diff options
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/blockstorage-role.yaml | 7 | ||||
-rw-r--r-- | puppet/cephstorage-role.yaml | 7 | ||||
-rw-r--r-- | puppet/compute-role.yaml | 7 | ||||
-rw-r--r-- | puppet/controller-role.yaml | 7 | ||||
-rw-r--r-- | puppet/extraconfig/tls/freeipa-enroll.yaml | 21 | ||||
-rw-r--r-- | puppet/objectstorage-role.yaml | 7 | ||||
-rw-r--r-- | puppet/role.role.j2.yaml | 7 | ||||
-rw-r--r-- | puppet/services/opendaylight-ovs.yaml | 11 | ||||
-rw-r--r-- | puppet/services/swift-proxy.yaml | 64 |
9 files changed, 112 insertions, 26 deletions
diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index f7414475..e74beb2d 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -152,6 +152,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -163,6 +165,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::BlockStorage::NodeUserData + ExternalPort: type: OS::TripleO::BlockStorage::Ports::ExternalPort properties: diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 05ecb181..75f58012 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -158,6 +158,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -169,6 +171,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::CephStorage::NodeUserData + ExternalPort: type: OS::TripleO::CephStorage::Ports::ExternalPort properties: diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index bf580221..cedab0e6 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -172,6 +172,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -183,6 +185,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::Compute::NodeUserData + ExternalPort: type: OS::TripleO::Compute::Ports::ExternalPort properties: diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 221bfed7..05527b63 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -191,6 +191,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -202,6 +204,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::Controller::NodeUserData + ExternalPort: type: OS::TripleO::Controller::Ports::ExternalPort properties: diff --git a/puppet/extraconfig/tls/freeipa-enroll.yaml b/puppet/extraconfig/tls/freeipa-enroll.yaml index 44be7c65..84d431fb 100644 --- a/puppet/extraconfig/tls/freeipa-enroll.yaml +++ b/puppet/extraconfig/tls/freeipa-enroll.yaml @@ -13,10 +13,12 @@ parameters: type: string FreeIPAOTP: + default: '' description: 'OTP that will be used for FreeIPA enrollment' type: string hidden: true FreeIPAServer: + default: '' description: 'FreeIPA server DNS name' type: string FreeIPAIPAddress: @@ -36,18 +38,27 @@ resources: - name: ipa_ip config: | #!/bin/sh - sed -i "/${ipa_server}/d" /etc/hosts - # Optionally add the FreeIPA server IP to /etc/hosts - if [ -n "${ipa_ip}" ]; then - echo "${ipa_ip} ${ipa_server}" >> /etc/hosts + # If no IPA server was given as a parameter, it will be assumed from + # DNS. + if [ -n "${ipa_server}" ]; then + sed -i "/${ipa_server}/d" /etc/hosts + # Optionally add the FreeIPA server IP to /etc/hosts + if [ -n "${ipa_ip}" ]; then + echo "${ipa_ip} ${ipa_server}" >> /etc/hosts + fi fi # Set the node's domain if needed if [ ! $(hostname -f | grep "${ipa_domain}$") ]; then hostnamectl set-hostname "$(hostname).${ipa_domain}" fi yum install -y ipa-client - # Enroll. If there is already keytab, we have already done this. + # Enroll. If there is already keytab, we have already done this. If + # this node hasn't enrolled and the OTP is missing, fail. if [ ! -f /etc/krb5.keytab ]; then + if [ -z "${otp}" ]; then + echo "OTP is missing" + exit 1 + fi ipa-client-install --server ${ipa_server} -w ${otp} \ --domain=${ipa_domain} -U fi diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 640378c8..77a60510 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -152,6 +152,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -163,6 +165,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::ObjectStorage::NodeUserData + ExternalPort: type: OS::TripleO::SwiftStorage::Ports::ExternalPort properties: diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 7b3d2d31..22370a7d 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -175,6 +175,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -186,6 +188,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::{{role}}::NodeUserData + ExternalPort: type: OS::TripleO::{{role}}::Ports::ExternalPort properties: diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 907ecddc..63d12fe2 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -8,6 +8,15 @@ parameters: default: 8081 description: Set opendaylight service port type: number + OpenDaylightUsername: + default: 'admin' + description: The username for the opendaylight server. + type: string + OpenDaylightPassword: + default: 'admin' + type: string + description: The password for the opendaylight server. + hidden: true OpenDaylightConnectionProtocol: description: L7 protocol used for REST access type: string @@ -46,6 +55,8 @@ outputs: service_name: opendaylight_ovs config_settings: opendaylight::odl_rest_port: {get_param: OpenDaylightPort} + opendaylight::username: {get_param: OpenDaylightUsername} + opendaylight::password: {get_param: OpenDaylightPassword} opendaylight_check_url: {get_param: OpenDaylightCheckURL} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index ba184ab0..94db9e41 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Swift Proxy service configured with Puppet @@ -49,6 +49,18 @@ parameters: default: guest description: The username for RabbitMQ type: string + SwiftCeilometerPipelineEnabled: + description: Set to False to disable the swift proxy ceilometer pipeline. + default: True + type: boolean + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +conditions: + + ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]} resources: SwiftBase: @@ -78,6 +90,8 @@ outputs: swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} swift::proxy::ceilometer::nonblocking_notify: true + tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort} + tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled} tripleo.swift_proxy.firewall_rules: '122 swift proxy': dport: @@ -89,26 +103,34 @@ outputs: - ResellerAdmin swift::proxy::versioned_writes::allow_versioned_writes: true swift::proxy::pipeline: - - 'catch_errors' - - 'healthcheck' - - 'proxy-logging' - - 'cache' - - 'ratelimit' - - 'bulk' - - 'tempurl' - - 'formpost' - - 'authtoken' - - 'keystone' - - 'staticweb' - - 'copy' - - 'container-quotas' - - 'account-quotas' - - 'slo' - - 'dlo' - - 'versioned_writes' - - 'ceilometer' - - 'proxy-logging' - - 'proxy-server' + yaql: + expression: $.data.pipeline.where($ != '') + data: + pipeline: + - 'catch_errors' + - 'healthcheck' + - 'proxy-logging' + - 'cache' + - 'ratelimit' + - 'bulk' + - 'tempurl' + - 'formpost' + - 'authtoken' + - 'keystone' + - 'staticweb' + - 'copy' + - 'container-quotas' + - 'account-quotas' + - 'slo' + - 'dlo' + - 'versioned_writes' + - + if: + - ceilometer_pipeline_enabled + - 'ceilometer' + - '' + - 'proxy-logging' + - 'proxy-server' swift::proxy::account_autocreate: true # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples |