- ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
- ceilometer_password: {get_param: CeilometerPassword}
- ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
- glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
- neutron_password: {get_param: NeutronPassword}
- neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]}
- neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]}
- keystone_vip: {get_param: KeystonePublicApiVirtualIP}
- admin_password: {get_param: AdminPassword}
- rabbit_username: {get_param: RabbitUserName}
- rabbit_password: {get_param: RabbitPassword}
- rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
- rabbit_client_port: {get_param: RabbitClientPort}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index 1398fedb..59b4cc2a 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -35,6 +35,10 @@ parameters:
default: false
description: Whether to store events in ceilometer.
type: boolean
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
KeystoneRegion:
type: string
default: 'regionOne'
@@ -64,6 +68,7 @@ outputs:
value:
service_name: ceilometer_base
config_settings:
+ ceilometer::debug: {get_param: Debug}
ceilometer::db::database_connection:
list_join:
- ''
@@ -111,3 +116,4 @@ outputs:
ceilometer::rabbit_heartbeat_timeout_threshold: 60
ceilometer::db::database_db_max_retries: -1
ceilometer::db::database_max_retries: -1
+ ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret}
diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml
index 074d941d..28c3e5df 100644
--- a/puppet/services/ceph-mon.yaml
+++ b/puppet/services/ceph-mon.yaml
@@ -38,7 +38,7 @@ parameters:
{
"volumes": {
"size": 5,
- "pg_num: 128,
+ "pg_num": 128,
"pgp_num": 128
}
}
diff --git a/puppet/services/cinder-backup.yaml b/puppet/services/cinder-backup.yaml
new file mode 100644
index 00000000..25e82c87
--- /dev/null
+++ b/puppet/services/cinder-backup.yaml
@@ -0,0 +1,47 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Cinder Backup service configured with Puppet
+
+parameters:
+ CinderBackupBackend:
+ default: swift
+ description: The short name of the Cinder Backup backend to use.
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'ceph']
+ CinderBackupRbdPoolName:
+ default: backups
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ CinderBase:
+ type: ./cinder-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Backup role.
+ value:
+ service_name: cinder_backup
+ config_settings:
+ map_merge:
+ - get_attr: [CinderBase, role_data, config_settings]
+ - cinder::backup::ceph::backup_ceph_user: {get_param: CephClientUserName}
+ cinder::backup::ceph::backup_ceph_pool: {get_param: CinderBackupRbdPoolName}
+ cinder::backup::swift::backup_swift_container: volumebackups
+ step_config:
+ str_replace:
+ template: "include ::tripleo::profile::base::cinder::backup::DRIVER"
+ params:
+ DRIVER: {get_param: CinderBackupBackend}
diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml
index 3631508e..a072e8ef 100644
--- a/puppet/services/gnocchi-base.yaml
+++ b/puppet/services/gnocchi-base.yaml
@@ -34,6 +34,10 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ RedisPassword:
+ description: The password for the redis service account.
+ type: string
+ hidden: true
outputs:
aux_parameters:
@@ -65,6 +69,14 @@ outputs:
gnocchi::api::service_name: 'httpd'
gnocchi::api::keystone_password: {get_param: GnocchiPassword}
gnocchi::wsgi::apache::ssl: false
+ gnocchi::storage::coordination_url:
+ list_join:
+ - ''
+ - - 'redis://:'
+ - {get_param: RedisPassword}
+ - '@'
+ - "%{hiera('redis_vip')}"
+ - ':6379/'
gnocchi::storage::swift::swift_user: 'service:gnocchi'
gnocchi::storage::swift::swift_auth_version: 2
gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword}
diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
index ef7eaaf3..9b1b0760 100644
--- a/puppet/services/nova-base.yaml
+++ b/puppet/services/nova-base.yaml
@@ -17,6 +17,10 @@ parameters:
description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
+ NovaOVSBridge:
+ default: 'br-int'
+ description: Name of integration bridge used by Open vSwitch
+ type: string
RabbitPassword:
description: The password for RabbitMQ
type: string
@@ -45,6 +49,14 @@ parameters:
description: >
Remove configuration that is not generated by TripleO. Setting
to false may result in configuration remnants after updates/upgrades.
+ NovaIPv6:
+ default: false
+ description: Enable IPv6 features in Nova
+ type: boolean
+ UpgradeLevelNovaCompute:
+ type: string
+ description: Nova Compute upgrade level
+ default: ''
outputs:
role_data:
@@ -53,7 +65,7 @@ outputs:
service_name: nova_base
config_settings:
nova::rabbit_password: {get_param: RabbitPassword}
- nova::rabbit_user: {get_param: RabbitUserName}
+ nova::rabbit_userid: {get_param: RabbitUserName}
nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
nova::rabbit_port: {get_param: RabbitClientPort}
nova::database_connection:
@@ -116,3 +128,7 @@ outputs:
- "%{hiera('mysql_bind_host')}"
nova::db::database_db_max_retries: -1
nova::db::database_max_retries: -1
+ nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
+ nova::use_ipv6: {get_param: NovaIPv6}
+ nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute}
+ nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge}
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index bcc3a232..19f1f02a 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -15,6 +15,22 @@ parameters:
CephClientUserName:
default: openstack
type: string
+ CinderEnableNfsBackend:
+ default: false
+ description: Whether to enable or not the NFS backend for Cinder
+ type: boolean
+ CinderEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Cinder
+ type: boolean
+ NovaEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Nova
+ type: boolean
+ NovaComputeLibvirtVifDriver:
+ default: ''
+ description: Libvirt VIF driver configuration for the network
+ type: string
resources:
NovaBase:
@@ -37,6 +53,8 @@ outputs:
tripleo::profile::base::nova::nova_compute_enabled: true
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend}
+ rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
nova::compute::rbd::rbd_keyring:
list_join:
- '.'
@@ -45,13 +63,23 @@ outputs:
nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"'
nova::compute::instance_usage_audit: true
nova::compute::instance_usage_audit_period: 'hour'
+ nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend}
+ # TUNNELLED mode provides a security enhancement when using shared
+ # storage but is not supported when not using shared storage.
+ # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12
+ # In future versions of QEMU (2.6, mostly), danpb's native
+ # encryption work will obsolete the need to use TUNNELLED transport
+ # mode.
+ nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend}
# Changing the default from 512MB. The current templates can not deploy
# overclouds with swap. On an idle compute node, we see ~1024MB of RAM
# used. 2048 is suggested to account for other possible operations for
# example openvswitch.
nova::compute::reserved_host_memory: 2048
+ nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
+
step_config: |
# TODO(emilien): figure how to deal with libvirt profile.
- # We'll probably threat it like we do with Neutron plugins.
+ # We'll probably treat it like we do with Neutron plugins.
# Until then, just include it in the default nova-compute role.
include tripleo::profile::base::nova::compute::libvirt
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index 939b6a09..d283de4f 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -9,6 +9,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ NovaComputeLibvirtType:
+ type: string
+ default: kvm
resources:
NovaBase:
@@ -30,5 +33,8 @@ outputs:
nova::compute::libvirt::migration_support: false
tripleo::profile::base::nova::manage_migration: true
tripleo::profile::base::nova::libvirt_enabled: true
+ nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
+ nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
+
step_config: |
include tripleo::profile::base::nova::libvirt
diff --git a/puppet/services/nova-vncproxy.yaml b/puppet/services/nova-vncproxy.yaml
index 0b9cef38..a1517011 100644
--- a/puppet/services/nova-vncproxy.yaml
+++ b/puppet/services/nova-vncproxy.yaml
@@ -25,5 +25,15 @@ outputs:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- nova::vncproxy::enabled: true
+ nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
+ # Remove brackets that may come if the IP address is IPv6.
+ # For DNS names and IPv4, this will just get NovaVNCProxyPublic
+ nova::vncproxy::common::vncproxy_host:
+ str_replace:
+ template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]}
+ params:
+ '[': ''
+ ']': ''
+ nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
step_config: |
include tripleo::profile::base::nova::vncproxy
diff --git a/puppet/services/pacemaker/cinder-backup.yaml b/puppet/services/pacemaker/cinder-backup.yaml
new file mode 100644
index 00000000..706717e4
--- /dev/null
+++ b/puppet/services/pacemaker/cinder-backup.yaml
@@ -0,0 +1,49 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Cinder Backup service with Pacemaker configured with Puppet
+
+parameters:
+ CinderBackupBackend:
+ default: swift
+ description: The short name of the Cinder Backup backend to use.
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'ceph']
+ CinderBackupRbdPoolName:
+ default: backups
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ CinderBackupBase:
+ type: ../cinder-backup.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ CinderBackupBackend: {get_param: CinderBackupBackend}
+ CinderBackupRbdPoolName: {get_param: CinderBackupRbdPoolName}
+ CephClientUserName: {get_param: CephClientUserName}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Backup role.
+ value:
+ service_name: cinder_backup
+ config_settings:
+ map_merge:
+ - get_attr: [CinderBackupBase, role_data, config_settings]
+ - cinder::backup::manage_service: false
+ cinder::backup::enabled: false
+ step_config:
+ list_join:
+ - "\n"
+ - - get_attr: [CinderBackupBase, role_data, step_config]
+ - "include ::tripleo::profile::pacemaker::cinder::backup"