diff options
Diffstat (limited to 'puppet')
38 files changed, 210 insertions, 294 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 793b17dd..6f13b74e 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -104,7 +104,7 @@ resources: list_join: - ',' - {get_param: controller_names} - rabbit_node_ips: &rabbit_nodes_array + rabbit_node_ips: str_replace: template: "['SERVERS_LIST']" params: @@ -112,6 +112,22 @@ resources: list_join: - "','" - {get_param: rabbit_node_ips} + rabbitmq_node_ips: &rabbit_nodes_array + str_replace: + template: "['SERVERS_LIST']" + params: + SERVERS_LIST: + list_join: + - "','" + - {get_param: rabbit_node_ips} + mongodb_node_ips: + str_replace: + template: "['SERVERS_LIST']" + params: + SERVERS_LIST: + list_join: + - "','" + - {get_param: mongo_node_ips} mongo_node_ips: str_replace: template: "['SERVERS_LIST']" @@ -128,6 +144,22 @@ resources: list_join: - "','" - {get_param: redis_node_ips} + memcached_node_ips: + str_replace: + template: "['SERVERS_LIST']" + params: + SERVERS_LIST: + list_join: + - "','" + - {get_param: memcache_node_ips} + memcached_node_ips_v6: + str_replace: + template: "['inet6:[SERVERS_LIST]']" + params: + SERVERS_LIST: + list_join: + - "]','inet6:[" + - {get_param: memcache_node_ips} memcache_node_ips: str_replace: template: "['SERVERS_LIST']" diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index bb3d7588..08d66f5c 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2016-10-14 description: 'OpenStack ceph storage node configured by Puppet' parameters: OvercloudCephStorageFlavor: @@ -71,7 +71,6 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: - default: '' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -264,7 +263,10 @@ resources: mapped_data: service_names: {get_param: ServiceNames} service_configs: - mapped_data: {get_param: ServiceConfigSettings} + mapped_data: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} network: mapped_data: net_ip_map: {get_attr: [NetIpMap, net_ip_map]} @@ -275,7 +277,6 @@ resources: extraconfig: mapped_data: {get_param: ExtraConfig} ceph: - raw_data: {get_file: hieradata/ceph.yaml} mapped_data: tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index 75497c9e..ba84fb77 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2016-10-14 description: 'OpenStack cinder storage configured by Puppet' parameters: BlockStorageImage: @@ -73,7 +73,6 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: - default: '' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -271,7 +270,10 @@ resources: mapped_data: service_names: {get_param: ServiceNames} service_configs: - mapped_data: {get_param: ServiceConfigSettings} + mapped_data: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} network: mapped_data: net_ip_map: {get_attr: [NetIpMap, net_ip_map]} @@ -282,7 +284,6 @@ resources: extraconfig: mapped_data: {get_param: ExtraConfig} volume: - raw_data: {get_file: hieradata/volume.yaml} mapped_data: # Cinder tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_ip_address: {get_input: cinder_iscsi_ip_address} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 0f40634e..e257579d 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -1,39 +1,9 @@ -heat_template_version: 2015-10-15 +heat_template_version: 2016-10-14 description: > OpenStack hypervisor node configured via Puppet. parameters: - AdminPassword: - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - CeilometerComputeAgent: - description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly - type: string - default: '' - constraints: - - allowed_values: ['', Present] - CeilometerMeteringSecret: - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - description: The password for the ceilometer service account. - type: string - hidden: true - CinderEnableNfsBackend: - default: false - description: Whether to enable or not the NFS backend for Cinder - type: boolean - CinderEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Cinder - type: boolean - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string ExtraConfig: default: {} description: | @@ -46,9 +16,6 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - GlanceHost: - type: string - default: '' # Has to be here because of the ignored empty value bug NovaImage: type: string default: overcloud-full @@ -64,16 +31,6 @@ parameters: default: default constraints: - custom_constraint: nova.keypair - KeystoneAdminApiVirtualIP: - type: string - default: '' - KeystonePublicApiVirtualIP: - type: string - default: '' - NeutronPassword: - description: The password for the neutron service account, used by neutron agents. - type: string - hidden: true NeutronPhysicalBridge: default: 'br-ex' description: An OVS bridge to create for accessing external networks. @@ -88,9 +45,6 @@ parameters: NovaApiHost: type: string default: '' # Has to be here because of the ignored empty value bug - NovaComputeDriver: - type: string - default: libvirt.LibvirtDriver NovaComputeExtraConfig: default: {} description: | @@ -100,61 +54,9 @@ parameters: NovaComputeIPs: default: {} type: json - NovaComputeLibvirtType: - type: string - default: kvm - NovaComputeLibvirtVifDriver: - default: '' - description: Libvirt VIF driver configuration for the network - type: string - NovaEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Nova - type: boolean - NovaIPv6: - default: false - description: Enable IPv6 features in Nova - type: boolean - NovaPassword: - description: The password for the nova service account, used by nova-api. - type: string - hidden: true NovaPublicIP: type: string default: '' # Has to be here because of the ignored empty value bug - NovaOVSBridge: - default: 'br-int' - description: Name of integration bridge used by Open vSwitch - type: string - NovaSecurityGroupAPI: - default: 'neutron' - description: The full class name of the security API class - type: string - RabbitHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - UpgradeLevelNovaCompute: - type: string - description: Nova Compute upgrade level - default: '' EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -195,7 +97,6 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: - default: '' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -368,7 +269,6 @@ resources: - service_configs - compute - ceph_cluster # provided by CephClusterConfig - - ceph - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - network @@ -383,7 +283,10 @@ resources: mapped_data: service_names: {get_param: ServiceNames} service_configs: - mapped_data: {get_param: ServiceConfigSettings} + mapped_data: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} compute_extraconfig: mapped_data: {get_param: NovaComputeExtraConfig} extraconfig: @@ -393,64 +296,13 @@ resources: net_ip_map: {get_attr: [NetIpMap, net_ip_map]} net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]} net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]} - ceph: - raw_data: {get_file: hieradata/ceph.yaml} compute: - raw_data: {get_file: hieradata/compute.yaml} mapped_data: - cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} - nova::use_ipv6: {get_input: nova_ipv6} - nova::debug: {get_input: debug} - nova::rabbit_userid: {get_input: rabbit_username} - nova::rabbit_password: {get_input: rabbit_password} - nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - nova::rabbit_port: {get_input: rabbit_client_port} - nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute} - nova_compute_driver: {get_input: nova_compute_driver} - # TODO(emilien): move libvirt & migration parameters in libvirt profile - # used to deploy libvirt/kvm dependencies: - nova::compute::libvirt::services::libvirt_virt_type: {get_input: nova_compute_libvirt_type} - # used to configured nova.conf: - nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} - nova::compute::neutron::libvirt_vif_driver: {get_input: nova_compute_libvirt_vif_driver} nova_api_host: {get_input: nova_api_host} nova::compute::vncproxy_host: {get_input: nova_public_ip} - nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend} - # TUNNELLED mode provides a security enhancement when using shared storage but is not - # supported when not using shared storage. - # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 - # In future versions of QEMU (2.6, mostly), Dan's native encryption - # work will obsolete the need to use TUNNELLED transport mode. - nova::migration::live_migration_tunnelled: {get_input: nova_enable_rbd_backend} - rbd_persistent_storage: {get_input: cinder_enable_rbd_backend} - nova_password: {get_input: nova_password} nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address} - nova::vncproxy::common::vncproxy_protocol: {get_input: nova_vncproxy_protocol} - nova::vncproxy::common::vncproxy_host: {get_input: nova_vncproxy_host} - nova::vncproxy::common::vncproxy_port: {get_input: nova_vncproxy_port} - nova::network::neutron::neutron_ovs_bridge: {get_input: nova_ovs_bridge} - nova::network::neutron::security_group_api: {get_input: nova_security_group_api} - ceilometer::debug: {get_input: debug} - ceilometer::rabbit_userid: {get_input: rabbit_username} - ceilometer::rabbit_password: {get_input: rabbit_password} - ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - ceilometer::rabbit_port: {get_input: rabbit_client_port} - ceilometer::telemetry_secret: {get_input: ceilometer_metering_secret} - ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} - ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url} - nova::glance_api_servers: {get_input: glance_api_servers} - neutron::debug: {get_input: debug} - neutron::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_user: {get_input: rabbit_username} - neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - neutron::rabbit_port: {get_input: rabbit_client_port} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} - nova::network::neutron::neutron_password: {get_input: neutron_password} - nova::network::neutron::neutron_url: {get_input: neutron_internal_url} - nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url} - keystone_public_api_virtual_ip: {get_input: keystone_vip} - admin_password: {get_input: admin_password} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -462,45 +314,10 @@ resources: config: {get_resource: NovaComputeConfig} server: {get_resource: NovaCompute} input_values: - cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} - debug: {get_param: Debug} - nova_compute_driver: {get_param: NovaComputeDriver} - nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType} - nova_compute_libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver} nova_public_ip: {get_param: NovaPublicIP} nova_api_host: {get_param: NovaApiHost} - nova_password: {get_param: NovaPassword} - nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend} - nova_ipv6: {get_param: NovaIPv6} - cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]} - nova_vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} - # Remove brackets that may come if the IP address is IPv6. - # For DNS names and IPv4, this will just get the NovaVNCProxyPublic value - nova_vncproxy_host: - str_replace: - template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]} - params: - '[': '' - ']': '' - nova_vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} - nova_ovs_bridge: {get_param: NovaOVSBridge} - nova_security_group_api: {get_param: NovaSecurityGroupAPI} - upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute} - ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} - ceilometer_password: {get_param: CeilometerPassword} - ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} - neutron_password: {get_param: NeutronPassword} - neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]} - neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} - keystone_vip: {get_param: KeystonePublicApiVirtualIP} - admin_password: {get_param: AdminPassword} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_client_port: {get_param: RabbitClientPort} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 816ce71d..4591edf2 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack controller node configured by Puppet. @@ -137,10 +137,6 @@ parameters: type: string constraints: - custom_constraint: nova.keypair - KeystoneRegion: - type: string - default: 'regionOne' - description: Keystone region for endpoint ManageFirewall: default: false description: Whether to manage IPtables rules. @@ -301,7 +297,6 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: - default: '' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -514,10 +509,6 @@ resources: params: CLUSTER: {get_param: MysqlClusterUniquePart} neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - neutron_password: {get_param: NeutronPassword} - neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } - neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } - nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] } aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] } aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] } aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] } @@ -529,9 +520,6 @@ resources: - '@' - {get_param: RedisVirtualIPUri} - ':6379/' - gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} - gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } - gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } nova_enable_db_purge: {get_param: NovaEnableDBPurge} nova_ipv6: {get_param: NovaIPv6} corosync_ipv6: {get_param: CorosyncIPv6} @@ -565,9 +553,8 @@ resources: heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} - keystone_region: {get_param: KeystoneRegion} manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]} - mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} + mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongodbNetwork]}]} neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} @@ -581,7 +568,7 @@ resources: template: "['SUBNET']" params: SUBNET: {get_attr: [NetIpMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} - rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} + rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitmqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} redis_vip: {get_param: RedisVirtualIP} sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} @@ -608,7 +595,6 @@ resources: - service_configs - service_names - controller - - object - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - ceph_cluster # provided by CephClusterConfig - ceph @@ -630,7 +616,10 @@ resources: mapped_data: service_names: {get_param: ServiceNames} service_configs: - mapped_data: {get_param: ServiceConfigSettings} + mapped_data: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} controller_extraconfig: mapped_data: map_merge: @@ -644,15 +633,11 @@ resources: net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]} net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]} ceph: - raw_data: {get_file: hieradata/ceph.yaml} mapped_data: ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} ceph::profile::params::public_network: {get_input: ceph_public_network} ceph::profile::params::public_addr: {get_input: ceph_public_ip} - object: - raw_data: {get_file: hieradata/object.yaml} controller: - raw_data: {get_file: hieradata/controller.yaml} mapped_data: # data supplied directly to this deployment configuration, etc bootstack_nodeid: {get_input: bootstack_nodeid} @@ -726,10 +711,6 @@ resources: gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri} gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri} gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri} - gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url } - gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url } - gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url } - gnocchi::keystone::auth::region: {get_input: keystone_region} # Nova nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute} @@ -742,9 +723,6 @@ resources: nova::glance_api_servers: {get_input: glance_api_servers} nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} nova::api::instance_name_template: {get_input: instance_name_template} - nova::network::neutron::neutron_password: {get_input: neutron_password} - nova::network::neutron::neutron_url: {get_input: neutron_internal_url} - nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url} nova::vncproxy::host: {get_input: nova_api_network} nova_enable_db_purge: {get_input: nova_enable_db_purge} diff --git a/puppet/hieradata/README.rst b/puppet/hieradata/README.rst deleted file mode 100644 index 64a60229..00000000 --- a/puppet/hieradata/README.rst +++ /dev/null @@ -1 +0,0 @@ -Do not add more hieradata in this directory, and use composable services. diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml deleted file mode 100644 index c8c5804b..00000000 --- a/puppet/hieradata/ceph.yaml +++ /dev/null @@ -1,2 +0,0 @@ -# Do not add hieradata in this file, and use composable services. -ceph_classes: [] diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml deleted file mode 100644 index 54b3d412..00000000 --- a/puppet/hieradata/compute.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# Do not add hieradata in this file, and use composable services. - -compute_classes: [] diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml deleted file mode 100644 index d18e0bc9..00000000 --- a/puppet/hieradata/controller.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# Do not add hieradata in this file, and use composable services. - -controller_classes: [] diff --git a/puppet/hieradata/object.yaml b/puppet/hieradata/object.yaml deleted file mode 100644 index 5aa0cfb6..00000000 --- a/puppet/hieradata/object.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# Do not add hieradata in this file, and use composable services. - -object_classes: [] diff --git a/puppet/hieradata/volume.yaml b/puppet/hieradata/volume.yaml deleted file mode 100644 index 42b85e1a..00000000 --- a/puppet/hieradata/volume.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# Do not add hieradata in this file, and use composable services. - -volume_classes: [] diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index 152694d9..df83496f 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -17,7 +17,7 @@ include ::tripleo::packages include ::tripleo::firewall if hiera('step') >= 4 { - hiera_include('ceph_classes') + hiera_include('ceph_classes', []) } $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_ceph', hiera('step')]) diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index ab7f846f..19ec575a 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -17,7 +17,7 @@ include ::tripleo::packages include ::tripleo::firewall if hiera('step') >= 4 { - hiera_include('compute_classes') + hiera_include('compute_classes', []) } $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_compute', hiera('step')]) diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 69e48e95..30e7c8d9 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -17,8 +17,8 @@ include ::tripleo::packages include ::tripleo::firewall if hiera('step') >= 4 { - hiera_include('controller_classes') -} #END STEP 4 + hiera_include('controller_classes', []) +} $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 0aec972d..a782207e 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -16,17 +16,9 @@ include ::tripleo::packages include ::tripleo::firewall -if $::hostname == downcase(hiera('bootstrap_nodeid')) { - $pacemaker_master = true - $sync_db = true -} else { - $pacemaker_master = false - $sync_db = false +if hiera('step') >= 4 { + hiera_include('controller_classes', []) } -if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { - hiera_include('controller_classes') -} #END STEP 4 - $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index 1f04c581..18e90d1f 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -17,7 +17,7 @@ include ::tripleo::packages include ::tripleo::firewall if hiera('step') >= 4 { - hiera_include('object_classes') + hiera_include('object_classes', []) } $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_object', hiera('step')]) diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp index 7c7da586..f6787719 100644 --- a/puppet/manifests/overcloud_volume.pp +++ b/puppet/manifests/overcloud_volume.pp @@ -17,7 +17,7 @@ include ::tripleo::packages include ::tripleo::firewall if hiera('step') >= 4 { - hiera_include('volume_classes') + hiera_include('volume_classes', []) } $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_volume', hiera('step')]) diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 30c3f416..6a9f5d75 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -85,7 +85,7 @@ outputs: aodh::keystone::auth::tenant: 'service' aodh::db::mysql::user: aodh aodh::db::mysql::password: {get_param: AodhPassword} - aodh::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} aodh::db::mysql::dbname: aodh aodh::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 5342cefb..59b4cc2a 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -35,6 +35,10 @@ parameters: default: false description: Whether to store events in ceilometer. type: boolean + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string KeystoneRegion: type: string default: 'regionOne' @@ -64,6 +68,7 @@ outputs: value: service_name: ceilometer_base config_settings: + ceilometer::debug: {get_param: Debug} ceilometer::db::database_connection: list_join: - '' @@ -103,7 +108,7 @@ outputs: ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} ceilometer::rabbit_port: {get_param: RabbitClientPort} ceilometer::db::mysql::user: ceilometer - ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} ceilometer::db::mysql::dbname: ceilometer ceilometer::db::mysql::allowed_hosts: - '%' @@ -111,3 +116,4 @@ outputs: ceilometer::rabbit_heartbeat_timeout_threshold: 60 ceilometer::db::database_db_max_retries: -1 ceilometer::db::database_max_retries: -1 + ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret} diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 4f383456..3568cb06 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -49,6 +49,9 @@ outputs: cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} + cinder::keystone::auth::public_url_v3: {get_param: [EndpointMap, CinderV3Public, uri]} + cinder::keystone::auth::internal_url_v3: {get_param: [EndpointMap, CinderV3Internal, uri]} + cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]} cinder::keystone::auth::password: {get_param: CinderPassword} cinder::keystone::auth::region: {get_param: KeystoneRegion} cinder::api::enable_proxy_headers_parsing: true diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index f5d98afa..c554bf97 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -58,7 +58,7 @@ outputs: cinder::rabbit_password: {get_param: RabbitPassword} cinder::rabbit_port: {get_param: RabbitClientPort} cinder::db::mysql::user: cinder - cinder::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} cinder::db::mysql::dbname: cinder cinder::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index 40d18191..ca10fd12 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -45,7 +45,7 @@ outputs: glance::registry::debug: {get_param: Debug} glance::registry::workers: {get_param: GlanceWorkers} glance::db::mysql::user: glance - glance::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} glance::db::mysql::dbname: glance glance::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index d97626a6..265cb9f0 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -9,6 +9,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + GnocchiPassword: + description: The password for the gnocchi service and db account. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint resources: GnocchiServiceBase: @@ -29,6 +37,12 @@ outputs: dport: - 8041 - 13041 - - gnocchi::api::keystone_tenant: 'service' + gnocchi::api::keystone_tenant: 'service' + gnocchi::keystone::auth::tenant: 'service' + gnocchi::keystone::auth::region: {get_param: KeystoneRegion} + gnocchi::keystone::auth::password: {get_param: GnocchiPassword} + gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } + gnocchi::keystone::auth::internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} + gnocchi::keystone::auth::admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } step_config: | include ::tripleo::profile::base::gnocchi::api diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index a408d5d7..a072e8ef 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -34,6 +34,10 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true outputs: aux_parameters: @@ -56,9 +60,6 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' - gnocchi::keystone::auth::region: {get_param: KeystoneRegion} - gnocchi::keystone::auth::tenant: 'service' - gnocchi::keystone::auth::password: {get_param: GnocchiPassword} gnocchi::db::mysql::password: {get_param: GnocchiPassword} gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types' #Gnocchi API @@ -66,9 +67,16 @@ outputs: gnocchi::api::manage_service: false gnocchi::api::enabled: true gnocchi::api::service_name: 'httpd' - gnocchi::api::keystone_tenant: 'service' gnocchi::api::keystone_password: {get_param: GnocchiPassword} gnocchi::wsgi::apache::ssl: false + gnocchi::storage::coordination_url: + list_join: + - '' + - - 'redis://:' + - {get_param: RedisPassword} + - '@' + - "%{hiera('redis_vip')}" + - ':6379/' gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword} @@ -89,7 +97,7 @@ outputs: gnocchi::statsd::flush_delay: 10 gnocchi::statsd::archive_policy_name: 'low' gnocchi::db::mysql::user: gnocchi - gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} gnocchi::db::mysql::dbname: gnocchi gnocchi::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 13555a62..044ca880 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -58,7 +58,7 @@ outputs: heat::db::mysql::password: {get_param: HeatPassword} heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} heat::db::mysql::user: heat - heat::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} heat::db::mysql::dbname: heat heat::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index 41d2234a..508694ee 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -59,7 +59,7 @@ outputs: ironic::rabbit_use_ssl: {get_param: RabbitClientUseSSL} ironic::db::mysql::password: {get_param: IronicPassword} ironic::db::mysql::user: ironic - ironic::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} ironic::db::mysql::dbname: ironic ironic::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index d45ed86e..988c80ce 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -112,7 +112,7 @@ outputs: keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} keystone::db::mysql::user: keystone - keystone::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} keystone::db::mysql::dbname: keystone keystone::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index ccae4467..389fa2e3 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -35,9 +35,12 @@ outputs: - manila::api::keystone_password: {get_param: ManilaPassword} manila::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} manila::api::keystone_auth_host: {get_param: [EndpointMap, ManilaInternal, host]} - manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaPublic, uri]} - manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaInternal, uri]} - manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaAdmin, uri]} + manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]} + manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]} + manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]} + manila::keystone::auth::public_url_v2: {get_param: [EndpointMap, ManilaPublic, uri]} + manila::keystone::auth::internal_url_v2: {get_param: [EndpointMap, ManilaInternal, uri]} + manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]} manila::keystone::auth::password: {get_param: ManilaPassword } manila::keystone::auth::region: {get_param: KeystoneRegion } manila::api::keystone_tenant: 'service' diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index c156379b..663a9345 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -93,7 +93,7 @@ outputs: manila::rabbit_port: {get_param: RabbitClientPort} manila::debug: {get_param: Debug} manila::db::mysql::user: manila - manila::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} manila::db::mysql::dbname: manila manila::db::database_db_max_retries: -1 manila::db::database_max_retries: -1 diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index f6339c83..bc8dd8d1 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -42,6 +42,12 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + EnableConfigPurge: + type: boolean + default: true + description: > + Remove configuration that is not generated by TripleO. Setting + to false may result in configuration remnants after updates/upgrades. outputs: role_data: @@ -61,6 +67,7 @@ outputs: params: PLUGINS: {get_param: NeutronServicePlugins} neutron::debug: {get_param: Debug} + neutron::purge_config: {get_param: EnableConfigPurge} neutron::allow_overlapping_ips: true neutron::rabbit_heartbeat_timeout_threshold: 60 neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 7a97cd84..d52b8a26 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -9,9 +9,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - NeutronEnableTunnelling: - type: string - default: "True" NeutronEnableL2Pop: type: string description: > @@ -56,7 +53,6 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - neutron::agents::ml2::ovs::enable_tunneling: {get_param: NeutronEnableTunnelling} neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop} neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR} neutron::agents::ml2::ovs::bridge_mappings: diff --git a/puppet/services/neutron-server.yaml b/puppet/services/neutron-server.yaml index a63f1857..c40b37b0 100644 --- a/puppet/services/neutron-server.yaml +++ b/puppet/services/neutron-server.yaml @@ -68,12 +68,10 @@ outputs: neutron::keystone::auth::region: {get_param: KeystoneRegion} neutron::server::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::server::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - neutron::server::auth_tenant: 'service' - neutron::server::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } neutron::server::api_workers: {get_param: NeutronWorkers} neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron::server::l3_ha: {get_param: NeutronL3HA} - neutron::server::auth_password: {get_param: NeutronPassword} + neutron::server::password: {get_param: NeutronPassword} neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] } neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } @@ -84,7 +82,7 @@ outputs: neutron::server::sync_db: true neutron::db::mysql::password: {get_param: NeutronPassword} neutron::db::mysql::user: neutron - neutron::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} neutron::db::mysql::dbname: ovs_neutron neutron::db::mysql::allowed_hosts: - '%' diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 868b76cf..9b1b0760 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -13,6 +13,14 @@ parameters: description: The password for the nova service and db account, used by nova-api. type: string hidden: true + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + NovaOVSBridge: + default: 'br-int' + description: Name of integration bridge used by Open vSwitch + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -35,6 +43,20 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + EnableConfigPurge: + type: boolean + default: true + description: > + Remove configuration that is not generated by TripleO. Setting + to false may result in configuration remnants after updates/upgrades. + NovaIPv6: + default: false + description: Enable IPv6 features in Nova + type: boolean + UpgradeLevelNovaCompute: + type: string + description: Nova Compute upgrade level + default: '' outputs: role_data: @@ -43,7 +65,7 @@ outputs: service_name: nova_base config_settings: nova::rabbit_password: {get_param: RabbitPassword} - nova::rabbit_user: {get_param: RabbitUserName} + nova::rabbit_userid: {get_param: RabbitUserName} nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} nova::rabbit_port: {get_param: RabbitClientPort} nova::database_connection: @@ -66,22 +88,26 @@ outputs: - '/nova_api' nova::db::mysql::password: {get_input: nova_password} nova::db::mysql::user: nova - nova::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} nova::db::mysql::dbname: nova nova::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" nova::db::mysql_api::password: {get_input: nova_password} nova::db::mysql_api::user: nova_api - nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} nova::db::mysql_api::dbname: nova_api nova::db::mysql_api::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" nova::debug: {get_param: Debug} + nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' nova::network::neutron::neutron_username: 'neutron' nova::network::neutron::dhcp_domain: '' + nova::network::neutron::neutron_password: {get_param: NeutronPassword} + nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} + nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} nova::rabbit_heartbeat_timeout_threshold: 60 nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed. @@ -89,16 +115,20 @@ outputs: nova::notification_driver: messagingv2 nova::network::neutron::neutron_auth_type: 'v3password' nova::db::mysql::user: nova - nova::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} nova::db::mysql::dbname: nova nova::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" nova::db::mysql_api::user: nova_api - nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} nova::db::mysql_api::dbname: nova_api nova::db::mysql_api::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" nova::db::database_db_max_retries: -1 nova::db::database_max_retries: -1 + nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} + nova::use_ipv6: {get_param: NovaIPv6} + nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute} + nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge} diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index bcc3a232..19f1f02a 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -15,6 +15,22 @@ parameters: CephClientUserName: default: openstack type: string + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean + NovaComputeLibvirtVifDriver: + default: '' + description: Libvirt VIF driver configuration for the network + type: string resources: NovaBase: @@ -37,6 +53,8 @@ outputs: tripleo::profile::base::nova::nova_compute_enabled: true nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend} + rbd_persistent_storage: {get_param: CinderEnableRbdBackend} nova::compute::rbd::rbd_keyring: list_join: - '.' @@ -45,13 +63,23 @@ outputs: nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"' nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' + nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend} + # TUNNELLED mode provides a security enhancement when using shared + # storage but is not supported when not using shared storage. + # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 + # In future versions of QEMU (2.6, mostly), danpb's native + # encryption work will obsolete the need to use TUNNELLED transport + # mode. + nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend} # Changing the default from 512MB. The current templates can not deploy # overclouds with swap. On an idle compute node, we see ~1024MB of RAM # used. 2048 is suggested to account for other possible operations for # example openvswitch. nova::compute::reserved_host_memory: 2048 + nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver} + step_config: | # TODO(emilien): figure how to deal with libvirt profile. - # We'll probably threat it like we do with Neutron plugins. + # We'll probably treat it like we do with Neutron plugins. # Until then, just include it in the default nova-compute role. include tripleo::profile::base::nova::compute::libvirt diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 939b6a09..d283de4f 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -9,6 +9,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + NovaComputeLibvirtType: + type: string + default: kvm resources: NovaBase: @@ -30,5 +33,8 @@ outputs: nova::compute::libvirt::migration_support: false tripleo::profile::base::nova::manage_migration: true tripleo::profile::base::nova::libvirt_enabled: true + nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType} + nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType} + step_config: | include tripleo::profile::base::nova::libvirt diff --git a/puppet/services/nova-vncproxy.yaml b/puppet/services/nova-vncproxy.yaml index 0b9cef38..a1517011 100644 --- a/puppet/services/nova-vncproxy.yaml +++ b/puppet/services/nova-vncproxy.yaml @@ -25,5 +25,15 @@ outputs: map_merge: - get_attr: [NovaBase, role_data, config_settings] - nova::vncproxy::enabled: true + nova::vncproxy::common::vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} + # Remove brackets that may come if the IP address is IPv6. + # For DNS names and IPv4, this will just get NovaVNCProxyPublic + nova::vncproxy::common::vncproxy_host: + str_replace: + template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]} + params: + '[': '' + ']': '' + nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} step_config: | include tripleo::profile::base::nova::vncproxy diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index 7ec44a49..cac89e32 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -53,7 +53,7 @@ outputs: - '/sahara' sahara::db::mysql::password: {get_param: SaharaPassword} sahara::db::mysql::user: sahara - sahara::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + sahara::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} sahara::db::mysql::dbname: sahara sahara::db::mysql::allowed_hosts: - '%' @@ -68,8 +68,8 @@ outputs: sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } sahara::use_neutron: true sahara::plugins: + - ambari - cdh - - hdp - mapr - vanilla - spark diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index 3a66bc9e..1d451ab2 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2016-10-14 description: 'OpenStack swift storage node configured by Puppet' parameters: OvercloudSwiftStorageFlavor: @@ -78,7 +78,6 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: - default: '' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -258,7 +257,10 @@ resources: mapped_data: service_names: {get_param: ServiceNames} service_configs: - mapped_data: {get_param: ServiceConfigSettings} + mapped_data: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} network: mapped_data: net_ip_map: {get_attr: [NetIpMap, net_ip_map]} @@ -269,7 +271,6 @@ resources: extraconfig: mapped_data: {get_param: ExtraConfig} object: - raw_data: {get_file: hieradata/object.yaml} mapped_data: # data supplied directly to this deployment configuration, etc swift::swift_hash_path_suffix: { get_input: swift_hash_suffix } swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} |