diff options
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/all-nodes-config.yaml | 10 | ||||
-rw-r--r-- | puppet/ceph-cluster-config.yaml | 17 | ||||
-rw-r--r-- | puppet/ceph-storage.yaml | 25 | ||||
-rw-r--r-- | puppet/cinder-storage.yaml | 25 | ||||
-rw-r--r-- | puppet/compute.yaml | 25 | ||||
-rw-r--r-- | puppet/controller.yaml | 299 | ||||
-rw-r--r-- | puppet/extraconfig/ceph/ceph-external-config.yaml | 14 | ||||
-rw-r--r-- | puppet/extraconfig/tls/tls-cert-inject.yaml | 8 | ||||
-rw-r--r-- | puppet/hieradata/common.yaml | 3 | ||||
-rw-r--r-- | puppet/hieradata/controller.yaml | 17 | ||||
-rw-r--r-- | puppet/hieradata/database.yaml | 8 | ||||
-rw-r--r-- | puppet/manifests/overcloud_controller.pp | 87 | ||||
-rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 444 | ||||
-rw-r--r-- | puppet/services/glance-api.yaml | 98 | ||||
-rw-r--r-- | puppet/services/glance-registry.yaml | 48 | ||||
-rw-r--r-- | puppet/services/keystone.yaml | 135 | ||||
-rw-r--r-- | puppet/services/pacemaker/glance-api.yaml | 60 | ||||
-rw-r--r-- | puppet/services/pacemaker/glance-registry.yaml | 33 | ||||
-rw-r--r-- | puppet/services/pacemaker/keystone.yaml | 34 | ||||
-rw-r--r-- | puppet/swift-storage.yaml | 25 | ||||
-rw-r--r-- | puppet/vip-config.yaml | 1 |
21 files changed, 764 insertions, 652 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index ad10a8fc..b065ddd2 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -44,6 +44,8 @@ parameters: type: comma_delimited_list glance_registry_node_ips: type: comma_delimited_list + gnocchi_api_node_ips: + type: comma_delimited_list cinder_api_node_ips: type: comma_delimited_list neutron_api_node_ips: @@ -203,6 +205,14 @@ resources: list_join: - "','" - {get_param: aodh_api_node_ips} + gnocchi_api_node_ips: + str_replace: + template: "['SERVERS_LIST']" + params: + SERVERS_LIST: + list_join: + - "','" + - {get_param: gnocchi_api_node_ips} nova_api_node_ips: str_replace: template: "['SERVERS_LIST']" diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index dc2f98ed..fd161886 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -36,6 +36,9 @@ parameters: GlanceRbdPoolName: default: images type: string + GnocchiRbdPoolName: + default: metrics + type: string CephClientUserName: default: openstack type: string @@ -91,21 +94,25 @@ resources: cap_mon: 'allow profile bootstrap-osd' }, client.CLIENT_USER: { - secret: 'ADMIN_KEY', + secret: 'CLIENT_KEY', mode: '0644', cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL' + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' } }" params: CLIENT_USER: {get_param: CephClientUserName} + CLIENT_KEY: {get_param: ceph_client_key} ADMIN_KEY: {get_param: ceph_admin_key} NOVA_POOL: {get_param: NovaRbdPoolName} CINDER_POOL: {get_param: CinderRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} + GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} cinder_rbd_pool_name: {get_param: CinderRbdPoolName} glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} + gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} nova::compute::rbd::rbd_keyring: @@ -113,11 +120,17 @@ resources: - '.' - - 'client' - {get_param: CephClientUserName} + gnocchi::storage::ceph::ceph_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} ceph_client_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} - {get_param: NovaRbdPoolName} - {get_param: GlanceRbdPoolName} + - {get_param: GnocchiRbdPoolName} outputs: config_id: diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index d2988926..f0eb71e4 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -256,6 +256,7 @@ resources: - ceph - '"%{::osfamily}"' - common + merge_behavior: deeper datafiles: common: raw_data: {get_file: hieradata/common.yaml} @@ -313,12 +314,12 @@ outputs: str_replace: template: | PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST - STORAGEIP STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST - TENANTIP TENANTHOST - MANAGEMENTIP MANAGEMENTHOST + EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST + STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST + TENANTIP TENANTHOST.DOMAIN TENANTHOST + MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} @@ -326,37 +327,37 @@ outputs: EXTERNALIP: {get_attr: [ExternalPort, ip_address]} EXTERNALHOST: list_join: - - '-' + - '.' - - {get_attr: [CephStorage, name]} - external INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} INTERNAL_APIHOST: list_join: - - '-' + - '.' - - {get_attr: [CephStorage, name]} - internalapi STORAGEIP: {get_attr: [StoragePort, ip_address]} STORAGEHOST: list_join: - - '-' + - '.' - - {get_attr: [CephStorage, name]} - storage STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} STORAGE_MGMTHOST: list_join: - - '-' + - '.' - - {get_attr: [CephStorage, name]} - storagemgmt TENANTIP: {get_attr: [TenantPort, ip_address]} TENANTHOST: list_join: - - '-' + - '.' - - {get_attr: [CephStorage, name]} - tenant MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} MANAGEMENTHOST: list_join: - - '-' + - '.' - - {get_attr: [CephStorage, name]} - management nova_server_resource: diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index b5694802..c1a04e24 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -316,6 +316,7 @@ resources: - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - common + merge_behavior: deeper datafiles: common: raw_data: {get_file: hieradata/common.yaml} @@ -379,12 +380,12 @@ outputs: str_replace: template: | PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST - STORAGEIP STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST - TENANTIP TENANTHOST - MANAGEMENTIP MANAGEMENTHOST + EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST + STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST + TENANTIP TENANTHOST.DOMAIN TENANTHOST + MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} @@ -392,37 +393,37 @@ outputs: EXTERNALIP: {get_attr: [ExternalPort, ip_address]} EXTERNALHOST: list_join: - - '-' + - '.' - - {get_attr: [BlockStorage, name]} - external INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} INTERNAL_APIHOST: list_join: - - '-' + - '.' - - {get_attr: [BlockStorage, name]} - internalapi STORAGEIP: {get_attr: [StoragePort, ip_address]} STORAGEHOST: list_join: - - '-' + - '.' - - {get_attr: [BlockStorage, name]} - storage STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} STORAGE_MGMTHOST: list_join: - - '-' + - '.' - - {get_attr: [BlockStorage, name]} - storagemgmt TENANTIP: {get_attr: [TenantPort, ip_address]} TENANTHOST: list_join: - - '-' + - '.' - - {get_attr: [BlockStorage, name]} - tenant MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} MANAGEMENTHOST: list_join: - - '-' + - '.' - - {get_attr: [BlockStorage, name]} - management nova_server_resource: diff --git a/puppet/compute.yaml b/puppet/compute.yaml index f5c848c8..4c18067a 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -486,6 +486,7 @@ resources: - nova_nuage_data # Optionally provided by ComputeExtraConfigPre - midonet_data # Optionally provided by AllNodesExtraConfig - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre + merge_behavior: deeper datafiles: compute_extraconfig: mapped_data: {get_param: NovaComputeExtraConfig} @@ -760,12 +761,12 @@ outputs: str_replace: template: | PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST - STORAGEIP STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST - TENANTIP TENANTHOST - MANAGEMENTIP MANAGEMENTHOST + EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST + STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST + TENANTIP TENANTHOST.DOMAIN TENANTHOST + MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} @@ -773,37 +774,37 @@ outputs: EXTERNALIP: {get_attr: [ExternalPort, ip_address]} EXTERNALHOST: list_join: - - '-' + - '.' - - {get_attr: [NovaCompute, name]} - external INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} INTERNAL_APIHOST: list_join: - - '-' + - '.' - - {get_attr: [NovaCompute, name]} - internalapi STORAGEIP: {get_attr: [StoragePort, ip_address]} STORAGEHOST: list_join: - - '-' + - '.' - - {get_attr: [NovaCompute, name]} - storage STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} STORAGE_MGMTHOST: list_join: - - '-' + - '.' - - {get_attr: [NovaCompute, name]} - storagemgmt TENANTIP: {get_attr: [TenantPort, ip_address]} TENANTHOST: list_join: - - '-' + - '.' - - {get_attr: [NovaCompute, name]} - tenant MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} MANAGEMENTHOST: list_join: - - '-' + - '.' - - {get_attr: [NovaCompute, name]} - management nova_server_resource: diff --git a/puppet/controller.yaml b/puppet/controller.yaml index d966700f..bf196d24 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -1,22 +1,13 @@ -heat_template_version: 2015-10-15 +heat_template_version: 2016-04-08 description: > OpenStack controller node configured by Puppet. parameters: - AdminEmail: - default: 'admin@example.com' - description: The email for the keystone admin account. - type: string - hidden: true AdminPassword: description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true - AdminToken: - description: The keystone auth secret and db password. - type: string - hidden: true AodhApiVirtualIP: type: string default: '' @@ -43,6 +34,12 @@ parameters: default: false description: Whether to store events in ceilometer. type: boolean + CeilometerMeterDispatcher: + default: 'database' + description: Dispatcher to process meter data + type: string + constraints: + - allowed_values: ['gnocchi', 'database'] CinderApiVirtualIP: type: string default: '' @@ -100,6 +97,11 @@ parameters: default: 0 description: Number of workers for Cinder service. type: number + controllerExtraConfig: + default: {} + description: | + Deprecated. Use ControllerExtraConfig via parameter_defaults instead. + type: json ControllerExtraConfig: default: {} description: | @@ -189,49 +191,24 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - GlanceNotifierStrategy: - description: Strategy to use for Glance notification queue - type: string - default: noop - GlanceLogFile: - description: The filepath of the file to use for logging messages from Glance. - type: string - default: '' - GlancePassword: - description: The password for the glance service and db account, used by the glance services. - type: string - hidden: true - GlanceBackend: - default: swift - description: The short name of the Glance backend to use. Should be one + GnocchiBackend: + default: file + description: The short name of the Gnocchi backend to use. Should be one of swift, rbd, or file type: string constraints: - allowed_values: ['swift', 'file', 'rbd'] - GlanceFilePcmkDevice: - default: '' - description: > - An exported storage device that should be mounted by Pacemaker - as Glance storage. Effective when GlanceFilePcmkManage is true. + GnocchiIndexerBackend: + default: 'mysql' + description: The short name of the Gnocchi indexer backend to use. type: string - GlanceFilePcmkFstype: - default: 'nfs' - description: > - Filesystem type for Pacemaker mount used as Glance storage. - Effective when GlanceFilePcmkManage is true. + GnocchiApiVirtualIP: type: string - GlanceFilePcmkManage: - default: false - description: > - Whether to make Glance file backend a mount managed by Pacemaker. - Effective when GlanceBackend is 'file'. - type: boolean - GlanceFilePcmkOptions: default: '' - description: > - Mount options for Pacemaker mount used as Glance storage. - Effective when GlanceFilePcmkManage is true. + GnocchiPassword: + description: The password for the gnocchi service and db account. type: string + hidden: true HAProxyStatsPassword: description: Password for HAProxy stats endpoint type: string @@ -243,10 +220,6 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string - GlanceWorkers: - default: 0 - description: Number of workers for Glance service. - type: number HeatPassword: description: The password for the Heat service and db account, used by the Heat services. type: string @@ -295,43 +268,6 @@ parameters: type: string constraints: - custom_constraint: nova.keypair - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string - KeystoneEnableDBPurge: - default: true - description: | - Whether to create cron job for purging soft deleted rows in Keystone database. - type: boolean - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneSSLCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSSLCertificateKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneNotificationDriver: - description: Comma-separated list of Oslo notification drivers used by Keystone - default: ['messaging'] - type: comma_delimited_list - KeystoneNotificationFormat: - description: The Keystone notification format - default: 'basic' - type: string - constraints: - - allowed_values: [ 'basic', 'cadf' ] KeystoneRegion: type: string default: 'regionOne' @@ -348,10 +284,6 @@ parameters: default: false description: Whether IPtables rules should be purged before setting up the new ones. type: boolean - KeystoneWorkers: - default: 0 - description: Number of workers for Keystone service. - type: number SaharaApiVirtualIP: type: string default: '' @@ -711,24 +643,12 @@ parameters: HeatApiVirtualIPUri: type: string default: '' - GlanceApiVirtualIP: - type: string - default: '' - GlanceRegistryVirtualIP: - type: string - default: '' MysqlVirtualIP: type: string default: '' MysqlVirtualIPUri: type: string default: '' - KeystoneAdminApiVirtualIP: - type: string - default: '' - KeystonePublicApiVirtualIP: - type: string - default: '' NeutronApiVirtualIP: type: string default: '' @@ -794,6 +714,12 @@ parameters: type: json default: {} +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - controllerExtraConfig + resources: Controller: @@ -954,9 +880,7 @@ resources: bootstack_nodeid: {get_attr: [Controller, name]} ceilometer_workers: {get_param: CeilometerWorkers} cinder_workers: {get_param: CinderWorkers} - glance_workers: {get_param: GlanceWorkers} heat_workers: {get_param: HeatWorkers} - keystone_workers: {get_param: KeystoneWorkers} nova_workers: {get_param: NovaWorkers} neutron_workers: {get_param: NeutronWorkers} swift_workers: {get_param: SwiftWorkers} @@ -988,9 +912,7 @@ resources: heat_enable_db_purge: {get_param: HeatEnableDBPurge} horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} - admin_email: {get_param: AdminEmail} admin_password: {get_param: AdminPassword} - admin_token: {get_param: AdminToken} neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} debug: {get_param: Debug} cinder_enable_db_purge: {get_param: CinderEnableDBPurge} @@ -1015,23 +937,6 @@ resources: - '@' - {get_param: MysqlVirtualIPUri} - '/cinder' - glance_port: {get_param: [EndpointMap, GlanceInternal, port]} - glance_password: {get_param: GlancePassword} - glance_backend: {get_param: GlanceBackend} - glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice} - glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} - glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} - glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} - glance_notifier_strategy: {get_param: GlanceNotifierStrategy} - glance_log_file: {get_param: GlanceLogFile} - glance_dsn: - list_join: - - '' - - - 'mysql+pymysql://glance:' - - {get_param: GlancePassword} - - '@' - - {get_param: MysqlVirtualIPUri} - - '/glance' heat_password: {get_param: HeatPassword} heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} heat_dsn: @@ -1042,26 +947,8 @@ resources: - '@' - {get_param: MysqlVirtualIPUri} - '/heat' - keystone_ca_certificate: {get_param: KeystoneCACertificate} - keystone_signing_key: {get_param: KeystoneSigningKey} - keystone_signing_certificate: {get_param: KeystoneSigningCertificate} - keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} - keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} - keystone_notification_driver: {get_param: KeystoneNotificationDriver} - keystone_notification_format: {get_param: KeystoneNotificationFormat} - keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} - keystone_dsn: - list_join: - - '' - - - 'mysql+pymysql://keystone:' - - {get_param: AdminToken} - - '@' - - {get_param: MysqlVirtualIPUri} - - '/keystone' keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] } - keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } enable_fencing: {get_param: EnableFencing} enable_galera: {get_param: EnableGalera} @@ -1175,6 +1062,10 @@ resources: ceilometer_password: {get_param: CeilometerPassword} ceilometer_store_events: {get_param: CeilometerStoreEvents} aodh_password: {get_param: AodhPassword} + ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher} + gnocchi_password: {get_param: GnocchiPassword} + gnocchi_backend: {get_param: GnocchiBackend} + gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend} ceilometer_coordination_url: list_join: - '' @@ -1191,6 +1082,15 @@ resources: - '@' - {get_param: MysqlVirtualIPUri} - '/ceilometer' + gnocchi_dsn: + list_join: + - '' + - - 'mysql+pymysql://gnocchi:' + - {get_param: GnocchiPassword} + - '@' + - {get_param: MysqlVirtualIPUri} + - '/gnocchi' + gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} nova_enable_db_purge: {get_param: NovaEnableDBPurge} @@ -1260,7 +1160,6 @@ resources: glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]} - glance_registry_host: {get_param: GlanceRegistryVirtualIP} heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} @@ -1270,9 +1169,15 @@ resources: neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]} + gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]} nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} + horizon_subnet: + str_replace: + template: "['SUBNET']" + params: + SUBNET: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} redis_password: {get_param: RedisPassword} @@ -1319,11 +1224,15 @@ resources: - midonet_data #Optionally provided by AllNodesExtraConfig - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre - neutron_plumgrid_data # Optionally provided by ControllerExtraConfigPre + merge_behavior: deeper datafiles: service_configs: mapped_data: {get_param: ServiceConfigSettings} controller_extraconfig: - mapped_data: {get_param: ControllerExtraConfig} + mapped_data: + map_merge: + - {get_param: controllerExtraConfig} + - {get_param: ControllerExtraConfig} extraconfig: mapped_data: {get_param: ExtraConfig} common: @@ -1389,38 +1298,8 @@ resources: cinder::db::mysql::password: {get_input: cinder_password} # Glance - glance::api::bind_port: {get_input: glance_port} glance::api::bind_host: {get_input: glance_api_network} - glance::api::auth_uri: {get_input: keystone_auth_uri} - glance::api::identity_uri: {get_input: keystone_identity_uri} - glance::api::registry_host: {get_input: glance_registry_host} - glance::api::keystone_password: {get_input: glance_password} - glance::api::debug: {get_input: debug} - glance::api::workers: {get_input: glance_workers} - glance_notifier_strategy: {get_input: glance_notifier_strategy} - glance_log_file: {get_input: glance_log_file} - glance_log_file: {get_input: glance_log_file} - glance::api::database_connection: {get_input: glance_dsn} - glance::registry::keystone_password: {get_input: glance_password} - glance::registry::database_connection: {get_input: glance_dsn} glance::registry::bind_host: {get_input: glance_registry_network} - glance::registry::auth_uri: {get_input: keystone_auth_uri} - glance::registry::identity_uri: {get_input: keystone_identity_uri} - glance::registry::debug: {get_input: debug} - glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri} - glance::registry::workers: {get_input: glance_workers} - glance::backend::swift::swift_store_user: service:glance - glance::backend::swift::swift_store_key: {get_input: glance_password} - glance_backend: {get_input: glance_backend} - glance::db::mysql::password: {get_input: glance_password} - glance_file_pcmk_device: {get_input: glance_file_pcmk_device} - glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype} - glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage} - glance_file_pcmk_options: {get_input: glance_file_pcmk_options} - glance::notify::rabbitmq::rabbit_userid: {get_input: rabbit_username} - glance::notify::rabbitmq::rabbit_password: {get_input: rabbit_password} - glance::notify::rabbitmq::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - # Heat heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url} @@ -1441,43 +1320,17 @@ resources: heat::api_cloudwatch::workers: {get_input: heat_workers} heat::api_cfn::bind_host: {get_input: heat_api_network} heat::api_cfn::workers: {get_input: heat_workers} + heat::engine::num_engine_workers: {get_input: heat_workers} heat::database_connection: {get_input: heat_dsn} heat::debug: {get_input: debug} heat::db::mysql::password: {get_input: heat_password} heat_enable_db_purge: {get_input: heat_enable_db_purge} heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password} - # Keystone - keystone::admin_token: {get_input: admin_token} - keystone::roles::admin::password: {get_input: admin_password} - keystone_ca_certificate: {get_input: keystone_ca_certificate} - keystone_signing_key: {get_input: keystone_signing_key} - keystone_signing_certificate: {get_input: keystone_signing_certificate} - keystone_ssl_certificate: {get_input: keystone_ssl_certificate} - keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key} - keystone::database_connection: {get_input: keystone_dsn} keystone::admin_bind_host: {get_input: keystone_admin_api_network} keystone::public_bind_host: {get_input: keystone_public_api_network} keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network} keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network} - keystone::debug: {get_input: debug} - keystone::db::mysql::password: {get_input: admin_token} - keystone::rabbit_userid: {get_input: rabbit_username} - keystone::rabbit_password: {get_input: rabbit_password} - keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - keystone::rabbit_port: {get_input: rabbit_client_port} - keystone::notification_driver: {get_input: keystone_notification_driver} - keystone::notification_format: {get_input: keystone_notification_format} - keystone::roles::admin::email: {get_input: admin_email} - keystone::roles::admin::password: {get_input: admin_password} - keystone::endpoint::public_url: {get_input: keystone_public_url} - keystone::endpoint::internal_url: {get_input: keystone_internal_url} - keystone::endpoint::admin_url: {get_input: keystone_identity_uri} - keystone::endpoint::region: {get_input: keystone_region} - keystone::admin_workers: {get_input: keystone_workers} - keystone::public_workers: {get_input: keystone_workers} - keystone_enable_db_purge: {get_input: keystone_enable_db_purge} - keystone::public_endpoint: {get_input: keystone_public_url} # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} mongodb::server::nojournal: {get_input: mongodb_no_journal} @@ -1575,6 +1428,11 @@ resources: ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events} ceilometer::db::mysql::password: {get_input: ceilometer_password} + ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher} + ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url } + ceilometer::dispatcher::gnocchi::filter_project: 'service' + ceilometer::dispatcher::gnocchi::archive_policy: 'low' + ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} @@ -1596,6 +1454,22 @@ resources: # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url} + # Gnocchi + gnocchi_backend: {get_input: gnocchi_backend} + gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend} + gnocchi_mysql_conn_string: {get_input: gnocchi_dsn} + gnocchi::debug: {get_input: debug} + gnocchi::wsgi::apache::ssl: false + gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network} + gnocchi::api::service_name: 'httpd' + gnocchi::api::host: {get_input: gnocchi_api_network} + gnocchi::api::keystone_password: {get_input: gnocchi_password} + gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri} + gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri} + gnocchi::db::mysql::password: {get_input: gnocchi_password} + gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri} + gnocchi::storage::swift::swift_key: {get_input: gnocchi_password} + # Nova nova::rabbit_userid: {get_input: rabbit_username} nova::rabbit_password: {get_input: rabbit_password} @@ -1627,6 +1501,7 @@ resources: nova_enable_db_purge: {get_input: nova_enable_db_purge} # Horizon + apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet} apache::ip: {get_input: horizon_network} horizon::allowed_hosts: {get_input: horizon_allowed_hosts} horizon::django_debug: {get_input: debug} @@ -1758,12 +1633,12 @@ outputs: str_replace: template: | PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST - STORAGEIP STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST - TENANTIP TENANTHOST - MANAGEMENTIP MANAGEMENTHOST + EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST + STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST + TENANTIP TENANTHOST.DOMAIN TENANTHOST + MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} @@ -1771,37 +1646,37 @@ outputs: EXTERNALIP: {get_attr: [ExternalPort, ip_address]} EXTERNALHOST: list_join: - - '-' + - '.' - - {get_attr: [Controller, name]} - external INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} INTERNAL_APIHOST: list_join: - - '-' + - '.' - - {get_attr: [Controller, name]} - internalapi STORAGEIP: {get_attr: [StoragePort, ip_address]} STORAGEHOST: list_join: - - '-' + - '.' - - {get_attr: [Controller, name]} - storage STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} STORAGE_MGMTHOST: list_join: - - '-' + - '.' - - {get_attr: [Controller, name]} - storagemgmt TENANTIP: {get_attr: [TenantPort, ip_address]} TENANTHOST: list_join: - - '-' + - '.' - - {get_attr: [Controller, name]} - tenant MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} MANAGEMENTHOST: list_join: - - '-' + - '.' - - {get_attr: [Controller, name]} - management nova_server_resource: diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml index 312d49a0..5942088c 100644 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -38,6 +38,9 @@ parameters: GlanceRbdPoolName: default: images type: string + GnocchiRbdPoolName: + default: metrics + type: string CephClientUserName: default: openstack type: string @@ -68,7 +71,7 @@ resources: secret: 'CLIENT_KEY', mode: '0644', cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL' + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' } }" params: @@ -77,10 +80,13 @@ resources: NOVA_POOL: {get_param: NovaRbdPoolName} CINDER_POOL: {get_param: CinderRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} + GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} cinder_rbd_pool_name: {get_param: CinderRbdPoolName} glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} + gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} nova::compute::rbd::rbd_keyring: @@ -88,11 +94,17 @@ resources: - '.' - - 'client' - {get_param: CephClientUserName} + gnocchi::storage::ceph::ceph_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} ceph_client_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} - {get_param: NovaRbdPoolName} - {get_param: GlanceRbdPoolName} + - {get_param: GnocchiRbdPoolName} outputs: config_id: diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index 77b11378..e281ef51 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -63,6 +63,14 @@ resources: openssl rsa -noout -modulus -in ${cert_path} \ | openssl md5 | cut -c 10- \ > ${heat_outputs_path}.key_modulus + # We need to reload haproxy in case the certificate changed because + # puppet doesn't know the contents of the cert file. The pacemaker + # case is handled separately in a pacemaker-specific resource. + pacemaker_status=$(systemctl is-active pacemaker) + haproxy_status=$(systemctl is-active haproxy) + if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then + systemctl reload haproxy + fi ControllerTLSDeployment: type: OS::Heat::SoftwareDeployment diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml index 46471c3b..34965959 100644 --- a/puppet/hieradata/common.yaml +++ b/puppet/hieradata/common.yaml @@ -8,6 +8,9 @@ ceilometer::agent::auth::auth_tenant_name: 'service' aodh::auth::auth_region: 'regionOne' aodh::auth::auth_tenant_name: 'service' +gnocchi::auth::auth_region: 'regionOne' +gnocchi::auth::auth_tenant_name: 'service' + nova::api::admin_tenant_name: 'service' nova::network::neutron::neutron_project_name: 'service' nova::network::neutron::neutron_username: 'neutron' diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 8766263a..9316cf17 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -6,6 +6,16 @@ nova::consoleauth::enabled: true nova::vncproxy::enabled: true nova::scheduler::enabled: true +# gnocchi +gnocchi::db::sync::extra_opts: '--skip-storage' +gnocchi::storage::swift::swift_user: 'service:gnocchi' +gnocchi::storage::swift::swift_auth_version: 2 +gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26' +gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3' +gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616' +gnocchi::statsd::flush_delay: 10 +gnocchi::statsd::archive_policy_name: 'low' + # rabbitmq rabbitmq::delete_guest_user: false rabbitmq::wipe_db_on_cookie_change: true @@ -44,6 +54,7 @@ neutron::agents::dhcp::dhcp_delete_namespaces: True cinder::api::keystone_tenant: 'service' swift::proxy::authtoken::admin_tenant_name: 'service' ceilometer::api::keystone_tenant: 'service' +gnocchi::api::keystone_tenant: 'service' heat::keystone_tenant: 'service' sahara::admin_tenant_name: 'service' @@ -130,6 +141,7 @@ horizon::django_session_engine: 'django.contrib.sessions.backends.cache' horizon::vhost_extra_params: add_listen: false priority: 10 + access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' # mysql mysql::server::manage_config_file: true @@ -151,6 +163,7 @@ tripleo::loadbalancer::sahara: true tripleo::loadbalancer::swift_proxy_server: true tripleo::loadbalancer::ceilometer: true tripleo::loadbalancer::aodh: true +tripleo::loadbalancer::gnocchi: true tripleo::loadbalancer::heat_api: true tripleo::loadbalancer::heat_cloudwatch: true tripleo::loadbalancer::heat_cfn: true @@ -267,3 +280,7 @@ tripleo::firewall::firewall_rules: port: - 8042 - 13042 + '129 gnocchi-api': + port: + - 8041 + - 13041 diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml index 61714691..4eb199c8 100644 --- a/puppet/hieradata/database.yaml +++ b/puppet/hieradata/database.yaml @@ -61,6 +61,14 @@ ceilometer::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" +# Gnocchi +gnocchi::db::mysql::user: gnocchi +gnocchi::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +gnocchi::db::mysql::dbname: gnocchi +gnocchi::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + sahara::db::mysql::user: sahara sahara::db::mysql::host: "%{hiera('mysql_virtual_ip')}" sahara::db::mysql::dbname: sahara diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index c6667ae6..910617fa 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -121,6 +121,9 @@ if hiera('step') >= 2 { include ::cinder::db::mysql include ::heat::db::mysql include ::sahara::db::mysql + if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { + include ::gnocchi::db::mysql + } if downcase(hiera('ceilometer_backend')) == 'mysql' { include ::ceilometer::db::mysql include ::aodh::db::mysql @@ -212,62 +215,6 @@ if hiera('step') >= 2 { if hiera('step') >= 4 { - include ::keystone - include ::keystone::config - include ::keystone::roles::admin - include ::keystone::endpoint - include ::keystone::wsgi::apache - - #TODO: need a cleanup-keystone-tokens.sh solution here - - file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]: - ensure => 'directory', - owner => 'keystone', - group => 'keystone', - require => Package['keystone'], - } - file { '/etc/keystone/ssl/certs/signing_cert.pem': - content => hiera('keystone_signing_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/certs'], - } - file { '/etc/keystone/ssl/private/signing_key.pem': - content => hiera('keystone_signing_key'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/private'], - } - file { '/etc/keystone/ssl/certs/ca.pem': - content => hiera('keystone_ca_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/certs'], - } - - $glance_backend = downcase(hiera('glance_backend', 'swift')) - case $glance_backend { - 'swift': { $backend_store = 'glance.store.swift.Store' } - 'file': { $backend_store = 'glance.store.filesystem.Store' } - 'rbd': { $backend_store = 'glance.store.rbd.Store' } - default: { fail('Unrecognized glance_backend parameter.') } - } - $http_store = ['glance.store.http.Store'] - $glance_store = concat($http_store, $backend_store) - - # TODO: scrubber and other additional optional features - include ::glance - include ::glance::config - class { '::glance::api': - known_stores => $glance_store, - } - include ::glance::registry - include ::glance::notify::rabbitmq - include join(['::glance::backend::', $glance_backend]) - $nova_ipv6 = hiera('nova::use_ipv6', false) if $nova_ipv6 { $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') @@ -468,6 +415,7 @@ if hiera('step') >= 4 { $cinder_rbd_backend = 'tripleo_ceph' cinder::backend::rbd { $cinder_rbd_backend : + backend_host => hiera('cinder::host'), rbd_pool => hiera('cinder_rbd_pool_name'), rbd_user => hiera('ceph_client_user_name'), rbd_secret_uuid => hiera('ceph::profile::params::fsid'), @@ -613,6 +561,7 @@ if hiera('step') >= 4 { include ::ceilometer::expirer include ::ceilometer::collector include ::ceilometer::agent::auth + include ::ceilometer::dispatcher::gnocchi class { '::ceilometer::db' : database_connection => $ceilometer_database_connection, } @@ -650,6 +599,7 @@ if hiera('step') >= 4 { include ::sahara::service::engine # Horizon + include ::apache::mod::remoteip if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { $_profile_support = 'cisco' } else { @@ -669,6 +619,26 @@ if hiera('step') >= 4 { neutron_options => $neutron_options, } + # Gnocchi + $gnocchi_database_connection = hiera('gnocchi_mysql_conn_string') + class { '::gnocchi': + database_connection => $gnocchi_database_connection, + } + include ::gnocchi::api + include ::gnocchi::wsgi::apache + include ::gnocchi::client + include ::gnocchi::db::sync + include ::gnocchi::storage + include ::gnocchi::metricd + include ::gnocchi::statsd + $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift')) + case $gnocchi_backend { + 'swift': { include ::gnocchi::storage::swift } + 'file': { include ::gnocchi::storage::file } + 'rbd': { include ::gnocchi::storage::ceph } + default: { fail('Unrecognized gnocchi_backend parameter.') } + } + $snmpd_user = hiera('snmpd_readonly_user_name') snmp::snmpv3_user { $snmpd_user: authtype => 'MD5', @@ -684,14 +654,10 @@ if hiera('step') >= 4 { } #END STEP 4 if hiera('step') >= 5 { - $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true) $nova_enable_db_purge = hiera('nova_enable_db_purge', true) $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) $heat_enable_db_purge = hiera('heat_enable_db_purge', true) - if $keystone_enable_db_purge { - include ::keystone::cron::token_flush - } if $nova_enable_db_purge { include ::nova::cron::archive_deleted_rows } @@ -703,7 +669,6 @@ if hiera('step') >= 5 { } if downcase(hiera('bootstrap_nodeid')) == $::hostname { - include ::keystone::roles::admin # Class ::heat::keystone::domain has to run on bootstrap node # because it creates DB entities via API calls. include ::heat::keystone::domain diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 54176231..0372a56b 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -24,6 +24,7 @@ Service <| tag == 'cinder-service' or tag == 'ceilometer-service' or tag == 'glance-service' or + tag == 'gnocchi-service' or tag == 'heat-service' or tag == 'keystone-service' or tag == 'neutron-service' or @@ -254,183 +255,46 @@ if hiera('step') >= 2 { } $control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip') - if is_ipv6_address($control_vip) { - $control_vip_netmask = '64' - } else { - $control_vip_netmask = '32' - } - pacemaker::resource::ip { 'control_vip': - ip_address => $control_vip, - cidr_netmask => $control_vip_netmask, - } - pacemaker::constraint::base { 'control_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${control_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['control_vip']], - } - pacemaker::constraint::colocation { 'control_vip-with-haproxy': - source => "ip-${control_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['control_vip']], + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_control_vip': + vip_name => 'control', + ip_address => $control_vip, } $public_vip = hiera('tripleo::loadbalancer::public_virtual_ip') - if is_ipv6_address($public_vip) { - $public_vip_netmask = '64' - } else { - $public_vip_netmask = '32' - } - if $public_vip and $public_vip != $control_vip { - pacemaker::resource::ip { 'public_vip': - ip_address => $public_vip, - cidr_netmask => $public_vip_netmask, - } - pacemaker::constraint::base { 'public_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${public_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['public_vip']], - } - pacemaker::constraint::colocation { 'public_vip-with-haproxy': - source => "ip-${public_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['public_vip']], - } + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_public_vip': + ensure => $public_vip and $public_vip != $control_vip, + vip_name => 'public', + ip_address => $public_vip, } $redis_vip = hiera('redis_vip') - if is_ipv6_address($redis_vip) { - $redis_vip_netmask = '64' - } else { - $redis_vip_netmask = '32' - } - if $redis_vip and $redis_vip != $control_vip { - pacemaker::resource::ip { 'redis_vip': - ip_address => $redis_vip, - cidr_netmask => $redis_vip_netmask, - } - pacemaker::constraint::base { 'redis_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${redis_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['redis_vip']], - } - pacemaker::constraint::colocation { 'redis_vip-with-haproxy': - source => "ip-${redis_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['redis_vip']], - } + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_redis_vip': + ensure => $redis_vip and $redis_vip != $control_vip, + vip_name => 'redis', + ip_address => $redis_vip, } + $internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip') - if is_ipv6_address($internal_api_vip) { - $internal_api_vip_netmask = '64' - } else { - $internal_api_vip_netmask = '32' - } - if $internal_api_vip and $internal_api_vip != $control_vip { - pacemaker::resource::ip { 'internal_api_vip': - ip_address => $internal_api_vip, - cidr_netmask => $internal_api_vip_netmask, - } - pacemaker::constraint::base { 'internal_api_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${internal_api_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['internal_api_vip']], - } - pacemaker::constraint::colocation { 'internal_api_vip-with-haproxy': - source => "ip-${internal_api_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['internal_api_vip']], - } + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_internal_api_vip': + ensure => $internal_api_vip and $internal_api_vip != $control_vip, + vip_name => 'internal_api', + ip_address => $internal_api_vip, } $storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip') - if is_ipv6_address($storage_vip) { - $storage_vip_netmask = '64' - } else { - $storage_vip_netmask = '32' - } - if $storage_vip and $storage_vip != $control_vip { - pacemaker::resource::ip { 'storage_vip': - ip_address => $storage_vip, - cidr_netmask => $storage_vip_netmask, - } - pacemaker::constraint::base { 'storage_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${storage_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_vip']], - } - pacemaker::constraint::colocation { 'storage_vip-with-haproxy': - source => "ip-${storage_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_vip']], - } + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_vip': + ensure => $storage_vip and $storage_vip != $control_vip, + vip_name => 'storage', + ip_address => $storage_vip, } $storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip') - if is_ipv6_address($storage_mgmt_vip) { - $storage_mgmt_vip_netmask = '64' - } else { - $storage_mgmt_vip_netmask = '32' + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_mgmt_vip': + ensure => $storage_mgmt_vip and $storage_mgmt_vip != $control_vip, + vip_name => 'storage_mgmt', + ip_address => $storage_mgmt_vip, } - if $storage_mgmt_vip and $storage_mgmt_vip != $control_vip { - pacemaker::resource::ip { 'storage_mgmt_vip': - ip_address => $storage_mgmt_vip, - cidr_netmask => $storage_mgmt_vip_netmask, - } - pacemaker::constraint::base { 'storage_mgmt_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${storage_mgmt_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_mgmt_vip']], - } - pacemaker::constraint::colocation { 'storage_mgmt_vip-with-haproxy': - source => "ip-${storage_mgmt_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_mgmt_vip']], - } - } - } pacemaker::resource::service { $::memcached::params::service_name : @@ -543,6 +407,11 @@ MYSQL_HOST=localhost\n", } } + if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { + class { '::gnocchi::db::mysql': + require => Exec['galera-ready'], + } + } class { '::sahara::db::mysql': require => Exec['galera-ready'], } @@ -604,82 +473,7 @@ MYSQL_HOST=localhost\n", } #END STEP 2 -if hiera('step') >= 4 { - - class { '::keystone': - sync_db => $sync_db, - manage_service => false, - enabled => false, - enable_bootstrap => $pacemaker_master, - } - include ::keystone::config - - #TODO: need a cleanup-keystone-tokens.sh solution here - - file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]: - ensure => 'directory', - owner => 'keystone', - group => 'keystone', - require => Package['keystone'], - } - file { '/etc/keystone/ssl/certs/signing_cert.pem': - content => hiera('keystone_signing_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/certs'], - } - file { '/etc/keystone/ssl/private/signing_key.pem': - content => hiera('keystone_signing_key'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/private'], - } - file { '/etc/keystone/ssl/certs/ca.pem': - content => hiera('keystone_ca_certificate'), - owner => 'keystone', - group => 'keystone', - notify => Service['keystone'], - require => File['/etc/keystone/ssl/certs'], - } - - $glance_backend = downcase(hiera('glance_backend', 'swift')) - case $glance_backend { - 'swift': { $backend_store = 'glance.store.swift.Store' } - 'file': { $backend_store = 'glance.store.filesystem.Store' } - 'rbd': { $backend_store = 'glance.store.rbd.Store' } - default: { fail('Unrecognized glance_backend parameter.') } - } - $http_store = ['glance.store.http.Store'] - $glance_store = concat($http_store, $backend_store) - - if $glance_backend == 'file' and hiera('glance_file_pcmk_manage', false) { - $secontext = 'context="system_u:object_r:glance_var_lib_t:s0"' - pacemaker::resource::filesystem { 'glance-fs': - device => hiera('glance_file_pcmk_device'), - directory => hiera('glance_file_pcmk_directory'), - fstype => hiera('glance_file_pcmk_fstype'), - fsoptions => join([$secontext, hiera('glance_file_pcmk_options', '')],','), - clone_params => '', - } - } - - # TODO: notifications, scrubber, etc. - include ::glance - include ::glance::config - class { '::glance::api': - known_stores => $glance_store, - manage_service => false, - enabled => false, - } - class { '::glance::registry' : - sync_db => $sync_db, - manage_service => false, - enabled => false, - } - include ::glance::notify::rabbitmq - include join(['::glance::backend::', $glance_backend]) +if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { $nova_ipv6 = hiera('nova::use_ipv6', false) if $nova_ipv6 { @@ -919,6 +713,7 @@ if hiera('step') >= 4 { $cinder_rbd_backend = 'tripleo_ceph' cinder::backend::rbd { $cinder_rbd_backend : + backend_host => hiera('cinder::host'), rbd_pool => hiera('cinder_rbd_pool_name'), rbd_user => hiera('ceph_client_user_name'), rbd_secret_uuid => hiera('ceph::profile::params::fsid'), @@ -1106,6 +901,7 @@ if hiera('step') >= 4 { sync_db => $sync_db, } include ::ceilometer::agent::auth + include ::ceilometer::dispatcher::gnocchi Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } @@ -1138,7 +934,7 @@ if hiera('step') >= 4 { service_enable => false, # service_manage => false, # <-- not supported with horizon&apache mod_wsgi? } - include ::keystone::wsgi::apache + include ::apache::mod::remoteip include ::apache::mod::status if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { $_profile_support = 'cisco' @@ -1185,6 +981,40 @@ if hiera('step') >= 4 { enabled => false, } + # Gnocchi + $gnocchi_database_connection = hiera('gnocchi_mysql_conn_string') + include ::gnocchi::client + if $sync_db { + include ::gnocchi::db::sync + } + include ::gnocchi::storage + $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift')) + case $gnocchi_backend { + 'swift': { include ::gnocchi::storage::swift } + 'file': { include ::gnocchi::storage::file } + 'rbd': { include ::gnocchi::storage::ceph } + default: { fail('Unrecognized gnocchi_backend parameter.') } + } + class { '::gnocchi': + database_connection => $gnocchi_database_connection, + } + class { '::gnocchi::api' : + manage_service => false, + enabled => false, + service_name => 'httpd', + } + class { '::gnocchi::wsgi::apache' : + ssl => false, + } + class { '::gnocchi::metricd' : + manage_service => false, + enabled => false, + } + class { '::gnocchi::statsd' : + manage_service => false, + enabled => false, + } + $snmpd_user = hiera('snmpd_readonly_user_name') snmp::snmpv3_user { $snmpd_user: authtype => 'MD5', @@ -1200,14 +1030,10 @@ if hiera('step') >= 4 { } #END STEP 4 if hiera('step') >= 5 { - $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true) $nova_enable_db_purge = hiera('nova_enable_db_purge', true) $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) $heat_enable_db_purge = hiera('heat_enable_db_purge', true) - if $keystone_enable_db_purge { - include ::keystone::cron::token_flush - } if $nova_enable_db_purge { include ::nova::cron::archive_deleted_rows } @@ -1220,18 +1046,6 @@ if hiera('step') >= 5 { if $pacemaker_master { - if $enable_load_balancer { - pacemaker::constraint::base { 'haproxy-then-keystone-constraint': - constraint_type => 'order', - first_resource => 'haproxy-clone', - second_resource => 'openstack-core-clone', - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ocf['openstack-core']], - } - } - pacemaker::constraint::base { 'openstack-core-then-httpd-constraint': constraint_type => 'order', first_resource => 'openstack-core-clone', @@ -1241,15 +1055,6 @@ if hiera('step') >= 5 { require => [Pacemaker::Resource::Service[$::apache::params::service_name], Pacemaker::Resource::Ocf['openstack-core']], } - pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint': - constraint_type => 'order', - first_resource => 'rabbitmq-clone', - second_resource => 'openstack-core-clone', - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['rabbitmq'], - Pacemaker::Resource::Ocf['openstack-core']], - } pacemaker::constraint::base { 'memcached-then-openstack-core-constraint': constraint_type => 'order', first_resource => 'memcached-clone', @@ -1338,40 +1143,14 @@ if hiera('step') >= 5 { require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name], Pacemaker::Resource::Ocf['openstack-core']], } - - # Glance - pacemaker::resource::service { $::glance::params::registry_service_name : - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - pacemaker::resource::service { $::glance::params::api_service_name : - clone_params => 'interleave=true', - } - - pacemaker::constraint::base { 'keystone-then-glance-registry-constraint': + pacemaker::constraint::base { 'sahara-api-then-sahara-engine-constraint': constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::glance::params::registry_service_name}-clone", + first_resource => "${::sahara::params::api_service_name}-clone", + second_resource => "${::sahara::params::engine_service_name}-clone", first_action => 'start', second_action => 'start', - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint': - constraint_type => 'order', - first_resource => "${::glance::params::registry_service_name}-clone", - second_resource => "${::glance::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Service[$::glance::params::api_service_name]], - } - pacemaker::constraint::colocation { 'glance-api-with-glance-registry-colocation': - source => "${::glance::params::api_service_name}-clone", - target => "${::glance::params::registry_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Service[$::glance::params::api_service_name]], + require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name], + Pacemaker::Resource::Service[$::sahara::params::engine_service_name]], } if hiera('step') == 5 { @@ -1509,7 +1288,7 @@ if hiera('step') >= 5 { Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], } } - if hiera('neutron::enable_dhcp_agent',true) and hiera('l3_agent_service',true) { + if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_l3_agent',true) { pacemaker::constraint::base { 'neutron-dhcp-agent-to-l3-agent-constraint': constraint_type => 'order', first_resource => "${::neutron::params::dhcp_agent_service}-clone", @@ -1742,6 +1521,15 @@ if hiera('step') >= 5 { require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], Pacemaker::Resource::Ocf['openstack-core']], } + pacemaker::constraint::base { 'keystone-then-ceilometer-notification-constraint': + constraint_type => 'order', + first_resource => 'openstack-core-clone', + second_resource => "${::ceilometer::params::agent_notification_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], + Pacemaker::Resource::Ocf['openstack-core']], + } pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint': constraint_type => 'order', first_resource => "${::ceilometer::params::agent_central_service_name}-clone", @@ -1825,6 +1613,15 @@ if hiera('step') >= 5 { require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]], } + pacemaker::constraint::base { 'aodh-evaluator-then-aodh-listener-constraint': + constraint_type => 'order', + first_resource => "${::aodh::params::evaluator_service_name}-clone", + second_resource => "${::aodh::params::listener_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], + Pacemaker::Resource::Service[$::aodh::params::listener_service_name]], + } pacemaker::constraint::colocation { 'aodh-listener-with-aodh-evaluator-colocation': source => "${::aodh::params::listener_service_name}-clone", target => "${::aodh::params::evaluator_service_name}-clone", @@ -1844,6 +1641,30 @@ if hiera('step') >= 5 { } } + # gnocchi + pacemaker::resource::service { $::gnocchi::params::metricd_service_name : + clone_params => 'interleave=true', + } + pacemaker::resource::service { $::gnocchi::params::statsd_service_name : + clone_params => 'interleave=true', + } + pacemaker::constraint::base { 'gnocchi-metricd-then-gnocchi-statsd-constraint': + constraint_type => 'order', + first_resource => "${::gnocchi::params::metricd_service_name}-clone", + second_resource => "${::gnocchi::params::statsd_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name], + Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]], + } + pacemaker::constraint::colocation { 'gnocchi-statsd-with-metricd-colocation': + source => "${::gnocchi::params::statsd_service_name}-clone", + target => "${::gnocchi::params::metricd_service_name}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name], + Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]], + } + # Heat pacemaker::resource::service { $::heat::params::api_service_name : clone_params => 'interleave=true', @@ -1857,15 +1678,6 @@ if hiera('step') >= 5 { pacemaker::resource::service { $::heat::params::engine_service_name : clone_params => 'interleave=true', } - pacemaker::constraint::base { 'keystone-then-heat-api-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::heat::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::heat::params::api_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint': constraint_type => 'order', first_resource => "${::heat::params::api_service_name}-clone", @@ -1962,29 +1774,5 @@ if hiera('step') >= 5 { } #END STEP 5 -if hiera('step') >= 6 { - - if $pacemaker_master { - - class {'::keystone::roles::admin' : - require => Pacemaker::Resource::Service[$::apache::params::service_name], - } -> - class {'::keystone::endpoint' : - require => Pacemaker::Resource::Service[$::apache::params::service_name], - } - include ::heat::keystone::domain - Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain'] - - } else { - # On non-master controller we don't need to create Keystone resources again - class { '::heat::keystone::domain': - manage_domain => false, - manage_user => false, - manage_role => false, - } - } - -} #END STEP 6 - $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml new file mode 100644 index 00000000..3e8784b7 --- /dev/null +++ b/puppet/services/glance-api.yaml @@ -0,0 +1,98 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Glance API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + GlanceNotifierStrategy: + description: Strategy to use for Glance notification queue + type: string + default: noop + GlanceLogFile: + description: The filepath of the file to use for logging messages from Glance. + type: string + default: '' + GlancePassword: + description: The password for the glance service and db account, used by the glance services. + type: string + hidden: true + GlanceBackend: + default: swift + description: The short name of the Glance backend to use. Should be one + of swift, rbd, or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd'] + GlanceWorkers: + default: 0 + description: Number of workers for Glance service. + type: number + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + +outputs: + role_data: + description: Role data for the Glance API role. + value: + config_settings: + glance_dsn: &glance_dsn + list_join: + - '' + - - 'mysql+pymysql://glance:' + - {get_param: GlancePassword} + - '@' + - {get_param: MysqlVirtualIPUri} + - '/glance' + glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} + glance::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::api::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::api::registry_host: + str_replace: + template: "'REGISTRY_HOST'" + params: + REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]} + glance::api::keystone_password: {get_param: GlancePassword} + glance::api::debug: {get_param: Debug} + glance::api::workers: {get_param: GlanceWorkers} + glance_notifier_strategy: {get_param: GlanceNotifierStrategy} + glance_log_file: {get_param: GlanceLogFile} + glance::api::database_connection: *glance_dsn + glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::backend::swift::swift_store_user: service:glance + glance::backend::swift::swift_store_key: {get_param: GlancePassword} + glance_backend: {get_param: GlanceBackend} + glance::db::mysql::password: {get_param: GlancePassword} + glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName} + glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort} + glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} + glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + step_config: | + include ::tripleo::profile::base::glance::api diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml new file mode 100644 index 00000000..1a1a515a --- /dev/null +++ b/puppet/services/glance-registry.yaml @@ -0,0 +1,48 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Glance Registry service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + GlancePassword: + description: The password for the glance service and db account, used by the glance services. + type: string + hidden: true + GlanceWorkers: + default: 0 + description: Number of workers for Glance service. + type: number + +outputs: + role_data: + description: Role data for the Glance Registry role. + value: + config_settings: + glance_dsn: &glance_dsn + list_join: + - '' + - - 'mysql+pymysql://glance:' + - {get_param: GlancePassword} + - '@' + - {get_param: MysqlVirtualIPUri} + - '/glance' + glance::registry::keystone_password: {get_param: GlancePassword} + glance::registry::database_connection: *glance_dsn + glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::registry::debug: {get_param: Debug} + glance::registry::workers: {get_param: GlanceWorkers} + step_config: | + include ::tripleo::profile::base::glance::registry diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml new file mode 100644 index 00000000..1654f0e7 --- /dev/null +++ b/puppet/services/keystone.yaml @@ -0,0 +1,135 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Keystone service configured with Puppet + +parameters: + KeystoneCACertificate: + default: '' + description: Keystone self-signed certificate authority certificate. + type: string + KeystoneEnableDBPurge: + default: true + description: | + Whether to create cron job for purging soft deleted rows in Keystone database. + type: boolean + KeystoneSigningCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSigningKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true + KeystoneSSLCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSSLCertificateKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true + KeystoneNotificationDriver: + description: Comma-separated list of Oslo notification drivers used by Keystone + default: ['messaging'] + type: comma_delimited_list + KeystoneNotificationFormat: + description: The Keystone notification format + default: 'basic' + type: string + constraints: + - allowed_values: [ 'basic', 'cadf' ] + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + KeystoneWorkers: + default: 0 + description: Number of workers for Keystone service. + type: number + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + Debug: + type: string + default: '' + AdminEmail: + default: 'admin@example.com' + description: The email for the keystone admin account. + type: string + hidden: true + AdminPassword: + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + AdminToken: + description: The keystone auth secret and db password. + type: string + hidden: true + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +outputs: + role_data: + description: Role data for the Keystone role. + value: + config_settings: + keystone_dsn: &keystone_dsn + list_join: + - '' + - - 'mysql+pymysql://keystone:' + - {get_param: AdminToken} + - '@' + - {get_param: MysqlVirtualIPUri} + - '/keystone' + keystone::database_connection: *keystone_dsn + keystone::admin_token: {get_param: AdminToken} + keystone::roles::admin::password: {get_param: AdminPassword} + keystone_ca_certificate: {get_param: KeystoneCACertificate} + keystone_signing_key: {get_param: KeystoneSigningKey} + keystone_signing_certificate: {get_param: KeystoneSigningCertificate} + keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} + keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone::debug: {get_param: Debug} + keystone::db::mysql::password: {get_param: AdminToken} + keystone::rabbit_userid: {get_param: RabbitUserName} + keystone::rabbit_password: {get_param: RabbitPassword} + keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + keystone::rabbit_port: {get_param: RabbitClientPort} + keystone::notification_driver: {get_param: KeystoneNotificationDriver} + keystone::notification_format: {get_param: KeystoneNotificationFormat} + keystone::roles::admin::email: {get_param: AdminEmail} + keystone::roles::admin::password: {get_param: AdminPassword} + keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} + keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + keystone::endpoint::region: {get_param: KeystoneRegion} + keystone::admin_workers: {get_param: KeystoneWorkers} + keystone::public_workers: {get_param: KeystoneWorkers} + keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} + keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} + step_config: | + include ::tripleo::profile::base::keystone diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml new file mode 100644 index 00000000..815eb5bf --- /dev/null +++ b/puppet/services/pacemaker/glance-api.yaml @@ -0,0 +1,60 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Glance API service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + GlanceFilePcmkDevice: + default: '' + description: > + An exported storage device that should be mounted by Pacemaker + as Glance storage. Effective when GlanceFilePcmkManage is true. + type: string + GlanceFilePcmkFstype: + default: 'nfs' + description: > + Filesystem type for Pacemaker mount used as Glance storage. + Effective when GlanceFilePcmkManage is true. + type: string + GlanceFilePcmkManage: + default: false + description: > + Whether to make Glance file backend a mount managed by Pacemaker. + Effective when GlanceBackend is 'file'. + type: boolean + GlanceFilePcmkOptions: + default: '' + description: > + Mount options for Pacemaker mount used as Glance storage. + Effective when GlanceFilePcmkManage is true. + type: string + +resources: + + GlanceApiBase: + type: ../glance-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Glance role. + value: + config_settings: + map_merge: + - get_attr: [GlanceApiBase, role_data, config_settings] + - glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice} + glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} + glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} + glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} + step_config: | + include ::tripleo::profile::pacemaker::glance diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml new file mode 100644 index 00000000..56353459 --- /dev/null +++ b/puppet/services/pacemaker/glance-registry.yaml @@ -0,0 +1,33 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Glance Registry service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + + GlanceRegistryBase: + type: ../glance-registry.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Glance role. + value: + config_settings: + get_attr: [GlanceRegistryBase, role_data, config_settings] + # No puppet manifests since glance-registry is included in + # ::tripleo::profile::pacemaker::glance which is maintained alongside of + # pacemaker/glance-api.yaml. + step_config: diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml new file mode 100644 index 00000000..8fcab15f --- /dev/null +++ b/puppet/services/pacemaker/keystone.yaml @@ -0,0 +1,34 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Keystone service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + + KeystoneServiceBase: + type: ../keystone.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Keystone pacemaker role. + value: + config_settings: + map_merge: + - get_attr: [KeystoneServiceBase, role_data, config_settings] + #- + # custom keystone hiera goes here if we need it!? + step_config: | + include ::tripleo::profile::pacemaker::keystone diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index 8a4ea21f..296428db 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -256,6 +256,7 @@ resources: - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - common + merge_behavior: deeper datafiles: common: raw_data: {get_file: hieradata/common.yaml} @@ -337,12 +338,12 @@ outputs: str_replace: template: | PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST - STORAGEIP STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST - TENANTIP TENANTHOST - MANAGEMENTIP MANAGEMENTHOST + EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST + STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST + TENANTIP TENANTHOST.DOMAIN TENANTHOST + MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST params: PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} @@ -350,37 +351,37 @@ outputs: EXTERNALIP: {get_attr: [ExternalPort, ip_address]} EXTERNALHOST: list_join: - - '-' + - '.' - - {get_attr: [SwiftStorage, name]} - external INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} INTERNAL_APIHOST: list_join: - - '-' + - '.' - - {get_attr: [SwiftStorage, name]} - internalapi STORAGEIP: {get_attr: [StoragePort, ip_address]} STORAGEHOST: list_join: - - '-' + - '.' - - {get_attr: [SwiftStorage, name]} - storage STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} STORAGE_MGMTHOST: list_join: - - '-' + - '.' - - {get_attr: [SwiftStorage, name]} - storagemgmt TENANTIP: {get_attr: [TenantPort, ip_address]} TENANTHOST: list_join: - - '-' + - '.' - - {get_attr: [SwiftStorage, name]} - tenant MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} MANAGEMENTHOST: list_join: - - '-' + - '.' - - {get_attr: [SwiftStorage, name]} - management nova_server_resource: diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml index ebecd0cb..3e8e9182 100644 --- a/puppet/vip-config.yaml +++ b/puppet/vip-config.yaml @@ -27,6 +27,7 @@ resources: nova_metadata_vip: {get_input: nova_metadata_vip} ceilometer_api_vip: {get_input: ceilometer_api_vip} aodh_api_vip: {get_input: aodh_api_vip} + gnocchi_api_vip: {get_input: gnocchi_api_vip} heat_api_vip: {get_input: heat_api_vip} horizon_vip: {get_input: horizon_vip} redis_vip: {get_input: redis_vip} |