summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/ceph-storage-post.yaml6
-rw-r--r--puppet/ceph-storage.yaml8
-rw-r--r--puppet/cinder-storage-post.yaml6
-rw-r--r--puppet/cinder-storage.yaml9
-rw-r--r--puppet/compute-post.yaml6
-rw-r--r--puppet/compute.yaml16
-rw-r--r--puppet/controller-config-pacemaker.yaml7
-rw-r--r--puppet/controller-config.yaml7
-rw-r--r--puppet/controller-post.yaml5
-rw-r--r--puppet/controller.yaml58
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml174
-rw-r--r--puppet/hieradata/controller.yaml3
-rw-r--r--puppet/hieradata/object.yaml5
-rw-r--r--puppet/manifests/overcloud_compute.pp14
-rw-r--r--puppet/manifests/overcloud_controller.pp25
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp103
-rw-r--r--puppet/swift-storage-post.yaml8
-rw-r--r--puppet/swift-storage.yaml8
19 files changed, 437 insertions, 33 deletions
diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml
index 1b5b944d..0f7dd36f 100644
--- a/puppet/ceph-storage-post.yaml
+++ b/puppet/ceph-storage-post.yaml
@@ -4,6 +4,10 @@ description: >
OpenStack ceph storage node post deployment for Puppet
parameters:
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
servers:
type: json
NodeConfigIdentifiers:
@@ -16,6 +20,8 @@ resources:
type: OS::Heat::SoftwareConfig
properties:
group: puppet
+ options:
+ enable_debug: {get_param: ConfigDebug}
outputs:
- name: result
config:
diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml
index 1213d3df..75294599 100644
--- a/puppet/ceph-storage.yaml
+++ b/puppet/ceph-storage.yaml
@@ -181,6 +181,14 @@ resources:
properties:
server: {get_resource: CephStorage}
+ # Hook for site-specific additional pre-deployment config,
+ # applying to all nodes, e.g node registration/unregistration
+ NodeExtraConfig:
+ depends_on: CephStorageExtraConfigPre
+ type: OS::TripleO::NodeExtraConfig
+ properties:
+ server: {get_resource: CephStorage}
+
UpdateConfig:
type: OS::TripleO::Tasks::PackageUpdate
diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml
index 24d2b8a3..c97cfcf9 100644
--- a/puppet/cinder-storage-post.yaml
+++ b/puppet/cinder-storage-post.yaml
@@ -2,6 +2,10 @@ heat_template_version: 2015-04-30
description: 'OpenStack cinder storage post deployment for Puppet'
parameters:
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
servers:
type: json
NodeConfigIdentifiers:
@@ -14,6 +18,8 @@ resources:
type: OS::Heat::SoftwareConfig
properties:
group: puppet
+ options:
+ enable_debug: {get_param: ConfigDebug}
outputs:
- name: result
config:
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index 5779c097..6a869219 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -59,6 +59,7 @@ parameters:
RabbitPassword:
default: 'guest'
type: string
+ hidden: true
RabbitUserName:
default: 'guest'
type: string
@@ -263,6 +264,14 @@ resources:
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
+ # Hook for site-specific additional pre-deployment config,
+ # applying to all nodes, e.g node registration/unregistration
+ NodeExtraConfig:
+ depends_on: BlockStorageDeployment
+ type: OS::TripleO::NodeExtraConfig
+ properties:
+ server: {get_resource: BlockStorage}
+
UpdateConfig:
type: OS::TripleO::Tasks::PackageUpdate
diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml
index b4a6126b..b63b06b4 100644
--- a/puppet/compute-post.yaml
+++ b/puppet/compute-post.yaml
@@ -4,6 +4,10 @@ description: >
OpenStack compute node post deployment for Puppet.
parameters:
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
servers:
type: json
NodeConfigIdentifiers:
@@ -17,6 +21,8 @@ resources:
type: OS::Heat::SoftwareConfig
properties:
group: puppet
+ options:
+ enable_debug: {get_param: ConfigDebug}
outputs:
- name: result
config:
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index e1e84f04..2b635357 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -29,6 +29,10 @@ parameters:
default: false
description: Whether to enable or not the NFS backend for Cinder
type: boolean
+ CinderEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Cinder
+ type: boolean
Debug:
default: ''
description: Set to True to enable debugging on all services.
@@ -149,6 +153,7 @@ parameters:
default: 'unset'
description: Shared secret to prevent spoofing
type: string
+ hidden: true
NeutronCorePlugin:
default: 'ml2'
description: |
@@ -360,6 +365,7 @@ resources:
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- common
+ - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre
datafiles:
compute_extraconfig:
mapped_data: {get_param: NovaComputeExtraConfig}
@@ -383,6 +389,7 @@ resources:
nova_api_host: {get_input: nova_api_host}
nova::compute::vncproxy_host: {get_input: nova_public_ip}
nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend}
+ rbd_persistent_storage: {get_input: cinder_enable_rbd_backend}
nova_password: {get_input: nova_password}
nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address}
ceilometer::debug: {get_input: debug}
@@ -446,6 +453,7 @@ resources:
nova_api_host: {get_param: NovaApiHost}
nova_password: {get_param: NovaPassword}
nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend}
+ cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]}
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
@@ -554,6 +562,14 @@ resources:
properties:
server: {get_resource: NovaCompute}
+ # Hook for site-specific additional pre-deployment config,
+ # applying to all nodes, e.g node registration/unregistration
+ NodeExtraConfig:
+ depends_on: ComputeExtraConfigPre
+ type: OS::TripleO::NodeExtraConfig
+ properties:
+ server: {get_resource: NovaCompute}
+
UpdateConfig:
type: OS::TripleO::Tasks::PackageUpdate
diff --git a/puppet/controller-config-pacemaker.yaml b/puppet/controller-config-pacemaker.yaml
index 38161cd7..dc81498a 100644
--- a/puppet/controller-config-pacemaker.yaml
+++ b/puppet/controller-config-pacemaker.yaml
@@ -3,6 +3,12 @@ heat_template_version: 2015-04-30
description: >
A software config which runs manifests/overcloud_controller_pacemaker.pp
+parameters:
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
+
resources:
ControllerPuppetConfigImpl:
@@ -10,6 +16,7 @@ resources:
properties:
group: puppet
options:
+ enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
outputs:
diff --git a/puppet/controller-config.yaml b/puppet/controller-config.yaml
index 4135ffac..f85e1a9e 100644
--- a/puppet/controller-config.yaml
+++ b/puppet/controller-config.yaml
@@ -3,6 +3,12 @@ heat_template_version: 2015-04-30
description: >
A software config which runs manifests/overcloud_controller.pp
+parameters:
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
+
resources:
ControllerPuppetConfigImpl:
@@ -10,6 +16,7 @@ resources:
properties:
group: puppet
options:
+ enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
outputs:
diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml
index 49cbe1e2..941e1ac5 100644
--- a/puppet/controller-post.yaml
+++ b/puppet/controller-post.yaml
@@ -4,6 +4,10 @@ description: >
OpenStack controller node post deployment for Puppet.
parameters:
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
servers:
type: json
NodeConfigIdentifiers:
@@ -46,6 +50,7 @@ resources:
properties:
group: puppet
options:
+ enable_debug: {get_param: ConfigDebug}
enable_hiera: True
enable_facter: False
inputs:
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 8d10482c..0bb8035b 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -14,6 +14,9 @@ parameters:
description: The keystone auth secret and db password.
type: string
hidden: true
+ CeilometerApiVirtualIP:
+ type: string
+ default: ''
CeilometerBackend:
default: 'mongodb'
description: The ceilometer backend type.
@@ -28,6 +31,9 @@ parameters:
description: The password for the ceilometer service and db account.
type: string
hidden: true
+ CinderApiVirtualIP:
+ type: string
+ default: ''
CinderEnableNfsBackend:
default: false
description: Whether to enable or not the NFS backend for Cinder
@@ -174,6 +180,10 @@ parameters:
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd']
+ HAProxySyslogAddress:
+ default: /dev/log
+ description: Syslog address where HAproxy will send its log
+ type: string
HeatPassword:
default: unset
description: The password for the Heat service and db account, used by the Heat services.
@@ -187,9 +197,15 @@ parameters:
HeatAuthEncryptionKey:
description: Auth encryption key for heat-engine
type: string
+ hidden: true
+ HorizonAllowedHosts:
+ default: '*'
+ description: A list of IP/Hostname allowed to connect to horizon
+ type: comma_delimited_list
HorizonSecret:
description: Secret key for Django
type: string
+ hidden: true
Image:
type: string
default: overcloud-control
@@ -297,6 +313,7 @@ parameters:
default: 'unset'
description: Shared secret to prevent spoofing
type: string
+ hidden: true
NeutronCorePlugin:
default: 'ml2'
description: |
@@ -395,6 +412,9 @@ parameters:
of VXLAN VNI IDs that are available for tenant network allocation
default: ["1:1000", ]
type: comma_delimited_list
+ NovaApiVirtualIP:
+ type: string
+ default: ''
NovaPassword:
default: unset
description: The password for the nova service and db account, used by nova-api.
@@ -410,6 +430,7 @@ parameters:
PcsdPassword:
type: string
description: The password for the 'pcsd' user.
+ hidden: true
PublicVirtualInterface:
default: 'br-ex'
description: >
@@ -442,6 +463,10 @@ parameters:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ RabbitFDLimit:
+ default: 16384
+ description: Configures RabbitMQ FD limit
+ type: string
RedisVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
@@ -492,6 +517,9 @@ parameters:
services.
hidden: true
type: string
+ SwiftProxyVirtualIP:
+ type: string
+ default: ''
SwiftReplicas:
type: number
default: 3
@@ -505,6 +533,9 @@ parameters:
GlanceApiVirtualIP:
type: string
default: ''
+ GlanceRegistryVirtualIP:
+ type: string
+ default: ''
MysqlVirtualIP:
type: string
default: ''
@@ -644,6 +675,7 @@ resources:
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
+ haproxy_log_address: {get_param: HAProxySyslogAddress}
heat.watch_server_url:
list_join:
- ''
@@ -663,6 +695,7 @@ resources:
- {get_param: HeatApiVirtualIP}
- ':8000/v1/waitcondition'
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
+ horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
horizon_secret: {get_param: HorizonSecret}
admin_password: {get_param: AdminPassword}
admin_token: {get_param: AdminToken}
@@ -874,6 +907,14 @@ resources:
rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
rabbit_client_port: {get_param: RabbitClientPort}
mongodb_no_journal: {get_param: MongoDbNoJournal}
+ # We need to force this into quotes or hiera will return integer causing
+ # the puppet module validation regexp to fail.
+ # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401
+ rabbit_fd_limit:
+ str_replace:
+ template: "'LIMIT'"
+ params:
+ LIMIT: {get_param: RabbitFDLimit}
ntp_servers:
str_replace:
template: '["server"]'
@@ -903,6 +944,7 @@ resources:
- {get_param: GlanceApiVirtualIP}
- ':'
- {get_param: GlancePort}
+ glance_registry_host: {get_param: GlanceRegistryVirtualIP}
heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
@@ -949,6 +991,7 @@ resources:
- cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
- neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
- neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
+ - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
datafiles:
controller_extraconfig:
mapped_data: {get_param: ControllerExtraConfig}
@@ -1020,7 +1063,7 @@ resources:
glance::api::bind_host: {get_input: glance_api_network}
glance::api::auth_uri: {get_input: keystone_auth_uri}
glance::api::identity_uri: {get_input: keystone_identity_uri}
- glance::api::registry_host: {get_input: glance_registry_network}
+ glance::api::registry_host: {get_input: glance_registry_host}
glance::api::keystone_password: {get_input: glance_password}
glance::api::debug: {get_input: debug}
glance_notifier_strategy: {get_input: glance_notifier_strategy}
@@ -1029,7 +1072,7 @@ resources:
glance::api::database_connection: {get_input: glance_dsn}
glance::registry::keystone_password: {get_input: glance_password}
glance::registry::database_connection: {get_input: glance_dsn}
- glance::registry::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
+ glance::registry::bind_host: {get_input: glance_registry_network}
glance::registry::auth_uri: {get_input: keystone_auth_uri}
glance::registry::identity_uri: {get_input: keystone_identity_uri}
glance::registry::debug: {get_input: debug}
@@ -1177,6 +1220,7 @@ resources:
# Horizon
apache::ip: {get_input: horizon_network}
+ horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
horizon::django_debug: {get_input: debug}
horizon::secret_key: {get_input: horizon_secret}
horizon::bind_address: {get_input: horizon_network}
@@ -1185,6 +1229,7 @@ resources:
# Rabbit
rabbitmq::node_ip_address: {get_input: rabbitmq_network}
rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
+ rabbitmq::file_limit: {get_input: rabbit_fd_limit}
# Redis
redis::bind: {get_input: redis_network}
redis_vip: {get_input: redis_vip}
@@ -1196,6 +1241,7 @@ resources:
public_virtual_interface: {get_input: public_virtual_interface}
tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface}
tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
+ tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address}
tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
@@ -1206,6 +1252,14 @@ resources:
properties:
server: {get_resource: Controller}
+ # Hook for site-specific additional pre-deployment config,
+ # applying to all nodes, e.g node registration/unregistration
+ NodeExtraConfig:
+ depends_on: ControllerExtraConfigPre
+ type: OS::TripleO::NodeExtraConfig
+ properties:
+ server: {get_resource: Controller}
+
UpdateConfig:
type: OS::TripleO::Tasks::PackageUpdate
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
index 18295a2f..7ec2190f 100644
--- a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
@@ -18,6 +18,7 @@ parameters:
type: string
CinderNetappPassword:
type: string
+ hidden: true
CinderNetappServerHostname:
type: string
CinderNetappServerPort:
@@ -65,6 +66,7 @@ parameters:
CinderNetappSaPassword:
type: string
default: ''
+ hidden: true
CinderNetappStoragePools:
type: string
default: ''
diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml
new file mode 100644
index 00000000..5985116b
--- /dev/null
+++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml
@@ -0,0 +1,174 @@
+heat_template_version: 2015-04-30
+
+description: Configure hieradata for Cisco N1KV configuration
+
+parameters:
+ server:
+ description: ID of the controller node to apply this config to
+ type: string
+
+ # Config specific parameters, to be provided via parameter_defaults
+ N1000vVSMIP:
+ type: string
+ default: '192.0.2.50'
+ N1000vVSMDomainID:
+ type: number
+ default: 100
+ N1000vVSMIPV6:
+ type: string
+ default: '::1'
+ N1000vVEMHostMgmtIntf:
+ type: string
+ default: 'br-ex'
+ N1000vUplinkProfile:
+ type: string
+ default: '{eth1: system-uplink,}'
+ N1000vVtepConfig:
+ type: string
+ default: '{}'
+ N1000vVEMSource:
+ type: string
+ default: ''
+ N1000vVEMVersion:
+ type: string
+ default: ''
+ N1000vPortDB:
+ type: string
+ default: 'ovs'
+ N1000vVtepsInSameSub:
+ type: boolean
+ default: false
+ N1000vVEMFastpathFlood:
+ type: string
+ default: 'enable'
+#VSM Puppet Parameter
+ N1000vVSMSource:
+ type: string
+ default: ''
+ N1000vVSMVersion:
+ type: string
+ default: 'latest'
+ N1000vVSMHostMgmtIntf:
+ type: string
+ default: 'br-ex'
+ N1000vVSMRole:
+ type: string
+ default: 'primary'
+ N1000vVSMPassword:
+ type: string
+ default: 'Password'
+ N1000vMgmtNetmask:
+ type: string
+ default: '255.255.255.0'
+ N1000vMgmtGatewayIP:
+ type: string
+ default: '192.0.2.1'
+ N1000vPacemakerControl:
+ type: boolean
+ default: true
+ N1000vExistingBridge:
+ type: boolean
+ default: true
+#Plugin Parameters
+ N1000vVSMUser:
+ type: string
+ default: 'admin'
+ N1000vPollDuration:
+ type: number
+ default: 60
+ N1000vHttpPoolSize:
+ type: number
+ default: 5
+ N1000vHttpTimeout:
+ type: number
+ default: 15
+ N1000vSyncInterval:
+ type: number
+ default: 300
+ N1000vMaxVSMRetries:
+ type: number
+ default: 2
+
+resources:
+ CiscoN1kvConfig:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ hiera:
+ datafiles:
+ cisco_n1kv_data:
+ mapped_data:
+ #enable_cisco_n1kv: {get_input: EnableCiscoN1kv}
+ # VEM Parameters
+ n1kv_vem_source: {get_input: n1kv_vem_source}
+ n1kv_vem_version: {get_input: n1kv_vem_version}
+ neutron::agents::n1kv_vem::n1kv_vsm_ip: {get_input: n1kv_vsm_ip}
+ neutron::agents::n1kv_vem::n1kv_vsm_domain_id: {get_input: n1kv_vsm_domain_id}
+ neutron::agents::n1kv_vem::n1kv_vsm_ip_v6: {get_input: n1kv_vsm_ip_v6}
+ neutron::agents::n1kv_vem::host_mgmt_intf: {get_input: n1kv_vem_host_mgmt_intf}
+ neutron::agents::n1kv_vem::uplink_profile: {get_input: n1kv_vem_uplink_profile}
+ neutron::agents::n1kv_vem::vtep_config: {get_input: n1kv_vem_vtep_config}
+ neutron::agents::n1kv_vem::portdb: {get_input: n1kv_vem_portdb}
+ neutron::agents::n1kv_vem::vteps_in_same_subnet: {get_input: n1kv_vem_vteps_in_same_subnet}
+ neutron::agents::n1kv_vem::fastpath_flood: {get_input: n1kv_vem_fastpath_flood}
+ #VSM Parameter
+ n1kv_vsm_source: {get_input: n1kv_vsm_source}
+ n1kv_vsm_version: {get_input: n1kv_vsm_version}
+ n1k_vsm::phy_if_bridge: {get_input: n1kv_vsm_host_mgmt_intf}
+ n1k_vsm::vsm_role: {get_input: n1kv_vsm_role}
+ n1k_vsm::pacemaker_control: {get_input: n1kv_vsm_pacemaker_ctrl}
+ n1k_vsm::existing_bridge: {get_input: n1kv_vsm_existing_br}
+ n1k_vsm::vsm_admin_passwd: {get_input: n1kv_vsm_password}
+ n1k_vsm::vsm_domain_id: {get_input: n1kv_vsm_domain_id}
+ n1k_vsm::vsm_mgmt_ip: {get_input: n1kv_vsm_ip}
+ n1k_vsm::vsm_mgmt_netmask: {get_input: n1kv_vsm_mgmt_netmask}
+ n1k_vsm::vsm_mgmt_gateway: {get_input: n1kv_vsm_gateway_ip}
+ n1k_vsm::phy_gateway: {get_input: n1kv_vsm_gateway_ip}
+ # Cisco N1KV driver Parameters
+ neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_ip: {get_input: n1kv_vsm_ip}
+ neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_username: {get_input: n1kv_vsm_username}
+ neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_password: {get_input: n1kv_vsm_password}
+ neutron::plugins::ml2::cisco::nexus1000v::poll_duration: {get_input: n1kv_vsm_poll_duration}
+ neutron::plugins::ml2::cisco::nexus1000v::http_pool_size: {get_input: n1kv_vsm_http_pool_size}
+ neutron::plugins::ml2::cisco::nexus1000v::http_timeout: {get_input: n1kv_vsm_http_timeout}
+ neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_sync_interval: {get_input: n1kv_vsm_sync_interval}
+ neutron::plugins::ml2::cisco::nexus1000v::max_vsm_retries: {get_input: n1kv_max_vsm_retries}
+
+ CiscoN1kvDeployment:
+ type: OS::Heat::StructuredDeployment
+ properties:
+ config: {get_resource: CiscoN1kvConfig}
+ server: {get_param: server}
+ input_values:
+ n1kv_vsm_ip: {get_param: N1000vVSMIP}
+ n1kv_vsm_domain_id: {get_param: N1000vVSMDomainID}
+ n1kv_vsm_ip_v6: {get_param: N1000vVSMIPV6}
+ n1kv_vem_host_mgmt_intf: {get_param: N1000vVEMHostMgmtIntf}
+ n1kv_vem_uplink_profile: {get_param: N1000vUplinkProfile}
+ n1kv_vem_vtep_config: {get_param: N1000vVtepConfig}
+ n1kv_vem_source: {get_param: N1000vVEMSource}
+ n1kv_vem_version: {get_param: N1000vVEMVersion}
+ n1kv_vem_portdb: {get_param: N1000vPortDB}
+ n1kv_vem_vteps_in_same_subnet: {get_param: N1000vVtepsInSameSub}
+ n1kv_vem_fastpath_flood: {get_param: N1000vVEMFastpathFlood}
+ n1kv_vsm_source: {get_param: N1000vVSMSource}
+ n1kv_vsm_version: {get_param: N1000vVSMVersion}
+ n1kv_vsm_host_mgmt_intf: {get_param: N1000vVSMHostMgmtIntf}
+ n1kv_vsm_role: {get_param: N1000vVSMRole}
+ n1kv_vsm_password: {get_param: N1000vVSMPassword}
+ n1kv_vsm_mgmt_netmask: {get_param: N1000vMgmtNetmask}
+ n1kv_vsm_gateway_ip: {get_param: N1000vMgmtGatewayIP}
+ n1kv_vsm_pacemaker_ctrl: {get_param: N1000vPacemakerControl}
+ n1kv_vsm_existing_br: {get_param: N1000vExistingBridge}
+ n1kv_vsm_username: {get_param: N1000vVSMUser}
+ n1kv_vsm_poll_duration: {get_param: N1000vPollDuration}
+ n1kv_vsm_http_pool_size: {get_param: N1000vHttpPoolSize}
+ n1kv_vsm_http_timeout: {get_param: N1000vHttpTimeout}
+ n1kv_vsm_sync_interval: {get_param: N1000vSyncInterval}
+ n1kv_max_vsm_retries: {get_param: N1000vMaxVSMRetries}
+
+outputs:
+ deploy_stdout:
+ description: Deployment reference, used to trigger puppet apply on changes
+ value: {get_attr: [CiscoN1kvDeployment, deploy_stdout]}
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index a66c1eaa..b659ed78 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -90,12 +90,11 @@ pacemaker::resource_defaults::defaults:
resource-stickiness: { value: INFINITY }
# horizon
-horizon::allowed_hosts: '*'
+horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
# mysql
mysql::server::manage_config_file: true
-mysql::server::remove_default_accounts: true
tripleo::loadbalancer::keystone_admin: true
diff --git a/puppet/hieradata/object.yaml b/puppet/hieradata/object.yaml
index 3a379035..d4a0e81d 100644
--- a/puppet/hieradata/object.yaml
+++ b/puppet/hieradata/object.yaml
@@ -1,4 +1,7 @@
# Hiera data for swift storage nodes
+swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
+swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r'
+
swift::storage::all::object_pipeline:
- healthcheck
- recon
@@ -15,4 +18,4 @@ swift::proxy::keystone::operator_roles:
- swiftoperator
- ResellerAdmin
-object_classes: [] \ No newline at end of file
+object_classes: []
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index fb5a3520..2150bab8 100644
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -43,8 +43,9 @@ nova_config {
'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver';
}
-$nova_enable_rbd_backend = hiera('nova::compute::rbd::ephemeral_storage', false)
-if $nova_enable_rbd_backend {
+$rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false)
+$rbd_persistent_storage = hiera('rbd_persistent_storage', false)
+if $rbd_ephemeral_storage or $rbd_persistent_storage {
include ::ceph::profile::client
$client_keys = hiera('ceph::profile::params::client_keys')
@@ -78,7 +79,16 @@ class { 'neutron::agents::ml2::ovs':
tunnel_types => split(hiera('neutron_tunnel_types'), ','),
}
+if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') {
+ class { 'neutron::agents::n1kv_vem':
+ n1kv_source => hiera('n1kv_vem_source', undef),
+ n1kv_version => hiera('n1kv_vem_version', undef),
+ }
+}
+
+
include ::ceilometer
+include ::ceilometer::config
include ::ceilometer::agent::compute
include ::ceilometer::agent::auth
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 36b91a7b..c3302362 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -84,7 +84,8 @@ if hiera('step') >= 2 {
'max_connections' => hiera('mysql_max_connections'),
'open_files_limit' => '-1',
},
- }
+ },
+ remove_default_accounts => true,
}
# FIXME: this should only occur on the bootstrap host (ditto for db syncs)
@@ -245,6 +246,20 @@ if hiera('step') >= 3 {
bridge_mappings => split(hiera('neutron_bridge_mappings'), ','),
tunnel_types => split(hiera('neutron_tunnel_types'), ','),
}
+ if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') {
+ include neutron::plugins::ml2::cisco::nexus1000v
+
+ class { 'neutron::agents::n1kv_vem':
+ n1kv_source => hiera('n1kv_vem_source', undef),
+ n1kv_version => hiera('n1kv_vem_version', undef),
+ }
+
+ class { 'n1k_vsm':
+ n1kv_source => hiera('n1kv_vsm_source', undef),
+ n1kv_version => hiera('n1kv_vsm_version', undef),
+ pacemaker_control => false,
+ }
+ }
if 'cisco_ucsm' in hiera('neutron_mechanism_drivers') {
include ::neutron::plugins::ml2::cisco::ucsm
@@ -417,6 +432,7 @@ if hiera('step') >= 3 {
}
}
include ::ceilometer
+ include ::ceilometer::config
include ::ceilometer::api
include ::ceilometer::agent::notification
include ::ceilometer::agent::central
@@ -439,10 +455,17 @@ if hiera('step') >= 3 {
include ::heat::engine
# Horizon
+ if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') {
+ $_profile_support = 'cisco'
+ } else {
+ $_profile_support = 'None'
+ }
+ $neutron_options = {'profile_support' => $_profile_support }
$vhost_params = { add_listen => false }
class { 'horizon':
cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'),
vhost_extra_params => $vhost_params,
+ neutron_options => $neutron_options,
}
$snmpd_user = hiera('snmpd_readonly_user_name')
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 0a0ce781..b8fa89f8 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -158,12 +158,13 @@ if hiera('step') >= 1 {
}
class { '::mysql::server':
- create_root_user => false,
- create_root_my_cnf => false,
- config_file => $mysql_config_file,
- override_options => $mysqld_options,
- service_manage => false,
- service_enabled => false,
+ create_root_user => false,
+ create_root_my_cnf => false,
+ config_file => $mysql_config_file,
+ override_options => $mysqld_options,
+ remove_default_accounts => $pacemaker_master,
+ service_manage => false,
+ service_enabled => false,
}
}
@@ -617,6 +618,19 @@ if hiera('step') >= 3 {
include ::neutron::plugins::ml2::cisco::nexus
include ::neutron::plugins::ml2::cisco::type_nexus_vxlan
}
+ if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') {
+ include neutron::plugins::ml2::cisco::nexus1000v
+
+ class { 'neutron::agents::n1kv_vem':
+ n1kv_source => hiera('n1kv_vem_source', undef),
+ n1kv_version => hiera('n1kv_vem_version', undef),
+ }
+
+ class { 'n1k_vsm':
+ n1kv_source => hiera('n1kv_vsm_source', undef),
+ n1kv_version => hiera('n1kv_vsm_version', undef),
+ }
+ }
if hiera('neutron_enable_bigswitch_ml2', false) {
include neutron::plugins::ml2::bigswitch::restproxy
@@ -801,6 +815,7 @@ if hiera('step') >= 3 {
}
}
include ::ceilometer
+ include ::ceilometer::config
class { '::ceilometer::api' :
manage_service => false,
enabled => false,
@@ -857,8 +872,17 @@ if hiera('step') >= 3 {
# httpd/apache and horizon
# NOTE(gfidente): server-status can be consumed by the pacemaker resource agent
- include ::apache
+ class { '::apache' :
+ service_enable => false,
+ # service_manage => false, # <-- not supported with horizon&apache mod_wsgi?
+ }
include ::apache::mod::status
+ if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') {
+ $_profile_support = 'cisco'
+ } else {
+ $_profile_support = 'None'
+ }
+ $neutron_options = {'profile_support' => $_profile_support }
$vhost_params = {
add_listen => false,
priority => 10,
@@ -867,6 +891,7 @@ if hiera('step') >= 3 {
cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'),
vhost_extra_params => $vhost_params,
server_aliases => $::hostname,
+ neutron_options => $neutron_options,
}
$snmpd_user = hiera('snmpd_readonly_user_name')
@@ -1048,24 +1073,8 @@ if hiera('step') >= 4 {
ocf_agent_name => "neutron:NetnsCleanup",
clone_params => "interleave=true",
}
- pacemaker::constraint::base { 'keystone-to-neutron-server-constraint':
- constraint_type => "order",
- first_resource => "${::keystone::params::service_name}-clone",
- second_resource => "${::neutron::params::server_service}-clone",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Service[$::keystone::params::service_name],
- Pacemaker::Resource::Service[$::neutron::params::server_service]],
- }
- pacemaker::constraint::base { 'neutron-server-to-neutron-ovs-cleanup-constraint':
- constraint_type => "order",
- first_resource => "${::neutron::params::server_service}-clone",
- second_resource => "${::neutron::params::ovs_cleanup_service}-clone",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Service[$::neutron::params::server_service],
- Pacemaker::Resource::Ocf["${::neutron::params::ovs_cleanup_service}"]],
- }
+
+ # neutron - one chain ovs-cleanup-->netns-cleanup-->ovs-agent
pacemaker::constraint::base { 'neutron-ovs-cleanup-to-netns-cleanup-constraint':
constraint_type => "order",
first_resource => "${::neutron::params::ovs_cleanup_service}-clone",
@@ -1098,6 +1107,26 @@ if hiera('step') >= 4 {
require => [Pacemaker::Resource::Ocf["neutron-netns-cleanup"],
Pacemaker::Resource::Service["${::neutron::params::ovs_agent_service}"]],
}
+
+ #another chain keystone-->neutron-server-->ovs-agent-->dhcp-->l3
+ pacemaker::constraint::base { 'keystone-to-neutron-server-constraint':
+ constraint_type => "order",
+ first_resource => "${::keystone::params::service_name}-clone",
+ second_resource => "${::neutron::params::server_service}-clone",
+ first_action => "start",
+ second_action => "start",
+ require => [Pacemaker::Resource::Service[$::keystone::params::service_name],
+ Pacemaker::Resource::Service[$::neutron::params::server_service]],
+ }
+ pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint':
+ constraint_type => "order",
+ first_resource => "${::neutron::params::server_service}-clone",
+ second_resource => "${::neutron::params::ovs_agent_service}-clone",
+ first_action => "start",
+ second_action => "start",
+ require => [Pacemaker::Resource::Service[$::neutron::params::server_service],
+ Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
+ }
pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint':
constraint_type => "order",
first_resource => "${::neutron::params::ovs_agent_service}-clone",
@@ -1482,6 +1511,30 @@ if hiera('step') >= 4 {
clone_params => "interleave=true",
}
+ #VSM
+ if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') {
+ pacemaker::resource::ocf { 'vsm-p' :
+ ocf_agent_name => 'heartbeat:VirtualDomain',
+ resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_primary_deploy.xml',
+ require => Class['n1k_vsm'],
+ meta_params => 'resource-stickiness=INFINITY',
+ }
+ if str2bool(hiera('n1k_vsm::pacemaker_control', 'true')) {
+ pacemaker::resource::ocf { 'vsm-s' :
+ ocf_agent_name => 'heartbeat:VirtualDomain',
+ resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_secondary_deploy.xml',
+ require => Class['n1k_vsm'],
+ meta_params => 'resource-stickiness=INFINITY',
+ }
+ pacemaker::constraint::colocation { 'vsm-colocation-contraint':
+ source => "vsm-p",
+ target => "vsm-s",
+ score => "-INFINITY",
+ require => [Pacemaker::Resource::Ocf['vsm-p'],
+ Pacemaker::Resource::Ocf['vsm-s']],
+ }
+ }
+ }
}
diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml
index ee50c86a..d22f5386 100644
--- a/puppet/swift-storage-post.yaml
+++ b/puppet/swift-storage-post.yaml
@@ -2,6 +2,10 @@ heat_template_version: 2015-04-30
description: 'OpenStack swift storage node post deployment for Puppet'
parameters:
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
servers:
type: json
NodeConfigIdentifiers:
@@ -15,6 +19,8 @@ resources:
type: OS::Heat::SoftwareConfig
properties:
group: puppet
+ options:
+ enable_debug: {get_param: ConfigDebug}
outputs:
- name: result
config:
@@ -32,6 +38,8 @@ resources:
type: OS::Heat::SoftwareConfig
properties:
group: puppet
+ options:
+ enable_debug: {get_param: ConfigDebug}
outputs:
- name: result
config:
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index f6623be6..22ec6096 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -216,6 +216,14 @@ resources:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
+ # Hook for site-specific additional pre-deployment config,
+ # applying to all nodes, e.g node registration/unregistration
+ NodeExtraConfig:
+ depends_on: SwiftStorageHieraDeploy
+ type: OS::TripleO::NodeExtraConfig
+ properties:
+ server: {get_resource: SwiftStorage}
+
UpdateConfig:
type: OS::TripleO::Tasks::PackageUpdate