summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/controller.yaml30
-rw-r--r--puppet/manifests/overcloud_controller.pp16
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp19
-rw-r--r--puppet/manifests/overcloud_object.pp64
-rw-r--r--puppet/manifests/ringbuilder.pp5
-rw-r--r--puppet/services/swift-proxy.yaml49
-rw-r--r--puppet/swift-storage-post.yaml48
7 files changed, 115 insertions, 116 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index ca38c80e..8025ff41 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -560,11 +560,6 @@ parameters:
default: true
description: Whether to manage Swift rings or not
type: boolean
- SwiftPassword:
- description: The password for the swift service account, used by the swift proxy
- services.
- hidden: true
- type: string
SwiftProxyVirtualIP:
type: string
default: ''
@@ -572,10 +567,6 @@ parameters:
type: number
default: 3
description: How many replicas to use in the swift rings.
- SwiftWorkers:
- default: 0
- description: Number of workers for Swift service.
- type: number
TimeZone:
default: 'UTC'
description: The timezone to be set on controller nodes.
@@ -824,7 +815,6 @@ resources:
cinder_workers: {get_param: CinderWorkers}
nova_workers: {get_param: NovaWorkers}
neutron_workers: {get_param: NeutronWorkers}
- swift_workers: {get_param: SwiftWorkers}
neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
haproxy_log_address: {get_param: HAProxySyslogAddress}
@@ -1059,18 +1049,11 @@ resources:
control_virtual_interface: {get_param: ControlVirtualInterface}
public_virtual_interface: {get_param: PublicVirtualInterface}
swift_hash_suffix: {get_param: SwiftHashSuffix}
- swift_password: {get_param: SwiftPassword}
swift_part_power: {get_param: SwiftPartPower}
swift_ring_build: {get_param: SwiftRingBuild}
swift_replicas: {get_param: SwiftReplicas}
swift_min_part_hours: {get_param: SwiftMinPartHours}
swift_mount_check: {get_param: SwiftMountCheck}
- swift_public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
- swift_internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
- swift_admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
- swift_public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
- swift_internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
- swift_admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
sahara_password: {get_param: SaharaPassword}
@@ -1203,26 +1186,15 @@ resources:
tripleo::fencing::config: {get_input: fencing_config}
# Swift
+ # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml
swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network}
- swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
- swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
swift::swift_hash_suffix: {get_input: swift_hash_suffix}
- swift::proxy::authtoken::admin_password: {get_input: swift_password}
- swift::proxy::workers: {get_input: swift_workers}
tripleo::ringbuilder::build_ring: { get_input: swift_ring_build }
tripleo::ringbuilder::part_power: {get_input: swift_part_power}
tripleo::ringbuilder::replicas: {get_input: swift_replicas}
tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
swift_mount_check: {get_input: swift_mount_check}
- swift::keystone::auth::public_url: {get_input: swift_public_url }
- swift::keystone::auth::internal_url: {get_input: swift_internal_url }
- swift::keystone::auth::admin_url: {get_input: swift_admin_url }
- swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 }
- swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 }
- swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 }
- swift::keystone::auth::password: {get_input: swift_password }
- swift::keystone::auth::region: {get_input: keystone_region}
# Cinder
cinder_enable_db_purge: {get_input: cinder_enable_db_purge}
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 581317ae..74f6c3ac 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -117,9 +117,6 @@ if hiera('step') >= 2 {
include ::aodh::db::mysql
}
- # pre-install swift here so we can build rings
- include ::swift
-
$enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false)
if $enable_ceph {
@@ -449,19 +446,6 @@ if hiera('step') >= 4 {
enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')),
}
- # swift proxy
- include ::swift::proxy
- include ::swift::proxy::proxy_logging
- include ::swift::proxy::healthcheck
- include ::swift::proxy::cache
- include ::swift::proxy::keystone
- include ::swift::proxy::authtoken
- include ::swift::proxy::staticweb
- include ::swift::proxy::ratelimit
- include ::swift::proxy::catch_errors
- include ::swift::proxy::tempurl
- include ::swift::proxy::formpost
-
# swift storage
if str2bool(hiera('enable_swift_storage', true)) {
class { '::swift::storage::all':
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 43301020..77b190a3 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -318,9 +318,6 @@ if hiera('step') >= 2 {
}
}
- # pre-install swift here so we can build rings
- include ::swift
-
# Ceph
$enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false)
@@ -698,22 +695,6 @@ MYSQL_HOST=localhost\n",
enabled => false,
}
- # swift proxy
- class { '::swift::proxy' :
- manage_service => $non_pcmk_start,
- enabled => $non_pcmk_start,
- }
- include ::swift::proxy::proxy_logging
- include ::swift::proxy::healthcheck
- include ::swift::proxy::cache
- include ::swift::proxy::keystone
- include ::swift::proxy::authtoken
- include ::swift::proxy::staticweb
- include ::swift::proxy::ratelimit
- include ::swift::proxy::catch_errors
- include ::swift::proxy::tempurl
- include ::swift::proxy::formpost
-
# swift storage
if str2bool(hiera('enable_swift_storage', true)) {
class {'::swift::storage::all':
diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp
index ae074589..3585c993 100644
--- a/puppet/manifests/overcloud_object.pp
+++ b/puppet/manifests/overcloud_object.pp
@@ -16,42 +16,46 @@
include ::tripleo::packages
include ::tripleo::firewall
-create_resources(kmod::load, hiera('kernel_modules'), {})
-create_resources(sysctl::value, hiera('sysctl_settings'), {})
-Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
+if hiera('step') >= 1 {
+ create_resources(kmod::load, hiera('kernel_modules'), {})
+ create_resources(sysctl::value, hiera('sysctl_settings'), {})
+ Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
-if count(hiera('ntp::servers')) > 0 {
- include ::ntp
-}
-
-include ::timezone
+ include ::timezone
-include ::swift
-class { '::swift::storage::all':
- mount_check => str2bool(hiera('swift_mount_check')),
-}
-if(!defined(File['/srv/node'])) {
- file { '/srv/node':
- ensure => directory,
- owner => 'swift',
- group => 'swift',
- require => Package['openstack-swift'],
+ if count(hiera('ntp::servers')) > 0 {
+ include ::ntp
}
}
-$swift_components = ['account', 'container', 'object']
-swift::storage::filter::recon { $swift_components : }
-swift::storage::filter::healthcheck { $swift_components : }
+if hiera('step') >= 4 {
+ class { '::swift::storage::all':
+ mount_check => str2bool(hiera('swift_mount_check')),
+ }
+ if(!defined(File['/srv/node'])) {
+ file { '/srv/node':
+ ensure => directory,
+ owner => 'swift',
+ group => 'swift',
+ require => Package['openstack-swift'],
+ }
+ }
+
+ $swift_components = ['account', 'container', 'object']
+ swift::storage::filter::recon { $swift_components : }
+ swift::storage::filter::healthcheck { $swift_components : }
-$snmpd_user = hiera('snmpd_readonly_user_name')
-snmp::snmpv3_user { $snmpd_user:
- authtype => 'MD5',
- authpass => hiera('snmpd_readonly_user_password'),
-}
-class { '::snmp':
- agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
+ $snmpd_user = hiera('snmpd_readonly_user_name')
+ snmp::snmpv3_user { $snmpd_user:
+ authtype => 'MD5',
+ authpass => hiera('snmpd_readonly_user_password'),
+ }
+ class { '::snmp':
+ agentaddress => ['udp:161','udp6:[::1]:161'],
+ snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
+ }
+
+ hiera_include('object_classes')
}
-hiera_include('object_classes')
package_manifest{'/var/lib/tripleo/installed-packages/overcloud_object': ensure => present}
diff --git a/puppet/manifests/ringbuilder.pp b/puppet/manifests/ringbuilder.pp
index a623da29..2411ff84 100644
--- a/puppet/manifests/ringbuilder.pp
+++ b/puppet/manifests/ringbuilder.pp
@@ -89,6 +89,11 @@ class tripleo::ringbuilder (
}
}
+if hiera('step') >= 2 {
+ # pre-install swift here so we can build rings
+ include ::swift
+}
+
if hiera('step') >= 3 {
include ::tripleo::ringbuilder
}
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
new file mode 100644
index 00000000..a86aeaf5
--- /dev/null
+++ b/puppet/services/swift-proxy.yaml
@@ -0,0 +1,49 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Swift Proxy service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ SwiftPassword:
+ description: The password for the swift service account, used by the swift proxy services.
+ type: string
+ hidden: true
+ SwiftWorkers:
+ default: 0
+ description: Number of workers for Swift service.
+ type: number
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+
+
+outputs:
+ role_data:
+ description: Role data for the Swift proxy service.
+ value:
+ config_settings:
+ # Swift
+ swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
+ swift::proxy::workers: {get_param: SwiftWorkers}
+ swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
+ swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
+ swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
+ swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
+ swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
+ swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
+ swift::keystone::auth::password: {get_param: SwiftPassword}
+ swift::keystone::auth::region: {get_param: KeystoneRegion}
+ step_config: |
+ include ::tripleo::profile::base::swift::proxy
diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml
index b262f947..2b652443 100644
--- a/puppet/swift-storage-post.yaml
+++ b/puppet/swift-storage-post.yaml
@@ -31,51 +31,55 @@ resources:
group: puppet
options:
enable_debug: {get_param: ConfigDebug}
+ enable_hiera: True
+ enable_facter: False
+ inputs:
+ - name: step
outputs:
- name: result
config:
- get_file: manifests/overcloud_object.pp
+ list_join:
+ - ''
+ - - get_file: manifests/overcloud_object.pp
+ - get_file: manifests/ringbuilder.pp
- StorageDeployment_Step1:
+ StorageRingbuilderDeployment_Step2:
type: OS::Heat::StructuredDeployments
depends_on: StorageArtifactsDeploy
properties:
- name: StorageDeployment_Step1
+ name: StorageRingbuilderDeployment_Step2
servers: {get_param: servers}
config: {get_resource: StoragePuppetConfig}
input_values:
+ step: 2
update_identifier: {get_param: NodeConfigIdentifiers}
- StorageRingbuilderPuppetConfig:
- type: OS::Heat::SoftwareConfig
+ StorageRingbuilderDeployment_Step3:
+ type: OS::Heat::StructuredDeployments
+ depends_on: StorageRingbuilderDeployment_Step2
properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- inputs:
- - name: step
- outputs:
- - name: result
- config:
- get_file: manifests/ringbuilder.pp
+ name: StorageRingbuilderDeployment_Step3
+ servers: {get_param: servers}
+ config: {get_resource: StoragePuppetConfig}
+ input_values:
+ step: 3
+ update_identifier: {get_param: NodeConfigIdentifiers}
- StorageRingbuilderDeployment_Step2:
+ StorageDeployment_Step4:
type: OS::Heat::StructuredDeployments
- depends_on: StorageDeployment_Step1
+ depends_on: StorageRingbuilderDeployment_Step3
properties:
- name: StorageRingbuilderDeployment_Step2
+ name: StorageDeployment_Step4
servers: {get_param: servers}
- config: {get_resource: StorageRingbuilderPuppetConfig}
+ config: {get_resource: StoragePuppetConfig}
input_values:
- step: 3 # Note ringbuilder.pp expects >=3
+ step: 4
update_identifier: {get_param: NodeConfigIdentifiers}
# Note, this should come last, so use depends_on to ensure
# this is created after any other resources.
ExtraConfig:
- depends_on: StorageRingbuilderDeployment_Step2
+ depends_on: StorageDeployment_Step4
type: OS::TripleO::NodeExtraConfigPost
properties:
servers: {get_param: servers}