diff options
Diffstat (limited to 'puppet')
31 files changed, 330 insertions, 98 deletions
diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index 625ff4d9..11113eec 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -32,7 +32,7 @@ parameters: default: 'regionOne' description: Keystone region for endpoint NovaPassword: - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 85520fc0..18707b9a 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -513,14 +513,27 @@ resources: fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} + {%- if 'primary' in role.tags and 'controller' in role.tags %} + tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} + {%- endif -%} # Resource for site-specific injection of root certificate NodeTLSCAData: - depends_on: {{role.name}}Deployment + depends_on: NetworkDeployment type: OS::TripleO::NodeTLSCAData properties: server: {get_resource: {{role.name}}} + {%- if 'primary' in role.tags and 'controller' in role.tags %} + # Resource for site-specific passing of private keys/certificates + NodeTLSData: + depends_on: NodeTLSCAData + type: OS::TripleO::NodeTLSData + properties: + server: {get_resource: {{role.name}}} + NodeIndex: {get_param: NodeIndex} + {%- endif -%} + # Hook for site-specific additional pre-deployment config, e.g extra hieradata {{role.name}}ExtraConfigPre: depends_on: {{role.name}}Deployment @@ -534,7 +547,13 @@ resources: # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: - depends_on: [{{role.name}}ExtraConfigPre, NodeTLSCAData] + depends_on: + - {{role.name}}ExtraConfigPre + {%- if 'primary' in role.tags and 'controller' in role.tags %} + - NodeTLSData + {%- else %} + - NodeTLSCAData + {%- endif %} type: OS::TripleO::NodeExtraConfig # We have to use conditions here so that we don't break backwards # compatibility with templates everywhere @@ -674,6 +693,14 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" - 6 - 0 - keys: {hostname: {get_param: Hostname}} + {%- if 'primary' in role.tags and 'controller' in role.tags %} + tls_key_modulus_md5: + description: MD5 checksum of the TLS Key Modulus + value: {get_attr: [NodeTLSData, key_modulus_md5]} + tls_cert_modulus_md5: + description: MD5 checksum of the TLS Certificate Modulus + value: {get_attr: [NodeTLSData, cert_modulus_md5]} + {%- endif %} os_collect_config: description: The os-collect-config configuration associated with this server resource value: {get_attr: [{{role.name}}, os_collect_config]} diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index d9b61ccd..f84edde0 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -30,6 +30,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + GnocchiExternalProject: + default: 'service' + description: Project name of resources creator in Gnocchi. + type: string MonitoringSubscriptionAodhApi: default: 'overcloud-ceilometer-aodh-api' type: string @@ -85,6 +89,7 @@ outputs: aodh::wsgi::apache::wsgi_process_display_name: 'aodh_wsgi' aodh::api::service_name: 'httpd' aodh::api::enable_proxy_headers_parsing: true + aodh::api::gnocchi_external_project_owner: {get_param: GnocchiExternalProject} aodh::policy::policies: {get_param: AodhApiPolicies} tripleo.aodh_api.firewall_rules: '128 aodh-api': diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index aa025684..29629461 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -40,7 +40,7 @@ parameters: type: string hidden: true SwiftPassword: - description: The password for the swift service account, used by the Ceph RGW services. + description: The password for the swift service account type: string hidden: true KeystoneRegion: diff --git a/puppet/services/cinder-backend-dellps.yaml b/puppet/services/cinder-backend-dellps.yaml index caa2f2f7..388e49b7 100644 --- a/puppet/services/cinder-backend-dellps.yaml +++ b/puppet/services/cinder-backend-dellps.yaml @@ -31,6 +31,9 @@ parameters: CinderDellPsSanPassword: type: string hidden: true + CinderDellPsSanPrivateKey: + type: string + default: '' CinderDellPsSanThinProvision: type: boolean default: true @@ -87,6 +90,7 @@ outputs: cinder::backend::eqlx::san_ip: {get_param: CinderDellPsSanIp} cinder::backend::eqlx::san_login: {get_param: CinderDellPsSanLogin} cinder::backend::eqlx::san_password: {get_param: CinderDellPsSanPassword} + cinder::backend::eqlx::san_private_key: {get_param: CinderDellPsSanPrivateKey} cinder::backend::eqlx::san_thin_provision: {get_param: CinderDellPsSanThinProvision} cinder::backend::eqlx::eqlx_group_name: {get_param: CinderDellPsGroupname} cinder::backend::eqlx::eqlx_pool: {get_param: CinderDellPsPool} diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 8842a0ca..abbe7a22 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -51,7 +51,7 @@ parameters: description: Whether to use Galera instead of regular MariaDB. type: boolean NovaPassword: - description: The password for the nova db account + description: The password for the nova service and db account type: string hidden: true EnableInternalTLS: diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index d15b30cb..2a6a89e9 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -5,7 +5,7 @@ description: > parameters: RedisPassword: - description: The password for Redis + description: The password for the redis service account. type: string hidden: true RedisFDLimit: diff --git a/puppet/services/external-swift-proxy.yaml b/puppet/services/external-swift-proxy.yaml index a4a25d9e..ac1f11ac 100644 --- a/puppet/services/external-swift-proxy.yaml +++ b/puppet/services/external-swift-proxy.yaml @@ -44,7 +44,7 @@ parameters: type: string default: 'service' SwiftPassword: - description: The password for the swift service account, used by the swift proxy services. + description: The password for the swift service account type: string hidden: true KeystoneRegion: diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 0af132e7..a37135da 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -51,7 +51,7 @@ parameters: description: Whether or not to enable the HAProxy stats interface. type: boolean RedisPassword: - description: The password for Redis + description: The password for the redis service account. type: string hidden: true MonitoringSubscriptionHaproxy: diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 070bd7c7..28bb8658 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -153,5 +153,5 @@ outputs: when: heat_api_cfn_apache.rc == 0 - name: Stop and disable heat_api_cfn service (pre-upgrade not under httpd) tags: step1 - when: heat_api_cfn_apache.rc == 0 + when: heat_api_cfn_enabled.rc == 0 service: name=openstack-heat-api-cfn state=stopped enabled=no diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml index 160b4e4a..7d43f685 100644 --- a/puppet/services/manila-scheduler.yaml +++ b/puppet/services/manila-scheduler.yaml @@ -32,7 +32,7 @@ parameters: type: json NovaPassword: type: string - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account hidden: true NeutronPassword: description: The password for the neutron service and db account, used by neutron agents. diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml index f2b062e0..a9ffabe5 100644 --- a/puppet/services/monitoring/sensu-client.yaml +++ b/puppet/services/monitoring/sensu-client.yaml @@ -31,8 +31,9 @@ parameters: via parameter_defaults in the resource registry. type: json AdminPassword: - description: Keystone admin user password + description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string + hidden: true KeystoneRegion: default: 'regionOne' description: Keystone region for endpoint diff --git a/puppet/services/network/contrail-analytics.yaml b/puppet/services/network/contrail-analytics.yaml index 51ecbf29..c60ffcd0 100644 --- a/puppet/services/network/contrail-analytics.yaml +++ b/puppet/services/network/contrail-analytics.yaml @@ -33,6 +33,26 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ContrailAnalyticsCollectorHttp: + default: 8089 + description: Contrail Analytics Collector http port + type: number + ContrailAnalyticsCollectorSandesh: + default: 8086 + description: Contrail Analytics Collector sandesh port + type: number + ContrailAnalyticsHttp: + default: 8090 + description: Contrail Analytics http port + type: number + ContrailAnalyticsRedis: + default: 6379 + description: Contrail Analytics redis port + type: number + ContrailAnalyticsApi: + default: 8081 + description: Contrail Analytics Api port + type: number resources: ContrailBase: @@ -41,7 +61,6 @@ resources: ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} @@ -53,14 +72,14 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::analytics::collector_http_server_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, port]} - contrail::analytics::collector_sandesh_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, port]} + - contrail::analytics::collector_http_server_port: {get_param: ContrailAnalyticsCollectorHttp} + contrail::analytics::collector_sandesh_port: {get_param: ContrailAnalyticsCollectorSandesh} contrail::analytics::host_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} - contrail::analytics::http_server_port: {get_param: [EndpointMap, ContrailAnalyticsHttpInternal, port]} + contrail::analytics::http_server_port: {get_param: ContrailAnalyticsHttp} contrail::analytics::listen_ip_address: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} contrail::analytics::redis_server: '127.0.0.1' - contrail::analytics::redis_server_port: {get_param: [EndpointMap, ContrailAnalyticsRedisInternal, port]} + contrail::analytics::redis_server_port: {get_param: ContrailAnalyticsRedis} contrail::analytics::rest_api_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} - contrail::analytics::rest_api_port: {get_param: [EndpointMap, ContrailAnalyticsApiInternal, port]} + contrail::analytics::rest_api_port: {get_param: ContrailAnalyticsApi} step_config: | include ::tripleo::network::contrail::analytics diff --git a/puppet/services/network/contrail-base.yaml b/puppet/services/network/contrail-base.yaml index 9ee8a651..77c30bd9 100644 --- a/puppet/services/network/contrail-base.yaml +++ b/puppet/services/network/contrail-base.yaml @@ -30,16 +30,16 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - ContrailAAAMode: + AAAMode: description: AAAmode can be no-auth, cloud-admin or rbac type: string default: 'rbac' - ContrailAAAModeAnalytics: + AAAModeAnalytics: description: AAAmode for analytics can be no-auth, cloud-admin or rbac type: string default: 'no-auth' AdminPassword: - description: Keystone admin user password + description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true AdminTenantName: @@ -47,25 +47,33 @@ parameters: type: string default: 'admin' AdminToken: - description: Keystone admin token + description: The keystone auth secret and db password. type: string hidden: true AdminUser: description: Keystone admin user name type: string default: 'admin' - AuthPortSSL: - default: 13357 - description: Keystone SSL port - type: number - AuthPortSSLPublic: - default: 13000 - description: Keystone Public SSL port - type: number ContrailAuth: default: 'keystone' description: Keystone authentication method type: string + ContrailAnalyticsVIP: + default: '' + description: Contrail Analytics Api Virtual IP address + type: string + ContrailConfigPort: + default: 8082 + description: Contrail Config Api port + type: number + ContrailConfigVIP: + default: '' + description: Contrail Config Virtual IP address + type: string + ContrailDiscoveryPort: + default: 5998 + description: Contrail Config Api port + type: number ContrailInsecure: default: false description: Keystone insecure mode @@ -74,6 +82,14 @@ parameters: default: '127.0.0.1:12111' description: Memcached server type: string + ContrailVIP: + default: '' + description: Contrail VIP + type: string + ContrailWebuiVIP: + default: '' + description: Contrail Webui Virtual IP address + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -87,29 +103,49 @@ parameters: description: Set rabbit subscriber port, change this if using SSL type: number +conditions: + contrail_config_vip_unset: {equals : [{get_param: ContrailConfigVIP}, '']} + contrail_analytics_vip_unset: {equals : [{get_param: ContrailAnalyticsVIP}, '']} + contrail_webui_vip_unset: {equals : [{get_param: ContrailWebuiVIP}, '']} + outputs: role_data: description: Shared role data for the Contrail services. value: service_name: contrail_base config_settings: - contrail::aaa_mode: {get_param: ContrailAAAMode} - contrail::analytics_aaa_mode: {get_param: ContrailAAAModeAnalytics} - contrail::admin_password: {get_param: AdminPassword} - contrail::admin_tenant_name: {get_param: AdminTenantName} - contrail::admin_token: {get_param: AdminToken} - contrail::admin_user: {get_param: AdminUser} - contrail::auth: {get_param: ContrailAuth} - contrail::auth_host: {get_param: [EndpointMap, KeystonePublic, host] } - contrail::auth_port: {get_param: [EndpointMap, KeystoneAdmin, port] } - contrail::auth_port_ssl: {get_param: AuthPortSSL } - contrail::auth_port_public: {get_param: [EndpointMap, KeystonePublic, port] } - contrail::auth_port_ssl_public: {get_param: AuthPortSSLPublic } - contrail::auth_protocol: {get_param: [EndpointMap, KeystoneInternal, protocol] } - contrail::api_port: {get_param: [EndpointMap, ContrailConfigInternal, port] } - contrail::disc_server_port: {get_param: [EndpointMap, ContrailDiscoveryInternal, port] } - contrail::insecure: {get_param: ContrailInsecure} - contrail::memcached_server: {get_param: ContrailMemcachedServer} - contrail::rabbit_password: {get_param: RabbitPassword} - contrail::rabbit_user: {get_param: RabbitUserName} - contrail::rabbit_port: {get_param: RabbitClientPort} + map_merge: + - contrail::aaa_mode: {get_param: AAAMode} + contrail::analytics_aaa_mode: {get_param: AAAModeAnalytics} + contrail::admin_password: {get_param: AdminPassword} + contrail::admin_tenant_name: {get_param: AdminTenantName} + contrail::admin_token: {get_param: AdminToken} + contrail::admin_user: {get_param: AdminUser} + contrail::auth: {get_param: ContrailAuth} + contrail::auth_host: {get_param: [EndpointMap, KeystoneAdmin, host] } + contrail::auth_port: {get_param: [EndpointMap, KeystoneAdmin, port] } + contrail::auth_port_public: {get_param: [EndpointMap, KeystonePublic, port] } + contrail::auth_protocol: {get_param: [EndpointMap, KeystonePublic, protocol] } + contrail::api_port: {get_param: ContrailConfigPort } + contrail::disc_server_port: {get_param: ContrailDiscoveryPort } + contrail::insecure: {get_param: ContrailInsecure} + contrail::memcached_server: {get_param: ContrailMemcachedServer} + contrail::rabbit_password: {get_param: RabbitPassword} + contrail::rabbit_user: {get_param: RabbitUserName} + contrail::rabbit_port: {get_param: RabbitClientPort} + contrail::vip: {get_param: ContrailVIP} + - + if: + - contrail_config_vip_unset + - {} + - contrail_config_vip: {get_param: ContrailConfigVIP} + - + if: + - contrail_webui_vip_unset + - {} + - contrail_webui_vip: {get_param: ContrailWebuiVIP} + - + if: + - contrail_analytics_vip_unset + - {} + - contrail_analytics_vip: {get_param: ContrailAnalyticsVIP} diff --git a/puppet/services/network/contrail-config.yaml b/puppet/services/network/contrail-config.yaml index d11cf6d0..210c81d7 100644 --- a/puppet/services/network/contrail-config.yaml +++ b/puppet/services/network/contrail-config.yaml @@ -41,6 +41,10 @@ parameters: description: Ifmap user password type: string default: 'api-server' + ContrailConfigPort: + default: 8082 + description: Contrail Config Api port + type: number resources: ContrailBase: @@ -64,8 +68,8 @@ outputs: - contrail::config::ifmap_password: {get_param: ContrailConfigIfmapUserPassword} contrail::config::ifmap_username: {get_param: ContrailConfigIfmapUserName} contrail::config::listen_ip_address: {get_param: [ServiceNetMap, ContrailConfigNetwork]} - contrail::config::listen_port: {get_param: [EndpointMap, ContrailConfigInternal, port] } + contrail::config::listen_port: {get_param: ContrailConfigPort} contrail::config::redis_server: '127.0.0.1' - contrail::config::host_ip: {get_param: [ServiceNetMap, ContrailConfigNetwork] } + contrail::config::host_ip: {get_param: [ServiceNetMap, ContrailConfigNetwork]} step_config: | include ::tripleo::network::contrail::config diff --git a/puppet/services/network/contrail-control.yaml b/puppet/services/network/contrail-control.yaml index 529160ee..20951b0b 100644 --- a/puppet/services/network/contrail-control.yaml +++ b/puppet/services/network/contrail-control.yaml @@ -41,6 +41,10 @@ parameters: description: sda1/256 hmac key, e.g. echo -n "values" | openssl dgst -sha256 -hmac key -binary | base64 type: string hidden: true + ContrailControlManageNamed: + description: named config file mgmt + type: string + default: true resources: ContrailBase: @@ -64,5 +68,6 @@ outputs: - contrail::control::asn: {get_param: ContrailControlASN } contrail::control::host_ip: {get_param: [ServiceNetMap, ContrailControlNetwork]} contrail::control::rndc_secret: {get_param: ContrailControlRNDCSecret} + contrail::control::manage_named: {get_param: ContrailControlManageNamed} step_config: | include ::tripleo::network::contrail::control diff --git a/puppet/services/network/contrail-dpdk.yaml b/puppet/services/network/contrail-dpdk.yaml new file mode 100644 index 00000000..1f331894 --- /dev/null +++ b/puppet/services/network/contrail-dpdk.yaml @@ -0,0 +1,82 @@ +heat_template_version: pike + +description: > + OpenStack Neutron Compute OpenContrail plugin + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronMetadataProxySharedSecret: + description: Metadata Secret + type: string + hidden: true + ContrailVrouterPhysicalInterface: + default: 'eth0' + description: vRouter physical interface + type: string + ContrailVrouterGateway: + default: '192.168.24.1' + description: vRouter default gateway + type: string + ContrailVrouterNetmask: + default: '255.255.255.0' + description: vRouter netmask + type: string + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Neutron Compute OpenContrail plugin + value: + service_name: contrail_dpdk + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]} + contrail::vrouter::is_dpdk: 'true' + contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface} + contrail::vrouter::gateway: {get_param: ContrailVrouterGateway} + contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask} + contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + tripleo.neutron_compute_plugin_opencontrail.firewall_rules: + '111 neutron_compute_plugin_opencontrail proxy': + dport: + - 8097 + - 8085 + proto: tcp + step_config: | + include ::tripleo::network::contrail::vrouter diff --git a/puppet/services/network/contrail-neutron-plugin.yaml b/puppet/services/network/contrail-neutron-plugin.yaml index 95951fd5..50a6be48 100644 --- a/puppet/services/network/contrail-neutron-plugin.yaml +++ b/puppet/services/network/contrail-neutron-plugin.yaml @@ -33,7 +33,7 @@ parameters: ContrailExtensions: description: List of OpenContrail extensions to be enabled type: comma_delimited_list - default: '' + default: 'ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None' resources: ContrailBase: @@ -54,7 +54,7 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions + - neutron::api_extensions_path: '/usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions:/usr/lib/python2.7/site-packages/neutron_lbaas/extensions' contrail::vrouter::contrail_extensions: {get_param: ContrailExtensions} step_config: | include tripleo::network::contrail::neutron_plugin diff --git a/puppet/services/network/contrail-tsn.yaml b/puppet/services/network/contrail-tsn.yaml index 469e18cc..058b9dc9 100644 --- a/puppet/services/network/contrail-tsn.yaml +++ b/puppet/services/network/contrail-tsn.yaml @@ -33,15 +33,15 @@ parameters: NeutronMetadataProxySharedSecret: description: Metadata Secret type: string - VrouterPhysicalInterface: + ContrailVrouterPhysicalInterface: default: 'eth0' description: vRouter physical interface type: string - VrouterGateway: + ContrailVrouterGateway: default: '192.168.24.1' description: vRouter default gateway type: string - VrouterNetmask: + ContrailVrouterNetmask: default: '255.255.255.0' description: vRouter netmask type: string @@ -65,10 +65,10 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]} - contrail::vrouter::physical_interface: {get_param: VrouterPhysicalInterface} - contrail::vrouter::gateway: {get_param: VrouterGateway} - contrail::vrouter::netmask: {get_param: VrouterNetmask} + - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]} + contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface} + contrail::vrouter::gateway: {get_param: ContrailVrouterGateway} + contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask} contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} contrail::vrouter::is_tsn: 'true' tripleo.neutron_compute_plugin_opencontrail.firewall_rules: diff --git a/puppet/services/network/contrail-vrouter.yaml b/puppet/services/network/contrail-vrouter.yaml index d36a5651..981fe2fb 100644 --- a/puppet/services/network/contrail-vrouter.yaml +++ b/puppet/services/network/contrail-vrouter.yaml @@ -46,6 +46,10 @@ parameters: default: '255.255.255.0' description: vRouter netmask type: string + ContrailVrouterControlNodeIps: + description: List of Contrail Node IPs + type: comma_delimited_list + default: '' resources: ContrailBase: @@ -66,14 +70,16 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]} + - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]} contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface} contrail::vrouter::gateway: {get_param: ContrailVrouterGateway} contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask} contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - tripleo.neutron_compute_plugin_opencontrail.firewall_rules: - '111 neutron_compute_plugin_opencontrail proxy': + contrail::vrouter::control_node_ips: {get_param: ContrailVrouterControlNodeIps} + tripleo.contrail_vrouter.firewall_rules: + '111 contrail_vrouter_8085': + dport: 8085 + '112 contrail_vrouter_8097': dport: 8097 - proto: tcp step_config: | include ::tripleo::network::contrail::vrouter diff --git a/puppet/services/network/contrail-webui.yaml b/puppet/services/network/contrail-webui.yaml index aa73fb94..8f96643f 100644 --- a/puppet/services/network/contrail-webui.yaml +++ b/puppet/services/network/contrail-webui.yaml @@ -33,6 +33,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ContrailWebuiHttp: + default: 8080 + description: Contrail Webui http port + type: number + ContrailWebuiHttps: + default: 8143 + description: Contrail Webui https port + type: number resources: ContrailBase: @@ -53,8 +61,8 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::webui::http_port: {get_param: [EndpointMap, ContrailWebuiHttpInternal, port] } - contrail::webui::https_port: {get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] } + - contrail::webui::http_port: {get_param: ContrailWebuiHttp } + contrail::webui::https_port: {get_param: ContrailWebuiHttps } contrail::webui::redis_ip: '127.0.0.1' step_config: | include ::tripleo::network::contrail::webui diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index d650b11f..459a968a 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -50,7 +50,7 @@ parameters: description: Allow automatic l3-agent failover type: string NovaPassword: - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true NeutronEnableDVR: diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml index 5842149f..f1a56530 100644 --- a/puppet/services/neutron-compute-plugin-nuage.yaml +++ b/puppet/services/neutron-compute-plugin-nuage.yaml @@ -31,7 +31,7 @@ parameters: via parameter_defaults in the resource registry. type: json NovaPassword: - description: The password for the nova service account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true NuageMetadataPort: diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index a28f4672..b413fb12 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -35,7 +35,7 @@ parameters: description: Number of workers for Nova services. type: number NovaPassword: - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true KeystoneRegion: diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 82f8bc13..08302ee9 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -41,7 +41,7 @@ parameters: constraints: - allowed_values: [ 'messagingv2', 'noop' ] NovaPassword: - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true NeutronPassword: diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 5cb4ef5c..916cefd9 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -35,7 +35,7 @@ parameters: description: Number of workers for Nova services. type: number NovaPassword: - description: The password for the nova service and db account, used by nova-placement. + description: The password for the nova service and db account type: string hidden: true KeystoneRegion: diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 283bb3f3..06e8180d 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -35,7 +35,7 @@ parameters: description: Set to True to enable debugging on all services. type: string SwiftPassword: - description: The password for the swift service account, used by the swift proxy services. + description: The password for the swift service account type: string hidden: true SwiftProxyNodeTimeout: diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index 40bc1368..f9c3cbae 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -130,6 +130,7 @@ outputs: - openstack-swift-container-updater - openstack-swift-container - openstack-swift-object-auditor + - openstack-swift-object-expirer - openstack-swift-object-replicator - openstack-swift-object-updater - openstack-swift-object diff --git a/puppet/services/network/contrail-provision.yaml b/puppet/services/tuned.yaml index f3a43224..f1dec931 100644 --- a/puppet/services/network/contrail-provision.yaml +++ b/puppet/services/tuned.yaml @@ -1,7 +1,7 @@ -heat_template_version: pike +heat_template_version: ocata description: > - Provision Contrail services after deployment + Configure tuned parameters: ServiceData: @@ -17,6 +17,11 @@ parameters: DefaultPasswords: default: {} type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json RoleName: default: '' description: Role name on which the service is applied @@ -25,30 +30,21 @@ parameters: default: {} description: Parameters specific to the role type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - ContrailBase: - type: ./contrail-base.yaml - properties: - ServiceData: {get_param: ServiceData} - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} + TunedProfileName: + default: '' + description: Tuned Profile to apply to the host + type: string outputs: role_data: - description: Contrail provisioning role + description: Role data for tuned value: - service_name: contrail_provision + service_name: tuned config_settings: - map_merge: - - get_attr: [ContrailBase, role_data, config_settings] + map_replace: + - map_replace: + - tripleo::profile::base::tuned::profile: TunedProfileName + - values: {get_param: RoleParameters} + - values: {'TunedProfileName': {get_param: TunedProfileName}} step_config: | - include ::tripleo::network::contrail::provision + include ::tripleo::profile::base::tuned diff --git a/puppet/services/veritas-hyperscale-controller.yaml b/puppet/services/veritas-hyperscale-controller.yaml index bcb9e38f..fe641ad6 100644 --- a/puppet/services/veritas-hyperscale-controller.yaml +++ b/puppet/services/veritas-hyperscale-controller.yaml @@ -19,13 +19,41 @@ description: > parameters: VrtsRabbitPassword: type: string - default: '' + description: The Rabbitmq password of the hyperscale user. Mandatory. VrtsKeystonePassword: type: string - default: '' + description: The Keystone password of the hyperscale service. Mandatory. VrtsMysqlPassword: type: string + description: The MySQL password of the hyperscale user. Mandatory. + VrtsCtrlMgmtIP: + type: string + default: '' + description: The management IP of HyperScale. The value will be inferred + from the rest of the deployment settings if left blank. + VrtsDashboardIP: + type: string + default: '' + description: The dashboard IP of HyperScale. The value will be inferred + from the rest of the deployment settings if left blank. + VrtsZookeeperIP: + type: string + description: The IP of a node where Zookeeper is configured. Mandatory. + VrtsSSHPassword: + type: string + description: The SSH password of the hyperscale user. Mandatory. + VrtsConfigParam1: + type: string + default: '' + description: Additional config parameter. Optional. + VrtsConfigParam2: + type: string + default: '' + description: Additional config parameter. Optional. + VrtsConfigParam3: + type: string default: '' + description: Additional config parameter. Optional. ServiceData: default: {} description: Dictionary packing service data @@ -59,6 +87,14 @@ outputs: value: service_name: veritas_hyperscale_controller config_settings: + global_config_settings: + vrts_ctrl_mgmt_ip: {get_param: VrtsCtrlMgmtIP} + vrts_dashboard_ip: {get_param: VrtsDashboardIP} + vrts_zookeeper_ip: {get_param: VrtsZookeeperIP} + vrts_ssh_passwd: {get_param: VrtsSSHPassword} + vrts_config_param1: {get_param: VrtsConfigParam1} + vrts_config_param2: {get_param: VrtsConfigParam2} + vrts_config_param3: {get_param: VrtsConfigParam3} step_config: | include ::veritas_hyperscale::controller_pkg_inst service_config_settings: diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index 21857423..4a1ad179 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -105,7 +105,7 @@ outputs: - {get_param: ZaqarDebug } zaqar::server::service_name: 'httpd' zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} - zaqar::wsgi::apache::ssl: false + zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS} zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]} zaqar::message_pipeline: 'zaqar.notification.notifier' zaqar::unreliable: true @@ -178,6 +178,8 @@ outputs: - {} step_config: | include ::tripleo::profile::base::zaqar + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: yaql: expression: $.data.apache_upgrade + $.data.zaqar_upgrade |