summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/all-nodes-config.yaml149
-rw-r--r--puppet/blockstorage-config.yaml38
-rw-r--r--puppet/ceph-storage-post.yaml80
-rw-r--r--puppet/ceph-storage.yaml13
-rw-r--r--puppet/cephstorage-config.yaml38
-rw-r--r--puppet/cinder-storage-post.yaml90
-rw-r--r--puppet/cinder-storage.yaml25
-rw-r--r--puppet/compute-config.yaml38
-rw-r--r--puppet/compute-post.yaml92
-rw-r--r--puppet/compute.yaml13
-rw-r--r--puppet/controller-post.yaml116
-rw-r--r--puppet/controller.yaml225
-rw-r--r--puppet/objectstorage-config.yaml38
-rw-r--r--puppet/post.yaml644
-rw-r--r--puppet/services/README.rst2
-rw-r--r--puppet/services/aodh-api.yaml12
-rw-r--r--puppet/services/aodh-base.yaml2
-rw-r--r--puppet/services/aodh-evaluator.yaml4
-rw-r--r--puppet/services/aodh-listener.yaml4
-rw-r--r--puppet/services/aodh-notifier.yaml4
-rw-r--r--puppet/services/apache.yaml42
-rw-r--r--puppet/services/ceilometer-agent-central.yaml4
-rw-r--r--puppet/services/ceilometer-agent-compute.yaml4
-rw-r--r--puppet/services/ceilometer-agent-notification.yaml4
-rw-r--r--puppet/services/ceilometer-api.yaml12
-rw-r--r--puppet/services/ceilometer-collector.yaml4
-rw-r--r--puppet/services/ceilometer-expirer.yaml5
-rw-r--r--puppet/services/ceph-base.yaml8
-rw-r--r--puppet/services/ceph-client.yaml4
-rw-r--r--puppet/services/ceph-external.yaml4
-rw-r--r--puppet/services/ceph-mon.yaml4
-rw-r--r--puppet/services/ceph-osd.yaml4
-rw-r--r--puppet/services/cinder-api.yaml4
-rw-r--r--puppet/services/cinder-backup.yaml4
-rw-r--r--puppet/services/cinder-scheduler.yaml4
-rw-r--r--puppet/services/cinder-volume.yaml10
-rw-r--r--puppet/services/glance-api.yaml12
-rw-r--r--puppet/services/glance-registry.yaml13
-rw-r--r--puppet/services/gnocchi-api.yaml13
-rw-r--r--puppet/services/gnocchi-metricd.yaml4
-rw-r--r--puppet/services/gnocchi-statsd.yaml4
-rw-r--r--puppet/services/haproxy.yaml26
-rw-r--r--puppet/services/heat-api-cfn.yaml4
-rw-r--r--puppet/services/heat-api-cloudwatch.yaml4
-rw-r--r--puppet/services/heat-api.yaml4
-rw-r--r--puppet/services/heat-base.yaml10
-rw-r--r--puppet/services/heat-engine.yaml6
-rw-r--r--puppet/services/horizon.yaml30
-rw-r--r--puppet/services/ironic-api.yaml26
-rw-r--r--puppet/services/ironic-conductor.yaml55
-rw-r--r--puppet/services/keepalived.yaml4
-rw-r--r--puppet/services/keystone.yaml157
-rw-r--r--puppet/services/manila-api.yaml4
-rw-r--r--puppet/services/manila-scheduler.yaml5
-rw-r--r--puppet/services/manila-share.yaml4
-rw-r--r--puppet/services/memcached.yaml4
-rw-r--r--puppet/services/monitoring/sensu-base.yaml68
-rw-r--r--puppet/services/monitoring/sensu-client.yaml49
-rw-r--r--puppet/services/network/contrail-analytics.yaml90
-rw-r--r--puppet/services/network/contrail-base.yaml100
-rw-r--r--puppet/services/network/contrail-config.yaml72
-rw-r--r--puppet/services/network/contrail-control.yaml54
-rw-r--r--puppet/services/network/contrail-database.yaml51
-rw-r--r--puppet/services/network/contrail-webui.yaml69
-rw-r--r--puppet/services/neutron-api.yaml34
-rw-r--r--puppet/services/neutron-base.yaml13
-rw-r--r--puppet/services/neutron-compute-plugin-ovn.yaml45
-rw-r--r--puppet/services/neutron-dhcp.yaml4
-rw-r--r--puppet/services/neutron-l3-compute-dvr.yaml4
-rw-r--r--puppet/services/neutron-l3.yaml4
-rw-r--r--puppet/services/neutron-metadata.yaml10
-rw-r--r--puppet/services/neutron-midonet.yaml4
-rw-r--r--puppet/services/neutron-ovs-agent.yaml15
-rw-r--r--puppet/services/neutron-ovs-dpdk-agent.yaml8
-rw-r--r--puppet/services/neutron-plugin-ml2-ovn.yaml79
-rw-r--r--puppet/services/neutron-sriov-agent.yaml27
-rw-r--r--puppet/services/nova-api.yaml28
-rw-r--r--puppet/services/nova-base.yaml4
-rw-r--r--puppet/services/nova-compute.yaml4
-rw-r--r--puppet/services/nova-conductor.yaml4
-rw-r--r--puppet/services/nova-consoleauth.yaml4
-rw-r--r--puppet/services/nova-libvirt.yaml4
-rw-r--r--puppet/services/nova-scheduler.yaml4
-rw-r--r--puppet/services/nova-vnc-proxy.yaml (renamed from puppet/services/nova-vncproxy.yaml)12
-rw-r--r--puppet/services/opendaylight-api.yaml1
-rw-r--r--puppet/services/pacemaker.yaml61
-rw-r--r--puppet/services/pacemaker/ceilometer-agent-central.yaml4
-rw-r--r--puppet/services/pacemaker/ceilometer-agent-notification.yaml4
-rw-r--r--puppet/services/pacemaker/ceilometer-api.yaml4
-rw-r--r--puppet/services/pacemaker/ceilometer-collector.yaml4
-rw-r--r--puppet/services/pacemaker/cinder-api.yaml1
-rw-r--r--puppet/services/pacemaker/cinder-backup.yaml1
-rw-r--r--puppet/services/pacemaker/cinder-scheduler.yaml1
-rw-r--r--puppet/services/pacemaker/cinder-volume.yaml1
-rw-r--r--puppet/services/pacemaker/glance-api.yaml1
-rw-r--r--puppet/services/pacemaker/glance-registry.yaml1
-rw-r--r--puppet/services/pacemaker/gnocchi-api.yaml4
-rw-r--r--puppet/services/pacemaker/gnocchi-metricd.yaml4
-rw-r--r--puppet/services/pacemaker/gnocchi-statsd.yaml4
-rw-r--r--puppet/services/pacemaker/haproxy.yaml1
-rw-r--r--puppet/services/pacemaker/heat-api-cfn.yaml1
-rw-r--r--puppet/services/pacemaker/heat-api-cloudwatch.yaml1
-rw-r--r--puppet/services/pacemaker/heat-api.yaml1
-rw-r--r--puppet/services/pacemaker/heat-engine.yaml1
-rw-r--r--puppet/services/pacemaker/horizon.yaml1
-rw-r--r--puppet/services/pacemaker/keystone.yaml1
-rw-r--r--puppet/services/pacemaker/manila-share.yaml1
-rw-r--r--puppet/services/pacemaker/memcached.yaml1
-rw-r--r--puppet/services/pacemaker/neutron-dhcp.yaml1
-rw-r--r--puppet/services/pacemaker/neutron-l3.yaml1
-rw-r--r--puppet/services/pacemaker/neutron-metadata.yaml1
-rw-r--r--puppet/services/pacemaker/neutron-midonet.yaml1
-rw-r--r--puppet/services/pacemaker/neutron-ovs-agent.yaml1
-rw-r--r--puppet/services/pacemaker/neutron-server.yaml1
-rw-r--r--puppet/services/pacemaker/nova-api.yaml1
-rw-r--r--puppet/services/pacemaker/nova-conductor.yaml1
-rw-r--r--puppet/services/pacemaker/nova-consoleauth.yaml1
-rw-r--r--puppet/services/pacemaker/nova-scheduler.yaml1
-rw-r--r--puppet/services/pacemaker/nova-vnc-proxy.yaml (renamed from puppet/services/pacemaker/nova-vncproxy.yaml)5
-rw-r--r--puppet/services/pacemaker/rabbitmq.yaml1
-rw-r--r--puppet/services/pacemaker/sahara-api.yaml1
-rw-r--r--puppet/services/pacemaker/sahara-engine.yaml1
-rw-r--r--puppet/services/rabbitmq.yaml4
-rw-r--r--puppet/services/sahara-api.yaml4
-rw-r--r--puppet/services/sahara-engine.yaml4
-rw-r--r--puppet/services/services.yaml9
-rw-r--r--puppet/services/snmp.yaml4
-rw-r--r--puppet/services/swift-proxy.yaml10
-rw-r--r--puppet/services/swift-ringbuilder.yaml18
-rw-r--r--puppet/services/swift-storage.yaml6
-rw-r--r--puppet/services/tripleo-firewall.yaml11
-rw-r--r--puppet/services/vip-hosts.yaml56
-rw-r--r--puppet/swift-devices-and-proxy-config.yaml45
-rw-r--r--puppet/swift-storage-post.yaml90
-rw-r--r--puppet/swift-storage.yaml39
-rw-r--r--puppet/vip-config.yaml58
136 files changed, 2443 insertions, 1039 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index 644c1938..c764d4ef 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -2,6 +2,16 @@ heat_template_version: 2016-10-14
description: 'All Nodes Config for Puppet'
parameters:
+ cloud_name_external:
+ type: string
+ cloud_name_internal_api:
+ type: string
+ cloud_name_storage:
+ type: string
+ cloud_name_storage_mgmt:
+ type: string
+ cloud_name_ctlplane:
+ type: string
hosts:
type: comma_delimited_list
# FIXME(shardy) this can be comma_delimited_list when
@@ -12,22 +22,26 @@ parameters:
type: comma_delimited_list
service_ips:
type: json
+ service_node_names:
+ type: json
controller_names:
type: comma_delimited_list
- rabbit_node_ips:
- type: comma_delimited_list
memcache_node_ips:
type: comma_delimited_list
keystone_public_api_node_ips:
type: comma_delimited_list
keystone_admin_api_node_ips:
type: comma_delimited_list
- ceph_mon_node_ips:
- type: comma_delimited_list
- ceph_mon_node_names:
- type: comma_delimited_list
+ NetVipMap:
+ type: json
+ RedisVirtualIP:
+ type: string
+ default: ''
+ ServiceNetMap:
+ type: json
DeployIdentifier:
type: string
+ default: ''
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
@@ -76,8 +90,36 @@ resources:
for_each:
SERVICE:
str_split: [',', {get_param: enabled_services}]
+ # Dynamically generate per-service network data
+ # This works as follows (outer->inner functions)
+ # yaql - filters services where no mapping exists in ServiceNetMap
+ # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
+ # map_merge/repeat: generate a per-service mapping
+ - yaql:
+ # This filters any entries where the value hasn't been substituted for
+ # a list, e.g it's still $service_network. This happens when there is
+ # no network defined for the service in the ServiceNetMap, which is OK
+ # as not all services have to be bound to a network, so we filter them
+ expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
+ data:
+ map:
+ map_replace:
+ - map_merge:
+ repeat:
+ template:
+ SERVICE_network: SERVICE_network
+ for_each:
+ SERVICE:
+ str_split: [',', {get_param: enabled_services}]
+ - values: {get_param: ServiceNetMap}
+ # Keystone doesn't provide separate entries for the public
+ # and admin endpoints, so we need to add them here manually
+ # like we do in the vip-config below
+ - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]}
+ keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]}
# provides a mapping of service_name_ips to a list of IPs
- {get_param: service_ips}
+ - {get_param: service_node_names}
- controller_node_ips:
list_join:
- ','
@@ -86,18 +128,6 @@ resources:
list_join:
- ','
- {get_param: controller_names}
- galera_node_names:
- list_join:
- - ','
- - {get_param: controller_names}
- rabbitmq_node_ips: &rabbit_nodes_array
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: rabbit_node_ips}
memcached_node_ips_v6:
str_replace:
template: "['inet6:[SERVERS_LIST]']"
@@ -122,39 +152,64 @@ resources:
list_join:
- "','"
- {get_param: keystone_admin_api_node_ips}
- tripleo::profile::base::ceph::ceph_mon_initial_members:
- list_join:
- - ','
- - {get_param: ceph_mon_node_names}
- tripleo::profile::base::ceph::ceph_mon_host:
- list_join:
- - ','
- - {get_param: ceph_mon_node_ips}
- tripleo::profile::base::ceph::ceph_mon_host_v6:
- str_replace:
- template: "'[IPS_LIST]'"
- params:
- IPS_LIST:
- list_join:
- - '],['
- - {get_param: ceph_mon_node_ips}
- # NOTE(gfidente): interpolation with %{} in the
- # hieradata file can't be used as it returns string
- ceilometer::rabbit_hosts: *rabbit_nodes_array
- aodh::rabbit_hosts: *rabbit_nodes_array
- cinder::rabbit_hosts: *rabbit_nodes_array
- glance::notify::rabbitmq::rabbit_hosts: *rabbit_nodes_array
- manila::rabbit_hosts: *rabbit_nodes_array
- heat::rabbit_hosts: *rabbit_nodes_array
- neutron::rabbit_hosts: *rabbit_nodes_array
- nova::rabbit_hosts: *rabbit_nodes_array
- keystone::rabbit_hosts: *rabbit_nodes_array
- sahara::rabbit_hosts: *rabbit_nodes_array
- ironic::rabbit_hosts: *rabbit_nodes_array
deploy_identifier: {get_param: DeployIdentifier}
update_identifier: {get_param: UpdateIdentifier}
stack_action: {get_param: StackAction}
+ vip_data:
+ mapped_data:
+ map_merge:
+ # Dynamically generate per-service VIP data based on enabled_services
+ # This works as follows (outer->inner functions)
+ # yaql - filters services where no mapping exists in ServiceNetMap
+ # map_replace: substitute e.g internal_api with the IP from NetVipMap
+ # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
+ # map_merge/repeat: generate a per-service mapping
+ - yaql:
+ # This filters any entries where the value hasn't been substituted for
+ # a list, e.g it's still $service_network. This happens when there is
+ # no network defined for the service in the ServiceNetMap, which is OK
+ # as not all services have to be bound to a network, so we filter them
+ expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
+ data:
+ map:
+ map_replace:
+ - map_replace:
+ - map_merge:
+ repeat:
+ template:
+ SERVICE_vip: SERVICE_network
+ for_each:
+ SERVICE:
+ str_split: [',', {get_param: enabled_services}]
+ - values: {get_param: ServiceNetMap}
+ - values: {get_param: NetVipMap}
+ - keystone_admin_api_vip:
+ get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}]
+ keystone_public_api_vip:
+ get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}]
+ public_virtual_ip: {get_param: [NetVipMap, external]}
+ controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
+ internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
+ storage_virtual_ip: {get_param: [NetVipMap, storage]}
+ storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
+ redis_vip: {get_param: RedisVirtualIP}
+ # public_virtual_ip and controller_virtual_ip are needed in
+ # both HAproxy & keepalived.
+ tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]}
+ tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
+ tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]}
+ tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
+ tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
+ tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]}
+ tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
+ tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP}
+ tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]}
+ cloud_name_external: {get_param: cloud_name_external}
+ cloud_name_internal_api: {get_param: cloud_name_internal_api}
+ cloud_name_storage: {get_param: cloud_name_storage}
+ cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt}
+ cloud_name_ctlplane: {get_param: cloud_name_ctlplane}
outputs:
config_id:
diff --git a/puppet/blockstorage-config.yaml b/puppet/blockstorage-config.yaml
new file mode 100644
index 00000000..9b31b448
--- /dev/null
+++ b/puppet/blockstorage-config.yaml
@@ -0,0 +1,38 @@
+heat_template_version: 2015-04-30
+
+description: >
+ A software config which runs manifests/overcloud_volume.pp
+
+parameters:
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
+ StepConfig:
+ type: string
+ description: Config manifests that will be used to step through the deployment.
+ default: ''
+
+resources:
+
+ BlockStoragePuppetConfigImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: puppet
+ options:
+ enable_debug: {get_param: ConfigDebug}
+ enable_hiera: True
+ enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
+ outputs:
+ - name: result
+ config:
+ list_join:
+ - ''
+ - - get_file: manifests/overcloud_volume.pp
+ - {get_param: StepConfig}
+
+outputs:
+ OS::stack_id:
+ description: The software config which runs overcloud_controller.pp
+ value: {get_resource: BlockStoragePuppetConfigImpl}
diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml
deleted file mode 100644
index a83e0cfe..00000000
--- a/puppet/ceph-storage-post.yaml
+++ /dev/null
@@ -1,80 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: >
- OpenStack ceph storage node post deployment for Puppet
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- servers:
- type: json
- RoleData:
- type: json
- default: {}
- DeployIdentifier:
- type: string
- description: Value which changes if the node configuration may need to be re-applied
-
-resources:
-
- CephStorageArtifactsConfig:
- type: deploy-artifacts.yaml
-
- CephStorageArtifactsDeploy:
- type: OS::Heat::StructuredDeployments
- properties:
- servers: {get_param: servers}
- config: {get_resource: CephStorageArtifactsConfig}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
- CephStoragePuppetConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
- inputs:
- - name: step
- outputs:
- - name: result
- config:
- list_join:
- - ''
- - - get_file: manifests/overcloud_cephstorage.pp
- - {get_param: [RoleData, step_config]}
-
- CephStorageDeployment_Step2:
- type: OS::Heat::StructuredDeployments
- depends_on: CephStorageArtifactsDeploy
- properties:
- name: CephStorageDeployment_Step2
- servers: {get_param: servers}
- config: {get_resource: CephStoragePuppetConfig}
- input_values:
- step: 2
- update_identifier: {get_param: DeployIdentifier}
-
- CephStorageDeployment_Step3:
- type: OS::Heat::StructuredDeployments
- depends_on: CephStorageDeployment_Step2
- properties:
- name: CephStorageDeployment_Step3
- servers: {get_param: servers}
- config: {get_resource: CephStoragePuppetConfig}
- input_values:
- step: 3
- update_identifier: {get_param: DeployIdentifier}
-
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- ExtraConfig:
- depends_on: CephStorageDeployment_Step3
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: servers}
diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml
index 829456b5..17825aaa 100644
--- a/puppet/ceph-storage.yaml
+++ b/puppet/ceph-storage.yaml
@@ -90,6 +90,9 @@ parameters:
ServiceNames:
type: comma_delimited_list
default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
ConfigCommand:
type: string
description: Command which will be run whenever configuration data changes
@@ -245,13 +248,16 @@ resources:
- extraconfig
- service_names
- service_configs
+ - bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
+ - vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
merge_behavior: deeper
datafiles:
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
@@ -317,6 +323,7 @@ outputs:
STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
TENANTIP TENANTHOST.DOMAIN TENANTHOST
MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
+ CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -357,6 +364,12 @@ outputs:
- '.'
- - {get_attr: [CephStorage, name]}
- management
+ CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ CTLPLANEHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [CephStorage, name]}
+ - ctlplane
nova_server_resource:
description: Heat resource handle for the ceph storage server
value:
diff --git a/puppet/cephstorage-config.yaml b/puppet/cephstorage-config.yaml
new file mode 100644
index 00000000..4bad4a16
--- /dev/null
+++ b/puppet/cephstorage-config.yaml
@@ -0,0 +1,38 @@
+heat_template_version: 2015-04-30
+
+description: >
+ A software config which runs manifests/overcloud_cephstorage.pp
+
+parameters:
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
+ StepConfig:
+ type: string
+ description: Config manifests that will be used to step through the deployment.
+ default: ''
+
+resources:
+
+ CephStoragePuppetConfigImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: puppet
+ options:
+ enable_debug: {get_param: ConfigDebug}
+ enable_hiera: True
+ enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
+ outputs:
+ - name: result
+ config:
+ list_join:
+ - ''
+ - - get_file: manifests/overcloud_cephstorage.pp
+ - {get_param: StepConfig}
+
+outputs:
+ OS::stack_id:
+ description: The software config which runs overcloud_controller.pp
+ value: {get_resource: CephStoragePuppetConfigImpl}
diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml
deleted file mode 100644
index 6416c43e..00000000
--- a/puppet/cinder-storage-post.yaml
+++ /dev/null
@@ -1,90 +0,0 @@
-heat_template_version: 2015-04-30
-description: 'OpenStack cinder storage post deployment for Puppet'
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- servers:
- type: json
- DeployIdentifier:
- type: string
- description: Value which changes if the node configuration may need to be re-applied
- RoleData:
- type: json
- default: {}
-
-resources:
-
- VolumeArtifactsConfig:
- type: deploy-artifacts.yaml
-
- VolumeArtifactsDeploy:
- type: OS::Heat::StructuredDeployments
- properties:
- servers: {get_param: servers}
- config: {get_resource: VolumeArtifactsConfig}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
- VolumePuppetConfig:
- type: OS::Heat::SoftwareConfig
- depends_on: VolumeArtifactsDeploy
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
- inputs:
- - name: step
- outputs:
- - name: result
- config:
- list_join:
- - ''
- - - get_file: manifests/overcloud_volume.pp
- - {get_param: [RoleData, step_config]}
-
- VolumeDeployment_Step2:
- type: OS::Heat::StructuredDeployments
- depends_on: VolumeArtifactsDeploy
- properties:
- name: VolumeDeployment_Step2
- servers: {get_param: servers}
- config: {get_resource: VolumePuppetConfig}
- input_values:
- step: 2
- update_identifier: {get_param: DeployIdentifier}
-
- VolumeDeployment_Step3:
- type: OS::Heat::StructuredDeployments
- depends_on: VolumeDeployment_Step2
- properties:
- name: VolumeDeployment_Step3
- servers: {get_param: servers}
- config: {get_resource: VolumePuppetConfig}
- input_values:
- step: 3
- update_identifier: {get_param: DeployIdentifier}
-
- VolumeDeployment_Step4:
- type: OS::Heat::StructuredDeployments
- depends_on: VolumeDeployment_Step3
- properties:
- name: VolumeDeployment_Step4
- servers: {get_param: servers}
- config: {get_resource: VolumePuppetConfig}
- input_values:
- step: 4
- update_identifier: {get_param: DeployIdentifier}
-
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- ExtraConfig:
- depends_on: VolumeDeployment_Step4
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: servers}
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index ef3f08ff..41d5ef8e 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -30,14 +30,6 @@ parameters:
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
- SnmpdReadonlyUserName:
- default: ro_snmp_user
- description: The user name for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- SnmpdReadonlyUserPassword:
- description: The user password for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- hidden: true
UpdateIdentifier:
default: ''
type: string
@@ -92,6 +84,9 @@ parameters:
ServiceNames:
type: comma_delimited_list
default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
ConfigCommand:
type: string
description: Command which will be run whenever configuration data changes
@@ -232,8 +227,6 @@ resources:
server: {get_resource: BlockStorage}
config: {get_resource: BlockStorageConfig}
input_values:
- snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
- snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
# Map heat metadata into hiera datafiles
@@ -251,13 +244,16 @@ resources:
- service_names
- service_configs
- volume
+ - bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
+ - vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
merge_behavior: deeper
datafiles:
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
@@ -270,8 +266,6 @@ resources:
volume:
mapped_data:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
- snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
@@ -319,6 +313,7 @@ outputs:
STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
TENANTIP TENANTHOST.DOMAIN TENANTHOST
MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
+ CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -359,6 +354,12 @@ outputs:
- '.'
- - {get_attr: [BlockStorage, name]}
- management
+ CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ CTLPLANEHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [BlockStorage, name]}
+ - ctlplane
nova_server_resource:
description: Heat resource handle for the block storage server
value:
diff --git a/puppet/compute-config.yaml b/puppet/compute-config.yaml
new file mode 100644
index 00000000..9e128d3a
--- /dev/null
+++ b/puppet/compute-config.yaml
@@ -0,0 +1,38 @@
+heat_template_version: 2015-04-30
+
+description: >
+ A software config which runs manifests/overcloud_compute.pp
+
+parameters:
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
+ StepConfig:
+ type: string
+ description: Config manifests that will be used to step through the deployment.
+ default: ''
+
+resources:
+
+ ComputePuppetConfigImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: puppet
+ options:
+ enable_debug: {get_param: ConfigDebug}
+ enable_hiera: True
+ enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
+ outputs:
+ - name: result
+ config:
+ list_join:
+ - ''
+ - - get_file: manifests/overcloud_compute.pp
+ - {get_param: StepConfig}
+
+outputs:
+ OS::stack_id:
+ description: The software config which runs overcloud_controller.pp
+ value: {get_resource: ComputePuppetConfigImpl}
diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml
deleted file mode 100644
index d0c6082c..00000000
--- a/puppet/compute-post.yaml
+++ /dev/null
@@ -1,92 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: >
- OpenStack compute node post deployment for Puppet.
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- servers:
- type: json
- RoleData:
- type: json
- default: {}
- DeployIdentifier:
- type: string
- description: Value which changes if the node configuration may need to be re-applied
-
-resources:
-
- ComputeArtifactsConfig:
- type: deploy-artifacts.yaml
-
- ComputeArtifactsDeploy:
- type: OS::Heat::StructuredDeployments
- properties:
- servers: {get_param: servers}
- config: {get_resource: ComputeArtifactsConfig}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
- ComputePuppetConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
- inputs:
- - name: step
- outputs:
- - name: result
- config:
- list_join:
- - ''
- - - get_file: manifests/overcloud_compute.pp
- - {get_param: [RoleData, step_config]}
-
- ComputeServicesBaseDeployment_Step2:
- type: OS::Heat::StructuredDeployments
- depends_on: [ComputeArtifactsDeploy]
- properties:
- name: ComputeServicesBaseDeployment_Step2
- servers: {get_param: servers}
- config: {get_resource: ComputePuppetConfig}
- input_values:
- step: 2
- update_identifier: {get_param: DeployIdentifier}
-
- ComputeOvercloudServicesDeployment_Step3:
- type: OS::Heat::StructuredDeployments
- depends_on: ComputeServicesBaseDeployment_Step2
- properties:
- name: ComputeOvercloudServicesDeployment_Step3
- servers: {get_param: servers}
- config: {get_resource: ComputePuppetConfig}
- input_values:
- step: 3
- update_identifier: {get_param: DeployIdentifier}
-
- ComputeOvercloudServicesDeployment_Step4:
- type: OS::Heat::StructuredDeployments
- depends_on: ComputeOvercloudServicesDeployment_Step3
- properties:
- name: ComputeOvercloudServicesDeployment_Step4
- servers: {get_param: servers}
- config: {get_resource: ComputePuppetConfig}
- input_values:
- step: 4
- update_identifier: {get_param: DeployIdentifier}
-
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- ExtraConfig:
- depends_on: ComputeOvercloudServicesDeployment_Step4
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: servers}
-
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index 1790aa0d..05b8d065 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -107,6 +107,9 @@ parameters:
ServiceNames:
type: comma_delimited_list
default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
ConfigCommand:
type: string
description: Command which will be run whenever configuration data changes
@@ -258,7 +261,9 @@ resources:
- service_names
- service_configs
- compute
+ - bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
+ - vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
- neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre
- cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre
@@ -271,6 +276,7 @@ resources:
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
@@ -367,6 +373,7 @@ outputs:
STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
TENANTIP TENANTHOST.DOMAIN TENANTHOST
MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
+ CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -407,6 +414,12 @@ outputs:
- '.'
- - {get_attr: [NovaCompute, name]}
- management
+ CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
+ CTLPLANEHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [NovaCompute, name]}
+ - ctlplane
nova_server_resource:
description: Heat resource handle for the Nova compute server
value:
diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml
deleted file mode 100644
index 4af6cb46..00000000
--- a/puppet/controller-post.yaml
+++ /dev/null
@@ -1,116 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: >
- OpenStack controller node post deployment for Puppet.
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- servers:
- type: json
- RoleData:
- type: json
- default: {}
- DeployIdentifier:
- type: string
- description: Value which changes if the node configuration may need to be re-applied
-
-resources:
-
- ControllerArtifactsConfig:
- type: deploy-artifacts.yaml
-
- ControllerArtifactsDeploy:
- type: OS::Heat::StructuredDeployments
- properties:
- servers: {get_param: servers}
- config: {get_resource: ControllerArtifactsConfig}
-
- ControllerPrePuppet:
- type: OS::TripleO::Tasks::ControllerPrePuppet
- properties:
- servers: {get_param: servers}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
- ControllerPuppetConfig:
- type: OS::TripleO::ControllerConfig
- properties:
- StepConfig: {get_param: [RoleData, step_config]}
-
- # Step through a series of Puppet runs using the same manifest.
- # NOTE: To enable stepping through the deployments via heat hooks,
- # you must observe the glob naming defined in overcloud-steps.yaml
- # e.g all Deployment resources should have a *Deployment_StepN suffix
- ControllerLoadBalancerDeployment_Step1:
- type: OS::Heat::StructuredDeployments
- depends_on: [ControllerPrePuppet, ControllerArtifactsDeploy]
- properties:
- name: ControllerLoadBalancerDeployment_Step1
- servers: {get_param: servers}
- config: {get_resource: ControllerPuppetConfig}
- input_values:
- step: 1
- update_identifier: {get_param: DeployIdentifier}
-
- ControllerServicesBaseDeployment_Step2:
- type: OS::Heat::StructuredDeployments
- depends_on: ControllerLoadBalancerDeployment_Step1
- properties:
- name: ControllerServicesBaseDeployment_Step2
- servers: {get_param: servers}
- config: {get_resource: ControllerPuppetConfig}
- input_values:
- step: 2
- update_identifier: {get_param: DeployIdentifier}
-
- ControllerOvercloudServicesDeployment_Step3:
- type: OS::Heat::StructuredDeployments
- depends_on: ControllerServicesBaseDeployment_Step2
- properties:
- name: ControllerOvercloudServicesDeployment_Step3
- servers: {get_param: servers}
- config: {get_resource: ControllerPuppetConfig}
- input_values:
- step: 3
- update_identifier: {get_param: DeployIdentifier}
-
- ControllerOvercloudServicesDeployment_Step4:
- type: OS::Heat::StructuredDeployments
- depends_on: ControllerOvercloudServicesDeployment_Step3
- properties:
- name: ControllerOvercloudServicesDeployment_Step4
- servers: {get_param: servers}
- config: {get_resource: ControllerPuppetConfig}
- input_values:
- step: 4
- update_identifier: {get_param: DeployIdentifier}
-
- ControllerOvercloudServicesDeployment_Step5:
- type: OS::Heat::StructuredDeployments
- depends_on: ControllerOvercloudServicesDeployment_Step4
- properties:
- name: ControllerOvercloudServicesDeployment_Step5
- servers: {get_param: servers}
- config: {get_resource: ControllerPuppetConfig}
- input_values:
- step: 5
- update_identifier: {get_param: DeployIdentifier}
-
- ControllerPostPuppet:
- type: OS::TripleO::Tasks::ControllerPostPuppet
- depends_on: ControllerOvercloudServicesDeployment_Step5
- properties:
- servers: {get_param: servers}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- ExtraConfig:
- depends_on: ControllerPostPuppet
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: servers}
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 28fd08da..33ed51c0 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -23,18 +23,10 @@ parameters:
...
}
type: json
- CorosyncIPv6:
- default: false
- description: Enable IPv6 in Corosync
- type: boolean
Debug:
default: ''
description: Set to True to enable debugging on all services.
type: string
- EnableFencing:
- default: false
- description: Whether to enable fencing in Pacemaker or not.
- type: boolean
EnableLoadBalancer:
default: true
description: Whether to deploy a LoadBalancer on the Controller
@@ -45,48 +37,12 @@ parameters:
Additional hieradata to inject into the cluster, note that
ControllerExtraConfig takes precedence over ExtraConfig.
type: json
- FencingConfig:
- default: {}
- description: |
- Pacemaker fencing configuration. The JSON should have
- the following structure:
- {
- "devices": [
- {
- "agent": "AGENT_NAME",
- "host_mac": "HOST_MAC_ADDRESS",
- "params": {"PARAM_NAME": "PARAM_VALUE"}
- }
- ]
- }
- For instance:
- {
- "devices": [
- {
- "agent": "fence_xvm",
- "host_mac": "52:54:00:aa:bb:cc",
- "params": {
- "multicast_address": "225.0.0.12",
- "port": "baremetal_0",
- "manage_fw": true,
- "manage_key_file": true,
- "key_file": "/etc/fence_xvm.key",
- "key_file_password": "abcdef"
- }
- }
- ]
- }
- type: json
OvercloudControlFlavor:
description: Flavor for control nodes to request when deploying.
default: baremetal
type: string
constraints:
- custom_constraint: nova.flavor
- HorizonSecret:
- description: Secret key for Django
- type: string
- hidden: true
controllerImage:
type: string
default: overcloud-full
@@ -96,76 +52,16 @@ parameters:
default: 'REBUILD_PRESERVE_EPHEMERAL'
description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
type: string
- InstanceNameTemplate:
- default: 'instance-%08x'
- description: Template string to be used to generate instance names
- type: string
KeyName:
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
constraints:
- custom_constraint: nova.keypair
- ManageFirewall:
- default: false
- description: Whether to manage IPtables rules.
- type: boolean
- MemcachedIPv6:
- default: false
- description: Enable IPv6 features in Memcached.
- type: boolean
- PurgeFirewallRules:
- default: false
- description: Whether IPtables rules should be purged before setting up the new ones.
- type: boolean
- NeutronMetadataProxySharedSecret:
- description: Shared secret to prevent spoofing
- type: string
- hidden: true
- NeutronPassword:
- description: The password for the neutron service and db account, used by neutron agents.
- type: string
- hidden: true
NeutronPublicInterface:
default: nic1
description: What interface to bridge onto br-ex for network nodes.
type: string
- NovaEnableDBPurge:
- default: true
- description: |
- Whether to create cron job for purging soft deleted rows in Nova database.
- type: boolean
- NovaIPv6:
- default: false
- description: Enable IPv6 features in Nova
- type: boolean
- NovaPassword:
- description: The password for the nova service and db account, used by nova-api.
- type: string
- hidden: true
- PcsdPassword:
- type: string
- description: The password for the 'pcsd' user.
- hidden: true
- RedisPassword:
- description: The password for Redis
- type: string
- hidden: true
- RedisVirtualIP:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- RedisVirtualIPUri:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- description: An IP address which is wrapped in brackets in case of IPv6
- SwiftRawDisks:
- default: {}
- description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
- type: json
- UpgradeLevelNovaCompute:
- type: string
- description: Nova Compute upgrade level
- default: ''
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -225,6 +121,9 @@ parameters:
ServiceNames:
type: comma_delimited_list
default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
ConfigCommand:
type: string
description: Command which will be run whenever configuration data changes
@@ -392,45 +291,8 @@ resources:
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
- horizon_secret: {get_param: HorizonSecret}
- debug: {get_param: Debug}
- keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
- keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
- enable_fencing: {get_param: EnableFencing}
enable_load_balancer: {get_param: EnableLoadBalancer}
- manage_firewall: {get_param: ManageFirewall}
- purge_firewall_rules: {get_param: PurgeFirewallRules}
- neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- nova_enable_db_purge: {get_param: NovaEnableDBPurge}
- nova_ipv6: {get_param: NovaIPv6}
- corosync_ipv6: {get_param: CorosyncIPv6}
- memcached_ipv6: {get_param: MemcachedIPv6}
- nova_password: {get_param: NovaPassword}
- upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
- instance_name_template: {get_param: InstanceNameTemplate}
- fencing_config: {get_param: FencingConfig}
- pcsd_password: {get_param: PcsdPassword}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
- neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
- nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
- nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
- horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
- horizon_subnet:
- str_replace:
- template: "['SUBNET']"
- params:
- SUBNET:
- get_attr:
- - NetIpMap
- - net_ip_map
- - str_replace:
- template: "NETWORK_subnet"
- params:
- NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
- redis_vip: {get_param: RedisVirtualIP}
- ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
# Map heat metadata into hiera datafiles
ControllerConfig:
@@ -447,10 +309,9 @@ resources:
- service_configs
- service_names
- controller
- - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
- bootstrap_node # provided by BootstrapNodeConfig
- all_nodes # provided by allNodesConfig
- - vip_data # provided by vip-config
+ - vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
- cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
- cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
@@ -465,6 +326,7 @@ resources:
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
@@ -482,44 +344,9 @@ resources:
bootstack_nodeid: {get_input: bootstack_nodeid}
# Pacemaker
- enable_fencing: {get_input: enable_fencing}
enable_load_balancer: {get_input: enable_load_balancer}
- hacluster_pwd: {get_input: pcsd_password}
- corosync_ipv6: {get_input: corosync_ipv6}
- tripleo::fencing::config: {get_input: fencing_config}
-
- # Neutron
- neutron::bind_host: {get_input: neutron_api_network}
- neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
- snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
- snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
-
- # Nova
- nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
- nova::use_ipv6: {get_input: nova_ipv6}
- nova::api::api_bind_address: {get_input: nova_api_network}
- nova::api::metadata_listen: {get_input: nova_metadata_network}
- nova::glance_api_servers: {get_input: glance_api_servers}
- nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
- nova::api::instance_name_template: {get_input: instance_name_template}
- nova::vncproxy::host: {get_input: nova_api_network}
- nova_enable_db_purge: {get_input: nova_enable_db_purge}
-
- # Horizon
- apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
- apache::ip: {get_input: horizon_network}
- horizon::django_debug: {get_input: debug}
- horizon::secret_key: {get_input: horizon_secret}
- horizon::bind_address: {get_input: horizon_network}
- horizon::keystone_url: {get_input: keystone_auth_uri}
- # Redis
- redis_vip: {get_input: redis_vip}
- # Firewall
- tripleo::firewall::manage_firewall: {get_input: manage_firewall}
- tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
# Misc
- memcached_ipv6: {get_input: memcached_ipv6}
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
@@ -589,6 +416,7 @@ outputs:
STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
TENANTIP TENANTHOST.DOMAIN TENANTHOST
MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
+ CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -629,45 +457,16 @@ outputs:
- '.'
- - {get_attr: [Controller, name]}
- management
+ CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]}
+ CTLPLANEHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [Controller, name]}
+ - ctlplane
nova_server_resource:
description: Heat resource handle for the Nova compute server
value:
{get_resource: Controller}
- swift_device:
- description: Swift device formatted for swift-ring-builder
- value:
- str_replace:
- template:
- list_join:
- - ','
- - ['r1z1-IP:%PORT%/d1']
- - repeat:
- template: 'r1z1-IP:%PORT%/DEVICE'
- for_each:
- DEVICE: {get_param: SwiftRawDisks}
- params:
- IP:
- get_attr:
- - NetIpMap
- - net_ip_map
- - str_replace:
- template: "NETWORK_uri"
- params:
- NETWORK: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
- swift_proxy_memcache:
- description: Swift proxy-memcache value
- value:
- str_replace:
- template: "IP:11211"
- params:
- IP:
- get_attr:
- - NetIpMap
- - net_ip_map
- - str_replace:
- template: "NETWORK_uri"
- params:
- NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]}
tls_key_modulus_md5:
description: MD5 checksum of the TLS Key Modulus
value: {get_attr: [NodeTLSData, key_modulus_md5]}
diff --git a/puppet/objectstorage-config.yaml b/puppet/objectstorage-config.yaml
new file mode 100644
index 00000000..1dee8e60
--- /dev/null
+++ b/puppet/objectstorage-config.yaml
@@ -0,0 +1,38 @@
+heat_template_version: 2015-04-30
+
+description: >
+ A software config which runs manifests/overcloud_object.pp
+
+parameters:
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
+ StepConfig:
+ type: string
+ description: Config manifests that will be used to step through the deployment.
+ default: ''
+
+resources:
+
+ ObjectStoragePuppetConfigImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: puppet
+ options:
+ enable_debug: {get_param: ConfigDebug}
+ enable_hiera: True
+ enable_facter: False
+ modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
+ outputs:
+ - name: result
+ config:
+ list_join:
+ - ''
+ - - get_file: manifests/overcloud_object.pp
+ - {get_param: StepConfig}
+
+outputs:
+ OS::stack_id:
+ description: The software config which runs overcloud_controller.pp
+ value: {get_resource: ObjectStoragePuppetConfigImpl}
diff --git a/puppet/post.yaml b/puppet/post.yaml
new file mode 100644
index 00000000..8f57b34e
--- /dev/null
+++ b/puppet/post.yaml
@@ -0,0 +1,644 @@
+heat_template_version: 2016-10-14
+
+description: >
+ Post-deploy configuration steps via puppet for all roles,
+ Controller, Compute, BlockStorage, SwiftStorage and CephStorage.
+
+parameters:
+ servers:
+ type: json
+ description: Mapping of Role name e.g Controller to a list of servers
+
+ role_data:
+ type: json
+ description: Mapping of Role name e.g Controller to the per-role data
+
+ DeployIdentifier:
+ default: ''
+ type: string
+ description: >
+ Setting this to a unique value will re-run any deployment tasks which
+ perform configuration on a Heat stack-update.
+
+resources:
+ # Post deployment steps for all roles
+ # A single config is re-applied with an incrementing step number
+ # Controller Role steps
+ ControllerArtifactsConfig:
+ type: deploy-artifacts.yaml
+
+ ControllerArtifactsDeploy:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ servers: {get_param: [servers, Controller]}
+ config: {get_resource: ControllerArtifactsConfig}
+
+ ControllerPreConfig:
+ type: OS::TripleO::Tasks::ControllerPreConfig
+ properties:
+ servers: {get_param: [servers, Controller]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ ControllerConfig:
+ type: OS::TripleO::ControllerConfig
+ properties:
+ StepConfig: {get_param: [role_data, Controller, step_config]}
+
+ # Step through a series of configuration steps
+ ControllerDeployment_Step1:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on: [ControllerPreConfig, ControllerArtifactsDeploy]
+ properties:
+ name: ControllerDeployment_Step1
+ servers: {get_param: [servers, Controller]}
+ config: {get_resource: ControllerConfig}
+ input_values:
+ step: 1
+ update_identifier: {get_param: DeployIdentifier}
+
+ ControllerDeployment_Step2:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step1
+ - ComputeDeployment_Step1
+ - BlockStorageDeployment_Step1
+ - ObjectStorageDeployment_Step1
+ - CephStorageDeployment_Step1
+ properties:
+ name: ControllerDeployment_Step2
+ servers: {get_param: [servers, Controller]}
+ config: {get_resource: ControllerConfig}
+ input_values:
+ step: 2
+ update_identifier: {get_param: DeployIdentifier}
+
+ ControllerDeployment_Step3:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step2
+ - ComputeDeployment_Step2
+ - BlockStorageDeployment_Step2
+ - ObjectStorageDeployment_Step2
+ - CephStorageDeployment_Step2
+ properties:
+ name: ControllerDeployment_Step3
+ servers: {get_param: [servers, Controller]}
+ config: {get_resource: ControllerConfig}
+ input_values:
+ step: 3
+ update_identifier: {get_param: DeployIdentifier}
+
+ ControllerDeployment_Step4:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step3
+ - ComputeDeployment_Step3
+ - BlockStorageDeployment_Step3
+ - ObjectStorageDeployment_Step3
+ - CephStorageDeployment_Step3
+ properties:
+ name: ControllerDeployment_Step4
+ servers: {get_param: [servers, Controller]}
+ config: {get_resource: ControllerConfig}
+ input_values:
+ step: 4
+ update_identifier: {get_param: DeployIdentifier}
+
+ ControllerDeployment_Step5:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step4
+ - ComputeDeployment_Step4
+ - BlockStorageDeployment_Step4
+ - ObjectStorageDeployment_Step4
+ - CephStorageDeployment_Step4
+ properties:
+ name: ControllerDeployment_Step5
+ servers: {get_param: [servers, Controller]}
+ config: {get_resource: ControllerConfig}
+ input_values:
+ step: 5
+ update_identifier: {get_param: DeployIdentifier}
+
+ ControllerPostConfig:
+ type: OS::TripleO::Tasks::ControllerPostConfig
+ depends_on:
+ - ControllerDeployment_Step5
+ - ComputeDeployment_Step5
+ - BlockStorageDeployment_Step5
+ - ObjectStorageDeployment_Step5
+ - CephStorageDeployment_Step5
+ properties:
+ servers: {get_param: servers}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ # Note, this should come last, so use depends_on to ensure
+ # this is created after any other resources.
+ ControllerExtraConfigPost:
+ depends_on:
+ - ControllerPostConfig
+ - ComputePostConfig
+ - BlockStoragePostConfig
+ - ObjectStoragePostConfig
+ - CephStoragePostConfig
+ type: OS::TripleO::NodeExtraConfigPost
+ properties:
+ servers: {get_param: [servers, Controller]}
+
+ # Compute Role steps
+ ComputeArtifactsConfig:
+ type: deploy-artifacts.yaml
+
+ ComputeArtifactsDeploy:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ servers: {get_param: [servers, Compute]}
+ config: {get_resource: ComputeArtifactsConfig}
+
+ ComputePreConfig:
+ type: OS::TripleO::Tasks::ComputePreConfig
+ properties:
+ servers: {get_param: [servers, Compute]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ ComputeConfig:
+ type: OS::TripleO::ComputeConfig
+ properties:
+ StepConfig: {get_param: [role_data, Compute, step_config]}
+
+ # Step through a series of configuration steps
+ ComputeDeployment_Step1:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on: [ComputePreConfig, ComputeArtifactsDeploy]
+ properties:
+ name: ComputeDeployment_Step1
+ servers: {get_param: [servers, Compute]}
+ config: {get_resource: ComputeConfig}
+ input_values:
+ step: 1
+ update_identifier: {get_param: DeployIdentifier}
+
+ ComputeDeployment_Step2:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step1
+ - ComputeDeployment_Step1
+ - BlockStorageDeployment_Step1
+ - ObjectStorageDeployment_Step1
+ - CephStorageDeployment_Step1
+ properties:
+ name: ComputeDeployment_Step2
+ servers: {get_param: [servers, Compute]}
+ config: {get_resource: ComputeConfig}
+ input_values:
+ step: 2
+ update_identifier: {get_param: DeployIdentifier}
+
+ ComputeDeployment_Step3:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step2
+ - ComputeDeployment_Step2
+ - BlockStorageDeployment_Step2
+ - ObjectStorageDeployment_Step2
+ - CephStorageDeployment_Step2
+ properties:
+ name: ComputeDeployment_Step3
+ servers: {get_param: [servers, Compute]}
+ config: {get_resource: ComputeConfig}
+ input_values:
+ step: 3
+ update_identifier: {get_param: DeployIdentifier}
+
+ ComputeDeployment_Step4:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step3
+ - ComputeDeployment_Step3
+ - BlockStorageDeployment_Step3
+ - ObjectStorageDeployment_Step3
+ - CephStorageDeployment_Step3
+ properties:
+ name: ComputeDeployment_Step4
+ servers: {get_param: [servers, Compute]}
+ config: {get_resource: ComputeConfig}
+ input_values:
+ step: 4
+ update_identifier: {get_param: DeployIdentifier}
+
+ ComputeDeployment_Step5:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step4
+ - ComputeDeployment_Step4
+ - BlockStorageDeployment_Step4
+ - ObjectStorageDeployment_Step4
+ - CephStorageDeployment_Step4
+ properties:
+ name: ComputeDeployment_Step5
+ servers: {get_param: [servers, Compute]}
+ config: {get_resource: ComputeConfig}
+ input_values:
+ step: 5
+ update_identifier: {get_param: DeployIdentifier}
+
+ ComputePostConfig:
+ type: OS::TripleO::Tasks::ComputePostConfig
+ depends_on:
+ - ControllerDeployment_Step5
+ - ComputeDeployment_Step5
+ - BlockStorageDeployment_Step5
+ - ObjectStorageDeployment_Step5
+ - CephStorageDeployment_Step5
+ properties:
+ servers: {get_param: servers}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ # Note, this should come last, so use depends_on to ensure
+ # this is created after any other resources.
+ ComputeExtraConfigPost:
+ depends_on:
+ - ControllerPostConfig
+ - ComputePostConfig
+ - BlockStoragePostConfig
+ - ObjectStoragePostConfig
+ - CephStoragePostConfig
+ type: OS::TripleO::NodeExtraConfigPost
+ properties:
+ servers: {get_param: [servers, Compute]}
+
+ # BlockStorage Role steps
+ BlockStorageArtifactsConfig:
+ type: deploy-artifacts.yaml
+
+ BlockStorageArtifactsDeploy:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ servers: {get_param: [servers, BlockStorage]}
+ config: {get_resource: BlockStorageArtifactsConfig}
+
+ BlockStoragePreConfig:
+ type: OS::TripleO::Tasks::BlockStoragePreConfig
+ properties:
+ servers: {get_param: [servers, BlockStorage]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ BlockStorageConfig:
+ type: OS::TripleO::BlockStorageConfig
+ properties:
+ StepConfig: {get_param: [role_data, BlockStorage, step_config]}
+
+ # Step through a series of configuration steps
+ BlockStorageDeployment_Step1:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on: [BlockStoragePreConfig, BlockStorageArtifactsDeploy]
+ properties:
+ name: BlockStorageDeployment_Step1
+ servers: {get_param: [servers, BlockStorage]}
+ config: {get_resource: BlockStorageConfig}
+ input_values:
+ step: 1
+ update_identifier: {get_param: DeployIdentifier}
+
+ BlockStorageDeployment_Step2:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step1
+ - ComputeDeployment_Step1
+ - BlockStorageDeployment_Step1
+ - ObjectStorageDeployment_Step1
+ - CephStorageDeployment_Step1
+ properties:
+ name: BlockStorageDeployment_Step2
+ servers: {get_param: [servers, BlockStorage]}
+ config: {get_resource: BlockStorageConfig}
+ input_values:
+ step: 2
+ update_identifier: {get_param: DeployIdentifier}
+
+ BlockStorageDeployment_Step3:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step2
+ - ComputeDeployment_Step2
+ - BlockStorageDeployment_Step2
+ - ObjectStorageDeployment_Step2
+ - CephStorageDeployment_Step2
+ properties:
+ name: BlockStorageDeployment_Step3
+ servers: {get_param: [servers, BlockStorage]}
+ config: {get_resource: BlockStorageConfig}
+ input_values:
+ step: 3
+ update_identifier: {get_param: DeployIdentifier}
+
+ BlockStorageDeployment_Step4:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step3
+ - ComputeDeployment_Step3
+ - BlockStorageDeployment_Step3
+ - ObjectStorageDeployment_Step3
+ - CephStorageDeployment_Step3
+ properties:
+ name: BlockStorageDeployment_Step4
+ servers: {get_param: [servers, BlockStorage]}
+ config: {get_resource: BlockStorageConfig}
+ input_values:
+ step: 4
+ update_identifier: {get_param: DeployIdentifier}
+
+ BlockStorageDeployment_Step5:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step4
+ - ComputeDeployment_Step4
+ - BlockStorageDeployment_Step4
+ - ObjectStorageDeployment_Step4
+ - CephStorageDeployment_Step4
+ properties:
+ name: BlockStorageDeployment_Step5
+ servers: {get_param: [servers, BlockStorage]}
+ config: {get_resource: BlockStorageConfig}
+ input_values:
+ step: 5
+ update_identifier: {get_param: DeployIdentifier}
+
+ BlockStoragePostConfig:
+ type: OS::TripleO::Tasks::BlockStoragePostConfig
+ depends_on:
+ - ControllerDeployment_Step5
+ - ComputeDeployment_Step5
+ - BlockStorageDeployment_Step5
+ - ObjectStorageDeployment_Step5
+ - CephStorageDeployment_Step5
+ properties:
+ servers: {get_param: servers}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ # Note, this should come last, so use depends_on to ensure
+ # this is created after any other resources.
+ BlockStorageExtraConfigPost:
+ depends_on:
+ - ControllerPostConfig
+ - ComputePostConfig
+ - BlockStoragePostConfig
+ - ObjectStoragePostConfig
+ - CephStoragePostConfig
+ type: OS::TripleO::NodeExtraConfigPost
+ properties:
+ servers: {get_param: [servers, BlockStorage]}
+
+ # ObjectStorage Role steps
+ ObjectStorageArtifactsConfig:
+ type: deploy-artifacts.yaml
+
+ ObjectStorageArtifactsDeploy:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ servers: {get_param: [servers, ObjectStorage]}
+ config: {get_resource: ObjectStorageArtifactsConfig}
+
+ ObjectStoragePreConfig:
+ type: OS::TripleO::Tasks::ObjectStoragePreConfig
+ properties:
+ servers: {get_param: [servers, ObjectStorage]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ ObjectStorageConfig:
+ type: OS::TripleO::ObjectStorageConfig
+ properties:
+ StepConfig: {get_param: [role_data, ObjectStorage, step_config]}
+
+ # Step through a series of configuration steps
+ ObjectStorageDeployment_Step1:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on: [ObjectStoragePreConfig, ObjectStorageArtifactsDeploy]
+ properties:
+ name: ObjectStorageDeployment_Step1
+ servers: {get_param: [servers, ObjectStorage]}
+ config: {get_resource: ObjectStorageConfig}
+ input_values:
+ step: 1
+ update_identifier: {get_param: DeployIdentifier}
+
+ ObjectStorageDeployment_Step2:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step1
+ - ComputeDeployment_Step1
+ - BlockStorageDeployment_Step1
+ - ObjectStorageDeployment_Step1
+ - CephStorageDeployment_Step1
+ properties:
+ name: ObjectStorageDeployment_Step2
+ servers: {get_param: [servers, ObjectStorage]}
+ config: {get_resource: ObjectStorageConfig}
+ input_values:
+ step: 2
+ update_identifier: {get_param: DeployIdentifier}
+
+ ObjectStorageDeployment_Step3:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step2
+ - ComputeDeployment_Step2
+ - BlockStorageDeployment_Step2
+ - ObjectStorageDeployment_Step2
+ - CephStorageDeployment_Step2
+ properties:
+ name: ObjectStorageDeployment_Step3
+ servers: {get_param: [servers, ObjectStorage]}
+ config: {get_resource: ObjectStorageConfig}
+ input_values:
+ step: 3
+ update_identifier: {get_param: DeployIdentifier}
+
+ ObjectStorageDeployment_Step4:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step3
+ - ComputeDeployment_Step3
+ - BlockStorageDeployment_Step3
+ - ObjectStorageDeployment_Step3
+ - CephStorageDeployment_Step3
+ properties:
+ name: ObjectStorageDeployment_Step4
+ servers: {get_param: [servers, ObjectStorage]}
+ config: {get_resource: ObjectStorageConfig}
+ input_values:
+ step: 4
+ update_identifier: {get_param: DeployIdentifier}
+
+ ObjectStorageDeployment_Step5:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step4
+ - ComputeDeployment_Step4
+ - BlockStorageDeployment_Step4
+ - ObjectStorageDeployment_Step4
+ - CephStorageDeployment_Step4
+ properties:
+ name: ObjectStorageDeployment_Step5
+ servers: {get_param: [servers, ObjectStorage]}
+ config: {get_resource: ObjectStorageConfig}
+ input_values:
+ step: 5
+ update_identifier: {get_param: DeployIdentifier}
+
+ ObjectStoragePostConfig:
+ type: OS::TripleO::Tasks::ObjectStoragePostConfig
+ depends_on:
+ - ControllerDeployment_Step5
+ - ComputeDeployment_Step5
+ - BlockStorageDeployment_Step5
+ - ObjectStorageDeployment_Step5
+ - CephStorageDeployment_Step5
+ properties:
+ servers: {get_param: servers}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ # Note, this should come last, so use depends_on to ensure
+ # this is created after any other resources.
+ ObjectStorageExtraConfigPost:
+ depends_on:
+ - ControllerPostConfig
+ - ComputePostConfig
+ - BlockStoragePostConfig
+ - ObjectStoragePostConfig
+ - CephStoragePostConfig
+ type: OS::TripleO::NodeExtraConfigPost
+ properties:
+ servers: {get_param: [servers, ObjectStorage]}
+
+ # CephStorage Role steps
+ CephStorageArtifactsConfig:
+ type: deploy-artifacts.yaml
+
+ CephStorageArtifactsDeploy:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ servers: {get_param: [servers, CephStorage]}
+ config: {get_resource: CephStorageArtifactsConfig}
+
+ CephStoragePreConfig:
+ type: OS::TripleO::Tasks::CephStoragePreConfig
+ properties:
+ servers: {get_param: [servers, CephStorage]}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ CephStorageConfig:
+ type: OS::TripleO::CephStorageConfig
+ properties:
+ StepConfig: {get_param: [role_data, CephStorage, step_config]}
+
+ # Step through a series of configuration steps
+ CephStorageDeployment_Step1:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on: [CephStoragePreConfig, CephStorageArtifactsDeploy]
+ properties:
+ name: CephStorageDeployment_Step1
+ servers: {get_param: [servers, CephStorage]}
+ config: {get_resource: CephStorageConfig}
+ input_values:
+ step: 1
+ update_identifier: {get_param: DeployIdentifier}
+
+ CephStorageDeployment_Step2:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step1
+ - ComputeDeployment_Step1
+ - BlockStorageDeployment_Step1
+ - ObjectStorageDeployment_Step1
+ - CephStorageDeployment_Step1
+ properties:
+ name: CephStorageDeployment_Step2
+ servers: {get_param: [servers, CephStorage]}
+ config: {get_resource: CephStorageConfig}
+ input_values:
+ step: 2
+ update_identifier: {get_param: DeployIdentifier}
+
+ CephStorageDeployment_Step3:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step2
+ - ComputeDeployment_Step2
+ - BlockStorageDeployment_Step2
+ - ObjectStorageDeployment_Step2
+ - CephStorageDeployment_Step2
+ properties:
+ name: CephStorageDeployment_Step3
+ servers: {get_param: [servers, CephStorage]}
+ config: {get_resource: CephStorageConfig}
+ input_values:
+ step: 3
+ update_identifier: {get_param: DeployIdentifier}
+
+ CephStorageDeployment_Step4:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step3
+ - ComputeDeployment_Step3
+ - BlockStorageDeployment_Step3
+ - ObjectStorageDeployment_Step3
+ - CephStorageDeployment_Step3
+ properties:
+ name: CephStorageDeployment_Step4
+ servers: {get_param: [servers, CephStorage]}
+ config: {get_resource: CephStorageConfig}
+ input_values:
+ step: 4
+ update_identifier: {get_param: DeployIdentifier}
+
+ CephStorageDeployment_Step5:
+ type: OS::Heat::StructuredDeploymentGroup
+ depends_on:
+ - ControllerDeployment_Step4
+ - ComputeDeployment_Step4
+ - BlockStorageDeployment_Step4
+ - ObjectStorageDeployment_Step4
+ - CephStorageDeployment_Step4
+ properties:
+ name: CephStorageDeployment_Step5
+ servers: {get_param: [servers, CephStorage]}
+ config: {get_resource: CephStorageConfig}
+ input_values:
+ step: 5
+ update_identifier: {get_param: DeployIdentifier}
+
+ CephStoragePostConfig:
+ type: OS::TripleO::Tasks::CephStoragePostConfig
+ depends_on:
+ - ControllerDeployment_Step5
+ - ComputeDeployment_Step5
+ - BlockStorageDeployment_Step5
+ - ObjectStorageDeployment_Step5
+ - CephStorageDeployment_Step5
+ properties:
+ servers: {get_param: servers}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
+ # Note, this should come last, so use depends_on to ensure
+ # this is created after any other resources.
+ CephStorageExtraConfigPost:
+ depends_on:
+ - ControllerPostConfig
+ - ComputePostConfig
+ - BlockStoragePostConfig
+ - ObjectStoragePostConfig
+ - CephStoragePostConfig
+ type: OS::TripleO::NodeExtraConfigPost
+ properties:
+ servers: {get_param: [servers, CephStorage]}
diff --git a/puppet/services/README.rst b/puppet/services/README.rst
index 15c8c1f1..8fe51fa3 100644
--- a/puppet/services/README.rst
+++ b/puppet/services/README.rst
@@ -31,6 +31,8 @@ are re-asserted when applying latter ones.
* config_settings: Custom hiera settings for this service.
+ * global_config_settings: Additional hiera settings distributed to all roles.
+
* step_config: A puppet manifest that is used to step through the deployment
sequence. Each sequence is given a "step" (via hiera('step') that provides
information for when puppet classes should activate themselves.
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
index 4308052b..65afffad 100644
--- a/puppet/services/aodh-api.yaml
+++ b/puppet/services/aodh-api.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionAodhApi:
+ default: 'overcloud-ceilometer-aodh-api'
+ type: string
resources:
AodhBase:
@@ -27,14 +30,23 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Aodh API service.
value:
service_name: aodh_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionAodhApi}
config_settings:
map_merge:
- get_attr: [AodhBase, role_data, config_settings]
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
- aodh::wsgi::apache::ssl: false
aodh::api::service_name: 'httpd'
tripleo.aodh_api.firewall_rules:
diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml
index 15f81953..187345ad 100644
--- a/puppet/services/aodh-base.yaml
+++ b/puppet/services/aodh-base.yaml
@@ -77,7 +77,7 @@ outputs:
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/aodh'
aodh::debug: {get_param: Debug}
- aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
aodh::rabbit_userid: {get_param: RabbitUserName}
aodh::rabbit_password: {get_param: RabbitPassword}
aodh::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml
index 3988c940..405c500e 100644
--- a/puppet/services/aodh-evaluator.yaml
+++ b/puppet/services/aodh-evaluator.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionAodhEvaluator:
+ default: 'overcloud-ceilometer-aodh-evaluator'
+ type: string
resources:
AodhBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Aodh Evaluator service.
value:
service_name: aodh_evaluator
+ monitoring_subscription: {get_param: MonitoringSubscriptionAodhEvaluator}
config_settings:
get_attr: [AodhBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml
index bc1ccde7..fc4e8b39 100644
--- a/puppet/services/aodh-listener.yaml
+++ b/puppet/services/aodh-listener.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionAodhListener:
+ default: 'overcloud-ceilometer-aodh-listener'
+ type: string
resources:
AodhBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Aodh Listener service.
value:
service_name: aodh_listener
+ monitoring_subscription: {get_param: MonitoringSubscriptionAodhListener}
config_settings:
get_attr: [AodhBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml
index 66e9f3e9..2e51c639 100644
--- a/puppet/services/aodh-notifier.yaml
+++ b/puppet/services/aodh-notifier.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionAodhNotifier:
+ default: 'overcloud-ceilometer-aodh-notifier'
+ type: string
resources:
AodhBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Aodh Notifier service.
value:
service_name: aodh_notifier
+ monitoring_subscription: {get_param: MonitoringSubscriptionAodhNotifier}
config_settings:
get_attr: [AodhBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml
new file mode 100644
index 00000000..7595e4c3
--- /dev/null
+++ b/puppet/services/apache.yaml
@@ -0,0 +1,42 @@
+heat_template_version: 2016-10-14
+
+description: >
+ Apache service configured with Puppet. Note this is typically included
+ automatically via other services which run via Apache.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the Apache role.
+ value:
+ service_name: apache
+ config_settings:
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
+ apache::server_signature: 'Off'
+ apache::server_tokens: 'Prod'
+ apache_remote_proxy_ips_network:
+ str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
+ apache::mod::remoteip::proxy_ips:
+ - "%{hiera('apache_remote_proxy_ips_network')}"
diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml
index 72bad632..5d980d79 100644
--- a/puppet/services/ceilometer-agent-central.yaml
+++ b/puppet/services/ceilometer-agent-central.yaml
@@ -22,6 +22,9 @@ parameters:
description: The password for the redis service account.
type: string
hidden: true
+ MonitoringSubscriptionCeilometerCentral:
+ default: 'overcloud-ceilometer-agent-central'
+ type: string
resources:
CeilometerServiceBase:
@@ -36,6 +39,7 @@ outputs:
description: Role data for the Ceilometer Central Agent role.
value:
service_name: ceilometer_agent_central
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral}
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml
index 5bfecfed..5457539c 100644
--- a/puppet/services/ceilometer-agent-compute.yaml
+++ b/puppet/services/ceilometer-agent-compute.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCeilometerCompute:
+ default: 'overcloud-ceilometer-agent-compute'
+ type: string
resources:
CeilometerServiceBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Ceilometer Compute Agent role.
value:
service_name: ceilometer_agent_compute
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCompute}
config_settings:
get_attr: [CeilometerServiceBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml
index 7873706d..bedb8b04 100644
--- a/puppet/services/ceilometer-agent-notification.yaml
+++ b/puppet/services/ceilometer-agent-notification.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCeilometerNotification:
+ default: 'overcloud-ceilometer-agent-notification'
+ type: string
resources:
@@ -33,6 +36,7 @@ outputs:
description: Role data for the Ceilometer Notification Agent role.
value:
service_name: ceilometer_agent_notification
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerNotification}
config_settings:
get_attr: [CeilometerServiceBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml
index 201a2b7b..5df9f2b3 100644
--- a/puppet/services/ceilometer-api.yaml
+++ b/puppet/services/ceilometer-api.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCeilometerApi:
+ default: 'overcloud-ceilometer-api'
+ type: string
resources:
@@ -28,13 +31,22 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Ceilometer API role.
value:
service_name: ceilometer_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerApi}
config_settings:
map_merge:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
- get_attr: [CeilometerServiceBase, role_data, config_settings]
- tripleo.ceilometer_api.firewall_rules:
'124 ceilometer':
diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml
index ef7ffbd6..9dbb2759 100644
--- a/puppet/services/ceilometer-collector.yaml
+++ b/puppet/services/ceilometer-collector.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCeilometerCollector:
+ default: 'overcloud-ceilometer-collector'
+ type: string
resources:
CeilometerServiceBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Ceilometer Collector role.
value:
service_name: ceilometer_collector
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCollector}
config_settings:
get_attr: [CeilometerServiceBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml
index 63a6d41d..3b811c4d 100644
--- a/puppet/services/ceilometer-expirer.yaml
+++ b/puppet/services/ceilometer-expirer.yaml
@@ -18,7 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
-
+ MonitoringSubscriptionCeilometerExpirer:
+ default: 'overcloud-ceilometer-expirer'
+ type: string
resources:
CeilometerServiceBase:
@@ -33,6 +35,7 @@ outputs:
description: Role data for the Ceilometer Expirer role.
value:
service_name: ceilometer_expirer
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerExpirer}
config_settings:
get_attr: [CeilometerServiceBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml
index 4d98546d..ce8d9158 100644
--- a/puppet/services/ceph-base.yaml
+++ b/puppet/services/ceph-base.yaml
@@ -20,9 +20,6 @@ parameters:
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.
- CephIPv6:
- default: False
- type: boolean
CinderRbdPoolName:
default: volumes
type: string
@@ -72,7 +69,6 @@ outputs:
value:
service_name: ceph_base
config_settings:
- tripleo::profile::base::ceph::ceph_ipv6: {get_param: CephIPv6}
tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage}
ceph::profile::params::osd_pool_default_min_size: 1
ceph::profile::params::osds: {/srv/data: {}}
@@ -93,8 +89,8 @@ outputs:
str_replace:
template: "NETWORK_subnet"
params:
- NETWORK: {get_param: [ServiceNetMap, CephPublicNetwork]}
- ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephPublicNetwork]}
+ NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
+ ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]}
ceph::profile::params::client_keys:
str_replace:
template: "{
diff --git a/puppet/services/ceph-client.yaml b/puppet/services/ceph-client.yaml
index a9e4621a..b482dd2e 100644
--- a/puppet/services/ceph-client.yaml
+++ b/puppet/services/ceph-client.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCephClient:
+ default: 'overcloud-ceph-client'
+ type: string
resources:
CephBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Cinder OSD service.
value:
service_name: ceph_client
+ monitoring_subscription: {get_param: MonitoringSubscriptionCephClient}
config_settings:
get_attr: [CephBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml
index 959cee26..52c4824f 100644
--- a/puppet/services/ceph-external.yaml
+++ b/puppet/services/ceph-external.yaml
@@ -47,12 +47,16 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCephExternal:
+ default: 'overcloud-ceph-external'
+ type: string
outputs:
role_data:
description: Role data for the Ceph External service.
value:
service_name: ceph_external
+ monitoring_subscription: {get_param: MonitoringSubscriptionCephExternal}
config_settings:
tripleo::profile::base::ceph::ceph_mon_host: {get_param: CephExternalMonHost}
ceph::profile::params::fsid: {get_param: CephClusterFSID}
diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml
index f634ce8a..a2b3f13e 100644
--- a/puppet/services/ceph-mon.yaml
+++ b/puppet/services/ceph-mon.yaml
@@ -53,6 +53,9 @@ parameters:
}
default: {}
type: json
+ MonitoringSubscriptionCephMon:
+ default: 'overcloud-ceph-mon'
+ type: string
resources:
CephBase:
@@ -67,6 +70,7 @@ outputs:
description: Role data for the Ceph Monitor service.
value:
service_name: ceph_mon
+ monitoring_subscription: {get_param: MonitoringSubscriptionCephMon}
config_settings:
map_merge:
- get_attr: [CephBase, role_data, config_settings]
diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml
index d18ccabf..f6378720 100644
--- a/puppet/services/ceph-osd.yaml
+++ b/puppet/services/ceph-osd.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCephOsd:
+ default: 'overcloud-ceph-osd'
+ type: string
resources:
CephBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Cinder OSD service.
value:
service_name: ceph_osd
+ monitoring_subscription: {get_param: MonitoringSubscriptionCephOsd}
config_settings:
map_merge:
- get_attr: [CephBase, role_data, config_settings]
diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml
index 5df0739f..94c94a65 100644
--- a/puppet/services/cinder-api.yaml
+++ b/puppet/services/cinder-api.yaml
@@ -31,6 +31,9 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionCinderApi:
+ default: 'overcloud-cinder-api'
+ type: string
resources:
@@ -46,6 +49,7 @@ outputs:
description: Role data for the Cinder API role.
value:
service_name: cinder_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
diff --git a/puppet/services/cinder-backup.yaml b/puppet/services/cinder-backup.yaml
index f92fdfdb..80795457 100644
--- a/puppet/services/cinder-backup.yaml
+++ b/puppet/services/cinder-backup.yaml
@@ -30,6 +30,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCinderBackup:
+ default: 'overcloud-cinder-backup'
+ type: string
resources:
@@ -45,6 +48,7 @@ outputs:
description: Role data for the Cinder Backup role.
value:
service_name: cinder_backup
+ monitoring_subscription: {get_param: MonitoringSubscriptionCinderBackup}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml
index 129706b1..1326e267 100644
--- a/puppet/services/cinder-scheduler.yaml
+++ b/puppet/services/cinder-scheduler.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCinderScheduler:
+ default: 'overcloud-cinder-scheduler'
+ type: string
resources:
@@ -33,6 +36,7 @@ outputs:
description: Role data for the Cinder Scheduler role.
value:
service_name: cinder_scheduler
+ monitoring_subscription: {get_param: MonitoringSubscriptionCinderScheduler}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml
index de7e6bab..c84c784e 100644
--- a/puppet/services/cinder-volume.yaml
+++ b/puppet/services/cinder-volume.yaml
@@ -56,6 +56,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCinderVolume:
+ default: 'overcloud-cinder-volume'
+ type: string
resources:
@@ -71,6 +74,7 @@ outputs:
description: Role data for the Cinder Volume role.
value:
service_name: cinder_volume
+ monitoring_subscription: {get_param: MonitoringSubscriptionCinderVolume}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
@@ -95,10 +99,6 @@ outputs:
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address:
- str_replace:
- template: "NETWORK_uri"
- params:
- NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
+ tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
step_config: |
include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
index d2376af3..adc1b4cb 100644
--- a/puppet/services/glance-api.yaml
+++ b/puppet/services/glance-api.yaml
@@ -73,12 +73,16 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionGlanceApi:
+ default: 'overcloud-glance-api'
+ type: string
outputs:
role_data:
description: Role data for the Glance API role.
value:
service_name: glance_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
config_settings:
glance::api::database_connection:
list_join:
@@ -90,14 +94,14 @@ outputs:
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/glance'
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
- glance::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::api::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
glance::api::registry_host:
str_replace:
template: "'REGISTRY_HOST'"
params:
REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]}
- glance::api::keystone_password: {get_param: GlancePassword}
+ glance::api::authtoken::password: {get_param: GlancePassword}
glance::api::enable_proxy_headers_parsing: true
glance::api::debug: {get_param: Debug}
glance::api::workers: {get_param: GlanceWorkers}
@@ -128,7 +132,7 @@ outputs:
- 9292
- 13292
glance::keystone::auth::tenant: 'service'
- glance::api::keystone_tenant: 'service'
+ glance::api::authtoken::project_name: 'service'
glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true
# NOTE: bind IP is found in Heat replacing the network name with the
diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml
index 06ef9379..d5f01d46 100644
--- a/puppet/services/glance-registry.yaml
+++ b/puppet/services/glance-registry.yaml
@@ -30,12 +30,16 @@ parameters:
default: 0
description: Number of workers for Glance service.
type: number
+ MonitoringSubscriptionGlanceRegistry:
+ default: 'overcloud-glance-registry'
+ type: string
outputs:
role_data:
description: Role data for the Glance Registry role.
value:
service_name: glance_registry
+ monitoring_subscription: {get_param: MonitoringSubscriptionGlanceRegistry}
config_settings:
glance::registry::database_connection:
list_join:
@@ -46,11 +50,11 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/glance'
- glance::registry::keystone_password: {get_param: GlancePassword}
- glance::registry::keystone_tenant: 'service'
+ glance::registry::authtoken::password: {get_param: GlancePassword}
+ glance::registry::authtoken::project_name: 'service'
glance::registry::pipeline: 'keystone'
- glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
glance::registry::debug: {get_param: Debug}
glance::registry::workers: {get_param: GlanceWorkers}
glance::db::mysql::user: glance
@@ -61,7 +65,6 @@ outputs:
- "%{hiera('mysql_bind_host')}"
glance::registry::db::database_db_max_retries: -1
glance::registry::db::database_max_retries: -1
-
tripleo.glance_registry.firewall_rules:
'112 glance_registry':
dport:
diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml
index ec42f3f5..650865e2 100644
--- a/puppet/services/gnocchi-api.yaml
+++ b/puppet/services/gnocchi-api.yaml
@@ -33,8 +33,12 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionGnocchiApi:
+ default: 'overcloud-gnocchi-api'
+ type: string
resources:
+
GnocchiServiceBase:
type: ./gnocchi-base.yaml
properties:
@@ -42,13 +46,22 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Gnocchi role.
value:
service_name: gnocchi_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi}
config_settings:
map_merge:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
- get_attr: [GnocchiServiceBase, role_data, config_settings]
- tripleo.gnocchi_api.firewall_rules:
'129 gnocchi-api':
diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml
index 205d0552..ebdebd1e 100644
--- a/puppet/services/gnocchi-metricd.yaml
+++ b/puppet/services/gnocchi-metricd.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionGnocchiMetricd:
+ default: 'overcloud-gnocchi-metricd'
+ type: string
resources:
GnocchiServiceBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Gnocchi role.
value:
service_name: gnocchi_metricd
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiMetricd}
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml
index 018ad2b1..04339f46 100644
--- a/puppet/services/gnocchi-statsd.yaml
+++ b/puppet/services/gnocchi-statsd.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionGnocchiStatsd:
+ default: 'overcloud-gnocchi-statsd'
+ type: string
resources:
GnocchiServiceBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Gnocchi role.
value:
service_name: gnocchi_statsd
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiStatsd}
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index 6885449e..974928c5 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -44,38 +44,20 @@ parameters:
Specifies the interface where the public-facing virtual ip will be assigned.
This should be int_public when a VLAN is being used.
type: string
+ MonitoringSubscriptionHaproxy:
+ default: 'overcloud-haproxy'
+ type: string
outputs:
role_data:
description: Role data for the HAproxy role.
value:
service_name: haproxy
+ monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
config_settings:
tripleo.haproxy.firewall_rules:
'107 haproxy stats':
dport: 1993
- # TODO(emilien) make it composable to find which services are actually running
- tripleo::haproxy::keystone_admin: '"%{hiera(\"keystone_enabled\")}"'
- tripleo::haproxy::keystone_public: '"%{hiera(\"keystone_enabled\")}"'
- tripleo::haproxy::neutron: '"%{hiera(\"neutron_api_enabled\")}"'
- tripleo::haproxy::cinder: '"%{hiera(\"cinder_api_enabled\")}"'
- tripleo::haproxy::glance_api: '"%{hiera(\"glance_api_enabled\")}"'
- tripleo::haproxy::glance_registry: '"%{hiera(\"glance_registry_enabled\")}"'
- tripleo::haproxy::nova_osapi: '"%{hiera(\"nova_api_enabled\")}"'
- tripleo::haproxy::nova_metadata: '"%{hiera(\"nova_api_enabled\")}"'
- tripleo::haproxy::nova_novncproxy: '"%{hiera(\"nova_vncproxy_enabled\")}"'
- tripleo::haproxy::mysql: true
- tripleo::haproxy::redis: '"%{hiera(\"redis_enabled\")}"'
- tripleo::haproxy::sahara: '"%{hiera(\"sahara_api_enabled\")}"'
- tripleo::haproxy::swift_proxy_server: '"%{hiera(\"swift_proxy_enabled\")}"'
- tripleo::haproxy::ceilometer: '"%{hiera(\"ceilometer_api_enabled\")}"'
- tripleo::haproxy::aodh: '"%{hiera(\"aodh_api_enabled\")}"'
- tripleo::haproxy::gnocchi: '"%{hiera(\"gnocchi_api_enabled\")}"'
- tripleo::haproxy::heat_api: '"%{hiera(\"heat_api_enabled\")}"'
- tripleo::haproxy::heat_cloudwatch: '"%{hiera(\"heat_api_cloudwatch_enabled\")}"'
- tripleo::haproxy::heat_cfn: '"%{hiera(\"heat_api_cfn_enabled\")}"'
- tripleo::haproxy::horizon: '"%{hiera(\"horizon_enabled\")}"'
- tripleo::haproxy::ironic: '"%{hiera(\"ironic_api_enabled\")}"'
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml
index a15ea32d..61a69078 100644
--- a/puppet/services/heat-api-cfn.yaml
+++ b/puppet/services/heat-api-cfn.yaml
@@ -30,6 +30,9 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionHeatApiCnf:
+ default: 'overcloud-heat-api-cfn'
+ type: string
resources:
HeatBase:
@@ -44,6 +47,7 @@ outputs:
description: Role data for the Heat CloudFormation API role.
value:
service_name: heat_api_cfn
+ monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf}
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml
index 6d645ee7..c12e56ef 100644
--- a/puppet/services/heat-api-cloudwatch.yaml
+++ b/puppet/services/heat-api-cloudwatch.yaml
@@ -22,6 +22,9 @@ parameters:
default: 0
description: Number of workers for Heat service.
type: number
+ MonitoringSubscriptionHeatApiCloudwatch:
+ default: 'overcloud-heat-api-cloudwatch'
+ type: string
resources:
HeatBase:
@@ -36,6 +39,7 @@ outputs:
description: Role data for the Heat Cloudwatch API role.
value:
service_name: heat_api_cloudwatch
+ monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCloudwatch}
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml
index ec3b0e37..64b0c53b 100644
--- a/puppet/services/heat-api.yaml
+++ b/puppet/services/heat-api.yaml
@@ -30,6 +30,9 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionHeatApi:
+ default: 'overcloud-heat-api'
+ type: string
resources:
HeatBase:
@@ -44,6 +47,7 @@ outputs:
description: Role data for the Heat API role.
value:
service_name: heat_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi}
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml
index 226d2a51..7eb58f56 100644
--- a/puppet/services/heat-base.yaml
+++ b/puppet/services/heat-base.yaml
@@ -32,6 +32,10 @@ parameters:
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
+ HeatPassword:
+ description: The password for the Heat service and db account, used by the Heat services.
+ type: string
+ hidden: true
DefaultPasswords:
default: {}
type: json
@@ -60,11 +64,13 @@ outputs:
key: 'context_is_admin'
value: 'role:admin'
heat::rabbit_heartbeat_timeout_threshold: 60
- heat::keystone_tenant: 'service'
+ heat::keystone::authtoken::project_name: 'service'
+ heat::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ heat::keystone::authtoken::password: {get_param: HeatPassword}
heat::keystone::domain::domain_name: 'heat_stack'
heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost'
- heat::auth_plugin: 'password'
heat::cron::purge_deleted::age: 30
heat::cron::purge_deleted::age_type: 'days'
heat::cron::purge_deleted::maxdelay: 3600
diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml
index b230ec1d..089bf531 100644
--- a/puppet/services/heat-engine.yaml
+++ b/puppet/services/heat-engine.yaml
@@ -40,6 +40,9 @@ parameters:
type: string
hidden: true
default: ''
+ MonitoringSubscriptionHeatEngine:
+ default: 'overcloud-heat-engine'
+ type: string
resources:
HeatBase:
@@ -54,6 +57,7 @@ outputs:
description: Role data for the Heat Engine role.
value:
service_name: heat_engine
+ monitoring_subscription: {get_param: MonitoringSubscriptionHeatEngine}
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
@@ -71,8 +75,6 @@ outputs:
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/heat'
heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]}
- heat::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- heat::keystone_password: {get_param: HeatPassword}
heat::db::mysql::password: {get_param: HeatPassword}
heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword}
heat::db::mysql::user: heat
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index c5d96819..6ea5ec4e 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
Horizon service configured with Puppet
@@ -10,6 +10,10 @@ parameters:
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
DefaultPasswords:
default: {}
type: json
@@ -22,17 +26,30 @@ parameters:
default: '*'
description: A list of IP/Hostname allowed to connect to horizon
type: comma_delimited_list
+ HorizonSecret:
+ description: Secret key for Django
+ type: string
+ hidden: true
+ default: ''
NeutronMechanismDrivers:
default: 'openvswitch'
description: |
The mechanism drivers for the Neutron tenant network.
type: comma_delimited_list
+ MemcachedIPv6:
+ default: false
+ description: Enable IPv6 features in Memcached.
+ type: boolean
+ MonitoringSubscriptionHorizon:
+ default: 'overcloud-horizon'
+ type: string
outputs:
role_data:
description: Role data for the Horizon role.
value:
service_name: horizon
+ monitoring_subscription: {get_param: MonitoringSubscriptionHorizon}
config_settings:
horizon::allowed_hosts: {get_param: HorizonAllowedHosts}
neutron::plugins::ml2::mechanism_drivers:
@@ -51,5 +68,16 @@ outputs:
add_listen: false
priority: 10
access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
+ horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
+ horizon::django_debug: {get_param: Debug}
+ horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ horizon::secret_key:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: HorizonSecret}
+ - {get_param: [DefaultPasswords, horizon_secret]}
+ memcached_ipv6: {get_param: MemcachedIPv6}
step_config: |
include ::tripleo::profile::base::horizon
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index d0516e1b..5c3f370e 100644
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -22,6 +22,9 @@ parameters:
description: The password for the Ironic service and db account, used by the Ironic services
type: string
hidden: true
+ MonitoringSubscriptionIronicApi:
+ default: 'overcloud-ironic-api'
+ type: string
resources:
IronicBase:
@@ -36,27 +39,28 @@ outputs:
description: Role data for the Ironic API role.
value:
service_name: ironic_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionIronicApi}
config_settings:
map_merge:
- get_attr: [IronicBase, role_data, config_settings]
- # NOTE(dtantsur): the my_ip parameter is heavily overloaded in
- # ironic. It's used as a default value for e.g. TFTP server IP,
- # glance and neutron endpoints, virtual console IP. We override
- # the TFTP server IP in ironic-conductor.yaml as it should not be
- # the VIP, but rather a real IP of the controller.
- - ironic::my_ip: {get_param: [EndpointMap, MysqlInternal, host]}
- ironic::api::authtoken::password: {get_param: IronicPassword}
+ - ironic::api::authtoken::password: {get_param: IronicPassword}
ironic::api::authtoken::project_name: 'service'
ironic::api::authtoken::username: 'ironic'
ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- ironic::api::host_ip: {get_input: ironic_api_network}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ ironic::api::host_ip: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
# This is used to build links in responses
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
- ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri]}
- ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri]}
- ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri]}
+ ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
+ ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
+ ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
ironic::keystone::auth::auth_name: 'ironic'
ironic::keystone::auth::password: {get_param: IronicPassword }
ironic::keystone::auth::tenant: 'service'
diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
index 27479f79..4ac9fc30 100644
--- a/puppet/services/ironic-conductor.yaml
+++ b/puppet/services/ironic-conductor.yaml
@@ -18,10 +18,27 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ IronicCleaningDiskErase:
+ default: 'full'
+ description: Type of disk cleaning before and between deployments,
+ "full" for full cleaning, "metadata" to clean only disk
+ metadata (partition table).
+ type: string
IronicEnabledDrivers:
- default: ['pxe_ipmitool', 'agent_ipmitool']
+ default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo']
description: Enabled Ironic drivers
type: comma_delimited_list
+ IronicIPXEEnabled:
+ default: true
+ description: Whether to use iPXE instead of PXE for deployment.
+ type: boolean
+ IronicIPXEPort:
+ default: 8088
+ description: Port to use for serving images when iPXE is used.
+ type: string
+ MonitoringSubscriptionIronicConductor:
+ default: 'overcloud-ironic-conductor'
+ type: string
resources:
IronicBase:
@@ -36,20 +53,48 @@ outputs:
description: Role data for the Ironic conductor role.
value:
service_name: ironic_conductor
+ monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor}
config_settings:
map_merge:
- get_attr: [IronicBase, role_data, config_settings]
# FIXME: I have no idea why neutron_url is in "api" manifest
- ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
+ ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
+ ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
+ # We need an endpoint containing a real IP, not a VIP here
+ ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
+ ironic::conductor::http_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - '%{hiera("ironic_conductor_http_host")}:'
+ - {get_param: IronicIPXEPort}
+ ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
- ironic::enabled_drivers: {get_param: IronicEnabledDrivers}
- # Prevent tftp_server from defaulting to my_ip setting, which is
- # controller VIP, not a real IP.
- ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]}
+ # NOTE(dtantsur): UEFI only works with iPXE currently for us
+ ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
+ ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
tripleo.ironic_conductor.firewall_rules:
'134 ironic conductor TFTP':
dport: 69
proto: udp
+ '135 ironic conductor HTTP':
+ dport: {get_param: IronicIPXEPort}
+ # NOTE(dtantsur): the my_ip parameter is heavily overloaded in
+ # ironic. It's used as a default value for e.g. TFTP server IP,
+ # glance and neutron endpoints, virtual console IP. We override
+ # the TFTP server IP in ironic-conductor.yaml as it should not be
+ # the VIP, but rather a real IP of the host.
+ ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
+ ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
+
step_config: |
include ::tripleo::profile::base::ironic::conductor
diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml
index b783345b..2b069d67 100644
--- a/puppet/services/keepalived.yaml
+++ b/puppet/services/keepalived.yaml
@@ -28,12 +28,16 @@ parameters:
Specifies the interface where the public-facing virtual ip will be assigned.
This should be int_public when a VLAN is being used.
type: string
+ MonitoringSubscriptionKeepalived:
+ default: 'overcloud-keepalived'
+ type: string
outputs:
role_data:
description: Role data for the Keepalived role.
value:
service_name: keepalived
+ monitoring_subscription: {get_param: MonitoringSubscriptionKeepalived}
config_settings:
tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface}
tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface}
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index c763c391..79033047 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -84,81 +84,98 @@ parameters:
type: string
description: Set the number of workers for keystone::wsgi::apache
default: '"%{::processorcount}"'
+ MonitoringSubscriptionKeystone:
+ default: 'overcloud-kestone'
+ type: string
+
+resources:
+
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Keystone role.
value:
service_name: keystone
+ monitoring_subscription: {get_param: MonitoringSubscriptionKeystone}
config_settings:
- keystone::database_connection:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://keystone:'
- - {get_param: AdminToken}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/keystone'
- keystone::admin_token: {get_param: AdminToken}
- keystone::roles::admin::password: {get_param: AdminPassword}
- keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
- keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
- keystone::enable_proxy_headers_parsing: true
- keystone::debug: {get_param: Debug}
- keystone::db::mysql::password: {get_param: AdminToken}
- keystone::rabbit_userid: {get_param: RabbitUserName}
- keystone::rabbit_password: {get_param: RabbitPassword}
- keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
- keystone::rabbit_port: {get_param: RabbitClientPort}
- keystone::notification_driver: {get_param: KeystoneNotificationDriver}
- keystone::notification_format: {get_param: KeystoneNotificationFormat}
- keystone::roles::admin::email: {get_param: AdminEmail}
- keystone::roles::admin::password: {get_param: AdminPassword}
- keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
- keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
- keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- keystone::endpoint::region: {get_param: KeystoneRegion}
- keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
- keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
- keystone::db::mysql::user: keystone
- keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- keystone::db::mysql::dbname: keystone
- keystone::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
- keystone::rabbit_heartbeat_timeout_threshold: 60
- keystone::cron::token_flush::maxdelay: 3600
- keystone::roles::admin::service_tenant: 'service'
- keystone::roles::admin::admin_tenant: 'admin'
- keystone::cron::token_flush::destination: '/dev/null'
- keystone::config::keystone_config:
- ec2/driver:
- value: 'keystone.contrib.ec2.backends.sql.Ec2'
- keystone::service_name: 'httpd'
- keystone::wsgi::apache::ssl: false
-
- keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
- # override via extraconfig:
- keystone::wsgi::apache::threads: 1
- keystone::db::database_db_max_retries: -1
- keystone::db::database_max_retries: -1
- tripleo.keystone.firewall_rules:
- '111 keystone':
- dport:
- - 5000
- - 13000
- - 35357
- - 13357
- # NOTE: bind IP is found in Heat replacing the network name with the
- # local node IP for the given network; replacement examples
- # (eg. for internal_api):
- # internal_api -> IP
- # internal_api_uri -> [IP]
- # internal_api_subnet - > IP/CIDR
- # NOTE: this applies to all 4 bind IP settings below...
- keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
- keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
- keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
- keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
+ config_settings:
+ map_merge:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
+ - keystone::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://keystone:'
+ - {get_param: AdminToken}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/keystone'
+ keystone::admin_token: {get_param: AdminToken}
+ keystone::roles::admin::password: {get_param: AdminPassword}
+ keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
+ keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+ keystone::enable_proxy_headers_parsing: true
+ keystone::debug: {get_param: Debug}
+ keystone::db::mysql::password: {get_param: AdminToken}
+ keystone::rabbit_userid: {get_param: RabbitUserName}
+ keystone::rabbit_password: {get_param: RabbitPassword}
+ keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ keystone::rabbit_port: {get_param: RabbitClientPort}
+ keystone::notification_driver: {get_param: KeystoneNotificationDriver}
+ keystone::notification_format: {get_param: KeystoneNotificationFormat}
+ keystone::roles::admin::email: {get_param: AdminEmail}
+ keystone::roles::admin::password: {get_param: AdminPassword}
+ keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
+ keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ keystone::endpoint::region: {get_param: KeystoneRegion}
+ keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
+ keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
+ keystone::db::mysql::user: keystone
+ keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ keystone::db::mysql::dbname: keystone
+ keystone::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+ keystone::rabbit_heartbeat_timeout_threshold: 60
+ keystone::cron::token_flush::maxdelay: 3600
+ keystone::roles::admin::service_tenant: 'service'
+ keystone::roles::admin::admin_tenant: 'admin'
+ keystone::cron::token_flush::destination: '/dev/null'
+ keystone::config::keystone_config:
+ ec2/driver:
+ value: 'keystone.contrib.ec2.backends.sql.Ec2'
+ keystone::service_name: 'httpd'
+ keystone::wsgi::apache::ssl: false
+
+ keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
+ # override via extraconfig:
+ keystone::wsgi::apache::threads: 1
+ keystone::db::database_db_max_retries: -1
+ keystone::db::database_max_retries: -1
+ tripleo.keystone.firewall_rules:
+ '111 keystone':
+ dport:
+ - 5000
+ - 13000
+ - 35357
+ - 13357
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ # NOTE: this applies to all 4 bind IP settings below...
+ keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
+ keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
+ keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
+ keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
step_config: |
include ::tripleo::profile::base::keystone
diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml
index b3987747..2e43730d 100644
--- a/puppet/services/manila-api.yaml
+++ b/puppet/services/manila-api.yaml
@@ -26,6 +26,9 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionManilaApi:
+ default: 'overcloud-manila-api'
+ type: string
resources:
ManilaBase:
@@ -40,6 +43,7 @@ outputs:
description: Role data for the Manila-api role.
value:
service_name: manila_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionManilaApi}
config_settings:
map_merge:
- get_attr: [ManilaBase, role_data, config_settings]
diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml
index a5122ba0..28addd68 100644
--- a/puppet/services/manila-scheduler.yaml
+++ b/puppet/services/manila-scheduler.yaml
@@ -30,6 +30,9 @@ parameters:
description: The password for the manila service account.
type: string
hidden: true
+ MonitoringSubscriptionManilaScheduler:
+ default: 'overcloud-manila-scheduler'
+ type: string
resources:
ManilaBase:
@@ -44,6 +47,7 @@ outputs:
description: Role data for the Manila-scheduler role.
value:
service_name: manila_scheduler
+ monitoring_subscription: {get_param: MonitoringSubscriptionManilaScheduler}
config_settings:
map_merge:
- get_attr: [ManilaBase, role_data, config_settings]
@@ -65,4 +69,3 @@ outputs:
- '/manila'
step_config: |
include ::tripleo::profile::base::manila::scheduler
-
diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml
index 184f3694..e42d2fae 100644
--- a/puppet/services/manila-share.yaml
+++ b/puppet/services/manila-share.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionManilaShare:
+ default: 'overcloud-manila-share'
+ type: string
resources:
ManilaBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Manila-share role.
value:
service_name: manila_share
+ monitoring_subscription: {get_param: MonitoringSubscriptionManilaShare}
config_settings:
map_merge:
- get_attr: [ManilaBase, role_data, config_settings]
diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml
index 3b47261e..9e3f6375 100644
--- a/puppet/services/memcached.yaml
+++ b/puppet/services/memcached.yaml
@@ -18,12 +18,16 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionMemcached:
+ default: 'overcloud-memcached'
+ type: string
outputs:
role_data:
description: Role data for the Memcached role.
value:
service_name: memcached
+ monitoring_subscription: {get_param: MonitoringSubscriptionMemcached}
config_settings:
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml
new file mode 100644
index 00000000..d7350d07
--- /dev/null
+++ b/puppet/services/monitoring/sensu-base.yaml
@@ -0,0 +1,68 @@
+heat_template_version: 2016-04-08
+
+description: Sensu base service
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ MonitoringRabbitHost:
+ description: RabbitMQ host Sensu has to connect to.
+ type: string
+ default: ''
+ MonitoringRabbitPort:
+ default: 5672
+ description: Set RabbitMQ subscriber port, change this if using SSL.
+ type: number
+ MonitoringRabbitUseSSL:
+ default: false
+ description: >
+ RabbitMQ client subscriber parameter to specify an SSL connection
+ to the RabbitMQ host.
+ type: string
+ MonitoringRabbitPassword:
+ description: The RabbitMQ password used for monitoring purposes.
+ type: string
+ hidden: true
+ MonitoringRabbitUserName:
+ description: The RabbitMQ username used for monitoring purposes.
+ type: string
+ default: sensu
+ MonitoringRabbitVhost:
+ description: The RabbitMQ vhost used for monitoring purposes.
+ type: string
+ default: '/sensu'
+
+
+outputs:
+ role_data:
+ description: Role data for the Sensu role.
+ value:
+ service_name: sensu_base
+ config_settings:
+ sensu::enterprise: false
+ sensu::enterprise_dashboard: false
+ sensu::install_repo: false
+ sensu::manage_user: false
+ sensu::rabbitmq_host: {get_param: MonitoringRabbitHost}
+ sensu::rabbitmq_password: {get_param: MonitoringRabbitPassword}
+ sensu::rabbitmq_port: {get_param: MonitoringRabbitPort}
+ sensu::rabbitmq_ssl: {get_param: MonitoringRabbitUseSSL}
+ sensu::rabbitmq_user: {get_param: MonitoringRabbitUserName}
+ sensu::rabbitmq_vhost: {get_param: MonitoringRabbitVhost}
+ #sensu::redis_host: {get_param: MonitoringRedisHost}
+ #sensu::redis_password: {get_param: MonitoringRedisPassword}
+ sensu::sensu_plugin_provider: 'yum'
+ sensu::sensu_plugin_name: 'rubygem-sensu-plugin'
+ sensu::version: 'present'
diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml
new file mode 100644
index 00000000..3f37e750
--- /dev/null
+++ b/puppet/services/monitoring/sensu-client.yaml
@@ -0,0 +1,49 @@
+heat_template_version: 2016-04-08
+
+description: Sensu client configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: >
+ Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ SensuClientCustomConfig:
+ default: {}
+ description: Hash containing custom sensu-client variables.
+ type: json
+ label: Custom configuration for Sensu Client variables
+
+resources:
+ SensuBase:
+ type: ./sensu-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Sensu client role.
+ value:
+ service_name: sensu_client
+ monitoring_subscription: all
+ config_settings:
+ map_merge:
+ - get_attr: [SensuBase, role_data, config_settings]
+ - sensu::api: false
+ sensu::client: true
+ sensu::server: false
+ sensu::client_custom: {get_param: SensuClientCustomConfig}
+ step_config: |
+ include ::tripleo::profile::base::monitoring::sensu
diff --git a/puppet/services/network/contrail-analytics.yaml b/puppet/services/network/contrail-analytics.yaml
new file mode 100644
index 00000000..1c2331fa
--- /dev/null
+++ b/puppet/services/network/contrail-analytics.yaml
@@ -0,0 +1,90 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Contrail Analytics service deployment using puppet, this YAML file
+ creates the interface between the HOT template
+ and the puppet manifest that actually installs
+ and configures Contrail Analytics.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ContrailAnalyticsHostIP:
+ description: host IP address of Analytics
+ type: string
+ ContrailAnalyticsRedisServerIp:
+ description: Redis server ip address
+ type: string
+ ContrailAnalyticsCollectorServerHttpPort:
+ description: Collector http port
+ type: number
+ default: 8089
+ ContrailAnalyticsCollectorSandeshPort:
+ description: Collector sandesh port
+ type: number
+ default: 8086
+ ContrailAnalyticsHttpServerPort:
+ description: Analytics http port
+ type: number
+ default: 8090
+ ContrailAnalyticsListenAddress:
+ default: '0.0.0.0'
+ description: IP address Config API is listening on
+ type: string
+ ContrailAnalyticsListenPort:
+ default: 8082
+ description: Port Config API is listening on
+ type: number
+ ContrailAnalyticsRedisServerPort:
+ description: Redis server port
+ type: number
+ default: 6379
+ ContrailAnalyticsRestApiIp:
+ description: IP address Analytics rest interface listens on
+ type: string
+ default: '0.0.0.0'
+ ContrailAnalyticsRestApiPort:
+ description: Analytics rest port
+ type: number
+ default: 8081
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role Contrail Analytics using composable services.
+ value:
+ service_name: contrail_analytics
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ - contrail::analytics::collector_http_server_port: {get_param: ContrailAnalyticsCollectorServerHttpPort}
+ contrail::analytics::collector_sandesh_port: {get_param: ContrailAnalyticsCollectorSandeshPort}
+ contrail::analytics::host_ip: {get_param: ContrailAnalyticsHostIP}
+ contrail::analytics::http_server_port: {get_param: ContrailAnalyticsHttpServerPort}
+ contrail::analytics::listen_ip_address: {get_param: ContrailAnalyticsListenAddress}
+ contrail::analytics::listen_port: {get_param: ContrailAnalyticsListenPort}
+ contrail::analytics::redis_server: {get_param: ContrailAnalyticsRedisServerIp}
+ contrail::analytics::redis_server_port: {get_param: ContrailAnalyticsRedisServerPort}
+ contrail::analytics::rest_api_ip: {get_param: ContrailAnalyticsRestApiIp}
+ contrail::analytics::rest_api_port: {get_param: ContrailAnalyticsRestApiPort}
+ step_config: |
+ include ::tripleo::network::contrail::analytics
diff --git a/puppet/services/network/contrail-base.yaml b/puppet/services/network/contrail-base.yaml
new file mode 100644
index 00000000..03dbea5b
--- /dev/null
+++ b/puppet/services/network/contrail-base.yaml
@@ -0,0 +1,100 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Base parameters for all Contrail Services.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ AdminPassword:
+ description: Keystone admin user password
+ type: string
+ AdminTenantName:
+ description: Keystone admin tenant name
+ type: string
+ AdminToken:
+ description: Keystone admin token
+ type: string
+ AdminUser:
+ description: Keystone admin user name
+ type: string
+ AuthHost:
+ description: Keystone host IP address
+ type: string
+ AuthPort:
+ default: 35357
+ description: Keystone port
+ type: number
+ AuthProtocol:
+ default: 'http'
+ description: Keystone authentication protocol
+ type: string
+ ContrailDiscoveryServerIp:
+ description: Discovery server ip address
+ type: string
+ ContrailKafkaBrokerList:
+ description: List of kafka servers
+ type: comma_delimited_list
+ ContrailAuth:
+ default: 'keystone'
+ description: Keystone authentication method
+ type: string
+ ContrailCassandraServerList:
+ default: []
+ description: List of cassandra servers
+ type: comma_delimited_list
+ ContrailDiscoveryServerPort:
+ description: Discovery server port
+ type: number
+ default: 5998
+ ContrailInsecure:
+ default: false
+ description: Keystone insecure mode
+ type: boolean
+ ContrailMemcachedServer:
+ default: '127.0.0.1:12111'
+ description: Memcached server
+ type: string
+ ContrailMultiTenancy:
+ default: true
+ description: Turn on/off multi-tenancy
+ type: boolean
+ ContrailZkServerIp:
+ default: []
+ description: List of zookeeper servers
+ type: comma_delimited_list
+
+outputs:
+ role_data:
+ description: Shared role data for the Contrail services.
+ value:
+ service_name: contrail_base
+ config_settings:
+ contrail::admin_password: {get_param: AdminPassword}
+ contrail::admin_tenant_name: {get_param: AdminTenantName}
+ contrail::admin_token: {get_param: AdminToken}
+ contrail::admin_user: {get_param: AdminUser}
+ contrail::auth_host: {get_param: [EndpointMap, KeystoneInternal, host] }
+ contrail::auth_port: {get_param: [EndpointMap, KeystoneInternal, port] }
+ contrail::auth_protocol: {get_param: [EndpointMap, KeystoneInternal, protocol] }
+ contrail::disc_server_ip: {get_param: ContrailDiscoveryServerIp}
+ contrail::kafka_broker_list: {get_param: ContrailKafkaBrokerList}
+ contrail::auth: {get_param: ContrailAuth}
+ contrail::cassandra_server_list: {get_param: ContrailCassandraServerList}
+ contrail::disc_server_port: {get_param: ContrailDiscoveryServerPort}
+ contrail::insecure: {get_param: ContrailInsecure}
+ contrail::memcached_server: {get_param: ContrailMemcachedServer}
+ contrail::multi_tenancy: {get_param: ContrailMultiTenancy}
+ contrail::zk_server_ip: {get_param: ContrailZkServerIp}
diff --git a/puppet/services/network/contrail-config.yaml b/puppet/services/network/contrail-config.yaml
new file mode 100644
index 00000000..0987fc75
--- /dev/null
+++ b/puppet/services/network/contrail-config.yaml
@@ -0,0 +1,72 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Contrail Config service deployment using puppet, this YAML file
+ creates the interface between the HOT template
+ and the puppet manifest that actually installs
+ and configures Contrail Config.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ContrailConfigIfmapServerIp:
+ description: Ifmap server ip address
+ type: string
+ ContrailConfigIfmapUserName:
+ description: Ifmap user name
+ type: string
+ ContrailConfigIfmapUserPassword:
+ description: Ifmap user password
+ type: string
+ ContrailConfigRabbitServerIp:
+ description: RabbitMq server ip address
+ type: string
+ ContrailConfigRedisServerIp:
+ description: Redis server ip address
+ type: string
+ ContrailConfigListenAddress:
+ default: '0.0.0.0'
+ description: IP address Config API is listening on
+ type: string
+ ContrailConfigListenPort:
+ default: 8082
+ description: Port Config API is listening on
+ type: number
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role Contrail Config using composable services.
+ value:
+ service_name: contrail_config
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ - contrail::config::ifmap_password: {get_param: ContrailConfigIfmapUserPassword}
+ contrail::config::ifmap_server_ip: {get_param: ContrailConfigIfmapServerIp}
+ contrail::config::ifmap_username: {get_param: ContrailConfigIfmapUserName}
+ contrail::config::listen_ip_address: {get_param: ContrailConfigListenAddress}
+ contrail::config::listen_port: {get_param: ContrailConfigListenPort}
+ contrail::config::rabbit_server: {get_param: ContrailConfigRabbitServerIp}
+ contrail::config::redis_server: {get_param: ContrailConfigRedisServerIp}
+ step_config: |
+ include ::tripleo::network::contrail::config
diff --git a/puppet/services/network/contrail-control.yaml b/puppet/services/network/contrail-control.yaml
new file mode 100644
index 00000000..9356e9e9
--- /dev/null
+++ b/puppet/services/network/contrail-control.yaml
@@ -0,0 +1,54 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Contrail Control service deployment using puppet, this YAML file
+ creates the interface between the HOT template
+ and the puppet manifest that actually installs
+ and configures Contrail Control.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ContrailControlHostIP:
+ description: host IP address of Analytics
+ type: string
+ ContrailControlIfmapUserName:
+ description: Ifmap user name
+ type: string
+ ContrailControlIfmapUserPassword:
+ description: Ifmap user password
+ type: string
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role Contrail Control using composable services.
+ value:
+ service_name: contrail_control
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ - contrail::control::host_ip: {get_param: ContrailControlHostIP}
+ contrail::control::ifmap_username: {get_param: ContrailControlIfmapUserName}
+ contrail::control::ifmap_password: {get_param: ContrailControlIfmapUserPassword}
+ step_config: |
+ include ::tripleo::network::contrail::control
diff --git a/puppet/services/network/contrail-database.yaml b/puppet/services/network/contrail-database.yaml
new file mode 100644
index 00000000..e5712618
--- /dev/null
+++ b/puppet/services/network/contrail-database.yaml
@@ -0,0 +1,51 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Contrail Database service deployment using puppet, this YAML file
+ creates the interface between the HOT template
+ and the puppet manifest that actually installs
+ and configures Contrail Database.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ContrailDatabaseHostIP:
+ description: host IP address of Database node
+ type: string
+ ContrailDatabaseMinDisk:
+ description: Minimum disk size for database
+ type: number
+ default: 64
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role Contrail Database using composable services.
+ value:
+ service_name: contrail_database
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ - contrail::database::host_ip: {get_param: ContrailDatabaseHostIP}
+ contrail::database::minimum_diskGB: {get_param: ContrailDatabaseMinDisk}
+ step_config: |
+ include ::tripleo::profile::contrail::database
diff --git a/puppet/services/network/contrail-webui.yaml b/puppet/services/network/contrail-webui.yaml
new file mode 100644
index 00000000..72b9e1c0
--- /dev/null
+++ b/puppet/services/network/contrail-webui.yaml
@@ -0,0 +1,69 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Contrail WebUI service deployment using puppet, this YAML file
+ creates the interface between the HOT template
+ and the puppet manifest that actually installs
+ and configures Contrail WebUI.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ContrailWebUiAnalyticsVip:
+ description: Contrail Analytics VIP
+ type: string
+ ContrailWebUiConfigVip:
+ description: Contrail Config VIP
+ type: string
+ ContrailWebUiNeutronVip:
+ description: Neutron VIP
+ type: string
+ ContrailWebuiHttpPort:
+ default: 8080
+ description: HTTP Port of Webui
+ type: number
+ ContrailWebuiHttpsPort:
+ default: 8143
+ description: HTTPS Port of Webui
+ type: number
+ ContrailWebUiRedisIp:
+ description: Redis IP
+ type: string
+ default: '127.0.0.1'
+
+resources:
+ ContrailBase:
+ type: ./contrail-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role Contrail WebUI using composable services.
+ value:
+ service_name: contrail_webui
+ config_settings:
+ map_merge:
+ - get_attr: [ContrailBase, role_data, config_settings]
+ - contrail::webui::contrail_analytics_vip: {get_param: ContrailWebUiAnalyticsVip}
+ contrail::webui::contrail_config_vip: {get_param: ContrailWebUiConfigVip}
+ contrail::webui::contrail_webui_http_port: {get_param: ContrailWebuiHttpPort}
+ contrail::webui::contrail_webui_https_port: {get_param: ContrailWebuiHttpsPort}
+ contrail::webui::neutron_vip: {get_param: ContrailWebUiNeutronVip}
+ contrail::webui::redis_ip: {get_param: ContrailWebUiRedisIp}
+ step_config: |
+ include ::tripleo::network::contrail::webui
diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml
index 35ac32db..e4ca489a 100644
--- a/puppet/services/neutron-api.yaml
+++ b/puppet/services/neutron-api.yaml
@@ -19,9 +19,16 @@ parameters:
via parameter_defaults in the resource registry.
type: json
NeutronWorkers:
- default: 0
- description: Number of workers for Neutron service.
- type: number
+ default: ''
+ description: |
+ Sets the number of API and RPC workers for the Neutron service. The
+ default value results in the configuration being left unset and a
+ system-dependent default will be chosen (usually the number of
+ processors). Please note that this can result in a large number of
+ processes and memory consumption on systems with a large core count. On
+ such systems it is recommended that a non-default value be selected that
+ matches the load requirements.
+ type: string
NeutronPassword:
description: The password for the neutron service and db account, used by neutron agents.
type: string
@@ -46,6 +53,9 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionNeutronServer:
+ default: 'overcloud-neutron-server'
+ type: string
resources:
@@ -61,10 +71,11 @@ outputs:
description: Role data for the Neutron Server agent service.
value:
service_name: neutron_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::server::database_connection:
+ - neutron::server::database_connection:
list_join:
- ''
- - {get_param: [EndpointMap, MysqlInternal, protocol]}
@@ -79,19 +90,20 @@ outputs:
neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
neutron::keystone::auth::password: {get_param: NeutronPassword}
neutron::keystone::auth::region: {get_param: KeystoneRegion}
- neutron::server::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- neutron::server::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
neutron::server::api_workers: {get_param: NeutronWorkers}
+ neutron::server::rpc_workers: {get_param: NeutronWorkers}
neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
neutron::server::l3_ha: {get_param: NeutronL3HA}
- neutron::server::password: {get_param: NeutronPassword}
+ neutron::keystone::authtoken::password: {get_param: NeutronPassword}
neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
neutron::server::notifications::tenant_name: 'service'
neutron::server::notifications::project_name: 'service'
neutron::server::notifications::password: {get_param: NovaPassword}
- neutron::server::project_name: 'service'
+ neutron::keystone::authtoken::project_name: 'service'
neutron::server::sync_db: true
neutron::db::mysql::password: {get_param: NeutronPassword}
neutron::db::mysql::user: neutron
@@ -111,5 +123,11 @@ outputs:
'106 vrrp':
proto: vrrp
neutron::server::router_distributed: {get_param: NeutronEnableDVR}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
step_config: |
include tripleo::profile::base::neutron::server
diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml
index 39ffea24..32d50d41 100644
--- a/puppet/services/neutron-base.yaml
+++ b/puppet/services/neutron-base.yaml
@@ -48,6 +48,18 @@ parameters:
description: >
Remove configuration that is not generated by TripleO. Setting
to false may result in configuration remnants after updates/upgrades.
+ NeutronGlobalPhysnetMtu:
+ type: number
+ default: 1496
+ description: |
+ MTU of the underlying physical network. Neutron uses this value to
+ calculate MTU for all virtual network components. For flat and VLAN
+ networks, neutron uses this value without modification. For overlay
+ networks such as VXLAN, neutron automatically subtracts the overlay
+ protocol overhead from this value. The default value of 1496 is
+ currently in effect to compensate for some additional overhead when
+ deploying with some network configurations (e.g. network isolation over
+ single network interfaces)
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -87,3 +99,4 @@ outputs:
neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed
neutron::db::database_db_max_retries: -1
neutron::db::database_max_retries: -1
+ neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu}
diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/neutron-compute-plugin-ovn.yaml
new file mode 100644
index 00000000..95e05dd4
--- /dev/null
+++ b/puppet/services/neutron-compute-plugin-ovn.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron Compute OVN agent
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ OVNDbHost:
+ description: IP address on which the OVN DB servers are listening
+ type: string
+ OVNSouthboundServerPort:
+ description: Port of the Southbound DB Server
+ type: number
+ default: 6642
+ OVNTunnelEncapType:
+ description: Tunnel encapsulation type
+ type: string
+ default: geneve
+
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Compute OVN agent
+ value:
+ service_name: neutron_compute_plugin_ovn
+ config_settings:
+ tripleo::profile::base::neutron::agents::ovn::ovn_db_host: {get_param: OVNDbHost}
+ ovn::southbound::port: {get_param: OVNSouthboundServerPort}
+ ovn::southbound::encap_type: {get_param: OVNTunnelEncapType}
+ ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]}
+ step_config: |
+ include ::tripleo::profile::base::neutron::agents::ovn
diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml
index 513cb2d4..b2ad5dab 100644
--- a/puppet/services/neutron-dhcp.yaml
+++ b/puppet/services/neutron-dhcp.yaml
@@ -31,6 +31,9 @@ parameters:
default: false
description: If True, DHCP always provides metadata route to VM.
type: boolean
+ MonitoringSubscriptionNeutronDhcp:
+ default: 'overcloud-neutron-dhcp'
+ type: string
resources:
@@ -46,6 +49,7 @@ outputs:
description: Role data for the Neutron DHCP agent service.
value:
service_name: neutron_dhcp
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronDhcp}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml
index 0f3c2a70..5eb3e252 100644
--- a/puppet/services/neutron-l3-compute-dvr.yaml
+++ b/puppet/services/neutron-l3-compute-dvr.yaml
@@ -26,6 +26,9 @@ parameters:
description: Name of bridge used for external network traffic.
type: string
default: 'br-ex'
+ MonitoringSubscriptionNeutronL3Dvr:
+ default: 'overcloud-neutron-l3-dvr'
+ type: string
resources:
@@ -41,6 +44,7 @@ outputs:
description: Role data for DVR L3 Agent on Compute Nodes
value:
service_name: neutron_l3_compute_dvr
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3Dvr}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml
index 54beee6b..de62a507 100644
--- a/puppet/services/neutron-l3.yaml
+++ b/puppet/services/neutron-l3.yaml
@@ -34,6 +34,9 @@ parameters:
- allowed_values:
- legacy
- dvr_snat
+ MonitoringSubscriptionNeutronL3:
+ default: 'overcloud-neutron-l3-agent'
+ type: string
resources:
@@ -49,6 +52,7 @@ outputs:
description: Role data for the Neutron L3 agent service.
value:
service_name: neutron_l3
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml
index b9ec277a..320ae0ce 100644
--- a/puppet/services/neutron-metadata.yaml
+++ b/puppet/services/neutron-metadata.yaml
@@ -30,6 +30,9 @@ parameters:
description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
+ MonitoringSubscriptionNeutronMetadata:
+ default: 'overcloud-neutron-metadata'
+ type: string
resources:
@@ -45,6 +48,7 @@ outputs:
description: Role data for the Neutron Metadata agent service.
value:
service_name: neutron_metadata
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMetadata}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
@@ -53,5 +57,11 @@ outputs:
neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
neutron::agents::metadata::auth_tenant: 'service'
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ neutron::agents::metadata::metadata_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]}
step_config: |
include tripleo::profile::base::neutron::metadata
diff --git a/puppet/services/neutron-midonet.yaml b/puppet/services/neutron-midonet.yaml
index 48830d81..0de256c0 100644
--- a/puppet/services/neutron-midonet.yaml
+++ b/puppet/services/neutron-midonet.yaml
@@ -40,12 +40,16 @@ parameters:
description: 'Whether enable Cassandra cluster on Controller'
type: boolean
default: false
+ MonitoringSubscriptionNeutronMidonet:
+ default: 'overcloud-neutron-midonet'
+ type: string
outputs:
role_data:
description: Role data for the Neutron Midonet plugin and services
value:
service_name: neutron_midonet
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMidonet}
config_settings:
tripleo::profile::base::neutron::midonet::admin_password: {get_param: AdminPassword}
tripleo::profile::base::neutron::midonet::keystone_admin_token: {get_param: AdminToken}
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index 1b19f90f..ade322ed 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -53,6 +53,17 @@ parameters:
description: |
Enable ARP responder feature in the OVS Agent.
type: boolean
+ MonitoringSubscriptionNeutronOvs:
+ default: 'overcloud-neutron-ovs-agent'
+ type: string
+ NeutronOVSFirewallDriver:
+ default: ''
+ description: |
+ Configure the classname of the firewall driver to use for implementing
+ security groups. Possible values depend on system configuration. Some
+ examples are: noop, openvswitch, iptables_hybrid. The default value of an
+ empty string will result in a default supported configuration.
+ type: string
resources:
@@ -68,10 +79,11 @@ outputs:
description: Role data for the Neutron OVS agent service.
value:
service_name: neutron_ovs_agent
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
+ - neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
neutron::agents::ml2::ovs::bridge_mappings:
@@ -96,5 +108,6 @@ outputs:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]}
+ neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver}
step_config: |
include ::tripleo::profile::base::neutron::ovs
diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml
index 1f1e14ab..cc772c9d 100644
--- a/puppet/services/neutron-ovs-dpdk-agent.yaml
+++ b/puppet/services/neutron-ovs-dpdk-agent.yaml
@@ -19,13 +19,15 @@ parameters:
via parameter_defaults in the resource registry.
type: json
NeutronDpdkCoreList:
- default: ""
description: List of cores to be used for DPDK Poll Mode Driver
type: string
+ constraints:
+ - allowed_pattern: "[0-9,-]+"
NeutronDpdkMemoryChannels:
- default: ""
description: Number of memory channels to be used for DPDK
type: string
+ constraints:
+ - allowed_pattern: "[0-9]+"
NeutronDpdkSocketMemory:
default: ""
description: Memory allocated for each socket
@@ -63,7 +65,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [NeutronOvsAgent, role_data, config_settings]
- neutron::agents::ml2::ovs::enable_dpdk: true
+ - neutron::agents::ml2::ovs::enable_dpdk: true
neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType}
neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir}
vswitch::dpdk::core_list: {get_param: NeutronDpdkCoreList}
diff --git a/puppet/services/neutron-plugin-ml2-ovn.yaml b/puppet/services/neutron-plugin-ml2-ovn.yaml
new file mode 100644
index 00000000..e98ed497
--- /dev/null
+++ b/puppet/services/neutron-plugin-ml2-ovn.yaml
@@ -0,0 +1,79 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron ML2/OVN plugin configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ OVNDbHost:
+ description: IP address on which the OVN DB servers are listening
+ type: string
+ OVNNorthboundServerPort:
+ description: Port of the OVN Northbound DB server
+ type: number
+ default: 6641
+ OVNDbConnectionTimeout:
+ description: Timeout in seconds for the OVSDB connection transaction
+ type: number
+ default: 60
+ OVNVifType:
+ description: Type of VIF to be used for ports
+ type: string
+ default: ovs
+ constraints:
+ - allowed_values:
+ - ovs
+ - vhostuser
+ OVNNeutronSyncMode:
+ description: The synchronization mode of OVN with Neutron DB
+ type: string
+ default: log
+ constraints:
+ - allowed_values:
+ - log
+ - off
+ - repair
+ OVNQosDriver:
+ description: OVN notification driver for Neutron QOS service plugin
+ type: string
+ default: NULL
+
+resources:
+
+ NeutronMl2Base:
+ type: ./neutron-plugin-ml2.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron ML2/OVN plugin.
+ value:
+ service_name: neutron_plugin_ml2_ovn
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronMl2Base, role_data, config_settings]
+ - ovn::northbound::port: {get_param: OVNNorthboundServerPort}
+ tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_db_host: {get_param: OVNDbHost}
+ neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout}
+ neutron::plugins::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode}
+ neutron::plugins::ovn::ovn_l3_mode: true
+ neutron::plugins::ovn::vif_type: {get_param: OVNVifType}
+ neutron::server::qos_notification_drivers: {get_param: OVNQosDriver}
+ step_config: |
+ include ::tripleo::profile::base::neutron::plugins::ml2
diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml
index 559500df..44f7f242 100644
--- a/puppet/services/neutron-sriov-agent.yaml
+++ b/puppet/services/neutron-sriov-agent.yaml
@@ -14,6 +14,11 @@ parameters:
DefaultPasswords:
default: {}
type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
NeutronPhysicalDevMappings:
description: >
List of <physical_network>:<physical device>
@@ -39,11 +44,15 @@ parameters:
Example "eth1:4096","eth2:128"
type: comma_delimited_list
default: ""
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
outputs:
role_data:
@@ -51,8 +60,10 @@ outputs:
value:
service_name: neutron_sriov_agent
config_settings:
- neutron::agents::ml2::sriov::physical_device_mappings: {get_param: NeutronPhysicalDevMappings}
- neutron::agents::ml2::sriov::exclude_devices: {get_param: NeutronExcludeDevices}
- neutron::agents::ml2::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs}
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::agents::ml2::sriov::physical_device_mappings: {get_param: NeutronPhysicalDevMappings}
+ neutron::agents::ml2::sriov::exclude_devices: {get_param: NeutronExcludeDevices}
+ tripleo::host::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs}
step_config: |
include ::tripleo::profile::base::neutron::sriov
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index c2bd395e..e1dbd8e1 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -30,6 +30,22 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ NeutronMetadataProxySharedSecret:
+ description: Shared secret to prevent spoofing
+ type: string
+ hidden: true
+ InstanceNameTemplate:
+ default: 'instance-%08x'
+ description: Template string to be used to generate instance names
+ type: string
+ NovaEnableDBPurge:
+ default: true
+ description: |
+ Whether to create cron job for purging soft deleted rows in Nova database.
+ type: boolean
+ MonitoringSubscriptionNovaApi:
+ default: 'overcloud-nova-api'
+ type: string
resources:
NovaBase:
@@ -44,6 +60,7 @@ outputs:
description: Role data for the Nova API service.
value:
service_name: nova_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaApi}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
@@ -75,5 +92,16 @@ outputs:
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
nova::keystone::auth::password: {get_param: NovaPassword}
nova::keystone::auth::region: {get_param: KeystoneRegion}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ nova::api::api_bind_address: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
+ nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
+ nova::api::instance_name_template: {get_param: InstanceNameTemplate}
+ nova_enable_db_purge: {get_param: NovaEnableDBPurge}
+
step_config: |
include tripleo::profile::base::nova::api
diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
index 471ece34..24a63bb4 100644
--- a/puppet/services/nova-base.yaml
+++ b/puppet/services/nova-base.yaml
@@ -95,14 +95,14 @@ outputs:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova_api'
- nova::db::mysql::password: {get_input: nova_password}
+ nova::db::mysql::password: {get_param: NovaPassword}
nova::db::mysql::user: nova
nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql::dbname: nova
nova::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
- nova::db::mysql_api::password: {get_input: nova_password}
+ nova::db::mysql_api::password: {get_param: NovaPassword}
nova::db::mysql_api::user: nova_api
nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql_api::dbname: nova_api
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index e8849a06..ccdcb52f 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -67,6 +67,9 @@ parameters:
default: 2048
constraints:
- range: { min: 512 }
+ MonitoringSubscriptionNovaCompute:
+ default: 'overcloud-nova-compute'
+ type: string
resources:
NovaBase:
@@ -81,6 +84,7 @@ outputs:
description: Role data for the Nova Compute service.
value:
service_name: nova_compute
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaCompute}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml
index 0b6169da..5dbc7cac 100644
--- a/puppet/services/nova-conductor.yaml
+++ b/puppet/services/nova-conductor.yaml
@@ -22,6 +22,9 @@ parameters:
default: 0
description: Number of workers for Nova Conductor service.
type: number
+ MonitoringSubscriptionNovaConductor:
+ default: 'overcloud-nova-conductor'
+ type: string
resources:
NovaBase:
@@ -36,6 +39,7 @@ outputs:
description: Role data for the Nova Conductor service.
value:
service_name: nova_conductor
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaConductor}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml
index 67ff2ec3..13e3a26a 100644
--- a/puppet/services/nova-consoleauth.yaml
+++ b/puppet/services/nova-consoleauth.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionNovaConsoleauth:
+ default: 'overcloud-nova-consoleauth'
+ type: string
resources:
NovaBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Nova Consoleauth service.
value:
service_name: nova_consoleauth
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaConsoleauth}
config_settings:
get_attr: [NovaBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index 1ebec974..b5ca2437 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -21,6 +21,9 @@ parameters:
NovaComputeLibvirtType:
type: string
default: kvm
+ MonitoringSubscriptionNovaLibvirt:
+ default: 'overcloud-nova-libvirt'
+ type: string
resources:
NovaBase:
@@ -35,6 +38,7 @@ outputs:
description: Role data for the Libvirt service.
value:
service_name: nova_libvirt
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaLibvirt}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml
index c8f2591d..3ffc9c5a 100644
--- a/puppet/services/nova-scheduler.yaml
+++ b/puppet/services/nova-scheduler.yaml
@@ -29,6 +29,9 @@ parameters:
An array of filters used by Nova to filter a node.These filters will be
applied in the order they are listed, so place your most restrictive
filters first to make the filtering process more efficient.
+ MonitoringSubscriptionNovaScheduler:
+ default: 'overcloud-nova-scheduler'
+ type: string
resources:
NovaBase:
@@ -43,6 +46,7 @@ outputs:
description: Role data for the Nova Scheduler service.
value:
service_name: nova_scheduler
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaScheduler}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
diff --git a/puppet/services/nova-vncproxy.yaml b/puppet/services/nova-vnc-proxy.yaml
index 0a1785d8..179112d3 100644
--- a/puppet/services/nova-vncproxy.yaml
+++ b/puppet/services/nova-vnc-proxy.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionNovaVNCProxy:
+ default: 'overcloud-nova-vncproxy'
+ type: string
resources:
NovaBase:
@@ -31,7 +34,8 @@ outputs:
role_data:
description: Role data for the Nova Vncproxy service.
value:
- service_name: nova_vncproxy
+ service_name: nova_vnc_proxy
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaVNCProxy}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
@@ -46,5 +50,11 @@ outputs:
'[': ''
']': ''
nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]}
step_config: |
include tripleo::profile::base::nova::vncproxy
diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml
index 64dd7663..d2ee036e 100644
--- a/puppet/services/opendaylight-api.yaml
+++ b/puppet/services/opendaylight-api.yaml
@@ -75,7 +75,6 @@ outputs:
opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP}
opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpenDaylightApiNetwork]}
- tripleo::haproxy::opendaylight: true
step_config: |
include tripleo::profile::base::neutron::opendaylight
include tripleo::profile::base::neutron::plugins::ovs::opendaylight
diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml
index ac5b85c8..5d1d666a 100644
--- a/puppet/services/pacemaker.yaml
+++ b/puppet/services/pacemaker.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
Pacemaker service configured with Puppet
@@ -18,12 +18,61 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionPacemaker:
+ default: 'overcloud-pacemaker'
+ type: string
+ CorosyncIPv6:
+ default: false
+ description: Enable IPv6 in Corosync
+ type: boolean
+ EnableFencing:
+ default: false
+ description: Whether to enable fencing in Pacemaker or not.
+ type: boolean
+ PcsdPassword:
+ type: string
+ description: The password for the 'pcsd' user for pacemaker.
+ hidden: true
+ default: ''
+ FencingConfig:
+ default: {}
+ description: |
+ Pacemaker fencing configuration. The JSON should have
+ the following structure:
+ {
+ "devices": [
+ {
+ "agent": "AGENT_NAME",
+ "host_mac": "HOST_MAC_ADDRESS",
+ "params": {"PARAM_NAME": "PARAM_VALUE"}
+ }
+ ]
+ }
+ For instance:
+ {
+ "devices": [
+ {
+ "agent": "fence_xvm",
+ "host_mac": "52:54:00:aa:bb:cc",
+ "params": {
+ "multicast_address": "225.0.0.12",
+ "port": "baremetal_0",
+ "manage_fw": true,
+ "manage_key_file": true,
+ "key_file": "/etc/fence_xvm.key",
+ "key_file_password": "abcdef"
+ }
+ }
+ ]
+ }
+ type: json
outputs:
role_data:
description: Role data for the Pacemaker role.
value:
service_name: pacemaker
+ monitoring_subscription: {get_param: MonitoringSubscriptionPacemaker}
config_settings:
pacemaker::corosync::cluster_name: 'tripleo_cluster'
pacemaker::corosync::manage_fw: false
@@ -40,5 +89,15 @@ outputs:
'131 pacemaker udp':
proto: 'udp'
dport: 5405
+ corosync_ipv6: {get_param: CorosyncIPv6}
+ tripleo::fencing::config: {get_param: FencingConfig}
+ enable_fencing: {get_param: EnableFencing}
+ hacluster_pwd:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: PcsdPassword}
+ - {get_param: [DefaultPasswords, pcsd_password]}
step_config: |
include ::tripleo::profile::base::pacemaker
diff --git a/puppet/services/pacemaker/ceilometer-agent-central.yaml b/puppet/services/pacemaker/ceilometer-agent-central.yaml
index 78714878..5dcb62ca 100644
--- a/puppet/services/pacemaker/ceilometer-agent-central.yaml
+++ b/puppet/services/pacemaker/ceilometer-agent-central.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCeilometerCentral:
+ default: 'overcloud-ceilometer-agent-central'
+ type: string
resources:
CeilometerServiceBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Ceilometer Central Agent pacemaker role.
value:
service_name: ceilometer_agent_central
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral}
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/ceilometer-agent-notification.yaml b/puppet/services/pacemaker/ceilometer-agent-notification.yaml
index 6290203a..dbe14499 100644
--- a/puppet/services/pacemaker/ceilometer-agent-notification.yaml
+++ b/puppet/services/pacemaker/ceilometer-agent-notification.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCeilometerNotification:
+ default: 'overcloud-ceilometer-agent-notification'
+ type: string
resources:
CeilometerServiceBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Ceilometer Notification Agent pacemaker role.
value:
service_name: ceilometer_agent_notification
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerNotification}
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/ceilometer-api.yaml b/puppet/services/pacemaker/ceilometer-api.yaml
index d130a4bb..4b6c18f6 100644
--- a/puppet/services/pacemaker/ceilometer-api.yaml
+++ b/puppet/services/pacemaker/ceilometer-api.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCeilometerApi:
+ default: 'overcloud-ceilometer-api'
+ type: string
resources:
CeilometerServiceBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Ceilometer API pacemaker role.
value:
service_name: ceilometer_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerApi}
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/ceilometer-collector.yaml b/puppet/services/pacemaker/ceilometer-collector.yaml
index 97da92e8..4c919515 100644
--- a/puppet/services/pacemaker/ceilometer-collector.yaml
+++ b/puppet/services/pacemaker/ceilometer-collector.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCeilometerCollector:
+ default: 'overcloud-ceilometer-collector'
+ type: string
resources:
CeilometerServiceBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Ceilometer Collector pacemaker role.
value:
service_name: ceilometer_collector
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCollector}
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/cinder-api.yaml b/puppet/services/pacemaker/cinder-api.yaml
index 7c83037d..e4bcfc3e 100644
--- a/puppet/services/pacemaker/cinder-api.yaml
+++ b/puppet/services/pacemaker/cinder-api.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Cinder API role.
value:
service_name: cinder_api
+ monitoring_subscription: {get_attr: [CinderApiBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [CinderApiBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/cinder-backup.yaml b/puppet/services/pacemaker/cinder-backup.yaml
index 7e940c7e..2ebc7680 100644
--- a/puppet/services/pacemaker/cinder-backup.yaml
+++ b/puppet/services/pacemaker/cinder-backup.yaml
@@ -48,6 +48,7 @@ outputs:
description: Role data for the Cinder Backup role.
value:
service_name: cinder_backup
+ monitoring_subscription: {get_attr: [CinderBackupBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [CinderBackupBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/cinder-scheduler.yaml b/puppet/services/pacemaker/cinder-scheduler.yaml
index 6f26b412..eb578e5c 100644
--- a/puppet/services/pacemaker/cinder-scheduler.yaml
+++ b/puppet/services/pacemaker/cinder-scheduler.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Cinder Scheduler role.
value:
service_name: cinder_scheduler
+ monitoring_subscription: {get_attr: [CinderSchedulerBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [CinderSchedulerBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml
index ffcdb529..d5dedf34 100644
--- a/puppet/services/pacemaker/cinder-volume.yaml
+++ b/puppet/services/pacemaker/cinder-volume.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Cinder Volume role.
value:
service_name: cinder_volume
+ monitoring_subscription: {get_attr: [CinderVolumeBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [CinderVolumeBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml
index ef4ba79a..684785af 100644
--- a/puppet/services/pacemaker/glance-api.yaml
+++ b/puppet/services/pacemaker/glance-api.yaml
@@ -57,6 +57,7 @@ outputs:
description: Role data for the Glance role.
value:
service_name: glance_api
+ monitoring_subscription: {get_attr: [GlanceApiBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [GlanceApiBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml
index e417f09f..5bcabcab 100644
--- a/puppet/services/pacemaker/glance-registry.yaml
+++ b/puppet/services/pacemaker/glance-registry.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Glance role.
value:
service_name: glance_registry
+ monitoring_subscription: {get_attr: [GlanceRegistryBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [GlanceRegistryBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/gnocchi-api.yaml b/puppet/services/pacemaker/gnocchi-api.yaml
index 42c7131d..6a9161fa 100644
--- a/puppet/services/pacemaker/gnocchi-api.yaml
+++ b/puppet/services/pacemaker/gnocchi-api.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionGnocchiApi:
+ default: 'overcloud-gnocchi-api'
+ type: string
resources:
GnocchiServiceBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Gnocchi role.
value:
service_name: gnocchi_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi}
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/gnocchi-metricd.yaml b/puppet/services/pacemaker/gnocchi-metricd.yaml
index 177d7744..0f36b5d5 100644
--- a/puppet/services/pacemaker/gnocchi-metricd.yaml
+++ b/puppet/services/pacemaker/gnocchi-metricd.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionGnocchiMetricd:
+ default: 'overcloud-gnocchi-metricd'
+ type: string
resources:
GnocchiServiceBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Gnocchi role.
value:
service_name: gnocchi_metricd
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiMetricd}
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/gnocchi-statsd.yaml b/puppet/services/pacemaker/gnocchi-statsd.yaml
index a247a514..b9afc590 100644
--- a/puppet/services/pacemaker/gnocchi-statsd.yaml
+++ b/puppet/services/pacemaker/gnocchi-statsd.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionGnocchiStatsd:
+ default: 'overcloud-gnocchi-statsd'
+ type: string
resources:
GnocchiServiceBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Gnocchi role.
value:
service_name: gnocchi_statsd
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiStatsd}
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml
index de028339..52104a71 100644
--- a/puppet/services/pacemaker/haproxy.yaml
+++ b/puppet/services/pacemaker/haproxy.yaml
@@ -32,6 +32,7 @@ outputs:
description: Role data for the HAproxy with pacemaker role.
value:
service_name: haproxy
+ monitoring_subscription: {get_attr: [LoadbalancerServiceBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [LoadbalancerServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/heat-api-cfn.yaml b/puppet/services/pacemaker/heat-api-cfn.yaml
index 155a35ec..eae01b58 100644
--- a/puppet/services/pacemaker/heat-api-cfn.yaml
+++ b/puppet/services/pacemaker/heat-api-cfn.yaml
@@ -32,6 +32,7 @@ outputs:
description: Role data for the Heat CloudFormation API role.
value:
service_name: heat_api_cfn
+ monitoring_subscription: {get_attr: [HeatApiCfnBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [HeatApiCfnBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/heat-api-cloudwatch.yaml b/puppet/services/pacemaker/heat-api-cloudwatch.yaml
index 85927650..5608ae91 100644
--- a/puppet/services/pacemaker/heat-api-cloudwatch.yaml
+++ b/puppet/services/pacemaker/heat-api-cloudwatch.yaml
@@ -32,6 +32,7 @@ outputs:
description: Role data for the Heat Cloudwatch API role.
value:
service_name: heat_api_cloudwatch
+ monitoring_subscription: {get_attr: [HeatApiCloudwatchBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [HeatApiCloudwatchBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/heat-api.yaml b/puppet/services/pacemaker/heat-api.yaml
index d7220619..6fd790c4 100644
--- a/puppet/services/pacemaker/heat-api.yaml
+++ b/puppet/services/pacemaker/heat-api.yaml
@@ -32,6 +32,7 @@ outputs:
description: Role data for the Heat API role.
value:
service_name: heat_api
+ monitoring_subscription: {get_attr: [HeatApiBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [HeatApiBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/heat-engine.yaml b/puppet/services/pacemaker/heat-engine.yaml
index 579f5f10..b8c962a8 100644
--- a/puppet/services/pacemaker/heat-engine.yaml
+++ b/puppet/services/pacemaker/heat-engine.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Heat engine role.
value:
service_name: heat_engine
+ monitoring_subscription: {get_attr: [HeatEngineBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [HeatEngineBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/horizon.yaml b/puppet/services/pacemaker/horizon.yaml
index bd1ff046..18de23ae 100644
--- a/puppet/services/pacemaker/horizon.yaml
+++ b/puppet/services/pacemaker/horizon.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Horizon role.
value:
service_name: horizon
+ monitoring_subscription: {get_attr: [HorizonBase, role_data, monitoring_subscription]}
config_settings:
get_attr: [HorizonBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml
index 701f01f1..0a479c9a 100644
--- a/puppet/services/pacemaker/keystone.yaml
+++ b/puppet/services/pacemaker/keystone.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Keystone pacemaker role.
value:
service_name: keystone
+ monitoring_subscription: {get_attr: [KeystoneServiceBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [KeystoneServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/manila-share.yaml b/puppet/services/pacemaker/manila-share.yaml
index 7479eb08..cabc31a0 100644
--- a/puppet/services/pacemaker/manila-share.yaml
+++ b/puppet/services/pacemaker/manila-share.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the manila-share pacemaker role.
value:
service_name: manila_share
+ monitoring_subscription: {get_attr: [ManilaShareBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [ManilaShareBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/memcached.yaml b/puppet/services/pacemaker/memcached.yaml
index e612d775..04b895b6 100644
--- a/puppet/services/pacemaker/memcached.yaml
+++ b/puppet/services/pacemaker/memcached.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Memcached pacemaker role.
value:
service_name: memcached
+ monitoring_subscription: {get_attr: [MemcachedServiceBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [MemcachedServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml
index f5f785e3..9b9e5849 100644
--- a/puppet/services/pacemaker/neutron-dhcp.yaml
+++ b/puppet/services/pacemaker/neutron-dhcp.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Neutron DHCP role.
value:
service_name: neutron_dhcp
+ monitoring_subscription: {get_attr: [NeutronDhcpBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NeutronDhcpBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml
index 87176632..21ac02d4 100644
--- a/puppet/services/pacemaker/neutron-l3.yaml
+++ b/puppet/services/pacemaker/neutron-l3.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Neutron L3 role.
value:
service_name: neutron_l3
+ monitoring_subscription: {get_attr: [NeutronL3Base, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NeutronL3Base, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml
index e00c2424..8c22d42d 100644
--- a/puppet/services/pacemaker/neutron-metadata.yaml
+++ b/puppet/services/pacemaker/neutron-metadata.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Neutron Metadata role.
value:
service_name: neutron_metadata
+ monitoring_subscription: {get_attr: [NeutronMetadataBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NeutronMetadataBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-midonet.yaml b/puppet/services/pacemaker/neutron-midonet.yaml
index fb39ea44..fdd5dafb 100644
--- a/puppet/services/pacemaker/neutron-midonet.yaml
+++ b/puppet/services/pacemaker/neutron-midonet.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Neutron Midonet plugin.
value:
service_name: neutron_midonet
+ monitoring_subscription: {get_attr: [NeutronMidonetBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NeutronMidonetBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/neutron-ovs-agent.yaml b/puppet/services/pacemaker/neutron-ovs-agent.yaml
index 353c2958..18d60735 100644
--- a/puppet/services/pacemaker/neutron-ovs-agent.yaml
+++ b/puppet/services/pacemaker/neutron-ovs-agent.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Neutron OVS agent service.
value:
service_name: neutron_ovs_agent
+ monitoring_subscription: {get_attr: [NeutronOvsBase, role_data, monitoring_subscription]}
config_settings:
get_attr: [NeutronOvsBase, role_data, config_settings]
step_config: |
diff --git a/puppet/services/pacemaker/neutron-server.yaml b/puppet/services/pacemaker/neutron-server.yaml
index fc04e5ee..33bc2d99 100644
--- a/puppet/services/pacemaker/neutron-server.yaml
+++ b/puppet/services/pacemaker/neutron-server.yaml
@@ -37,6 +37,7 @@ outputs:
description: Role data for the Neutron Server.
value:
service_name: neutron_server
+ monitoring_subscription: {get_attr: [NeutronServerBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NeutronServerBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/nova-api.yaml b/puppet/services/pacemaker/nova-api.yaml
index 709761e7..3d565348 100644
--- a/puppet/services/pacemaker/nova-api.yaml
+++ b/puppet/services/pacemaker/nova-api.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Nova API role.
value:
service_name: nova_api
+ monitoring_subscription: {get_attr: [NovaApiBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NovaApiBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/nova-conductor.yaml b/puppet/services/pacemaker/nova-conductor.yaml
index 7a2313c7..9d55a48a 100644
--- a/puppet/services/pacemaker/nova-conductor.yaml
+++ b/puppet/services/pacemaker/nova-conductor.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Nova Conductor role.
value:
service_name: nova_conductor
+ monitoring_subscription: {get_attr: [NovaConductorBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NovaConductorBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/nova-consoleauth.yaml b/puppet/services/pacemaker/nova-consoleauth.yaml
index 77550c80..814505fb 100644
--- a/puppet/services/pacemaker/nova-consoleauth.yaml
+++ b/puppet/services/pacemaker/nova-consoleauth.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Nova Consoleauth role.
value:
service_name: nova_consoleauth
+ monitoring_subscription: {get_attr: [NovaConsoleauthBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NovaConsoleauthBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/nova-scheduler.yaml b/puppet/services/pacemaker/nova-scheduler.yaml
index 2571ec43..27692268 100644
--- a/puppet/services/pacemaker/nova-scheduler.yaml
+++ b/puppet/services/pacemaker/nova-scheduler.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Nova Scheduler role.
value:
service_name: nova_scheduler
+ monitoring_subscription: {get_attr: [NovaSchedulerBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NovaSchedulerBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/nova-vncproxy.yaml b/puppet/services/pacemaker/nova-vnc-proxy.yaml
index e536826e..d0c4f1d0 100644
--- a/puppet/services/pacemaker/nova-vncproxy.yaml
+++ b/puppet/services/pacemaker/nova-vnc-proxy.yaml
@@ -22,7 +22,7 @@ parameters:
resources:
NovaVncproxyBase:
- type: ../nova-vncproxy.yaml
+ type: ../nova-vnc-proxy.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
@@ -32,7 +32,8 @@ outputs:
role_data:
description: Role data for the Nova Vncproxy role.
value:
- service_name: nova_vncproxy
+ service_name: nova_vnc_proxy
+ monitoring_subscription: {get_attr: [NovaVncproxyBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NovaVncproxyBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml
index 3eb01398..f3fa2d28 100644
--- a/puppet/services/pacemaker/rabbitmq.yaml
+++ b/puppet/services/pacemaker/rabbitmq.yaml
@@ -32,6 +32,7 @@ outputs:
description: Role data for the RabbitMQ pacemaker role.
value:
service_name: rabbitmq
+ monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml
index e20b7a08..214e8dbb 100644
--- a/puppet/services/pacemaker/sahara-api.yaml
+++ b/puppet/services/pacemaker/sahara-api.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Sahara API role.
value:
service_name: sahara_api
+ monitoring_subscription: {get_attr: [SaharaApiBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [SaharaApiBase, role_data, config_settings]
diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml
index 07de74ca..aa85115d 100644
--- a/puppet/services/pacemaker/sahara-engine.yaml
+++ b/puppet/services/pacemaker/sahara-engine.yaml
@@ -33,6 +33,7 @@ outputs:
description: Role data for the Sahara Engine role.
value:
service_name: sahara_engine
+ monitoring_subscription: {get_attr: [SaharaEngineBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [SaharaEngineBase, role_data, config_settings]
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index 06595b07..a0669dcd 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -38,12 +38,16 @@ parameters:
type: string
default: ''
hidden: true
+ MonitoringSubscriptionRabbitmq:
+ default: 'overcloud-rabbitmq'
+ type: string
outputs:
role_data:
description: Role data for the RabbitMQ role.
value:
service_name: rabbitmq
+ monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq}
config_settings:
rabbitmq::file_limit: {get_param: RabbitFDLimit}
rabbitmq::default_user: {get_param: RabbitUserName}
diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml
index fae9c434..7f15ca72 100644
--- a/puppet/services/sahara-api.yaml
+++ b/puppet/services/sahara-api.yaml
@@ -30,6 +30,9 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionSaharaApi:
+ default: 'overcloud-sahara-api'
+ type: string
resources:
SaharaBase:
@@ -44,6 +47,7 @@ outputs:
description: Role data for the Sahara API role.
value:
service_name: sahara_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionSaharaApi}
config_settings:
map_merge:
- get_attr: [SaharaBase, role_data, config_settings]
diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml
index fcf4d485..9224fd5f 100644
--- a/puppet/services/sahara-engine.yaml
+++ b/puppet/services/sahara-engine.yaml
@@ -18,6 +18,9 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionSaharaEngine:
+ default: 'overcloud-sahara-engine'
+ type: string
resources:
SaharaBase:
@@ -32,6 +35,7 @@ outputs:
description: Role data for the Sahara Engine role.
value:
service_name: sahara_engine
+ monitoring_subscription: {get_param: MonitoringSubscriptionSaharaEngine}
config_settings:
map_merge:
- get_attr: [SaharaBase, role_data, config_settings]
diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml
index bb40001a..b54a6d7a 100644
--- a/puppet/services/services.yaml
+++ b/puppet/services/services.yaml
@@ -49,5 +49,14 @@ outputs:
yaql:
expression: list($.data.s_names.where($ != null))
data: {s_names: {get_attr: [ServiceChain, role_data, service_name]}}
+ monitoring_subscriptions:
+ yaql:
+ expression: list($.data.subscriptions.where($ != null))
+ data: {subscriptions: {get_attr: [ServiceChain, role_data, monitoring_subscription]}}
config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}}
+ global_config_settings:
+ map_merge:
+ yaql:
+ expression: list($.data.configs.where($ != null))
+ data: {configs: {get_attr: [ServiceChain, role_data, global_config_settings]}}
step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]}
diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml
index e38ccf42..4d01632d 100644
--- a/puppet/services/snmp.yaml
+++ b/puppet/services/snmp.yaml
@@ -35,8 +35,8 @@ outputs:
value:
service_name: snmp
config_settings:
- snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
- snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
+ tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName}
+ tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword}
tripleo.snmp.firewall_rules:
'127 snmp':
dport: 161
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index cba08090..d7b0cd7c 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -38,6 +38,9 @@ parameters:
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionSwiftProxy:
+ default: 'overcloud-swift-proxy'
+ type: string
resources:
SwiftBase:
@@ -52,14 +55,15 @@ outputs:
description: Role data for the Swift proxy service.
value:
service_name: swift_proxy
+ monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy}
config_settings:
map_merge:
- get_attr: [SwiftBase, role_data, config_settings]
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
- swift::proxy::authtoken::admin_tenant_name: 'service'
+ swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ swift::proxy::authtoken::password: {get_param: SwiftPassword}
+ swift::proxy::authtoken::project_name: 'service'
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
swift::proxy::workers: {get_param: SwiftWorkers}
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
diff --git a/puppet/services/swift-ringbuilder.yaml b/puppet/services/swift-ringbuilder.yaml
index f41228e7..e151d185 100644
--- a/puppet/services/swift-ringbuilder.yaml
+++ b/puppet/services/swift-ringbuilder.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
OpenStack Swift Ringbuilder
@@ -34,6 +34,11 @@ parameters:
type: number
default: 3
description: How many replicas to use in the swift rings.
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
+
outputs:
role_data:
@@ -43,6 +48,17 @@ outputs:
config_settings:
tripleo::profile::base::swift::ringbuilder::build_ring: {get_param: SwiftRingBuild}
tripleo::profile::base::swift::ringbuilder::replicas: {get_param: SwiftReplicas}
+ tripleo::profile::base::swift::ringbuilder::raw_disk_prefix: 'r1z1-'
+ tripleo::profile::base::swift::ringbuilder::raw_disks:
+ yaql:
+ expression: $.data.raw_disk_lists.flatten()
+ data:
+ raw_disk_lists:
+ - [':%PORT%/d1']
+ - repeat:
+ template: ':%PORT%/DEVICE'
+ for_each:
+ DEVICE: {get_param: SwiftRawDisks}
swift::ringbuilder::part_power: {get_param: SwiftPartPower}
swift::ringbuilder::min_part_hours: {get_param: SwiftMinPartHours}
step_config: |
diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml
index 6c7c3c7a..7fbb8d90 100644
--- a/puppet/services/swift-storage.yaml
+++ b/puppet/services/swift-storage.yaml
@@ -30,6 +30,9 @@ parameters:
default: {}
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
type: json
+ MonitoringSubscriptionSwiftStorage:
+ default: 'overcloud-swift-storage'
+ type: string
# DEPRECATED options for compatibility with overcloud.yaml
# This should be removed and manipulation of the ControllerServices list
@@ -58,6 +61,7 @@ outputs:
description: Role data for the Swift Proxy role.
value:
service_name: swift_storage
+ monitoring_subscription: {get_param: MonitoringSubscriptionSwiftStorage}
config_settings:
map_merge:
- get_attr: [SwiftBase, role_data, config_settings]
@@ -83,6 +87,6 @@ outputs:
- healthcheck
- account-server
swift::storage::disks: {get_param: SwiftRawDisks}
- swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
+ swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftStorageNetwork]}
step_config: |
include ::tripleo::profile::base::swift::storage
diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml
index 14965b4f..f6ec458f 100644
--- a/puppet/services/tripleo-firewall.yaml
+++ b/puppet/services/tripleo-firewall.yaml
@@ -18,11 +18,22 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ManageFirewall:
+ default: false
+ description: Whether to manage IPtables rules.
+ type: boolean
+ PurgeFirewallRules:
+ default: false
+ description: Whether IPtables rules should be purged before setting up the new ones.
+ type: boolean
outputs:
role_data:
description: Role data for the TripleO firewall settings
value:
service_name: tripleo_firewall
+ config_settings:
+ tripleo::firewall::manage_firewall: {get_param: ManageFirewall}
+ tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
step_config: |
include ::tripleo::firewall
diff --git a/puppet/services/vip-hosts.yaml b/puppet/services/vip-hosts.yaml
new file mode 100644
index 00000000..a9d757ee
--- /dev/null
+++ b/puppet/services/vip-hosts.yaml
@@ -0,0 +1,56 @@
+heat_template_version: 2016-04-08
+
+description: >
+ If the deployer doesn't have a DNS server for the overcloud nodes. This will
+ populate the node-names and IPs for the VIPs of the overcloud.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: role data for the VIP hosts role
+ value:
+ service_name: vip_hosts
+ config_settings:
+ tripleo::vip_hosts::hosts_spec:
+ external:
+ name: "%{hiera('cloud_name_external')}"
+ ip: "%{hiera('public_virtual_ip')}"
+ ensure: present
+ comment: FQDN of the external VIP
+ internal_api:
+ name: "%{hiera('cloud_name_internal_api')}"
+ ip: "%{hiera('internal_api_virtual_ip')}"
+ ensure: present
+ comment: FQDN of the internal api VIP
+ storage:
+ name: "%{hiera('cloud_name_storage')}"
+ ip: "%{hiera('storage_virtual_ip')}"
+ ensure: present
+ comment: FQDN of the storage VIP
+ storage_mgmt:
+ name: "%{hiera('cloud_name_storage_mgmt')}"
+ ip: "%{hiera('storage_mgmt_virtual_ip')}"
+ ensure: present
+ comment: FQDN of the storage mgmt VIP
+ ctlplane:
+ name: "%{hiera('cloud_name_ctlplane')}"
+ ip: "%{hiera('controller_virtual_ip')}"
+ ensure: present
+ comment: FQDN of the ctlplane VIP
+ step_config: |
+ include ::tripleo::vip_hosts
diff --git a/puppet/swift-devices-and-proxy-config.yaml b/puppet/swift-devices-and-proxy-config.yaml
deleted file mode 100644
index 14df831f..00000000
--- a/puppet/swift-devices-and-proxy-config.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-heat_template_version: 2015-04-30
-description: 'Swift Devices and Proxy Config for Puppet'
-
-parameters:
- controller_swift_devices:
- type: comma_delimited_list
- object_store_swift_devices:
- type: comma_delimited_list
- controller_swift_proxy_memcaches:
- type: comma_delimited_list
-
-resources:
-
- SwiftDevicesAndProxyConfigImpl:
- type: OS::Heat::StructuredConfig
- properties:
- group: os-apply-config
- config:
- hiera:
- datafiles:
- swift_devices_and_proxy:
- mapped_data:
- tripleo::profile::base::swift::ringbuilder::devices:
- list_join:
- - ", "
- - - list_join:
- - ", "
- - {get_param: controller_swift_devices}
- - list_join:
- - ", "
- - {get_param: object_store_swift_devices}
- swift::proxy::cache::memcache_servers:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: controller_swift_proxy_memcaches}
-
-outputs:
- config_id:
- description: The ID of the SwiftDevicesAndProxyConfigImpl resource.
- value:
- {get_resource: SwiftDevicesAndProxyConfigImpl}
diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml
deleted file mode 100644
index 859fad2c..00000000
--- a/puppet/swift-storage-post.yaml
+++ /dev/null
@@ -1,90 +0,0 @@
-heat_template_version: 2015-04-30
-description: 'OpenStack swift storage node post deployment for Puppet'
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- servers:
- type: json
- RoleData:
- type: json
- default: {}
- DeployIdentifier:
- type: string
- description: Value which changes if the node configuration may need to be re-applied
-
-resources:
-
- StorageArtifactsConfig:
- type: deploy-artifacts.yaml
-
- StorageArtifactsDeploy:
- type: OS::Heat::StructuredDeployments
- properties:
- servers: {get_param: servers}
- config: {get_resource: StorageArtifactsConfig}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
- StoragePuppetConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
- inputs:
- - name: step
- outputs:
- - name: result
- config:
- list_join:
- - ''
- - - get_file: manifests/overcloud_object.pp
- - {get_param: [RoleData, step_config]}
-
- StorageRingbuilderDeployment_Step2:
- type: OS::Heat::StructuredDeployments
- depends_on: StorageArtifactsDeploy
- properties:
- name: StorageRingbuilderDeployment_Step2
- servers: {get_param: servers}
- config: {get_resource: StoragePuppetConfig}
- input_values:
- step: 2
- update_identifier: {get_param: DeployIdentifier}
-
- StorageRingbuilderDeployment_Step3:
- type: OS::Heat::StructuredDeployments
- depends_on: StorageRingbuilderDeployment_Step2
- properties:
- name: StorageRingbuilderDeployment_Step3
- servers: {get_param: servers}
- config: {get_resource: StoragePuppetConfig}
- input_values:
- step: 3
- update_identifier: {get_param: DeployIdentifier}
-
- StorageDeployment_Step4:
- type: OS::Heat::StructuredDeployments
- depends_on: StorageRingbuilderDeployment_Step3
- properties:
- name: StorageDeployment_Step4
- servers: {get_param: servers}
- config: {get_resource: StoragePuppetConfig}
- input_values:
- step: 4
- update_identifier: {get_param: DeployIdentifier}
-
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- ExtraConfig:
- depends_on: StorageDeployment_Step4
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: servers}
-
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index b933c542..ff0012ff 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -84,14 +84,13 @@ parameters:
ServiceNames:
type: comma_delimited_list
default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
ConfigCommand:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
- SwiftRawDisks:
- default: {}
- description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
- type: json
resources:
@@ -234,14 +233,16 @@ resources:
- service_names
- service_configs
- object
- - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
+ - bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
+ - vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
merge_behavior: deeper
datafiles:
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
@@ -311,6 +312,7 @@ outputs:
STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
TENANTIP TENANTHOST.DOMAIN TENANTHOST
MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
+ CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -351,31 +353,16 @@ outputs:
- '.'
- - {get_attr: [SwiftStorage, name]}
- management
+ CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ CTLPLANEHOST:
+ list_join:
+ - '.'
+ - - {get_attr: [SwiftStorage, name]}
+ - ctlplane
nova_server_resource:
description: Heat resource handle for the swift storage server
value:
{get_resource: SwiftStorage}
- swift_device:
- description: Swift device formatted for swift-ring-builder
- value:
- str_replace:
- template:
- list_join:
- - ','
- - ['r1z1-IP:%PORT%/d1']
- - repeat:
- template: 'r1z1-IP:%PORT%/DEVICE'
- for_each:
- DEVICE: {get_param: SwiftRawDisks}
- params:
- IP:
- get_attr:
- - NetIpMap
- - net_ip_map
- - str_replace:
- template: "NETWORK_uri"
- params:
- NETWORK: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}
diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml
deleted file mode 100644
index cbd7ea09..00000000
--- a/puppet/vip-config.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
-heat_template_version: 2015-04-30
-
-description: >
- Configure hieradata for service -> virtual IP mappings.
-
-resources:
- VipConfigImpl:
- type: OS::Heat::StructuredConfig
- properties:
- group: os-apply-config
- config:
- hiera:
- datafiles:
- vip_data:
- mapped_data:
- keystone_admin_api_vip: {get_input: keystone_admin_api_vip}
- keystone_public_api_vip: {get_input: keystone_public_api_vip}
- neutron_api_vip: {get_input: neutron_api_vip}
- # TODO: pass a `midonet_api_vip` var
- midonet_api_vip: {get_input: neutron_api_vip}
- cinder_api_vip: {get_input: cinder_api_vip}
- glance_api_vip: {get_input: glance_api_vip}
- glance_registry_vip: {get_input: glance_registry_vip}
- sahara_api_vip: {get_input: sahara_api_vip}
- swift_proxy_vip: {get_input: swift_proxy_vip}
- manila_api_vip: {get_input: manila_api_vip}
- nova_api_vip: {get_input: nova_api_vip}
- nova_metadata_vip: {get_input: nova_metadata_vip}
- ceilometer_api_vip: {get_input: ceilometer_api_vip}
- aodh_api_vip: {get_input: aodh_api_vip}
- gnocchi_api_vip: {get_input: gnocchi_api_vip}
- heat_api_vip: {get_input: heat_api_vip}
- horizon_vip: {get_input: horizon_vip}
- redis_vip: {get_input: redis_vip}
- mysql_vip: {get_input: mysql_vip}
- public_virtual_ip: {get_input: public_virtual_ip}
- controller_virtual_ip: {get_input: control_virtual_ip}
- internal_api_virtual_ip: {get_input: internal_api_virtual_ip}
- storage_virtual_ip: {get_input: storage_virtual_ip}
- storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip}
- ironic_api_vip: {get_input: ironic_api_vip}
- opendaylight_api_vip: {get_input: opendaylight_api_vip}
- # public_virtual_ip and controller_virtual_ip are needed in
- # both HAproxy & keepalived.
- tripleo::haproxy::public_virtual_ip: {get_input: public_virtual_ip}
- tripleo::haproxy::controller_virtual_ip: {get_input: control_virtual_ip}
- tripleo::keepalived::public_virtual_ip: {get_input: public_virtual_ip}
- tripleo::keepalived::controller_virtual_ip: {get_input: control_virtual_ip}
- tripleo::keepalived::internal_api_virtual_ip: {get_input: internal_api_virtual_ip}
- tripleo::keepalived::storage_virtual_ip: {get_input: storage_virtual_ip}
- tripleo::keepalived::storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip}
- tripleo::redis_notification::haproxy_monitor_ip: {get_input: control_virtual_ip}
-
-
-outputs:
- OS::stack_id:
- description: The VipConfigImpl resource.
- value: {get_resource: VipConfigImpl}