diff options
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/compute.yaml | 181 | ||||
-rw-r--r-- | puppet/services/ceilometer-base.yaml | 6 | ||||
-rw-r--r-- | puppet/services/ceph-mon.yaml | 2 | ||||
-rw-r--r-- | puppet/services/cinder-backup.yaml | 47 | ||||
-rw-r--r-- | puppet/services/gnocchi-base.yaml | 12 | ||||
-rw-r--r-- | puppet/services/nova-base.yaml | 18 | ||||
-rw-r--r-- | puppet/services/nova-compute.yaml | 30 | ||||
-rw-r--r-- | puppet/services/nova-libvirt.yaml | 6 | ||||
-rw-r--r-- | puppet/services/nova-vncproxy.yaml | 10 | ||||
-rw-r--r-- | puppet/services/pacemaker/cinder-backup.yaml | 49 |
10 files changed, 177 insertions, 184 deletions
diff --git a/puppet/compute.yaml b/puppet/compute.yaml index f8aef35f..bd2eee18 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -4,36 +4,6 @@ description: > OpenStack hypervisor node configured via Puppet. parameters: - AdminPassword: - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - CeilometerComputeAgent: - description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly - type: string - default: '' - constraints: - - allowed_values: ['', Present] - CeilometerMeteringSecret: - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - description: The password for the ceilometer service account. - type: string - hidden: true - CinderEnableNfsBackend: - default: false - description: Whether to enable or not the NFS backend for Cinder - type: boolean - CinderEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Cinder - type: boolean - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string ExtraConfig: default: {} description: | @@ -46,9 +16,6 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - GlanceHost: - type: string - default: '' # Has to be here because of the ignored empty value bug NovaImage: type: string default: overcloud-full @@ -64,16 +31,6 @@ parameters: default: default constraints: - custom_constraint: nova.keypair - KeystoneAdminApiVirtualIP: - type: string - default: '' - KeystonePublicApiVirtualIP: - type: string - default: '' - NeutronPassword: - description: The password for the neutron service account, used by neutron agents. - type: string - hidden: true NeutronPhysicalBridge: default: 'br-ex' description: An OVS bridge to create for accessing external networks. @@ -88,9 +45,6 @@ parameters: NovaApiHost: type: string default: '' # Has to be here because of the ignored empty value bug - NovaComputeDriver: - type: string - default: libvirt.LibvirtDriver NovaComputeExtraConfig: default: {} description: | @@ -100,61 +54,9 @@ parameters: NovaComputeIPs: default: {} type: json - NovaComputeLibvirtType: - type: string - default: kvm - NovaComputeLibvirtVifDriver: - default: '' - description: Libvirt VIF driver configuration for the network - type: string - NovaEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Nova - type: boolean - NovaIPv6: - default: false - description: Enable IPv6 features in Nova - type: boolean - NovaPassword: - description: The password for the nova service account, used by nova-api. - type: string - hidden: true NovaPublicIP: type: string default: '' # Has to be here because of the ignored empty value bug - NovaOVSBridge: - default: 'br-int' - description: Name of integration bridge used by Open vSwitch - type: string - NovaSecurityGroupAPI: - default: 'neutron' - description: The full class name of the security API class - type: string - RabbitHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - UpgradeLevelNovaCompute: - type: string - description: Nova Compute upgrade level - default: '' EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -390,59 +292,11 @@ resources: mapped_data: {get_param: ExtraConfig} compute: mapped_data: - cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} - nova::use_ipv6: {get_input: nova_ipv6} - nova::debug: {get_input: debug} - nova::rabbit_userid: {get_input: rabbit_username} - nova::rabbit_password: {get_input: rabbit_password} - nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - nova::rabbit_port: {get_input: rabbit_client_port} - nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute} - nova_compute_driver: {get_input: nova_compute_driver} - # TODO(emilien): move libvirt & migration parameters in libvirt profile - # used to deploy libvirt/kvm dependencies: - nova::compute::libvirt::services::libvirt_virt_type: {get_input: nova_compute_libvirt_type} - # used to configured nova.conf: - nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} - nova::compute::neutron::libvirt_vif_driver: {get_input: nova_compute_libvirt_vif_driver} nova_api_host: {get_input: nova_api_host} nova::compute::vncproxy_host: {get_input: nova_public_ip} - nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend} - # TUNNELLED mode provides a security enhancement when using shared storage but is not - # supported when not using shared storage. - # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 - # In future versions of QEMU (2.6, mostly), Dan's native encryption - # work will obsolete the need to use TUNNELLED transport mode. - nova::migration::live_migration_tunnelled: {get_input: nova_enable_rbd_backend} - rbd_persistent_storage: {get_input: cinder_enable_rbd_backend} - nova_password: {get_input: nova_password} nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address} - nova::vncproxy::common::vncproxy_protocol: {get_input: nova_vncproxy_protocol} - nova::vncproxy::common::vncproxy_host: {get_input: nova_vncproxy_host} - nova::vncproxy::common::vncproxy_port: {get_input: nova_vncproxy_port} - nova::network::neutron::neutron_ovs_bridge: {get_input: nova_ovs_bridge} - nova::network::neutron::security_group_api: {get_input: nova_security_group_api} - ceilometer::debug: {get_input: debug} - ceilometer::rabbit_userid: {get_input: rabbit_username} - ceilometer::rabbit_password: {get_input: rabbit_password} - ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - ceilometer::rabbit_port: {get_input: rabbit_client_port} - ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret} - ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} - ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url} - nova::glance_api_servers: {get_input: glance_api_servers} - neutron::debug: {get_input: debug} - neutron::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_user: {get_input: rabbit_username} - neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - neutron::rabbit_port: {get_input: rabbit_client_port} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} - nova::network::neutron::neutron_password: {get_input: neutron_password} - nova::network::neutron::neutron_url: {get_input: neutron_internal_url} - nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url} - keystone_public_api_virtual_ip: {get_input: keystone_vip} - admin_password: {get_input: admin_password} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -454,45 +308,10 @@ resources: config: {get_resource: NovaComputeConfig} server: {get_resource: NovaCompute} input_values: - cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} - debug: {get_param: Debug} - nova_compute_driver: {get_param: NovaComputeDriver} - nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType} - nova_compute_libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver} nova_public_ip: {get_param: NovaPublicIP} nova_api_host: {get_param: NovaApiHost} - nova_password: {get_param: NovaPassword} - nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend} - nova_ipv6: {get_param: NovaIPv6} - cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]} - nova_vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} - # Remove brackets that may come if the IP address is IPv6. - # For DNS names and IPv4, this will just get the NovaVNCProxyPublic value - nova_vncproxy_host: - str_replace: - template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]} - params: - '[': '' - ']': '' - nova_vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} - nova_ovs_bridge: {get_param: NovaOVSBridge} - nova_security_group_api: {get_param: NovaSecurityGroupAPI} - upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute} - ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} - ceilometer_password: {get_param: CeilometerPassword} - ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} - neutron_password: {get_param: NeutronPassword} - neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]} - neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} - keystone_vip: {get_param: KeystonePublicApiVirtualIP} - admin_password: {get_param: AdminPassword} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_client_port: {get_param: RabbitClientPort} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 1398fedb..59b4cc2a 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -35,6 +35,10 @@ parameters: default: false description: Whether to store events in ceilometer. type: boolean + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string KeystoneRegion: type: string default: 'regionOne' @@ -64,6 +68,7 @@ outputs: value: service_name: ceilometer_base config_settings: + ceilometer::debug: {get_param: Debug} ceilometer::db::database_connection: list_join: - '' @@ -111,3 +116,4 @@ outputs: ceilometer::rabbit_heartbeat_timeout_threshold: 60 ceilometer::db::database_db_max_retries: -1 ceilometer::db::database_max_retries: -1 + ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret} diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index 074d941d..28c3e5df 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -38,7 +38,7 @@ parameters: { "volumes": { "size": 5, - "pg_num: 128, + "pg_num": 128, "pgp_num": 128 } } diff --git a/puppet/services/cinder-backup.yaml b/puppet/services/cinder-backup.yaml new file mode 100644 index 00000000..25e82c87 --- /dev/null +++ b/puppet/services/cinder-backup.yaml @@ -0,0 +1,47 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Backup service configured with Puppet + +parameters: + CinderBackupBackend: + default: swift + description: The short name of the Cinder Backup backend to use. + type: string + constraints: + - allowed_values: ['swift', 'ceph'] + CinderBackupRbdPoolName: + default: backups + type: string + CephClientUserName: + default: openstack + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderBase: + type: ./cinder-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Cinder Backup role. + value: + service_name: cinder_backup + config_settings: + map_merge: + - get_attr: [CinderBase, role_data, config_settings] + - cinder::backup::ceph::backup_ceph_user: {get_param: CephClientUserName} + cinder::backup::ceph::backup_ceph_pool: {get_param: CinderBackupRbdPoolName} + cinder::backup::swift::backup_swift_container: volumebackups + step_config: + str_replace: + template: "include ::tripleo::profile::base::cinder::backup::DRIVER" + params: + DRIVER: {get_param: CinderBackupBackend} diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index 3631508e..a072e8ef 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -34,6 +34,10 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true outputs: aux_parameters: @@ -65,6 +69,14 @@ outputs: gnocchi::api::service_name: 'httpd' gnocchi::api::keystone_password: {get_param: GnocchiPassword} gnocchi::wsgi::apache::ssl: false + gnocchi::storage::coordination_url: + list_join: + - '' + - - 'redis://:' + - {get_param: RedisPassword} + - '@' + - "%{hiera('redis_vip')}" + - ':6379/' gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword} diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index ef7eaaf3..9b1b0760 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -17,6 +17,10 @@ parameters: description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true + NovaOVSBridge: + default: 'br-int' + description: Name of integration bridge used by Open vSwitch + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -45,6 +49,14 @@ parameters: description: > Remove configuration that is not generated by TripleO. Setting to false may result in configuration remnants after updates/upgrades. + NovaIPv6: + default: false + description: Enable IPv6 features in Nova + type: boolean + UpgradeLevelNovaCompute: + type: string + description: Nova Compute upgrade level + default: '' outputs: role_data: @@ -53,7 +65,7 @@ outputs: service_name: nova_base config_settings: nova::rabbit_password: {get_param: RabbitPassword} - nova::rabbit_user: {get_param: RabbitUserName} + nova::rabbit_userid: {get_param: RabbitUserName} nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} nova::rabbit_port: {get_param: RabbitClientPort} nova::database_connection: @@ -116,3 +128,7 @@ outputs: - "%{hiera('mysql_bind_host')}" nova::db::database_db_max_retries: -1 nova::db::database_max_retries: -1 + nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} + nova::use_ipv6: {get_param: NovaIPv6} + nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute} + nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge} diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index bcc3a232..19f1f02a 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -15,6 +15,22 @@ parameters: CephClientUserName: default: openstack type: string + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean + NovaComputeLibvirtVifDriver: + default: '' + description: Libvirt VIF driver configuration for the network + type: string resources: NovaBase: @@ -37,6 +53,8 @@ outputs: tripleo::profile::base::nova::nova_compute_enabled: true nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend} + rbd_persistent_storage: {get_param: CinderEnableRbdBackend} nova::compute::rbd::rbd_keyring: list_join: - '.' @@ -45,13 +63,23 @@ outputs: nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"' nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' + nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend} + # TUNNELLED mode provides a security enhancement when using shared + # storage but is not supported when not using shared storage. + # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 + # In future versions of QEMU (2.6, mostly), danpb's native + # encryption work will obsolete the need to use TUNNELLED transport + # mode. + nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend} # Changing the default from 512MB. The current templates can not deploy # overclouds with swap. On an idle compute node, we see ~1024MB of RAM # used. 2048 is suggested to account for other possible operations for # example openvswitch. nova::compute::reserved_host_memory: 2048 + nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver} + step_config: | # TODO(emilien): figure how to deal with libvirt profile. - # We'll probably threat it like we do with Neutron plugins. + # We'll probably treat it like we do with Neutron plugins. # Until then, just include it in the default nova-compute role. include tripleo::profile::base::nova::compute::libvirt diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 939b6a09..d283de4f 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -9,6 +9,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + NovaComputeLibvirtType: + type: string + default: kvm resources: NovaBase: @@ -30,5 +33,8 @@ outputs: nova::compute::libvirt::migration_support: false tripleo::profile::base::nova::manage_migration: true tripleo::profile::base::nova::libvirt_enabled: true + nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType} + nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType} + step_config: | include tripleo::profile::base::nova::libvirt diff --git a/puppet/services/nova-vncproxy.yaml b/puppet/services/nova-vncproxy.yaml index 0b9cef38..a1517011 100644 --- a/puppet/services/nova-vncproxy.yaml +++ b/puppet/services/nova-vncproxy.yaml @@ -25,5 +25,15 @@ outputs: map_merge: - get_attr: [NovaBase, role_data, config_settings] - nova::vncproxy::enabled: true + nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} + # Remove brackets that may come if the IP address is IPv6. + # For DNS names and IPv4, this will just get NovaVNCProxyPublic + nova::vncproxy::common::vncproxy_host: + str_replace: + template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]} + params: + '[': '' + ']': '' + nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} step_config: | include tripleo::profile::base::nova::vncproxy diff --git a/puppet/services/pacemaker/cinder-backup.yaml b/puppet/services/pacemaker/cinder-backup.yaml new file mode 100644 index 00000000..706717e4 --- /dev/null +++ b/puppet/services/pacemaker/cinder-backup.yaml @@ -0,0 +1,49 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Cinder Backup service with Pacemaker configured with Puppet + +parameters: + CinderBackupBackend: + default: swift + description: The short name of the Cinder Backup backend to use. + type: string + constraints: + - allowed_values: ['swift', 'ceph'] + CinderBackupRbdPoolName: + default: backups + type: string + CephClientUserName: + default: openstack + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + CinderBackupBase: + type: ../cinder-backup.yaml + properties: + EndpointMap: {get_param: EndpointMap} + CinderBackupBackend: {get_param: CinderBackupBackend} + CinderBackupRbdPoolName: {get_param: CinderBackupRbdPoolName} + CephClientUserName: {get_param: CephClientUserName} + +outputs: + role_data: + description: Role data for the Cinder Backup role. + value: + service_name: cinder_backup + config_settings: + map_merge: + - get_attr: [CinderBackupBase, role_data, config_settings] + - cinder::backup::manage_service: false + cinder::backup::enabled: false + step_config: + list_join: + - "\n" + - - get_attr: [CinderBackupBase, role_data, step_config] + - "include ::tripleo::profile::pacemaker::cinder::backup" |