summaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/cinder-storage.yaml2
-rw-r--r--puppet/controller.yaml52
-rw-r--r--puppet/services/aodh-api.yaml1
-rw-r--r--puppet/services/aodh-base.yaml7
-rw-r--r--puppet/services/ceilometer-api.yaml1
-rw-r--r--puppet/services/ceilometer-base.yaml7
-rw-r--r--puppet/services/database/redis-base.yaml1
-rw-r--r--puppet/services/haproxy.yaml32
-rw-r--r--puppet/services/ironic-api.yaml10
-rw-r--r--puppet/services/keepalived.yaml13
-rw-r--r--puppet/services/manila-api.yaml8
-rw-r--r--puppet/services/neutron-dhcp.yaml15
-rw-r--r--puppet/services/neutron-ovs-agent.yaml6
-rw-r--r--puppet/services/nova-api.yaml5
-rw-r--r--puppet/services/swift-storage.yaml5
-rw-r--r--puppet/swift-storage.yaml13
16 files changed, 115 insertions, 63 deletions
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index ff2c5d1c..ef3f08ff 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -106,7 +106,7 @@ resources:
properties:
image:
{get_param: BlockStorageImage}
- flavor: {get_param: Flavor}
+ flavor: {get_param: OvercloudBlockStorageFlavor}
key_name: {get_param: KeyName}
networks:
- network: ctlplane
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 65e47b77..1b2706ea 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -27,10 +27,6 @@ parameters:
...
}
type: json
- ControlVirtualInterface:
- default: 'br-ex'
- description: Interface where virtual ip will be assigned.
- type: string
CorosyncIPv6:
default: false
description: Enable IPv6 in Corosync
@@ -91,17 +87,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- HAProxyStatsPassword:
- description: Password for HAProxy stats endpoint
- type: string
- HAProxyStatsUser:
- description: User for HAProxy stats endpoint
- default: admin
- type: string
- HAProxySyslogAddress:
- default: /dev/log
- description: Syslog address where HAproxy will send its log
- type: string
HeatAuthEncryptionKey:
description: Auth encryption key for heat-engine
type: string
@@ -170,12 +155,6 @@ parameters:
type: string
description: The password for the 'pcsd' user.
hidden: true
- PublicVirtualInterface:
- default: 'br-ex'
- description: >
- Specifies the interface where the public-facing virtual ip will be assigned.
- This should be int_public when a VLAN is being used.
- type: string
RedisPassword:
description: The password for Redis
type: string
@@ -192,6 +171,10 @@ parameters:
in the ring.
hidden: true
type: string
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
UpgradeLevelNovaCompute:
type: string
description: Nova Compute upgrade level
@@ -422,9 +405,6 @@ resources:
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
- haproxy_log_address: {get_param: HAProxySyslogAddress}
- haproxy_stats_password: {get_param: HAProxyStatsPassword}
- haproxy_stats_user: {get_param: HAProxyStatsUser}
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
horizon_secret: {get_param: HorizonSecret}
debug: {get_param: Debug}
@@ -456,8 +436,6 @@ resources:
instance_name_template: {get_param: InstanceNameTemplate}
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
- control_virtual_interface: {get_param: ControlVirtualInterface}
- public_virtual_interface: {get_param: PublicVirtualInterface}
swift_hash_suffix: {get_param: SwiftHashSuffix}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
@@ -627,11 +605,8 @@ resources:
# Nova
nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
nova::use_ipv6: {get_input: nova_ipv6}
- nova::api::auth_uri: {get_input: keystone_auth_uri}
- nova::api::identity_uri: {get_input: keystone_identity_uri}
nova::api::api_bind_address: {get_input: nova_api_network}
nova::api::metadata_listen: {get_input: nova_metadata_network}
- nova::api::admin_password: {get_input: nova_password}
nova::glance_api_servers: {get_input: glance_api_servers}
nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
nova::api::instance_name_template: {get_input: instance_name_template}
@@ -658,17 +633,7 @@ resources:
# Misc
memcached_ipv6: {get_input: memcached_ipv6}
memcached::listen_ip: {get_input: memcached_network}
- control_virtual_interface: {get_input: control_virtual_interface}
- public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface}
- tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface}
- tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface}
- tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address}
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
- tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user}
- tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password}
- tripleo::haproxy::redis_password: {get_input: redis_password}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
@@ -785,7 +750,14 @@ outputs:
description: Swift device formatted for swift-ring-builder
value:
str_replace:
- template: 'r1z1-IP:%PORT%/d1'
+ template:
+ list_join:
+ - ','
+ - ['r1z1-IP:%PORT%/d1']
+ - repeat:
+ template: 'r1z1-IP:%PORT%/DEVICE'
+ for_each:
+ DEVICE: {get_param: SwiftRawDisks}
params:
IP:
get_attr:
diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml
index b85cfe71..ae0f0c2d 100644
--- a/puppet/services/aodh-api.yaml
+++ b/puppet/services/aodh-api.yaml
@@ -37,7 +37,6 @@ outputs:
- get_attr: [AodhBase, role_data, config_settings]
- aodh::wsgi::apache::ssl: false
aodh::api::service_name: 'httpd'
- aodh::api::keystone_tenant: 'service'
- tripleo.aodh_api.firewall_rules:
'128 aodh-api':
dport:
diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml
index 603b2d82..15f81953 100644
--- a/puppet/services/aodh-base.yaml
+++ b/puppet/services/aodh-base.yaml
@@ -82,9 +82,10 @@ outputs:
aodh::rabbit_password: {get_param: RabbitPassword}
aodh::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
aodh::rabbit_port: {get_param: RabbitClientPort}
- aodh::api::keystone_password: {get_param: AodhPassword}
- aodh::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- aodh::api::keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ aodh::keystone::authtoken::project_name: 'service'
+ aodh::keystone::authtoken::password: {get_param: AodhPassword}
+ aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
aodh::auth::auth_password: {get_param: AodhPassword}
aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]}
aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]}
diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml
index b9f021e3..3a01a1f9 100644
--- a/puppet/services/ceilometer-api.yaml
+++ b/puppet/services/ceilometer-api.yaml
@@ -41,6 +41,5 @@ outputs:
dport:
- 8777
- 13777
- - ceilometer::api::keystone_tenant: 'service'
step_config: |
include ::tripleo::profile::base::ceilometer::api
diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml
index 1a65a595..62fdd5c1 100644
--- a/puppet/services/ceilometer-base.yaml
+++ b/puppet/services/ceilometer-base.yaml
@@ -91,9 +91,10 @@ outputs:
ceilometer::metering_secret: {get_param: CeilometerMeteringSecret}
# we include db_sync class in puppet-tripleo
ceilometer::db::sync_db: false
- ceilometer::api::keystone_password: {get_param: CeilometerPassword}
- ceilometer::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- ceilometer::api::keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ ceilometer::keystone::authtoken::project_name: 'service'
+ ceilometer::keystone::authtoken::password: {get_param: CeilometerPassword}
+ ceilometer::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword}
ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents}
diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml
index 301b2bb1..40711432 100644
--- a/puppet/services/database/redis-base.yaml
+++ b/puppet/services/database/redis-base.yaml
@@ -36,4 +36,3 @@ outputs:
redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"'
redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"'
redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
- tripleo::loadbalancer::redis_password: {get_param: RedisPassword}
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index 00574c2f..8ac669a9 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -18,6 +18,32 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ HAProxyStatsPassword:
+ description: Password for HAProxy stats endpoint
+ hidden: true
+ type: string
+ HAProxyStatsUser:
+ description: User for HAProxy stats endpoint
+ default: admin
+ type: string
+ HAProxySyslogAddress:
+ default: /dev/log
+ description: Syslog address where HAproxy will send its log
+ type: string
+ RedisPassword:
+ description: The password for Redis
+ type: string
+ hidden: true
+ ControlVirtualInterface:
+ default: 'br-ex'
+ description: Interface where virtual ip will be assigned.
+ type: string
+ PublicVirtualInterface:
+ default: 'br-ex'
+ description: >
+ Specifies the interface where the public-facing virtual ip will be assigned.
+ This should be int_public when a VLAN is being used.
+ type: string
outputs:
role_data:
@@ -49,5 +75,11 @@ outputs:
tripleo::haproxy::heat_cloudwatch: true
tripleo::haproxy::heat_cfn: true
tripleo::haproxy::horizon: true
+ tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
+ tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
+ tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
+ tripleo::haproxy::redis_password: {get_param: RedisPassword}
+ tripleo::haproxy::control_virtual_interface: {get_param: ControlVirtualInterface}
+ tripleo::haproxy::public_virtual_interface: {get_param: PublicVirtualInterface}
step_config: |
include ::tripleo::profile::base::haproxy
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index e185630e..6b494256 100644
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -45,11 +45,11 @@ outputs:
# the TFTP server IP in ironic-conductor.yaml as it should not be
# the VIP, but rather a real IP of the controller.
- ironic::my_ip: {get_param: [EndpointMap, MysqlInternal, host]}
- ironic::api::admin_password: {get_param: IronicPassword}
- ironic::api::admin_tenant_name: 'service'
- ironic::api::admin_user: 'ironic'
- ironic::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- ironic::api::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ ironic::api::authtoken::password: {get_param: IronicPassword}
+ ironic::api::authtoken::project_name: 'service'
+ ironic::api::authtoken::username: 'ironic'
+ ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
# This is used to build links in responses
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml
index c8c977c6..b783345b 100644
--- a/puppet/services/keepalived.yaml
+++ b/puppet/services/keepalived.yaml
@@ -18,11 +18,24 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ControlVirtualInterface:
+ default: 'br-ex'
+ description: Interface where virtual ip will be assigned.
+ type: string
+ PublicVirtualInterface:
+ default: 'br-ex'
+ description: >
+ Specifies the interface where the public-facing virtual ip will be assigned.
+ This should be int_public when a VLAN is being used.
+ type: string
outputs:
role_data:
description: Role data for the Keepalived role.
value:
service_name: keepalived
+ config_settings:
+ tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface}
+ tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface}
step_config: |
include ::tripleo::profile::base::keepalived
diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml
index 8b456af5..633e75ba 100644
--- a/puppet/services/manila-api.yaml
+++ b/puppet/services/manila-api.yaml
@@ -43,9 +43,10 @@ outputs:
config_settings:
map_merge:
- get_attr: [ManilaBase, role_data, config_settings]
- - manila::api::keystone_password: {get_param: ManilaPassword}
- manila::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- manila::api::keystone_auth_host: {get_param: [EndpointMap, ManilaInternal, host]}
+ - manila::keystone::authtoken::password: {get_param: ManilaPassword}
+ manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ manila::keystone::authtoken::project_name: 'service'
manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
@@ -54,7 +55,6 @@ outputs:
manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
manila::keystone::auth::password: {get_param: ManilaPassword }
manila::keystone::auth::region: {get_param: KeystoneRegion }
- manila::api::keystone_tenant: 'service'
step_config: |
include ::tripleo::profile::base::manila::api
diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml
index ed2dbd0e..513cb2d4 100644
--- a/puppet/services/neutron-dhcp.yaml
+++ b/puppet/services/neutron-dhcp.yaml
@@ -18,10 +18,19 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ NeutronEnableMetadataNetwork:
+ default: false
+ description: If True, DHCP provide metadata network. Requires either
+ IsolatedMetadata or ForceMetadata parameters to also be True.
+ type: boolean
NeutronEnableIsolatedMetadata:
- default: 'False'
+ default: false
description: If True, DHCP provide metadata route to VM.
- type: string
+ type: boolean
+ NeutronEnableForceMetadata:
+ default: false
+ description: If True, DHCP always provides metadata route to VM.
+ type: boolean
resources:
@@ -41,6 +50,8 @@ outputs:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
+ neutron::agents::dhcp::enable_force_metadata: {get_param: NeutronEnableForceMetadata}
+ neutron::agents::dhcp::enable_metadata_network: {get_param: NeutronEnableMetadataNetwork}
tripleo.neutron_dhcp.firewall_rules:
'115 neutron dhcp input':
proto: 'udp'
diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml
index 7520f6f6..5a0ad23c 100644
--- a/puppet/services/neutron-ovs-agent.yaml
+++ b/puppet/services/neutron-ovs-agent.yaml
@@ -48,6 +48,11 @@ parameters:
description: |
Enable support for distributed routing in the OVS Agent.
type: boolean
+ NeutronEnableARPResponder:
+ default: false
+ description: |
+ Enable ARP responder feature in the OVS Agent.
+ type: boolean
resources:
@@ -68,6 +73,7 @@ outputs:
- get_attr: [NeutronBase, role_data, config_settings]
neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
+ neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
neutron::agents::ml2::ovs::bridge_mappings:
str_replace:
template: MAPPINGS
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index 143c0619..c2bd395e 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -61,7 +61,10 @@ outputs:
- 8774
- 13774
- 8775
- nova::api::admin_tenant_name: 'service'
+ nova::keystone::authtoken::project_name: 'service'
+ nova::keystone::authtoken::password: {get_param: NovaPassword}
+ nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
nova::api::enabled: true
nova::api::default_floating_pool: 'public'
nova::api::sync_db_api: true
diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml
index 558f2752..664a701f 100644
--- a/puppet/services/swift-storage.yaml
+++ b/puppet/services/swift-storage.yaml
@@ -26,6 +26,10 @@ parameters:
default: false
description: Value of mount_check in Swift account/container/object -server.conf
type: boolean
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
# DEPRECATED options for compatibility with overcloud.yaml
# This should be removed and manipulation of the ControllerServices list
@@ -69,5 +73,6 @@ outputs:
swift::storage::all::account_pipeline:
- healthcheck
- account-server
+ swift::storage::disks: {get_param: SwiftRawDisks}
step_config: |
include ::tripleo::profile::base::swift::storage
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index dc28ee76..1f3022b8 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -101,6 +101,10 @@ parameters:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
resources:
@@ -377,7 +381,14 @@ outputs:
description: Swift device formatted for swift-ring-builder
value:
str_replace:
- template: 'r1z1-IP:%PORT%/d1'
+ template:
+ list_join:
+ - ','
+ - ['r1z1-IP:%PORT%/d1']
+ - repeat:
+ template: 'r1z1-IP:%PORT%/DEVICE'
+ for_each:
+ DEVICE: {get_param: SwiftRawDisks}
params:
IP:
get_attr: