summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/all-nodes-config.yaml11
-rw-r--r--puppet/cinder-storage.yaml2
-rw-r--r--puppet/controller.yaml22
-rw-r--r--puppet/extraconfig/ceph/ceph-external-config.yaml2
-rw-r--r--puppet/extraconfig/tls/ca-inject.yaml2
-rw-r--r--puppet/hieradata/common.yaml12
-rw-r--r--puppet/hieradata/controller.yaml8
-rw-r--r--puppet/hieradata/database.yaml7
-rw-r--r--puppet/manifests/overcloud_cephstorage.pp2
-rw-r--r--puppet/manifests/overcloud_compute.pp12
-rw-r--r--puppet/manifests/overcloud_controller.pp42
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp174
-rw-r--r--puppet/manifests/overcloud_object.pp2
-rw-r--r--puppet/manifests/overcloud_volume.pp2
-rw-r--r--puppet/vip-config.yaml2
15 files changed, 182 insertions, 120 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index 3dd3d5c9..e85975d4 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -69,8 +69,8 @@ resources:
allNodesConfigImpl:
type: OS::Heat::StructuredConfig
properties:
+ group: os-apply-config
config:
- completion-signal: {get_input: deploy_signal_id}
hosts:
list_join:
- "\n"
@@ -227,6 +227,15 @@ resources:
list_join:
- "','"
- {get_param: neutron_api_node_ips}
+ # TODO: pass a `midonet_api_node_ips` var
+ midonet_api_node_ips:
+ str_replace:
+ template: "['SERVERS_LIST']"
+ params:
+ SERVERS_LIST:
+ list_join:
+ - "','"
+ - {get_param: neutron_api_node_ips}
keystone_public_api_node_ips:
str_replace:
template: "['SERVERS_LIST']"
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index f7e8f907..0bec3e93 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -13,7 +13,7 @@ parameters:
description: The iSCSI helper to use with cinder.
type: string
CinderLVMLoopDeviceSize:
- default: 5000
+ default: 10280
description: The size of the loopback file used by the cinder LVM driver.
type: number
CinderPassword:
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 15dbf598..36003104 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -61,7 +61,7 @@ parameters:
description: The iSCSI helper to use with cinder.
type: string
CinderLVMLoopDeviceSize:
- default: 5000
+ default: 10280
description: The size of the loopback file used by the cinder LVM driver.
type: number
CinderNfsMountOptions:
@@ -519,7 +519,7 @@ parameters:
default: ["1:4094", ]
type: comma_delimited_list
NeutronPluginExtensions:
- default: "qos"
+ default: "qos,port_security"
description: |
Comma-separated list of extensions enabled for the Neutron plugin.
type: comma_delimited_list
@@ -1114,6 +1114,14 @@ resources:
- '@'
- {get_param: MysqlVirtualIP}
- '/nova'
+ nova_api_dsn:
+ list_join:
+ - ''
+ - - 'mysql+pymysql://nova_api:'
+ - {get_param: NovaPassword}
+ - '@'
+ - {get_param: MysqlVirtualIP}
+ - '/nova_api'
instance_name_template: {get_param: InstanceNameTemplate}
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
@@ -1344,8 +1352,10 @@ resources:
keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
keystone::database_connection: {get_input: keystone_dsn}
- keystone::public_bind_host: {get_input: keystone_public_api_network}
keystone::admin_bind_host: {get_input: keystone_admin_api_network}
+ keystone::public_bind_host: {get_input: keystone_public_api_network}
+ keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
+ keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
keystone::debug: {get_input: debug}
keystone::db::mysql::password: {get_input: admin_token}
keystone::rabbit_userid: {get_input: rabbit_username}
@@ -1363,7 +1373,7 @@ resources:
keystone::admin_workers: {get_input: keystone_workers}
keystone::public_workers: {get_input: keystone_workers}
keystone_enable_db_purge: {get_input: keystone_enable_db_purge}
-
+ keystone::public_endpoint: {get_input: keystone_public_url}
# MongoDB
mongodb::server::bind_ip: {get_input: mongo_db_network}
mongodb::server::nojournal: {get_input: mongodb_no_journal}
@@ -1417,7 +1427,7 @@ resources:
neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
- neutron::agents::ml2::ovs:bridge_mappings: {get_input: neutron_bridge_mappings}
+ neutron::agents::ml2::ovs::bridge_mappings: {get_input: neutron_bridge_mappings}
neutron_public_interface: {get_input: neutron_public_interface}
neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
@@ -1478,6 +1488,7 @@ resources:
nova::api::metadata_workers: {get_input: nova_workers}
nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
nova::database_connection: {get_input: nova_dsn}
+ nova::api_database_connection: {get_input: nova_api_dsn}
nova::glance_api_servers: {get_input: glance_api_servers}
nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
nova::api::instance_name_template: {get_input: instance_name_template}
@@ -1486,6 +1497,7 @@ resources:
nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
nova::vncproxy::host: {get_input: nova_api_network}
nova::db::mysql::password: {get_input: nova_password}
+ nova::db::mysql_api::password: {get_input: nova_password}
nova_enable_db_purge: {get_input: nova_enable_db_purge}
# Horizon
diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml
index 7cefc24b..ebd6c251 100644
--- a/puppet/extraconfig/ceph/ceph-external-config.yaml
+++ b/puppet/extraconfig/ceph/ceph-external-config.yaml
@@ -76,7 +76,7 @@ resources:
cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
- glance::backend::rbd::rbd_store_pool: {get_param: CephClientUserName}
+ glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
nova::compute::rbd::rbd_keyring:
list_join:
- '.'
diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml
index 5a36e951..aab42849 100644
--- a/puppet/extraconfig/tls/ca-inject.yaml
+++ b/puppet/extraconfig/tls/ca-inject.yaml
@@ -45,7 +45,7 @@ resources:
cat > ${cacert_path} << EOF
${cacert_content}
EOF
- chmod 0440 ${cacert_path}
+ chmod 0444 ${cacert_path}
chown root:root ${cacert_path}
${update_anchor_command}
md5sum ${cacert_path} > ${heat_outputs_path}.root_cert_md5sum
diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml
index b4b51abf..30645687 100644
--- a/puppet/hieradata/common.yaml
+++ b/puppet/hieradata/common.yaml
@@ -14,6 +14,9 @@ nova::network::neutron::dhcp_domain: ''
neutron::allow_overlapping_ips: true
+kernel_modules:
+ nf_conntrack: {}
+
sysctl_settings:
net.ipv4.tcp_keepalive_intvl:
value: 1
@@ -21,6 +24,15 @@ sysctl_settings:
value: 5
net.ipv4.tcp_keepalive_time:
value: 5
+ net.nf_conntrack_max:
+ value: 500000
+ net.netfilter.nf_conntrack_max:
+ value: 500000
+ # prevent neutron bridges from autoconfiguring ipv6 addresses
+ net.ipv6.conf.default.accept_ra:
+ value: 0
+ net.ipv6.conf.default.autoconf:
+ value: 0
nova::rabbit_heartbeat_timeout_threshold: 60
neutron::rabbit_heartbeat_timeout_threshold: 60
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index f8ef6408..a4dda4b4 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -34,6 +34,8 @@ glance::api::keystone_tenant: 'service'
glance::registry::keystone_tenant: 'service'
neutron::server::auth_tenant: 'service'
neutron::agents::metadata::auth_tenant: 'service'
+neutron::agents::l3::router_delete_namespaces: True
+neutron::agents::dhcp::dhcp_delete_namespaces: True
cinder::api::keystone_tenant: 'service'
swift::proxy::authtoken::admin_tenant_name: 'service'
ceilometer::api::keystone_tenant: 'service'
@@ -50,6 +52,8 @@ keystone::config::keystone_config:
value: 'HTTP_X_FORWARDED_PROTO'
ec2/driver:
value: 'keystone.contrib.ec2.backends.sql.Ec2'
+keystone::service_name: 'httpd'
+keystone::wsgi::apache::ssl: false
#swift
swift::proxy::pipeline:
@@ -83,6 +87,7 @@ neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf
nova::notify_on_state_change: 'vm_and_task_state'
nova::api::default_floating_pool: 'public'
nova::api::osapi_v3: true
+nova::api::sync_db_api: true
nova::scheduler::filter::ram_allocation_ratio: '1.0'
nova::cron::archive_deleted_rows::hour: '*/12'
nova::cron::archive_deleted_rows::destination: '/dev/null'
@@ -93,6 +98,9 @@ ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
# cinder
cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
cinder::cron::db_purge::destination: '/dev/null'
+cinder::config::cinder_config:
+ DEFAULT/host:
+ value: hostgroup
# heat
heat::engine::configure_delegated_roles: false
diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml
index 89577505..61714691 100644
--- a/puppet/hieradata/database.yaml
+++ b/puppet/hieradata/database.yaml
@@ -6,6 +6,13 @@ nova::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+nova::db::mysql_api::user: nova_api
+nova::db::mysql_api::host: "%{hiera('mysql_virtual_ip')}"
+nova::db::mysql_api::dbname: nova_api
+nova::db::mysql_api::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+
# Glance
glance::db::mysql::user: glance
glance::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp
index 1d801adc..0db5b45a 100644
--- a/puppet/manifests/overcloud_cephstorage.pp
+++ b/puppet/manifests/overcloud_cephstorage.pp
@@ -16,7 +16,9 @@
include ::tripleo::packages
include ::tripleo::firewall
+create_resources(kmod::load, hiera('kernel_modules'), {})
create_resources(sysctl::value, hiera('sysctl_settings'), {})
+Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
if count(hiera('ntp::servers')) > 0 {
include ::ntp
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index 593cc500..3022787b 100644
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -16,7 +16,9 @@
include ::tripleo::packages
include ::tripleo::firewall
+create_resources(kmod::load, hiera('kernel_modules'), {})
create_resources(sysctl::value, hiera('sysctl_settings'), {})
+Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
if count(hiera('ntp::servers')) > 0 {
include ::ntp
@@ -37,6 +39,16 @@ exec { 'libvirt-default-net-destroy':
before => Service['libvirt'],
}
+# When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique
+exec { 'reset-iscsi-initiator-name':
+ command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi',
+ onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset',
+}->
+
+file { '/etc/iscsi/.initiator_reset':
+ ensure => present,
+}
+
include ::nova
include ::nova::config
include ::nova::compute
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 70aebddd..601f35f7 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -20,7 +20,9 @@ $enable_load_balancer = hiera('enable_load_balancer', true)
if hiera('step') >= 1 {
+ create_resources(kmod::load, hiera('kernel_modules'), {})
create_resources(sysctl::value, hiera('sysctl_settings'), {})
+ Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
$controller_node_ips = split(hiera('controller_node_ips'), ',')
@@ -83,11 +85,15 @@ if hiera('step') >= 2 {
$mysql_config_file = '/etc/my.cnf.d/server.cnf'
}
# TODO Galara
+ # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we
+ # set bind-address to a hostname instead of an ip address; to move Mysql
+ # from internal_api on another network we'll have to customize both
+ # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap
class { '::mysql::server':
config_file => $mysql_config_file,
override_options => {
'mysqld' => {
- 'bind-address' => hiera('mysql_bind_host'),
+ 'bind-address' => $::hostname,
'max_connections' => hiera('mysql_max_connections'),
'open_files_limit' => '-1',
},
@@ -100,6 +106,7 @@ if hiera('step') >= 2 {
include ::keystone::db::mysql
include ::glance::db::mysql
include ::nova::db::mysql
+ include ::nova::db::mysql_api
include ::neutron::db::mysql
include ::cinder::db::mysql
include ::heat::db::mysql
@@ -173,6 +180,7 @@ if hiera('step') >= 3 {
include ::keystone::config
include ::keystone::roles::admin
include ::keystone::endpoint
+ include ::keystone::wsgi::apache
#TODO: need a cleanup-keystone-tokens.sh solution here
@@ -246,7 +254,8 @@ if hiera('step') >= 3 {
if hiera('enable_zookeeper_on_controller') {
class {'::tripleo::cluster::zookeeper':
zookeeper_server_ips => $zookeeper_node_ips,
- zookeeper_client_ip => $ipaddress,
+ # TODO: create a 'bind' hiera key for zookeeper
+ zookeeper_client_ip => hiera('neutron::bind_host'),
zookeeper_hostnames => hiera('controller_node_names')
}
}
@@ -255,7 +264,8 @@ if hiera('step') >= 3 {
if hiera('enable_cassandra_on_controller') {
class {'::tripleo::cluster::cassandra':
cassandra_servers => $cassandra_node_ips,
- cassandra_ip => $ipaddress
+ # TODO: create a 'bind' hiera key for cassandra
+ cassandra_ip => hiera('neutron::bind_host'),
}
}
@@ -266,10 +276,11 @@ if hiera('step') >= 3 {
class {'::tripleo::network::midonet::api':
zookeeper_servers => $zookeeper_node_ips,
- vip => $ipaddress,
- keystone_ip => $ipaddress,
+ vip => hiera('tripleo::loadbalancer::public_virtual_ip'),
+ keystone_ip => hiera('tripleo::loadbalancer::public_virtual_ip'),
keystone_admin_token => hiera('keystone::admin_token'),
- bind_address => $ipaddress,
+ # TODO: create a 'bind' hiera key for api
+ bind_address => hiera('neutron::bind_host'),
admin_password => hiera('admin_password')
}
@@ -312,7 +323,7 @@ if hiera('step') >= 3 {
if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
class {'::neutron::plugins::midonet':
- midonet_api_ip => $ipaddress,
+ midonet_api_ip => hiera('tripleo::loadbalancer::public_virtual_ip'),
keystone_tenant => hiera('neutron::server::auth_tenant'),
keystone_password => hiera('neutron::server::auth_password')
}
@@ -363,6 +374,7 @@ if hiera('step') >= 3 {
include ::cinder
include ::cinder::config
+ include ::tripleo::ssl::cinder_config
include ::cinder::api
include ::cinder::glance
include ::cinder::scheduler
@@ -410,10 +422,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_eqlx_backend', false) {
$cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name')
- cinder_config {
- "${cinder_eqlx_backend}/host": value => 'hostgroup';
- }
-
cinder::backend::eqlx { $cinder_eqlx_backend :
volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef),
san_ip => hiera('cinder::backend::eqlx::san_ip', undef),
@@ -421,7 +429,7 @@ if hiera('step') >= 3 {
san_password => hiera('cinder::backend::eqlx::san_password', undef),
san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef),
eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef),
- eqlx_pool => hiera('cinder::backend::eqlx::eqlx_lpool', undef),
+ eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef),
eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef),
eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef),
eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef),
@@ -431,10 +439,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_dellsc_backend', false) {
$cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name')
- cinder_config {
- "${cinder_dellsc_backend}/host": value => 'hostgroup';
- }
-
cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend :
volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef),
san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef),
@@ -443,7 +447,7 @@ if hiera('step') >= 3 {
dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef),
iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef),
iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef),
- dell_sc_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_port', undef),
+ dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef),
dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef),
dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef),
}
@@ -452,10 +456,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_netapp_backend', false) {
$cinder_netapp_backend = hiera('cinder::backend::netapp::title')
- cinder_config {
- "${cinder_netapp_backend}/host": value => 'hostgroup';
- }
-
if hiera('cinder::backend::netapp::nfs_shares', undef) {
$cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',')
}
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index e0286162..b57bcffb 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -39,7 +39,9 @@ $non_pcmk_start = hiera('step') >= 4
if hiera('step') >= 1 {
+ create_resources(kmod::load, hiera('kernel_modules'), {})
create_resources(sysctl::value, hiera('sysctl_settings'), {})
+ Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
include ::timezone
@@ -134,6 +136,11 @@ if hiera('step') >= 1 {
$galera_nodes = downcase(hiera('galera_node_names', $::hostname))
$galera_nodes_count = count(split($galera_nodes, ','))
+ # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we
+ # set bind-address to a hostname instead of an ip address; to move Mysql
+ # from internal_api on another network we'll have to customize both
+ # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap
+ $mysql_bind_host = hiera('mysql_bind_host')
$mysqld_options = {
'mysqld' => {
'skip-name-resolve' => '1',
@@ -143,7 +150,7 @@ if hiera('step') >= 1 {
'innodb_locks_unsafe_for_binlog'=> '1',
'query_cache_size' => '0',
'query_cache_type' => '0',
- 'bind-address' => hiera('mysql_bind_host'),
+ 'bind-address' => $::hostname,
'max_connections' => hiera('mysql_max_connections'),
'open_files_limit' => '-1',
'wsrep_provider' => '/usr/lib64/galera/libgalera_smm.so',
@@ -159,6 +166,7 @@ if hiera('step') >= 1 {
'wsrep_drupal_282555_workaround'=> '0',
'wsrep_causal_reads' => '0',
'wsrep_sst_method' => 'rsync',
+ 'wsrep_provider_options' => "gmcast.listen_addr=tcp://[${mysql_bind_host}]:4567;",
},
}
@@ -429,6 +437,9 @@ MYSQL_HOST=localhost\n",
class { '::nova::db::mysql':
require => Exec['galera-ready'],
}
+ class { '::nova::db::mysql_api':
+ require => Exec['galera-ready'],
+ }
class { '::neutron::db::mysql':
require => Exec['galera-ready'],
}
@@ -574,6 +585,7 @@ if hiera('step') >= 3 {
class { '::nova::api' :
sync_db => $sync_db,
+ sync_db_api => $sync_db,
manage_service => false,
enabled => false,
}
@@ -610,8 +622,9 @@ if hiera('step') >= 3 {
if hiera('enable_zookeeper_on_controller') {
class {'::tripleo::cluster::zookeeper':
zookeeper_server_ips => $zookeeper_node_ips,
- zookeeper_client_ip => $ipaddress,
- zookeeper_hostnames => hiera('controller_node_names')
+ # TODO: create a 'bind' hiera key for zookeeper
+ zookeeper_client_ip => hiera('neutron::bind_host'),
+ zookeeper_hostnames => split(hiera('controller_node_names'), ',')
}
}
@@ -619,7 +632,8 @@ if hiera('step') >= 3 {
if hiera('enable_cassandra_on_controller') {
class {'::tripleo::cluster::cassandra':
cassandra_servers => $cassandra_node_ips,
- cassandra_ip => $ipaddress
+ # TODO: create a 'bind' hiera key for cassandra
+ cassandra_ip => hiera('neutron::bind_host'),
}
}
@@ -629,11 +643,12 @@ if hiera('step') >= 3 {
}
class {'::tripleo::network::midonet::api':
- zookeeper_servers => hiera('neutron_api_node_ips'),
- vip => $public_vip,
- keystone_ip => $public_vip,
+ zookeeper_servers => $zookeeper_node_ips,
+ vip => hiera('tripleo::loadbalancer::public_virtual_ip'),
+ keystone_ip => hiera('tripleo::loadbalancer::public_virtual_ip'),
keystone_admin_token => hiera('keystone::admin_token'),
- bind_address => $ipaddress,
+ # TODO: create a 'bind' hiera key for api
+ bind_address => hiera('neutron::bind_host'),
admin_password => hiera('admin_password')
}
@@ -660,7 +675,7 @@ if hiera('step') >= 3 {
}
if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
class {'::neutron::plugins::midonet':
- midonet_api_ip => $public_vip,
+ midonet_api_ip => hiera('tripleo::loadbalancer::public_virtual_ip'),
keystone_tenant => hiera('neutron::server::auth_tenant'),
keystone_password => hiera('neutron::server::auth_password')
}
@@ -729,6 +744,7 @@ if hiera('step') >= 3 {
include ::cinder
include ::cinder::config
+ include ::tripleo::ssl::cinder_config
class { '::cinder::api':
sync_db => $sync_db,
manage_service => false,
@@ -786,10 +802,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_eqlx_backend', false) {
$cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name')
- cinder_config {
- "${cinder_eqlx_backend}/host": value => 'hostgroup';
- }
-
cinder::backend::eqlx { $cinder_eqlx_backend :
volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef),
san_ip => hiera('cinder::backend::eqlx::san_ip', undef),
@@ -797,7 +809,7 @@ if hiera('step') >= 3 {
san_password => hiera('cinder::backend::eqlx::san_password', undef),
san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef),
eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef),
- eqlx_pool => hiera('cinder::backend::eqlx::eqlx_lpool', undef),
+ eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef),
eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef),
eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef),
eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef),
@@ -807,10 +819,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_dellsc_backend', false) {
$cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name')
- cinder_config {
- "${cinder_dellsc_backend}/host": value => 'hostgroup';
- }
-
cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend :
volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef),
san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef),
@@ -819,7 +827,7 @@ if hiera('step') >= 3 {
dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef),
iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef),
iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef),
- dell_sc_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_port', undef),
+ dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef),
dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef),
dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef),
}
@@ -828,10 +836,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_netapp_backend', false) {
$cinder_netapp_backend = hiera('cinder::backend::netapp::title')
- cinder_config {
- "${cinder_netapp_backend}/host": value => 'hostgroup';
- }
-
if hiera('cinder::backend::netapp::nfs_shares', undef) {
$cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',')
}
@@ -1006,6 +1010,7 @@ if hiera('step') >= 3 {
service_enable => false,
# service_manage => false, # <-- not supported with horizon&apache mod_wsgi?
}
+ include ::keystone::wsgi::apache
include ::apache::mod::status
if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
$_profile_support = 'cisco'
@@ -1049,57 +1054,49 @@ if hiera('step') >= 4 {
if $pacemaker_master {
- # Keystone
- pacemaker::resource::service { $::keystone::params::service_name :
- clone_params => 'interleave=true',
- verify_on_create => true,
- require => [File['/etc/keystone/ssl/certs/ca.pem'],
- File['/etc/keystone/ssl/private/signing_key.pem'],
- File['/etc/keystone/ssl/certs/signing_cert.pem']],
- }
if $enable_load_balancer {
pacemaker::constraint::base { 'haproxy-then-keystone-constraint':
constraint_type => 'order',
first_resource => 'haproxy-clone',
- second_resource => "${::keystone::params::service_name}-clone",
+ second_resource => "${::apache::params::service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
}
pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint':
constraint_type => 'order',
first_resource => 'rabbitmq-clone',
- second_resource => "${::keystone::params::service_name}-clone",
+ second_resource => "${::apache::params::service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Ocf['rabbitmq'],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
pacemaker::constraint::base { 'memcached-then-keystone-constraint':
constraint_type => 'order',
first_resource => 'memcached-clone',
- second_resource => "${::keystone::params::service_name}-clone",
+ second_resource => "${::apache::params::service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service['memcached'],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
pacemaker::constraint::base { 'galera-then-keystone-constraint':
constraint_type => 'order',
first_resource => 'galera-master',
- second_resource => "${::keystone::params::service_name}-clone",
+ second_resource => "${::apache::params::service_name}-clone",
first_action => 'promote',
second_action => 'start',
require => [Pacemaker::Resource::Ocf['galera'],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
# Cinder
pacemaker::resource::service { $::cinder::params::api_service :
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
}
pacemaker::resource::service { $::cinder::params::scheduler_service :
clone_params => 'interleave=true',
@@ -1108,12 +1105,12 @@ if hiera('step') >= 4 {
pacemaker::constraint::base { 'keystone-then-cinder-api-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => "${::apache::params::service_name}-clone",
second_resource => "${::cinder::params::api_service}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::cinder::params::api_service],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
pacemaker::constraint::base { 'cinder-api-then-cinder-scheduler-constraint':
constraint_type => 'order',
@@ -1151,25 +1148,25 @@ if hiera('step') >= 4 {
# Sahara
pacemaker::resource::service { $::sahara::params::api_service_name :
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
}
pacemaker::resource::service { $::sahara::params::engine_service_name :
clone_params => 'interleave=true',
}
pacemaker::constraint::base { 'keystone-then-sahara-api-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => "${::apache::params::service_name}-clone",
second_resource => "${::sahara::params::api_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
# Glance
pacemaker::resource::service { $::glance::params::registry_service_name :
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
}
pacemaker::resource::service { $::glance::params::api_service_name :
clone_params => 'interleave=true',
@@ -1177,12 +1174,12 @@ if hiera('step') >= 4 {
pacemaker::constraint::base { 'keystone-then-glance-registry-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => "${::apache::params::service_name}-clone",
second_resource => "${::glance::params::registry_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint':
constraint_type => 'order',
@@ -1220,12 +1217,12 @@ if hiera('step') >= 4 {
} ->
pacemaker::resource::service { $::neutron::params::server_service:
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name]
+ require => Pacemaker::Resource::Service[$::apache::params::service_name]
}
} else {
pacemaker::resource::service { $::neutron::params::server_service:
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name]
+ require => Pacemaker::Resource::Service[$::apache::params::service_name]
}
}
if hiera('neutron::enable_l3_agent', true) {
@@ -1297,28 +1294,16 @@ if hiera('step') >= 4 {
Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
}
}
-
pacemaker::constraint::base { 'keystone-to-neutron-server-constraint':
- constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
- second_resource => "${::neutron::params::server_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::keystone::params::service_name],
- Pacemaker::Resource::Service[$::neutron::params::server_service]],
- }
- if hiera('neutron::enable_ovs_agent',true) {
- pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::server_service}-clone",
- second_resource => "${::neutron::params::ovs_agent_service}-clone",
+ constraint_type => 'order',
+ first_resource => "${::apache::params::service_name}-clone",
+ second_resource => "${::neutron::params::server_service}-clone",
first_action => 'start',
second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::server_service],
- Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
+ require => [Pacemaker::Resource::Service[$::apache::params::service_name],
+ Pacemaker::Resource::Service[$::neutron::params::server_service]],
}
- }
- if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_ovs_agent',true) {
+ if hiera('neutron::enable_ovs_agent',true) {
pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint':
constraint_type => 'order',
first_resource => "${::neutron::params::ovs_agent_service}-clone",
@@ -1327,8 +1312,19 @@ if hiera('step') >= 4 {
second_action => 'start',
require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service],
Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]],
-
}
+ }
+ if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_ovs_agent',true) {
+ pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint':
+ constraint_type => 'order',
+ first_resource => "${::neutron::params::server_service}-clone",
+ second_resource => "${::neutron::params::ovs_agent_service}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::neutron::params::server_service],
+ Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
+ }
+
pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation':
source => "${::neutron::params::dhcp_agent_service}-clone",
target => "${::neutron::params::ovs_agent_service}-clone",
@@ -1414,34 +1410,29 @@ if hiera('step') >= 4 {
# Nova
pacemaker::resource::service { $::nova::params::api_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s',
}
pacemaker::resource::service { $::nova::params::conductor_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s',
}
pacemaker::resource::service { $::nova::params::consoleauth_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
}
pacemaker::resource::service { $::nova::params::vncproxy_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s',
}
pacemaker::resource::service { $::nova::params::scheduler_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s',
}
pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => "${::apache::params::service_name}-clone",
second_resource => "${::nova::params::consoleauth_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
pacemaker::constraint::base { 'nova-consoleauth-then-nova-vncproxy-constraint':
constraint_type => 'order',
@@ -1513,14 +1504,14 @@ if hiera('step') >= 4 {
/mysql/: {
pacemaker::resource::service { $::ceilometer::params::agent_central_service_name :
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
}
}
default: {
pacemaker::resource::service { $::ceilometer::params::agent_central_service_name :
clone_params => 'interleave=true',
- require => [Pacemaker::Resource::Service[$::keystone::params::service_name],
- Pacemaker::Resource::Service[$::mongodb::params::service_name]],
+ require => [Pacemaker::Resource::Service[$::apache::params::service_name],
+ Pacemaker::Resource::Service[$::mongodb::params::service_name]],
}
}
}
@@ -1556,12 +1547,12 @@ if hiera('step') >= 4 {
}
pacemaker::constraint::base { 'keystone-then-ceilometer-central-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => "${::apache::params::service_name}-clone",
second_resource => "${::ceilometer::params::agent_central_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint':
constraint_type => 'order',
@@ -1631,12 +1622,12 @@ if hiera('step') >= 4 {
}
pacemaker::constraint::base { 'keystone-then-heat-api-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => "${::apache::params::service_name}-clone",
second_resource => "${::heat::params::api_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::heat::params::api_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Service[$::apache::params::service_name]],
}
pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint':
constraint_type => 'order',
@@ -1696,9 +1687,13 @@ if hiera('step') >= 4 {
Pacemaker::Resource::Service[$::ceilometer::params::agent_notification_service_name]],
}
- # Horizon
- pacemaker::resource::service { $::horizon::params::http_service:
- clone_params => 'interleave=true',
+ # Horizon and Keystone
+ pacemaker::resource::service { $::apache::params::service_name:
+ clone_params => 'interleave=true',
+ verify_on_create => true,
+ require => [File['/etc/keystone/ssl/certs/ca.pem'],
+ File['/etc/keystone/ssl/private/signing_key.pem'],
+ File['/etc/keystone/ssl/certs/signing_cert.pem']],
}
#VSM
@@ -1735,12 +1730,11 @@ if hiera('step') >= 5 {
if $pacemaker_master {
class {'::keystone::roles::admin' :
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
} ->
class {'::keystone::endpoint' :
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
}
-
}
} #END STEP 5
diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp
index 63ac396e..1ac66904 100644
--- a/puppet/manifests/overcloud_object.pp
+++ b/puppet/manifests/overcloud_object.pp
@@ -16,7 +16,9 @@
include ::tripleo::packages
include ::tripleo::firewall
+create_resources(kmod::load, hiera('kernel_modules'), {})
create_resources(sysctl::value, hiera('sysctl_settings'), {})
+Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
if count(hiera('ntp::servers')) > 0 {
include ::ntp
diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp
index 5a69725a..72cd36c3 100644
--- a/puppet/manifests/overcloud_volume.pp
+++ b/puppet/manifests/overcloud_volume.pp
@@ -16,7 +16,9 @@
include ::tripleo::packages
include ::tripleo::firewall
+create_resources(kmod::load, hiera('kernel_modules'), {})
create_resources(sysctl::value, hiera('sysctl_settings'), {})
+Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
if count(hiera('ntp::servers')) > 0 {
include ::ntp
diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml
index c49a1047..5e2f698f 100644
--- a/puppet/vip-config.yaml
+++ b/puppet/vip-config.yaml
@@ -16,6 +16,8 @@ resources:
keystone_admin_api_vip: {get_input: keystone_admin_api_vip}
keystone_public_api_vip: {get_input: keystone_public_api_vip}
neutron_api_vip: {get_input: neutron_api_vip}
+ # TODO: pass a `midonet_api_vip` var
+ midonet_api_vip: {get_input: neutron_api_vip}
cinder_api_vip: {get_input: cinder_api_vip}
glance_api_vip: {get_input: glance_api_vip}
glance_registry_vip: {get_input: glance_registry_vip}