diff options
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/all-nodes-config.yaml | 1 | ||||
-rw-r--r-- | puppet/major_upgrade_steps.j2.yaml | 1 | ||||
-rw-r--r-- | puppet/puppet-steps.j2 | 4 | ||||
-rw-r--r-- | puppet/services/ceph-mon.yaml | 4 | ||||
-rw-r--r-- | puppet/services/cinder-backend-veritas-hyperscale.yaml | 56 | ||||
-rw-r--r-- | puppet/services/congress.yaml | 1 | ||||
-rw-r--r-- | puppet/services/docker.yaml | 19 | ||||
-rw-r--r-- | puppet/services/ec2-api.yaml | 2 | ||||
-rw-r--r-- | puppet/services/iscsid.yaml | 41 | ||||
-rw-r--r-- | puppet/services/keystone.yaml | 1 | ||||
-rw-r--r-- | puppet/services/monitoring/sensu-base.yaml | 2 | ||||
-rw-r--r-- | puppet/services/neutron-l3-compute-dvr.yaml | 1 | ||||
-rw-r--r-- | puppet/services/neutron-l3.yaml | 1 | ||||
-rw-r--r-- | puppet/services/neutron-plugin-ml2.yaml | 4 | ||||
-rw-r--r-- | puppet/services/nova-libvirt.yaml | 18 | ||||
-rw-r--r-- | puppet/services/opendaylight-api.yaml | 5 | ||||
-rw-r--r-- | puppet/services/tacker.yaml | 1 | ||||
-rw-r--r-- | puppet/services/tripleo-packages.yaml | 2 | ||||
-rw-r--r-- | puppet/services/veritas-hyperscale-controller.yaml | 70 | ||||
-rw-r--r-- | puppet/services/zaqar.yaml | 79 |
20 files changed, 283 insertions, 30 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index b29a8a98..24aa1525 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -45,6 +45,7 @@ parameters: perform configuration on a Heat stack-update. UpdateIdentifier: type: string + default: '' description: > Setting to a previously unused value during stack-update will trigger package update on all nodes diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index 574c41b0..625ff4d9 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -18,6 +18,7 @@ parameters: type: json UpdateIdentifier: type: string + default: '' description: > Setting to a previously unused value during stack-update will trigger the Upgrade resources to re-run on all roles. diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2 index 3d071018..542af42c 100644 --- a/puppet/puppet-steps.j2 +++ b/puppet/puppet-steps.j2 @@ -36,7 +36,7 @@ resources: {{role.name}}Config: type: OS::TripleO::{{role.name}}Config properties: - StepConfig: {list_join: ["\n", {get_param: [role_data, {{role.name}}, step_config]}]} + StepConfig: {get_param: [role_data, {{role.name}}, step_config]} # Step through a series of configuration steps {% for step in range(1, deploy_steps_max) %} @@ -139,6 +139,7 @@ resources: {%- for r in roles %} {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} {%- endfor %} + evaluate_env: false UPDATE: workflow: { get_resource: WorkflowTasks_Step{{step}} } params: @@ -148,6 +149,7 @@ resources: {%- for r in roles %} {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} {%- endfor %} + evaluate_env: false always_update: true {% endfor %} # END service_workflow_tasks handling diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index 3e4f5b42..4fe6e908 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -172,6 +172,6 @@ outputs: until: ceph_quorum_nodecheck.rc == 0 retries: {get_param: CephValidationRetries} delay: {get_param: CephValidationDelay} - - name: set crush tunables + - name: ceph osd crush tunables default tags: step0 - shell: ceph osd crush tunables optimal + shell: ceph osd crush tunables default diff --git a/puppet/services/cinder-backend-veritas-hyperscale.yaml b/puppet/services/cinder-backend-veritas-hyperscale.yaml new file mode 100644 index 00000000..11ceb2fd --- /dev/null +++ b/puppet/services/cinder-backend-veritas-hyperscale.yaml @@ -0,0 +1,56 @@ +# Copyright (c) 2017 Veritas Technologies LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: ocata + +description: > + Openstack Veritas HyperScale backend + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Veritas HyperScale backend. + value: + service_name: cinder_backend_veritas_hyperscale + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_vrts_hs_backend: true + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 31a4d3eb..f5d38b60 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -37,6 +37,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. CongressDebug: default: '' description: Set to True to enable debugging Glance service. diff --git a/puppet/services/docker.yaml b/puppet/services/docker.yaml index d92b666b..d11ef66a 100644 --- a/puppet/services/docker.yaml +++ b/puppet/services/docker.yaml @@ -4,13 +4,11 @@ description: > Configures docker on the host parameters: - DockerNamespace: - description: namespace - default: tripleoupstream + DockerInsecureRegistryAddress: + description: Optional. The IP Address and Port of an insecure docker + namespace that will be configured in /etc/sysconfig/docker. type: string - DockerNamespaceIsRegistry: - type: boolean - default: false + default: '' EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -38,14 +36,19 @@ parameters: description: Parameters specific to the role type: json +conditions: + insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, '']} + outputs: role_data: description: Role data for the docker service value: service_name: docker config_settings: - tripleo::profile::base::docker::docker_namespace: {get_param: DockerNamespace} - tripleo::profile::base::docker::insecure_registry: {get_param: DockerNamespaceIsRegistry} + if: + - insecure_registry_is_empty + - {} + - tripleo::profile::base::docker::insecure_registry_address: {get_param: DockerInsecureRegistryAddress} step_config: | include ::tripleo::profile::base::docker upgrade_tasks: diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml index d5056c60..85fdb369 100644 --- a/puppet/services/ec2-api.yaml +++ b/puppet/services/ec2-api.yaml @@ -61,7 +61,7 @@ parameters: path: /var/log/ec2api/ec2api.log EnablePackageInstall: default: 'false' - description: Set to true to enable package installation via Puppet + description: Set to true to enable package installation at deploy time type: boolean Ec2ApiPolicies: description: | diff --git a/puppet/services/iscsid.yaml b/puppet/services/iscsid.yaml new file mode 100644 index 00000000..9510df3b --- /dev/null +++ b/puppet/services/iscsid.yaml @@ -0,0 +1,41 @@ +heat_template_version: pike + +description: > + Configure iscsid + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for iscsid + value: + service_name: iscsid + config_setting: {} + step_config: | + include ::tripleo::profile::base::iscsid diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 136c0ad4..8796209b 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -67,6 +67,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. KeystoneDebug: default: '' description: Set to True to enable debugging Keystone service. diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml index 24dda549..0f0fe957 100644 --- a/puppet/services/monitoring/sensu-base.yaml +++ b/puppet/services/monitoring/sensu-base.yaml @@ -44,7 +44,7 @@ parameters: to the RabbitMQ host. Set MonitoringRabbitUseSSL to true without specifying a private key or cert chain to use SSL transport, but not cert auth. - type: string + type: boolean MonitoringRabbitSSLPrivateKey: default: '' description: Private key to be used by Sensu to connect to RabbitMQ host. diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml index 0d56b3b1..a3baf710 100644 --- a/puppet/services/neutron-l3-compute-dvr.yaml +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -34,6 +34,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. MonitoringSubscriptionNeutronL3Dvr: default: 'overcloud-neutron-l3-dvr' type: string diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 82371337..7ccf526a 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -33,6 +33,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. NeutronL3AgentMode: description: | Agent mode for L3 agent. Must be one of legacy or dvr_snat. diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index d98d1620..dd757b5d 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -53,8 +53,8 @@ parameters: default: 'datacentre:1:1000' description: > The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). + Neutron documentation for permitted values. Defaults to permitting VLANs + 1 to 1000 on the 'datacentre' physical network (See NeutronBridgeMappings). type: comma_delimited_list NeutronTunnelIdRanges: description: | diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 3a5d7536..1c2958e3 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -30,6 +30,20 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + CephClientUserName: + default: openstack + type: string + CephClientKey: + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClusterFSID: + type: string + description: The Ceph cluster FSID. Must be a UUID. + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean NovaComputeLibvirtType: type: string default: kvm @@ -113,6 +127,9 @@ outputs: nova::compute::libvirt::migration_support: false tripleo::profile::base::nova::manage_migration: true tripleo::profile::base::nova::libvirt_enabled: true + nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey} + nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID} nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType} nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType} nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents} @@ -120,6 +137,7 @@ outputs: nova::compute::libvirt::qemu::max_files: 32768 nova::compute::libvirt::qemu::max_processes: 131072 nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + rbd_persistent_storage: {get_param: CinderEnableRbdBackend} tripleo.nova_libvirt.firewall_rules: '200 nova_libvirt': dport: diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index da925181..472dbcce 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -58,6 +58,10 @@ parameters: default: {} description: Parameters specific to the role type: json + OpenDaylightManageRepositories: + description: Whether to manage the OpenDaylight repository + type: boolean + default: false outputs: role_data: @@ -72,6 +76,7 @@ outputs: opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP} opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} + opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories} tripleo.opendaylight_api.firewall_rules: '137 opendaylight api': dport: diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index 7661dd2f..541a2eb6 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -37,6 +37,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. TackerDebug: default: '' description: Set to True to enable debugging Tacker service. diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index e52dd71e..e471c2a6 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -32,7 +32,7 @@ parameters: type: json EnablePackageInstall: default: 'false' - description: Set to true to enable package installation via Puppet + description: Set to true to enable package installation at deploy time type: boolean outputs: diff --git a/puppet/services/veritas-hyperscale-controller.yaml b/puppet/services/veritas-hyperscale-controller.yaml new file mode 100644 index 00000000..bcb9e38f --- /dev/null +++ b/puppet/services/veritas-hyperscale-controller.yaml @@ -0,0 +1,70 @@ +# Copyright (c) 2017 Veritas Technologies LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: ocata + +description: > + Openstack Veritas HyperScale backend + +parameters: + VrtsRabbitPassword: + type: string + default: '' + VrtsKeystonePassword: + type: string + default: '' + VrtsMysqlPassword: + type: string + default: '' + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Install Veritas HyperScale packages for controller. + value: + service_name: veritas_hyperscale_controller + config_settings: + step_config: | + include ::veritas_hyperscale::controller_pkg_inst + service_config_settings: + rabbitmq: + vrts_rabbitmq_passwd: {get_param: VrtsRabbitPassword} + keystone: + vrts_keystone_passwd: {get_param: VrtsKeystonePassword} + mysql: + vrts_mysql_passwd: {get_param: VrtsMysqlPassword} diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index debdc742..21857423 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -56,6 +56,14 @@ parameters: type: string description: Set the number of workers for zaqar::wsgi::apache default: '%{::os_workers}' + ZaqarMessageStore: + type: string + description: The messaging store for Zaqar + default: mongodb + ZaqarManagementStore: + type: string + description: The management store for Zaqar + default: mongodb EnableInternalTLS: type: boolean default: false @@ -63,6 +71,8 @@ parameters: conditions: zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]} service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']} + zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']} + zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']} resources: @@ -105,26 +115,67 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} + zaqar::message_store: {get_param: ZaqarMessageStore} + zaqar::management_store: {get_param: ZaqarManagementStore} + - + if: + - zaqar_messaging_store_swift + - + zaqar::messaging::swift::uri: + list_join: + - '' + - ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service'] + zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + tripleo::profile::base::zaqar::messaging_store: 'swift' + - {} + - + if: + - zaqar_management_store_sqlalchemy + - + tripleo::profile::base::zaqar::management_store: 'sqlalchemy' + zaqar::management::sqlalchemy::uri: + make_url: + scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} + username: zaqar + password: {get_param: ZaqarPassword} + host: {get_param: [EndpointMap, MysqlInternal, host]} + path: /zaqar + query: + read_default_file: /etc/my.cnf.d/tripleo.cnf + read_default_group: tripleo + - {} - if: - zaqar_workers_zero - {} - zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers} service_config_settings: - keystone: - zaqar::keystone::auth::password: {get_param: ZaqarPassword} - zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} - zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} - zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} - zaqar::keystone::auth::region: {get_param: KeystoneRegion} - zaqar::keystone::auth::tenant: 'service' - zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} - zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} - zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} - zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} - zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} - zaqar::keystone::auth_websocket::tenant: 'service' - + map_merge: + - keystone: + zaqar::keystone::auth::password: {get_param: ZaqarPassword} + zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} + zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} + zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} + zaqar::keystone::auth::region: {get_param: KeystoneRegion} + zaqar::keystone::auth::tenant: 'service' + zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} + zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} + zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} + zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} + zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} + zaqar::keystone::auth_websocket::tenant: 'service' + - + if: + - zaqar_management_store_sqlalchemy + - mysql: + zaqar::db::mysql::user: zaqar + zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + zaqar::db::mysql::dbname: zaqar + zaqar::db::mysql::password: {get_param: ZaqarPassword} + zaqar::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + - {} step_config: | include ::tripleo::profile::base::zaqar upgrade_tasks: |