summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/blockstorage-role.yaml2
-rw-r--r--puppet/cephstorage-role.yaml2
-rw-r--r--puppet/compute-role.yaml2
-rw-r--r--puppet/controller-role.yaml2
-rw-r--r--puppet/objectstorage-role.yaml2
-rw-r--r--puppet/role.role.j2.yaml2
-rw-r--r--puppet/services/ceilometer-agent-compute.yaml5
-rw-r--r--puppet/services/ceilometer-base.yaml2
-rw-r--r--puppet/services/database/redis.yaml3
-rw-r--r--puppet/services/haproxy-internal-tls-certmonger.yaml8
-rw-r--r--puppet/services/haproxy-public-tls-certmonger.yaml10
-rw-r--r--puppet/services/iscsid.yaml2
-rw-r--r--puppet/services/network/contrail-dpdk.yaml2
-rw-r--r--puppet/services/network/contrail-tsn.yaml3
-rw-r--r--puppet/services/network/contrail-vrouter.yaml2
-rw-r--r--puppet/services/neutron-ovs-agent.yaml6
-rw-r--r--puppet/services/neutron-plugin-ml2-odl.yaml2
-rw-r--r--puppet/services/nova-compute.yaml2
-rw-r--r--puppet/services/nova-conductor.yaml2
-rw-r--r--puppet/services/opendaylight-ovs.yaml46
-rw-r--r--puppet/services/ovn-controller.yaml (renamed from puppet/services/neutron-compute-plugin-ovn.yaml)24
-rw-r--r--puppet/services/ovn-dbs.yaml14
-rw-r--r--puppet/services/zaqar.yaml4
23 files changed, 118 insertions, 31 deletions
diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml
index 7d58d1da..de7b6b49 100644
--- a/puppet/blockstorage-role.yaml
+++ b/puppet/blockstorage-role.yaml
@@ -141,7 +141,7 @@ parameters:
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml
index 48e5b97a..ce44fd68 100644
--- a/puppet/cephstorage-role.yaml
+++ b/puppet/cephstorage-role.yaml
@@ -147,7 +147,7 @@ parameters:
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml
index 3ad6f745..af45793e 100644
--- a/puppet/compute-role.yaml
+++ b/puppet/compute-role.yaml
@@ -159,7 +159,7 @@ parameters:
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml
index 933b5e60..38589a4e 100644
--- a/puppet/controller-role.yaml
+++ b/puppet/controller-role.yaml
@@ -173,7 +173,7 @@ parameters:
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml
index a03a9da5..10e56450 100644
--- a/puppet/objectstorage-role.yaml
+++ b/puppet/objectstorage-role.yaml
@@ -141,7 +141,7 @@ parameters:
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index 18707b9a..23d8896e 100644
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -180,7 +180,7 @@ parameters:
parameter is generated from the parent template.
RoleParameters:
type: json
- description: Role Specific Parameters
+ description: Parameters specific to the role
default: {}
DeploymentSwiftDataMap:
type: json
diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml
index 3cf51519..27bc50f3 100644
--- a/puppet/services/ceilometer-agent-compute.yaml
+++ b/puppet/services/ceilometer-agent-compute.yaml
@@ -39,6 +39,10 @@ parameters:
type: string
constraints:
- allowed_values: ['naive', 'libvirt_metadata', 'workload_partitioning']
+ RedisPassword:
+ description: The password for the redis service account.
+ type: string
+ hidden: true
resources:
CeilometerServiceBase:
@@ -61,6 +65,7 @@ outputs:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
- ceilometer::agent::compute::instance_discovery_method: {get_param: InstanceDiscoveryMethod}
+ - ceilometer_redis_password: {get_param: RedisPassword}
compute_namespace: true
service_config_settings:
get_attr: [CeilometerServiceBase, role_data, service_config_settings]
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index 9fc1530a..5cc020a9 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -51,6 +51,8 @@ parameters:
description: >
A list of publishers to put in event_pipeline.yaml. When the
collector is used, override this with notifier:// publisher.
+ If zaqar is enabled, you can also publish to a zaqar queue
+ by including "zaqar://?queue=queue_name" in this list.
Set ManageEventPipeline to true for override to take effect.
type: comma_delimited_list
ManagePipeline:
diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml
index bd96823b..bdcc4fcd 100644
--- a/puppet/services/database/redis.yaml
+++ b/puppet/services/database/redis.yaml
@@ -77,3 +77,6 @@ outputs:
tags: step3
yum: name=redis state=latest
when: redis_enabled.rc != 0
+ - name: Start redis service
+ tags: step4
+ service: name=redis state=started
diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml
index b6b4f270..3355a0d3 100644
--- a/puppet/services/haproxy-internal-tls-certmonger.yaml
+++ b/puppet/services/haproxy-internal-tls-certmonger.yaml
@@ -55,14 +55,16 @@ outputs:
config_settings:
generate_service_certificates: true
tripleo::haproxy::use_internal_certificates: true
+ tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
+ tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
certificates_specs:
map_merge:
repeat:
template:
haproxy-NETWORK:
- service_pem: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.pem'
- service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-NETWORK.crt'
- service_key: '/etc/pki/tls/private/overcloud-haproxy-NETWORK.key'
+ service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.pem'
+ service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-NETWORK.crt'
+ service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-NETWORK.key'
hostname: "%{hiera('cloud_name_NETWORK')}"
postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml
index e79d2aec..f1739f78 100644
--- a/puppet/services/haproxy-public-tls-certmonger.yaml
+++ b/puppet/services/haproxy-public-tls-certmonger.yaml
@@ -38,12 +38,14 @@ outputs:
service_name: haproxy_public_tls_certmonger
config_settings:
generate_service_certificates: true
- tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
+ tripleo::haproxy::service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
+ tripleo::certmonger::haproxy_dirs::certificate_dir: '/etc/pki/tls/certs/haproxy'
+ tripleo::certmonger::haproxy_dirs::key_dir: '/etc/pki/tls/private/haproxy'
certificates_specs:
haproxy-external:
- service_pem: '/etc/pki/tls/certs/overcloud-haproxy-external.pem'
- service_certificate: '/etc/pki/tls/certs/overcloud-haproxy-external.crt'
- service_key: '/etc/pki/tls/private/overcloud-haproxy-external.key'
+ service_pem: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.pem'
+ service_certificate: '/etc/pki/tls/certs/haproxy/overcloud-haproxy-external.crt'
+ service_key: '/etc/pki/tls/private/haproxy/overcloud-haproxy-external.key'
hostname: "%{hiera('cloud_name_external')}"
postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_external')}"
diff --git a/puppet/services/iscsid.yaml b/puppet/services/iscsid.yaml
index 9510df3b..222977e9 100644
--- a/puppet/services/iscsid.yaml
+++ b/puppet/services/iscsid.yaml
@@ -36,6 +36,6 @@ outputs:
description: Role data for iscsid
value:
service_name: iscsid
- config_setting: {}
+ config_settings: {}
step_config: |
include ::tripleo::profile::base::iscsid
diff --git a/puppet/services/network/contrail-dpdk.yaml b/puppet/services/network/contrail-dpdk.yaml
index 1f331894..65b2a2a1 100644
--- a/puppet/services/network/contrail-dpdk.yaml
+++ b/puppet/services/network/contrail-dpdk.yaml
@@ -31,7 +31,7 @@ parameters:
via parameter_defaults in the resource registry.
type: json
NeutronMetadataProxySharedSecret:
- description: Metadata Secret
+ description: Shared secret to prevent spoofing
type: string
hidden: true
ContrailVrouterPhysicalInterface:
diff --git a/puppet/services/network/contrail-tsn.yaml b/puppet/services/network/contrail-tsn.yaml
index 058b9dc9..a9655160 100644
--- a/puppet/services/network/contrail-tsn.yaml
+++ b/puppet/services/network/contrail-tsn.yaml
@@ -31,8 +31,9 @@ parameters:
via parameter_defaults in the resource registry.
type: json
NeutronMetadataProxySharedSecret:
- description: Metadata Secret
+ description: Shared secret to prevent spoofing
type: string
+ hidden: true
ContrailVrouterPhysicalInterface:
default: 'eth0'
description: vRouter physical interface
diff --git a/puppet/services/network/contrail-vrouter.yaml b/puppet/services/network/contrail-vrouter.yaml
index 981fe2fb..1773c367 100644
--- a/puppet/services/network/contrail-vrouter.yaml
+++ b/puppet/services/network/contrail-vrouter.yaml
@@ -31,7 +31,7 @@ parameters:
via parameter_defaults in the resource registry.
type: json
NeutronMetadataProxySharedSecret:
- description: Metadata Secret
+ description: Shared secret to prevent spoofing
type: string
hidden: true
ContrailVrouterPhysicalInterface:
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index 1d4029cf..7894f78b 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -32,8 +32,7 @@ parameters:
type: json
NeutronEnableL2Pop:
type: string
- description: >
- Enable/disable the L2 population feature in the Neutron agents.
+ description: Enable/disable the L2 population feature in the Neutron agents.
default: "False"
NeutronBridgeMappings:
description: >
@@ -47,8 +46,7 @@ parameters:
default: "datacentre:br-ex"
NeutronTunnelTypes:
default: 'vxlan'
- description: |
- The tunnel types for the Neutron tenant network.
+ description: The tunnel types for the Neutron tenant network.
type: comma_delimited_list
NeutronAgentExtensions:
default: "qos"
diff --git a/puppet/services/neutron-plugin-ml2-odl.yaml b/puppet/services/neutron-plugin-ml2-odl.yaml
index cc4cd8f4..68bba110 100644
--- a/puppet/services/neutron-plugin-ml2-odl.yaml
+++ b/puppet/services/neutron-plugin-ml2-odl.yaml
@@ -33,7 +33,7 @@ parameters:
OpenDaylightPortBindingController:
description: OpenDaylight port binding controller
type: string
- default: 'network-topology'
+ default: 'pseudo-agentdb-binding'
resources:
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index a12bfd0f..6e1f3f56 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -97,7 +97,7 @@ parameters:
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
- default: auto
+ default: ''
MigrationSshKey:
type: json
description: >
diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml
index a6638be0..5abad452 100644
--- a/puppet/services/nova-conductor.yaml
+++ b/puppet/services/nova-conductor.yaml
@@ -45,7 +45,7 @@ parameters:
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
- default: auto
+ default: ''
conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml
index 2027292c..139ab7c7 100644
--- a/puppet/services/opendaylight-ovs.yaml
+++ b/puppet/services/opendaylight-ovs.yaml
@@ -33,6 +33,28 @@ parameters:
Required for VLAN deployments. For example physnet1 -> eth1.
type: comma_delimited_list
default: "datacentre:br-ex"
+ HostAllowedNetworkTypes:
+ description: Allowed tenant network types for this OVS host. Note this can
+ vary per host or role to constrain which hosts nova instances
+ and networks are scheduled to.
+ type: comma_delimited_list
+ default: ['local', 'vlan', 'vxlan', 'gre']
+ OvsEnableDpdk:
+ description: Whether or not to configure enable DPDK in OVS
+ default: false
+ type: boolean
+ OvsVhostuserMode:
+ description: Specify the mode for OVS with vhostuser port creation. In
+ client mode, the hypervisor will be responsible for creating
+ vhostuser sockets. In server mode, OVS will create them.
+ type: string
+ default: "client"
+ constraints:
+ - allowed_values: [ 'client', 'server' ]
+ VhostuserSocketDir:
+ description: Specify the directory to use for vhostuser sockets
+ type: string
+ default: "/var/run/openvswitch"
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -71,6 +93,28 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ # Merging role-specific parameters (RoleParameters) with the default parameters.
+ # RoleParameters will have the precedence over the default parameters.
+ RoleParametersValue:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_replace:
+ - map_replace:
+ - neutron::plugins::ovs::opendaylight::allowed_network_types: HostAllowedNetworkTypes
+ neutron::plugins::ovs::opendaylight::enable_dpdk: OvsEnableDpdk
+ neutron::plugins::ovs::opendaylight::vhostuser_socket_dir: VhostuserSocketDir
+ neutron::plugins::ovs::opendaylight::vhostuser_mode: OvsVhostuserMode
+ neutron::plugins::ovs::opendaylight::provider_mappings: OpenDaylightProviderMappings
+ - values: {get_param: [RoleParameters]}
+ - values:
+ HostAllowedNetworkTypes: {get_param: HostAllowedNetworkTypes}
+ OvsEnableDpdk: {get_param: OvsEnableDpdk}
+ VhostuserSocketDir: {get_param: VhostuserSocketDir}
+ OvsVhostuserMode: {get_param: OvsVhostuserMode}
+ OpenDaylightProviderMappings: {get_param: OpenDaylightProviderMappings}
+
outputs:
role_data:
description: Role data for the OpenDaylight service.
@@ -86,7 +130,6 @@ outputs:
opendaylight_check_url: {get_param: OpenDaylightCheckURL}
opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
- neutron::plugins::ovs::opendaylight::provider_mappings: {get_param: OpenDaylightProviderMappings}
tripleo.opendaylight_ovs.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'
@@ -94,6 +137,7 @@ outputs:
'136 neutron gre networks':
proto: 'gre'
- get_attr: [Ovs, role_data, config_settings]
+ - get_attr: [RoleParametersValue, value]
step_config: |
include tripleo::profile::base::neutron::plugins::ovs::opendaylight
upgrade_tasks:
diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/ovn-controller.yaml
index dfd87eda..30720448 100644
--- a/puppet/services/neutron-compute-plugin-ovn.yaml
+++ b/puppet/services/ovn-controller.yaml
@@ -1,7 +1,7 @@
heat_template_version: pike
description: >
- OpenStack Neutron Compute OVN agent
+ OpenStack OVN Controller agent
parameters:
EndpointMap:
@@ -45,23 +45,23 @@ parameters:
bridge on hosts - to a physical name 'datacentre' which can be used
to create provider networks (and we use this for the default floating
network) - if changing this either use different post-install network
- scripts or be sure to keep 'datacentre' as a mapping network name
+ scripts or be sure to keep 'datacentre' as a mapping network name.
type: comma_delimited_list
default: "datacentre:br-ex"
outputs:
role_data:
- description: Role data for the Neutron Compute OVN agent
+ description: Role data for the OVN Controller agent
value:
- service_name: neutron_compute_plugin_ovn
+ service_name: ovn_controller
config_settings:
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType}
ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]}
ovn::controller::ovn_bridge_mappings: {get_param: NeutronBridgeMappings}
nova::compute::force_config_drive: true
- tripleo.neutron_compute_plugin_ovn.firewall_rules:
+ tripleo.ovn_controller.firewall_rules:
'118 neutron vxlan networks':
proto: 'udp'
dport: 4789
@@ -70,3 +70,17 @@ outputs:
dport: 6081
step_config: |
include ::tripleo::profile::base::neutron::agents::ovn
+ upgrade_tasks:
+ - name: Check if ovn_controller is deployed
+ command: systemctl is-enabled ovn-controller
+ tags: common
+ ignore_errors: True
+ register: ovn_controller_enabled
+ - name: "PreUpgrade step0,validation: Check service ovn-controller is running"
+ shell: /usr/bin/systemctl show 'ovn-controller' --property ActiveState | grep '\bactive\b'
+ when: ovn_controller_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop ovn-controller service
+ tags: step1
+ when: ovn_controller_enabled.rc == 0
+ service: name=ovn-controller state=stopped
diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml
index f6f3e3c8..2b98008b 100644
--- a/puppet/services/ovn-dbs.yaml
+++ b/puppet/services/ovn-dbs.yaml
@@ -57,3 +57,17 @@ outputs:
- {get_param: OVNSouthboundServerPort}
step_config: |
include ::tripleo::profile::base::neutron::ovn_northd
+ upgrade_tasks:
+ - name: Check if ovn_northd is deployed
+ command: systemctl is-enabled ovn-northd
+ tags: common
+ ignore_errors: True
+ register: ovn_northd_enabled
+ - name: "PreUpgrade step0,validation: Check service ovn-northd is running"
+ shell: /usr/bin/systemctl show 'ovn-northd' --property ActiveState | grep '\bactive\b'
+ when: ovn_northd_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop ovn-northd service
+ tags: step1
+ when: ovn_northd_enabled.rc == 0
+ service: name=ovn-northd state=stopped
diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml
index 21857423..4a1ad179 100644
--- a/puppet/services/zaqar.yaml
+++ b/puppet/services/zaqar.yaml
@@ -105,7 +105,7 @@ outputs:
- {get_param: ZaqarDebug }
zaqar::server::service_name: 'httpd'
zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]}
- zaqar::wsgi::apache::ssl: false
+ zaqar::wsgi::apache::ssl: {get_param: EnableInternalTLS}
zaqar::wsgi::apache::bind_host: {get_param: [ServiceNetMap, ZaqarApiNetwork]}
zaqar::message_pipeline: 'zaqar.notification.notifier'
zaqar::unreliable: true
@@ -178,6 +178,8 @@ outputs:
- {}
step_config: |
include ::tripleo::profile::base::zaqar
+ metadata_settings:
+ get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
yaql:
expression: $.data.apache_upgrade + $.data.zaqar_upgrade