summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/all-nodes-config.yaml10
-rw-r--r--puppet/ceph-cluster-config.yaml17
-rw-r--r--puppet/ceph-storage.yaml25
-rw-r--r--puppet/cinder-storage.yaml25
-rw-r--r--puppet/compute.yaml25
-rw-r--r--puppet/controller.yaml299
-rw-r--r--puppet/extraconfig/ceph/ceph-external-config.yaml14
-rw-r--r--puppet/extraconfig/tls/tls-cert-inject.yaml8
-rw-r--r--puppet/hieradata/common.yaml3
-rw-r--r--puppet/hieradata/controller.yaml17
-rw-r--r--puppet/hieradata/database.yaml8
-rw-r--r--puppet/manifests/overcloud_controller.pp87
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp444
-rw-r--r--puppet/services/glance-api.yaml98
-rw-r--r--puppet/services/glance-registry.yaml48
-rw-r--r--puppet/services/keystone.yaml135
-rw-r--r--puppet/services/pacemaker/glance-api.yaml60
-rw-r--r--puppet/services/pacemaker/glance-registry.yaml33
-rw-r--r--puppet/services/pacemaker/keystone.yaml34
-rw-r--r--puppet/swift-storage.yaml25
-rw-r--r--puppet/vip-config.yaml1
21 files changed, 764 insertions, 652 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index ad10a8fc..b065ddd2 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -44,6 +44,8 @@ parameters:
type: comma_delimited_list
glance_registry_node_ips:
type: comma_delimited_list
+ gnocchi_api_node_ips:
+ type: comma_delimited_list
cinder_api_node_ips:
type: comma_delimited_list
neutron_api_node_ips:
@@ -203,6 +205,14 @@ resources:
list_join:
- "','"
- {get_param: aodh_api_node_ips}
+ gnocchi_api_node_ips:
+ str_replace:
+ template: "['SERVERS_LIST']"
+ params:
+ SERVERS_LIST:
+ list_join:
+ - "','"
+ - {get_param: gnocchi_api_node_ips}
nova_api_node_ips:
str_replace:
template: "['SERVERS_LIST']"
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml
index dc2f98ed..fd161886 100644
--- a/puppet/ceph-cluster-config.yaml
+++ b/puppet/ceph-cluster-config.yaml
@@ -36,6 +36,9 @@ parameters:
GlanceRbdPoolName:
default: images
type: string
+ GnocchiRbdPoolName:
+ default: metrics
+ type: string
CephClientUserName:
default: openstack
type: string
@@ -91,21 +94,25 @@ resources:
cap_mon: 'allow profile bootstrap-osd'
},
client.CLIENT_USER: {
- secret: 'ADMIN_KEY',
+ secret: 'CLIENT_KEY',
mode: '0644',
cap_mon: 'allow r',
- cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL'
+ cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
}
}"
params:
CLIENT_USER: {get_param: CephClientUserName}
+ CLIENT_KEY: {get_param: ceph_client_key}
ADMIN_KEY: {get_param: ceph_admin_key}
NOVA_POOL: {get_param: NovaRbdPoolName}
CINDER_POOL: {get_param: CinderRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
+ GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
+ gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName}
+ gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
nova::compute::rbd::rbd_keyring:
@@ -113,11 +120,17 @@ resources:
- '.'
- - 'client'
- {get_param: CephClientUserName}
+ gnocchi::storage::ceph::ceph_keyring:
+ list_join:
+ - '.'
+ - - 'client'
+ - {get_param: CephClientUserName}
ceph_client_user_name: {get_param: CephClientUserName}
ceph_pools:
- {get_param: CinderRbdPoolName}
- {get_param: NovaRbdPoolName}
- {get_param: GlanceRbdPoolName}
+ - {get_param: GnocchiRbdPoolName}
outputs:
config_id:
diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml
index d2988926..f0eb71e4 100644
--- a/puppet/ceph-storage.yaml
+++ b/puppet/ceph-storage.yaml
@@ -256,6 +256,7 @@ resources:
- ceph
- '"%{::osfamily}"'
- common
+ merge_behavior: deeper
datafiles:
common:
raw_data: {get_file: hieradata/common.yaml}
@@ -313,12 +314,12 @@ outputs:
str_replace:
template: |
PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST
- STORAGEIP STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST
- TENANTIP TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST
+ EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
+ INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
+ STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
+ STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
+ TENANTIP TENANTHOST.DOMAIN TENANTHOST
+ MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -326,37 +327,37 @@ outputs:
EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
EXTERNALHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [CephStorage, name]}
- external
INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
INTERNAL_APIHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [CephStorage, name]}
- internalapi
STORAGEIP: {get_attr: [StoragePort, ip_address]}
STORAGEHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [CephStorage, name]}
- storage
STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
STORAGE_MGMTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [CephStorage, name]}
- storagemgmt
TENANTIP: {get_attr: [TenantPort, ip_address]}
TENANTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [CephStorage, name]}
- tenant
MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
MANAGEMENTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [CephStorage, name]}
- management
nova_server_resource:
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index b5694802..c1a04e24 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -316,6 +316,7 @@ resources:
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- common
+ merge_behavior: deeper
datafiles:
common:
raw_data: {get_file: hieradata/common.yaml}
@@ -379,12 +380,12 @@ outputs:
str_replace:
template: |
PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST
- STORAGEIP STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST
- TENANTIP TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST
+ EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
+ INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
+ STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
+ STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
+ TENANTIP TENANTHOST.DOMAIN TENANTHOST
+ MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -392,37 +393,37 @@ outputs:
EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
EXTERNALHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [BlockStorage, name]}
- external
INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
INTERNAL_APIHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [BlockStorage, name]}
- internalapi
STORAGEIP: {get_attr: [StoragePort, ip_address]}
STORAGEHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [BlockStorage, name]}
- storage
STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
STORAGE_MGMTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [BlockStorage, name]}
- storagemgmt
TENANTIP: {get_attr: [TenantPort, ip_address]}
TENANTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [BlockStorage, name]}
- tenant
MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
MANAGEMENTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [BlockStorage, name]}
- management
nova_server_resource:
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index f5c848c8..4c18067a 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -486,6 +486,7 @@ resources:
- nova_nuage_data # Optionally provided by ComputeExtraConfigPre
- midonet_data # Optionally provided by AllNodesExtraConfig
- neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre
+ merge_behavior: deeper
datafiles:
compute_extraconfig:
mapped_data: {get_param: NovaComputeExtraConfig}
@@ -760,12 +761,12 @@ outputs:
str_replace:
template: |
PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST
- STORAGEIP STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST
- TENANTIP TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST
+ EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
+ INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
+ STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
+ STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
+ TENANTIP TENANTHOST.DOMAIN TENANTHOST
+ MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -773,37 +774,37 @@ outputs:
EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
EXTERNALHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [NovaCompute, name]}
- external
INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
INTERNAL_APIHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [NovaCompute, name]}
- internalapi
STORAGEIP: {get_attr: [StoragePort, ip_address]}
STORAGEHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [NovaCompute, name]}
- storage
STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
STORAGE_MGMTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [NovaCompute, name]}
- storagemgmt
TENANTIP: {get_attr: [TenantPort, ip_address]}
TENANTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [NovaCompute, name]}
- tenant
MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
MANAGEMENTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [NovaCompute, name]}
- management
nova_server_resource:
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index d966700f..bf196d24 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -1,22 +1,13 @@
-heat_template_version: 2015-10-15
+heat_template_version: 2016-04-08
description: >
OpenStack controller node configured by Puppet.
parameters:
- AdminEmail:
- default: 'admin@example.com'
- description: The email for the keystone admin account.
- type: string
- hidden: true
AdminPassword:
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
hidden: true
- AdminToken:
- description: The keystone auth secret and db password.
- type: string
- hidden: true
AodhApiVirtualIP:
type: string
default: ''
@@ -43,6 +34,12 @@ parameters:
default: false
description: Whether to store events in ceilometer.
type: boolean
+ CeilometerMeterDispatcher:
+ default: 'database'
+ description: Dispatcher to process meter data
+ type: string
+ constraints:
+ - allowed_values: ['gnocchi', 'database']
CinderApiVirtualIP:
type: string
default: ''
@@ -100,6 +97,11 @@ parameters:
default: 0
description: Number of workers for Cinder service.
type: number
+ controllerExtraConfig:
+ default: {}
+ description: |
+ Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
+ type: json
ControllerExtraConfig:
default: {}
description: |
@@ -189,49 +191,24 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- GlanceNotifierStrategy:
- description: Strategy to use for Glance notification queue
- type: string
- default: noop
- GlanceLogFile:
- description: The filepath of the file to use for logging messages from Glance.
- type: string
- default: ''
- GlancePassword:
- description: The password for the glance service and db account, used by the glance services.
- type: string
- hidden: true
- GlanceBackend:
- default: swift
- description: The short name of the Glance backend to use. Should be one
+ GnocchiBackend:
+ default: file
+ description: The short name of the Gnocchi backend to use. Should be one
of swift, rbd, or file
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd']
- GlanceFilePcmkDevice:
- default: ''
- description: >
- An exported storage device that should be mounted by Pacemaker
- as Glance storage. Effective when GlanceFilePcmkManage is true.
+ GnocchiIndexerBackend:
+ default: 'mysql'
+ description: The short name of the Gnocchi indexer backend to use.
type: string
- GlanceFilePcmkFstype:
- default: 'nfs'
- description: >
- Filesystem type for Pacemaker mount used as Glance storage.
- Effective when GlanceFilePcmkManage is true.
+ GnocchiApiVirtualIP:
type: string
- GlanceFilePcmkManage:
- default: false
- description: >
- Whether to make Glance file backend a mount managed by Pacemaker.
- Effective when GlanceBackend is 'file'.
- type: boolean
- GlanceFilePcmkOptions:
default: ''
- description: >
- Mount options for Pacemaker mount used as Glance storage.
- Effective when GlanceFilePcmkManage is true.
+ GnocchiPassword:
+ description: The password for the gnocchi service and db account.
type: string
+ hidden: true
HAProxyStatsPassword:
description: Password for HAProxy stats endpoint
type: string
@@ -243,10 +220,6 @@ parameters:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
- GlanceWorkers:
- default: 0
- description: Number of workers for Glance service.
- type: number
HeatPassword:
description: The password for the Heat service and db account, used by the Heat services.
type: string
@@ -295,43 +268,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.keypair
- KeystoneCACertificate:
- default: ''
- description: Keystone self-signed certificate authority certificate.
- type: string
- KeystoneEnableDBPurge:
- default: true
- description: |
- Whether to create cron job for purging soft deleted rows in Keystone database.
- type: boolean
- KeystoneSigningCertificate:
- default: ''
- description: Keystone certificate for verifying token validity.
- type: string
- KeystoneSigningKey:
- default: ''
- description: Keystone key for signing tokens.
- type: string
- hidden: true
- KeystoneSSLCertificate:
- default: ''
- description: Keystone certificate for verifying token validity.
- type: string
- KeystoneSSLCertificateKey:
- default: ''
- description: Keystone key for signing tokens.
- type: string
- hidden: true
- KeystoneNotificationDriver:
- description: Comma-separated list of Oslo notification drivers used by Keystone
- default: ['messaging']
- type: comma_delimited_list
- KeystoneNotificationFormat:
- description: The Keystone notification format
- default: 'basic'
- type: string
- constraints:
- - allowed_values: [ 'basic', 'cadf' ]
KeystoneRegion:
type: string
default: 'regionOne'
@@ -348,10 +284,6 @@ parameters:
default: false
description: Whether IPtables rules should be purged before setting up the new ones.
type: boolean
- KeystoneWorkers:
- default: 0
- description: Number of workers for Keystone service.
- type: number
SaharaApiVirtualIP:
type: string
default: ''
@@ -711,24 +643,12 @@ parameters:
HeatApiVirtualIPUri:
type: string
default: ''
- GlanceApiVirtualIP:
- type: string
- default: ''
- GlanceRegistryVirtualIP:
- type: string
- default: ''
MysqlVirtualIP:
type: string
default: ''
MysqlVirtualIPUri:
type: string
default: ''
- KeystoneAdminApiVirtualIP:
- type: string
- default: ''
- KeystonePublicApiVirtualIP:
- type: string
- default: ''
NeutronApiVirtualIP:
type: string
default: ''
@@ -794,6 +714,12 @@ parameters:
type: json
default: {}
+parameter_groups:
+- label: deprecated
+ description: Do not use deprecated params, they will be removed.
+ parameters:
+ - controllerExtraConfig
+
resources:
Controller:
@@ -954,9 +880,7 @@ resources:
bootstack_nodeid: {get_attr: [Controller, name]}
ceilometer_workers: {get_param: CeilometerWorkers}
cinder_workers: {get_param: CinderWorkers}
- glance_workers: {get_param: GlanceWorkers}
heat_workers: {get_param: HeatWorkers}
- keystone_workers: {get_param: KeystoneWorkers}
nova_workers: {get_param: NovaWorkers}
neutron_workers: {get_param: NeutronWorkers}
swift_workers: {get_param: SwiftWorkers}
@@ -988,9 +912,7 @@ resources:
heat_enable_db_purge: {get_param: HeatEnableDBPurge}
horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
horizon_secret: {get_param: HorizonSecret}
- admin_email: {get_param: AdminEmail}
admin_password: {get_param: AdminPassword}
- admin_token: {get_param: AdminToken}
neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
debug: {get_param: Debug}
cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
@@ -1015,23 +937,6 @@ resources:
- '@'
- {get_param: MysqlVirtualIPUri}
- '/cinder'
- glance_port: {get_param: [EndpointMap, GlanceInternal, port]}
- glance_password: {get_param: GlancePassword}
- glance_backend: {get_param: GlanceBackend}
- glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
- glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
- glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
- glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
- glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
- glance_log_file: {get_param: GlanceLogFile}
- glance_dsn:
- list_join:
- - ''
- - - 'mysql+pymysql://glance:'
- - {get_param: GlancePassword}
- - '@'
- - {get_param: MysqlVirtualIPUri}
- - '/glance'
heat_password: {get_param: HeatPassword}
heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
heat_dsn:
@@ -1042,26 +947,8 @@ resources:
- '@'
- {get_param: MysqlVirtualIPUri}
- '/heat'
- keystone_ca_certificate: {get_param: KeystoneCACertificate}
- keystone_signing_key: {get_param: KeystoneSigningKey}
- keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
- keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
- keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
- keystone_notification_driver: {get_param: KeystoneNotificationDriver}
- keystone_notification_format: {get_param: KeystoneNotificationFormat}
- keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
- keystone_dsn:
- list_join:
- - ''
- - - 'mysql+pymysql://keystone:'
- - {get_param: AdminToken}
- - '@'
- - {get_param: MysqlVirtualIPUri}
- - '/keystone'
keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
- keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
enable_fencing: {get_param: EnableFencing}
enable_galera: {get_param: EnableGalera}
@@ -1175,6 +1062,10 @@ resources:
ceilometer_password: {get_param: CeilometerPassword}
ceilometer_store_events: {get_param: CeilometerStoreEvents}
aodh_password: {get_param: AodhPassword}
+ ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher}
+ gnocchi_password: {get_param: GnocchiPassword}
+ gnocchi_backend: {get_param: GnocchiBackend}
+ gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend}
ceilometer_coordination_url:
list_join:
- ''
@@ -1191,6 +1082,15 @@ resources:
- '@'
- {get_param: MysqlVirtualIPUri}
- '/ceilometer'
+ gnocchi_dsn:
+ list_join:
+ - ''
+ - - 'mysql+pymysql://gnocchi:'
+ - {get_param: GnocchiPassword}
+ - '@'
+ - {get_param: MysqlVirtualIPUri}
+ - '/gnocchi'
+ gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
@@ -1260,7 +1160,6 @@ resources:
glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
- glance_registry_host: {get_param: GlanceRegistryVirtualIP}
heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
@@ -1270,9 +1169,15 @@ resources:
neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
+ gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
+ horizon_subnet:
+ str_replace:
+ template: "['SUBNET']"
+ params:
+ SUBNET: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
redis_password: {get_param: RedisPassword}
@@ -1319,11 +1224,15 @@ resources:
- midonet_data #Optionally provided by AllNodesExtraConfig
- neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre
- neutron_plumgrid_data # Optionally provided by ControllerExtraConfigPre
+ merge_behavior: deeper
datafiles:
service_configs:
mapped_data: {get_param: ServiceConfigSettings}
controller_extraconfig:
- mapped_data: {get_param: ControllerExtraConfig}
+ mapped_data:
+ map_merge:
+ - {get_param: controllerExtraConfig}
+ - {get_param: ControllerExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
common:
@@ -1389,38 +1298,8 @@ resources:
cinder::db::mysql::password: {get_input: cinder_password}
# Glance
- glance::api::bind_port: {get_input: glance_port}
glance::api::bind_host: {get_input: glance_api_network}
- glance::api::auth_uri: {get_input: keystone_auth_uri}
- glance::api::identity_uri: {get_input: keystone_identity_uri}
- glance::api::registry_host: {get_input: glance_registry_host}
- glance::api::keystone_password: {get_input: glance_password}
- glance::api::debug: {get_input: debug}
- glance::api::workers: {get_input: glance_workers}
- glance_notifier_strategy: {get_input: glance_notifier_strategy}
- glance_log_file: {get_input: glance_log_file}
- glance_log_file: {get_input: glance_log_file}
- glance::api::database_connection: {get_input: glance_dsn}
- glance::registry::keystone_password: {get_input: glance_password}
- glance::registry::database_connection: {get_input: glance_dsn}
glance::registry::bind_host: {get_input: glance_registry_network}
- glance::registry::auth_uri: {get_input: keystone_auth_uri}
- glance::registry::identity_uri: {get_input: keystone_identity_uri}
- glance::registry::debug: {get_input: debug}
- glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri}
- glance::registry::workers: {get_input: glance_workers}
- glance::backend::swift::swift_store_user: service:glance
- glance::backend::swift::swift_store_key: {get_input: glance_password}
- glance_backend: {get_input: glance_backend}
- glance::db::mysql::password: {get_input: glance_password}
- glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
- glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
- glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
- glance_file_pcmk_options: {get_input: glance_file_pcmk_options}
- glance::notify::rabbitmq::rabbit_userid: {get_input: rabbit_username}
- glance::notify::rabbitmq::rabbit_password: {get_input: rabbit_password}
- glance::notify::rabbitmq::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
-
# Heat
heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url}
@@ -1441,43 +1320,17 @@ resources:
heat::api_cloudwatch::workers: {get_input: heat_workers}
heat::api_cfn::bind_host: {get_input: heat_api_network}
heat::api_cfn::workers: {get_input: heat_workers}
+ heat::engine::num_engine_workers: {get_input: heat_workers}
heat::database_connection: {get_input: heat_dsn}
heat::debug: {get_input: debug}
heat::db::mysql::password: {get_input: heat_password}
heat_enable_db_purge: {get_input: heat_enable_db_purge}
heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password}
-
# Keystone
- keystone::admin_token: {get_input: admin_token}
- keystone::roles::admin::password: {get_input: admin_password}
- keystone_ca_certificate: {get_input: keystone_ca_certificate}
- keystone_signing_key: {get_input: keystone_signing_key}
- keystone_signing_certificate: {get_input: keystone_signing_certificate}
- keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
- keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
- keystone::database_connection: {get_input: keystone_dsn}
keystone::admin_bind_host: {get_input: keystone_admin_api_network}
keystone::public_bind_host: {get_input: keystone_public_api_network}
keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
- keystone::debug: {get_input: debug}
- keystone::db::mysql::password: {get_input: admin_token}
- keystone::rabbit_userid: {get_input: rabbit_username}
- keystone::rabbit_password: {get_input: rabbit_password}
- keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- keystone::rabbit_port: {get_input: rabbit_client_port}
- keystone::notification_driver: {get_input: keystone_notification_driver}
- keystone::notification_format: {get_input: keystone_notification_format}
- keystone::roles::admin::email: {get_input: admin_email}
- keystone::roles::admin::password: {get_input: admin_password}
- keystone::endpoint::public_url: {get_input: keystone_public_url}
- keystone::endpoint::internal_url: {get_input: keystone_internal_url}
- keystone::endpoint::admin_url: {get_input: keystone_identity_uri}
- keystone::endpoint::region: {get_input: keystone_region}
- keystone::admin_workers: {get_input: keystone_workers}
- keystone::public_workers: {get_input: keystone_workers}
- keystone_enable_db_purge: {get_input: keystone_enable_db_purge}
- keystone::public_endpoint: {get_input: keystone_public_url}
# MongoDB
mongodb::server::bind_ip: {get_input: mongo_db_network}
mongodb::server::nojournal: {get_input: mongodb_no_journal}
@@ -1575,6 +1428,11 @@ resources:
ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events}
ceilometer::db::mysql::password: {get_input: ceilometer_password}
+ ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher}
+ ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url }
+ ceilometer::dispatcher::gnocchi::filter_project: 'service'
+ ceilometer::dispatcher::gnocchi::archive_policy: 'low'
+ ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
@@ -1596,6 +1454,22 @@ resources:
# for a migration path from ceilometer-alarm to aodh, we use the same database & coordination
aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url}
+ # Gnocchi
+ gnocchi_backend: {get_input: gnocchi_backend}
+ gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend}
+ gnocchi_mysql_conn_string: {get_input: gnocchi_dsn}
+ gnocchi::debug: {get_input: debug}
+ gnocchi::wsgi::apache::ssl: false
+ gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
+ gnocchi::api::service_name: 'httpd'
+ gnocchi::api::host: {get_input: gnocchi_api_network}
+ gnocchi::api::keystone_password: {get_input: gnocchi_password}
+ gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri}
+ gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri}
+ gnocchi::db::mysql::password: {get_input: gnocchi_password}
+ gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
+ gnocchi::storage::swift::swift_key: {get_input: gnocchi_password}
+
# Nova
nova::rabbit_userid: {get_input: rabbit_username}
nova::rabbit_password: {get_input: rabbit_password}
@@ -1627,6 +1501,7 @@ resources:
nova_enable_db_purge: {get_input: nova_enable_db_purge}
# Horizon
+ apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
apache::ip: {get_input: horizon_network}
horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
horizon::django_debug: {get_input: debug}
@@ -1758,12 +1633,12 @@ outputs:
str_replace:
template: |
PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST
- STORAGEIP STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST
- TENANTIP TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST
+ EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
+ INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
+ STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
+ STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
+ TENANTIP TENANTHOST.DOMAIN TENANTHOST
+ MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -1771,37 +1646,37 @@ outputs:
EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
EXTERNALHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [Controller, name]}
- external
INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
INTERNAL_APIHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [Controller, name]}
- internalapi
STORAGEIP: {get_attr: [StoragePort, ip_address]}
STORAGEHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [Controller, name]}
- storage
STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
STORAGE_MGMTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [Controller, name]}
- storagemgmt
TENANTIP: {get_attr: [TenantPort, ip_address]}
TENANTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [Controller, name]}
- tenant
MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
MANAGEMENTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [Controller, name]}
- management
nova_server_resource:
diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml
index 312d49a0..5942088c 100644
--- a/puppet/extraconfig/ceph/ceph-external-config.yaml
+++ b/puppet/extraconfig/ceph/ceph-external-config.yaml
@@ -38,6 +38,9 @@ parameters:
GlanceRbdPoolName:
default: images
type: string
+ GnocchiRbdPoolName:
+ default: metrics
+ type: string
CephClientUserName:
default: openstack
type: string
@@ -68,7 +71,7 @@ resources:
secret: 'CLIENT_KEY',
mode: '0644',
cap_mon: 'allow r',
- cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL'
+ cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
}
}"
params:
@@ -77,10 +80,13 @@ resources:
NOVA_POOL: {get_param: NovaRbdPoolName}
CINDER_POOL: {get_param: CinderRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
+ GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6}
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
+ gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName}
+ gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
nova::compute::rbd::rbd_keyring:
@@ -88,11 +94,17 @@ resources:
- '.'
- - 'client'
- {get_param: CephClientUserName}
+ gnocchi::storage::ceph::ceph_keyring:
+ list_join:
+ - '.'
+ - - 'client'
+ - {get_param: CephClientUserName}
ceph_client_user_name: {get_param: CephClientUserName}
ceph_pools:
- {get_param: CinderRbdPoolName}
- {get_param: NovaRbdPoolName}
- {get_param: GlanceRbdPoolName}
+ - {get_param: GnocchiRbdPoolName}
outputs:
config_id:
diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml
index 77b11378..e281ef51 100644
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@@ -63,6 +63,14 @@ resources:
openssl rsa -noout -modulus -in ${cert_path} \
| openssl md5 | cut -c 10- \
> ${heat_outputs_path}.key_modulus
+ # We need to reload haproxy in case the certificate changed because
+ # puppet doesn't know the contents of the cert file. The pacemaker
+ # case is handled separately in a pacemaker-specific resource.
+ pacemaker_status=$(systemctl is-active pacemaker)
+ haproxy_status=$(systemctl is-active haproxy)
+ if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then
+ systemctl reload haproxy
+ fi
ControllerTLSDeployment:
type: OS::Heat::SoftwareDeployment
diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml
index 46471c3b..34965959 100644
--- a/puppet/hieradata/common.yaml
+++ b/puppet/hieradata/common.yaml
@@ -8,6 +8,9 @@ ceilometer::agent::auth::auth_tenant_name: 'service'
aodh::auth::auth_region: 'regionOne'
aodh::auth::auth_tenant_name: 'service'
+gnocchi::auth::auth_region: 'regionOne'
+gnocchi::auth::auth_tenant_name: 'service'
+
nova::api::admin_tenant_name: 'service'
nova::network::neutron::neutron_project_name: 'service'
nova::network::neutron::neutron_username: 'neutron'
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 8766263a..9316cf17 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -6,6 +6,16 @@ nova::consoleauth::enabled: true
nova::vncproxy::enabled: true
nova::scheduler::enabled: true
+# gnocchi
+gnocchi::db::sync::extra_opts: '--skip-storage'
+gnocchi::storage::swift::swift_user: 'service:gnocchi'
+gnocchi::storage::swift::swift_auth_version: 2
+gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26'
+gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3'
+gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
+gnocchi::statsd::flush_delay: 10
+gnocchi::statsd::archive_policy_name: 'low'
+
# rabbitmq
rabbitmq::delete_guest_user: false
rabbitmq::wipe_db_on_cookie_change: true
@@ -44,6 +54,7 @@ neutron::agents::dhcp::dhcp_delete_namespaces: True
cinder::api::keystone_tenant: 'service'
swift::proxy::authtoken::admin_tenant_name: 'service'
ceilometer::api::keystone_tenant: 'service'
+gnocchi::api::keystone_tenant: 'service'
heat::keystone_tenant: 'service'
sahara::admin_tenant_name: 'service'
@@ -130,6 +141,7 @@ horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
horizon::vhost_extra_params:
add_listen: false
priority: 10
+ access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
# mysql
mysql::server::manage_config_file: true
@@ -151,6 +163,7 @@ tripleo::loadbalancer::sahara: true
tripleo::loadbalancer::swift_proxy_server: true
tripleo::loadbalancer::ceilometer: true
tripleo::loadbalancer::aodh: true
+tripleo::loadbalancer::gnocchi: true
tripleo::loadbalancer::heat_api: true
tripleo::loadbalancer::heat_cloudwatch: true
tripleo::loadbalancer::heat_cfn: true
@@ -267,3 +280,7 @@ tripleo::firewall::firewall_rules:
port:
- 8042
- 13042
+ '129 gnocchi-api':
+ port:
+ - 8041
+ - 13041
diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml
index 61714691..4eb199c8 100644
--- a/puppet/hieradata/database.yaml
+++ b/puppet/hieradata/database.yaml
@@ -61,6 +61,14 @@ ceilometer::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+# Gnocchi
+gnocchi::db::mysql::user: gnocchi
+gnocchi::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
+gnocchi::db::mysql::dbname: gnocchi
+gnocchi::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+
sahara::db::mysql::user: sahara
sahara::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
sahara::db::mysql::dbname: sahara
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index c6667ae6..910617fa 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -121,6 +121,9 @@ if hiera('step') >= 2 {
include ::cinder::db::mysql
include ::heat::db::mysql
include ::sahara::db::mysql
+ if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' {
+ include ::gnocchi::db::mysql
+ }
if downcase(hiera('ceilometer_backend')) == 'mysql' {
include ::ceilometer::db::mysql
include ::aodh::db::mysql
@@ -212,62 +215,6 @@ if hiera('step') >= 2 {
if hiera('step') >= 4 {
- include ::keystone
- include ::keystone::config
- include ::keystone::roles::admin
- include ::keystone::endpoint
- include ::keystone::wsgi::apache
-
- #TODO: need a cleanup-keystone-tokens.sh solution here
-
- file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]:
- ensure => 'directory',
- owner => 'keystone',
- group => 'keystone',
- require => Package['keystone'],
- }
- file { '/etc/keystone/ssl/certs/signing_cert.pem':
- content => hiera('keystone_signing_certificate'),
- owner => 'keystone',
- group => 'keystone',
- notify => Service['keystone'],
- require => File['/etc/keystone/ssl/certs'],
- }
- file { '/etc/keystone/ssl/private/signing_key.pem':
- content => hiera('keystone_signing_key'),
- owner => 'keystone',
- group => 'keystone',
- notify => Service['keystone'],
- require => File['/etc/keystone/ssl/private'],
- }
- file { '/etc/keystone/ssl/certs/ca.pem':
- content => hiera('keystone_ca_certificate'),
- owner => 'keystone',
- group => 'keystone',
- notify => Service['keystone'],
- require => File['/etc/keystone/ssl/certs'],
- }
-
- $glance_backend = downcase(hiera('glance_backend', 'swift'))
- case $glance_backend {
- 'swift': { $backend_store = 'glance.store.swift.Store' }
- 'file': { $backend_store = 'glance.store.filesystem.Store' }
- 'rbd': { $backend_store = 'glance.store.rbd.Store' }
- default: { fail('Unrecognized glance_backend parameter.') }
- }
- $http_store = ['glance.store.http.Store']
- $glance_store = concat($http_store, $backend_store)
-
- # TODO: scrubber and other additional optional features
- include ::glance
- include ::glance::config
- class { '::glance::api':
- known_stores => $glance_store,
- }
- include ::glance::registry
- include ::glance::notify::rabbitmq
- include join(['::glance::backend::', $glance_backend])
-
$nova_ipv6 = hiera('nova::use_ipv6', false)
if $nova_ipv6 {
$memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211')
@@ -468,6 +415,7 @@ if hiera('step') >= 4 {
$cinder_rbd_backend = 'tripleo_ceph'
cinder::backend::rbd { $cinder_rbd_backend :
+ backend_host => hiera('cinder::host'),
rbd_pool => hiera('cinder_rbd_pool_name'),
rbd_user => hiera('ceph_client_user_name'),
rbd_secret_uuid => hiera('ceph::profile::params::fsid'),
@@ -613,6 +561,7 @@ if hiera('step') >= 4 {
include ::ceilometer::expirer
include ::ceilometer::collector
include ::ceilometer::agent::auth
+ include ::ceilometer::dispatcher::gnocchi
class { '::ceilometer::db' :
database_connection => $ceilometer_database_connection,
}
@@ -650,6 +599,7 @@ if hiera('step') >= 4 {
include ::sahara::service::engine
# Horizon
+ include ::apache::mod::remoteip
if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
$_profile_support = 'cisco'
} else {
@@ -669,6 +619,26 @@ if hiera('step') >= 4 {
neutron_options => $neutron_options,
}
+ # Gnocchi
+ $gnocchi_database_connection = hiera('gnocchi_mysql_conn_string')
+ class { '::gnocchi':
+ database_connection => $gnocchi_database_connection,
+ }
+ include ::gnocchi::api
+ include ::gnocchi::wsgi::apache
+ include ::gnocchi::client
+ include ::gnocchi::db::sync
+ include ::gnocchi::storage
+ include ::gnocchi::metricd
+ include ::gnocchi::statsd
+ $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift'))
+ case $gnocchi_backend {
+ 'swift': { include ::gnocchi::storage::swift }
+ 'file': { include ::gnocchi::storage::file }
+ 'rbd': { include ::gnocchi::storage::ceph }
+ default: { fail('Unrecognized gnocchi_backend parameter.') }
+ }
+
$snmpd_user = hiera('snmpd_readonly_user_name')
snmp::snmpv3_user { $snmpd_user:
authtype => 'MD5',
@@ -684,14 +654,10 @@ if hiera('step') >= 4 {
} #END STEP 4
if hiera('step') >= 5 {
- $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true)
$nova_enable_db_purge = hiera('nova_enable_db_purge', true)
$cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
$heat_enable_db_purge = hiera('heat_enable_db_purge', true)
- if $keystone_enable_db_purge {
- include ::keystone::cron::token_flush
- }
if $nova_enable_db_purge {
include ::nova::cron::archive_deleted_rows
}
@@ -703,7 +669,6 @@ if hiera('step') >= 5 {
}
if downcase(hiera('bootstrap_nodeid')) == $::hostname {
- include ::keystone::roles::admin
# Class ::heat::keystone::domain has to run on bootstrap node
# because it creates DB entities via API calls.
include ::heat::keystone::domain
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 54176231..0372a56b 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -24,6 +24,7 @@ Service <|
tag == 'cinder-service' or
tag == 'ceilometer-service' or
tag == 'glance-service' or
+ tag == 'gnocchi-service' or
tag == 'heat-service' or
tag == 'keystone-service' or
tag == 'neutron-service' or
@@ -254,183 +255,46 @@ if hiera('step') >= 2 {
}
$control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip')
- if is_ipv6_address($control_vip) {
- $control_vip_netmask = '64'
- } else {
- $control_vip_netmask = '32'
- }
- pacemaker::resource::ip { 'control_vip':
- ip_address => $control_vip,
- cidr_netmask => $control_vip_netmask,
- }
- pacemaker::constraint::base { 'control_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${control_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['control_vip']],
- }
- pacemaker::constraint::colocation { 'control_vip-with-haproxy':
- source => "ip-${control_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['control_vip']],
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_control_vip':
+ vip_name => 'control',
+ ip_address => $control_vip,
}
$public_vip = hiera('tripleo::loadbalancer::public_virtual_ip')
- if is_ipv6_address($public_vip) {
- $public_vip_netmask = '64'
- } else {
- $public_vip_netmask = '32'
- }
- if $public_vip and $public_vip != $control_vip {
- pacemaker::resource::ip { 'public_vip':
- ip_address => $public_vip,
- cidr_netmask => $public_vip_netmask,
- }
- pacemaker::constraint::base { 'public_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${public_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['public_vip']],
- }
- pacemaker::constraint::colocation { 'public_vip-with-haproxy':
- source => "ip-${public_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['public_vip']],
- }
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_public_vip':
+ ensure => $public_vip and $public_vip != $control_vip,
+ vip_name => 'public',
+ ip_address => $public_vip,
}
$redis_vip = hiera('redis_vip')
- if is_ipv6_address($redis_vip) {
- $redis_vip_netmask = '64'
- } else {
- $redis_vip_netmask = '32'
- }
- if $redis_vip and $redis_vip != $control_vip {
- pacemaker::resource::ip { 'redis_vip':
- ip_address => $redis_vip,
- cidr_netmask => $redis_vip_netmask,
- }
- pacemaker::constraint::base { 'redis_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${redis_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['redis_vip']],
- }
- pacemaker::constraint::colocation { 'redis_vip-with-haproxy':
- source => "ip-${redis_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['redis_vip']],
- }
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_redis_vip':
+ ensure => $redis_vip and $redis_vip != $control_vip,
+ vip_name => 'redis',
+ ip_address => $redis_vip,
}
+
$internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip')
- if is_ipv6_address($internal_api_vip) {
- $internal_api_vip_netmask = '64'
- } else {
- $internal_api_vip_netmask = '32'
- }
- if $internal_api_vip and $internal_api_vip != $control_vip {
- pacemaker::resource::ip { 'internal_api_vip':
- ip_address => $internal_api_vip,
- cidr_netmask => $internal_api_vip_netmask,
- }
- pacemaker::constraint::base { 'internal_api_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${internal_api_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['internal_api_vip']],
- }
- pacemaker::constraint::colocation { 'internal_api_vip-with-haproxy':
- source => "ip-${internal_api_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['internal_api_vip']],
- }
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_internal_api_vip':
+ ensure => $internal_api_vip and $internal_api_vip != $control_vip,
+ vip_name => 'internal_api',
+ ip_address => $internal_api_vip,
}
$storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip')
- if is_ipv6_address($storage_vip) {
- $storage_vip_netmask = '64'
- } else {
- $storage_vip_netmask = '32'
- }
- if $storage_vip and $storage_vip != $control_vip {
- pacemaker::resource::ip { 'storage_vip':
- ip_address => $storage_vip,
- cidr_netmask => $storage_vip_netmask,
- }
- pacemaker::constraint::base { 'storage_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${storage_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['storage_vip']],
- }
- pacemaker::constraint::colocation { 'storage_vip-with-haproxy':
- source => "ip-${storage_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['storage_vip']],
- }
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_vip':
+ ensure => $storage_vip and $storage_vip != $control_vip,
+ vip_name => 'storage',
+ ip_address => $storage_vip,
}
$storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip')
- if is_ipv6_address($storage_mgmt_vip) {
- $storage_mgmt_vip_netmask = '64'
- } else {
- $storage_mgmt_vip_netmask = '32'
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_mgmt_vip':
+ ensure => $storage_mgmt_vip and $storage_mgmt_vip != $control_vip,
+ vip_name => 'storage_mgmt',
+ ip_address => $storage_mgmt_vip,
}
- if $storage_mgmt_vip and $storage_mgmt_vip != $control_vip {
- pacemaker::resource::ip { 'storage_mgmt_vip':
- ip_address => $storage_mgmt_vip,
- cidr_netmask => $storage_mgmt_vip_netmask,
- }
- pacemaker::constraint::base { 'storage_mgmt_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${storage_mgmt_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['storage_mgmt_vip']],
- }
- pacemaker::constraint::colocation { 'storage_mgmt_vip-with-haproxy':
- source => "ip-${storage_mgmt_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['storage_mgmt_vip']],
- }
- }
-
}
pacemaker::resource::service { $::memcached::params::service_name :
@@ -543,6 +407,11 @@ MYSQL_HOST=localhost\n",
}
}
+ if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' {
+ class { '::gnocchi::db::mysql':
+ require => Exec['galera-ready'],
+ }
+ }
class { '::sahara::db::mysql':
require => Exec['galera-ready'],
}
@@ -604,82 +473,7 @@ MYSQL_HOST=localhost\n",
} #END STEP 2
-if hiera('step') >= 4 {
-
- class { '::keystone':
- sync_db => $sync_db,
- manage_service => false,
- enabled => false,
- enable_bootstrap => $pacemaker_master,
- }
- include ::keystone::config
-
- #TODO: need a cleanup-keystone-tokens.sh solution here
-
- file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]:
- ensure => 'directory',
- owner => 'keystone',
- group => 'keystone',
- require => Package['keystone'],
- }
- file { '/etc/keystone/ssl/certs/signing_cert.pem':
- content => hiera('keystone_signing_certificate'),
- owner => 'keystone',
- group => 'keystone',
- notify => Service['keystone'],
- require => File['/etc/keystone/ssl/certs'],
- }
- file { '/etc/keystone/ssl/private/signing_key.pem':
- content => hiera('keystone_signing_key'),
- owner => 'keystone',
- group => 'keystone',
- notify => Service['keystone'],
- require => File['/etc/keystone/ssl/private'],
- }
- file { '/etc/keystone/ssl/certs/ca.pem':
- content => hiera('keystone_ca_certificate'),
- owner => 'keystone',
- group => 'keystone',
- notify => Service['keystone'],
- require => File['/etc/keystone/ssl/certs'],
- }
-
- $glance_backend = downcase(hiera('glance_backend', 'swift'))
- case $glance_backend {
- 'swift': { $backend_store = 'glance.store.swift.Store' }
- 'file': { $backend_store = 'glance.store.filesystem.Store' }
- 'rbd': { $backend_store = 'glance.store.rbd.Store' }
- default: { fail('Unrecognized glance_backend parameter.') }
- }
- $http_store = ['glance.store.http.Store']
- $glance_store = concat($http_store, $backend_store)
-
- if $glance_backend == 'file' and hiera('glance_file_pcmk_manage', false) {
- $secontext = 'context="system_u:object_r:glance_var_lib_t:s0"'
- pacemaker::resource::filesystem { 'glance-fs':
- device => hiera('glance_file_pcmk_device'),
- directory => hiera('glance_file_pcmk_directory'),
- fstype => hiera('glance_file_pcmk_fstype'),
- fsoptions => join([$secontext, hiera('glance_file_pcmk_options', '')],','),
- clone_params => '',
- }
- }
-
- # TODO: notifications, scrubber, etc.
- include ::glance
- include ::glance::config
- class { '::glance::api':
- known_stores => $glance_store,
- manage_service => false,
- enabled => false,
- }
- class { '::glance::registry' :
- sync_db => $sync_db,
- manage_service => false,
- enabled => false,
- }
- include ::glance::notify::rabbitmq
- include join(['::glance::backend::', $glance_backend])
+if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) {
$nova_ipv6 = hiera('nova::use_ipv6', false)
if $nova_ipv6 {
@@ -919,6 +713,7 @@ if hiera('step') >= 4 {
$cinder_rbd_backend = 'tripleo_ceph'
cinder::backend::rbd { $cinder_rbd_backend :
+ backend_host => hiera('cinder::host'),
rbd_pool => hiera('cinder_rbd_pool_name'),
rbd_user => hiera('ceph_client_user_name'),
rbd_secret_uuid => hiera('ceph::profile::params::fsid'),
@@ -1106,6 +901,7 @@ if hiera('step') >= 4 {
sync_db => $sync_db,
}
include ::ceilometer::agent::auth
+ include ::ceilometer::dispatcher::gnocchi
Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" }
@@ -1138,7 +934,7 @@ if hiera('step') >= 4 {
service_enable => false,
# service_manage => false, # <-- not supported with horizon&apache mod_wsgi?
}
- include ::keystone::wsgi::apache
+ include ::apache::mod::remoteip
include ::apache::mod::status
if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
$_profile_support = 'cisco'
@@ -1185,6 +981,40 @@ if hiera('step') >= 4 {
enabled => false,
}
+ # Gnocchi
+ $gnocchi_database_connection = hiera('gnocchi_mysql_conn_string')
+ include ::gnocchi::client
+ if $sync_db {
+ include ::gnocchi::db::sync
+ }
+ include ::gnocchi::storage
+ $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift'))
+ case $gnocchi_backend {
+ 'swift': { include ::gnocchi::storage::swift }
+ 'file': { include ::gnocchi::storage::file }
+ 'rbd': { include ::gnocchi::storage::ceph }
+ default: { fail('Unrecognized gnocchi_backend parameter.') }
+ }
+ class { '::gnocchi':
+ database_connection => $gnocchi_database_connection,
+ }
+ class { '::gnocchi::api' :
+ manage_service => false,
+ enabled => false,
+ service_name => 'httpd',
+ }
+ class { '::gnocchi::wsgi::apache' :
+ ssl => false,
+ }
+ class { '::gnocchi::metricd' :
+ manage_service => false,
+ enabled => false,
+ }
+ class { '::gnocchi::statsd' :
+ manage_service => false,
+ enabled => false,
+ }
+
$snmpd_user = hiera('snmpd_readonly_user_name')
snmp::snmpv3_user { $snmpd_user:
authtype => 'MD5',
@@ -1200,14 +1030,10 @@ if hiera('step') >= 4 {
} #END STEP 4
if hiera('step') >= 5 {
- $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true)
$nova_enable_db_purge = hiera('nova_enable_db_purge', true)
$cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
$heat_enable_db_purge = hiera('heat_enable_db_purge', true)
- if $keystone_enable_db_purge {
- include ::keystone::cron::token_flush
- }
if $nova_enable_db_purge {
include ::nova::cron::archive_deleted_rows
}
@@ -1220,18 +1046,6 @@ if hiera('step') >= 5 {
if $pacemaker_master {
- if $enable_load_balancer {
- pacemaker::constraint::base { 'haproxy-then-keystone-constraint':
- constraint_type => 'order',
- first_resource => 'haproxy-clone',
- second_resource => 'openstack-core-clone',
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
- }
-
pacemaker::constraint::base { 'openstack-core-then-httpd-constraint':
constraint_type => 'order',
first_resource => 'openstack-core-clone',
@@ -1241,15 +1055,6 @@ if hiera('step') >= 5 {
require => [Pacemaker::Resource::Service[$::apache::params::service_name],
Pacemaker::Resource::Ocf['openstack-core']],
}
- pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint':
- constraint_type => 'order',
- first_resource => 'rabbitmq-clone',
- second_resource => 'openstack-core-clone',
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Ocf['rabbitmq'],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
pacemaker::constraint::base { 'memcached-then-openstack-core-constraint':
constraint_type => 'order',
first_resource => 'memcached-clone',
@@ -1338,40 +1143,14 @@ if hiera('step') >= 5 {
require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name],
Pacemaker::Resource::Ocf['openstack-core']],
}
-
- # Glance
- pacemaker::resource::service { $::glance::params::registry_service_name :
- clone_params => 'interleave=true',
- require => Pacemaker::Resource::Ocf['openstack-core'],
- }
- pacemaker::resource::service { $::glance::params::api_service_name :
- clone_params => 'interleave=true',
- }
-
- pacemaker::constraint::base { 'keystone-then-glance-registry-constraint':
+ pacemaker::constraint::base { 'sahara-api-then-sahara-engine-constraint':
constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::glance::params::registry_service_name}-clone",
+ first_resource => "${::sahara::params::api_service_name}-clone",
+ second_resource => "${::sahara::params::engine_service_name}-clone",
first_action => 'start',
second_action => 'start',
- require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
- pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint':
- constraint_type => 'order',
- first_resource => "${::glance::params::registry_service_name}-clone",
- second_resource => "${::glance::params::api_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
- Pacemaker::Resource::Service[$::glance::params::api_service_name]],
- }
- pacemaker::constraint::colocation { 'glance-api-with-glance-registry-colocation':
- source => "${::glance::params::api_service_name}-clone",
- target => "${::glance::params::registry_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
- Pacemaker::Resource::Service[$::glance::params::api_service_name]],
+ require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name],
+ Pacemaker::Resource::Service[$::sahara::params::engine_service_name]],
}
if hiera('step') == 5 {
@@ -1509,7 +1288,7 @@ if hiera('step') >= 5 {
Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]],
}
}
- if hiera('neutron::enable_dhcp_agent',true) and hiera('l3_agent_service',true) {
+ if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_l3_agent',true) {
pacemaker::constraint::base { 'neutron-dhcp-agent-to-l3-agent-constraint':
constraint_type => 'order',
first_resource => "${::neutron::params::dhcp_agent_service}-clone",
@@ -1742,6 +1521,15 @@ if hiera('step') >= 5 {
require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
Pacemaker::Resource::Ocf['openstack-core']],
}
+ pacemaker::constraint::base { 'keystone-then-ceilometer-notification-constraint':
+ constraint_type => 'order',
+ first_resource => 'openstack-core-clone',
+ second_resource => "${::ceilometer::params::agent_notification_service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
+ Pacemaker::Resource::Ocf['openstack-core']],
+ }
pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint':
constraint_type => 'order',
first_resource => "${::ceilometer::params::agent_central_service_name}-clone",
@@ -1825,6 +1613,15 @@ if hiera('step') >= 5 {
require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]],
}
+ pacemaker::constraint::base { 'aodh-evaluator-then-aodh-listener-constraint':
+ constraint_type => 'order',
+ first_resource => "${::aodh::params::evaluator_service_name}-clone",
+ second_resource => "${::aodh::params::listener_service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
+ Pacemaker::Resource::Service[$::aodh::params::listener_service_name]],
+ }
pacemaker::constraint::colocation { 'aodh-listener-with-aodh-evaluator-colocation':
source => "${::aodh::params::listener_service_name}-clone",
target => "${::aodh::params::evaluator_service_name}-clone",
@@ -1844,6 +1641,30 @@ if hiera('step') >= 5 {
}
}
+ # gnocchi
+ pacemaker::resource::service { $::gnocchi::params::metricd_service_name :
+ clone_params => 'interleave=true',
+ }
+ pacemaker::resource::service { $::gnocchi::params::statsd_service_name :
+ clone_params => 'interleave=true',
+ }
+ pacemaker::constraint::base { 'gnocchi-metricd-then-gnocchi-statsd-constraint':
+ constraint_type => 'order',
+ first_resource => "${::gnocchi::params::metricd_service_name}-clone",
+ second_resource => "${::gnocchi::params::statsd_service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name],
+ Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]],
+ }
+ pacemaker::constraint::colocation { 'gnocchi-statsd-with-metricd-colocation':
+ source => "${::gnocchi::params::statsd_service_name}-clone",
+ target => "${::gnocchi::params::metricd_service_name}-clone",
+ score => 'INFINITY',
+ require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name],
+ Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]],
+ }
+
# Heat
pacemaker::resource::service { $::heat::params::api_service_name :
clone_params => 'interleave=true',
@@ -1857,15 +1678,6 @@ if hiera('step') >= 5 {
pacemaker::resource::service { $::heat::params::engine_service_name :
clone_params => 'interleave=true',
}
- pacemaker::constraint::base { 'keystone-then-heat-api-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::heat::params::api_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::heat::params::api_service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint':
constraint_type => 'order',
first_resource => "${::heat::params::api_service_name}-clone",
@@ -1962,29 +1774,5 @@ if hiera('step') >= 5 {
} #END STEP 5
-if hiera('step') >= 6 {
-
- if $pacemaker_master {
-
- class {'::keystone::roles::admin' :
- require => Pacemaker::Resource::Service[$::apache::params::service_name],
- } ->
- class {'::keystone::endpoint' :
- require => Pacemaker::Resource::Service[$::apache::params::service_name],
- }
- include ::heat::keystone::domain
- Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain']
-
- } else {
- # On non-master controller we don't need to create Keystone resources again
- class { '::heat::keystone::domain':
- manage_domain => false,
- manage_user => false,
- manage_role => false,
- }
- }
-
-} #END STEP 6
-
$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')])
package_manifest{$package_manifest_name: ensure => present}
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
new file mode 100644
index 00000000..3e8784b7
--- /dev/null
+++ b/puppet/services/glance-api.yaml
@@ -0,0 +1,98 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Glance API service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ GlanceNotifierStrategy:
+ description: Strategy to use for Glance notification queue
+ type: string
+ default: noop
+ GlanceLogFile:
+ description: The filepath of the file to use for logging messages from Glance.
+ type: string
+ default: ''
+ GlancePassword:
+ description: The password for the glance service and db account, used by the glance services.
+ type: string
+ hidden: true
+ GlanceBackend:
+ default: swift
+ description: The short name of the Glance backend to use. Should be one
+ of swift, rbd, or file
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'file', 'rbd']
+ GlanceWorkers:
+ default: 0
+ description: Number of workers for Glance service.
+ type: number
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the Glance API role.
+ value:
+ config_settings:
+ glance_dsn: &glance_dsn
+ list_join:
+ - ''
+ - - 'mysql+pymysql://glance:'
+ - {get_param: GlancePassword}
+ - '@'
+ - {get_param: MysqlVirtualIPUri}
+ - '/glance'
+ glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
+ glance::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::api::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::api::registry_host:
+ str_replace:
+ template: "'REGISTRY_HOST'"
+ params:
+ REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]}
+ glance::api::keystone_password: {get_param: GlancePassword}
+ glance::api::debug: {get_param: Debug}
+ glance::api::workers: {get_param: GlanceWorkers}
+ glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
+ glance_log_file: {get_param: GlanceLogFile}
+ glance::api::database_connection: *glance_dsn
+ glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::backend::swift::swift_store_user: service:glance
+ glance::backend::swift::swift_store_key: {get_param: GlancePassword}
+ glance_backend: {get_param: GlanceBackend}
+ glance::db::mysql::password: {get_param: GlancePassword}
+ glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
+ glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
+ glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
+ glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ step_config: |
+ include ::tripleo::profile::base::glance::api
diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml
new file mode 100644
index 00000000..1a1a515a
--- /dev/null
+++ b/puppet/services/glance-registry.yaml
@@ -0,0 +1,48 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Glance Registry service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ GlancePassword:
+ description: The password for the glance service and db account, used by the glance services.
+ type: string
+ hidden: true
+ GlanceWorkers:
+ default: 0
+ description: Number of workers for Glance service.
+ type: number
+
+outputs:
+ role_data:
+ description: Role data for the Glance Registry role.
+ value:
+ config_settings:
+ glance_dsn: &glance_dsn
+ list_join:
+ - ''
+ - - 'mysql+pymysql://glance:'
+ - {get_param: GlancePassword}
+ - '@'
+ - {get_param: MysqlVirtualIPUri}
+ - '/glance'
+ glance::registry::keystone_password: {get_param: GlancePassword}
+ glance::registry::database_connection: *glance_dsn
+ glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::registry::debug: {get_param: Debug}
+ glance::registry::workers: {get_param: GlanceWorkers}
+ step_config: |
+ include ::tripleo::profile::base::glance::registry
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
new file mode 100644
index 00000000..1654f0e7
--- /dev/null
+++ b/puppet/services/keystone.yaml
@@ -0,0 +1,135 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Keystone service configured with Puppet
+
+parameters:
+ KeystoneCACertificate:
+ default: ''
+ description: Keystone self-signed certificate authority certificate.
+ type: string
+ KeystoneEnableDBPurge:
+ default: true
+ description: |
+ Whether to create cron job for purging soft deleted rows in Keystone database.
+ type: boolean
+ KeystoneSigningCertificate:
+ default: ''
+ description: Keystone certificate for verifying token validity.
+ type: string
+ KeystoneSigningKey:
+ default: ''
+ description: Keystone key for signing tokens.
+ type: string
+ hidden: true
+ KeystoneSSLCertificate:
+ default: ''
+ description: Keystone certificate for verifying token validity.
+ type: string
+ KeystoneSSLCertificateKey:
+ default: ''
+ description: Keystone key for signing tokens.
+ type: string
+ hidden: true
+ KeystoneNotificationDriver:
+ description: Comma-separated list of Oslo notification drivers used by Keystone
+ default: ['messaging']
+ type: comma_delimited_list
+ KeystoneNotificationFormat:
+ description: The Keystone notification format
+ default: 'basic'
+ type: string
+ constraints:
+ - allowed_values: [ 'basic', 'cadf' ]
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ KeystoneWorkers:
+ default: 0
+ description: Number of workers for Keystone service.
+ type: number
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+ Debug:
+ type: string
+ default: ''
+ AdminEmail:
+ default: 'admin@example.com'
+ description: The email for the keystone admin account.
+ type: string
+ hidden: true
+ AdminPassword:
+ description: The password for the keystone admin account, used for monitoring, querying neutron etc.
+ type: string
+ hidden: true
+ AdminToken:
+ description: The keystone auth secret and db password.
+ type: string
+ hidden: true
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+
+outputs:
+ role_data:
+ description: Role data for the Keystone role.
+ value:
+ config_settings:
+ keystone_dsn: &keystone_dsn
+ list_join:
+ - ''
+ - - 'mysql+pymysql://keystone:'
+ - {get_param: AdminToken}
+ - '@'
+ - {get_param: MysqlVirtualIPUri}
+ - '/keystone'
+ keystone::database_connection: *keystone_dsn
+ keystone::admin_token: {get_param: AdminToken}
+ keystone::roles::admin::password: {get_param: AdminPassword}
+ keystone_ca_certificate: {get_param: KeystoneCACertificate}
+ keystone_signing_key: {get_param: KeystoneSigningKey}
+ keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
+ keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
+ keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+ keystone::debug: {get_param: Debug}
+ keystone::db::mysql::password: {get_param: AdminToken}
+ keystone::rabbit_userid: {get_param: RabbitUserName}
+ keystone::rabbit_password: {get_param: RabbitPassword}
+ keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ keystone::rabbit_port: {get_param: RabbitClientPort}
+ keystone::notification_driver: {get_param: KeystoneNotificationDriver}
+ keystone::notification_format: {get_param: KeystoneNotificationFormat}
+ keystone::roles::admin::email: {get_param: AdminEmail}
+ keystone::roles::admin::password: {get_param: AdminPassword}
+ keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
+ keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ keystone::endpoint::region: {get_param: KeystoneRegion}
+ keystone::admin_workers: {get_param: KeystoneWorkers}
+ keystone::public_workers: {get_param: KeystoneWorkers}
+ keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
+ keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
+ step_config: |
+ include ::tripleo::profile::base::keystone
diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml
new file mode 100644
index 00000000..815eb5bf
--- /dev/null
+++ b/puppet/services/pacemaker/glance-api.yaml
@@ -0,0 +1,60 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Glance API service with Pacemaker configured with Puppet.
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+ GlanceFilePcmkDevice:
+ default: ''
+ description: >
+ An exported storage device that should be mounted by Pacemaker
+ as Glance storage. Effective when GlanceFilePcmkManage is true.
+ type: string
+ GlanceFilePcmkFstype:
+ default: 'nfs'
+ description: >
+ Filesystem type for Pacemaker mount used as Glance storage.
+ Effective when GlanceFilePcmkManage is true.
+ type: string
+ GlanceFilePcmkManage:
+ default: false
+ description: >
+ Whether to make Glance file backend a mount managed by Pacemaker.
+ Effective when GlanceBackend is 'file'.
+ type: boolean
+ GlanceFilePcmkOptions:
+ default: ''
+ description: >
+ Mount options for Pacemaker mount used as Glance storage.
+ Effective when GlanceFilePcmkManage is true.
+ type: string
+
+resources:
+
+ GlanceApiBase:
+ type: ../glance-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri}
+
+outputs:
+ role_data:
+ description: Role data for the Glance role.
+ value:
+ config_settings:
+ map_merge:
+ - get_attr: [GlanceApiBase, role_data, config_settings]
+ - glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
+ glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
+ glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
+ glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
+ step_config: |
+ include ::tripleo::profile::pacemaker::glance
diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml
new file mode 100644
index 00000000..56353459
--- /dev/null
+++ b/puppet/services/pacemaker/glance-registry.yaml
@@ -0,0 +1,33 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Glance Registry service with Pacemaker configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+
+resources:
+
+ GlanceRegistryBase:
+ type: ../glance-registry.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri}
+
+outputs:
+ role_data:
+ description: Role data for the Glance role.
+ value:
+ config_settings:
+ get_attr: [GlanceRegistryBase, role_data, config_settings]
+ # No puppet manifests since glance-registry is included in
+ # ::tripleo::profile::pacemaker::glance which is maintained alongside of
+ # pacemaker/glance-api.yaml.
+ step_config:
diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml
new file mode 100644
index 00000000..8fcab15f
--- /dev/null
+++ b/puppet/services/pacemaker/keystone.yaml
@@ -0,0 +1,34 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Keystone service with Pacemaker configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+
+resources:
+
+ KeystoneServiceBase:
+ type: ../keystone.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri}
+
+outputs:
+ role_data:
+ description: Role data for the Keystone pacemaker role.
+ value:
+ config_settings:
+ map_merge:
+ - get_attr: [KeystoneServiceBase, role_data, config_settings]
+ #-
+ # custom keystone hiera goes here if we need it!?
+ step_config: |
+ include ::tripleo::profile::pacemaker::keystone
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index 8a4ea21f..296428db 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -256,6 +256,7 @@ resources:
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- common
+ merge_behavior: deeper
datafiles:
common:
raw_data: {get_file: hieradata/common.yaml}
@@ -337,12 +338,12 @@ outputs:
str_replace:
template: |
PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST
- STORAGEIP STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST
- TENANTIP TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST
+ EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
+ INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
+ STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
+ STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
+ TENANTIP TENANTHOST.DOMAIN TENANTHOST
+ MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -350,37 +351,37 @@ outputs:
EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
EXTERNALHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [SwiftStorage, name]}
- external
INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
INTERNAL_APIHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [SwiftStorage, name]}
- internalapi
STORAGEIP: {get_attr: [StoragePort, ip_address]}
STORAGEHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [SwiftStorage, name]}
- storage
STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
STORAGE_MGMTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [SwiftStorage, name]}
- storagemgmt
TENANTIP: {get_attr: [TenantPort, ip_address]}
TENANTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [SwiftStorage, name]}
- tenant
MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
MANAGEMENTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [SwiftStorage, name]}
- management
nova_server_resource:
diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml
index ebecd0cb..3e8e9182 100644
--- a/puppet/vip-config.yaml
+++ b/puppet/vip-config.yaml
@@ -27,6 +27,7 @@ resources:
nova_metadata_vip: {get_input: nova_metadata_vip}
ceilometer_api_vip: {get_input: ceilometer_api_vip}
aodh_api_vip: {get_input: aodh_api_vip}
+ gnocchi_api_vip: {get_input: gnocchi_api_vip}
heat_api_vip: {get_input: heat_api_vip}
horizon_vip: {get_input: horizon_vip}
redis_vip: {get_input: redis_vip}