diff options
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/all-nodes-config.yaml | 37 | ||||
| -rw-r--r-- | puppet/ceph-storage-post.yaml | 1 | ||||
| -rw-r--r-- | puppet/cinder-storage-post.yaml | 1 | ||||
| -rw-r--r-- | puppet/cinder-storage.yaml | 12 | ||||
| -rw-r--r-- | puppet/compute-post.yaml | 1 | ||||
| -rw-r--r-- | puppet/controller-post.yaml | 1 | ||||
| -rw-r--r-- | puppet/controller.yaml | 92 | ||||
| -rw-r--r-- | puppet/services/horizon.yaml | 13 | ||||
| -rw-r--r-- | puppet/services/pacemaker.yaml | 57 | ||||
| -rw-r--r-- | puppet/services/snmp.yaml | 4 | ||||
| -rw-r--r-- | puppet/services/tripleo-firewall.yaml | 11 | ||||
| -rw-r--r-- | puppet/swift-devices-and-proxy-config.yaml | 10 | ||||
| -rw-r--r-- | puppet/swift-storage-post.yaml | 1 | ||||
| -rw-r--r-- | puppet/vip-config.yaml | 93 |
14 files changed, 132 insertions, 202 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index a43e9645..bc9a2720 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -12,20 +12,19 @@ parameters: type: comma_delimited_list service_ips: type: json + service_node_names: + type: json controller_names: type: comma_delimited_list - rabbit_node_ips: - type: comma_delimited_list memcache_node_ips: type: comma_delimited_list keystone_public_api_node_ips: type: comma_delimited_list keystone_admin_api_node_ips: type: comma_delimited_list - ceph_mon_node_names: - type: comma_delimited_list DeployIdentifier: type: string + default: '' description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. @@ -76,6 +75,7 @@ resources: str_split: [',', {get_param: enabled_services}] # provides a mapping of service_name_ips to a list of IPs - {get_param: service_ips} + - {get_param: service_node_names} - controller_node_ips: list_join: - ',' @@ -84,18 +84,6 @@ resources: list_join: - ',' - {get_param: controller_names} - galera_node_names: - list_join: - - ',' - - {get_param: controller_names} - rabbitmq_node_ips: &rabbit_nodes_array - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: rabbit_node_ips} memcached_node_ips_v6: str_replace: template: "['inet6:[SERVERS_LIST]']" @@ -120,23 +108,6 @@ resources: list_join: - "','" - {get_param: keystone_admin_api_node_ips} - tripleo::profile::base::ceph::ceph_mon_initial_members: - list_join: - - ',' - - {get_param: ceph_mon_node_names} - # NOTE(gfidente): interpolation with %{} in the - # hieradata file can't be used as it returns string - ceilometer::rabbit_hosts: *rabbit_nodes_array - aodh::rabbit_hosts: *rabbit_nodes_array - cinder::rabbit_hosts: *rabbit_nodes_array - glance::notify::rabbitmq::rabbit_hosts: *rabbit_nodes_array - manila::rabbit_hosts: *rabbit_nodes_array - heat::rabbit_hosts: *rabbit_nodes_array - neutron::rabbit_hosts: *rabbit_nodes_array - nova::rabbit_hosts: *rabbit_nodes_array - keystone::rabbit_hosts: *rabbit_nodes_array - sahara::rabbit_hosts: *rabbit_nodes_array - ironic::rabbit_hosts: *rabbit_nodes_array deploy_identifier: {get_param: DeployIdentifier} update_identifier: {get_param: UpdateIdentifier} diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml index a83e0cfe..df6b7249 100644 --- a/puppet/ceph-storage-post.yaml +++ b/puppet/ceph-storage-post.yaml @@ -15,6 +15,7 @@ parameters: default: {} DeployIdentifier: type: string + default: '' description: Value which changes if the node configuration may need to be re-applied resources: diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml index 6416c43e..0620bc6c 100644 --- a/puppet/cinder-storage-post.yaml +++ b/puppet/cinder-storage-post.yaml @@ -10,6 +10,7 @@ parameters: type: json DeployIdentifier: type: string + default: '' description: Value which changes if the node configuration may need to be re-applied RoleData: type: json diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index 26906532..bc26df75 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -30,14 +30,6 @@ parameters: default: default description: Name of an existing Nova key pair to enable SSH access to the instances type: string - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true UpdateIdentifier: default: '' type: string @@ -235,8 +227,6 @@ resources: server: {get_resource: BlockStorage} config: {get_resource: BlockStorageConfig} input_values: - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} # Map heat metadata into hiera datafiles @@ -274,8 +264,6 @@ resources: volume: mapped_data: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} # Resource for site-specific injection of root certificate NodeTLSCAData: diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml index d0c6082c..358ec5a8 100644 --- a/puppet/compute-post.yaml +++ b/puppet/compute-post.yaml @@ -15,6 +15,7 @@ parameters: default: {} DeployIdentifier: type: string + default: '' description: Value which changes if the node configuration may need to be re-applied resources: diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml index 4af6cb46..c97c3bc8 100644 --- a/puppet/controller-post.yaml +++ b/puppet/controller-post.yaml @@ -15,6 +15,7 @@ parameters: default: {} DeployIdentifier: type: string + default: '' description: Value which changes if the node configuration may need to be re-applied resources: diff --git a/puppet/controller.yaml b/puppet/controller.yaml index a6efe1aa..4fec2958 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -23,18 +23,10 @@ parameters: ... } type: json - CorosyncIPv6: - default: false - description: Enable IPv6 in Corosync - type: boolean Debug: default: '' description: Set to True to enable debugging on all services. type: string - EnableFencing: - default: false - description: Whether to enable fencing in Pacemaker or not. - type: boolean EnableLoadBalancer: default: true description: Whether to deploy a LoadBalancer on the Controller @@ -45,38 +37,6 @@ parameters: Additional hieradata to inject into the cluster, note that ControllerExtraConfig takes precedence over ExtraConfig. type: json - FencingConfig: - default: {} - description: | - Pacemaker fencing configuration. The JSON should have - the following structure: - { - "devices": [ - { - "agent": "AGENT_NAME", - "host_mac": "HOST_MAC_ADDRESS", - "params": {"PARAM_NAME": "PARAM_VALUE"} - } - ] - } - For instance: - { - "devices": [ - { - "agent": "fence_xvm", - "host_mac": "52:54:00:aa:bb:cc", - "params": { - "multicast_address": "225.0.0.12", - "port": "baremetal_0", - "manage_fw": true, - "manage_key_file": true, - "key_file": "/etc/fence_xvm.key", - "key_file_password": "abcdef" - } - } - ] - } - type: json OvercloudControlFlavor: description: Flavor for control nodes to request when deploying. default: baremetal @@ -98,33 +58,13 @@ parameters: type: string constraints: - custom_constraint: nova.keypair - ManageFirewall: - default: false - description: Whether to manage IPtables rules. - type: boolean - PurgeFirewallRules: - default: false - description: Whether IPtables rules should be purged before setting up the new ones. - type: boolean NeutronPublicInterface: default: nic1 description: What interface to bridge onto br-ex for network nodes. type: string - PcsdPassword: - type: string - description: The password for the 'pcsd' user. - hidden: true - RedisPassword: - description: The password for Redis - type: string - hidden: true RedisVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug - RedisVirtualIPUri: - type: string - default: '' # Has to be here because of the ignored empty value bug - description: An IP address which is wrapped in brackets in case of IPv6 SwiftRawDisks: default: {} description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' @@ -358,17 +298,9 @@ resources: server: {get_resource: Controller} input_values: bootstack_nodeid: {get_attr: [Controller, name]} - debug: {get_param: Debug} - enable_fencing: {get_param: EnableFencing} enable_load_balancer: {get_param: EnableLoadBalancer} - manage_firewall: {get_param: ManageFirewall} - purge_firewall_rules: {get_param: PurgeFirewallRules} - corosync_ipv6: {get_param: CorosyncIPv6} - fencing_config: {get_param: FencingConfig} - pcsd_password: {get_param: PcsdPassword} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} redis_vip: {get_param: RedisVirtualIP} - ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]} # Map heat metadata into hiera datafiles ControllerConfig: @@ -421,20 +353,10 @@ resources: bootstack_nodeid: {get_input: bootstack_nodeid} # Pacemaker - enable_fencing: {get_input: enable_fencing} enable_load_balancer: {get_input: enable_load_balancer} - hacluster_pwd: {get_input: pcsd_password} - corosync_ipv6: {get_input: corosync_ipv6} - tripleo::fencing::config: {get_input: fencing_config} - # Neutron - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} # Redis redis_vip: {get_input: redis_vip} - # Firewall - tripleo::firewall::manage_firewall: {get_input: manage_firewall} - tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules} # Misc tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -570,20 +492,6 @@ outputs: template: "NETWORK_uri" params: NETWORK: {get_param: [ServiceNetMap, SwiftMgmtNetwork]} - swift_proxy_memcache: - description: Swift proxy-memcache value - value: - str_replace: - template: "IP:11211" - params: - IP: - get_attr: - - NetIpMap - - net_ip_map - - str_replace: - template: "NETWORK_uri" - params: - NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]} tls_key_modulus_md5: description: MD5 checksum of the TLS Key Modulus value: {get_attr: [NodeTLSData, key_modulus_md5]} diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index c8ec2b2b..6ea5ec4e 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -68,19 +68,6 @@ outputs: add_listen: false priority: 10 access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' - # NOTE: bind IP is found in Heat replacing the network name with the local node IP - # for the given network; replacement examples (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - apache::ip: {get_param: [ServiceNetMap, HorizonNetwork]} - apache_remote_proxy_ips_network: - str_replace: - template: "NETWORK_subnet" - params: - NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} - apache::mod::remoteip::proxy_ips: - - "%{hiera('apache_remote_proxy_ips_network')}" horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]} horizon::django_debug: {get_param: Debug} horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]} diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index 31016761..5d1d666a 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > Pacemaker service configured with Puppet @@ -21,6 +21,51 @@ parameters: MonitoringSubscriptionPacemaker: default: 'overcloud-pacemaker' type: string + CorosyncIPv6: + default: false + description: Enable IPv6 in Corosync + type: boolean + EnableFencing: + default: false + description: Whether to enable fencing in Pacemaker or not. + type: boolean + PcsdPassword: + type: string + description: The password for the 'pcsd' user for pacemaker. + hidden: true + default: '' + FencingConfig: + default: {} + description: | + Pacemaker fencing configuration. The JSON should have + the following structure: + { + "devices": [ + { + "agent": "AGENT_NAME", + "host_mac": "HOST_MAC_ADDRESS", + "params": {"PARAM_NAME": "PARAM_VALUE"} + } + ] + } + For instance: + { + "devices": [ + { + "agent": "fence_xvm", + "host_mac": "52:54:00:aa:bb:cc", + "params": { + "multicast_address": "225.0.0.12", + "port": "baremetal_0", + "manage_fw": true, + "manage_key_file": true, + "key_file": "/etc/fence_xvm.key", + "key_file_password": "abcdef" + } + } + ] + } + type: json outputs: role_data: @@ -44,5 +89,15 @@ outputs: '131 pacemaker udp': proto: 'udp' dport: 5405 + corosync_ipv6: {get_param: CorosyncIPv6} + tripleo::fencing::config: {get_param: FencingConfig} + enable_fencing: {get_param: EnableFencing} + hacluster_pwd: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: PcsdPassword} + - {get_param: [DefaultPasswords, pcsd_password]} step_config: | include ::tripleo::profile::base::pacemaker diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml index e38ccf42..4d01632d 100644 --- a/puppet/services/snmp.yaml +++ b/puppet/services/snmp.yaml @@ -35,8 +35,8 @@ outputs: value: service_name: snmp config_settings: - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName} + tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword} tripleo.snmp.firewall_rules: '127 snmp': dport: 161 diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml index 14965b4f..f6ec458f 100644 --- a/puppet/services/tripleo-firewall.yaml +++ b/puppet/services/tripleo-firewall.yaml @@ -18,11 +18,22 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ManageFirewall: + default: false + description: Whether to manage IPtables rules. + type: boolean + PurgeFirewallRules: + default: false + description: Whether IPtables rules should be purged before setting up the new ones. + type: boolean outputs: role_data: description: Role data for the TripleO firewall settings value: service_name: tripleo_firewall + config_settings: + tripleo::firewall::manage_firewall: {get_param: ManageFirewall} + tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules} step_config: | include ::tripleo::firewall diff --git a/puppet/swift-devices-and-proxy-config.yaml b/puppet/swift-devices-and-proxy-config.yaml index 14df831f..afee4dac 100644 --- a/puppet/swift-devices-and-proxy-config.yaml +++ b/puppet/swift-devices-and-proxy-config.yaml @@ -6,8 +6,6 @@ parameters: type: comma_delimited_list object_store_swift_devices: type: comma_delimited_list - controller_swift_proxy_memcaches: - type: comma_delimited_list resources: @@ -29,14 +27,6 @@ resources: - list_join: - ", " - {get_param: object_store_swift_devices} - swift::proxy::cache::memcache_servers: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: controller_swift_proxy_memcaches} outputs: config_id: diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml index 859fad2c..ebc54ab0 100644 --- a/puppet/swift-storage-post.yaml +++ b/puppet/swift-storage-post.yaml @@ -13,6 +13,7 @@ parameters: default: {} DeployIdentifier: type: string + default: '' description: Value which changes if the node configuration may need to be re-applied resources: diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml index cbd7ea09..010a941e 100644 --- a/puppet/vip-config.yaml +++ b/puppet/vip-config.yaml @@ -1,8 +1,18 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2016-10-14 description: > Configure hieradata for service -> virtual IP mappings. +parameters: + NetIpMap: + type: json + # FIXME(shardy) this can be comma_delimited_list when + # https://bugs.launchpad.net/heat/+bug/1617019 is fixed + EnabledServices: + type: string + ServiceNetMap: + type: json + resources: VipConfigImpl: type: OS::Heat::StructuredConfig @@ -13,44 +23,49 @@ resources: datafiles: vip_data: mapped_data: - keystone_admin_api_vip: {get_input: keystone_admin_api_vip} - keystone_public_api_vip: {get_input: keystone_public_api_vip} - neutron_api_vip: {get_input: neutron_api_vip} - # TODO: pass a `midonet_api_vip` var - midonet_api_vip: {get_input: neutron_api_vip} - cinder_api_vip: {get_input: cinder_api_vip} - glance_api_vip: {get_input: glance_api_vip} - glance_registry_vip: {get_input: glance_registry_vip} - sahara_api_vip: {get_input: sahara_api_vip} - swift_proxy_vip: {get_input: swift_proxy_vip} - manila_api_vip: {get_input: manila_api_vip} - nova_api_vip: {get_input: nova_api_vip} - nova_metadata_vip: {get_input: nova_metadata_vip} - ceilometer_api_vip: {get_input: ceilometer_api_vip} - aodh_api_vip: {get_input: aodh_api_vip} - gnocchi_api_vip: {get_input: gnocchi_api_vip} - heat_api_vip: {get_input: heat_api_vip} - horizon_vip: {get_input: horizon_vip} - redis_vip: {get_input: redis_vip} - mysql_vip: {get_input: mysql_vip} - public_virtual_ip: {get_input: public_virtual_ip} - controller_virtual_ip: {get_input: control_virtual_ip} - internal_api_virtual_ip: {get_input: internal_api_virtual_ip} - storage_virtual_ip: {get_input: storage_virtual_ip} - storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} - ironic_api_vip: {get_input: ironic_api_vip} - opendaylight_api_vip: {get_input: opendaylight_api_vip} - # public_virtual_ip and controller_virtual_ip are needed in - # both HAproxy & keepalived. - tripleo::haproxy::public_virtual_ip: {get_input: public_virtual_ip} - tripleo::haproxy::controller_virtual_ip: {get_input: control_virtual_ip} - tripleo::keepalived::public_virtual_ip: {get_input: public_virtual_ip} - tripleo::keepalived::controller_virtual_ip: {get_input: control_virtual_ip} - tripleo::keepalived::internal_api_virtual_ip: {get_input: internal_api_virtual_ip} - tripleo::keepalived::storage_virtual_ip: {get_input: storage_virtual_ip} - tripleo::keepalived::storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} - tripleo::redis_notification::haproxy_monitor_ip: {get_input: control_virtual_ip} - + map_merge: + # Dynamically generate per-service VIP data based on EnabledServices + # This works as follows (outer->inner functions) + # yaql - filters services where no mapping exists in ServiceNetMap + # map_replace: substitute e.g internal_api with the IP from NetIpMap + # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap + # map_merge/repeat: generate a per-service mapping + - yaql: + # This filters any entries where the value hasn't been substituted for + # a list, e.g it's still $service_network. This happens when there is + # no network defined for the service in the ServiceNetMap, which is OK + # as not all services have to be bound to a network, so we filter them + expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) + data: + map: + map_replace: + - map_replace: + - map_merge: + repeat: + template: + SERVICE_vip: SERVICE_network + for_each: + SERVICE: + str_split: [',', {get_param: EnabledServices}] + - values: {get_param: ServiceNetMap} + - values: {get_param: NetIpMap} + - keystone_admin_api_vip: {get_input: keystone_admin_api_vip} + keystone_public_api_vip: {get_input: keystone_public_api_vip} + public_virtual_ip: {get_input: public_virtual_ip} + controller_virtual_ip: {get_input: control_virtual_ip} + internal_api_virtual_ip: {get_input: internal_api_virtual_ip} + storage_virtual_ip: {get_input: storage_virtual_ip} + storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} + # public_virtual_ip and controller_virtual_ip are needed in + # both HAproxy & keepalived. + tripleo::haproxy::public_virtual_ip: {get_input: public_virtual_ip} + tripleo::haproxy::controller_virtual_ip: {get_input: control_virtual_ip} + tripleo::keepalived::public_virtual_ip: {get_input: public_virtual_ip} + tripleo::keepalived::controller_virtual_ip: {get_input: control_virtual_ip} + tripleo::keepalived::internal_api_virtual_ip: {get_input: internal_api_virtual_ip} + tripleo::keepalived::storage_virtual_ip: {get_input: storage_virtual_ip} + tripleo::keepalived::storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} + tripleo::redis_notification::haproxy_monitor_ip: {get_input: control_virtual_ip} outputs: OS::stack_id: |