diff options
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/controller.yaml | 30 | ||||
-rw-r--r-- | puppet/manifests/overcloud_controller.pp | 16 | ||||
-rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 19 | ||||
-rw-r--r-- | puppet/manifests/overcloud_object.pp | 64 | ||||
-rw-r--r-- | puppet/manifests/ringbuilder.pp | 5 | ||||
-rw-r--r-- | puppet/services/swift-proxy.yaml | 49 | ||||
-rw-r--r-- | puppet/swift-storage-post.yaml | 48 |
7 files changed, 115 insertions, 116 deletions
diff --git a/puppet/controller.yaml b/puppet/controller.yaml index ca38c80e..8025ff41 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -560,11 +560,6 @@ parameters: default: true description: Whether to manage Swift rings or not type: boolean - SwiftPassword: - description: The password for the swift service account, used by the swift proxy - services. - hidden: true - type: string SwiftProxyVirtualIP: type: string default: '' @@ -572,10 +567,6 @@ parameters: type: number default: 3 description: How many replicas to use in the swift rings. - SwiftWorkers: - default: 0 - description: Number of workers for Swift service. - type: number TimeZone: default: 'UTC' description: The timezone to be set on controller nodes. @@ -824,7 +815,6 @@ resources: cinder_workers: {get_param: CinderWorkers} nova_workers: {get_param: NovaWorkers} neutron_workers: {get_param: NeutronWorkers} - swift_workers: {get_param: SwiftWorkers} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} haproxy_log_address: {get_param: HAProxySyslogAddress} @@ -1059,18 +1049,11 @@ resources: control_virtual_interface: {get_param: ControlVirtualInterface} public_virtual_interface: {get_param: PublicVirtualInterface} swift_hash_suffix: {get_param: SwiftHashSuffix} - swift_password: {get_param: SwiftPassword} swift_part_power: {get_param: SwiftPartPower} swift_ring_build: {get_param: SwiftRingBuild} swift_replicas: {get_param: SwiftReplicas} swift_min_part_hours: {get_param: SwiftMinPartHours} swift_mount_check: {get_param: SwiftMountCheck} - swift_public_url: {get_param: [EndpointMap, SwiftPublic, uri]} - swift_internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} - swift_admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} - swift_public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} - swift_internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} - swift_admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} sahara_password: {get_param: SaharaPassword} @@ -1203,26 +1186,15 @@ resources: tripleo::fencing::config: {get_input: fencing_config} # Swift + # FIXME: need to move proxy_local_net_ip into swift-proxy.yaml swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network} - swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri} - swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri} swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} swift::swift_hash_suffix: {get_input: swift_hash_suffix} - swift::proxy::authtoken::admin_password: {get_input: swift_password} - swift::proxy::workers: {get_input: swift_workers} tripleo::ringbuilder::build_ring: { get_input: swift_ring_build } tripleo::ringbuilder::part_power: {get_input: swift_part_power} tripleo::ringbuilder::replicas: {get_input: swift_replicas} tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} swift_mount_check: {get_input: swift_mount_check} - swift::keystone::auth::public_url: {get_input: swift_public_url } - swift::keystone::auth::internal_url: {get_input: swift_internal_url } - swift::keystone::auth::admin_url: {get_input: swift_admin_url } - swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 } - swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 } - swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 } - swift::keystone::auth::password: {get_input: swift_password } - swift::keystone::auth::region: {get_input: keystone_region} # Cinder cinder_enable_db_purge: {get_input: cinder_enable_db_purge} diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 581317ae..74f6c3ac 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -117,9 +117,6 @@ if hiera('step') >= 2 { include ::aodh::db::mysql } - # pre-install swift here so we can build rings - include ::swift - $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) if $enable_ceph { @@ -449,19 +446,6 @@ if hiera('step') >= 4 { enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), } - # swift proxy - include ::swift::proxy - include ::swift::proxy::proxy_logging - include ::swift::proxy::healthcheck - include ::swift::proxy::cache - include ::swift::proxy::keystone - include ::swift::proxy::authtoken - include ::swift::proxy::staticweb - include ::swift::proxy::ratelimit - include ::swift::proxy::catch_errors - include ::swift::proxy::tempurl - include ::swift::proxy::formpost - # swift storage if str2bool(hiera('enable_swift_storage', true)) { class { '::swift::storage::all': diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 43301020..77b190a3 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -318,9 +318,6 @@ if hiera('step') >= 2 { } } - # pre-install swift here so we can build rings - include ::swift - # Ceph $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) @@ -698,22 +695,6 @@ MYSQL_HOST=localhost\n", enabled => false, } - # swift proxy - class { '::swift::proxy' : - manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, - } - include ::swift::proxy::proxy_logging - include ::swift::proxy::healthcheck - include ::swift::proxy::cache - include ::swift::proxy::keystone - include ::swift::proxy::authtoken - include ::swift::proxy::staticweb - include ::swift::proxy::ratelimit - include ::swift::proxy::catch_errors - include ::swift::proxy::tempurl - include ::swift::proxy::formpost - # swift storage if str2bool(hiera('enable_swift_storage', true)) { class {'::swift::storage::all': diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index ae074589..3585c993 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -16,42 +16,46 @@ include ::tripleo::packages include ::tripleo::firewall -create_resources(kmod::load, hiera('kernel_modules'), {}) -create_resources(sysctl::value, hiera('sysctl_settings'), {}) -Exec <| tag == 'kmod::load' |> -> Sysctl <| |> +if hiera('step') >= 1 { + create_resources(kmod::load, hiera('kernel_modules'), {}) + create_resources(sysctl::value, hiera('sysctl_settings'), {}) + Exec <| tag == 'kmod::load' |> -> Sysctl <| |> -if count(hiera('ntp::servers')) > 0 { - include ::ntp -} - -include ::timezone + include ::timezone -include ::swift -class { '::swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')), -} -if(!defined(File['/srv/node'])) { - file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['openstack-swift'], + if count(hiera('ntp::servers')) > 0 { + include ::ntp } } -$swift_components = ['account', 'container', 'object'] -swift::storage::filter::recon { $swift_components : } -swift::storage::filter::healthcheck { $swift_components : } +if hiera('step') >= 4 { + class { '::swift::storage::all': + mount_check => str2bool(hiera('swift_mount_check')), + } + if(!defined(File['/srv/node'])) { + file { '/srv/node': + ensure => directory, + owner => 'swift', + group => 'swift', + require => Package['openstack-swift'], + } + } + + $swift_components = ['account', 'container', 'object'] + swift::storage::filter::recon { $swift_components : } + swift::storage::filter::healthcheck { $swift_components : } -$snmpd_user = hiera('snmpd_readonly_user_name') -snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), -} -class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + $snmpd_user = hiera('snmpd_readonly_user_name') + snmp::snmpv3_user { $snmpd_user: + authtype => 'MD5', + authpass => hiera('snmpd_readonly_user_password'), + } + class { '::snmp': + agentaddress => ['udp:161','udp6:[::1]:161'], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + } + + hiera_include('object_classes') } -hiera_include('object_classes') package_manifest{'/var/lib/tripleo/installed-packages/overcloud_object': ensure => present} diff --git a/puppet/manifests/ringbuilder.pp b/puppet/manifests/ringbuilder.pp index a623da29..2411ff84 100644 --- a/puppet/manifests/ringbuilder.pp +++ b/puppet/manifests/ringbuilder.pp @@ -89,6 +89,11 @@ class tripleo::ringbuilder ( } } +if hiera('step') >= 2 { + # pre-install swift here so we can build rings + include ::swift +} + if hiera('step') >= 3 { include ::tripleo::ringbuilder } diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml new file mode 100644 index 00000000..a86aeaf5 --- /dev/null +++ b/puppet/services/swift-proxy.yaml @@ -0,0 +1,49 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Swift Proxy service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + SwiftPassword: + description: The password for the swift service account, used by the swift proxy services. + type: string + hidden: true + SwiftWorkers: + default: 0 + description: Number of workers for Swift service. + type: number + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + + +outputs: + role_data: + description: Role data for the Swift proxy service. + value: + config_settings: + # Swift + swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + swift::proxy::authtoken::admin_password: {get_param: SwiftPassword} + swift::proxy::workers: {get_param: SwiftWorkers} + swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} + swift::keystone::auth::internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} + swift::keystone::auth::admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} + swift::keystone::auth::public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} + swift::keystone::auth::internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} + swift::keystone::auth::admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} + swift::keystone::auth::password: {get_param: SwiftPassword} + swift::keystone::auth::region: {get_param: KeystoneRegion} + step_config: | + include ::tripleo::profile::base::swift::proxy diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml index b262f947..2b652443 100644 --- a/puppet/swift-storage-post.yaml +++ b/puppet/swift-storage-post.yaml @@ -31,51 +31,55 @@ resources: group: puppet options: enable_debug: {get_param: ConfigDebug} + enable_hiera: True + enable_facter: False + inputs: + - name: step outputs: - name: result config: - get_file: manifests/overcloud_object.pp + list_join: + - '' + - - get_file: manifests/overcloud_object.pp + - get_file: manifests/ringbuilder.pp - StorageDeployment_Step1: + StorageRingbuilderDeployment_Step2: type: OS::Heat::StructuredDeployments depends_on: StorageArtifactsDeploy properties: - name: StorageDeployment_Step1 + name: StorageRingbuilderDeployment_Step2 servers: {get_param: servers} config: {get_resource: StoragePuppetConfig} input_values: + step: 2 update_identifier: {get_param: NodeConfigIdentifiers} - StorageRingbuilderPuppetConfig: - type: OS::Heat::SoftwareConfig + StorageRingbuilderDeployment_Step3: + type: OS::Heat::StructuredDeployments + depends_on: StorageRingbuilderDeployment_Step2 properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - inputs: - - name: step - outputs: - - name: result - config: - get_file: manifests/ringbuilder.pp + name: StorageRingbuilderDeployment_Step3 + servers: {get_param: servers} + config: {get_resource: StoragePuppetConfig} + input_values: + step: 3 + update_identifier: {get_param: NodeConfigIdentifiers} - StorageRingbuilderDeployment_Step2: + StorageDeployment_Step4: type: OS::Heat::StructuredDeployments - depends_on: StorageDeployment_Step1 + depends_on: StorageRingbuilderDeployment_Step3 properties: - name: StorageRingbuilderDeployment_Step2 + name: StorageDeployment_Step4 servers: {get_param: servers} - config: {get_resource: StorageRingbuilderPuppetConfig} + config: {get_resource: StoragePuppetConfig} input_values: - step: 3 # Note ringbuilder.pp expects >=3 + step: 4 update_identifier: {get_param: NodeConfigIdentifiers} # Note, this should come last, so use depends_on to ensure # this is created after any other resources. ExtraConfig: - depends_on: StorageRingbuilderDeployment_Step2 + depends_on: StorageDeployment_Step4 type: OS::TripleO::NodeExtraConfigPost properties: servers: {get_param: servers} |