diff options
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/ceph-storage-puppet.yaml | 2 | ||||
| -rw-r--r-- | puppet/cinder-storage-puppet.yaml | 186 | ||||
| -rw-r--r-- | puppet/compute-puppet.yaml | 413 | ||||
| -rw-r--r-- | puppet/controller-puppet.yaml | 868 | ||||
| -rw-r--r-- | puppet/manifests/loadbalancer.pp (renamed from puppet/loadbalancer.pp) | 0 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_compute.pp (renamed from puppet/overcloud_compute.pp) | 0 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp (renamed from puppet/overcloud_controller.pp) | 0 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_object.pp (renamed from puppet/overcloud_object.pp) | 0 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_volume.pp (renamed from puppet/overcloud_volume.pp) | 0 | ||||
| -rw-r--r-- | puppet/manifests/ringbuilder.pp (renamed from puppet/ringbuilder.pp) | 0 | ||||
| -rw-r--r-- | puppet/swift-storage-puppet.yaml | 171 |
11 files changed, 1640 insertions, 0 deletions
diff --git a/puppet/ceph-storage-puppet.yaml b/puppet/ceph-storage-puppet.yaml new file mode 100644 index 00000000..c9aa7bcf --- /dev/null +++ b/puppet/ceph-storage-puppet.yaml @@ -0,0 +1,2 @@ +heat_template_version: 2014-10-16 +description: 'Common Ceph Storage Configuration by Puppet' diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml new file mode 100644 index 00000000..befd8e4e --- /dev/null +++ b/puppet/cinder-storage-puppet.yaml @@ -0,0 +1,186 @@ +heat_template_version: 2014-10-16 +description: 'Block Storage Configuration w/ Puppet' +parameters: + Image: + default: overcloud-cinder-volume + type: string + CinderISCSIHelper: + default: tgtadm + description: The iSCSI helper to use with cinder. + type: string + CinderLVMLoopDeviceSize: + default: 5000 + description: The size of the loopback file used by the cinder LVM driver. + type: number + VirtualIP: + default: '' + type: string + ExtraConfig: + default: {} + description: | + Additional configuration to inject into the cluster. The JSON should have + the following structure: + {"FILEKEY": + {"config": + [{"section": "SECTIONNAME", + "values": + [{"option": "OPTIONNAME", + "value": "VALUENAME" + } + ] + } + ] + } + } + For instance: + {"nova": + {"config": + [{"section": "default", + "values": + [{"option": "force_config_drive", + "value": "always" + } + ] + }, + {"section": "cells", + "values": + [{"option": "driver", + "value": "nova.cells.rpc_driver.CellsRPCDriver" + } + ] + } + ] + } + } + type: json + Flavor: + description: Flavor for block storage nodes to request when deploying. + type: string + constraints: + - custom_constraint: nova.flavor + GlancePort: + default: "9292" + description: Glance port. + type: string + KeyName: + default: default + description: Name of an existing EC2 KeyPair to enable SSH access to the instances + type: string + RabbitPassword: + default: '' + type: string + RabbitUserName: + default: '' + type: string + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + NtpServer: + type: string + default: '' + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation via Puppet + type: boolean + +resources: + BlockStorage: + type: OS::Nova::Server + properties: + image: + {get_param: Image} + flavor: {get_param: Flavor} + key_name: {get_param: KeyName} + user_data_format: SOFTWARE_CONFIG + networks: + - network: ctlplane + + BlockStorageDeployment: + type: OS::Heat::StructuredDeployment + properties: + server: {get_resource: BlockStorage} + config: {get_resource: BlockStorageConfig} + input_values: + cinder_dsn: {list_join: ['', ['mysql://cinder:unset@', {get_param: VirtualIP} , '/cinder']]} + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + cinder_lvm_loop_device_size: + str_replace: + template: sizeM + params: + size: {get_param: CinderLVMLoopDeviceSize} + cinder_iscsi_helper: {get_param: CinderISCSIHelper} + rabbit_hosts: + str_replace: + template: '["host"]' + params: + host: {get_param: VirtualIP} + rabbit_username: {get_param: RabbitUserName} + rabbit_password: {get_param: RabbitPassword} + ntp_servers: + str_replace: + template: '["server"]' + params: + server: {get_param: NtpServer} + enable_package_install: {get_param: EnablePackageInstall} + signal_transport: NO_SIGNAL + + # Map heat metadata into hiera datafiles + BlockStorageConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + hierarchy: + - heat_config_%{::deploy_config_name} + - volume + - common + datafiles: + common: + raw_data: {get_file: hieradata/common.yaml} + volume: + raw_data: {get_file: hieradata/volume.yaml} + oac_data: + cinder::volume::iscsi::iscsi_ip_address: local-ipv4 + mapped_data: + # Cinder + cinder::setup_test_volume::size: {get_input: cinder_lvm_loop_device_size} + cinder::volume::iscsi::iscsi_helper: {get_input: cinder_iscsi_helper} + cinder::database_connection: {get_input: cinder_dsn} + cinder::rabbit_hosts: {get_input: rabbit_hosts} + cinder::rabbit_userid: {get_input: rabbit_username} + cinder::rabbit_password: {get_input: rabbit_password} + ntp::servers: {get_input: ntp_servers} + enable_package_install: {get_input: enable_package_install} + + VolumePuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + outputs: + - name: result + config: + get_file: manifests/overcloud_volume.pp + + VolumePuppetDeployment: + type: OS::Heat::StructuredDeployment + properties: + name: puppet_1 + server: {get_resource: BlockStorage} + config: {get_resource: VolumePuppetConfig} + +outputs: + hosts_entry: + value: + str_replace: + template: "IP HOST HOST.novalocal" + params: + IP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + HOST: {get_attr: [BlockStorage, name]} diff --git a/puppet/compute-puppet.yaml b/puppet/compute-puppet.yaml new file mode 100644 index 00000000..ab2d0a32 --- /dev/null +++ b/puppet/compute-puppet.yaml @@ -0,0 +1,413 @@ +heat_template_version: 2014-10-16 + +description: > + OpenStack hypervisor node configured via Puppet. + +parameters: + AdminPassword: + default: unset + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + CeilometerComputeAgent: + description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly + type: string + default: '' + constraints: + - allowed_values: ['', Present] + CeilometerMeteringSecret: + default: unset + description: Secret shared by the ceilometer services. + type: string + hidden: true + CeilometerPassword: + default: unset + description: The password for the ceilometer service account. + type: string + hidden: true + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + ExtraConfig: + default: {} + description: | + Additional configuration to inject into the cluster. The JSON should have + the following structure: + {"FILEKEY": + {"config": + [{"section": "SECTIONNAME", + "values": + [{"option": "OPTIONNAME", + "value": "VALUENAME" + } + ] + } + ] + } + } + For instance: + {"nova": + {"config": + [{"section": "default", + "values": + [{"option": "force_config_drive", + "value": "always" + } + ] + }, + {"section": "cells", + "values": + [{"option": "driver", + "value": "nova.cells.rpc_driver.CellsRPCDriver" + } + ] + } + ] + } + } + type: json + Flavor: + description: Flavor for the nova compute node + type: string + constraints: + - custom_constraint: nova.flavor + GlanceHost: + type: string + default: '' # Has to be here because of the ignored empty value bug + GlancePort: + default: "9292" + description: Glance port. + type: string + GlanceProtocol: + default: http + description: Protocol to use when connecting to glance, set to https for SSL. + type: string + Image: + type: string + default: overcloud-compute + constraints: + - custom_constraint: glance.image + ImageUpdatePolicy: + default: 'REBUILD_PRESERVE_EPHEMERAL' + description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. + type: string + KeyName: + description: Name of an existing EC2 KeyPair to enable SSH access to the instances + type: string + default: default + constraints: + - custom_constraint: nova.keypair + KeystoneHost: + type: string + default: '' + NeutronBridgeMappings: + description: > + The OVS logical->physical bridge mappings to use. See the Neutron + documentation for details. Defaults to mapping br-ex - the external + bridge on hosts - to a physical name 'datacentre' which can be used + to create provider networks (and we use this for the default floating + network) - if changing this either use different post-install network + scripts or be sure to keep 'datacentre' as a mapping network name. + type: string + default: "" + NeutronEnableTunnelling: + type: string + default: "True" + NeutronFlatNetworks: + type: string + default: '' + description: > + If set, flat networks to configure in neutron plugins. + NeutronHost: + type: string + default: '' # Has to be here because of the ignored empty value bug + NeutronNetworkType: + type: string + description: The tenant network type for Neutron, either gre or vxlan. + default: 'gre' + NeutronNetworkVLANRanges: + default: 'datacentre' + description: > + The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the + Neutron documentation for permitted values. Defaults to permitting any + VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). + type: string + NeutronPassword: + default: unset + description: The password for the neutron service account, used by neutron agents. + type: string + hidden: true + NeutronPhysicalBridge: + default: '' + description: An OVS bridge to create for accessing external networks. + type: string + NeutronPublicInterface: + default: nic1 + description: A port to add to the NeutronPhysicalBridge. + type: string + NeutronTunnelTypes: + type: string + description: | + The tunnel types for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'gre,vxlan' + default: 'gre' + NeutronPublicInterfaceRawDevice: + default: '' + type: string + NeutronDVR: + default: 'False' + type: string + NeutronMetadataProxySharedSecret: + default: 'unset' + description: Shared secret to prevent spoofing + type: string + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'openvswitch,l2_population' + type: string + NeutronAllowL3AgentFailover: + default: 'True' + description: Allow automatic l3-agent failover + type: string + NeutronL3HA: #FIXME this isn't wired in + default: 'False' + description: Whether to enable l3-agent HA + type: string + NeutronAgentMode: + default: 'dvr_snat' + description: Agent mode for the neutron-l3-agent on the controller hosts + type: string + NovaApiHost: + type: string + default: '' # Has to be here because of the ignored empty value bug + NovaComputeDriver: + type: string + default: libvirt.LibvirtDriver + NovaComputeExtraConfig: + default: {} + description: | + NovaCompute specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + NovaComputeLibvirtType: + type: string + default: '' + NovaPassword: + default: unset + description: The password for the nova service account, used by nova-api. + type: string + hidden: true + NovaPublicIP: + type: string + default: '' # Has to be here because of the ignored empty value bug + NtpServer: + type: string + default: '' + RabbitHost: + type: string + default: '' # Has to be here because of the ignored empty value bug + RabbitPassword: + default: guest + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation via Puppet + type: boolean + +resources: + + NovaCompute: + type: OS::Nova::Server + properties: + image: + {get_param: Image} + image_update_policy: + get_param: ImageUpdatePolicy + flavor: {get_param: Flavor} + key_name: {get_param: KeyName} + networks: + - network: ctlplane + user_data_format: SOFTWARE_CONFIG + + NetworkConfig: + type: OS::TripleO::Net::SoftwareConfig + + NetworkDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + signal_transport: NO_SIGNAL + config: {get_attr: [NetworkConfig, config_id]} + server: {get_resource: NovaCompute} + input_values: + bridge_name: {get_param: NeutronPhysicalBridge} + interface_name: {get_param: NeutronPublicInterface} + + ComputePuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + outputs: + - name: result + config: + get_file: manifests/overcloud_compute.pp + + ComputePuppetDeployment: + type: OS::Heat::StructuredDeployment + properties: + server: {get_resource: NovaCompute} + config: {get_resource: ComputePuppetConfig} + + NovaComputeConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + hierarchy: + - heat_config_%{::deploy_config_name} + - compute + - common + datafiles: + common: + raw_data: {get_file: hieradata/common.yaml} + compute: + raw_data: {get_file: hieradata/compute.yaml} + oac_data: + nova::compute::vncserver_proxyclient_address: local-ipv4 + mapped_data: + #nova::debug: {get_input: debug} + nova_compute_driver: {get_input: nova_compute_driver} + nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} + nova_api_host: {get_input: nova_api_host} + nova::compute::vncproxy_host: {get_input: nova_public_ip} + nova_password: {get_input: nova_password} + #ceilometer::debug: {get_input: debug} + ceilometer::metering_secret: {get_input: ceilometer_metering_secret} + ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} + ceilometer_compute_agent: {get_input: ceilometer_compute_agent} + snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} + snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} + glance_host: {get_input: glance_host} + glance_port: {get_input: glance_port} + glance_protocol: {get_input: glance_protocol} + keystone_host: {get_input: keystone_host} + #neutron::debug: {get_input: debug} + neutron_flat_networks: {get_input: neutron_flat_networks} + neutron_host: {get_input: neutron_host} + neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} + neutron_tenant_network_type: {get_input: neutron_tenant_network_type} + neutron_tunnel_types: {get_input: neutron_tunnel_types} + neutron::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} + neutron_bridge_mappings: {get_input: neutron_bridge_mappings} + neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} + neutron_physical_bridge: {get_input: neutron_physical_bridge} + neutron_public_interface: {get_input: neutron_public_interface} + nova::network::neutron::neutron_admin_password: {get_input: neutron_password} + neutron_router_distributed: {get_input: neutron_router_distributed} + neutron_agent_mode: {get_input: neutron_agent_mode} + neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} + neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers} + neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover} + neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover} + neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} + admin_password: {get_input: admin_password} + nova::rabbit_host: {get_input: rabbit_host} + neutron::rabbit_host: {get_input: rabbit_host} + ceilometer::rabbit_host: {get_input: rabbit_host} + nova::rabbit_userid: {get_input: rabbit_username} + neutron::rabbit_user: {get_input: rabbit_username} + ceilometer::rabbit_userid: {get_input: rabbit_username} + nova::rabbit_password: {get_input: rabbit_password} + neutron::rabbit_password: {get_input: rabbit_password} + ceilometer::rabbit_password: {get_input: rabbit_password} + ntp::servers: {get_input: ntp_servers} + enable_package_install: {get_input: enable_package_install} + + NovaComputeDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + signal_transport: NO_SIGNAL + config: {get_resource: NovaComputeConfig} + server: {get_resource: NovaCompute} + input_values: + debug: {get_param: Debug} + nova_compute_driver: {get_param: NovaComputeDriver} + nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType} + nova_public_ip: {get_param: NovaPublicIP} + nova_api_host: {get_param: NovaApiHost} + nova_password: {get_param: NovaPassword} + ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} + ceilometer_password: {get_param: CeilometerPassword} + ceilometer_compute_agent: {get_param: CeilometerComputeAgent} + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + glance_host: {get_param: GlanceHost} + glance_port: {get_param: GlancePort} + glance_protocol: {get_param: GlanceProtocol} + keystone_host: {get_param: KeystoneHost} + neutron_flat_networks: {get_param: NeutronFlatNetworks} + neutron_host: {get_param: NeutronHost} + neutron_local_ip: {get_attr: [NovaCompute, networks, ctlplane, 0]} + neutron_tenant_network_type: {get_param: NeutronNetworkType} + neutron_tunnel_types: {get_param: NeutronTunnelTypes} + neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} + neutron_bridge_mappings: {get_param: NeutronBridgeMappings} + neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + neutron_physical_bridge: {get_param: NeutronPhysicalBridge} + neutron_public_interface: {get_param: NeutronPublicInterface} + neutron_password: {get_param: NeutronPassword} + neutron_agent_mode: {get_param: NeutronAgentMode} + neutron_router_distributed: {get_param: NeutronDVR} + neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} + neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} + neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} + admin_password: {get_param: AdminPassword} + rabbit_host: {get_param: RabbitHost} + rabbit_username: {get_param: RabbitUserName} + rabbit_password: {get_param: RabbitPassword} + ntp_servers: + str_replace: + template: '["server"]' + params: + server: {get_param: NtpServer} + enable_package_install: {get_param: EnablePackageInstall} + +outputs: + ip_address: + description: IP address of the server in the ctlplane network + value: {get_attr: [NovaCompute, networks, ctlplane, 0]} + hostname: + description: Hostname of the server + value: {get_attr: [NovaCompute, name]} + hosts_entry: + description: > + Server's IP address and hostname in the /etc/hosts format + value: + str_replace: + template: "IP HOST HOST.novalocal" + params: + IP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + HOST: {get_attr: [NovaCompute, name]} + nova_server_resource: + description: Heat resource handle for the Nova compute server + value: + {get_resource: NovaCompute} diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml new file mode 100644 index 00000000..399ad86b --- /dev/null +++ b/puppet/controller-puppet.yaml @@ -0,0 +1,868 @@ +heat_template_version: 2014-10-16 + +description: > + OpenStack controller node configured by Puppet. + +parameters: + AdminPassword: + default: unset + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + AdminToken: + default: unset + description: The keystone auth secret. + type: string + hidden: true + CeilometerMeteringSecret: + default: unset + description: Secret shared by the ceilometer services. + type: string + hidden: true + CeilometerPassword: + default: unset + description: The password for the ceilometer service account. + type: string + hidden: true + CinderISCSIHelper: + default: tgtadm + description: The iSCSI helper to use with cinder. + type: string + CinderLVMLoopDeviceSize: + default: 5000 + description: The size of the loopback file used by the cinder LVM driver. + type: number + CinderPassword: + default: unset + description: The password for the cinder service account, used by cinder-api. + type: string + hidden: true + CloudName: + default: '' + description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org + type: string + ControllerExtraConfig: + default: {} + description: | + Controller specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + ControlVirtualInterface: + default: 'br-ex' + description: Interface where virtual ip will be assigned. + type: string + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + ExtraConfig: + default: {} + description: | + Additional configuration to inject into the cluster. The JSON should have + the following structure: + {"FILEKEY": + {"config": + [{"section": "SECTIONNAME", + "values": + [{"option": "OPTIONNAME", + "value": "VALUENAME" + } + ] + } + ] + } + } + For instance: + {"nova": + {"config": + [{"section": "default", + "values": + [{"option": "compute_manager", + "value": "ironic.nova.compute.manager.ClusterComputeManager" + } + ] + }, + {"section": "cells", + "values": + [{"option": "driver", + "value": "nova.cells.rpc_driver.CellsRPCDriver" + } + ] + } + ] + } + } + type: json + Flavor: + description: Flavor for control nodes to request when deploying. + type: string + constraints: + - custom_constraint: nova.flavor + GlanceNotifierStrategy: + description: Strategy to use for Glance notification queue + type: string + default: noop + GlanceLogFile: + description: The filepath of the file to use for logging messages from Glance. + type: string + default: '' + GlancePassword: + default: unset + description: The password for the glance service account, used by the glance services. + type: string + hidden: true + GlancePort: + default: "9292" + description: Glance port. + type: string + GlanceProtocol: + default: http + description: Protocol to use when connecting to glance, set to https for SSL. + type: string + HeatPassword: + default: unset + description: The password for the Heat service account, used by the Heat services. + type: string + hidden: true + HeatStackDomainAdminPassword: + description: Password for heat_domain_admin user. + type: string + default: '' + hidden: true + Image: + type: string + default: overcloud-control + constraints: + - custom_constraint: glance.image + ImageUpdatePolicy: + default: 'REBUILD_PRESERVE_EPHEMERAL' + description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. + type: string + KeyName: + default: default + description: Name of an existing EC2 KeyPair to enable SSH access to the instances + type: string + constraints: + - custom_constraint: nova.keypair + KeystoneCACertificate: + default: '' + description: Keystone self-signed certificate authority certificate. + type: string + KeystoneSigningCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSigningKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true + KeystoneSSLCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSSLCertificateKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true + MysqlClusterUniquePart: + description: A unique identifier of the MySQL cluster the controller is in. + type: string + default: 'unset' # Has to be here because of the ignored empty value bug + # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446 + # constraints: + # - length: {min: 4, max: 10} + MysqlInnodbBufferPoolSize: + description: > + Specifies the size of the buffer pool in megabytes. Setting to + zero should be interpreted as "no value" and will defer to the + lower level default. + type: number + default: 0 + MysqlRootPassword: + type: string + hidden: true + default: '' # Has to be here because of the ignored empty value bug + NeutronBridgeMappings: + description: > + The OVS logical->physical bridge mappings to use. See the Neutron + documentation for details. Defaults to mapping br-ex - the external + bridge on hosts - to a physical name 'datacentre' which can be used + to create provider networks (and we use this for the default floating + network) - if changing this either use different post-install network + scripts or be sure to keep 'datacentre' as a mapping network name. + type: string + default: "" + NeutronDnsmasqOptions: + default: 'dhcp-option-force=26,1400' + description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. + type: string + NeutronAgentMode: + default: 'dvr_snat' + description: Agent mode for the neutron-l3-agent on the controller hosts + type: string + NeutronL3HA: #FIXME this isn't wired in + default: 'False' + description: Whether to enable l3-agent HA + type: string + NeutronDVR: + default: 'False' + description: Whether to configure Neutron Distributed Virtual Routers + type: string + NeutronMetadataProxySharedSecret: + default: 'unset' + description: Shared secret to prevent spoofing + type: string + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'openvswitch,l2_population' + type: string + NeutronAllowL3AgentFailover: + default: 'True' + description: Allow automatic l3-agent failover + type: string + NeutronEnableTunnelling: + type: string + default: "True" + NeutronFlatNetworks: + type: string + default: '' + description: If set, flat networks to configure in neutron plugins. + NeutronNetworkType: + default: 'gre' + description: The tenant network type for Neutron, either gre or vxlan. + type: string + NeutronNetworkVLANRanges: + default: 'datacentre' + description: > + The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the + Neutron documentation for permitted values. Defaults to permitting any + VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). + type: string + NeutronPassword: + default: unset + description: The password for the neutron service account, used by neutron agents. + type: string + hidden: true + NeutronPublicInterface: + default: nic1 + description: What interface to bridge onto br-ex for network nodes. + type: string + NeutronPublicInterfaceTag: + default: '' + description: > + VLAN tag for creating a public VLAN. The tag will be used to + create an access port on the exterior bridge for each control plane node, + and that port will be given the IP address returned by neutron from the + public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling + overcloud.yaml to include the deployment of VLAN ports to the control + plane. + type: string + NeutronPublicInterfaceDefaultRoute: + default: '' + description: A custom default route for the NeutronPublicInterface. + type: string + NeutronPublicInterfaceIP: + default: '' + description: A custom IP address to put onto the NeutronPublicInterface. + type: string + NeutronPublicInterfaceRawDevice: + default: '' + description: If set, the public interface is a vlan with this device as the raw device. + type: string + NeutronTunnelTypes: + default: 'gre' + description: | + The tunnel types for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'gre,vxlan' + type: string + NovaPassword: + default: unset + description: The password for the nova service account, used by nova-api. + type: string + hidden: true + NtpServer: + type: string + default: '' + PublicVirtualInterface: + default: 'br-ex' + description: > + Specifies the interface where the public-facing virtual ip will be assigned. + This should be int_public when a VLAN is being used. + type: string + PublicVirtualIP: + type: string + default: '' # Has to be here because of the ignored empty value bug + RabbitCookie: + type: string + default: '' # Has to be here because of the ignored empty value bug + hidden: true + RabbitPassword: + default: guest + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + SSLCACertificate: + default: '' + description: If set, the contents of an SSL certificate authority file. + type: string + SSLCertificate: + default: '' + description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints. + type: string + hidden: true + SSLKey: + default: '' + description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. + type: string + hidden: true + SwiftHashSuffix: + default: unset + description: A random string to be used as a salt when hashing to determine mappings + in the ring. + hidden: true + type: string + SwiftMountCheck: + default: 'false' + description: Value of mount_check in Swift account/container/object -server.conf + type: boolean + SwiftMinPartHours: + type: number + default: 1 + description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. + SwiftPartPower: + default: 10 + description: Partition Power to use when building Swift rings + type: number + SwiftPassword: + default: unset + description: The password for the swift service account, used by the swift proxy + services. + hidden: true + type: string + SwiftReplicas: + type: number + default: 3 + description: How many replicas to use in the swift rings. + VirtualIP: + type: string + default: '' # Has to be here because of the ignored empty value bug + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation via Puppet + type: boolean + +resources: + + Controller: + type: OS::Nova::Server + properties: + image: {get_param: Image} + image_update_policy: {get_param: ImageUpdatePolicy} + flavor: {get_param: Flavor} + key_name: {get_param: KeyName} + networks: + - network: ctlplane + user_data_format: SOFTWARE_CONFIG + + NetworkConfig: + type: OS::TripleO::Net::SoftwareConfig + + NetworkDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + signal_transport: NO_SIGNAL + config: {get_attr: [NetworkConfig, config_id]} + server: {get_resource: Controller} + input_values: + bridge_name: br-ex + interface_name: {get_param: NeutronPublicInterface} + + ControllerDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + signal_transport: NO_SIGNAL + config: {get_resource: ControllerConfig} + server: {get_resource: Controller} + input_values: + bootstack_nodeid: {get_attr: [Controller, name]} + controller_host: {get_attr: [Controller, networks, ctlplane, 0]} + controller_virtual_ip: {get_param: VirtualIP} + neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + heat.watch_server_url: + list_join: + - '' + - - 'http://' + - {get_param: VirtualIP} + - ':8003' + heat.metadata_server_url: + list_join: + - '' + - - 'http://' + - {get_param: VirtualIP} + - ':8000' + heat.waitcondition_server_url: + list_join: + - '' + - - 'http://' + - {get_param: VirtualIP} + - ':8000/v1/waitcondition' + admin_password: {get_param: AdminPassword} + admin_token: {get_param: AdminToken} + neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} + debug: {get_param: Debug} + cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} + cinder_password: {get_param: CinderPassword} + cinder_iscsi_helper: {get_param: CinderISCSIHelper} + cinder_dsn: + list_join: + - '' + - - 'mysql://cinder:unset@' + - {get_param: VirtualIP} + - '/cinder' + glance_port: {get_param: GlancePort} + glance_protocol: {get_param: GlanceProtocol} + glance_password: {get_param: GlancePassword} + glance_notifier_strategy: {get_param: GlanceNotifierStrategy} + glance_log_file: {get_param: GlanceLogFile} + glance_dsn: + list_join: + - '' + - - 'mysql://glance:unset@' + - {get_param: VirtualIP} + - '/glance' + heat_password: {get_param: HeatPassword} + heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} + heat_dsn: + list_join: + - '' + - - 'mysql://heat:unset@' + - {get_param: VirtualIP} + - '/heat' + keystone_ca_certificate: {get_param: KeystoneCACertificate} + keystone_signing_key: {get_param: KeystoneSigningKey} + keystone_signing_certificate: {get_param: KeystoneSigningCertificate} + keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} + keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone_dsn: + list_join: + - '' + - - 'mysql://keystone:unset@' + - {get_param: VirtualIP} + - '/keystone' + mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} + mysql_root_password: {get_param: MysqlRootPassword} + mysql_cluster_name: + str_replace: + template: tripleo-CLUSTER + params: + CLUSTER: {get_param: MysqlClusterUniquePart} + neutron_flat_networks: {get_param: NeutronFlatNetworks} + neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + neutron_agent_mode: {get_param: NeutronAgentMode} + neutron_router_distributed: {get_param: NeutronDVR} + neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} + neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} + neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} + neutron_bridge_mappings: {get_param: NeutronBridgeMappings} + neutron_public_interface: {get_param: NeutronPublicInterface} + neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} + neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute} + neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag} + neutron_tenant_network_type: {get_param: NeutronNetworkType} + neutron_tunnel_types: {get_param: NeutronTunnelTypes} + neutron_password: {get_param: NeutronPassword} + neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions} + neutron_dsn: + list_join: + - '' + - - 'mysql://neutron:unset@' + - {get_param: VirtualIP} + - '/ovs_neutron?charset=utf8' + ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} + ceilometer_password: {get_param: CeilometerPassword} + ceilometer_dsn: + list_join: + - '' + - - 'mysql://ceilometer:unset@' + - {get_param: VirtualIP} + - '/ceilometer' + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + nova_password: {get_param: NovaPassword} + nova_dsn: + list_join: + - '' + - - 'mysql://nova:unset@' + - {get_param: VirtualIP} + - '/nova' + rabbit_username: {get_param: RabbitUserName} + rabbit_password: {get_param: RabbitPassword} + rabbit_cookie: {get_param: RabbitCookie} + rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} + rabbit_client_port: {get_param: RabbitClientPort} + ntp_servers: + str_replace: + template: '["server"]' + params: + server: {get_param: NtpServer} + control_virtual_interface: {get_param: ControlVirtualInterface} + public_virtual_interface: {get_param: PublicVirtualInterface} + public_virtual_ip: {get_param: PublicVirtualIP} + swift_hash_suffix: {get_param: SwiftHashSuffix} + swift_password: {get_param: SwiftPassword} + swift_part_power: {get_param: SwiftPartPower} + swift_replicas: {get_param: SwiftReplicas} + swift_min_part_hours: {get_param: SwiftMinPartHours} + swift_mount_check: {get_param: SwiftMountCheck} + enable_package_install: {get_param: EnablePackageInstall} + + # Map heat metadata into hiera datafiles + ControllerConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + hierarchy: + - heat_config_%{::deploy_config_name} + - controller + - object + - common + datafiles: + common: + raw_data: {get_file: hieradata/common.yaml} + object: + raw_data: {get_file: hieradata/object.yaml} + controller: + raw_data: {get_file: hieradata/controller.yaml} + oac_data: # data we map in from other OAC configurations + bootstrap_nodeid: bootstrap_host.bootstrap_nodeid + # Swift + tripleo::ringbuilder::devices: swift.devices + mapped_data: # data supplied directly to this deployment configuration, etc + debug: {get_input: debug} + bootstack_nodeid: {get_input: bootstack_nodeid} + controller_host: {get_input: controller_host} #local-ipv4 + # Swift + swift::proxy::proxy_local_net_ip: {get_input: controller_host} + swift::proxy::authtoken::auth_host: {get_input: controller_virtual_ip} + swift::storage::all::storage_local_net_ip: {get_input: controller_host} + swift::swift_hash_suffix: {get_input: swift_hash_suffix} + swift::proxy::authtoken::admin_password: {get_input: swift_password} + tripleo::ringbuilder::part_power: {get_input: swift_part_power} + tripleo::ringbuilder::replicas: {get_input: swift_replicas} + tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} + swift_mount_check: {get_input: swift_mount_check} + + # NOTE(dprince): build_ring support is currently not wired in. + # See: https://review.openstack.org/#/c/109225/ + tripleo::ringbuilder::build_ring: True + # Cinder + cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size} + cinder::volume::iscsi::iscsi_helper: {get_input: cinder_iscsi_helper} + cinder::volume::iscsi::iscsi_ip_address: {get_input: controller_host} + cinder::database_connection: {get_input: cinder_dsn} + cinder::api::keystone_password: {get_input: cinder_password} + cinder::api::keystone_auth_host: {get_input: controller_virtual_ip} + cinder::api::bind_host: {get_input: controller_host} + cinder::rabbit_userid: {get_input: rabbit_username} + cinder::rabbit_password: {get_input: rabbit_password} + #cinder::debug: {get_input: debug} + # Glance + glance::api::bind_port: {get_input: glance_port} + glance::api::bind_host: {get_input: controller_host} + glance::api::auth_host: {get_input: controller_virtual_ip} + glance::api::registry_host: {get_input: controller_host} + glance::api::keystone_password: {get_input: glance_password} + # used to construct glance_api_servers + glance_port: {get_input: glance_port} + glance_protocol: {get_input: glance_protocol} + glance_notifier_strategy: {get_input: glance_notifier_strategy} + glance_log_file: {get_input: glance_log_file} + glance_log_file: {get_input: glance_log_file} + glance::api::database_connection: {get_input: glance_dsn} + glance::registry::keystone_password: {get_input: glance_password} + glance::registry::database_connection: {get_input: glance_dsn} + glance::registry::bind_host: {get_input: controller_host} + glance::registry::auth_host: {get_input: controller_virtual_ip} + glance::backend::swift::swift_store_user: service:glance + glance::backend::swift::swift_store_key: {get_input: glance_password} + # Heat + heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} + heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url} + heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url} + heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url} + heat::engine::auth_encryption_key: unset___________ + heat::rabbit_userid: {get_input: rabbit_username} + heat::rabbit_password: {get_input: rabbit_password} + heat::rabbit_host: {get_input: controller_virtual_ip} + heat::keystone_host: {get_input: controller_virtual_ip} + heat::keystone_password: {get_input: heat_password} + heat::api::bind_host: {get_input: controller_host} + heat::api_cloudwatch::bind_host: {get_input: controller_host} + heat::api_cfn::bind_host: {get_input: controller_host} + heat::database_connection: {get_input: heat_dsn} + + # Keystone + keystone::admin_token: {get_input: admin_token} + keystone_ca_certificate: {get_input: keystone_ca_certificate} + keystone_signing_key: {get_input: keystone_signing_key} + keystone_signing_certificate: {get_input: keystone_signing_certificate} + keystone_ssl_certificate: {get_input: keystone_ssl_certificate} + keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key} + keystone::database_connection: {get_input: keystone_dsn} + keystone::public_bind_host: {get_input: controller_host} + keystone::admin_bind_host: {get_input: controller_host} + #keystone::debug: {get_input: debug} + # MySQL + admin_password: {get_input: admin_password} + mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} + mysql_root_password: {get_input: mysql_root_password} + mysql_cluster_name: {get_input: mysql_cluster_name} + # Neutron + neutron::bind_host: {get_input: controller_host} + neutron::rabbit_password: {get_input: rabbit_password} + neutron::rabbit_user: {get_input: rabbit_user} + #neutron::debug: {get_input: debug} + neutron::server::auth_host: {get_input: controller_virtual_ip} + neutron::server::database_connection: {get_input: neutron_dsn} + neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} + neutron::agents::ml2::ovs::local_ip: {get_input: controller_host} + neutron_flat_networks: {get_input: neutron_flat_networks} + neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret} + neutron::agents::metadata::metadata_ip: {get_input: controller_virtual_ip} + neutron_agent_mode: {get_input: neutron_agent_mode} + neutron_router_distributed: {get_input: neutron_router_distributed} + neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers} + neutron_allow_l3agent_failover: {get_input: neutron_allow_l3agent_failover} + neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} + neutron_bridge_mappings: {get_input: neutron_bridge_mappings} + neutron_public_interface: {get_input: neutron_public_interface} + neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} + neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route} + neutron_public_interface_tag: {get_input: neutron_public_interface_tag} + neutron_tenant_network_type: {get_input: neutron_tenant_network_type} + neutron_tunnel_types: {get_input: neutron_tunnel_types} + neutron::server::auth_password: {get_input: neutron_password} + neutron::agents::metadata::auth_password: {get_input: neutron_password} + neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options} + neutron_dsn: {get_input: neutron_dsn} + # Ceilometer + ceilometer::metering_secret: {get_input: ceilometer_metering_secret} + ceilometer::rabbit_userid: {get_input: rabbit_username} + ceilometer::rabbit_password: {get_input: rabbit_password} + ceilometer::rabbit_host: {get_input: controller_virtual_ip} + ceilometer::api::host: {get_input: controller_host} + ceilometer::api::keystone_password: {get_input: ceilometer_password} + ceilometer::api::keystone_host: {get_input: controller_virtual_ip} + ceilometer::db::database_connection: {get_input: ceilometer_dsn} + ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} + snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} + snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} + # Nova + nova::rabbit_userid: {get_input: rabbit_username} + nova::rabbit_password: {get_input: rabbit_password} + nova::api::auth_host: {get_input: controller_virtual_ip} + nova::api::api_bind_address: {get_input: controller_host} + nova::api::metadata_listen: {get_input: controller_host} + nova::api::admin_password: {get_input: nova_password} + nova::database_connection: {get_input: nova_dsn} + nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} + # Rabbit + rabbit_username: {get_input: rabbit_username} + rabbit_password: {get_input: rabbit_password} + rabbit_cookie: {get_input: rabbit_cookie} + rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl} + rabbit_client_port: {get_input: rabbit_client_port} + # Misc + neutron_public_interface_ip: {get_input: neutron_public_interface_ip} + ntp::servers: {get_input: ntp_servers} + control_virtual_interface: {get_input: control_virtual_interface} + controller_virtual_ip: {get_input: controller_virtual_ip} + public_virtual_interface: {get_input: public_virtual_interface} + public_virtual_ip: {get_input: public_virtual_ip} + enable_package_install: {get_input: enable_package_install} + + # NOTE(dprince): this example uses a composition class + # on the puppet side (loadbalancer.pp). This seemed like the + # cleanest way to encapulate the puppet resources definitions + # for HAProxy and Keepalived. + ControllerLoadbalancerPuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + options: + enable_hiera: True + enable_facter: False + inputs: + - name: tripleo::loadbalancer::keystone_admin + default: true + - name: tripleo::loadbalancer::keystone_public + default: true + - name: tripleo::loadbalancer::neutron + default: true + - name: tripleo::loadbalancer::cinder + default: true + - name: tripleo::loadbalancer::glance_api + default: true + - name: tripleo::loadbalancer::glance_registry + default: true + - name: tripleo::loadbalancer::nova_ec2 + default: true + - name: tripleo::loadbalancer::nova_osapi + default: true + - name: tripleo::loadbalancer::nova_metadata + default: true + - name: tripleo::loadbalancer::nova_novncproxy + default: true + - name: tripleo::loadbalancer::mysql + default: true + - name: tripleo::loadbalancer::rabbitmq + default: true + - name: tripleo::loadbalancer::swift_proxy_server + default: true + - name: tripleo::loadbalancer::ceilometer + default: true + - name: tripleo::loadbalancer::heat_api + default: true + - name: tripleo::loadbalancer::heat_cloudwatch + default: true + - name: tripleo::loadbalancer::heat_cfn + default: true + outputs: + - name: result + config: + get_file: manifests/loadbalancer.pp + + ControllerLoadbalancerPuppetDeployment: + type: OS::Heat::SoftwareDeployment + properties: + name: puppet_1 + server: {get_resource: Controller} + config: {get_resource: ControllerLoadbalancerPuppetConfig} + + ControllerPuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + options: + enable_hiera: True + enable_facter: False + inputs: + - name: step + outputs: + - name: result + config: + get_file: manifests/overcloud_controller.pp + + # Step through a series of Puppet runs using the same manifest. + # NOTE(dprince): Heat breakpoints would make for a really cool way to step + # through breakpoints in a controlled manner across the entire cluster + ControllerPuppetDeploymentServicesBase: + type: OS::Heat::StructuredDeployment + properties: + name: puppet_2 + server: {get_resource: Controller} + config: {get_resource: ControllerPuppetConfig} + input_values: + step: 1 + actions: ['CREATE'] # no need for two passes on an UPDATE + + ControllerRingbuilderPuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + options: + enable_hiera: True + enable_facter: False + inputs: + outputs: + - name: result + config: + get_file: manifests/ringbuilder.pp + + ControllerRingbuilderPuppetDeployment: + type: OS::Heat::StructuredDeployment + properties: + name: puppet_3 + server: {get_resource: Controller} + config: {get_resource: ControllerRingbuilderPuppetConfig} + + ControllerPuppetDeploymentOvercloudServices: + type: OS::Heat::StructuredDeployment + properties: + name: puppet_4 + server: {get_resource: Controller} + config: {get_resource: ControllerPuppetConfig} + input_values: + step: 2 + +outputs: + ip_address: + description: IP address of the server in the ctlplane network + value: {get_attr: [Controller, networks, ctlplane, 0]} + hostname: + description: Hostname of the server + value: {get_attr: [Controller, name]} + corosync_node: + description: > + Node object in the format {ip: ..., name: ...} format that the corosync + element expects + value: + ip: {get_attr: [Controller, networks, ctlplane, 0]} + name: {get_attr: [Controller, name]} + hosts_entry: + description: > + Server's IP address and hostname in the /etc/hosts format + value: + str_replace: + template: IP HOST HOST.novalocal CLOUDNAME + params: + IP: {get_attr: [Controller, networks, ctlplane, 0]} + HOST: {get_attr: [Controller, name]} + CLOUDNAME: {get_param: CloudName} + nova_server_resource: + description: Heat resource handle for the Nova compute server + value: + {get_resource: Controller} + swift_device: + description: Swift device formatted for swift-ring-builder + value: + str_replace: + template: 'r1z1-IP:%PORT%/d1' + params: + IP: {get_attr: [Controller, networks, ctlplane, 0]} + swift_proxy_memcache: + description: Swift proxy-memcache value + value: + str_replace: + template: "IP:11211" + params: + IP: {get_attr: [Controller, networks, ctlplane, 0]} diff --git a/puppet/loadbalancer.pp b/puppet/manifests/loadbalancer.pp index 88e6bdd4..88e6bdd4 100644 --- a/puppet/loadbalancer.pp +++ b/puppet/manifests/loadbalancer.pp diff --git a/puppet/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 0d2790b2..0d2790b2 100644 --- a/puppet/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp diff --git a/puppet/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 4801107b..4801107b 100644 --- a/puppet/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp diff --git a/puppet/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index 8d0ad783..8d0ad783 100644 --- a/puppet/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp diff --git a/puppet/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp index b433321a..b433321a 100644 --- a/puppet/overcloud_volume.pp +++ b/puppet/manifests/overcloud_volume.pp diff --git a/puppet/ringbuilder.pp b/puppet/manifests/ringbuilder.pp index 531706d2..531706d2 100644 --- a/puppet/ringbuilder.pp +++ b/puppet/manifests/ringbuilder.pp diff --git a/puppet/swift-storage-puppet.yaml b/puppet/swift-storage-puppet.yaml new file mode 100644 index 00000000..7a831a58 --- /dev/null +++ b/puppet/swift-storage-puppet.yaml @@ -0,0 +1,171 @@ +heat_template_version: 2014-10-16 +description: 'Common Swift Storage Configuration' +parameters: + Flavor: + description: Flavor for Swift storage nodes to request when deploying. + type: string + constraints: + - custom_constraint: nova.flavor + HashSuffix: + default: unset + description: A random string to be used as a salt when hashing to determine mappings + in the ring. + hidden: true + type: string + Image: + default: overcloud-swift-storage + type: string + KeyName: + default: default + description: Name of an existing EC2 KeyPair to enable SSH access to the instances + type: string + MountCheck: + default: 'false' + description: Value of mount_check in Swift account/container/object -server.conf + type: boolean + MinPartHours: + type: number + default: 1 + description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. + PartPower: + default: 10 + description: Partition Power to use when building Swift rings + type: number + Replicas: + type: number + default: 3 + description: How many replicas to use in the swift rings. + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + NtpServer: + type: string + default: '' + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation via Puppet + type: boolean + +resources: + + SwiftStorage: + type: OS::Nova::Server + properties: + image: {get_param: Image} + flavor: {get_param: Flavor} + key_name: {get_param: KeyName} + user_data_format: SOFTWARE_CONFIG + networks: + - network: ctlplane + + StoragePuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + outputs: + - name: result + config: + get_file: manifests/overcloud_object.pp + + StoragePuppetDeployment: + type: OS::Heat::StructuredDeployment + properties: + name: puppet_1 + server: {get_resource: SwiftStorage} + config: {get_resource: StoragePuppetConfig} + + StorageRingbuilderPuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + outputs: + - name: result + config: + get_file: manifests/ringbuilder.pp + + StorageRingbuilderPuppetDeployment: + type: OS::Heat::StructuredDeployment + properties: + name: puppet_2 + server: {get_resource: SwiftStorage} + config: {get_resource: StorageRingbuilderPuppetConfig} + + SwiftStorageHieraConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + hierarchy: + - heat_config_%{::deploy_config_name} + - object + - common + datafiles: + common: + raw_data: {get_file: hieradata/common.yaml} + object: + raw_data: {get_file: hieradata/object.yaml} + oac_data: # data we map in from other OAC configurations + tripleo::ringbuilder::devices: swift.devices + mapped_data: # data supplied directly to this deployment configuration, etc + swift::swift_hash_suffix: { get_input: swift_hash_suffix } + tripleo::ringbuilder::part_power: { get_input: swift_part_power } + tripleo::ringbuilder::replicas: {get_input: swift_replicas } + # Swift + swift::storage::all::storage_local_net_ip: {get_input: local_ip} + swift_mount_check: {get_input: swift_mount_check } + tripleo::ringbuilder::min_part_hours: { get_input: swift_min_part_hours } + ntp::servers: {get_input: ntp_servers} + # NOTE(dprince): build_ring support is currently not wired in. + # See: https://review.openstack.org/#/c/109225/ + tripleo::ringbuilder::build_ring: True + enable_package_install: {get_input: enable_package_install} + + + SwiftStorageHieraDeploy: + type: OS::Heat::StructuredDeployment + properties: + server: {get_resource: SwiftStorage} + config: {get_resource: SwiftStorageHieraConfig} + signal_transport: NO_SIGNAL + input_values: + local_ip: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + swift_hash_suffix: {get_param: HashSuffix} + swift_mount_check: {get_param: MountCheck} + swift_min_part_hours: {get_param: MinPartHours} + swift_part_power: {get_param: PartPower} + swift_replicas: { get_param: Replicas} + ntp_servers: + str_replace: + template: '["server"]' + params: + server: {get_param: NtpServer} + enable_package_install: {get_param: EnablePackageInstall} + +outputs: + hosts_entry: + value: + str_replace: + template: "IP HOST HOST.novalocal" + params: + IP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + HOST: {get_attr: [SwiftStorage, name]} + nova_server_resource: + description: Heat resource handle for the swift storage server + value: + {get_resource: SwiftStorage} + swift_device: + description: Swift device formatted for swift-ring-builder + value: + str_replace: + template: 'r1z1-IP:%PORT%/d1' + params: + IP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} |