summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/controller-role.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml87
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml86
-rw-r--r--puppet/major_upgrade_steps.j2.yaml128
-rw-r--r--puppet/post-upgrade.j2.yaml27
-rw-r--r--puppet/post.j2.yaml90
-rw-r--r--puppet/puppet-steps.j288
-rw-r--r--puppet/services/README.rst18
-rw-r--r--puppet/services/aodh-api.yaml3
-rw-r--r--puppet/services/ceilometer-api.yaml3
-rw-r--r--puppet/services/cinder-backend-dellps.yaml85
-rw-r--r--puppet/services/cinder-backend-dellsc.yaml85
-rw-r--r--puppet/services/gnocchi-api.yaml9
-rw-r--r--puppet/services/ironic-api.yaml5
-rw-r--r--puppet/services/ironic-conductor.yaml9
-rw-r--r--puppet/services/keystone.yaml3
-rw-r--r--puppet/services/memcached.yaml8
-rw-r--r--puppet/services/metrics/collectd.yaml111
-rw-r--r--puppet/services/nova-api.yaml51
-rw-r--r--puppet/services/nova-base.yaml6
-rw-r--r--puppet/services/nova-compute.yaml5
-rw-r--r--puppet/services/nova-libvirt.yaml1
-rw-r--r--puppet/services/octavia-api.yaml4
-rw-r--r--puppet/services/octavia-health-manager.yaml61
-rw-r--r--puppet/services/octavia-housekeeping.yaml70
-rw-r--r--puppet/services/octavia-worker.yaml102
26 files changed, 772 insertions, 375 deletions
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml
index 9e35af5f..d3268ee2 100644
--- a/puppet/controller-role.yaml
+++ b/puppet/controller-role.yaml
@@ -458,9 +458,7 @@ resources:
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
- - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
- cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
- - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
- neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
- neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
deleted file mode 100644
index 7d639883..00000000
--- a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
+++ /dev/null
@@ -1,87 +0,0 @@
-heat_template_version: ocata
-
-description: Configure hieradata for Cinder Dell Storage Center configuration
-
-parameters:
- server:
- description: ID of the controller node to apply this config to
- type: string
-
- # Config specific parameters, to be provided via parameter_defaults
- CinderEnableDellScBackend:
- type: boolean
- default: true
- CinderDellScBackendName:
- type: string
- default: 'tripleo_dellsc'
- CinderDellScSanIp:
- type: string
- CinderDellScSanLogin:
- type: string
- default: 'Admin'
- CinderDellScSanPassword:
- type: string
- hidden: true
- CinderDellScSsn:
- type: string
- default: '64702'
- CinderDellScIscsiIpAddress:
- type: string
- default: ''
- CinderDellScIscsiPort:
- type: string
- default: '3260'
- CinderDellScApiPort:
- type: string
- default: '3033'
- CinderDellScServerFolder:
- type: string
- default: 'dellsc_server'
- CinderDellScVolumeFolder:
- type: string
- default: 'dellsc_volume'
-
-resources:
- CinderDellScConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: os-apply-config
- config:
- hiera:
- datafiles:
- cinder_dellsc_data:
- mapped_data:
- tripleo::profile::base::cinder::volume::cinder_enable_dellsc_backend: {get_input: EnableDellScBackend}
- cinder::backend::dellsc_iscsi::volume_backend_name: {get_input: DellScBackendName}
- cinder::backend::dellsc_iscsi::san_ip: {get_input: DellScSanIp}
- cinder::backend::dellsc_iscsi::san_login: {get_input: DellScSanLogin}
- cinder::backend::dellsc_iscsi::san_password: {get_input: DellScSanPassword}
- cinder::backend::dellsc_iscsi::dell_sc_ssn: {get_input: DellScSsn}
- cinder::backend::dellsc_iscsi::iscsi_ip_address: {get_input: DellScIscsiIpAddress}
- cinder::backend::dellsc_iscsi::iscsi_port: {get_input: DellScIscsiPort}
- cinder::backend::dellsc_iscsi::dell_sc_api_port: {get_input: DellScApiPort}
- cinder::backend::dellsc_iscsi::dell_sc_server_folder: {get_input: DellScServerFolder}
- cinder::backend::dellsc_iscsi::dell_sc_volume_folder: {get_input: DellScVolumeFolder}
-
- CinderDellScDeployment:
- type: OS::Heat::StructuredDeployment
- properties:
- config: {get_resource: CinderDellScConfig}
- server: {get_param: server}
- input_values:
- EnableDellScBackend: {get_param: CinderEnableDellScBackend}
- DellScBackendName: {get_param: CinderDellScBackendName}
- DellScSanIp: {get_param: CinderDellScSanIp}
- DellScSanLogin: {get_param: CinderDellScSanLogin}
- DellScSanPassword: {get_param: CinderDellScSanPassword}
- DellScSsn: {get_param: CinderDellScSsn}
- DellScIscsiIpAddress: {get_param: CinderDellScIscsiIpAddress}
- DellScIscsiPort: {get_param: CinderDellScIscsiPort}
- DellScApiPort: {get_param: CinderDellScApiPort}
- DellScServerFolder: {get_param: CinderDellScServerFolder}
- DellScVolumeFolder: {get_param: CinderDellScVolumeFolder}
-
-outputs:
- deploy_stdout:
- description: Deployment reference, used to trigger puppet apply on changes
- value: {get_attr: [CinderDellScDeployment, deploy_stdout]}
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
deleted file mode 100644
index 30509044..00000000
--- a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
+++ /dev/null
@@ -1,86 +0,0 @@
-heat_template_version: ocata
-
-description: Configure hieradata for Cinder Eqlx configuration
-
-parameters:
- server:
- description: ID of the controller node to apply this config to
- type: string
-
- # Config specific parameters, to be provided via parameter_defaults
- CinderEnableEqlxBackend:
- type: boolean
- default: true
- CinderEqlxBackendName:
- type: string
- default: 'tripleo_eqlx'
- CinderEqlxSanIp:
- type: string
- CinderEqlxSanLogin:
- type: string
- CinderEqlxSanPassword:
- type: string
- hidden: true
- CinderEqlxSanThinProvision:
- type: boolean
- default: true
- CinderEqlxGroupname:
- type: string
- default: 'group-0'
- CinderEqlxPool:
- type: string
- default: 'default'
- CinderEqlxChapLogin:
- type: string
- default: ''
- CinderEqlxChapPassword:
- type: string
- default: ''
- CinderEqlxUseChap:
- type: boolean
- default: false
-
-resources:
- CinderEqlxConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: os-apply-config
- config:
- hiera:
- datafiles:
- cinder_eqlx_data:
- mapped_data:
- tripleo::profile::base::cinder::volume::cinder_enable_eqlx_backend: {get_input: EnableEqlxBackend}
- cinder::backend::eqlx::volume_backend_name: {get_input: EqlxBackendName}
- cinder::backend::eqlx::san_ip: {get_input: EqlxSanIp}
- cinder::backend::eqlx::san_login: {get_input: EqlxSanLogin}
- cinder::backend::eqlx::san_password: {get_input: EqlxSanPassword}
- cinder::backend::eqlx::san_thin_provision: {get_input: EqlxSanThinProvision}
- cinder::backend::eqlx::eqlx_group_name: {get_input: EqlxGroupname}
- cinder::backend::eqlx::eqlx_pool: {get_input: EqlxPool}
- cinder::backend::eqlx::eqlx_use_chap: {get_input: EqlxUseChap}
- cinder::backend::eqlx::eqlx_chap_login: {get_input: EqlxChapLogin}
- cinder::backend::eqlx::eqlx_chap_password: {get_input: EqlxChapPassword}
-
- CinderEqlxDeployment:
- type: OS::Heat::StructuredDeployment
- properties:
- config: {get_resource: CinderEqlxConfig}
- server: {get_param: server}
- input_values:
- EnableEqlxBackend: {get_param: CinderEnableEqlxBackend}
- EqlxBackendName: {get_param: CinderEqlxBackendName}
- EqlxSanIp: {get_param: CinderEqlxSanIp}
- EqlxSanLogin: {get_param: CinderEqlxSanLogin}
- EqlxSanPassword: {get_param: CinderEqlxSanPassword}
- EqlxSanThinProvision: {get_param: CinderEqlxSanThinProvision}
- EqlxGroupname: {get_param: CinderEqlxGroupname}
- EqlxPool: {get_param: CinderEqlxPool}
- EqlxUseChap: {get_param: CinderEqlxUseChap}
- EqlxChapLogin: {get_param: CinderEqlxChapLogin}
- EqlxChapPassword: {get_param: CinderEqlxChapPassword}
-
-outputs:
- deploy_stdout:
- description: Deployment reference, used to trigger puppet apply on changes
- value: {get_attr: [CinderEqlxDeployment, deploy_stdout]}
diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml
index eae85991..b879fafa 100644
--- a/puppet/major_upgrade_steps.j2.yaml
+++ b/puppet/major_upgrade_steps.j2.yaml
@@ -1,4 +1,6 @@
-{% set upgrade_steps_max = 8 -%}
+{% set enabled_roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
+{% set batch_upgrade_steps_max = 3 -%}
+{% set upgrade_steps_max = 6 -%}
heat_template_version: ocata
description: 'Upgrade steps for all roles'
@@ -18,54 +20,53 @@ parameters:
conditions:
# Conditions to disable any steps where the task list is empty
-{% for step in range(0, upgrade_steps_max) %}
- {% for role in roles %}
- UpgradeBatchConfig_Step{{step}}Enabled:
+{%- for role in roles %}
+ {{role.name}}UpgradeBatchConfigEnabled:
not:
equals:
- {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]}
- []
- UpgradeConfig_Step{{step}}Enabled:
+ {{role.name}}UpgradeConfigEnabled:
not:
equals:
- {get_param: [role_data, {{role.name}}, upgrade_tasks]}
- []
- {% endfor %}
-{% endfor %}
+{%- endfor %}
resources:
# Upgrade Steps for all roles, batched updates
-# FIXME(shardy): would be nice to make the number of steps configurable
-{% for step in range(0, upgrade_steps_max) %}
- {% for role in roles %}
- # Step {{step}} resources
+# The UpgradeConfig resources could actually be created without
+# serialization, but the event output is easier to follow if we
+# do, and there should be minimal performance hit (creating the
+# config is cheap compared to the time to apply the deployment).
+{% for step in range(0, batch_upgrade_steps_max) %}
+ # Batch config resources step {{step}}
+ {%- for role in roles %}
{{role.name}}UpgradeBatchConfig_Step{{step}}:
type: OS::TripleO::UpgradeConfig
- condition: UpgradeBatchConfig_Step{{step}}Enabled
- # The UpgradeConfig resources could actually be created without
- # serialization, but the event output is easier to follow if we
- # do, and there should be minimal performance hit (creating the
- # config is cheap compared to the time to apply the deployment).
- {% if step > 0 %}
+ {%- if step > 0 %}
depends_on:
- {% for dep in roles %}
+ {%- for dep in enabled_roles %}
- {{dep.name}}UpgradeBatch_Step{{step -1}}
- {% endfor %}
- {% endif %}
+ {%- endfor %}
+ {%- endif %}
properties:
UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]}
step: {{step}}
+ {%- endfor %}
+ # Batch deployment resources for step {{step}} (only for enabled roles)
+ {%- for role in enabled_roles %}
{{role.name}}UpgradeBatch_Step{{step}}:
- type: OS::Heat::StructuredDeploymentGroup
- condition: UpgradeBatchConfig_Step{{step}}Enabled
- {% if step > 0 %}
+ type: OS::Heat::SoftwareDeploymentGroup
+ condition: {{role.name}}UpgradeBatchConfigEnabled
+ {%- if step > 0 %}
depends_on:
- {% for dep in roles %}
+ {%- for dep in enabled_roles %}
- {{dep.name}}UpgradeBatch_Step{{step -1}}
- {% endfor %}
- {% endif %}
+ {%- endfor %}
+ {%- endif %}
update_policy:
batch_create:
max_batch_size: {{role.upgrade_batch_size|default(1)}}
@@ -78,52 +79,49 @@ resources:
input_values:
role: {{role.name}}
update_identifier: {get_param: UpdateIdentifier}
- {% endfor %}
-{% endfor %}
+ {%- endfor %}
+{%- endfor %}
# Upgrade Steps for all roles
-# FIXME(shardy): would be nice to make the number of steps configurable
-{% for step in range(0, upgrade_steps_max) %}
- {% for role in roles %}
- # Step {{step}} resources
+{%- for step in range(0, upgrade_steps_max) %}
+ # Config resources for step {{step}}
+ {%- for role in roles %}
{{role.name}}UpgradeConfig_Step{{step}}:
type: OS::TripleO::UpgradeConfig
- condition: UpgradeConfig_Step{{step}}Enabled
# The UpgradeConfig resources could actually be created without
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
depends_on:
- {% if step > 0 %}
- {% for dep in roles %}
- {% if not dep.disable_upgrade_deployment|default(false) %}
+ {%- if step > 0 %}
+ {%- for dep in enabled_roles %}
- {{dep.name}}Upgrade_Step{{step -1}}
- {% endif %}
- {% endfor %}
- {% else %}
- {% for dep in roles %}
- - {{dep.name}}UpgradeBatch_Step{{upgrade_steps_max -1}}
- {% endfor %}
- {% endif %}
+ {%- endfor %}
+ {%- else %}
+ {%- for dep in enabled_roles %}
+ - {{dep.name}}UpgradeBatch_Step{{batch_upgrade_steps_max -1}}
+ {%- endfor %}
+ {%- endif %}
properties:
UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]}
step: {{step}}
- {% if not role.disable_upgrade_deployment|default(false) %}
+ {%- endfor %}
+
+ # Deployment resources for step {{step}} (only for enabled roles)
+ {%- for role in enabled_roles %}
{{role.name}}Upgrade_Step{{step}}:
- type: OS::Heat::StructuredDeploymentGroup
- condition: UpgradeConfig_Step{{step}}Enabled
+ type: OS::Heat::SoftwareDeploymentGroup
+ condition: {{role.name}}UpgradeConfigEnabled
depends_on:
- {% if step > 0 %}
- {% for dep in roles %}
- {% if not dep.disable_upgrade_deployment|default(false) %}
+ {%- if step > 0 %}
+ {%- for dep in enabled_roles %}
- {{dep.name}}Upgrade_Step{{step -1}}
- {% endif %}
- {% endfor %}
- {% else %}
- {% for dep in roles %}
- - {{dep.name}}UpgradeBatch_Step{{upgrade_steps_max -1}}
- {% endfor %}
- {% endif %}
+ {%- endfor %}
+ {%- else %}
+ {%- for dep in enabled_roles %}
+ - {{dep.name}}UpgradeBatch_Step{{batch_upgrade_steps_max -1}}
+ {%- endfor %}
+ {%- endif %}
properties:
name: {{role.name}}Upgrade_Step{{step}}
servers: {get_param: [servers, {{role.name}}]}
@@ -131,9 +129,21 @@ resources:
input_values:
role: {{role.name}}
update_identifier: {get_param: UpdateIdentifier}
- {% endif %}
- {% endfor %}
-{% endfor %}
+ {%- endfor %}
+{%- endfor %}
+
+ # Post upgrade deployment steps for all roles
+ # This runs the normal configuration (e.g puppet) steps unless upgrade
+ # is disabled for the role
+ AllNodesPostUpgradeSteps:
+ type: OS::TripleO::PostUpgradeSteps
+ depends_on:
+{%- for dep in enabled_roles %}
+ - {{dep.name}}Upgrade_Step{{upgrade_steps_max - 1}}
+{%- endfor %}
+ properties:
+ servers: {get_param: servers}
+ role_data: {get_param: role_data}
outputs:
# Output the config for each role, just use Step1 as the config should be
diff --git a/puppet/post-upgrade.j2.yaml b/puppet/post-upgrade.j2.yaml
new file mode 100644
index 00000000..b84039de
--- /dev/null
+++ b/puppet/post-upgrade.j2.yaml
@@ -0,0 +1,27 @@
+heat_template_version: ocata
+
+description: >
+ Post-upgrade configuration steps via puppet for all roles
+ where upgrade is not disabled as defined in ../roles_data.yaml
+
+parameters:
+ servers:
+ type: json
+ description: Mapping of Role name e.g Controller to a list of servers
+
+ role_data:
+ type: json
+ description: Mapping of Role name e.g Controller to the per-role data
+
+ DeployIdentifier:
+ default: ''
+ type: string
+ description: >
+ Setting this to a unique value will re-run any deployment tasks which
+ perform configuration on a Heat stack-update.
+
+resources:
+# Note the include here is the same as post.j2.yaml but the data used at
+# the time of rendering is different if any roles disable upgrades
+{% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
+{% include 'puppet-steps.j2' %}
diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml
index 83c32868..39155c36 100644
--- a/puppet/post.j2.yaml
+++ b/puppet/post.j2.yaml
@@ -21,92 +21,4 @@ parameters:
perform configuration on a Heat stack-update.
resources:
- # Post deployment steps for all roles
- # A single config is re-applied with an incrementing step number
-{% for role in roles %}
- # {{role.name}} Role post deploy steps
- {{role.name}}ArtifactsConfig:
- type: deploy-artifacts.yaml
-
- {{role.name}}ArtifactsDeploy:
- type: OS::Heat::StructuredDeployments
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}ArtifactsConfig}
-
- {{role.name}}PreConfig:
- type: OS::TripleO::Tasks::{{role.name}}PreConfig
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
- {{role.name}}Config:
- type: OS::TripleO::{{role.name}}Config
- properties:
- StepConfig: {get_param: [role_data, {{role.name}}, step_config]}
-
- {% if role.name == 'Controller' %}
- ControllerPrePuppet:
- type: OS::TripleO::Tasks::ControllerPrePuppet
- properties:
- servers: {get_param: [servers, Controller]}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
- {% endif %}
-
- # Step through a series of configuration steps
-{% for step in range(1, 6) %}
- {{role.name}}Deployment_Step{{step}}:
- type: OS::Heat::StructuredDeploymentGroup
- {% if step == 1 %}
- depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy]
- {% else %}
- depends_on:
- {% for dep in roles %}
- - {{dep.name}}Deployment_Step{{step -1}}
- {% endfor %}
- {% endif %}
- properties:
- name: {{role.name}}Deployment_Step{{step}}
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}Config}
- input_values:
- step: {{step}}
- update_identifier: {get_param: DeployIdentifier}
-{% endfor %}
-
- {{role.name}}PostConfig:
- type: OS::TripleO::Tasks::{{role.name}}PostConfig
- depends_on:
- {% for dep in roles %}
- - {{dep.name}}Deployment_Step5
- {% endfor %}
- properties:
- servers: {get_param: servers}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- {{role.name}}ExtraConfigPost:
- depends_on:
- {% for dep in roles %}
- - {{dep.name}}PostConfig
- {% endfor %}
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: [servers, {{role.name}}]}
-
- {% if role.name == 'Controller' %}
- ControllerPostPuppet:
- depends_on:
- - ControllerExtraConfigPost
- type: OS::TripleO::Tasks::ControllerPostPuppet
- properties:
- servers: {get_param: [servers, Controller]}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
- {% endif %}
-
-{% endfor %}
+{% include 'puppet-steps.j2' %}
diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2
new file mode 100644
index 00000000..c3b54ccd
--- /dev/null
+++ b/puppet/puppet-steps.j2
@@ -0,0 +1,88 @@
+ # Post deployment steps for all roles
+ # A single config is re-applied with an incrementing step number
+{% for role in roles %}
+ # {{role.name}} Role post-deploy steps
+ {{role.name}}ArtifactsConfig:
+ type: deploy-artifacts.yaml
+
+ {{role.name}}ArtifactsDeploy:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}ArtifactsConfig}
+
+ {{role.name}}PreConfig:
+ type: OS::TripleO::Tasks::{{role.name}}PreConfig
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ {{role.name}}Config:
+ type: OS::TripleO::{{role.name}}Config
+ properties:
+ StepConfig: {get_param: [role_data, {{role.name}}, step_config]}
+
+ {% if role.name == 'Controller' %}
+ ControllerPrePuppet:
+ type: OS::TripleO::Tasks::ControllerPrePuppet
+ properties:
+ servers: {get_param: [servers, Controller]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+ {% endif %}
+
+ # Step through a series of configuration steps
+{% for step in range(1, 6) %}
+ {{role.name}}Deployment_Step{{step}}:
+ type: OS::Heat::StructuredDeploymentGroup
+ {% if step == 1 %}
+ depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy]
+ {% else %}
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}Deployment_Step{{step -1}}
+ {% endfor %}
+ {% endif %}
+ properties:
+ name: {{role.name}}Deployment_Step{{step}}
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}Config}
+ input_values:
+ step: {{step}}
+ update_identifier: {get_param: DeployIdentifier}
+{% endfor %}
+
+ {{role.name}}PostConfig:
+ type: OS::TripleO::Tasks::{{role.name}}PostConfig
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}Deployment_Step5
+ {% endfor %}
+ properties:
+ servers: {get_param: servers}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ # Note, this should come last, so use depends_on to ensure
+ # this is created after any other resources.
+ {{role.name}}ExtraConfigPost:
+ depends_on:
+ {% for dep in roles %}
+ - {{dep.name}}PostConfig
+ {% endfor %}
+ type: OS::TripleO::NodeExtraConfigPost
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+
+ {% if role.name == 'Controller' %}
+ ControllerPostPuppet:
+ depends_on:
+ - ControllerExtraConfigPost
+ type: OS::TripleO::Tasks::ControllerPostPuppet
+ properties:
+ servers: {get_param: [servers, Controller]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+ {% endif %}
+{% endfor %}
diff --git a/puppet/services/README.rst b/puppet/services/README.rst
index 34cb350b..9c2d8c5c 100644
--- a/puppet/services/README.rst
+++ b/puppet/services/README.rst
@@ -57,10 +57,14 @@ is a list of ansible tasks to be performed during the upgrade process.
Similar to the step_config, we allow a series of steps for the per-service
upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first
-step, "step2" for the second, etc. Note that each step is performed in batches,
-then we move on to the next step which is also performed in batches (we don't
-perform all steps on one node, then move on to the next one which means you
-can sequence rolling upgrades of dependent services via the step value).
+step, "step2" for the second, etc (currently only two steps are supported, but
+more may be added when required as additional services get converted to batched
+upgrades).
+
+Note that each step is performed in batches, then we move on to the next step
+which is also performed in batches (we don't perform all steps on one node,
+then move on to the next one which means you can sequence rolling upgrades of
+dependent services via the step value).
The tasks performed at each step is service specific, but note that all batch
upgrade steps are performed before the `upgrade_tasks` described below. This
@@ -93,9 +97,9 @@ step, "step2" for the second, etc.
5) Perform any migration tasks, e.g DB sync commands
- 6) Start control-plane services
-
- 7) Any additional online migration tasks (e.g data migrations)
+Note that the services are not started in the upgrade tasks - we instead re-run
+puppet which does any reconfiguration required for the new version, then starts
+the services.
Nova Server Metadata Settings
-----------------------------
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
index 2401d764..62c4b093 100644
--- a/puppet/services/aodh-api.yaml
+++ b/puppet/services/aodh-api.yaml
@@ -86,9 +86,6 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- - name: "PreUpgrade step0,validation: Check service openstack-aodh-api is running"
- shell: /usr/bin/systemctl show 'openstack-aodh-api' --property ActiveState | grep '\bactive\b'
- tags: step0,validation
- name: Stop aodh_api service (running under httpd)
tags: step2
service: name=httpd state=stopped
diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml
index 9ee07592..741f8da1 100644
--- a/puppet/services/ceilometer-api.yaml
+++ b/puppet/services/ceilometer-api.yaml
@@ -93,9 +93,6 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-api is running"
- shell: /usr/bin/systemctl show 'openstack-ceilometer-api' --property ActiveState | grep '\bactive\b'
- tags: step0,validation
- name: Stop ceilometer_api service (running under httpd)
tags: step2
service: name=httpd state=stopped
diff --git a/puppet/services/cinder-backend-dellps.yaml b/puppet/services/cinder-backend-dellps.yaml
new file mode 100644
index 00000000..1f15c53e
--- /dev/null
+++ b/puppet/services/cinder-backend-dellps.yaml
@@ -0,0 +1,85 @@
+# Copyright (c) 2017 Dell Inc. or its subsidiaries.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+heat_template_version: ocata
+
+description: >
+ Openstack Cinder Dell EMC PS Series backend
+
+parameters:
+ CinderEnableDellPsBackend:
+ type: boolean
+ default: true
+ CinderDellPsBackendName:
+ type: string
+ default: 'tripleo_dellps'
+ CinderDellPsSanIp:
+ type: string
+ CinderDellPsSanLogin:
+ type: string
+ CinderDellPsSanPassword:
+ type: string
+ hidden: true
+ CinderDellPsSanThinProvision:
+ type: boolean
+ default: true
+ CinderDellPsGroupname:
+ type: string
+ default: 'group-0'
+ CinderDellPsPool:
+ type: string
+ default: 'default'
+ CinderDellPsChapLogin:
+ type: string
+ default: ''
+ CinderDellPsChapPassword:
+ type: string
+ default: ''
+ CinderDellPsUseChap:
+ type: boolean
+ default: false
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Dell EMC PS Series backend.
+ value:
+ service_name: cinder_backend_dellps
+ config_settings:
+ tripleo::profile::base::cinder::volume::cinder_enable_dellps_backend: {get_param: CinderEnableDellPsBackend}
+ cinder::backend::eqlx::volume_backend_name: {get_param: CinderDellPsBackendName}
+ cinder::backend::eqlx::san_ip: {get_param: CinderDellPsSanIp}
+ cinder::backend::eqlx::san_login: {get_param: CinderDellPsSanLogin}
+ cinder::backend::eqlx::san_password: {get_param: CinderDellPsSanPassword}
+ cinder::backend::eqlx::san_thin_provision: {get_param: CinderDellPsSanThinProvision}
+ cinder::backend::eqlx::eqlx_group_name: {get_param: CinderDellPsGroupname}
+ cinder::backend::eqlx::eqlx_pool: {get_param: CinderDellPsPool}
+ cinder::backend::eqlx::eqlx_use_chap: {get_param: CinderDellPsUseChap}
+ cinder::backend::eqlx::eqlx_chap_login: {get_param: CinderDellPsChapLogin}
+ cinder::backend::eqlx::eqlx_chap_password: {get_param: CinderDellPsChapPassword}
+ step_config: |
+ include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/cinder-backend-dellsc.yaml b/puppet/services/cinder-backend-dellsc.yaml
new file mode 100644
index 00000000..6a6196ac
--- /dev/null
+++ b/puppet/services/cinder-backend-dellsc.yaml
@@ -0,0 +1,85 @@
+# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+heat_template_version: ocata
+
+description: >
+ Openstack Cinder Dell EMC Storage Center backend
+
+parameters:
+ CinderEnableDellScBackend:
+ type: boolean
+ default: true
+ CinderDellScBackendName:
+ type: string
+ default: 'tripleo_dellsc'
+ CinderDellScSanIp:
+ type: string
+ CinderDellScSanLogin:
+ type: string
+ default: 'Admin'
+ CinderDellScSanPassword:
+ type: string
+ hidden: true
+ CinderDellScSsn:
+ type: number
+ default: 64702
+ CinderDellScIscsiIpAddress:
+ type: string
+ default: ''
+ CinderDellScIscsiPort:
+ type: number
+ default: 3260
+ CinderDellScApiPort:
+ type: number
+ default: 3033
+ CinderDellScServerFolder:
+ type: string
+ default: 'dellsc_server'
+ CinderDellScVolumeFolder:
+ type: string
+ default: 'dellsc_volume'
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Dell EMC Storage Center backend.
+ value:
+ service_name: cinder_backend_dellsc
+ config_settings:
+ tripleo::profile::base::cinder::volume::cinder_enable_dellsc_backend: {get_param: CinderEnableDellScBackend}
+ cinder::backend::dellsc_iscsi::volume_backend_name: {get_param: CinderDellScBackendName}
+ cinder::backend::dellsc_iscsi::san_ip: {get_param: CinderDellScSanIp}
+ cinder::backend::dellsc_iscsi::san_login: {get_param: CinderDellScSanLogin}
+ cinder::backend::dellsc_iscsi::san_password: {get_param: CinderDellScSanPassword}
+ cinder::backend::dellsc_iscsi::dell_sc_ssn: {get_param: CinderDellScSsn}
+ cinder::backend::dellsc_iscsi::iscsi_ip_address: {get_param: CinderDellScIscsiIpAddress}
+ cinder::backend::dellsc_iscsi::iscsi_port: {get_param: CinderDellScIscsiPort}
+ cinder::backend::dellsc_iscsi::dell_sc_api_port: {get_param: CinderDellScApiPort}
+ cinder::backend::dellsc_iscsi::dell_sc_server_folder: {get_param: CinderDellScServerFolder}
+ cinder::backend::dellsc_iscsi::dell_sc_volume_folder: {get_param: CinderDellScVolumeFolder}
+ step_config: |
+ include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
index 2aea29fd..2a1ed2a3 100644
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@@ -103,12 +103,6 @@ outputs:
# internal_api_subnet - > IP/CIDR
gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi'
- gnocchi::api::host:
- str_replace:
- template:
- "%{hiera('fqdn_$NETWORK')}"
- params:
- $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
gnocchi::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
@@ -134,9 +128,6 @@ outputs:
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
upgrade_tasks:
- - name: "PreUpgrade step0,validation: Check service openstack-gnocchi-api is running"
- shell: /usr/bin/systemctl show 'openstack-gnocchi-api' --property ActiveState | grep '\bactive\b'
- tags: step0,validation
- name: Stop gnocchi_api service (running under httpd)
tags: step2
service: name=httpd state=stopped
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index ff91eb63..bc34b736 100644
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -25,6 +25,10 @@ parameters:
MonitoringSubscriptionIronicApi:
default: 'overcloud-ironic-api'
type: string
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
resources:
IronicBase:
@@ -73,6 +77,7 @@ outputs:
ironic::keystone::auth::auth_name: 'ironic'
ironic::keystone::auth::password: {get_param: IronicPassword }
ironic::keystone::auth::tenant: 'service'
+ ironic::keystone::auth::region: {get_param: KeystoneRegion}
mysql:
ironic::db::mysql::password: {get_param: IronicPassword}
ironic::db::mysql::user: ironic
diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
index a10c03a5..48d87209 100644
--- a/puppet/services/ironic-conductor.yaml
+++ b/puppet/services/ironic-conductor.yaml
@@ -24,6 +24,14 @@ parameters:
"full" for full cleaning, "metadata" to clean only disk
metadata (partition table).
type: string
+ IronicCleaningNetwork:
+ default: 'provisioning'
+ description: Name or UUID of the *overcloud* network used for cleaning
+ bare metal nodes. The default value of "provisioning" can be
+ left during the initial deployment (when no networks are
+ created yet) and should be changed to an actual UUID in
+ a post-deployment stack update.
+ type: string
IronicEnabledDrivers:
default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo']
description: Enabled Ironic drivers
@@ -61,6 +69,7 @@ outputs:
- ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
+ ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork}
ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
# We need an endpoint containing a real IP, not a VIP here
ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index b989d502..7da4a9c2 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -313,8 +313,5 @@ outputs:
- name: Sync keystone DB
tags: step5
command: keystone-manage db_sync
- - name: Start keystone service (running under httpd)
- tags: step6
- service: name=httpd state=started
metadata_settings:
get_attr: [ApacheServiceBase, role_data, metadata_settings]
diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml
index ffa969e0..eba8a58b 100644
--- a/puppet/services/memcached.yaml
+++ b/puppet/services/memcached.yaml
@@ -40,3 +40,11 @@ outputs:
dport: 11211
step_config: |
include ::tripleo::profile::base::memcached
+ service_config_settings:
+ collectd:
+ tripleo.collectd.plugins.memcached:
+ - memcached
+ collectd::plugin::memcached::instances:
+ local:
+ host: "%{hiera('memcached::listen_ip')}"
+ port: 11211
diff --git a/puppet/services/metrics/collectd.yaml b/puppet/services/metrics/collectd.yaml
new file mode 100644
index 00000000..e4e7dac7
--- /dev/null
+++ b/puppet/services/metrics/collectd.yaml
@@ -0,0 +1,111 @@
+heat_template_version: ocata
+
+description: Collectd client service
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ CollectdDefaultPlugins:
+ default:
+ - disk
+ - interface
+ - load
+ - memory
+ - processes
+ - tcpconns
+ type: comma_delimited_list
+ description: >
+ List of collectd plugins to activate on all overcloud hosts. See
+ the documentation for the puppet-collectd module for a list plugins
+ supported by the module (https://github.com/voxpupuli/puppet-collectd).
+ Set this key to override the default list of plugins. Use
+ CollectdExtraPlugins if you want to load additional plugins without
+ overriding the defaults.
+ CollectdExtraPlugins:
+ default: []
+ type: comma_delimited_list
+ description: >
+ List of collectd plugins to activate on all overcloud hosts. See
+ the documentation for the puppet-collectd module for a list plugins
+ supported by the module (https://github.com/voxpupuli/puppet-collectd).
+ Set this key to load plugins in addition to those in
+ CollectdDefaultPlugins.
+ CollectdServer:
+ type: string
+ description: >
+ Address of remote collectd server to which we will send
+ metrics.
+ default: ''
+ CollectdServerPort:
+ type: number
+ default: 25826
+ description: >
+ Port on remote collectd server to which we will send
+ metrics.
+ CollectdUsername:
+ type: string
+ description: >
+ Username for authenticating to the remote collectd server. The default
+ is to not configure any authentication.
+ default: ''
+ CollectdPassword:
+ type: string
+ hidden: true
+ description: >
+ Password for authenticating to the remote collectd server. The
+ default is to not configure any authentication.
+ default: ''
+ CollectdSecurityLevel:
+ type: string
+ description: >
+ Security level setting for remote collectd connection.
+ default: 'None'
+ constraints:
+ - allowed_values:
+ - None
+ - Sign
+ - Encrypt
+
+outputs:
+ role_data:
+ description: Role data for the Collectd client role.
+ value:
+ service_name: collectd
+ config_settings:
+ collectd::manage_repo: false
+ collectd::purge: true
+ collectd::recurse: true
+ collectd::purge_config: true
+ collectd::minimum_version: "5.7"
+ tripleo::profile::base::metrics::collectd::collectd_server:
+ get_param: CollectdServer
+ tripleo::profile::base::metrics::collectd::collectd_port:
+ get_param: CollectdServerPort
+ tripleo::profile::base::metrics::collectd::collectd_username:
+ get_param: CollectdUsername
+ tripleo::profile::base::metrics::collectd::collectd_password:
+ get_param: CollectdPassword
+ tripleo::profile::base::metrics::collectd::collectd_securitylevel:
+ get_param: CollectdSecurityLevel
+ tripleo.collectd.plugins.collectd:
+ yaql:
+ data:
+ default_plugins: {get_param: CollectdDefaultPlugins}
+ extra_plugins: {get_param: CollectdExtraPlugins}
+ expression: >
+ ($.data.default_plugins + $.data.extra_plugins)
+ .flatten().distinct()
+ step_config: |
+ include ::tripleo::profile::base::metrics::collectd
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index 892e63dd..0c5f3afe 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -63,13 +63,15 @@ conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
resources:
- ApacheServiceBase:
- type: ./apache.yaml
- properties:
- ServiceNetMap: {get_param: ServiceNetMap}
- DefaultPasswords: {get_param: DefaultPasswords}
- EndpointMap: {get_param: EndpointMap}
- EnableInternalTLS: {get_param: EnableInternalTLS}
+ # Temporarily disable Nova API deployed in WSGI
+ # https://bugs.launchpad.net/nova/+bug/1661360
+ # ApacheServiceBase:
+ # type: ./apache.yaml
+ # properties:
+ # ServiceNetMap: {get_param: ServiceNetMap}
+ # DefaultPasswords: {get_param: DefaultPasswords}
+ # EndpointMap: {get_param: EndpointMap}
+ # EnableInternalTLS: {get_param: EnableInternalTLS}
NovaBase:
type: ./nova-base.yaml
@@ -90,7 +92,9 @@ outputs:
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- - get_attr: [ApacheServiceBase, role_data, config_settings]
+ # Temporarily disable Nova API deployed in WSGI
+ # https://bugs.launchpad.net/nova/+bug/1661360
+ # - get_attr: [ApacheServiceBase, role_data, config_settings]
- nova::cron::archive_deleted_rows::hour: '*/12'
nova::cron::archive_deleted_rows::destination: '/dev/null'
tripleo.nova_api.firewall_rules:
@@ -115,20 +119,23 @@ outputs:
"%{hiera('fqdn_$NETWORK')}"
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
- nova::api::service_name: 'httpd'
- nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
+ # Temporarily disable Nova API deployed in WSGI
+ # https://bugs.launchpad.net/nova/+bug/1661360
+ nova_wsgi_enabled: false
+ # nova::api::service_name: 'httpd'
+ # nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS}
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
- nova::wsgi::apache_api::servername:
- str_replace:
- template:
- "%{hiera('fqdn_$NETWORK')}"
- params:
- $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ # nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ # nova::wsgi::apache_api::servername:
+ # str_replace:
+ # template:
+ # "%{hiera('fqdn_$NETWORK')}"
+ # params:
+ # $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
nova::api::instance_name_template: {get_param: InstanceNameTemplate}
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
@@ -137,7 +144,9 @@ outputs:
- nova_workers_zero
- {}
- nova::api::osapi_compute_workers: {get_param: NovaWorkers}
- nova::wsgi::apache_api::workers: {get_param: NovaWorkers}
+ # Temporarily disable Nova API deployed in WSGI
+ # https://bugs.launchpad.net/nova/+bug/1661360
+ # nova::wsgi::apache_api::workers: {get_param: NovaWorkers}
step_config: |
include tripleo::profile::base::nova::api
service_config_settings:
@@ -165,5 +174,7 @@ outputs:
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
nova::keystone::auth::password: {get_param: NovaPassword}
nova::keystone::auth::region: {get_param: KeystoneRegion}
- metadata_settings:
- get_attr: [ApacheServiceBase, role_data, metadata_settings]
+ # Temporarily disable Nova API deployed in WSGI
+ # https://bugs.launchpad.net/nova/+bug/1661360
+ # metadata_settings:
+ # get_attr: [ApacheServiceBase, role_data, metadata_settings]
diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
index c448bf49..49cba79c 100644
--- a/puppet/services/nova-base.yaml
+++ b/puppet/services/nova-base.yaml
@@ -145,8 +145,6 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
nova::api_database_connection:
list_join:
- ''
@@ -156,8 +154,6 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova_api'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
nova::placement_database_connection:
list_join:
- ''
@@ -167,8 +163,6 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova_placement'
- - '?bind_address='
- - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
nova::debug: {get_param: Debug}
nova::purge_config: {get_param: EnableConfigPurge}
nova::network::neutron::neutron_project_name: 'service'
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index 2312b635..f7484da2 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -141,3 +141,8 @@ outputs:
# We'll probably treat it like we do with Neutron plugins.
# Until then, just include it in the default nova-compute role.
include tripleo::profile::base::nova::compute::libvirt
+ service_config_settings:
+ collectd:
+ tripleo.collectd.plugins.nova_compute:
+ - virt
+ collectd::plugins::virt::connection: "qemu:///system"
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index a9b2b3f9..faf1ae48 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -62,6 +62,7 @@ outputs:
nova::compute::libvirt::qemu::configure_qemu: true
nova::compute::libvirt::qemu::max_files: 32768
nova::compute::libvirt::qemu::max_processes: 131072
+ nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]}
tripleo.nova_libvirt.firewall_rules:
'200 nova_libvirt':
dport:
diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml
index 4c6f4c37..58223baf 100644
--- a/puppet/services/octavia-api.yaml
+++ b/puppet/services/octavia-api.yaml
@@ -70,13 +70,15 @@ outputs:
- "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}"
octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
octavia::keystone::authtoken::project_name: 'service'
+ octavia::keystone::authtoken::password: {get_param: OctaviaPassword}
octavia::api::sync_db: true
tripleo.octavia_api.firewall_rules:
'120 octavia api':
dport:
- 9876
- 13876
- octavia::host: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
+ octavia::api::host: {get_param: [ServiceNetMap, OctaviaApiNetwork]}
+ neutron::server::service_providers: ['LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default']
step_config: |
include tripleo::profile::base::octavia::api
service_config_settings:
diff --git a/puppet/services/octavia-health-manager.yaml b/puppet/services/octavia-health-manager.yaml
new file mode 100644
index 00000000..51d32f23
--- /dev/null
+++ b/puppet/services/octavia-health-manager.yaml
@@ -0,0 +1,61 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Octavia Health Manager service.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionOctaviaHealthManager:
+ default: 'overcloud-octavia-health-manager'
+ type: string
+ OctaviaHealthManagerLoggingSource:
+ type: json
+ default:
+ tag: openstack.octavia.health-manager
+ path: /var/log/octavia/health-manager.log
+ OctaviaHeartbeatKey:
+ type: string
+ description: Key to identify heartbeat messages for amphorae.
+ hidden: true
+
+resources:
+
+ OctaviaBase:
+ type: ./octavia-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Octavia Health Manager service.
+ value:
+ service_name: octavia_health_manager
+ monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHealthManager}
+ logging_source: {get_param: OctaviaHealthManagerLoggingSource}
+ logging_groups:
+ - octavia
+ config_settings:
+ map_merge:
+ - get_attr: [OctaviaBase, role_data, config_settings]
+ - octavia::health_manager::heartbeat_key: {get_param: OctaviaHeartbeatKey}
+ octavia::health_manager::event_streamer_driver: 'queue_event_streamer'
+ step_config: |
+ include tripleo::profile::base::octavia::health_manager
+
+
+
diff --git a/puppet/services/octavia-housekeeping.yaml b/puppet/services/octavia-housekeeping.yaml
new file mode 100644
index 00000000..84c33433
--- /dev/null
+++ b/puppet/services/octavia-housekeeping.yaml
@@ -0,0 +1,70 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Octavia Housekeeping service.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ OctaviaAmphoraExpiryAge:
+ default: 0
+ description: The interval in seconds after which an unused Amphora will
+ be considered expired and cleaned up. If left to 0, the
+ configuration will not be set and the system will use
+ the service defaults.
+ type: number
+ MonitoringSubscriptionOctaviaHousekeeping:
+ default: 'overcloud-octavia-housekeeping'
+ type: string
+ OctaviaHousekeepingLoggingSource:
+ type: json
+ default:
+ tag: openstack.octavia.housekeeping
+ path: /var/log/octavia/housekeeping.log
+
+conditions:
+ amphora_expiry_is_zero: {equals: [{get_param: OctaviaAmphoraExpiryAge}, 0]}
+
+
+resources:
+
+ OctaviaBase:
+ type: ./octavia-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Octavia Housekeeping service.
+ value:
+ service_name: octavia_housekeeping
+ monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHousekeeping}
+ logging_source: {get_param: OctaviaHousekeepingLoggingSource}
+ logging_groups:
+ - octavia
+ config_settings:
+ map_merge:
+ - get_attr: [OctaviaBase, role_data, config_settings]
+ -
+ if:
+ - amphora_expiry_is_zero
+ - {}
+ - octavia::worker::amphora_expiry_age: {get_param: OctaviaAmphoraExpiryAge}
+ step_config: |
+ include tripleo::profile::base::octavia::housekeeping
+
+
diff --git a/puppet/services/octavia-worker.yaml b/puppet/services/octavia-worker.yaml
new file mode 100644
index 00000000..9212b76b
--- /dev/null
+++ b/puppet/services/octavia-worker.yaml
@@ -0,0 +1,102 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Octavia Worker service.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionOctaviaWorker:
+ default: 'overcloud-octavia-worker'
+ type: string
+ OctaviaWorkerLoggingSource:
+ type: json
+ default:
+ tag: openstack.octavia.worker
+ path: /var/log/octavia/worker.log
+ OctaviaAmphoraImageTag:
+ default: ''
+ description: Glance image tag for identifying the amphora image.
+ type: string
+ OctaviaAmphoraNetworkList:
+ default: []
+ description: List of networks to attach to amphorae.
+ type: comma_delimited_list
+ OctaviaLoadBalancerTopology:
+ default: ''
+ description: Load balancer topology configuration.
+ type: string
+ OctaviaFlavorId:
+ default: 65
+ description: Nova flavor ID to be used when creating the nova flavor for
+ amphora.
+ type: number
+ OctaviaFlavorProperties:
+ default: {}
+ description: Dictionary describing the nova flavor for amphora.
+ type: json
+ OctaviaManageNovaFlavor:
+ default: false
+ description: Configure the nova flavor for the amphora.
+ type: boolean
+ OctaviaSSHKeyName:
+ default: 'octavia-ssh-key'
+ description: name for ssh key to be configured so the amphora can
+ be logged into.
+ type: string
+
+conditions:
+ octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]}
+ octavia_amphora_tag_unset: {equals: [{get_param: OctaviaAmphoraImageTag}, ""]}
+
+resources:
+
+ OctaviaBase:
+ type: ./octavia-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Octavia WoWorker service.
+ value:
+ service_name: octavia_worker
+ monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaWorker}
+ logging_source: {get_param: OctaviaWorkerLoggingSource}
+ logging_groups:
+ -octavia
+ config_settings:
+ map_merge:
+ - get_attr: [OctaviaBase, role_data, config_settings]
+ - octavia::worker::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList}
+ octavia::worker::amp_flavor_id: {get_param: OctaviaFlavorId}
+ octavia::worker::nova_flavor_config: {get_param: OctaviaFlavorProperties}
+ octavia::worker::manage_nova_flavor: {get_param: OctaviaManageNovaFlavor}
+ octavia::worker::ssh_key_name: {get_param: OctaviaSSHKeyName}
+ -
+ if:
+ - octavia_amphora_tag_unset
+ - {}
+ - octavia::worker::amp_image_tag: {get_param: OctaviaAmphoraImageTag}
+ -
+ if:
+ - octavia_topology_unset
+ - {}
+ - octavia::worker::loadbalancer_topology: {get_param: OctaviaLoadBalancerTopology}
+ step_config: |
+ include tripleo::profile::base::octavia::worker
+