diff options
Diffstat (limited to 'puppet')
55 files changed, 977 insertions, 1267 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index b065ddd2..7602d8d0 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -56,7 +56,12 @@ parameters: type: comma_delimited_list sahara_api_node_ips: type: comma_delimited_list - + ironic_api_node_ips: + type: comma_delimited_list + ceph_mon_node_ips: + type: comma_delimited_list + ceph_mon_node_names: + type: comma_delimited_list DeployIdentifier: type: string description: > @@ -294,7 +299,31 @@ resources: list_join: - "','" - {get_param: sahara_api_node_ips} + ironic_api_node_ips: + str_replace: + template: "['SERVERS_LIST']" + params: + SERVERS_LIST: + list_join: + - "','" + - {get_param: ironic_api_node_ips} + tripleo::profile::base::ceph::ceph_mon_initial_members: + list_join: + - ',' + - {get_param: ceph_mon_node_names} + tripleo::profile::base::ceph::ceph_mon_host: + list_join: + - ',' + - {get_param: ceph_mon_node_ips} + tripleo::profile::base::ceph::ceph_mon_host_v6: + str_replace: + template: "'[IPS_LIST]'" + params: + IPS_LIST: + list_join: + - '],[' + - {get_param: ceph_mon_node_ips} # NOTE(gfidente): interpolation with %{} in the # hieradata file can't be used as it returns string ceilometer::rabbit_hosts: *rabbit_nodes_array @@ -306,6 +335,7 @@ resources: nova::rabbit_hosts: *rabbit_nodes_array keystone::rabbit_hosts: *rabbit_nodes_array sahara::rabbit_hosts: *rabbit_nodes_array + ironic::rabbit_hosts: *rabbit_nodes_array deploy_identifier: {get_param: DeployIdentifier} update_identifier: {get_param: UpdateIdentifier} diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index 6beb751f..2e329989 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -2,52 +2,15 @@ heat_template_version: 2015-04-30 description: 'Ceph Cluster config data for Puppet' parameters: - ceph_storage_count: - default: 0 - type: number - description: Number of Ceph storage nodes. Used to enable/disable managed Ceph installation. - ceph_external_mon_ips: - default: '' - type: string - description: List of external Ceph Mon host IPs. - ceph_client_key: - default: '' - type: string - description: Ceph key used to create the client user keyring. - ceph_fsid: - default: '' - type: string - ceph_admin_key: - default: '' - type: string - ceph_mon_key: - default: '' - type: string - ceph_mon_names: - type: comma_delimited_list - ceph_mon_ips: - type: comma_delimited_list NovaRbdPoolName: default: vms type: string - CinderRbdPoolName: - default: volumes - type: string - CinderBackupRbdPoolName: - default: backups - type: string - GlanceRbdPoolName: - default: images - type: string GnocchiRbdPoolName: default: metrics type: string CephClientUserName: default: openstack type: string - CephIPv6: - default: False - type: boolean resources: CephClusterConfigImpl: @@ -59,66 +22,10 @@ resources: datafiles: ceph_cluster: mapped_data: - ceph_ipv6: {get_param: CephIPv6} - ceph_storage_count: {get_param: ceph_storage_count} - ceph_mon_initial_members: - list_join: - - ',' - - {get_param: ceph_mon_names} - ceph_mon_host: - list_join: - - ',' - - {get_param: ceph_mon_ips} - ceph_mon_host_v6: - str_replace: - template: "'[IPS_LIST]'" - params: - IPS_LIST: - list_join: - - '],[' - - {get_param: ceph_mon_ips} - ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} - ceph::profile::params::fsid: {get_param: ceph_fsid} - ceph::profile::params::mon_key: {get_param: ceph_mon_key} - # We should use a separated key for the non-admin clients - ceph::profile::params::client_keys: - str_replace: - template: "{ - client.admin: { - secret: 'ADMIN_KEY', - mode: '0600', - cap_mon: 'allow *', - cap_osd: 'allow *', - cap_mds: 'allow *' - }, - client.bootstrap-osd: { - secret: 'ADMIN_KEY', - keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring', - cap_mon: 'allow profile bootstrap-osd' - }, - client.CLIENT_USER: { - secret: 'CLIENT_KEY', - mode: '0644', - cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' - } - }" - params: - CLIENT_USER: {get_param: CephClientUserName} - CLIENT_KEY: {get_param: ceph_client_key} - ADMIN_KEY: {get_param: ceph_admin_key} - NOVA_POOL: {get_param: NovaRbdPoolName} - CINDER_POOL: {get_param: CinderRbdPoolName} - CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} - GLANCE_POOL: {get_param: GlanceRbdPoolName} - GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} - tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: {get_param: CinderRbdPoolName} - glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} - glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} nova::compute::rbd::rbd_keyring: list_join: - '.' @@ -131,13 +38,6 @@ resources: - 'client' - {get_param: CephClientUserName} - 'keyring' - tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName} - ceph_pools: - - {get_param: CinderRbdPoolName} - - {get_param: CinderBackupRbdPoolName} - - {get_param: NovaRbdPoolName} - - {get_param: GlanceRbdPoolName} - - {get_param: GnocchiRbdPoolName} outputs: config_id: diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml index 2b9ae751..70baeb6e 100644 --- a/puppet/ceph-storage-post.yaml +++ b/puppet/ceph-storage-post.yaml @@ -10,13 +10,12 @@ parameters: type: boolean servers: type: json - NodeConfigIdentifiers: - type: json + RoleData: + type: json + default: {} + DeployIdentifier: + type: string description: Value which changes if the node configuration may need to be re-applied - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' resources: @@ -29,7 +28,7 @@ resources: servers: {get_param: servers} config: {get_resource: CephStorageArtifactsConfig} input_values: - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} CephStoragePuppetConfig: type: OS::Heat::SoftwareConfig @@ -47,7 +46,7 @@ resources: list_join: - '' - - get_file: manifests/overcloud_cephstorage.pp - - {get_param: StepConfig} + - {get_param: [RoleData, step_config]} CephStorageDeployment_Step2: type: OS::Heat::StructuredDeployments @@ -58,7 +57,7 @@ resources: config: {get_resource: CephStoragePuppetConfig} input_values: step: 2 - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} CephStorageDeployment_Step3: type: OS::Heat::StructuredDeployments @@ -69,7 +68,7 @@ resources: config: {get_resource: CephStoragePuppetConfig} input_values: step: 3 - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} # Note, this should come last, so use depends_on to ensure # this is created after any other resources. diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index 7a71ea80..caceb0bc 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -30,10 +30,6 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json - TimeZone: - default: 'UTC' - description: The timezone to be set on Ceph nodes. - type: string UpdateIdentifier: default: '' type: string @@ -228,7 +224,6 @@ resources: config: {get_resource: CephStorageConfig} server: {get_resource: CephStorage} input_values: - timezone: {get_param: TimeZone} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} @@ -248,6 +243,7 @@ resources: - service_configs - ceph_cluster # provided by CephClusterConfig - ceph + - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - common - network @@ -269,7 +265,6 @@ resources: ceph: raw_data: {get_file: hieradata/ceph.yaml} mapped_data: - timezone::timezone: {get_input: timezone} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} @@ -383,12 +378,3 @@ outputs: management_ip_address: description: IP address of the server in the management network value: {get_attr: [ManagementPort, ip_address]} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: - list_join: - - ',' - - - {get_attr: [CephStorageDeployment, deploy_stdout]} - - {get_attr: [NodeTLSCAData, deploy_stdout]} - - {get_attr: [CephStorageExtraConfigPre, deploy_stdout]} - - {get_param: UpdateIdentifier} diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml index f470203f..c3dd403e 100644 --- a/puppet/cinder-storage-post.yaml +++ b/puppet/cinder-storage-post.yaml @@ -8,9 +8,12 @@ parameters: type: boolean servers: type: json - NodeConfigIdentifiers: - type: json + DeployIdentifier: + type: string description: Value which changes if the node configuration may need to be re-applied + RoleData: + type: json + default: {} resources: @@ -23,7 +26,7 @@ resources: servers: {get_param: servers} config: {get_resource: VolumeArtifactsConfig} input_values: - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} VolumePuppetConfig: type: OS::Heat::SoftwareConfig @@ -32,22 +35,55 @@ resources: group: puppet options: enable_debug: {get_param: ConfigDebug} + enable_hiera: True + enable_facter: False + inputs: + - name: step outputs: - name: result config: - get_file: manifests/overcloud_volume.pp + list_join: + - '' + - - get_file: manifests/overcloud_volume.pp + - {get_param: [RoleData, step_config]} + + VolumeDeployment_Step2: + type: OS::Heat::StructuredDeployments + depends_on: VolumeArtifactsDeploy + properties: + name: VolumeDeployment_Step2 + servers: {get_param: servers} + config: {get_resource: VolumePuppetConfig} + input_values: + step: 2 + update_identifier: {get_param: DeployIdentifier} - VolumeDeployment_Step1: + VolumeDeployment_Step3: type: OS::Heat::StructuredDeployments + depends_on: VolumeDeployment_Step2 properties: - name: VolumeDeployment_Step1 + name: VolumeDeployment_Step3 servers: {get_param: servers} config: {get_resource: VolumePuppetConfig} + input_values: + step: 3 + update_identifier: {get_param: DeployIdentifier} + + VolumeDeployment_Step4: + type: OS::Heat::StructuredDeployments + depends_on: VolumeDeployment_Step3 + properties: + name: VolumeDeployment_Step4 + servers: {get_param: servers} + config: {get_resource: VolumePuppetConfig} + input_values: + step: 4 + update_identifier: {get_param: DeployIdentifier} # Note, this should come last, so use depends_on to ensure # this is created after any other resources. ExtraConfig: - depends_on: VolumeDeployment_Step1 + depends_on: VolumeDeployment_Step4 type: OS::TripleO::NodeExtraConfigPost properties: servers: {get_param: servers} diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index d760de5e..ed6afc53 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -4,29 +4,6 @@ parameters: Image: default: overcloud-cinder-volume type: string - CinderEnableIscsiBackend: - default: true - description: Whether to enable or not the Iscsi backend for Cinder - type: boolean - CinderISCSIHelper: - default: lioadm - description: The iSCSI helper to use with cinder. - type: string - CinderLVMLoopDeviceSize: - default: 10280 - description: The size of the loopback file used by the cinder LVM driver. - type: number - CinderPassword: - description: The password for the cinder service and db account, used by cinder-api. - type: string - hidden: true - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - VirtualIP: # deprecated. Use per service VIPs instead. - default: '' - type: string ExtraConfig: default: {} description: | @@ -50,22 +27,6 @@ parameters: default: default description: Name of an existing Nova key pair to enable SSH access to the instances type: string - RabbitPassword: - type: string - hidden: true - RabbitUserName: - default: 'guest' - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -74,10 +35,6 @@ parameters: description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true - NtpServer: - default: '' - description: Comma-separated list of ntp servers - type: comma_delimited_list EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -100,18 +57,6 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - TimeZone: - default: 'UTC' - description: The timezone to be set on Cinder nodes. - type: string - GlanceApiVirtualIP: - type: string - default: '' NetworkDeploymentActions: type: comma_delimited_list description: > @@ -143,7 +88,9 @@ parameters: NodeIndex: type: number default: 0 - + ServiceConfigSettings: + type: json + default: {} resources: BlockStorage: @@ -277,37 +224,13 @@ resources: server: {get_resource: BlockStorage} config: {get_resource: BlockStorageConfig} input_values: - debug: {get_param: Debug} - cinder_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://cinder:' - - {get_param: CinderPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/cinder' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - cinder_lvm_loop_device_size: - str_replace: - template: sizeM - params: - size: {get_param: CinderLVMLoopDeviceSize} - cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} - cinder_iscsi_helper: {get_param: CinderISCSIHelper} cinder_iscsi_ip_address: str_replace: template: "'IP'" params: IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} - glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: {get_param: NtpServer} - timezone: {get_param: TimeZone} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} @@ -323,6 +246,7 @@ resources: - heat_config_%{::deploy_config_name} - volume_extraconfig - extraconfig + - service_configs - volume - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' @@ -330,6 +254,8 @@ resources: - network merge_behavior: deeper datafiles: + service_configs: + mapped_data: {get_param: ServiceConfigSettings} common: raw_data: {get_file: hieradata/common.yaml} network: @@ -345,19 +271,7 @@ resources: raw_data: {get_file: hieradata/volume.yaml} mapped_data: # Cinder - cinder::debug: {get_input: debug} - cinder::setup_test_volume::size: {get_input: cinder_lvm_loop_device_size} - cinder_iscsi_helper: {get_input: cinder_iscsi_helper} - cinder::database_connection: {get_input: cinder_dsn} - cinder::rabbit_userid: {get_input: rabbit_username} - cinder::rabbit_password: {get_input: rabbit_password} - cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - cinder::rabbit_port: {get_input: rabbit_client_port} - cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend} - cinder_iscsi_ip_address: {get_input: cinder_iscsi_ip_address} - cinder::glance::glance_api_servers: {get_input: glance_api_servers} - ntp::servers: {get_input: ntp_servers} - timezone::timezone: {get_input: timezone} + tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_ip_address: {get_input: cinder_iscsi_ip_address} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} @@ -465,11 +379,3 @@ outputs: management_ip_address: description: IP address of the server in the management network value: {get_attr: [ManagementPort, ip_address]} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: - list_join: - - '' - - - {get_attr: [BlockStorageDeployment, deploy_stdout]} - - {get_attr: [NodeTLSCAData, deploy_stdout]} - - {get_param: UpdateIdentifier} diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml index 698cadba..c1b37772 100644 --- a/puppet/compute-post.yaml +++ b/puppet/compute-post.yaml @@ -10,13 +10,12 @@ parameters: type: boolean servers: type: json - NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - StepConfig: + RoleData: + type: json + default: {} + DeployIdentifier: type: string - description: Config manifests that will be used to step through the deployment. - default: '' + description: Value which changes if the node configuration may need to be re-applied resources: @@ -29,7 +28,7 @@ resources: servers: {get_param: servers} config: {get_resource: ComputeArtifactsConfig} input_values: - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} ComputePuppetConfig: type: OS::Heat::SoftwareConfig @@ -47,7 +46,7 @@ resources: list_join: - '' - - get_file: manifests/overcloud_compute.pp - - {get_param: StepConfig} + - {get_param: [RoleData, step_config]} ComputeServicesBaseDeployment_Step2: type: OS::Heat::StructuredDeployments @@ -58,7 +57,7 @@ resources: config: {get_resource: ComputePuppetConfig} input_values: step: 2 - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} ComputeOvercloudServicesDeployment_Step3: type: OS::Heat::StructuredDeployments @@ -69,7 +68,7 @@ resources: config: {get_resource: ComputePuppetConfig} input_values: step: 3 - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} ComputeOvercloudServicesDeployment_Step4: type: OS::Heat::StructuredDeployments @@ -80,7 +79,7 @@ resources: config: {get_resource: ComputePuppetConfig} input_values: step: 4 - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} # Note, this should come last, so use depends_on to ensure # this is created after any other resources. diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 7a863252..db2d7465 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -254,14 +254,6 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level @@ -280,10 +272,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - TimeZone: - default: 'UTC' - description: The timezone to be set on compute nodes. - type: string UpdateIdentifier: default: '' type: string @@ -512,6 +500,10 @@ resources: nova::rabbit_port: {get_input: rabbit_client_port} nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute} nova_compute_driver: {get_input: nova_compute_driver} + # TODO(emilien): move libvirt & migration parameters in libvirt profile + # used to deploy libvirt/kvm dependencies: + nova::compute::libvirt::services::libvirt_virt_type: {get_input: nova_compute_libvirt_type} + # used to configured nova.conf: nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} nova::compute::neutron::libvirt_vif_driver: {get_input: nova_compute_libvirt_vif_driver} nova_api_host: {get_input: nova_api_host} @@ -541,8 +533,6 @@ resources: ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url} ceilometer_compute_agent: {get_input: ceilometer_compute_agent} - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} nova::glance_api_servers: {get_input: glance_api_servers} neutron::debug: {get_input: debug} neutron::rabbit_password: {get_input: rabbit_password} @@ -575,7 +565,6 @@ resources: neutron::plugins::ml2::mechanism_drivers: {get_input: neutron_mechanism_drivers} keystone_public_api_virtual_ip: {get_input: keystone_vip} admin_password: {get_input: admin_password} - timezone::timezone: {get_input: timezone} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -616,8 +605,6 @@ resources: ceilometer_password: {get_param: CeilometerPassword} ceilometer_compute_agent: {get_param: CeilometerComputeAgent} ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} neutron_flat_networks: str_replace: @@ -692,7 +679,6 @@ resources: rabbit_password: {get_param: RabbitPassword} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - timezone: {get_param: TimeZone} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} @@ -813,12 +799,3 @@ outputs: description: Heat resource handle for the Nova compute server value: {get_resource: NovaCompute} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: - list_join: - - ',' - - - {get_attr: [NovaComputeDeployment, deploy_stdout]} - - {get_attr: [NodeTLSCAData, deploy_stdout]} - - {get_attr: [ComputeExtraConfigPre, deploy_stdout]} - - {get_param: UpdateIdentifier} diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml index 36f9b4f8..4af6cb46 100644 --- a/puppet/controller-post.yaml +++ b/puppet/controller-post.yaml @@ -10,13 +10,12 @@ parameters: type: boolean servers: type: json - NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - StepConfig: + RoleData: + type: json + default: {} + DeployIdentifier: type: string - description: Config manifests that will be used to step through the deployment. - default: '' + description: Value which changes if the node configuration may need to be re-applied resources: @@ -34,12 +33,12 @@ resources: properties: servers: {get_param: servers} input_values: - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} ControllerPuppetConfig: type: OS::TripleO::ControllerConfig properties: - StepConfig: {get_param: StepConfig} + StepConfig: {get_param: [RoleData, step_config]} # Step through a series of Puppet runs using the same manifest. # NOTE: To enable stepping through the deployments via heat hooks, @@ -54,7 +53,7 @@ resources: config: {get_resource: ControllerPuppetConfig} input_values: step: 1 - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} ControllerServicesBaseDeployment_Step2: type: OS::Heat::StructuredDeployments @@ -65,7 +64,7 @@ resources: config: {get_resource: ControllerPuppetConfig} input_values: step: 2 - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} ControllerOvercloudServicesDeployment_Step3: type: OS::Heat::StructuredDeployments @@ -76,7 +75,7 @@ resources: config: {get_resource: ControllerPuppetConfig} input_values: step: 3 - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} ControllerOvercloudServicesDeployment_Step4: type: OS::Heat::StructuredDeployments @@ -87,7 +86,7 @@ resources: config: {get_resource: ControllerPuppetConfig} input_values: step: 4 - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} ControllerOvercloudServicesDeployment_Step5: type: OS::Heat::StructuredDeployments @@ -98,7 +97,7 @@ resources: config: {get_resource: ControllerPuppetConfig} input_values: step: 5 - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} ControllerPostPuppet: type: OS::TripleO::Tasks::ControllerPostPuppet @@ -106,7 +105,7 @@ resources: properties: servers: {get_param: servers} input_values: - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} # Note, this should come last, so use depends_on to ensure # this is created after any other resources. diff --git a/puppet/controller.yaml b/puppet/controller.yaml index cfac1f94..101d971e 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -8,21 +8,37 @@ parameters: description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true - AodhApiVirtualIP: - type: string - default: '' AodhPassword: description: The password for the aodh services. type: string hidden: true #TODO(composable Redis): Remove the Redis password param #As is used by ceilometer - CeilometerApiVirtualIP: + CeilometerBackend: + default: 'mongodb' + description: The ceilometer backend type. type: string - default: '' - CinderApiVirtualIP: + CeilometerMeteringSecret: + description: Secret shared by the ceilometer services. type: string - default: '' + hidden: true + CeilometerPassword: + description: The password for the ceilometer service and db account. + type: string + hidden: true + CeilometerStoreEvents: + default: false + description: Whether to store events in ceilometer. + type: boolean + CeilometerMeterDispatcher: + default: 'database' + description: Dispatcher to process meter data + type: string + constraints: + - allowed_values: ['gnocchi', 'database'] + CeilometerWorkers: + default: 0 + description: Number of workers for Ceilometer service. type: number controllerExtraConfig: default: {} @@ -67,14 +83,6 @@ parameters: default: true description: Whether to deploy a LoadBalancer on the Controller type: boolean - EnableCephStorage: - default: false - description: Whether to deploy Ceph Storage (OSD) on the Controller - type: boolean - EnableSwiftStorage: - default: true - description: Whether to enable Swift Storage on the Controller - type: boolean ExtraConfig: default: {} description: | @@ -129,9 +137,6 @@ parameters: default: 'mysql' description: The short name of the Gnocchi indexer backend to use. type: string - GnocchiApiVirtualIP: - type: string - default: '' GnocchiPassword: description: The password for the gnocchi service and db account. type: string @@ -194,9 +199,6 @@ parameters: default: false description: Whether IPtables rules should be purged before setting up the new ones. type: boolean - SaharaApiVirtualIP: - type: string - default: '' MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -243,9 +245,6 @@ parameters: will determine the MTU that is assigned to the VM host through DHCP. default: 1400 type: number - NovaApiVirtualIP: - type: string - default: '' NovaEnableDBPurge: default: true description: | @@ -269,9 +268,6 @@ parameters: Specifies the interface where the public-facing virtual ip will be assigned. This should be int_public when a VLAN is being used. type: string - PublicVirtualIP: - type: string - default: '' # Has to be here because of the ignored empty value bug RabbitCookie: type: string default: '' # Has to be here because of the ignored empty value bug @@ -305,23 +301,11 @@ parameters: type: string default: '' # Has to be here because of the ignored empty value bug description: An IP address which is wrapped in brackets in case of IPv6 - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true SwiftHashSuffix: description: A random string to be used as a salt when hashing to determine mappings in the ring. hidden: true type: string - SwiftMountCheck: - default: 'false' - description: Value of mount_check in Swift account/container/object -server.conf - type: boolean SwiftMinPartHours: type: number default: 1 @@ -334,36 +318,17 @@ parameters: default: true description: Whether to manage Swift rings or not type: boolean - SwiftProxyVirtualIP: - type: string - default: '' SwiftReplicas: type: number default: 3 description: How many replicas to use in the swift rings. - TimeZone: - default: 'UTC' - description: The timezone to be set on controller nodes. - type: string UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level default: '' - VirtualIP: # DEPRECATED: use per service settings instead - type: string - default: '' # Has to be here because of the ignored empty value bug - HeatApiVirtualIP: - type: string - default: '' - HeatApiVirtualIPUri: - type: string - default: '' MysqlVirtualIP: type: string default: '' - NeutronApiVirtualIP: - type: string - default: '' EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -585,6 +550,7 @@ resources: server: {get_resource: Controller} input_values: bootstack_nodeid: {get_attr: [Controller, name]} + ceilometer_workers: {get_param: CeilometerWorkers} haproxy_log_address: {get_param: HAProxySyslogAddress} haproxy_stats_password: {get_param: HAProxyStatsPassword} haproxy_stats_user: {get_param: HAProxyStatsUser} @@ -605,8 +571,6 @@ resources: enable_fencing: {get_param: EnableFencing} enable_galera: {get_param: EnableGalera} enable_load_balancer: {get_param: EnableLoadBalancer} - enable_ceph_storage: {get_param: EnableCephStorage} - enable_swift_storage: {get_param: EnableSwiftStorage} manage_firewall: {get_param: ManageFirewall} purge_firewall_rules: {get_param: PurgeFirewallRules} mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} @@ -626,10 +590,15 @@ resources: neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] } + ceilometer_backend: {get_param: CeilometerBackend} + ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} + ceilometer_password: {get_param: CeilometerPassword} + ceilometer_store_events: {get_param: CeilometerStoreEvents} aodh_password: {get_param: AodhPassword} aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] } aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] } aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] } + ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher} gnocchi_password: {get_param: GnocchiPassword} gnocchi_backend: {get_param: GnocchiBackend} gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend} @@ -641,6 +610,15 @@ resources: - '@' - {get_param: RedisVirtualIPUri} - ':6379/' + ceilometer_dsn: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://ceilometer:' + - {get_param: CeilometerPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/ceilometer' gnocchi_dsn: list_join: - '' @@ -665,8 +643,7 @@ resources: ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} nova_enable_db_purge: {get_param: NovaEnableDBPurge} nova_ipv6: {get_param: NovaIPv6} corosync_ipv6: {get_param: CorosyncIPv6} @@ -702,7 +679,6 @@ resources: rabbit_cookie: {get_param: RabbitCookie} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - timezone: {get_param: TimeZone} control_virtual_interface: {get_param: ControlVirtualInterface} public_virtual_interface: {get_param: PublicVirtualInterface} swift_hash_suffix: {get_param: SwiftHashSuffix} @@ -710,7 +686,6 @@ resources: swift_ring_build: {get_param: SwiftRingBuild} swift_replicas: {get_param: SwiftReplicas} swift_min_part_hours: {get_param: SwiftMinPartHours} - swift_mount_check: {get_param: SwiftMountCheck} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} @@ -752,6 +727,7 @@ resources: ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} + ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]} # Map heat metadata into hiera datafiles ControllerConfig: @@ -834,7 +810,6 @@ resources: tripleo::ringbuilder::part_power: {get_input: swift_part_power} tripleo::ringbuilder::replicas: {get_input: swift_replicas} tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} - swift_mount_check: {get_input: swift_mount_check} # Cinder tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network} @@ -871,8 +846,6 @@ resources: # MySQL admin_password: {get_input: admin_password} enable_galera: {get_input: enable_galera} - enable_ceph_storage: {get_input: enable_ceph_storage} - enable_swift_storage: {get_input: enable_swift_storage} mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} mysql_max_connections: {get_input: mysql_max_connections} mysql::server::root_password: {get_input: mysql_root_password} @@ -893,7 +866,33 @@ resources: neutron::keystone::auth::region: {get_input: keystone_region} # Ceilometer + ceilometer_backend: {get_input: ceilometer_backend} + ceilometer_mysql_conn_string: {get_input: ceilometer_dsn} + ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret} + ceilometer::rabbit_userid: {get_input: rabbit_username} + ceilometer::rabbit_password: {get_input: rabbit_password} + ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + ceilometer::rabbit_port: {get_input: rabbit_client_port} + ceilometer::debug: {get_input: debug} ceilometer::api::host: {get_input: ceilometer_api_network} + ceilometer::api::keystone_password: {get_input: ceilometer_password} + ceilometer::api::auth_uri: {get_input: keystone_auth_uri} + ceilometer::api::identity_uri: {get_input: keystone_identity_uri} + ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} + ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url} + ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} + ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events} + ceilometer::db::mysql::password: {get_input: ceilometer_password} + ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher} + ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url } + ceilometer::dispatcher::gnocchi::filter_project: 'service' + ceilometer::dispatcher::gnocchi::archive_policy: 'low' + ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' + ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url } + ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url } + ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url } + ceilometer::keystone::auth::password: {get_input: ceilometer_password } + ceilometer::keystone::auth::region: {get_input: keystone_region} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} @@ -991,7 +990,6 @@ resources: # Misc memcached_ipv6: {get_input: memcached_ipv6} memcached::listen_ip: {get_input: memcached_network} - timezone::timezone: {get_input: timezone} control_virtual_interface: {get_input: control_virtual_interface} public_virtual_interface: {get_input: public_virtual_interface} tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface} @@ -1130,16 +1128,6 @@ outputs: template: "IP:11211" params: IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} - config_identifier: - description: identifier which changes if the controller configuration may need re-applying - value: - list_join: - - ',' - - - {get_attr: [ControllerDeployment, deploy_stdout]} - - {get_attr: [NodeTLSCAData, deploy_stdout]} - - {get_attr: [NodeTLSData, deploy_stdout]} - - {get_attr: [ControllerExtraConfigPre, deploy_stdout]} - - {get_param: UpdateIdentifier} tls_key_modulus_md5: description: MD5 checksum of the TLS Key Modulus value: {get_attr: [NodeTLSData, key_modulus_md5]} diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml deleted file mode 100644 index 7c05a5b9..00000000 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ /dev/null @@ -1,120 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'Configure parameters for an external Ceph cluster via Puppet.' - -parameters: - ceph_storage_count: - default: 0 - type: number - description: Number of Ceph storage nodes. Used to enable/disable managed Ceph installation. - ceph_external_mon_ips: - default: '' - type: string - description: List of external Ceph Mon host IPs. - ceph_client_key: - default: '' - type: string - description: Ceph key used to create the 'openstack' user keyring. - ceph_fsid: - default: '' - type: string - # The following parameters are unused for external Ceph clusters and - # are here and exist for compatibility - ceph_admin_key: - default: '' - type: string - ceph_mon_key: - default: '' - type: string - ceph_mon_names: - type: comma_delimited_list - ceph_mon_ips: - type: comma_delimited_list - NovaRbdPoolName: - default: vms - type: string - CinderRbdPoolName: - default: volumes - type: string - CinderBackupRbdPoolName: - default: backups - type: string - GlanceRbdPoolName: - default: images - type: string - GnocchiRbdPoolName: - default: metrics - type: string - CephClientUserName: - default: openstack - type: string - CephIPv6: - default: False - type: boolean - -resources: - CephClusterConfigImpl: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - ceph_cluster: - mapped_data: - ceph_storage_count: {get_param: ceph_storage_count} - enable_external_ceph: true - ceph_ipv6: {get_param: CephIPv6} - ceph_mon_host: {get_param: ceph_external_mon_ips} - ceph_mon_host_v6: {get_param: ceph_external_mon_ips} - ceph::profile::params::fsid: {get_param: ceph_fsid} - ceph::profile::params::client_keys: - str_replace: - template: "{ - client.CLIENT_USER: { - secret: 'CLIENT_KEY', - mode: '0644', - cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' - } - }" - params: - CLIENT_USER: {get_param: CephClientUserName} - CLIENT_KEY: {get_param: ceph_client_key} - NOVA_POOL: {get_param: NovaRbdPoolName} - CINDER_POOL: {get_param: CinderRbdPoolName} - CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} - GLANCE_POOL: {get_param: GlanceRbdPoolName} - GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} - ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} - nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} - tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: {get_param: CinderRbdPoolName} - glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} - gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName} - gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName} - nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} - glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} - nova::compute::rbd::rbd_keyring: - list_join: - - '.' - - - 'client' - - {get_param: CephClientUserName} - gnocchi::storage::ceph::ceph_keyring: - list_join: - - '.' - - - '/etc/ceph/ceph' - - 'client' - - {get_param: CephClientUserName} - - 'keyring' - tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName} - ceph_pools: - - {get_param: CinderRbdPoolName} - - {get_param: CinderBackupRbdPoolName} - - {get_param: NovaRbdPoolName} - - {get_param: GlanceRbdPoolName} - - {get_param: GnocchiRbdPoolName} - -outputs: - config_id: - description: The ID of the CephClusterConfigImpl resource. - value: - {get_resource: CephClusterConfigImpl} diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml index b29b91cf..ccb41cc4 100644 --- a/puppet/hieradata/ceph.yaml +++ b/puppet/hieradata/ceph.yaml @@ -7,5 +7,3 @@ ceph::profile::params::manage_repo: false ceph::profile::params::authentication_type: cephx ceph_classes: [] - -ceph_osd_selinux_permissive: true diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 2d928cbf..62728332 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -6,8 +6,6 @@ nova::notification_driver: messagingv2 nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' -nova::compute::libvirt::migration_support: true - nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" nova::network::neutron::neutron_auth_type: 'v3password' diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 7db2b5de..bc5a4098 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -4,7 +4,7 @@ nova::api::enabled: true nova::vncproxy::enabled: true # gnocchi -gnocchi::db::sync::extra_opts: '--skip-storage' +gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types' gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26' @@ -212,6 +212,7 @@ tripleo::firewall::firewall_rules: - 26379 '109 rabbitmq': dport: + - 4369 - 5672 - 35672 '110 ceph': diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml index f2c95de6..9cbff586 100644 --- a/puppet/hieradata/database.yaml +++ b/puppet/hieradata/database.yaml @@ -53,6 +53,14 @@ heat::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" +# Ironic +ironic::db::mysql::user: ironic +ironic::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +ironic::db::mysql::dbname: ironic +ironic::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + # Ceilometer ceilometer::db::mysql::user: ceilometer ceilometer::db::mysql::host: "%{hiera('mysql_virtual_ip')}" diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index e69353b0..af6b0960 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -22,37 +22,11 @@ if hiera('step') >= 1 { create_resources(sysctl::value, hiera('sysctl_settings'), {}) Exec <| tag == 'kmod::load' |> -> Sysctl <| |> - include ::timezone - } -if hiera('step') >= 3 { - if str2bool(hiera('ceph_osd_selinux_permissive', true)) { - exec { 'set selinux to permissive on boot': - command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", - onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", - path => ['/usr/bin', '/usr/sbin'], - } - - exec { 'set selinux to permissive': - command => 'setenforce 0', - onlyif => "which setenforce && getenforce | grep -i 'enforcing'", - path => ['/usr/bin', '/usr/sbin'], - } -> Class['ceph::profile::osd'] - } - - if str2bool(hiera('ceph_ipv6', false)) { - $mon_host = hiera('ceph_mon_host_v6') - } else { - $mon_host = hiera('ceph_mon_host') - } - class { '::ceph::profile::params': - mon_host => $mon_host, - } - include ::ceph::conf - include ::ceph::profile::client - include ::ceph::profile::osd - +if hiera('step') >= 4 { hiera_include('ceph_classes') - package_manifest{'/var/lib/tripleo/installed-packages/overcloud_ceph': ensure => present} } + +$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_ceph', hiera('step')]) +package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index da84927e..b8e267fc 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -20,23 +20,8 @@ create_resources(kmod::load, hiera('kernel_modules'), { }) create_resources(sysctl::value, hiera('sysctl_settings'), { }) Exec <| tag == 'kmod::load' |> -> Sysctl <| |> -include ::timezone - if hiera('step') >= 4 { - file { ['/etc/libvirt/qemu/networks/autostart/default.xml', - '/etc/libvirt/qemu/networks/default.xml']: - ensure => absent, - before => Service['libvirt'], - } - # in case libvirt has been already running before the Puppet run, make - # sure the default network is destroyed - exec { 'libvirt-default-net-destroy': - command => '/usr/bin/virsh net-destroy default', - onlyif => '/usr/bin/virsh net-info default | /bin/grep -i "^active:\s*yes"', - before => Service['libvirt'], - } - # When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique exec { 'reset-iscsi-initiator-name': command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi', @@ -47,56 +32,6 @@ if hiera('step') >= 4 { ensure => present, } - $rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) - $rbd_persistent_storage = hiera('rbd_persistent_storage', false) - if $rbd_ephemeral_storage or $rbd_persistent_storage { - if str2bool(hiera('ceph_ipv6', false)) { - $mon_host = hiera('ceph_mon_host_v6') - } else { - $mon_host = hiera('ceph_mon_host') - } - class { '::ceph::profile::params': - mon_host => $mon_host, - } - include ::ceph::conf - include ::ceph::profile::client - - $client_keys = hiera('ceph::profile::params::client_keys') - $client_user = join(['client.', hiera('tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name')]) - class { '::nova::compute::rbd': - libvirt_rbd_secret_key => $client_keys[$client_user]['secret'], - } - } - - if hiera('cinder_enable_nfs_backend', false) { - if str2bool($::selinux) { - selboolean { 'virt_use_nfs': - value => on, - persistent => true, - } -> Package['nfs-utils'] - } - - package { 'nfs-utils': } -> Service['nova-compute'] - } - - if str2bool(hiera('nova::use_ipv6', false)) { - $vncserver_listen = '::0' - } else { - $vncserver_listen = '0.0.0.0' - } - - if $rbd_ephemeral_storage { - class { '::nova::compute::libvirt': - libvirt_disk_cachemodes => ['network=writeback'], - libvirt_hw_disk_discard => 'unmap', - vncserver_listen => $vncserver_listen, - } - } else { - class { '::nova::compute::libvirt' : - vncserver_listen => $vncserver_listen, - } - } - nova_config { 'DEFAULT/my_ip': value => $ipaddress; 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; @@ -108,7 +43,7 @@ if hiera('step') >= 4 { content => hiera('midonet_libvirt_qemu_data') } } - include ::nova::network::neutron + include ::neutron include ::neutron::config @@ -194,17 +129,8 @@ if hiera('step') >= 4 { include ::ceilometer::agent::compute include ::ceilometer::agent::auth - $snmpd_user = hiera('snmpd_readonly_user_name') - snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), - } - class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], - } - hiera_include('compute_classes') - package_manifest{ '/var/lib/tripleo/installed-packages/overcloud_compute': ensure => present } - } + +$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_compute', hiera('step')]) +package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 7f055c1e..5213826c 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -28,7 +28,24 @@ if hiera('step') >= 1 { if hiera('step') >= 2 { - include ::timezone + # MongoDB + if downcase(hiera('ceilometer_backend')) == 'mongodb' { + # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and + # without the brackets as 'members' argument for the 'mongodb_replset' + # resource. + if str2bool(hiera('mongodb::server::ipv6', false)) { + $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[') + $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + } else { + $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + } + $mongo_node_string = join($mongo_node_ips_with_port, ',') + + $mongodb_replset = hiera('mongodb::server::replset') + $ceilometer_mongodb_conn_string = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" + } if str2bool(hiera('enable_galera', true)) { $mysql_config_file = '/etc/my.cnf.d/galera.cnf' @@ -57,56 +74,10 @@ if hiera('step') >= 2 { if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { include ::gnocchi::db::mysql } - include ::aodh::db::mysql - - $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) - - if $enable_ceph { - $mon_initial_members = downcase(hiera('ceph_mon_initial_members')) - if str2bool(hiera('ceph_ipv6', false)) { - $mon_host = hiera('ceph_mon_host_v6') - } else { - $mon_host = hiera('ceph_mon_host') - } - class { '::ceph::profile::params': - mon_initial_members => $mon_initial_members, - mon_host => $mon_host, - } - include ::ceph::conf - include ::ceph::profile::mon - } - - if str2bool(hiera('enable_ceph_storage', false)) { - if str2bool(hiera('ceph_osd_selinux_permissive', true)) { - exec { 'set selinux to permissive on boot': - command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", - onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", - path => ['/usr/bin', '/usr/sbin'], - } - - exec { 'set selinux to permissive': - command => 'setenforce 0', - onlyif => "which setenforce && getenforce | grep -i 'enforcing'", - path => ['/usr/bin', '/usr/sbin'], - } -> Class['ceph::profile::osd'] - } - - include ::ceph::conf - include ::ceph::profile::osd - } - - if str2bool(hiera('enable_external_ceph', false)) { - if str2bool(hiera('ceph_ipv6', false)) { - $mon_host = hiera('ceph_mon_host_v6') - } else { - $mon_host = hiera('ceph_mon_host') - } - class { '::ceph::profile::params': - mon_host => $mon_host, - } - include ::ceph::conf - include ::ceph::profile::client + if downcase(hiera('ceilometer_backend')) == 'mysql' { + include ::ceilometer::db::mysql } + include ::aodh::db::mysql } #END STEP 2 @@ -184,32 +155,30 @@ if hiera('step') >= 4 { } } - if $enable_ceph { - $ceph_pools = hiera('ceph_pools') - ceph::pool { $ceph_pools : - pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'), - pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'), - size => hiera('ceph::profile::params::osd_pool_default_size'), + # Ceilometer + $ceilometer_backend = downcase(hiera('ceilometer_backend')) + case $ceilometer_backend { + /mysql/ : { + $ceilometer_database_connection = hiera('ceilometer_mysql_conn_string') } - } - - # swift storage - if str2bool(hiera('enable_swift_storage', true)) { - class { '::swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')), + default : { + $ceilometer_database_connection = $ceilometer_mongodb_conn_string } - if(!defined(File['/srv/node'])) { - file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['openstack-swift'], - } - } - $swift_components = ['account', 'container', 'object'] - swift::storage::filter::recon { $swift_components : } - swift::storage::filter::healthcheck { $swift_components : } } + include ::ceilometer + include ::ceilometer::config + include ::ceilometer::api + include ::ceilometer::agent::notification + include ::ceilometer::agent::central + include ::ceilometer::expirer + include ::ceilometer::collector + include ::ceilometer::agent::auth + include ::ceilometer::dispatcher::gnocchi + class { '::ceilometer::db' : + database_connection => $ceilometer_database_connection, + } + + Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } # Aodh class { '::aodh' : @@ -265,16 +234,6 @@ if hiera('step') >= 4 { default: { fail('Unrecognized gnocchi_backend parameter.') } } - $snmpd_user = hiera('snmpd_readonly_user_name') - snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), - } - class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], - } - hiera_include('controller_classes') } #END STEP 4 diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index d9aaff33..742eedd9 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -21,9 +21,8 @@ Pcmk_resource <| |> { # TODO(jistr): use pcs resource provider instead of just no-ops Service <| tag == 'aodh-service' or - tag == 'gnocchi-service' or - tag == 'neutron-service' or - tag == 'nova-service' + tag == 'ceilometer-service' or + tag == 'gnocchi-service' |> { hasrestart => true, restart => '/bin/true', @@ -56,8 +55,6 @@ if hiera('step') >= 1 { create_resources(sysctl::value, hiera('sysctl_settings'), {}) Exec <| tag == 'kmod::load' |> -> Sysctl <| |> - include ::timezone - $pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G')) $corosync_ipv6 = str2bool(hiera('corosync_ipv6', false)) if $corosync_ipv6 { @@ -94,6 +91,10 @@ if hiera('step') >= 1 { op_params => 'start timeout=200s stop timeout=200s', } + if downcase(hiera('ceilometer_backend')) == 'mongodb' { + include ::mongodb::params + } + # Galera if str2bool(hiera('enable_galera', true)) { $mysql_config_file = '/etc/my.cnf.d/galera.cnf' @@ -242,68 +243,23 @@ if hiera('step') >= 2 { # Create all the database schemas if $sync_db { - if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { - class { '::gnocchi::db::mysql': + if downcase(hiera('ceilometer_backend')) == 'mysql' { + class { '::ceilometer::db::mysql': require => Exec['galera-ready'], } } - class { '::aodh::db::mysql': + if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' { + class { '::gnocchi::db::mysql': require => Exec['galera-ready'], } - } - - # Ceph - $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) - - if $enable_ceph { - $mon_initial_members = downcase(hiera('ceph_mon_initial_members')) - if str2bool(hiera('ceph_ipv6', false)) { - $mon_host = hiera('ceph_mon_host_v6') - } else { - $mon_host = hiera('ceph_mon_host') } - class { '::ceph::profile::params': - mon_initial_members => $mon_initial_members, - mon_host => $mon_host, - } - include ::ceph::conf - include ::ceph::profile::mon - } - if str2bool(hiera('enable_ceph_storage', false)) { - if str2bool(hiera('ceph_osd_selinux_permissive', true)) { - exec { 'set selinux to permissive on boot': - command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", - onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", - path => ['/usr/bin', '/usr/sbin'], + class { '::aodh::db::mysql': + require => Exec['galera-ready'], } - - exec { 'set selinux to permissive': - command => 'setenforce 0', - onlyif => "which setenforce && getenforce | grep -i 'enforcing'", - path => ['/usr/bin', '/usr/sbin'], - } -> Class['ceph::profile::osd'] - } - - include ::ceph::conf - include ::ceph::profile::osd - } - - if str2bool(hiera('enable_external_ceph', false)) { - if str2bool(hiera('ceph_ipv6', false)) { - $mon_host = hiera('ceph_mon_host_v6') - } else { - $mon_host = hiera('ceph_mon_host') - } - class { '::ceph::profile::params': - mon_host => $mon_host, - } - include ::ceph::conf - include ::ceph::profile::client } - } #END STEP 2 if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { @@ -389,44 +345,43 @@ MYSQL_HOST=localhost\n", } } - if $enable_ceph { - $ceph_pools = hiera('ceph_pools') - ceph::pool { $ceph_pools : - pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'), - pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'), - size => hiera('ceph::profile::params::osd_pool_default_size'), - } - } - - # swift storage - if str2bool(hiera('enable_swift_storage', true)) { - class {'::swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')), - } - class {'::swift::storage::account': - manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, - } - class {'::swift::storage::container': - manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, + # Ceilometer + case downcase(hiera('ceilometer_backend')) { + /mysql/: { + $ceilometer_database_connection = hiera('ceilometer_mysql_conn_string') } - class {'::swift::storage::object': - manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, + default: { + $mongo_node_string = join($mongo_node_ips_with_port, ',') + $ceilometer_database_connection = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" } - if(!defined(File['/srv/node'])) { - file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['openstack-swift'], - } - } - $swift_components = ['account', 'container', 'object'] - swift::storage::filter::recon { $swift_components : } - swift::storage::filter::healthcheck { $swift_components : } } + include ::ceilometer + include ::ceilometer::config + class { '::ceilometer::api' : + manage_service => false, + enabled => false, + } + class { '::ceilometer::agent::notification' : + manage_service => false, + enabled => false, + } + class { '::ceilometer::agent::central' : + manage_service => false, + enabled => false, + } + class { '::ceilometer::collector' : + manage_service => false, + enabled => false, + } + include ::ceilometer::expirer + class { '::ceilometer::db' : + database_connection => $ceilometer_database_connection, + sync_db => $sync_db, + } + include ::ceilometer::agent::auth + include ::ceilometer::dispatcher::gnocchi + + Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } # httpd/apache and horizon # NOTE(gfidente): server-status can be consumed by the pacemaker resource agent @@ -515,16 +470,6 @@ MYSQL_HOST=localhost\n", enabled => false, } - $snmpd_user = hiera('snmpd_readonly_user_name') - snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), - } - class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], - } - hiera_include('controller_classes') } #END STEP 4 @@ -705,12 +650,49 @@ password=\"${mysql_root_password}\"", Pacemaker::Resource::Service[$::nova::params::conductor_service_name]], } + # Ceilometer and Aodh + case downcase(hiera('ceilometer_backend')) { + /mysql/: { + pacemaker::resource::service { $::ceilometer::params::agent_central_service_name: + clone_params => 'interleave=true', + require => Pacemaker::Resource::Ocf['openstack-core'], + } + } + default: { + pacemaker::resource::service { $::ceilometer::params::agent_central_service_name: + clone_params => 'interleave=true', + require => [Pacemaker::Resource::Ocf['openstack-core'], + Pacemaker::Resource::Service[$::mongodb::params::service_name]], + } + } + } + pacemaker::resource::service { $::ceilometer::params::collector_service_name : + clone_params => 'interleave=true', + } + pacemaker::resource::service { $::ceilometer::params::api_service_name : + clone_params => 'interleave=true', + } + pacemaker::resource::service { $::ceilometer::params::agent_notification_service_name : + clone_params => 'interleave=true', + } # Fedora doesn't know `require-all` parameter for constraints yet if $::operatingsystem == 'Fedora' { + $redis_ceilometer_constraint_params = undef $redis_aodh_constraint_params = undef } else { + $redis_ceilometer_constraint_params = 'require-all=false' $redis_aodh_constraint_params = 'require-all=false' } + pacemaker::constraint::base { 'redis-then-ceilometer-central-constraint': + constraint_type => 'order', + first_resource => 'redis-master', + second_resource => "${::ceilometer::params::agent_central_service_name}-clone", + first_action => 'promote', + second_action => 'start', + constraint_params => $redis_ceilometer_constraint_params, + require => [Pacemaker::Resource::Ocf['redis'], + Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name]], + } pacemaker::constraint::base { 'redis-then-aodh-evaluator-constraint': constraint_type => 'order', first_resource => 'redis-master', @@ -721,6 +703,49 @@ password=\"${mysql_root_password}\"", require => [Pacemaker::Resource::Ocf['redis'], Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name]], } + pacemaker::constraint::base { 'keystone-then-ceilometer-central-constraint': + constraint_type => 'order', + first_resource => 'openstack-core-clone', + second_resource => "${::ceilometer::params::agent_central_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], + Pacemaker::Resource::Ocf['openstack-core']], + } + pacemaker::constraint::base { 'keystone-then-ceilometer-notification-constraint': + constraint_type => 'order', + first_resource => 'openstack-core-clone', + second_resource => "${::ceilometer::params::agent_notification_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], + Pacemaker::Resource::Ocf['openstack-core']], + } + pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint': + constraint_type => 'order', + first_resource => "${::ceilometer::params::agent_central_service_name}-clone", + second_resource => "${::ceilometer::params::collector_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], + Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]], + } + pacemaker::constraint::base { 'ceilometer-collector-then-ceilometer-api-constraint': + constraint_type => 'order', + first_resource => "${::ceilometer::params::collector_service_name}-clone", + second_resource => "${::ceilometer::params::api_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name], + Pacemaker::Resource::Service[$::ceilometer::params::api_service_name]], + } + pacemaker::constraint::colocation { 'ceilometer-api-with-ceilometer-collector-colocation': + source => "${::ceilometer::params::api_service_name}-clone", + target => "${::ceilometer::params::collector_service_name}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name], + Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]], + } # Aodh pacemaker::resource::service { $::aodh::params::evaluator_service_name : clone_params => 'interleave=true', @@ -763,6 +788,17 @@ password=\"${mysql_root_password}\"", require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], Pacemaker::Resource::Service[$::aodh::params::listener_service_name]], } + if downcase(hiera('ceilometer_backend')) == 'mongodb' { + pacemaker::constraint::base { 'mongodb-then-ceilometer-central-constraint': + constraint_type => 'order', + first_resource => "${::mongodb::params::service_name}-clone", + second_resource => "${::ceilometer::params::agent_central_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], + Pacemaker::Resource::Service[$::mongodb::params::service_name]], + } + } # gnocchi pacemaker::resource::service { $::gnocchi::params::metricd_service_name : diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index 4fca8f5f..418c56e6 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -20,39 +20,11 @@ if hiera('step') >= 1 { create_resources(kmod::load, hiera('kernel_modules'), {}) create_resources(sysctl::value, hiera('sysctl_settings'), {}) Exec <| tag == 'kmod::load' |> -> Sysctl <| |> - - include ::timezone - } if hiera('step') >= 4 { - class { '::swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')), - } - if(!defined(File['/srv/node'])) { - file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['openstack-swift'], - } - } - - $swift_components = ['account', 'container', 'object'] - swift::storage::filter::recon { $swift_components : } - swift::storage::filter::healthcheck { $swift_components : } - - $snmpd_user = hiera('snmpd_readonly_user_name') - snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), - } - class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], - } - hiera_include('object_classes') } -package_manifest{'/var/lib/tripleo/installed-packages/overcloud_object': ensure => present} +$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_object', hiera('step')]) +package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp index 134dc43b..c6234bd3 100644 --- a/puppet/manifests/overcloud_volume.pp +++ b/puppet/manifests/overcloud_volume.pp @@ -16,46 +16,17 @@ include ::tripleo::packages include ::tripleo::firewall -create_resources(kmod::load, hiera('kernel_modules'), {}) -create_resources(sysctl::value, hiera('sysctl_settings'), {}) -Exec <| tag == 'kmod::load' |> -> Sysctl <| |> +if hiera('step') >= 1 { -if count(hiera('ntp::servers')) > 0 { - include ::ntp -} - -include ::timezone - -include ::cinder -include ::cinder::config -include ::cinder::glance -include ::cinder::volume -include ::cinder::setup_test_volume - -$cinder_enable_iscsi = hiera('cinder_enable_iscsi_backend', true) -if $cinder_enable_iscsi { - $cinder_iscsi_backend = 'tripleo_iscsi' + create_resources(kmod::load, hiera('kernel_modules'), {}) + create_resources(sysctl::value, hiera('sysctl_settings'), {}) + Exec <| tag == 'kmod::load' |> -> Sysctl <| |> - cinder::backend::iscsi { $cinder_iscsi_backend : - iscsi_ip_address => hiera('cinder_iscsi_ip_address'), - iscsi_helper => hiera('cinder_iscsi_helper'), - } } -$cinder_enabled_backends = any2array($cinder_iscsi_backend) -class { '::cinder::backends' : - enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), -} - -$snmpd_user = hiera('snmpd_readonly_user_name') -snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), -} -class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], +if hiera('step') >= 4 { + hiera_include('volume_classes') } -hiera_include('volume_classes') -package_manifest{'/var/lib/tripleo/installed-packages/overcloud_volume': ensure => present} +$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_volume', hiera('step')]) +package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml deleted file mode 100644 index 6312a047..00000000 --- a/puppet/services/ceilometer-agent-central.yaml +++ /dev/null @@ -1,27 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Ceilometer Central Agent service configured with Puppet - -parameters: - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - - -resources: - CeilometerServiceBase: - type: ./ceilometer-base.yaml - properties: - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer Central Agent role. - value: - config_settings: - get_attr: [CeilometerServiceBase, role_data, config_settings] - step_config: | - include ::tripleo::profile::base::ceilometer::agent::central diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml deleted file mode 100644 index 523dabb9..00000000 --- a/puppet/services/ceilometer-agent-notification.yaml +++ /dev/null @@ -1,27 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Ceilometer Notification Agent service configured with Puppet - -parameters: - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - - -resources: - CeilometerServiceBase: - type: ./ceilometer-base.yaml - properties: - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer Notification Agent role. - value: - config_settings: - get_attr: [CeilometerServiceBase, role_data, config_settings] - step_config: | - include ::tripleo::profile::base::ceilometer::agent::notification diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml deleted file mode 100644 index 06c2ed12..00000000 --- a/puppet/services/ceilometer-api.yaml +++ /dev/null @@ -1,27 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Ceilometer API service configured with Puppet - -parameters: - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - - -resources: - CeilometerServiceBase: - type: ./ceilometer-base.yaml - properties: - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer API role. - value: - config_settings: - get_attr: [CeilometerServiceBase, role_data, config_settings] - step_config: | - include ::tripleo::profile::base::ceilometer::api diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml deleted file mode 100644 index caf8e17b..00000000 --- a/puppet/services/ceilometer-base.yaml +++ /dev/null @@ -1,115 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Ceilometer service configured with Puppet - -parameters: - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - RedisVirtualIPUri: - type: string - default: '' - CeilometerBackend: - default: 'mongodb' - description: The ceilometer backend type. - type: string - CeilometerMeteringSecret: - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - description: The password for the ceilometer service account. - type: string - hidden: true - CeilometerMeterDispatcher: - default: 'gnocchi' - description: Dispatcher to process meter data - type: string - constraints: - - allowed_values: ['gnocchi', 'database'] - CeilometerWorkers: - default: 0 - description: Number of workers for Ceilometer service. - type: number - CeilometerStoreEvents: - default: false - description: Whether to store events in ceilometer. - type: boolean - RedisPassword: - description: The password for the redis service account. - type: string - hidden: true - KeystoneRegion: - type: string - default: 'regionOne' - description: Keystone region for endpoint - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - -outputs: - role_data: - description: Role data for the Ceilometer role. - value: - config_settings: - ceilometer_coordination_url: - list_join: - - '' - - - 'redis://:' - - {get_param: RedisPassword} - - '@' - - {get_param: RedisVirtualIPUri} - - ':6379/' - ceilometer_dsn: &ceilometer_dsn - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - - '://ceilometer:' - - {get_param: CeilometerPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/ceilometer' - ceilometer_password: {get_param: CeilometerPassword} - ceilometer_backend: {get_param: CeilometerBackend} - ceilometer::metering_secret: {get_param: CeilometerMeteringSecret} - ceilometer::db::database_connection: *ceilometer_dsn - ceilometer::api::keystone_password: {get_param: ceilometer_password} - ceilometer::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - ceilometer::api::keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - ceilometer::agent::auth::auth_password: {get_param: ceilometer_password} - ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri] } - ceilometer::agent::central::coordination_url: {get_param: ceilometer_coordination_url} - ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents} - ceilometer::db::mysql::password: {get_param: ceilometer_password} - ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher} - ceilometer::dispatcher::gnocchi::url: {get_param: [EndpointMap, GnocchiInternal, uri]} - ceilometer::dispatcher::gnocchi::filter_project: 'service' - ceilometer::dispatcher::gnocchi::archive_policy: 'low' - ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' - ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} - ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} - ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} - ceilometer::keystone::auth::password: {get_param: ceilometer_password} - ceilometer::keystone::auth::region: {get_param: KeystoneRegion} - ceilometer::rabbit_userid: {get_param: RabbitUserName} - ceilometer::rabbit_password: {get_param: RabbitPassword} - ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - ceilometer::rabbit_port: {get_param: RabbitClientPort} diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml deleted file mode 100644 index 8df4478a..00000000 --- a/puppet/services/ceilometer-collector.yaml +++ /dev/null @@ -1,27 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Ceilometer Collector service configured with Puppet - -parameters: - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - - -resources: - CeilometerServiceBase: - type: ./ceilometer-base.yaml - properties: - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer Collector role. - value: - config_settings: - get_attr: [CeilometerServiceBase, role_data, config_settings] - step_config: | - include ::tripleo::profile::base::ceilometer::collector diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml deleted file mode 100644 index 06c2ed12..00000000 --- a/puppet/services/ceilometer-expirer.yaml +++ /dev/null @@ -1,27 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Ceilometer API service configured with Puppet - -parameters: - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - - -resources: - CeilometerServiceBase: - type: ./ceilometer-base.yaml - properties: - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer API role. - value: - config_settings: - get_attr: [CeilometerServiceBase, role_data, config_settings] - step_config: | - include ::tripleo::profile::base::ceilometer::api diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml new file mode 100644 index 00000000..065901b8 --- /dev/null +++ b/puppet/services/ceph-base.yaml @@ -0,0 +1,94 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph base service. Shared by all Ceph services. + +parameters: + CephAdminKey: + default: '' + description: The Ceph admin client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true + CephClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClientUserName: + default: openstack + type: string + CephClusterFSID: + default: '' + type: string + description: The Ceph cluster FSID. Must be a UUID. + CephIPv6: + default: False + type: boolean + CinderRbdPoolName: + default: volumes + type: string + CinderBackupRbdPoolName: + default: backups + type: string + GlanceRbdPoolName: + default: images + type: string + GnocchiRbdPoolName: + default: metrics + type: string + NovaRbdPoolName: + default: vms + type: string + # DEPRECATED options for compatibility with overcloud.yaml + # This should be removed and manipulation of the ControllerServices list + # used instead, but we need client support for that first + ControllerEnableCephStorage: + default: false + description: Whether to deploy Ceph Storage (OSD) on the Controller + type: boolean + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - ControllerEnableCephStorage + +outputs: + role_data: + description: Role data for the Ceph base service. + value: + config_settings: + tripleo::profile::base::ceph::ceph_ipv6: {get_param: CephIPv6} + tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage} + ceph::profile::params::fsid: {get_param: CephClusterFSID} + ceph::profile::params::client_keys: + str_replace: + template: "{ + client.admin: { + secret: 'ADMIN_KEY', + mode: '0600', + cap_mon: 'allow *', + cap_osd: 'allow *', + cap_mds: 'allow *' + }, + client.bootstrap-osd: { + secret: 'ADMIN_KEY', + keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring', + cap_mon: 'allow profile bootstrap-osd' + }, + client.CLIENT_USER: { + secret: 'CLIENT_KEY', + mode: '0644', + cap_mon: 'allow r', + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' + } + }" + params: + CLIENT_USER: {get_param: CephClientUserName} + CLIENT_KEY: {get_param: CephClientKey} + ADMIN_KEY: {get_param: CephAdminKey} + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} diff --git a/puppet/services/ceph-client.yaml b/puppet/services/ceph-client.yaml new file mode 100644 index 00000000..ca920a5f --- /dev/null +++ b/puppet/services/ceph-client.yaml @@ -0,0 +1,24 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph Client service. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CephBase: + type: ./ceph-base.yaml + +outputs: + role_data: + description: Role data for the Cinder OSD service. + value: + config_settings: + get_attr: [CephBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::ceph::client diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml new file mode 100644 index 00000000..4522f416 --- /dev/null +++ b/puppet/services/ceph-external.yaml @@ -0,0 +1,65 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph External service. + +parameters: + CephClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClientUserName: + default: openstack + type: string + CephClusterFSID: + default: '' + type: string + description: The Ceph cluster FSID. Must be a UUID. + CephExternalMonHost: + default: '' + type: string + description: List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments. + CinderRbdPoolName: + default: volumes + type: string + CinderBackupRbdPoolName: + default: backups + type: string + GlanceRbdPoolName: + default: images + type: string + GnocchiRbdPoolName: + default: metrics + type: string + NovaRbdPoolName: + default: vms + type: string + +outputs: + role_data: + description: Role data for the Ceph External service. + value: + config_settings: + tripleo::profile::base::ceph::ceph_mon_host: {get_param: CephExternalMonHost} + ceph::profile::params::fsid: {get_param: CephClusterFSID} + ceph::profile::params::client_keys: + str_replace: + template: "{ + client.CLIENT_USER: { + secret: 'CLIENT_KEY', + mode: '0644', + cap_mon: 'allow r', + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' + } + }" + params: + CLIENT_USER: {get_param: CephClientUserName} + CLIENT_KEY: {get_param: CephClientKey} + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + step_config: | + include ::tripleo::profile::base::ceph::client diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml new file mode 100644 index 00000000..d6e3aa70 --- /dev/null +++ b/puppet/services/ceph-mon.yaml @@ -0,0 +1,56 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph Monitor service. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CephIPv6: + default: False + type: boolean + CephMonKey: + default: '' + description: The Ceph monitors key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true + CinderRbdPoolName: + default: volumes + type: string + CinderBackupRbdPoolName: + default: backups + type: string + GlanceRbdPoolName: + default: images + type: string + GnocchiRbdPoolName: + default: metrics + type: string + NovaRbdPoolName: + default: vms + type: string + +resources: + CephBase: + type: ./ceph-base.yaml + +outputs: + role_data: + description: Role data for the Ceph Monitor service. + value: + config_settings: + map_merge: + - get_attr: [CephBase, role_data, config_settings] + - ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} + ceph::profile::params::mon_key: {get_param: CephMonKey} + tripleo::profile::base::ceph::mon::ceph_pools: + - {get_param: CinderRbdPoolName} + - {get_param: CinderBackupRbdPoolName} + - {get_param: NovaRbdPoolName} + - {get_param: GlanceRbdPoolName} + - {get_param: GnocchiRbdPoolName} + step_config: | + include ::tripleo::profile::base::ceph::mon diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml new file mode 100644 index 00000000..24f60283 --- /dev/null +++ b/puppet/services/ceph-osd.yaml @@ -0,0 +1,24 @@ +heat_template_version: 2016-04-08 + +description: > + Ceph OSD service. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CephBase: + type: ./ceph-base.yaml + +outputs: + role_data: + description: Role data for the Cinder OSD service. + value: + config_settings: + get_attr: [CephBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::base::ceph::osd diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index d28f40e6..41f3827d 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -36,6 +36,12 @@ parameters: NFS servers used by Cinder NFS backend. Effective when CinderEnableNfsBackend is true. type: comma_delimited_list + CinderRbdPoolName: + default: volumes + type: string + CephClientUserName: + default: openstack + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -67,5 +73,7 @@ outputs: SERVERS: {get_param: CinderNfsServers} tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper} + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: {get_param: CinderRbdPoolName} + tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName} step_config: | include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 89e6ee0f..f1f98a8e 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -9,6 +9,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + CephClientUserName: + default: openstack + type: string Debug: default: '' description: Set to True to enable debugging on all services. @@ -36,6 +39,9 @@ parameters: default: 0 description: Number of workers for Glance service. type: number + GlanceRbdPoolName: + default: images + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -85,6 +91,8 @@ outputs: glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::backend::swift::swift_store_user: service:glance glance::backend::swift::swift_store_key: {get_param: GlancePassword} + glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} glance_backend: {get_param: GlanceBackend} glance::db::mysql::password: {get_param: GlancePassword} glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml new file mode 100644 index 00000000..e1626d5b --- /dev/null +++ b/puppet/services/ironic-api.yaml @@ -0,0 +1,43 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ironic API configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + IronicPassword: + description: The password for the Ironic service and db account, used by the Ironic services + type: string + hidden: true + +resources: + IronicBase: + type: ./ironic-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ironic API role. + value: + config_settings: + map_merge: + - get_attr: [IronicBase, role_data, config_settings] + # NOTE(dtantsur): the my_ip parameter is heavily overloaded in + # ironic. It's used as a default value for e.g. TFTP server IP, + # glance and neutron endpoints, virtual console IP. We override + # the TFTP server IP in ironic-conductor.yaml as it should not be + # the VIP, but rather a real IP of the controller. + - ironic::my_ip: {get_param: [EndpointMap, MysqlInternal, host]} + ironic::api::admin_password: {get_param: IronicPassword} + ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri]} + ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri]} + ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri]} + ironic::keystone::auth::password: {get_param: IronicPassword } + + step_config: | + include ::tripleo::profile::base::ironic::api diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml new file mode 100644 index 00000000..0eaa53cb --- /dev/null +++ b/puppet/services/ironic-base.yaml @@ -0,0 +1,64 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ironic services configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + IronicPassword: + description: The password for the Ironic service and db account, used by the Ironic services + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + +outputs: + role_data: + description: Role data for the Ironic role. + value: + config_settings: + ironic_dsn: &ironic_dsn + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://ironic:' + - {get_param: IronicPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/ironic' + ironic::admin_tenant_name: 'service' + ironic::database_connection: *ironic_dsn + ironic::debug: {get_param: Debug} + ironic::rabbit_userid: {get_param: RabbitUserName} + ironic::rabbit_password: {get_param: RabbitPassword} + ironic::rabbit_port: {get_param: RabbitClientPort} + ironic::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + ironic::db::mysql::password: {get_param: IronicPassword} + ironic::keystone::auth::tenant: 'service' + + step_config: | + include ::tripleo::profile::base::ironic diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml new file mode 100644 index 00000000..3fb3d9fd --- /dev/null +++ b/puppet/services/ironic-conductor.yaml @@ -0,0 +1,36 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Ironic conductor configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + IronicEnabledDrivers: + default: ['pxe_ipmitool', 'agent_ipmitool'] + description: Enabled Ironic drivers + type: comma_delimited_list + +resources: + IronicBase: + type: ./ironic-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Ironic conductor role. + value: + config_settings: + map_merge: + - get_attr: [IronicBase, role_data, config_settings] + - ironic::enabled_drivers: {get_param: IronicEnabledDrivers} + # Prevent tftp_server from defaulting to my_ip setting, which is + # controller VIP, not a real IP. + ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network} + + step_config: | + include ::tripleo::profile::base::ironic::conductor diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 0844aa85..679586f7 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -16,10 +16,18 @@ resources: outputs: role_data: - description: Role data for the Nova Conductor service. + description: Role data for the Nova Compute service. value: config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] + - nova::compute::libvirt::manage_libvirt_services: false + # we manage migration in nova common puppet profile + nova::compute::libvirt::migration_support: false + tripleo::profile::base::nova::manage_migration: true + tripleo::profile::base::nova::nova_compute_enabled: true step_config: | - include tripleo::profile::base::nova::compute + # TODO(emilien): figure how to deal with libvirt profile. + # We'll probably threat it like we do with Neutron plugins. + # Until then, just include it in the default nova-compute role. + include tripleo::profile::base::nova::compute::libvirt diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml new file mode 100644 index 00000000..e3309c32 --- /dev/null +++ b/puppet/services/nova-libvirt.yaml @@ -0,0 +1,31 @@ +heat_template_version: 2016-04-08 + +description: > + Libvirt service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + NovaBase: + type: ./nova-base.yaml + +outputs: + role_data: + description: Role data for the Libvirt service. + value: + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + # we include ::nova::compute::libvirt::services in nova/libvirt profile + - nova::compute::libvirt::manage_libvirt_services: false + # we manage migration in nova common puppet profile + nova::compute::libvirt::migration_support: false + tripleo::profile::base::nova::manage_migration: true + tripleo::profile::base::nova::libvirt_enabled: true + step_config: | + include tripleo::profile::base::nova::libvirt diff --git a/puppet/services/pacemaker/ceilometer-agent-central.yaml b/puppet/services/pacemaker/ceilometer-agent-central.yaml deleted file mode 100644 index 7f2fb5ca..00000000 --- a/puppet/services/pacemaker/ceilometer-agent-central.yaml +++ /dev/null @@ -1,29 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Ceilometer Central Agent service with Pacemaker configured with Puppet - -parameters: - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - CeilometerServiceBase: - type: ../ceilometer-base.yaml - properties: - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer Central Agent pacemaker role. - value: - config_settings: - map_merge: - - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::agent::central::manage_service: false - - ceilometer::agent::central::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::ceilometer::agent::central diff --git a/puppet/services/pacemaker/ceilometer-agent-notification.yaml b/puppet/services/pacemaker/ceilometer-agent-notification.yaml deleted file mode 100644 index 3ad1a1ed..00000000 --- a/puppet/services/pacemaker/ceilometer-agent-notification.yaml +++ /dev/null @@ -1,29 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Ceilometer Notification Agent service with Pacemaker configured with Puppet - -parameters: - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - CeilometerServiceBase: - type: ../ceilometer-base.yaml - properties: - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer Notification Agent pacemaker role. - value: - config_settings: - map_merge: - - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::agent::notification::manage_service: false - - ceilometer::agent::notification::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::ceilometer::agent::notification diff --git a/puppet/services/pacemaker/ceilometer-api.yaml b/puppet/services/pacemaker/ceilometer-api.yaml deleted file mode 100644 index de361de7..00000000 --- a/puppet/services/pacemaker/ceilometer-api.yaml +++ /dev/null @@ -1,29 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Ceilometer API service with Pacemaker configured with Puppet - -parameters: - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - CeilometerServiceBase: - type: ../ceilometer-base.yaml - properties: - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer API pacemaker role. - value: - config_settings: - map_merge: - - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::api::manage_service: false - - ceilometer::api::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::ceilometer::api diff --git a/puppet/services/pacemaker/ceilometer-collector.yaml b/puppet/services/pacemaker/ceilometer-collector.yaml deleted file mode 100644 index 53fb4716..00000000 --- a/puppet/services/pacemaker/ceilometer-collector.yaml +++ /dev/null @@ -1,29 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Ceilometer Collector service with Pacemaker configured with Puppet - -parameters: - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - CeilometerServiceBase: - type: ../ceilometer-base.yaml - properties: - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer Collector pacemaker role. - value: - config_settings: - map_merge: - - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::collector::manage_service: false - - ceilometer::collector::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::ceilometer::collector diff --git a/puppet/services/pacemaker/heat-api-cfn.yaml b/puppet/services/pacemaker/heat-api-cfn.yaml index 5833c42d..780c295e 100644 --- a/puppet/services/pacemaker/heat-api-cfn.yaml +++ b/puppet/services/pacemaker/heat-api-cfn.yaml @@ -25,7 +25,5 @@ outputs: - get_attr: [HeatApiCfnBase, role_data, config_settings] - heat::api_cfn::manage_service: false heat::api_cfn::enabled: false - step_config: - # No puppet manifests since heat-api-cfn is included in - # ::tripleo::profile::pacemaker::heat which is maintained alongside of - # pacemaker/heat-api.yaml. + step_config: | + include ::tripleo::profile::pacemaker::heat::api_cfn diff --git a/puppet/services/pacemaker/heat-api-cloudwatch.yaml b/puppet/services/pacemaker/heat-api-cloudwatch.yaml index 8b67702c..2fa82fe7 100644 --- a/puppet/services/pacemaker/heat-api-cloudwatch.yaml +++ b/puppet/services/pacemaker/heat-api-cloudwatch.yaml @@ -25,7 +25,5 @@ outputs: - get_attr: [HeatApiCloudwatchBase, role_data, config_settings] - heat::api_cloudwatch::manage_service: false heat::api_cloudwatch::enabled: false - step_config: - # No puppet manifests since heat-api-cloudwatch is included in - # ::tripleo::profile::pacemaker::heat which is maintained alongside of - # pacemaker/heat-api.yaml. + step_config: | + include ::tripleo::profile::pacemaker::heat::api_cloudwatch diff --git a/puppet/services/pacemaker/heat-api.yaml b/puppet/services/pacemaker/heat-api.yaml index 6628e8dd..be897a55 100644 --- a/puppet/services/pacemaker/heat-api.yaml +++ b/puppet/services/pacemaker/heat-api.yaml @@ -26,4 +26,4 @@ outputs: - heat::api::manage_service: false heat::api::enabled: false step_config: | - include ::tripleo::profile::pacemaker::heat + include ::tripleo::profile::pacemaker::heat::api diff --git a/puppet/services/pacemaker/heat-engine.yaml b/puppet/services/pacemaker/heat-engine.yaml index e1195780..a8ed5c0c 100644 --- a/puppet/services/pacemaker/heat-engine.yaml +++ b/puppet/services/pacemaker/heat-engine.yaml @@ -26,7 +26,5 @@ outputs: - get_attr: [HeatEngineBase, role_data, config_settings] - heat::engine::manage_service: false heat::engine::enabled: false - step_config: - # No puppet manifests since heat-engine is included in - # ::tripleo::profile::pacemaker::heat which is maintained alongside of - # pacemaker/heat-api.yaml. + step_config: | + include ::tripleo::profile::pacemaker::heat::engine diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 581b4ba4..3688c4a8 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -18,7 +18,7 @@ parameters: type: string hidden: true RabbitFDLimit: - default: 16384 + default: 65536 description: Configures RabbitMQ FD limit type: string RabbitIPv6: diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index 7ed880fc..91f0e049 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -27,9 +27,8 @@ resources: EndpointMap: {get_param: EndpointMap} outputs: - config_settings: - description: Configuration settings. - value: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} - step_config: - description: Step configuration. - value: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} + role_data: + description: Combined Role data for this set of services. + value: + config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} + step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml new file mode 100644 index 00000000..24ee2933 --- /dev/null +++ b/puppet/services/snmp.yaml @@ -0,0 +1,31 @@ +heat_template_version: 2016-04-08 + +description: > + SNMP client configured with Puppet, to facilitate Ceilometer Hardware + monitoring in the undercloud. This service is required to enable hardware + monitoring. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + +outputs: + role_data: + description: Role data for the SNMP services + value: + config_settings: + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + step_config: | + include ::tripleo::profile::base::snmp diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml new file mode 100644 index 00000000..980c95f5 --- /dev/null +++ b/puppet/services/swift-storage.yaml @@ -0,0 +1,44 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Swift Storage service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + SwiftMountCheck: + default: false + description: Value of mount_check in Swift account/container/object -server.conf + type: boolean + + # DEPRECATED options for compatibility with overcloud.yaml + # This should be removed and manipulation of the ControllerServices list + # used instead, but we need client support for that first + ControllerEnableSwiftStorage: + default: true + description: Whether to enable Swift Storage on the Controller + type: boolean + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - ControllerEnableSwiftStorage + +outputs: + role_data: + description: Role data for the Swift Proxy role. + value: + config_settings: + # Swift + swift::storage::all::mount_check: {get_param: SwiftMountCheck} + tripleo::profile::base::swift::storage::enable_swift_storage: {get_param: ControllerEnableSwiftStorage} + step_config: | + include ::tripleo::profile::base::swift::storage diff --git a/puppet/services/time/timezone.yaml b/puppet/services/time/timezone.yaml new file mode 100644 index 00000000..13fda986 --- /dev/null +++ b/puppet/services/time/timezone.yaml @@ -0,0 +1,24 @@ +heat_template_version: 2016-04-08 + +description: > + Composable Timezone service + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + TimeZone: + default: 'UTC' + description: The timezone to be set on the overcloud. + type: string + +outputs: + role_data: + description: Timezone role using composable services. + value: + config_settings: + timezone::timezone: {get_param: TimeZone} + step_config: | + include ::timezone diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml index 1aba2bb4..1c36a047 100644 --- a/puppet/swift-storage-post.yaml +++ b/puppet/swift-storage-post.yaml @@ -8,13 +8,12 @@ parameters: type: boolean servers: type: json - NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - StepConfig: + RoleData: + type: json + default: {} + DeployIdentifier: type: string - description: Config manifests that will be used to step through the deployment. - default: '' + description: Value which changes if the node configuration may need to be re-applied resources: @@ -27,7 +26,7 @@ resources: servers: {get_param: servers} config: {get_resource: StorageArtifactsConfig} input_values: - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} StoragePuppetConfig: type: OS::Heat::SoftwareConfig @@ -46,7 +45,7 @@ resources: - '' - - get_file: manifests/overcloud_object.pp - get_file: manifests/ringbuilder.pp - - {get_param: StepConfig} + - {get_param: [RoleData, step_config]} StorageRingbuilderDeployment_Step2: type: OS::Heat::StructuredDeployments @@ -57,7 +56,7 @@ resources: config: {get_resource: StoragePuppetConfig} input_values: step: 2 - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} StorageRingbuilderDeployment_Step3: type: OS::Heat::StructuredDeployments @@ -68,7 +67,7 @@ resources: config: {get_resource: StoragePuppetConfig} input_values: step: 3 - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} StorageDeployment_Step4: type: OS::Heat::StructuredDeployments @@ -79,7 +78,7 @@ resources: config: {get_resource: StoragePuppetConfig} input_values: step: 4 - update_identifier: {get_param: NodeConfigIdentifiers} + update_identifier: {get_param: DeployIdentifier} # Note, this should come last, so use depends_on to ensure # this is created after any other resources. diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index 30f7657b..e663fb6d 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -18,10 +18,6 @@ parameters: default: default description: Name of an existing Nova key pair to enable SSH access to the instances type: string - MountCheck: - default: 'false' - description: Value of mount_check in Swift account/container/object -server.conf - type: boolean MinPartHours: type: number default: 1 @@ -61,10 +57,6 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json - TimeZone: - default: 'UTC' - description: The timezone to be set on Ceph nodes. - type: string Hostname: type: string default: '' # Defaults to Heat created hostname @@ -286,9 +278,7 @@ resources: tripleo::ringbuilder::part_power: { get_input: swift_part_power } tripleo::ringbuilder::replicas: {get_input: swift_replicas } swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} - swift_mount_check: {get_input: swift_mount_check } tripleo::ringbuilder::min_part_hours: { get_input: swift_min_part_hours } - timezone::timezone: {get_input: timezone} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} tripleo::packages::enable_install: {get_input: enable_package_install} @@ -307,12 +297,10 @@ resources: snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} swift_hash_suffix: {get_param: HashSuffix} - swift_mount_check: {get_param: MountCheck} swift_min_part_hours: {get_param: MinPartHours} swift_ring_build: {get_param: RingBuild} swift_part_power: {get_param: PartPower} swift_replicas: { get_param: Replicas} - timezone: {get_param: TimeZone} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} @@ -425,11 +413,3 @@ outputs: management_ip_address: description: IP address of the server in the management network value: {get_attr: [ManagementPort, ip_address]} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: - list_join: - - ',' - - - {get_attr: [SwiftStorageHieraDeploy, deploy_stdout]} - - {get_attr: [NodeTLSCAData, deploy_stdout]} - - {get_param: UpdateIdentifier} diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml index 92234b6c..51129053 100644 --- a/puppet/vip-config.yaml +++ b/puppet/vip-config.yaml @@ -37,6 +37,7 @@ resources: internal_api_virtual_ip: {get_input: internal_api_virtual_ip} storage_virtual_ip: {get_input: storage_virtual_ip} storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} + ironic_api_vip: {get_input: ironic_api_vip} # public_virtual_ip and controller_virtual_ip are needed in # both HAproxy & keepalived. tripleo::haproxy::public_virtual_ip: {get_input: public_virtual_ip} |