diff options
Diffstat (limited to 'puppet')
42 files changed, 884 insertions, 759 deletions
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index 245710f2..6beb751f 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -33,6 +33,9 @@ parameters: CinderRbdPoolName: default: volumes type: string + CinderBackupRbdPoolName: + default: backups + type: string GlanceRbdPoolName: default: images type: string @@ -97,7 +100,7 @@ resources: secret: 'CLIENT_KEY', mode: '0644', cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' } }" params: @@ -106,6 +109,7 @@ resources: ADMIN_KEY: {get_param: ceph_admin_key} NOVA_POOL: {get_param: NovaRbdPoolName} CINDER_POOL: {get_param: CinderRbdPoolName} + CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} @@ -130,6 +134,7 @@ resources: tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} + - {get_param: CinderBackupRbdPoolName} - {get_param: NovaRbdPoolName} - {get_param: GlanceRbdPoolName} - {get_param: GnocchiRbdPoolName} diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index eedb35e4..7a71ea80 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -21,10 +21,6 @@ parameters: default: default constraints: - custom_constraint: nova.keypair - NtpServer: - default: '' - description: Comma-separated list of ntp servers - type: comma_delimited_list EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -232,7 +228,6 @@ resources: config: {get_resource: CephStorageConfig} server: {get_resource: CephStorage} input_values: - ntp_servers: {get_param: NtpServer} timezone: {get_param: TimeZone} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} @@ -274,7 +269,6 @@ resources: ceph: raw_data: {get_file: hieradata/ceph.yaml} mapped_data: - ntp::servers: {get_input: ntp_servers} timezone::timezone: {get_input: timezone} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml index f470203f..fa1516f1 100644 --- a/puppet/cinder-storage-post.yaml +++ b/puppet/cinder-storage-post.yaml @@ -11,6 +11,10 @@ parameters: NodeConfigIdentifiers: type: json description: Value which changes if the node configuration may need to be re-applied + StepConfig: + type: string + description: Config manifests that will be used to step through the deployment. + default: '' resources: @@ -32,22 +36,55 @@ resources: group: puppet options: enable_debug: {get_param: ConfigDebug} + enable_hiera: True + enable_facter: False + inputs: + - name: step outputs: - name: result config: - get_file: manifests/overcloud_volume.pp + list_join: + - '' + - - get_file: manifests/overcloud_volume.pp + - {get_param: StepConfig} - VolumeDeployment_Step1: + VolumeDeployment_Step2: type: OS::Heat::StructuredDeployments + depends_on: VolumeArtifactsDeploy properties: - name: VolumeDeployment_Step1 + name: VolumeDeployment_Step2 servers: {get_param: servers} config: {get_resource: VolumePuppetConfig} + input_values: + step: 2 + update_identifier: {get_param: NodeConfigIdentifiers} + + VolumeDeployment_Step3: + type: OS::Heat::StructuredDeployments + depends_on: VolumeDeployment_Step2 + properties: + name: VolumeDeployment_Step3 + servers: {get_param: servers} + config: {get_resource: VolumePuppetConfig} + input_values: + step: 3 + update_identifier: {get_param: NodeConfigIdentifiers} + + VolumeDeployment_Step4: + type: OS::Heat::StructuredDeployments + depends_on: VolumeDeployment_Step3 + properties: + name: VolumeDeployment_Step4 + servers: {get_param: servers} + config: {get_resource: VolumePuppetConfig} + input_values: + step: 4 + update_identifier: {get_param: NodeConfigIdentifiers} # Note, this should come last, so use depends_on to ensure # this is created after any other resources. ExtraConfig: - depends_on: VolumeDeployment_Step1 + depends_on: VolumeDeployment_Step4 type: OS::TripleO::NodeExtraConfigPost properties: servers: {get_param: servers} diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index d760de5e..7f45b830 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -4,29 +4,6 @@ parameters: Image: default: overcloud-cinder-volume type: string - CinderEnableIscsiBackend: - default: true - description: Whether to enable or not the Iscsi backend for Cinder - type: boolean - CinderISCSIHelper: - default: lioadm - description: The iSCSI helper to use with cinder. - type: string - CinderLVMLoopDeviceSize: - default: 10280 - description: The size of the loopback file used by the cinder LVM driver. - type: number - CinderPassword: - description: The password for the cinder service and db account, used by cinder-api. - type: string - hidden: true - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - VirtualIP: # deprecated. Use per service VIPs instead. - default: '' - type: string ExtraConfig: default: {} description: | @@ -50,22 +27,6 @@ parameters: default: default description: Name of an existing Nova key pair to enable SSH access to the instances type: string - RabbitPassword: - type: string - hidden: true - RabbitUserName: - default: 'guest' - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -100,18 +61,10 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json TimeZone: default: 'UTC' description: The timezone to be set on Cinder nodes. type: string - GlanceApiVirtualIP: - type: string - default: '' NetworkDeploymentActions: type: comma_delimited_list description: > @@ -143,7 +96,9 @@ parameters: NodeIndex: type: number default: 0 - + ServiceConfigSettings: + type: json + default: {} resources: BlockStorage: @@ -277,35 +232,13 @@ resources: server: {get_resource: BlockStorage} config: {get_resource: BlockStorageConfig} input_values: - debug: {get_param: Debug} - cinder_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://cinder:' - - {get_param: CinderPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/cinder' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - cinder_lvm_loop_device_size: - str_replace: - template: sizeM - params: - size: {get_param: CinderLVMLoopDeviceSize} - cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} - cinder_iscsi_helper: {get_param: CinderISCSIHelper} cinder_iscsi_ip_address: str_replace: template: "'IP'" params: IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} - glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_client_port: {get_param: RabbitClientPort} ntp_servers: {get_param: NtpServer} timezone: {get_param: TimeZone} enable_package_install: {get_param: EnablePackageInstall} @@ -323,6 +256,7 @@ resources: - heat_config_%{::deploy_config_name} - volume_extraconfig - extraconfig + - service_configs - volume - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' @@ -330,6 +264,8 @@ resources: - network merge_behavior: deeper datafiles: + service_configs: + mapped_data: {get_param: ServiceConfigSettings} common: raw_data: {get_file: hieradata/common.yaml} network: @@ -345,17 +281,7 @@ resources: raw_data: {get_file: hieradata/volume.yaml} mapped_data: # Cinder - cinder::debug: {get_input: debug} - cinder::setup_test_volume::size: {get_input: cinder_lvm_loop_device_size} - cinder_iscsi_helper: {get_input: cinder_iscsi_helper} - cinder::database_connection: {get_input: cinder_dsn} - cinder::rabbit_userid: {get_input: rabbit_username} - cinder::rabbit_password: {get_input: rabbit_password} - cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - cinder::rabbit_port: {get_input: rabbit_client_port} - cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend} - cinder_iscsi_ip_address: {get_input: cinder_iscsi_ip_address} - cinder::glance::glance_api_servers: {get_input: glance_api_servers} + tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_ip_address: {get_input: cinder_iscsi_ip_address} ntp::servers: {get_input: ntp_servers} timezone::timezone: {get_input: timezone} tripleo::packages::enable_install: {get_input: enable_package_install} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index d3b17784..1bc0e0f0 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -233,10 +233,6 @@ parameters: default: 'neutron' description: The full class name of the security API class type: string - NtpServer: - default: '' - description: Comma-separated list of ntp servers - type: comma_delimited_list RabbitHost: type: string default: '' # Has to be here because of the ignored empty value bug @@ -258,14 +254,6 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level @@ -545,8 +533,6 @@ resources: ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url} ceilometer_compute_agent: {get_input: ceilometer_compute_agent} - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} nova::glance_api_servers: {get_input: glance_api_servers} neutron::debug: {get_input: debug} neutron::rabbit_password: {get_input: rabbit_password} @@ -579,7 +565,6 @@ resources: neutron::plugins::ml2::mechanism_drivers: {get_input: neutron_mechanism_drivers} keystone_public_api_virtual_ip: {get_input: keystone_vip} admin_password: {get_input: admin_password} - ntp::servers: {get_input: ntp_servers} timezone::timezone: {get_input: timezone} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -621,8 +606,6 @@ resources: ceilometer_password: {get_param: CeilometerPassword} ceilometer_compute_agent: {get_param: CeilometerComputeAgent} ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} neutron_flat_networks: str_replace: @@ -697,7 +680,6 @@ resources: rabbit_password: {get_param: RabbitPassword} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: {get_param: NtpServer} timezone: {get_param: TimeZone} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 6e8df933..865b5c76 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -8,18 +8,12 @@ parameters: description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true - AodhApiVirtualIP: - type: string - default: '' AodhPassword: description: The password for the aodh services. type: string hidden: true #TODO(composable Redis): Remove the Redis password param #As is used by ceilometer - CeilometerApiVirtualIP: - type: string - default: '' CeilometerBackend: default: 'mongodb' description: The ceilometer backend type. @@ -42,9 +36,6 @@ parameters: type: string constraints: - allowed_values: ['gnocchi', 'database'] - CinderApiVirtualIP: - type: string - default: '' CeilometerWorkers: default: 0 description: Number of workers for Ceilometer service. @@ -96,10 +87,6 @@ parameters: default: false description: Whether to deploy Ceph Storage (OSD) on the Controller type: boolean - EnableSwiftStorage: - default: true - description: Whether to enable Swift Storage on the Controller - type: boolean ExtraConfig: default: {} description: | @@ -154,9 +141,6 @@ parameters: default: 'mysql' description: The short name of the Gnocchi indexer backend to use. type: string - GnocchiApiVirtualIP: - type: string - default: '' GnocchiPassword: description: The password for the gnocchi service and db account. type: string @@ -219,9 +203,6 @@ parameters: default: false description: Whether IPtables rules should be purged before setting up the new ones. type: boolean - SaharaApiVirtualIP: - type: string - default: '' MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -268,9 +249,6 @@ parameters: will determine the MTU that is assigned to the VM host through DHCP. default: 1400 type: number - NovaApiVirtualIP: - type: string - default: '' NovaEnableDBPurge: default: true description: | @@ -284,14 +262,6 @@ parameters: description: The password for the nova service and db account, used by nova-api. type: string hidden: true - NovaWorkers: - default: 0 - description: Number of workers for Nova service. - type: number - NtpServer: - default: '' - description: Comma-separated list of ntp servers - type: comma_delimited_list PcsdPassword: type: string description: The password for the 'pcsd' user. @@ -302,9 +272,6 @@ parameters: Specifies the interface where the public-facing virtual ip will be assigned. This should be int_public when a VLAN is being used. type: string - PublicVirtualIP: - type: string - default: '' # Has to be here because of the ignored empty value bug RabbitCookie: type: string default: '' # Has to be here because of the ignored empty value bug @@ -338,23 +305,11 @@ parameters: type: string default: '' # Has to be here because of the ignored empty value bug description: An IP address which is wrapped in brackets in case of IPv6 - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true SwiftHashSuffix: description: A random string to be used as a salt when hashing to determine mappings in the ring. hidden: true type: string - SwiftMountCheck: - default: 'false' - description: Value of mount_check in Swift account/container/object -server.conf - type: boolean SwiftMinPartHours: type: number default: 1 @@ -367,9 +322,6 @@ parameters: default: true description: Whether to manage Swift rings or not type: boolean - SwiftProxyVirtualIP: - type: string - default: '' SwiftReplicas: type: number default: 3 @@ -382,21 +334,9 @@ parameters: type: string description: Nova Compute upgrade level default: '' - VirtualIP: # DEPRECATED: use per service settings instead - type: string - default: '' # Has to be here because of the ignored empty value bug - HeatApiVirtualIP: - type: string - default: '' - HeatApiVirtualIPUri: - type: string - default: '' MysqlVirtualIP: type: string default: '' - NeutronApiVirtualIP: - type: string - default: '' EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -619,7 +559,6 @@ resources: input_values: bootstack_nodeid: {get_attr: [Controller, name]} ceilometer_workers: {get_param: CeilometerWorkers} - nova_workers: {get_param: NovaWorkers} haproxy_log_address: {get_param: HAProxySyslogAddress} haproxy_stats_password: {get_param: HAProxyStatsPassword} haproxy_stats_user: {get_param: HAProxyStatsUser} @@ -641,7 +580,6 @@ resources: enable_galera: {get_param: EnableGalera} enable_load_balancer: {get_param: EnableLoadBalancer} enable_ceph_storage: {get_param: EnableCephStorage} - enable_swift_storage: {get_param: EnableSwiftStorage} manage_firewall: {get_param: ManageFirewall} purge_firewall_rules: {get_param: PurgeFirewallRules} mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} @@ -699,14 +637,22 @@ resources: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' + aodh_dsn: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://aodh:' + - {get_param: AodhPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/aodh' gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} nova_enable_db_purge: {get_param: NovaEnableDBPurge} nova_ipv6: {get_param: NovaIPv6} corosync_ipv6: {get_param: CorosyncIPv6} @@ -742,7 +688,6 @@ resources: rabbit_cookie: {get_param: RabbitCookie} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: {get_param: NtpServer} timezone: {get_param: TimeZone} control_virtual_interface: {get_param: ControlVirtualInterface} public_virtual_interface: {get_param: PublicVirtualInterface} @@ -751,7 +696,6 @@ resources: swift_ring_build: {get_param: SwiftRingBuild} swift_replicas: {get_param: SwiftReplicas} swift_min_part_hours: {get_param: SwiftMinPartHours} - swift_mount_check: {get_param: SwiftMountCheck} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} @@ -826,10 +770,7 @@ resources: - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre - - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre - midonet_data #Optionally provided by AllNodesExtraConfig - - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre - - neutron_plumgrid_data # Optionally provided by ControllerExtraConfigPre merge_behavior: deeper datafiles: service_configs: @@ -879,7 +820,6 @@ resources: tripleo::ringbuilder::part_power: {get_input: swift_part_power} tripleo::ringbuilder::replicas: {get_input: swift_replicas} tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} - swift_mount_check: {get_input: swift_mount_check} # Cinder tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network} @@ -917,7 +857,6 @@ resources: admin_password: {get_input: admin_password} enable_galera: {get_input: enable_galera} enable_ceph_storage: {get_input: enable_ceph_storage} - enable_swift_storage: {get_input: enable_swift_storage} mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} mysql_max_connections: {get_input: mysql_max_connections} mysql::server::root_password: {get_input: mysql_root_password} @@ -951,7 +890,7 @@ resources: ceilometer::api::auth_uri: {get_input: keystone_auth_uri} ceilometer::api::identity_uri: {get_input: keystone_identity_uri} ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} - ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri} + ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url} ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events} ceilometer::db::mysql::password: {get_input: ceilometer_password} @@ -969,6 +908,7 @@ resources: snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} # Aodh + aodh_mysql_conn_string: {get_input: aodh_dsn} aodh::rabbit_userid: {get_input: rabbit_username} aodh::rabbit_password: {get_input: rabbit_password} aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} @@ -981,6 +921,7 @@ resources: aodh::api::keystone_password: {get_input: aodh_password} aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri} aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri} + aodh::auth::auth_url: {get_input: keystone_auth_uri} aodh::auth::auth_password: {get_input: aodh_password} aodh::db::mysql::password: {get_input: aodh_password} # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination @@ -1020,8 +961,6 @@ resources: nova::api::api_bind_address: {get_input: nova_api_network} nova::api::metadata_listen: {get_input: nova_metadata_network} nova::api::admin_password: {get_input: nova_password} - nova::api::osapi_compute_workers: {get_input: nova_workers} - nova::api::metadata_workers: {get_input: nova_workers} nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu} nova::database_connection: {get_input: nova_dsn} nova::api_database_connection: {get_input: nova_api_dsn} @@ -1062,7 +1001,6 @@ resources: # Misc memcached_ipv6: {get_input: memcached_ipv6} memcached::listen_ip: {get_input: memcached_network} - ntp::servers: {get_input: ntp_servers} timezone::timezone: {get_input: timezone} control_virtual_interface: {get_input: control_virtual_interface} public_virtual_interface: {get_input: public_virtual_interface} diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml index 7d4dc15b..7c05a5b9 100644 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -35,6 +35,9 @@ parameters: CinderRbdPoolName: default: volumes type: string + CinderBackupRbdPoolName: + default: backups + type: string GlanceRbdPoolName: default: images type: string @@ -71,7 +74,7 @@ resources: secret: 'CLIENT_KEY', mode: '0644', cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' } }" params: @@ -79,6 +82,7 @@ resources: CLIENT_KEY: {get_param: ceph_client_key} NOVA_POOL: {get_param: NovaRbdPoolName} CINDER_POOL: {get_param: CinderRbdPoolName} + CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} @@ -104,6 +108,7 @@ resources: tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} + - {get_param: CinderBackupRbdPoolName} - {get_param: NovaRbdPoolName} - {get_param: GlanceRbdPoolName} - {get_param: GnocchiRbdPoolName} diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml deleted file mode 100644 index a4cfea07..00000000 --- a/puppet/extraconfig/pre_deploy/controller/neutron-nuage.yaml +++ /dev/null @@ -1,91 +0,0 @@ -heat_template_version: 2015-04-30 - -description: Configure hieradata for Nuage configuration on the Controller - -parameters: - server: - description: ID of the controller node to apply this config to - type: string - - # Config specific parameters, to be provided via parameter_defaults - NeutronNuageOSControllerIp: - description: IP address of the OpenStack Controller - type: string - - NeutronNuageNetPartitionName: - description: Specifies the title that you will see on the VSD - type: string - default: 'default_name' - - NeutronNuageVSDIp: - description: IP address and port of the Virtual Services Directory - type: string - - NeutronNuageVSDUsername: - description: Username to be used to log into VSD - type: string - - NeutronNuageVSDPassword: - description: Password to be used to log into VSD - type: string - - NeutronNuageVSDOrganization: - description: Organization parameter required to log into VSD - type: string - default: 'organization' - - NeutronNuageBaseURIVersion: - description: URI version to be used based on the VSD release - type: string - default: 'default_uri_version' - - NeutronNuageCMSId: - description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD - type: string - - UseForwardedFor: - description: Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy. - type: boolean - default: false - -resources: - NeutronNuageConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - neutron_nuage_data: - mapped_data: - neutron::plugins::nuage::nuage_oscontroller_ip: {get_input: NuageOSControllerIp} - neutron::plugins::nuage::nuage_net_partition_name: {get_input: NuageNetPartitionName} - neutron::plugins::nuage::nuage_vsd_ip: {get_input: NuageVSDIp} - neutron::plugins::nuage::nuage_vsd_username: {get_input: NuageVSDUsername} - neutron::plugins::nuage::nuage_vsd_password: {get_input: NuageVSDPassword} - neutron::plugins::nuage::nuage_vsd_organization: {get_input: NuageVSDOrganization} - neutron::plugins::nuage::nuage_base_uri_version: {get_input: NuageBaseURIVersion} - neutron::plugins::nuage::nuage_cms_id: {get_input: NuageCMSId} - nova::api::use_forwarded_for: {get_input: NovaUseForwardedFor} - - NeutronNuageDeployment: - type: OS::Heat::StructuredDeployment - properties: - name: NeutronNuageDeployment - config: {get_resource: NeutronNuageConfig} - server: {get_param: server} - input_values: - NuageOSControllerIp: {get_param: NeutronNuageOSControllerIp} - NuageNetPartitionName: {get_param: NeutronNuageNetPartitionName} - NuageVSDIp: {get_param: NeutronNuageVSDIp} - NuageVSDUsername: {get_param: NeutronNuageVSDUsername} - NuageVSDPassword: {get_param: NeutronNuageVSDPassword} - NuageVSDOrganization: {get_param: NeutronNuageVSDOrganization} - NuageBaseURIVersion: {get_param: NeutronNuageBaseURIVersion} - NuageCMSId: {get_param: NeutronNuageCMSId} - NovaUseForwardedFor: {get_param: UseForwardedFor} - -outputs: - deploy_stdout: - description: Deployment reference, used to trigger puppet apply on changes - value: {get_attr: [NeutronNuageDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml deleted file mode 100644 index 5c686fe7..00000000 --- a/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml +++ /dev/null @@ -1,62 +0,0 @@ -heat_template_version: 2015-04-30 - -description: Controller hieradata for Neutron OpenContrail configuration - -parameters: - server: - description: ID of the controller node to apply this config to - type: string - ContrailApiServerIp: - description: IP address of the OpenContrail API server - type: string - ContrailApiServerPort: - description: Port of the OpenContrail API - type: string - default: 8082 - ContrailMultiTenancy: - description: Whether to enable multi tenancy - type: boolean - default: false - ContrailExtensions: - description: List of OpenContrail extensions to be enabled - type: comma_delimited_list - default: '' - -resources: - ControllerContrailConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - neutron_opencontrail_data: - mapped_data: - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions - - neutron::plugins::opencontrail::api_server_ip: {get_input: contrail_api_server_ip} - neutron::plugins::opencontrail::api_server_port: {get_input: contrail_api_server_port} - neutron::plugins::opencontrail::multi_tenancy: {get_input: contrail_multi_tenancy} - neutron::plugins::opencontrail::contrail_extensions: {get_input: contrail_extensions} - neutron::plugins::opencontrail::keystone_auth_url: '"%{hiera(''keystone_auth_uri'')}"' - neutron::plugins::opencontrail::keystone_admin_user: admin - neutron::plugins::opencontrail::keystone_admin_tenant_name: admin - neutron::plugins::opencontrail::keystone_admin_password: '"%{hiera(''admin_password'')}"' - neutron::plugins::opencontrail::keystone_admin_token: '"%{hiera(''keystone::admin_token'')}"' - - ControllerContrailDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: ControllerContrailConfig} - server: {get_param: server} - input_values: - contrail_api_server_ip: {get_param: ContrailApiServerIp} - contrail_api_server_port: {get_param: ContrailApiServerPort} - contrail_multi_tenancy: {get_param: ContrailMultiTenancy} - contrail_extensions: {get_param: ContrailExtensions} - - -outputs: - deploy_stdout: - description: Output of the extra hiera data deployment - value: {get_attr: [ControllerContrailDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml deleted file mode 100755 index 7c0a7ad2..00000000 --- a/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml +++ /dev/null @@ -1,113 +0,0 @@ -heat_template_version: 2015-04-30 - -description: Controller hieradata for Neutron PLUMgrid configuration - -parameters: - server: - description: ID of the controller node to apply this config to - type: string - PLUMgridDirectorServer: - description: IP address of the PLUMgrid Director Server - type: string - default: 127.0.0.1 - PLUMgridDirectorServerPort: - description: Port of the PLUMgrid Director Server - type: string - default: 443 - PLUMgridUsername: - description: Username for PLUMgrid platform - type: string - PLUMgridPassword: - description: Password for PLUMgrid platform - type: string - hidden: true - PLUMgridServerTimeOut: - description: Request timeout duration (seconds) to PLUMgrid platform - type: string - default: 99 - PLUMgridNovaMetadataIP: - description: IP address of Nova Metadata - type: string - default: 169.254.169.254 - PLUMgridNovaMetadataPort: - description: Port of Nova Metadata - type: string - default: 8775 - PLUMgridL2GatewayVendor: - description: Vendor for L2 Gateway Switch - type: string - default: vendor - PLUMgridL2GatewayUsername: - description: Username for L2 Gateway Switch - type: string - default: username - PLUMgridL2GatewayPassword: - description: Password for L2 Gateway Switch - type: string - hidden: true - PLUMgridIdentityVersion: - description: Keystone Identity version - type: string - default: v2.0 - PLUMgridConnectorType: - description: Neutron Network Connector Type - type: string - default: distributed - PLUMgridNeutronPluginVersion: - description: PLUMgrid Neutron Plugin version - type: string - default: present - PLUMgridPlumlibVersion: - description: PLUMgrid Plumlib version - type: string - default: present - - -resources: - ControllerPLUMgridConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - neutron_plumgrid_data: - mapped_data: - neutron::plugins::plumgrid::director_server: {get_input: plumgrid_director_server} - neutron::plugins::plumgrid::director_server_port: {get_input: plumgrid_director_server_port} - neutron::plugins::plumgrid::username: {get_input: plumgrid_username} - neutron::plugins::plumgrid::password: {get_input: plumgrid_password} - neutron::plugins::plumgrid::nova_metadata_ip: {get_input: plumgrid_nova_metadata_ip} - neutron::plugins::plumgrid::nova_metadata_port: {get_input: plumgrid_nova_metadata_port} - neutron::plugins::plumgrid::l2gateway_vendor: {get_input: plumgrid_l2gateway_vendor} - neutron::plugins::plumgrid::l2gateway_sw_username: {get_input: plumgrid_l2gateway_sw_username} - neutron::plugins::plumgrid::l2gateway_sw_password: {get_input: plumgrid_l2gateway_sw_password} - neutron::plugins::plumgrid::connector_type: {get_input: plumgrid_connector_type} - neutron::plugins::plumgrid::identity_version: {get_input: plumgrid_identity_version} - neutron::plugins::plumgrid::package_ensure: {get_input: plumgrid_neutron_plugin_version} - neutron::plugins::plumgrid::plumlib_package_ensure: {get_input: plumgrid_plumlib_version} - - ControllerPLUMgridDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: ControllerPLUMgridConfig} - server: {get_param: server} - input_values: - plumgrid_director_server: {get_param: PLUMgridDirectorServer} - plumgrid_director_server_port: {get_param: PLUMgridDirectorServerPort} - plumgrid_username: {get_param: PLUMgridUsername} - plumgrid_password: {get_param: PLUMgridPassword} - plumgrid_nova_metadata_ip: {get_param: PLUMgridNovaMetadataIP} - plumgrid_nova_metadata_port: {get_param: PLUMgridNovaMetadataPort} - plumgrid_l2gateway_vendor: {get_param: PLUMgridL2GatewayVendor} - plumgrid_l2gateway_sw_username: {get_param: PLUMgridL2GatewayUsername} - plumgrid_l2gateway_sw_password: {get_param: PLUMgridL2GatewayPassword} - plumgrid_identity_version: {get_param: PLUMgridIdentityVersion} - plumgrid_connector_type: {get_param: PLUMgridConnectorType} - plumgrid_neutron_plugin_version: {get_param: PLUMgridNeutronPluginVersion} - plumgrid_plumlib_version: {get_param: PLUMgridPlumlibVersion} - -outputs: - deploy_stdout: - description: Deployment reference, used to trigger puppet apply on changes - value: {get_attr: [ControllerPLUMgridDeployment, deploy_stdout]} diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 5a46fc2b..2d928cbf 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -3,10 +3,8 @@ nova::host: "%{::fqdn}" nova::notify_on_state_change: 'vm_and_task_state' nova::notification_driver: messagingv2 -nova::compute::enabled: true nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' -nova::compute::vnc_enabled: true nova::compute::libvirt::migration_support: true diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 3ad0748e..7db2b5de 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -1,9 +1,7 @@ # Hiera data here applies to all controller nodes nova::api::enabled: true -nova::consoleauth::enabled: true nova::vncproxy::enabled: true -nova::scheduler::enabled: true # gnocchi gnocchi::db::sync::extra_opts: '--skip-storage' @@ -115,7 +113,6 @@ nova::notify_on_state_change: 'vm_and_task_state' nova::api::default_floating_pool: 'public' nova::api::sync_db_api: true nova::api::enable_proxy_headers_parsing: true -nova::scheduler::filter::ram_allocation_ratio: '1.0' nova::cron::archive_deleted_rows::hour: '*/12' nova::cron::archive_deleted_rows::destination: '/dev/null' nova::notification_driver: messaging @@ -189,13 +186,13 @@ controller_classes: [] # firewall tripleo::firewall::firewall_rules: '101 mongodb_config': - port: 27019 + dport: 27019 '102 mongodb_sharding': - port: 27018 + dport: 27018 '103 mongod': - port: 27017 + dport: 27017 '104 mysql galera': - port: + dport: - 873 - 3306 - 4444 @@ -203,37 +200,37 @@ tripleo::firewall::firewall_rules: - 4568 - 9200 '105 ntp': - port: 123 + dport: 123 proto: udp '106 vrrp': proto: vrrp '107 haproxy stats': - port: 1993 + dport: 1993 '108 redis': - port: + dport: - 6379 - 26379 '109 rabbitmq': - port: + dport: - 5672 - 35672 '110 ceph': - port: + dport: - 6789 - '6800-6810' '111 keystone': - port: + dport: - 5000 - 13000 - 35357 - 13357 '112 glance': - port: + dport: - 9292 - 9191 - 13292 '113 nova': - port: + dport: - 6080 - 13080 - 8773 @@ -242,43 +239,43 @@ tripleo::firewall::firewall_rules: - 13774 - 8775 '114 neutron server': - port: + dport: - 9696 - 13696 '115 neutron dhcp input': proto: 'udp' - port: 67 + dport: 67 '116 neutron dhcp output': proto: 'udp' chain: 'OUTPUT' - port: 68 + dport: 68 '118 neutron vxlan networks': proto: 'udp' - port: 4789 + dport: 4789 '119 cinder': - port: + dport: - 8776 - 13776 '120 iscsi initiator': - port: 3260 + dport: 3260 '121 memcached': - port: 11211 + dport: 11211 '122 swift proxy': - port: + dport: - 8080 - 13808 '123 swift storage': - port: + dport: - 873 - 6000 - 6001 - 6002 '124 ceilometer': - port: + dport: - 8777 - 13777 '125 heat': - port: + dport: - 8000 - 13800 - 8003 @@ -286,17 +283,30 @@ tripleo::firewall::firewall_rules: - 8004 - 13004 '126 horizon': - port: + dport: - 80 - 443 '127 snmp': - port: 161 + dport: 161 proto: 'udp' '128 aodh': - port: + dport: - 8042 - 13042 '129 gnocchi-api': - port: + dport: - 8041 - 13041 + '130 pacemaker tcp': + proto: 'tcp' + dport: + - 2224 + - 3121 + - 21064 + '131 pacemaker udp': + proto: 'udp' + dport: 5405 + '132 sahara': + dport: + - 8386 + - 13386 diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml index 19f1bff7..9cbff586 100644 --- a/puppet/hieradata/database.yaml +++ b/puppet/hieradata/database.yaml @@ -77,6 +77,15 @@ gnocchi::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" +# Aodh +aodh::db::mysql::user: aodh +aodh::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +aodh::db::mysql::dbname: aodh +aodh::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + + sahara::db::mysql::user: sahara sahara::db::mysql::host: "%{hiera('mysql_virtual_ip')}" sahara::db::mysql::dbname: sahara diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index 4add2f02..31d14e7d 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -23,10 +23,7 @@ if hiera('step') >= 1 { Exec <| tag == 'kmod::load' |> -> Sysctl <| |> include ::timezone - - if count(hiera('ntp::servers')) > 0 { - include ::ntp - } + } if hiera('step') >= 3 { @@ -57,5 +54,7 @@ if hiera('step') >= 3 { include ::ceph::profile::osd hiera_include('ceph_classes') - package_manifest{'/var/lib/tripleo/installed-packages/overcloud_ceph': ensure => present} } + +$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_ceph', hiera('step')]) +package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 6a6f54e0..bb9af468 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -20,10 +20,6 @@ create_resources(kmod::load, hiera('kernel_modules'), { }) create_resources(sysctl::value, hiera('sysctl_settings'), { }) Exec <| tag == 'kmod::load' |> -> Sysctl <| |> -if count(hiera('ntp::servers')) > 0 { - include ::ntp -} - include ::timezone if hiera('step') >= 4 { @@ -51,10 +47,6 @@ if hiera('step') >= 4 { ensure => present, } - include ::nova - include ::nova::config - include ::nova::compute - $rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) $rbd_persistent_storage = hiera('rbd_persistent_storage', false) if $rbd_ephemeral_storage or $rbd_persistent_storage { @@ -202,17 +194,8 @@ if hiera('step') >= 4 { include ::ceilometer::agent::compute include ::ceilometer::agent::auth - $snmpd_user = hiera('snmpd_readonly_user_name') - snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), - } - class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], - } - hiera_include('compute_classes') - package_manifest{ '/var/lib/tripleo/installed-packages/overcloud_compute': ensure => present } - } + +$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_compute', hiera('step')]) +package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index c6a80661..b79eca4a 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -28,10 +28,6 @@ if hiera('step') >= 1 { if hiera('step') >= 2 { - if count(hiera('ntp::servers')) > 0 { - include ::ntp - } - include ::timezone # MongoDB @@ -77,15 +73,13 @@ if hiera('step') >= 2 { # FIXME: this should only occur on the bootstrap host (ditto for db syncs) # Create all the database schemas - include ::nova::db::mysql - include ::nova::db::mysql_api if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { include ::gnocchi::db::mysql } if downcase(hiera('ceilometer_backend')) == 'mysql' { include ::ceilometer::db::mysql - include ::aodh::db::mysql } + include ::aodh::db::mysql $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) @@ -151,12 +145,6 @@ if hiera('step') >= 4 { memcached_servers => $memcached_servers } include ::nova::config - include ::nova::api - include ::nova::consoleauth - include ::nova::network::neutron - include ::nova::vncproxy - include ::nova::scheduler - include ::nova::scheduler::filter if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { @@ -207,36 +195,15 @@ if hiera('step') >= 4 { } - # If the value of core plugin is set to 'nuage' or'opencontrail' or 'plumgrid', - # include nuage or opencontrail or plumgrid core plugins - # else use the default value of 'ml2' - if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { - include ::neutron::plugins::nuage - } elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { - include ::neutron::plugins::opencontrail - } - elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { - class { '::neutron::plugins::plumgrid' : - connection => hiera('neutron::server::database_connection'), - controller_priv_host => hiera('keystone_admin_api_vip'), - admin_password => hiera('admin_password'), - metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'), - } - } else { - - # If the value of core plugin is set to 'midonet', - # skip all the ML2 configuration - if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { + # If the value of core plugin is set to 'midonet', + # skip all the ML2 configuration + if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { - class {'::neutron::plugins::midonet': - midonet_api_ip => hiera('public_virtual_ip'), - keystone_tenant => hiera('neutron::server::auth_tenant'), - keystone_password => hiera('neutron::server::password') - } + class {'::neutron::plugins::midonet': + midonet_api_ip => hiera('public_virtual_ip'), + keystone_tenant => hiera('neutron::server::auth_tenant'), + keystone_password => hiera('neutron::server::password') } - - Service['neutron-server'] -> Service['neutron-metadata'] - } if $enable_ceph { @@ -248,24 +215,6 @@ if hiera('step') >= 4 { } } - # swift storage - if str2bool(hiera('enable_swift_storage', true)) { - class { '::swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')), - } - if(!defined(File['/srv/node'])) { - file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['openstack-swift'], - } - } - $swift_components = ['account', 'container', 'object'] - swift::storage::filter::recon { $swift_components : } - swift::storage::filter::healthcheck { $swift_components : } - } - # Ceilometer $ceilometer_backend = downcase(hiera('ceilometer_backend')) case $ceilometer_backend { @@ -293,11 +242,9 @@ if hiera('step') >= 4 { # Aodh class { '::aodh' : - database_connection => $ceilometer_database_connection, + database_connection => hiera('aodh_mysql_conn_string'), } include ::aodh::db::sync - # To manage the upgrade: - Exec['ceilometer-dbsync'] -> Exec['aodh-db-sync'] include ::aodh::auth include ::aodh::api include ::aodh::wsgi::apache @@ -347,16 +294,6 @@ if hiera('step') >= 4 { default: { fail('Unrecognized gnocchi_backend parameter.') } } - $snmpd_user = hiera('snmpd_readonly_user_name') - snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), - } - class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], - } - hiera_include('controller_classes') } #END STEP 4 diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index d042bda9..e095c966 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -59,10 +59,6 @@ if hiera('step') >= 1 { include ::timezone - if count(hiera('ntp::servers')) > 0 { - include ::ntp - } - $pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G')) $corosync_ipv6 = str2bool(hiera('corosync_ipv6', false)) if $corosync_ipv6 { @@ -251,13 +247,6 @@ if hiera('step') >= 2 { # Create all the database schemas if $sync_db { - class { '::nova::db::mysql': - require => Exec['galera-ready'], - } - class { '::nova::db::mysql_api': - require => Exec['galera-ready'], - } - if downcase(hiera('ceilometer_backend')) == 'mysql' { class { '::ceilometer::db::mysql': require => Exec['galera-ready'], @@ -269,6 +258,10 @@ if hiera('step') >= 2 { require => Exec['galera-ready'], } } + + class { '::aodh::db::mysql': + require => Exec['galera-ready'], + } } # Ceph @@ -350,27 +343,6 @@ MYSQL_HOST=localhost\n", include ::nova::config - class { '::nova::api' : - sync_db => $sync_db, - sync_db_api => $sync_db, - manage_service => false, - enabled => false, - } - class { '::nova::consoleauth' : - manage_service => false, - enabled => false, - } - class { '::nova::vncproxy' : - manage_service => false, - enabled => false, - } - include ::nova::scheduler::filter - class { '::nova::scheduler' : - manage_service => false, - enabled => false, - } - include ::nova::network::neutron - if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { # TODO(devvesa) provide non-controller ips for these services @@ -420,12 +392,6 @@ MYSQL_HOST=localhost\n", } - if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { - include ::neutron::plugins::nuage - } - if hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { - include ::neutron::plugins::opencontrail - } if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { class {'::neutron::plugins::midonet': midonet_api_ip => hiera('public_virtual_ip'), @@ -433,14 +399,6 @@ MYSQL_HOST=localhost\n", keystone_password => hiera('neutron::server::password') } } - if hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { - class { '::neutron::plugins::plumgrid' : - connection => hiera('neutron::server::database_connection'), - controller_priv_host => hiera('keystone_admin_api_vip'), - admin_password => hiera('admin_password'), - metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'), - } - } if $enable_ceph { $ceph_pools = hiera('ceph_pools') @@ -451,36 +409,6 @@ MYSQL_HOST=localhost\n", } } - # swift storage - if str2bool(hiera('enable_swift_storage', true)) { - class {'::swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')), - } - class {'::swift::storage::account': - manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, - } - class {'::swift::storage::container': - manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, - } - class {'::swift::storage::object': - manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, - } - if(!defined(File['/srv/node'])) { - file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['openstack-swift'], - } - } - $swift_components = ['account', 'container', 'object'] - swift::storage::filter::recon { $swift_components : } - swift::storage::filter::healthcheck { $swift_components : } - } - # Ceilometer case downcase(hiera('ceilometer_backend')) { /mysql/: { @@ -548,7 +476,7 @@ MYSQL_HOST=localhost\n", # Aodh class { '::aodh' : - database_connection => $ceilometer_database_connection, + database_connection => hiera('aodh_mysql_conn_string'), } include ::aodh::config include ::aodh::auth @@ -606,16 +534,6 @@ MYSQL_HOST=localhost\n", enabled => false, } - $snmpd_user = hiera('snmpd_readonly_user_name') - snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), - } - class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], - } - hiera_include('controller_classes') } #END STEP 4 @@ -715,20 +633,6 @@ password=\"${mysql_root_password}\"", } # Nova - pacemaker::resource::service { $::nova::params::api_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::nova::params::consoleauth_service_name : - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - pacemaker::resource::service { $::nova::params::vncproxy_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::nova::params::scheduler_service_name : - clone_params => 'interleave=true', - } - pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint': constraint_type => 'order', first_resource => 'openstack-core-clone', @@ -738,6 +642,13 @@ password=\"${mysql_root_password}\"", require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], Pacemaker::Resource::Ocf['openstack-core']], } + pacemaker::constraint::colocation { 'nova-consoleauth-with-openstack-core': + source => "${::nova::params::consoleauth_service_name}-clone", + target => 'openstack-core-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], + Pacemaker::Resource::Ocf['openstack-core']], + } pacemaker::constraint::base { 'nova-consoleauth-then-nova-vncproxy-constraint': constraint_type => 'order', first_resource => "${::nova::params::consoleauth_service_name}-clone", diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index 3585c993..c6b3108b 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -23,39 +23,11 @@ if hiera('step') >= 1 { include ::timezone - if count(hiera('ntp::servers')) > 0 { - include ::ntp - } } if hiera('step') >= 4 { - class { '::swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')), - } - if(!defined(File['/srv/node'])) { - file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['openstack-swift'], - } - } - - $swift_components = ['account', 'container', 'object'] - swift::storage::filter::recon { $swift_components : } - swift::storage::filter::healthcheck { $swift_components : } - - $snmpd_user = hiera('snmpd_readonly_user_name') - snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), - } - class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], - } - hiera_include('object_classes') } -package_manifest{'/var/lib/tripleo/installed-packages/overcloud_object': ensure => present} +$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_object', hiera('step')]) +package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp index 134dc43b..9a8fb6f8 100644 --- a/puppet/manifests/overcloud_volume.pp +++ b/puppet/manifests/overcloud_volume.pp @@ -16,46 +16,55 @@ include ::tripleo::packages include ::tripleo::firewall -create_resources(kmod::load, hiera('kernel_modules'), {}) -create_resources(sysctl::value, hiera('sysctl_settings'), {}) -Exec <| tag == 'kmod::load' |> -> Sysctl <| |> +if hiera('step') >= 1 { + + create_resources(kmod::load, hiera('kernel_modules'), {}) + create_resources(sysctl::value, hiera('sysctl_settings'), {}) + Exec <| tag == 'kmod::load' |> -> Sysctl <| |> + + include ::timezone + + if count(hiera('ntp::servers')) > 0 { + include ::ntp + } -if count(hiera('ntp::servers')) > 0 { - include ::ntp } -include ::timezone +if hiera('step') >= 4 { -include ::cinder -include ::cinder::config -include ::cinder::glance -include ::cinder::volume -include ::cinder::setup_test_volume + include ::cinder + include ::cinder::config + include ::cinder::glance + include ::cinder::volume + include ::cinder::setup_test_volume -$cinder_enable_iscsi = hiera('cinder_enable_iscsi_backend', true) -if $cinder_enable_iscsi { - $cinder_iscsi_backend = 'tripleo_iscsi' + $cinder_enable_iscsi = hiera('cinder_enable_iscsi_backend', true) + if $cinder_enable_iscsi { + $cinder_iscsi_backend = 'tripleo_iscsi' - cinder::backend::iscsi { $cinder_iscsi_backend : - iscsi_ip_address => hiera('cinder_iscsi_ip_address'), - iscsi_helper => hiera('cinder_iscsi_helper'), + cinder::backend::iscsi { $cinder_iscsi_backend : + iscsi_ip_address => hiera('cinder_iscsi_ip_address'), + iscsi_helper => hiera('cinder_iscsi_helper'), + } } -} -$cinder_enabled_backends = any2array($cinder_iscsi_backend) -class { '::cinder::backends' : - enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), -} + $cinder_enabled_backends = any2array($cinder_iscsi_backend) + class { '::cinder::backends' : + enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), + } -$snmpd_user = hiera('snmpd_readonly_user_name') -snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), -} -class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + $snmpd_user = hiera('snmpd_readonly_user_name') + snmp::snmpv3_user { $snmpd_user: + authtype => 'MD5', + authpass => hiera('snmpd_readonly_user_password'), + } + class { '::snmp': + agentaddress => ['udp:161','udp6:[::1]:161'], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + } + + hiera_include('volume_classes') } -hiera_include('volume_classes') -package_manifest{'/var/lib/tripleo/installed-packages/overcloud_volume': ensure => present} +$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_volume', hiera('step')]) +package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index 8617df27..88e27945 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -38,3 +38,9 @@ outputs: heat::rabbit_port: {get_param: RabbitClientPort} heat::debug: {get_param: Debug} heat::enable_proxy_headers_parsing: true + # We need this because the default heat policy.json no longer works on TripleO + # https://git.openstack.org/cgit/openstack/heat/commit/?id=ac86702172ddf01f5bdc3f3cd99d2e32ad9b7024 + heat::policy::policies: + context_is_admin: + key: 'context_is_admin' + value: 'role:admin' diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index 435a6de0..ff13d5d8 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -106,4 +106,4 @@ outputs: TYPES: {get_param: NeutronNetworkType} step_config: | - include ::tripleo::profile::base::neutron::ml2 + include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/neutron-plugin-nuage.yaml b/puppet/services/neutron-plugin-nuage.yaml new file mode 100644 index 00000000..3c3d8b63 --- /dev/null +++ b/puppet/services/neutron-plugin-nuage.yaml @@ -0,0 +1,75 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Nuage plugin + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + # Config specific parameters, to be provided via parameter_defaults + NeutronNuageOSControllerIp: + description: IP address of the OpenStack Controller + type: string + + NeutronNuageNetPartitionName: + description: Specifies the title that you will see on the VSD + type: string + default: 'default_name' + + NeutronNuageVSDIp: + description: IP address and port of the Virtual Services Directory + type: string + + NeutronNuageVSDUsername: + description: Username to be used to log into VSD + type: string + + NeutronNuageVSDPassword: + description: Password to be used to log into VSD + type: string + + NeutronNuageVSDOrganization: + description: Organization parameter required to log into VSD + type: string + default: 'organization' + + NeutronNuageBaseURIVersion: + description: URI version to be used based on the VSD release + type: string + default: 'default_uri_version' + + NeutronNuageCMSId: + description: Cloud Management System ID (CMS ID) to distinguish between OS instances on the same VSD + type: string + + UseForwardedFor: + description: Treat X-Forwarded-For as the canonical remote address. Only enable this if you have a sanitizing proxy. + type: boolean + default: false + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for the Neutron Nuage plugin + value: + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::plugins::nuage::nuage_oscontroller_ip: {get_param: NeutronNuageOSControllerIp} + neutron::plugins::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName} + neutron::plugins::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp} + neutron::plugins::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername} + neutron::plugins::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword} + neutron::plugins::nuage::nuage_vsd_organization: {get_param: NeutronNuageVSDOrganization} + neutron::plugins::nuage::nuage_base_uri_version: {get_param: NeutronNuageBaseURIVersion} + neutron::plugins::nuage::nuage_cms_id: {get_param: NeutronNuageCMSId} + nova::api::use_forwarded_for: {get_param: UseForwardedFor} + step_config: | + include tripleo::profile::base::neutron::plugins::nuage diff --git a/puppet/services/neutron-plugin-opencontrail.yaml b/puppet/services/neutron-plugin-opencontrail.yaml new file mode 100644 index 00000000..9c58c03c --- /dev/null +++ b/puppet/services/neutron-plugin-opencontrail.yaml @@ -0,0 +1,60 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Opencontrail plugin + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + AdminPassword: + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + AdminToken: + description: The keystone auth secret and db password. + type: string + hidden: true + ContrailApiServerIp: + description: IP address of the OpenContrail API server + type: string + ContrailApiServerPort: + description: Port of the OpenContrail API + type: string + default: 8082 + ContrailMultiTenancy: + description: Whether to enable multi tenancy + type: boolean + default: false + ContrailExtensions: + description: List of OpenContrail extensions to be enabled + type: comma_delimited_list + default: '' + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for the Neutron Opencontrail plugin + value: + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions + + neutron::plugins::opencontrail::api_server_ip: {get_param: ContrailApiServerIp} + neutron::plugins::opencontrail::api_server_port: {get_param: ContrailApiServerPort} + neutron::plugins::opencontrail::multi_tenancy: {get_param: ContrailMultiTenancy} + neutron::plugins::opencontrail::contrail_extensions: {get_param: ContrailExtensions} + neutron::plugins::opencontrail::keystone_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri] } + neutron::plugins::opencontrail::keystone_admin_user: admin + neutron::plugins::opencontrail::keystone_admin_tenant_name: admin + neutron::plugins::opencontrail::keystone_admin_password: {get_param: AdminPassword} + neutron::plugins::opencontrail::keystone_admin_token: {get_param: AdminToken} + step_config: | + include tripleo::profile::base::neutron::plugins::opencontrail diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml new file mode 100644 index 00000000..a0ac46ef --- /dev/null +++ b/puppet/services/neutron-plugin-plumgrid.yaml @@ -0,0 +1,111 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Plumgrid plugin + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + NeutronMetadataProxySharedSecret: + description: Shared secret to prevent spoofing + type: string + hidden: true + AdminPassword: + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + + # PLUMgrid specific settings + PLUMgridDirectorServer: + description: IP address of the PLUMgrid Director Server + type: string + default: 127.0.0.1 + PLUMgridDirectorServerPort: + description: Port of the PLUMgrid Director Server + type: string + default: 443 + PLUMgridUsername: + description: Username for PLUMgrid platform + type: string + PLUMgridPassword: + description: Password for PLUMgrid platform + type: string + hidden: true + PLUMgridNovaMetadataIP: + description: IP address of Nova Metadata + type: string + default: 169.254.169.254 + PLUMgridNovaMetadataPort: + description: Port of Nova Metadata + type: string + default: 8775 + PLUMgridL2GatewayVendor: + description: Vendor for L2 Gateway Switch + type: string + default: vendor + PLUMgridL2GatewayUsername: + description: Username for L2 Gateway Switch + type: string + default: username + PLUMgridL2GatewayPassword: + description: Password for L2 Gateway Switch + type: string + hidden: true + PLUMgridIdentityVersion: + description: Keystone Identity version + type: string + default: v2.0 + PLUMgridConnectorType: + description: Neutron Network Connector Type + type: string + default: distributed + PLUMgridNeutronPluginVersion: + description: PLUMgrid Neutron Plugin version + type: string + default: present + PLUMgridPlumlibVersion: + description: PLUMgrid Plumlib version + type: string + default: present + + +outputs: + role_data: + description: Role data for the Neutron Plumgrid plugin + value: + config_settings: + neutron::plugins::plumgrid::connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://neutron:' + - {get_param: NeutronPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/ovs_neutron?charset=utf8' + neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneAdmin, host]} + neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword} + neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + neutron::plugins::plumgrid::director_server: {get_param: PLUMgridDirectorServer} + neutron::plugins::plumgrid::director_server_port: {get_param: PLUMgridDirectorServerPort} + neutron::plugins::plumgrid::username: {get_param: PLUMgridUsername} + neutron::plugins::plumgrid::password: {get_param: PLUMgridPassword} + neutron::plugins::plumgrid::nova_metadata_ip: {get_param: PLUMgridNovaMetadataIP} + neutron::plugins::plumgrid::nova_metadata_port: {get_param: PLUMgridNovaMetadataPort} + neutron::plugins::plumgrid::l2gateway_vendor: {get_param: PLUMgridL2GatewayVendor} + neutron::plugins::plumgrid::l2gateway_sw_username: {get_param: PLUMgridL2GatewayUsername} + neutron::plugins::plumgrid::l2gateway_sw_password: {get_param: PLUMgridL2GatewayPassword} + neutron::plugins::plumgrid::connector_type: {get_param: PLUMgridConnectorType} + neutron::plugins::plumgrid::identity_version: {get_param: PLUMgridIdentityVersion} + neutron::plugins::plumgrid::package_ensure: {get_param: PLUMgridNeutronPluginVersion} + neutron::plugins::plumgrid::plumlib_package_ensure: {get_param: PLUMgridPlumlibVersion} + + step_config: | + include tripleo::profile::base::neutron::plugins::plumgrid diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml new file mode 100644 index 00000000..f31df371 --- /dev/null +++ b/puppet/services/nova-api.yaml @@ -0,0 +1,31 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaWorkers: + default: 0 + description: Number of workers for Nova API service. + type: number + +resources: + NovaBase: + type: ./nova-base.yaml + +outputs: + role_data: + description: Role data for the Nova API service. + value: + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - nova::api::osapi_compute_workers: {get_param: NovaWorkers} + - nova::api::metadata_workers: {get_param: NovaWorkers} + step_config: | + include tripleo::profile::base::nova::api diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml new file mode 100644 index 00000000..0844aa85 --- /dev/null +++ b/puppet/services/nova-compute.yaml @@ -0,0 +1,25 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Compute service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + NovaBase: + type: ./nova-base.yaml + +outputs: + role_data: + description: Role data for the Nova Conductor service. + value: + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::nova::compute diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml new file mode 100644 index 00000000..791c5449 --- /dev/null +++ b/puppet/services/nova-consoleauth.yaml @@ -0,0 +1,24 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Consoleauth service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + NovaBase: + type: ./nova-base.yaml + +outputs: + role_data: + description: Role data for the Nova Consoleauth service. + value: + config_settings: + get_attr: [NovaBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::nova::consoleauth diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml new file mode 100644 index 00000000..65ed6643 --- /dev/null +++ b/puppet/services/nova-scheduler.yaml @@ -0,0 +1,26 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Scheduler service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + NovaBase: + type: ./nova-base.yaml + +outputs: + role_data: + description: Role data for the Nova Scheduler service. + value: + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - nova::scheduler::filter::ram_allocation_ratio: '1.0' + step_config: | + include tripleo::profile::base::nova::scheduler diff --git a/puppet/services/nova-vncproxy.yaml b/puppet/services/nova-vncproxy.yaml new file mode 100644 index 00000000..93a25ab2 --- /dev/null +++ b/puppet/services/nova-vncproxy.yaml @@ -0,0 +1,24 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Vncproxy service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + NovaBase: + type: ./nova-base.yaml + +outputs: + role_data: + description: Role data for the Nova Vncproxy service. + value: + config_settings: + get_attr: [NovaBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::nova::vncproxy diff --git a/puppet/services/pacemaker/neutron-plugin-ml2.yaml b/puppet/services/pacemaker/neutron-plugin-ml2.yaml index ac9d2402..9091b5b9 100644 --- a/puppet/services/pacemaker/neutron-plugin-ml2.yaml +++ b/puppet/services/pacemaker/neutron-plugin-ml2.yaml @@ -25,4 +25,4 @@ outputs: - neutron::agents::ml2::ovs::enabled: false neutron::agents::ml2::ovs::manage_service: false step_config: | - include ::tripleo::profile::pacemaker::neutron::ml2 + include ::tripleo::profile::pacemaker::neutron::plugins::ml2 diff --git a/puppet/services/pacemaker/neutron-plugin-nuage.yaml b/puppet/services/pacemaker/neutron-plugin-nuage.yaml new file mode 100644 index 00000000..704d922a --- /dev/null +++ b/puppet/services/pacemaker/neutron-plugin-nuage.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Nuage Plugin with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronPluginNuageBase: + type: ../neutron-plugin-nuage.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron Nuage plugin. + value: + config_settings: + map_merge: + - get_attr: [NeutronPluginNuageBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::neutron::plugins::nuage diff --git a/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml b/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml new file mode 100644 index 00000000..d8c75509 --- /dev/null +++ b/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron OpenContrail Plugin with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronPluginOpenContrail: + type: ../neutron-plugin-nuage.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron OpenContrail plugin. + value: + config_settings: + map_merge: + - get_attr: [NeutronPluginOpenContrail, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::neutron::plugins::opencontrail diff --git a/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml new file mode 100644 index 00000000..c2e8eaac --- /dev/null +++ b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml @@ -0,0 +1,28 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron PLUMgrid Plugin with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronPluginPlumgridBase: + type: ../neutron-plugin-ml2.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron PLUMgrid plugin. + value: + config_settings: + map_merge: + - get_attr: [NeutronPluginPlumgridBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::neutron::plugins::plumgrid diff --git a/puppet/services/pacemaker/nova-api.yaml b/puppet/services/pacemaker/nova-api.yaml new file mode 100644 index 00000000..1b5011b6 --- /dev/null +++ b/puppet/services/pacemaker/nova-api.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova API service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaApiBase: + type: ../nova-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova API role. + value: + config_settings: + map_merge: + - get_attr: [NovaApiBase, role_data, config_settings] + - nova::api::manage_service: false + nova::api::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::nova::api diff --git a/puppet/services/pacemaker/nova-consoleauth.yaml b/puppet/services/pacemaker/nova-consoleauth.yaml new file mode 100644 index 00000000..f9b6b058 --- /dev/null +++ b/puppet/services/pacemaker/nova-consoleauth.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Consoleauth service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaConsoleauthBase: + type: ../nova-consoleauth.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Consoleauth role. + value: + config_settings: + map_merge: + - get_attr: [NovaConsoleauthBase, role_data, config_settings] + - nova::consoleauth::manage_service: false + nova::consoleauth::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::nova::consoleauth diff --git a/puppet/services/pacemaker/nova-scheduler.yaml b/puppet/services/pacemaker/nova-scheduler.yaml new file mode 100644 index 00000000..0032cbe6 --- /dev/null +++ b/puppet/services/pacemaker/nova-scheduler.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Scheduler service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaSchedulerBase: + type: ../nova-scheduler.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Scheduler role. + value: + config_settings: + map_merge: + - get_attr: [NovaSchedulerBase, role_data, config_settings] + - nova::scheduler::manage_service: false + nova::scheduler::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::nova::scheduler diff --git a/puppet/services/pacemaker/nova-vncproxy.yaml b/puppet/services/pacemaker/nova-vncproxy.yaml new file mode 100644 index 00000000..52395240 --- /dev/null +++ b/puppet/services/pacemaker/nova-vncproxy.yaml @@ -0,0 +1,30 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Nova Vncproxy service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaVncproxyBase: + type: ../nova-vncproxy.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Vncproxy role. + value: + config_settings: + map_merge: + - get_attr: [NovaVncproxyBase, role_data, config_settings] + - nova::vncproxy::manage_service: false + nova::vncproxy::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::nova::vncproxy diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 581b4ba4..3688c4a8 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -18,7 +18,7 @@ parameters: type: string hidden: true RabbitFDLimit: - default: 16384 + default: 65536 description: Configures RabbitMQ FD limit type: string RabbitIPv6: diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml new file mode 100644 index 00000000..24ee2933 --- /dev/null +++ b/puppet/services/snmp.yaml @@ -0,0 +1,31 @@ +heat_template_version: 2016-04-08 + +description: > + SNMP client configured with Puppet, to facilitate Ceilometer Hardware + monitoring in the undercloud. This service is required to enable hardware + monitoring. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + +outputs: + role_data: + description: Role data for the SNMP services + value: + config_settings: + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + step_config: | + include ::tripleo::profile::base::snmp diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml new file mode 100644 index 00000000..980c95f5 --- /dev/null +++ b/puppet/services/swift-storage.yaml @@ -0,0 +1,44 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Swift Storage service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + SwiftMountCheck: + default: false + description: Value of mount_check in Swift account/container/object -server.conf + type: boolean + + # DEPRECATED options for compatibility with overcloud.yaml + # This should be removed and manipulation of the ControllerServices list + # used instead, but we need client support for that first + ControllerEnableSwiftStorage: + default: true + description: Whether to enable Swift Storage on the Controller + type: boolean + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - ControllerEnableSwiftStorage + +outputs: + role_data: + description: Role data for the Swift Proxy role. + value: + config_settings: + # Swift + swift::storage::all::mount_check: {get_param: SwiftMountCheck} + tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage} + step_config: | + include ::tripleo::profile::base::swift::storage diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml new file mode 100644 index 00000000..dbef6f91 --- /dev/null +++ b/puppet/services/time/ntp.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + NTP service deployment using puppet, this YAML file + creates the interface between the HOT template + and the puppet manifest that actually installs + and configure NTP. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NtpServers: + default: [] + description: NTP servers + type: comma_delimited_list + +outputs: + role_data: + description: Role ntp using composable services. + value: + config_settings: + ntp::ntpservers: {get_param: NtpServers} + step_config: | + include ::ntp
\ No newline at end of file diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index ed52f928..dc3d2c54 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -18,10 +18,6 @@ parameters: default: default description: Name of an existing Nova key pair to enable SSH access to the instances type: string - MountCheck: - default: 'false' - description: Value of mount_check in Swift account/container/object -server.conf - type: boolean MinPartHours: type: number default: 1 @@ -46,10 +42,6 @@ parameters: description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true - NtpServer: - default: '' - description: Comma-separated list of ntp servers - type: comma_delimited_list EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -290,9 +282,7 @@ resources: tripleo::ringbuilder::part_power: { get_input: swift_part_power } tripleo::ringbuilder::replicas: {get_input: swift_replicas } swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} - swift_mount_check: {get_input: swift_mount_check } tripleo::ringbuilder::min_part_hours: { get_input: swift_min_part_hours } - ntp::servers: {get_input: ntp_servers} timezone::timezone: {get_input: timezone} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} @@ -312,12 +302,10 @@ resources: snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} swift_hash_suffix: {get_param: HashSuffix} - swift_mount_check: {get_param: MountCheck} swift_min_part_hours: {get_param: MinPartHours} swift_ring_build: {get_param: RingBuild} swift_part_power: {get_param: PartPower} swift_replicas: { get_param: Replicas} - ntp_servers: {get_param: NtpServer} timezone: {get_param: TimeZone} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} |