summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/cinder-storage-puppet.yaml7
-rw-r--r--puppet/controller-puppet.yaml38
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp76
3 files changed, 69 insertions, 52 deletions
diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml
index c69a0f3c..007a489c 100644
--- a/puppet/cinder-storage-puppet.yaml
+++ b/puppet/cinder-storage-puppet.yaml
@@ -16,6 +16,11 @@ parameters:
default: 5000
description: The size of the loopback file used by the cinder LVM driver.
type: number
+ CinderPassword:
+ default: unset
+ description: The password for the cinder service and db account, used by cinder-api.
+ type: string
+ hidden: true
Debug:
default: ''
description: Set to True to enable debugging on all services.
@@ -158,7 +163,7 @@ resources:
config: {get_resource: BlockStorageConfig}
input_values:
debug: {get_param: Debug}
- cinder_dsn: {list_join: ['', ['mysql://cinder:unset@', {get_param: VirtualIP} , '/cinder']]}
+ cinder_dsn: {list_join: ['', ['mysql://cinder:', {get_param: CinderPassword}, '@', {get_param: VirtualIP} , '/cinder']]}
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
cinder_lvm_loop_device_size:
diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml
index c45fdced..c7cc4b66 100644
--- a/puppet/controller-puppet.yaml
+++ b/puppet/controller-puppet.yaml
@@ -11,7 +11,7 @@ parameters:
hidden: true
AdminToken:
default: unset
- description: The keystone auth secret.
+ description: The keystone auth secret and db password.
type: string
hidden: true
CeilometerBackend:
@@ -25,7 +25,7 @@ parameters:
hidden: true
CeilometerPassword:
default: unset
- description: The password for the ceilometer service account.
+ description: The password for the ceilometer service and db account.
type: string
hidden: true
CinderEnableIscsiBackend:
@@ -46,7 +46,7 @@ parameters:
type: number
CinderPassword:
default: unset
- description: The password for the cinder service account, used by cinder-api.
+ description: The password for the cinder service and db account, used by cinder-api.
type: string
hidden: true
CloudName:
@@ -137,7 +137,7 @@ parameters:
default: ''
GlancePassword:
default: unset
- description: The password for the glance service account, used by the glance services.
+ description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
GlancePort:
@@ -157,7 +157,7 @@ parameters:
- allowed_values: ['swift', 'file', 'rbd']
HeatPassword:
default: unset
- description: The password for the Heat service account, used by the Heat services.
+ description: The password for the Heat service and db account, used by the Heat services.
type: string
hidden: true
HeatStackDomainAdminPassword:
@@ -290,7 +290,7 @@ parameters:
type: string
NeutronPassword:
default: unset
- description: The password for the neutron service account, used by neutron agents.
+ description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
NeutronPublicInterface:
@@ -327,7 +327,7 @@ parameters:
type: string
NovaPassword:
default: unset
- description: The password for the nova service account, used by nova-api.
+ description: The password for the nova service and db account, used by nova-api.
type: string
hidden: true
NtpServer:
@@ -545,7 +545,9 @@ resources:
cinder_dsn:
list_join:
- ''
- - - 'mysql://cinder:unset@'
+ - - 'mysql://cinder:'
+ - {get_param: CinderPassword}
+ - '@'
- {get_param: VirtualIP}
- '/cinder'
glance_port: {get_param: GlancePort}
@@ -558,7 +560,9 @@ resources:
glance_dsn:
list_join:
- ''
- - - 'mysql://glance:unset@'
+ - - 'mysql://glance:'
+ - {get_param: GlancePassword}
+ - '@'
- {get_param: VirtualIP}
- '/glance'
heat_password: {get_param: HeatPassword}
@@ -566,7 +570,9 @@ resources:
heat_dsn:
list_join:
- ''
- - - 'mysql://heat:unset@'
+ - - 'mysql://heat:'
+ - {get_param: HeatPassword}
+ - '@'
- {get_param: VirtualIP}
- '/heat'
keystone_ca_certificate: {get_param: KeystoneCACertificate}
@@ -577,7 +583,9 @@ resources:
keystone_dsn:
list_join:
- ''
- - - 'mysql://keystone:unset@'
+ - - 'mysql://keystone:'
+ - {get_param: AdminToken}
+ - '@'
- {get_param: VirtualIP}
- '/keystone'
keystone_identity_uri:
@@ -622,7 +630,9 @@ resources:
neutron_dsn:
list_join:
- ''
- - - 'mysql://neutron:unset@'
+ - - 'mysql://neutron:'
+ - {get_param: NeutronPassword}
+ - '@'
- {get_param: VirtualIP}
- '/ovs_neutron?charset=utf8'
neutron_url:
@@ -652,7 +662,9 @@ resources:
nova_dsn:
list_join:
- ''
- - - 'mysql://nova:unset@'
+ - - 'mysql://nova:'
+ - {get_param: NovaPassword}
+ - '@'
- {get_param: VirtualIP}
- '/nova'
pcsd_password: {get_param: PcsdPassword}
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 99344532..a7aa40cb 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -94,14 +94,14 @@ if hiera('step') >= 1 {
replace => true,
}
- # MongoDB
- include ::mongodb::globals
-
- # FIXME: replace with service_manage => false on ::mongodb::server
- # when this is merged: https://github.com/puppetlabs/pupp etlabs-mongodb/pull/198
- class { '::mongodb::server' :
- service_ensure => undef,
- service_enable => false,
+ if downcase(hiera('ceilometer_backend')) == 'mongodb' {
+ include ::mongodb::globals
+ # FIXME: replace with service_manage => false on ::mongodb::server
+ # when this is merged: https://github.com/puppetlabs/pupp etlabs-mongodb/pull/198
+ class { '::mongodb::server' :
+ service_ensure => undef,
+ service_enable => false,
+ }
}
# Galera
@@ -208,10 +208,6 @@ if hiera('step') >= 2 {
require => Class['::mysql::server'],
before => Exec['galera-ready'],
}
- mysql_user { 'clustercheckuser@localhost' :
- password_hash => mysql_password($clustercheck_password),
- require => Exec['galera-ready'],
- }
}
# Redis
@@ -363,8 +359,8 @@ if hiera('step') >= 3 {
class { '::keystone':
sync_db => $sync_db,
- manage_service => $non_pcmk_start,
- enabled => $non_pcmk_start,
+ manage_service => false,
+ enabled => false,
}
#TODO: need a cleanup-keystone-tokens.sh solution here
@@ -696,6 +692,11 @@ if hiera('step') >= 3 {
if hiera('step') >= 4 {
if $pacemaker_master {
+ # Keystone
+ pacemaker::resource::service { $::keystone::params::service_name :
+ clone_params => "interleave=true",
+ }
+
# Cinder
pacemaker::resource::service { $::cinder::params::api_service :
clone_params => "interleave=true",
@@ -738,31 +739,30 @@ if hiera('step') >= 4 {
Pacemaker::Resource::Service[$::cinder::params::volume_service]],
}
- }
-
- # Glance
- pacemaker::resource::service { $::glance::params::registry_service_name :
- clone_params => "interleave=true",
- }
- pacemaker::resource::service { $::glance::params::api_service_name :
- clone_params => "interleave=true",
- }
+ # Glance
+ pacemaker::resource::service { $::glance::params::registry_service_name :
+ clone_params => "interleave=true",
+ }
+ pacemaker::resource::service { $::glance::params::api_service_name :
+ clone_params => "interleave=true",
+ }
- pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint':
- constraint_type => "order",
- first_resource => "${::glance::params::registry_service_name}-clone",
- second_resource => "${::glance::params::api_service_name}-clone",
- first_action => "start",
- second_action => "start",
- require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
- Pacemaker::Resource::Service[$::glance::params::api_service_name]],
- }
- pacemaker::constraint::colocation { 'glance-registry-with-glance-api-colocation':
- source => "${::glance::params::registry_service_name}-clone",
- target => "${::glance::params::api_service_name}-clone",
- score => "INFINITY",
- require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
- Pacemaker::Resource::Service[$::glance::params::api_service_name]],
+ pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint':
+ constraint_type => "order",
+ first_resource => "${::glance::params::registry_service_name}-clone",
+ second_resource => "${::glance::params::api_service_name}-clone",
+ first_action => "start",
+ second_action => "start",
+ require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
+ Pacemaker::Resource::Service[$::glance::params::api_service_name]],
+ }
+ pacemaker::constraint::colocation { 'glance-registry-with-glance-api-colocation':
+ source => "${::glance::params::registry_service_name}-clone",
+ target => "${::glance::params::api_service_name}-clone",
+ score => "INFINITY",
+ require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
+ Pacemaker::Resource::Service[$::glance::params::api_service_name]],
+ }
}
} #END STEP 4