summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/ceph-storage.yaml24
-rw-r--r--puppet/cinder-storage.yaml15
-rw-r--r--puppet/compute.yaml187
-rw-r--r--puppet/controller.yaml65
-rw-r--r--puppet/services/ceilometer-base.yaml6
-rw-r--r--puppet/services/ceph-mon.yaml2
-rw-r--r--puppet/services/cinder-backup.yaml47
-rw-r--r--puppet/services/gnocchi-api.yaml25
-rw-r--r--puppet/services/gnocchi-base.yaml28
-rw-r--r--puppet/services/ironic-api.yaml13
-rw-r--r--puppet/services/ironic-base.yaml3
-rw-r--r--puppet/services/ironic-conductor.yaml5
-rw-r--r--puppet/services/neutron-ovs-agent.yaml4
-rw-r--r--puppet/services/nova-base.yaml18
-rw-r--r--puppet/services/nova-compute.yaml30
-rw-r--r--puppet/services/nova-ironic.yaml42
-rw-r--r--puppet/services/nova-libvirt.yaml6
-rw-r--r--puppet/services/nova-vncproxy.yaml10
-rw-r--r--puppet/services/pacemaker/cinder-backup.yaml49
-rw-r--r--puppet/services/sahara-base.yaml2
-rw-r--r--puppet/swift-storage.yaml15
21 files changed, 335 insertions, 261 deletions
diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml
index 08d66f5c..659f2a67 100644
--- a/puppet/ceph-storage.yaml
+++ b/puppet/ceph-storage.yaml
@@ -236,8 +236,22 @@ resources:
input_values:
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
- ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
+ ceph_cluster_network:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]}
+ ceph_public_network:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, CephPublicNetwork]}
CephStorageConfig:
type: OS::Heat::StructuredConfig
@@ -256,7 +270,6 @@ resources:
- ceph
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- - network
merge_behavior: deeper
datafiles:
service_names:
@@ -267,11 +280,6 @@ resources:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
- network:
- mapped_data:
- net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
- net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
- net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
ceph_extraconfig:
mapped_data: {get_param: CephStorageExtraConfig}
extraconfig:
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index ba84fb77..30609f3d 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -242,7 +242,14 @@ resources:
str_replace:
template: "'IP'"
params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
+ IP:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_uri"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
@@ -263,7 +270,6 @@ resources:
- volume
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- - network
merge_behavior: deeper
datafiles:
service_names:
@@ -274,11 +280,6 @@ resources:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
- network:
- mapped_data:
- net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
- net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
- net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
volume_extraconfig:
mapped_data: {get_param: BlockStorageExtraConfig}
extraconfig:
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index 0fc5345c..bd2eee18 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -4,36 +4,6 @@ description: >
OpenStack hypervisor node configured via Puppet.
parameters:
- AdminPassword:
- description: The password for the keystone admin account, used for monitoring, querying neutron etc.
- type: string
- hidden: true
- CeilometerComputeAgent:
- description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly
- type: string
- default: ''
- constraints:
- - allowed_values: ['', Present]
- CeilometerMeteringSecret:
- description: Secret shared by the ceilometer services.
- type: string
- hidden: true
- CeilometerPassword:
- description: The password for the ceilometer service account.
- type: string
- hidden: true
- CinderEnableNfsBackend:
- default: false
- description: Whether to enable or not the NFS backend for Cinder
- type: boolean
- CinderEnableRbdBackend:
- default: false
- description: Whether to enable or not the Rbd backend for Cinder
- type: boolean
- Debug:
- default: ''
- description: Set to True to enable debugging on all services.
- type: string
ExtraConfig:
default: {}
description: |
@@ -46,9 +16,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- GlanceHost:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
NovaImage:
type: string
default: overcloud-full
@@ -64,16 +31,6 @@ parameters:
default: default
constraints:
- custom_constraint: nova.keypair
- KeystoneAdminApiVirtualIP:
- type: string
- default: ''
- KeystonePublicApiVirtualIP:
- type: string
- default: ''
- NeutronPassword:
- description: The password for the neutron service account, used by neutron agents.
- type: string
- hidden: true
NeutronPhysicalBridge:
default: 'br-ex'
description: An OVS bridge to create for accessing external networks.
@@ -88,9 +45,6 @@ parameters:
NovaApiHost:
type: string
default: '' # Has to be here because of the ignored empty value bug
- NovaComputeDriver:
- type: string
- default: libvirt.LibvirtDriver
NovaComputeExtraConfig:
default: {}
description: |
@@ -100,61 +54,9 @@ parameters:
NovaComputeIPs:
default: {}
type: json
- NovaComputeLibvirtType:
- type: string
- default: kvm
- NovaComputeLibvirtVifDriver:
- default: ''
- description: Libvirt VIF driver configuration for the network
- type: string
- NovaEnableRbdBackend:
- default: false
- description: Whether to enable or not the Rbd backend for Nova
- type: boolean
- NovaIPv6:
- default: false
- description: Enable IPv6 features in Nova
- type: boolean
- NovaPassword:
- description: The password for the nova service account, used by nova-api.
- type: string
- hidden: true
NovaPublicIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
- NovaOVSBridge:
- default: 'br-int'
- description: Name of integration bridge used by Open vSwitch
- type: string
- NovaSecurityGroupAPI:
- default: 'neutron'
- description: The full class name of the security API class
- type: string
- RabbitHost:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- RabbitPassword:
- description: The password for RabbitMQ
- type: string
- hidden: true
- RabbitUserName:
- default: guest
- description: The username for RabbitMQ
- type: string
- RabbitClientUseSSL:
- default: false
- description: >
- Rabbit client subscriber parameter to specify
- an SSL connection to the RabbitMQ host.
- type: string
- RabbitClientPort:
- default: 5672
- description: Set rabbit subscriber port, change this if using SSL
- type: number
- UpgradeLevelNovaCompute:
- type: string
- description: Nova Compute upgrade level
- default: ''
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation via Puppet
@@ -369,7 +271,6 @@ resources:
- ceph_cluster # provided by CephClusterConfig
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- - network
- neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre
- cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre
- nova_nuage_data # Optionally provided by ComputeExtraConfigPre
@@ -389,66 +290,13 @@ resources:
mapped_data: {get_param: NovaComputeExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
- network:
- mapped_data:
- net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
- net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
- net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
compute:
mapped_data:
- cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
- nova::use_ipv6: {get_input: nova_ipv6}
- nova::debug: {get_input: debug}
- nova::rabbit_userid: {get_input: rabbit_username}
- nova::rabbit_password: {get_input: rabbit_password}
- nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- nova::rabbit_port: {get_input: rabbit_client_port}
- nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
- nova_compute_driver: {get_input: nova_compute_driver}
- # TODO(emilien): move libvirt & migration parameters in libvirt profile
- # used to deploy libvirt/kvm dependencies:
- nova::compute::libvirt::services::libvirt_virt_type: {get_input: nova_compute_libvirt_type}
- # used to configured nova.conf:
- nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type}
- nova::compute::neutron::libvirt_vif_driver: {get_input: nova_compute_libvirt_vif_driver}
nova_api_host: {get_input: nova_api_host}
nova::compute::vncproxy_host: {get_input: nova_public_ip}
- nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend}
- # TUNNELLED mode provides a security enhancement when using shared storage but is not
- # supported when not using shared storage.
- # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12
- # In future versions of QEMU (2.6, mostly), Dan's native encryption
- # work will obsolete the need to use TUNNELLED transport mode.
- nova::migration::live_migration_tunnelled: {get_input: nova_enable_rbd_backend}
- rbd_persistent_storage: {get_input: cinder_enable_rbd_backend}
- nova_password: {get_input: nova_password}
nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address}
- nova::vncproxy::common::vncproxy_protocol: {get_input: nova_vncproxy_protocol}
- nova::vncproxy::common::vncproxy_host: {get_input: nova_vncproxy_host}
- nova::vncproxy::common::vncproxy_port: {get_input: nova_vncproxy_port}
- nova::network::neutron::neutron_ovs_bridge: {get_input: nova_ovs_bridge}
- nova::network::neutron::security_group_api: {get_input: nova_security_group_api}
- ceilometer::debug: {get_input: debug}
- ceilometer::rabbit_userid: {get_input: rabbit_username}
- ceilometer::rabbit_password: {get_input: rabbit_password}
- ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- ceilometer::rabbit_port: {get_input: rabbit_client_port}
- ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret}
- ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
- ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url}
- nova::glance_api_servers: {get_input: glance_api_servers}
- neutron::debug: {get_input: debug}
- neutron::rabbit_password: {get_input: rabbit_password}
- neutron::rabbit_user: {get_input: rabbit_username}
- neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- neutron::rabbit_port: {get_input: rabbit_client_port}
neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
- nova::network::neutron::neutron_password: {get_input: neutron_password}
- nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
- nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
- keystone_public_api_virtual_ip: {get_input: keystone_vip}
- admin_password: {get_input: admin_password}
tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
@@ -460,45 +308,10 @@ resources:
config: {get_resource: NovaComputeConfig}
server: {get_resource: NovaCompute}
input_values:
- cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend}
- debug: {get_param: Debug}
- nova_compute_driver: {get_param: NovaComputeDriver}
- nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType}
- nova_compute_libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
nova_public_ip: {get_param: NovaPublicIP}
nova_api_host: {get_param: NovaApiHost}
- nova_password: {get_param: NovaPassword}
- nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend}
- nova_ipv6: {get_param: NovaIPv6}
- cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]}
- nova_vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
- # Remove brackets that may come if the IP address is IPv6.
- # For DNS names and IPv4, this will just get the NovaVNCProxyPublic value
- nova_vncproxy_host:
- str_replace:
- template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]}
- params:
- '[': ''
- ']': ''
- nova_vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
- nova_ovs_bridge: {get_param: NovaOVSBridge}
- nova_security_group_api: {get_param: NovaSecurityGroupAPI}
- upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
- ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
- ceilometer_password: {get_param: CeilometerPassword}
- ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
- glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
- neutron_password: {get_param: NeutronPassword}
- neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]}
- neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]}
- keystone_vip: {get_param: KeystonePublicApiVirtualIP}
- admin_password: {get_param: AdminPassword}
- rabbit_username: {get_param: RabbitUserName}
- rabbit_password: {get_param: RabbitPassword}
- rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
- rabbit_client_port: {get_param: RabbitClientPort}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 59256e9f..801b99ba 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -137,10 +137,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.keypair
- KeystoneRegion:
- type: string
- default: 'regionOne'
- description: Keystone region for endpoint
ManageFirewall:
default: false
description: Whether to manage IPtables rules.
@@ -549,7 +545,14 @@ resources:
str_replace:
template: "'IP'"
params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
+ IP:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_uri"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
@@ -557,7 +560,6 @@ resources:
heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
- keystone_region: {get_param: KeystoneRegion}
manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]}
mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongodbNetwork]}]}
neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
@@ -572,7 +574,14 @@ resources:
str_replace:
template: "['SUBNET']"
params:
- SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
+ SUBNET:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitmqNetwork]}]}
redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
redis_vip: {get_param: RedisVirtualIP}
@@ -580,8 +589,22 @@ resources:
memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]}
mysql_virtual_ip: {get_param: MysqlVirtualIP}
- ceph_cluster_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
- ceph_public_network: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
+ ceph_cluster_network:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, CephClusterNetwork]}
+ ceph_public_network:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, CephPublicNetwork]}
ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]}
ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
@@ -607,7 +630,6 @@ resources:
- all_nodes # provided by allNodesConfig
- vip_data # provided by vip-config
- '"%{::osfamily}"'
- - network
- cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
- cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
- cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
@@ -632,11 +654,6 @@ resources:
- {get_param: ControllerExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
- network:
- mapped_data:
- net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
- net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
- net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
ceph:
mapped_data:
ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
@@ -884,14 +901,28 @@ outputs:
str_replace:
template: 'r1z1-IP:%PORT%/d1'
params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
+ IP:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_uri"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
swift_proxy_memcache:
description: Swift proxy-memcache value
value:
str_replace:
template: "IP:11211"
params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
+ IP:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_uri"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]}
tls_key_modulus_md5:
description: MD5 checksum of the TLS Key Modulus
value: {get_attr: [NodeTLSData, key_modulus_md5]}
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index 1398fedb..59b4cc2a 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -35,6 +35,10 @@ parameters:
default: false
description: Whether to store events in ceilometer.
type: boolean
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
KeystoneRegion:
type: string
default: 'regionOne'
@@ -64,6 +68,7 @@ outputs:
value:
service_name: ceilometer_base
config_settings:
+ ceilometer::debug: {get_param: Debug}
ceilometer::db::database_connection:
list_join:
- ''
@@ -111,3 +116,4 @@ outputs:
ceilometer::rabbit_heartbeat_timeout_threshold: 60
ceilometer::db::database_db_max_retries: -1
ceilometer::db::database_max_retries: -1
+ ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret}
diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml
index 074d941d..28c3e5df 100644
--- a/puppet/services/ceph-mon.yaml
+++ b/puppet/services/ceph-mon.yaml
@@ -38,7 +38,7 @@ parameters:
{
"volumes": {
"size": 5,
- "pg_num: 128,
+ "pg_num": 128,
"pgp_num": 128
}
}
diff --git a/puppet/services/cinder-backup.yaml b/puppet/services/cinder-backup.yaml
new file mode 100644
index 00000000..25e82c87
--- /dev/null
+++ b/puppet/services/cinder-backup.yaml
@@ -0,0 +1,47 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Cinder Backup service configured with Puppet
+
+parameters:
+ CinderBackupBackend:
+ default: swift
+ description: The short name of the Cinder Backup backend to use.
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'ceph']
+ CinderBackupRbdPoolName:
+ default: backups
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ CinderBase:
+ type: ./cinder-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Backup role.
+ value:
+ service_name: cinder_backup
+ config_settings:
+ map_merge:
+ - get_attr: [CinderBase, role_data, config_settings]
+ - cinder::backup::ceph::backup_ceph_user: {get_param: CephClientUserName}
+ cinder::backup::ceph::backup_ceph_pool: {get_param: CinderBackupRbdPoolName}
+ cinder::backup::swift::backup_swift_container: volumebackups
+ step_config:
+ str_replace:
+ template: "include ::tripleo::profile::base::cinder::backup::DRIVER"
+ params:
+ DRIVER: {get_param: CinderBackupBackend}
diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
index 265cb9f0..19c77612 100644
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@@ -13,6 +13,13 @@ parameters:
description: The password for the gnocchi service and db account.
type: string
hidden: true
+ GnocchiBackend:
+ default: file
+ description: The short name of the Gnocchi backend to use. Should be one
+ of swift, rbd, or file
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'file', 'rbd']
KeystoneRegion:
type: string
default: 'regionOne'
@@ -37,12 +44,20 @@ outputs:
dport:
- 8041
- 13041
- gnocchi::api::keystone_tenant: 'service'
- gnocchi::keystone::auth::tenant: 'service'
- gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
+ gnocchi::api::enabled: true
+ gnocchi::api::manage_service: false
+ gnocchi::api::service_name: 'httpd'
+ gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
+ gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
gnocchi::keystone::auth::password: {get_param: GnocchiPassword}
gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
- gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
- gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
+ gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
+ gnocchi::keystone::auth::tenant: 'service'
+ gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword}
+ gnocchi::keystone::authtoken::project_name: 'service'
+ gnocchi::wsgi::apache::ssl: false
+ tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
step_config: |
include ::tripleo::profile::base::gnocchi::api
diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml
index 3631508e..844d1469 100644
--- a/puppet/services/gnocchi-base.yaml
+++ b/puppet/services/gnocchi-base.yaml
@@ -9,13 +9,6 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- GnocchiBackend:
- default: file
- description: The short name of the Gnocchi backend to use. Should be one
- of swift, rbd, or file
- type: string
- constraints:
- - allowed_values: ['swift', 'file', 'rbd']
GnocchiIndexerBackend:
default: 'mysql'
description: The short name of the Gnocchi indexer backend to use.
@@ -34,6 +27,10 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ RedisPassword:
+ description: The password for the redis service account.
+ type: string
+ hidden: true
outputs:
aux_parameters:
@@ -58,13 +55,14 @@ outputs:
- '/gnocchi'
gnocchi::db::mysql::password: {get_param: GnocchiPassword}
gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types'
- #Gnocchi API
- tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
- gnocchi::api::manage_service: false
- gnocchi::api::enabled: true
- gnocchi::api::service_name: 'httpd'
- gnocchi::api::keystone_password: {get_param: GnocchiPassword}
- gnocchi::wsgi::apache::ssl: false
+ gnocchi::storage::coordination_url:
+ list_join:
+ - ''
+ - - 'redis://:'
+ - {get_param: RedisPassword}
+ - '@'
+ - "%{hiera('redis_vip')}"
+ - ':6379/'
gnocchi::storage::swift::swift_user: 'service:gnocchi'
gnocchi::storage::swift::swift_auth_version: 2
gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword}
@@ -90,5 +88,3 @@ outputs:
gnocchi::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
- gnocchi::auth::auth_region: {get_param: KeystoneRegion}
- gnocchi::auth::auth_tenant_name: 'service'
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index 949cdf31..a85c0c55 100644
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -35,9 +35,18 @@ outputs:
# the VIP, but rather a real IP of the controller.
- ironic::my_ip: {get_param: [EndpointMap, MysqlInternal, host]}
ironic::api::admin_password: {get_param: IronicPassword}
- ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri]}
- ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri]}
+ ironic::api::admin_tenant_name: 'service'
+ ironic::api::admin_user: 'ironic'
+ ironic::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ ironic::api::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
+ # This is used to build links in responses
+ ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri]}
+ ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri]}
+ ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri]}
+ ironic::keystone::auth::auth_name: 'ironic'
ironic::keystone::auth::password: {get_param: IronicPassword }
+ ironic::keystone::auth::tenant: 'service'
step_config: |
include ::tripleo::profile::base::ironic::api
diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml
index 508694ee..ea7e7ee3 100644
--- a/puppet/services/ironic-base.yaml
+++ b/puppet/services/ironic-base.yaml
@@ -51,7 +51,6 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/ironic'
- ironic::admin_tenant_name: 'service'
ironic::debug: {get_param: Debug}
ironic::rabbit_userid: {get_param: RabbitUserName}
ironic::rabbit_password: {get_param: RabbitPassword}
@@ -64,7 +63,5 @@ outputs:
ironic::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
-
- ironic::keystone::auth::tenant: 'service'
step_config: |
include ::tripleo::profile::base::ironic
diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
index a3bce305..01325333 100644
--- a/puppet/services/ironic-conductor.yaml
+++ b/puppet/services/ironic-conductor.yaml
@@ -28,7 +28,10 @@ outputs:
config_settings:
map_merge:
- get_attr: [IronicBase, role_data, config_settings]
- - ironic::enabled_drivers: {get_param: IronicEnabledDrivers}
+ # FIXME: I have no idea why neutron_url is in "api" manifest
+ - ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
+ ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
+ ironic::enabled_drivers: {get_param: IronicEnabledDrivers}
# Prevent tftp_server from defaulting to my_ip setting, which is
# controller VIP, not a real IP.
ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network}
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index 7a97cd84..d52b8a26 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -9,9 +9,6 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
- NeutronEnableTunnelling:
- type: string
- default: "True"
NeutronEnableL2Pop:
type: string
description: >
@@ -56,7 +53,6 @@ outputs:
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::ml2::ovs::enable_tunneling: {get_param: NeutronEnableTunnelling}
neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
neutron::agents::ml2::ovs::bridge_mappings:
diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
index ef7eaaf3..9b1b0760 100644
--- a/puppet/services/nova-base.yaml
+++ b/puppet/services/nova-base.yaml
@@ -17,6 +17,10 @@ parameters:
description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
+ NovaOVSBridge:
+ default: 'br-int'
+ description: Name of integration bridge used by Open vSwitch
+ type: string
RabbitPassword:
description: The password for RabbitMQ
type: string
@@ -45,6 +49,14 @@ parameters:
description: >
Remove configuration that is not generated by TripleO. Setting
to false may result in configuration remnants after updates/upgrades.
+ NovaIPv6:
+ default: false
+ description: Enable IPv6 features in Nova
+ type: boolean
+ UpgradeLevelNovaCompute:
+ type: string
+ description: Nova Compute upgrade level
+ default: ''
outputs:
role_data:
@@ -53,7 +65,7 @@ outputs:
service_name: nova_base
config_settings:
nova::rabbit_password: {get_param: RabbitPassword}
- nova::rabbit_user: {get_param: RabbitUserName}
+ nova::rabbit_userid: {get_param: RabbitUserName}
nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
nova::rabbit_port: {get_param: RabbitClientPort}
nova::database_connection:
@@ -116,3 +128,7 @@ outputs:
- "%{hiera('mysql_bind_host')}"
nova::db::database_db_max_retries: -1
nova::db::database_max_retries: -1
+ nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
+ nova::use_ipv6: {get_param: NovaIPv6}
+ nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute}
+ nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge}
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index bcc3a232..19f1f02a 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -15,6 +15,22 @@ parameters:
CephClientUserName:
default: openstack
type: string
+ CinderEnableNfsBackend:
+ default: false
+ description: Whether to enable or not the NFS backend for Cinder
+ type: boolean
+ CinderEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Cinder
+ type: boolean
+ NovaEnableRbdBackend:
+ default: false
+ description: Whether to enable or not the Rbd backend for Nova
+ type: boolean
+ NovaComputeLibvirtVifDriver:
+ default: ''
+ description: Libvirt VIF driver configuration for the network
+ type: string
resources:
NovaBase:
@@ -37,6 +53,8 @@ outputs:
tripleo::profile::base::nova::nova_compute_enabled: true
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
+ tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend}
+ rbd_persistent_storage: {get_param: CinderEnableRbdBackend}
nova::compute::rbd::rbd_keyring:
list_join:
- '.'
@@ -45,13 +63,23 @@ outputs:
nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"'
nova::compute::instance_usage_audit: true
nova::compute::instance_usage_audit_period: 'hour'
+ nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend}
+ # TUNNELLED mode provides a security enhancement when using shared
+ # storage but is not supported when not using shared storage.
+ # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12
+ # In future versions of QEMU (2.6, mostly), danpb's native
+ # encryption work will obsolete the need to use TUNNELLED transport
+ # mode.
+ nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend}
# Changing the default from 512MB. The current templates can not deploy
# overclouds with swap. On an idle compute node, we see ~1024MB of RAM
# used. 2048 is suggested to account for other possible operations for
# example openvswitch.
nova::compute::reserved_host_memory: 2048
+ nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
+
step_config: |
# TODO(emilien): figure how to deal with libvirt profile.
- # We'll probably threat it like we do with Neutron plugins.
+ # We'll probably treat it like we do with Neutron plugins.
# Until then, just include it in the default nova-compute role.
include tripleo::profile::base::nova::compute::libvirt
diff --git a/puppet/services/nova-ironic.yaml b/puppet/services/nova-ironic.yaml
new file mode 100644
index 00000000..7373c404
--- /dev/null
+++ b/puppet/services/nova-ironic.yaml
@@ -0,0 +1,42 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Nova Compute service configured with Puppet and using Ironic
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ IronicPassword:
+ description: The password for the Ironic service and db account, used by the Ironic services
+ type: string
+ hidden: true
+
+resources:
+ NovaBase:
+ type: ./nova-base.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Compute service with Ironic.
+ value:
+ service_name: nova_ironic
+ config_settings:
+ map_merge:
+ - get_attr: [NovaBase, role_data, config_settings]
+ - nova::compute::force_config_drive: true
+ nova::compute::reserved_host_memory: '0'
+ nova::compute::vnc_enabled: false
+ nova::ironic::common::admin_password: {get_param: IronicPassword}
+ nova::ironic::common::admin_tenant_name: 'service'
+ nova::ironic::common::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri]}
+ nova::ironic::common::admin_username: 'ironic'
+ nova::ironic::common::api_endpoint: {get_param: [EndpointMap, IronicInternal, uri]}
+ nova::network::neutron::dhcp_domain: ''
+ nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager'
+ step_config: |
+ include tripleo::profile::base::nova::compute::ironic
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index 939b6a09..d283de4f 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -9,6 +9,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ NovaComputeLibvirtType:
+ type: string
+ default: kvm
resources:
NovaBase:
@@ -30,5 +33,8 @@ outputs:
nova::compute::libvirt::migration_support: false
tripleo::profile::base::nova::manage_migration: true
tripleo::profile::base::nova::libvirt_enabled: true
+ nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
+ nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType}
+
step_config: |
include tripleo::profile::base::nova::libvirt
diff --git a/puppet/services/nova-vncproxy.yaml b/puppet/services/nova-vncproxy.yaml
index 0b9cef38..a1517011 100644
--- a/puppet/services/nova-vncproxy.yaml
+++ b/puppet/services/nova-vncproxy.yaml
@@ -25,5 +25,15 @@ outputs:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- nova::vncproxy::enabled: true
+ nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
+ # Remove brackets that may come if the IP address is IPv6.
+ # For DNS names and IPv4, this will just get NovaVNCProxyPublic
+ nova::vncproxy::common::vncproxy_host:
+ str_replace:
+ template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]}
+ params:
+ '[': ''
+ ']': ''
+ nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
step_config: |
include tripleo::profile::base::nova::vncproxy
diff --git a/puppet/services/pacemaker/cinder-backup.yaml b/puppet/services/pacemaker/cinder-backup.yaml
new file mode 100644
index 00000000..706717e4
--- /dev/null
+++ b/puppet/services/pacemaker/cinder-backup.yaml
@@ -0,0 +1,49 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Cinder Backup service with Pacemaker configured with Puppet
+
+parameters:
+ CinderBackupBackend:
+ default: swift
+ description: The short name of the Cinder Backup backend to use.
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'ceph']
+ CinderBackupRbdPoolName:
+ default: backups
+ type: string
+ CephClientUserName:
+ default: openstack
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+resources:
+
+ CinderBackupBase:
+ type: ../cinder-backup.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ CinderBackupBackend: {get_param: CinderBackupBackend}
+ CinderBackupRbdPoolName: {get_param: CinderBackupRbdPoolName}
+ CephClientUserName: {get_param: CephClientUserName}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Backup role.
+ value:
+ service_name: cinder_backup
+ config_settings:
+ map_merge:
+ - get_attr: [CinderBackupBase, role_data, config_settings]
+ - cinder::backup::manage_service: false
+ cinder::backup::enabled: false
+ step_config:
+ list_join:
+ - "\n"
+ - - get_attr: [CinderBackupBase, role_data, step_config]
+ - "include ::tripleo::profile::pacemaker::cinder::backup"
diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml
index cbd76406..cac89e32 100644
--- a/puppet/services/sahara-base.yaml
+++ b/puppet/services/sahara-base.yaml
@@ -68,8 +68,8 @@ outputs:
sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
sahara::use_neutron: true
sahara::plugins:
+ - ambari
- cdh
- - hdp
- mapr
- vanilla
- spark
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index 1d451ab2..e55199c2 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -250,7 +250,6 @@ resources:
- swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- - network
merge_behavior: deeper
datafiles:
service_names:
@@ -261,11 +260,6 @@ resources:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
- network:
- mapped_data:
- net_ip_map: {get_attr: [NetIpMap, net_ip_map]}
- net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]}
- net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]}
object_extraconfig:
mapped_data: {get_param: ObjectStorageExtraConfig}
extraconfig:
@@ -391,7 +385,14 @@ outputs:
str_replace:
template: 'r1z1-IP:%PORT%/d1'
params:
- IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
+ IP:
+ get_attr:
+ - NetIpMap
+ - net_ip_map
+ - str_replace:
+ template: "NETWORK_uri"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}