diff options
Diffstat (limited to 'puppet')
37 files changed, 2774 insertions, 901 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 060f4c81..2bc519bb 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -238,6 +238,7 @@ resources: heat::rabbit_hosts: *rabbit_nodes_array neutron::rabbit_hosts: *rabbit_nodes_array nova::rabbit_hosts: *rabbit_nodes_array + keystone::rabbit_hosts: *rabbit_nodes_array outputs: config_id: diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index 33b18574..96198c3f 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -2,6 +2,18 @@ heat_template_version: 2015-04-30 description: 'Ceph Cluster config data for Puppet' parameters: + ceph_storage_count: + default: 0 + type: number + description: Number of Ceph storage nodes. Used to enable/disable managed Ceph installation. + ceph_external_mon_ips: + default: '' + type: string + description: List of external Ceph Mon host IPs. + ceph_client_key: + default: '' + type: string + description: Ceph key used to create the client user keyring. ceph_fsid: default: '' type: string @@ -15,6 +27,18 @@ parameters: type: comma_delimited_list ceph_mon_ips: type: comma_delimited_list + NovaRbdPoolName: + default: vms + type: string + CinderRbdPoolName: + default: volumes + type: string + GlanceRbdPoolName: + default: images + type: string + CephClientUserName: + default: openstack + type: string resources: CephClusterConfigImpl: @@ -26,6 +50,7 @@ resources: datafiles: ceph_cluster: mapped_data: + ceph_storage_count: {get_param: ceph_storage_count} ceph_mon_initial_members: list_join: - ',' @@ -52,15 +77,34 @@ resources: keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring', cap_mon: 'allow profile bootstrap-osd' }, - client.openstack: { + client.CLIENT_USER: { secret: 'ADMIN_KEY', mode: '0644', cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms, allow rwx pool=images' + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL' } }" params: + CLIENT_USER: {get_param: CephClientUserName} ADMIN_KEY: {get_param: ceph_admin_key} + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} + cinder_rbd_pool_name: {get_param: CinderRbdPoolName} + glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} + ceph_client_user_name: {get_param: CephClientUserName} + ceph_pools: + - {get_param: CinderRbdPoolName} + - {get_param: NovaRbdPoolName} + - {get_param: GlanceRbdPoolName} outputs: config_id: diff --git a/puppet/ceph-storage-post-puppet.yaml b/puppet/ceph-storage-post.yaml index 1b5b944d..0f7dd36f 100644 --- a/puppet/ceph-storage-post-puppet.yaml +++ b/puppet/ceph-storage-post.yaml @@ -4,6 +4,10 @@ description: > OpenStack ceph storage node post deployment for Puppet parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean servers: type: json NodeConfigIdentifiers: @@ -16,6 +20,8 @@ resources: type: OS::Heat::SoftwareConfig properties: group: puppet + options: + enable_debug: {get_param: ConfigDebug} outputs: - name: result config: diff --git a/puppet/ceph-storage-puppet.yaml b/puppet/ceph-storage.yaml index 245d8ebb..0d968504 100644 --- a/puppet/ceph-storage-puppet.yaml +++ b/puppet/ceph-storage.yaml @@ -22,8 +22,9 @@ parameters: constraints: - custom_constraint: nova.keypair NtpServer: - type: string default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -42,6 +43,18 @@ parameters: Hostname: type: string default: '' # Defaults to Heat created hostname + ExtraConfig: + default: {} + description: | + Additional hiera configuration to inject into the cluster. Note + that CephStorageExtraConfig takes precedence over ExtraConfig. + type: json + CephStorageExtraConfig: + default: {} + description: | + Role specific additional hiera configuration to inject into the cluster. + type: json + resources: CephStorage: @@ -54,9 +67,26 @@ resources: networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} + user_data: {get_resource: UserData} name: {get_param: Hostname} + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeUserData: type: OS::TripleO::NodeUserData @@ -73,14 +103,23 @@ resources: NetworkConfig: type: OS::TripleO::CephStorage::Net::SoftwareConfig properties: + ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - NetIpSubnetMap: + NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: - StorageIp: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_subnet]} + ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} + StorageIp: {get_attr: [StoragePort, ip_address]} + StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + + NetIpSubnetMap: + type: OS::TripleO::Network::Ports::NetIpSubnetMap + properties: + ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -95,14 +134,11 @@ resources: config: {get_resource: CephStorageConfig} server: {get_resource: CephStorage} input_values: - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} + ntp_servers: {get_param: NtpServer} enable_package_install: {get_param: EnablePackageInstall} - ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} - ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} + enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} + ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} CephStorageConfig: type: OS::Heat::StructuredConfig @@ -111,7 +147,10 @@ resources: config: hiera: hierarchy: + - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - ceph_extraconfig + - extraconfig - ceph_cluster # provided by CephClusterConfig - ceph - '"%{::osfamily}"' @@ -119,14 +158,34 @@ resources: datafiles: common: raw_data: {get_file: hieradata/common.yaml} + ceph_extraconfig: + mapped_data: {get_param: CephStorageExtraConfig} + extraconfig: + mapped_data: {get_param: ExtraConfig} ceph: raw_data: {get_file: hieradata/ceph.yaml} mapped_data: ntp::servers: {get_input: ntp_servers} - enable_package_install: {get_input: enable_package_install} + tripleo::packages::enable_install: {get_input: enable_package_install} + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} ceph::profile::params::public_network: {get_input: ceph_public_network} + # Hook for site-specific additional pre-deployment config, e.g extra hieradata + CephStorageExtraConfigPre: + depends_on: CephStorageDeployment + type: OS::TripleO::CephStorageExtraConfigPre + properties: + server: {get_resource: CephStorage} + + # Hook for site-specific additional pre-deployment config, + # applying to all nodes, e.g node registration/unregistration + NodeExtraConfig: + depends_on: CephStorageExtraConfigPre + type: OS::TripleO::NodeExtraConfig + properties: + server: {get_resource: CephStorage} + UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate @@ -145,7 +204,7 @@ outputs: str_replace: template: "IP HOST.localdomain HOST" params: - IP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} HOST: {get_attr: [CephStorage, name]} nova_server_resource: description: Heat resource handle for the ceph storage server @@ -159,5 +218,9 @@ outputs: value: {get_attr: [StorageMgmtPort, ip_address]} config_identifier: description: identifier which changes if the node configuration may need re-applying - value: {get_attr: [CephStorageDeployment, deploy_stdout]} - + value: + list_join: + - ',' + - - {get_attr: [CephStorageDeployment, deploy_stdout]} + - {get_attr: [CephStorageExtraConfigPre, deploy_stdout]} + - {get_param: UpdateIdentifier} diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml index 24d2b8a3..c97cfcf9 100644 --- a/puppet/cinder-storage-post.yaml +++ b/puppet/cinder-storage-post.yaml @@ -2,6 +2,10 @@ heat_template_version: 2015-04-30 description: 'OpenStack cinder storage post deployment for Puppet' parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean servers: type: json NodeConfigIdentifiers: @@ -14,6 +18,8 @@ resources: type: OS::Heat::SoftwareConfig properties: group: puppet + options: + enable_debug: {get_param: ConfigDebug} outputs: - name: result config: diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage.yaml index cc8d17c4..b536418d 100644 --- a/puppet/cinder-storage-puppet.yaml +++ b/puppet/cinder-storage.yaml @@ -31,54 +31,19 @@ parameters: ExtraConfig: default: {} description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config": - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "force_config_drive", - "value": "always" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } + Additional hiera configuration to inject into the cluster. Note + that BlockStorageExtraConfig takes precedence over ExtraConfig. + type: json + BlockStorageExtraConfig: + default: {} + description: | + Role specific additional hiera configuration to inject into the cluster. type: json Flavor: description: Flavor for block storage nodes to request when deploying. type: string constraints: - custom_constraint: nova.flavor - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string KeyName: default: default description: Name of an existing EC2 KeyPair to enable SSH access to the instances @@ -86,6 +51,7 @@ parameters: RabbitPassword: default: 'guest' type: string + hidden: true RabbitUserName: default: 'guest' type: string @@ -109,8 +75,9 @@ parameters: type: string hidden: true NtpServer: - type: string default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -129,6 +96,11 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json GlanceApiVirtualIP: type: string default: '' @@ -147,9 +119,26 @@ resources: networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} + user_data: {get_resource: UserData} name: {get_param: Hostname} + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeUserData: type: OS::TripleO::NodeUserData @@ -171,6 +160,7 @@ resources: NetworkConfig: type: OS::TripleO::BlockStorage::Net::SoftwareConfig properties: + ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} @@ -178,6 +168,7 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: + ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} StorageIp: {get_attr: [StoragePort, ip_address]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} @@ -207,24 +198,14 @@ resources: cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} cinder_iscsi_helper: {get_param: CinderISCSIHelper} cinder_iscsi_ip_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} - glance_api_servers: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceApiVirtualIP} - - ':' - - {get_param: GlancePort} + glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} rabbit_username: {get_param: RabbitUserName} rabbit_password: {get_param: RabbitPassword} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} + ntp_servers: {get_param: NtpServer} enable_package_install: {get_param: EnablePackageInstall} + enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} # Map heat metadata into hiera datafiles BlockStorageConfig: @@ -234,7 +215,10 @@ resources: config: hiera: hierarchy: + - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - volume_extraconfig + - extraconfig - volume - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' @@ -242,6 +226,10 @@ resources: datafiles: common: raw_data: {get_file: hieradata/common.yaml} + volume_extraconfig: + mapped_data: {get_param: BlockStorageExtraConfig} + extraconfig: + mapped_data: {get_param: ExtraConfig} volume: raw_data: {get_file: hieradata/volume.yaml} mapped_data: @@ -258,10 +246,19 @@ resources: cinder_iscsi_ip_address: {get_input: cinder_iscsi_ip_address} cinder::glance::glance_api_servers: {get_input: glance_api_servers} ntp::servers: {get_input: ntp_servers} - enable_package_install: {get_input: enable_package_install} + tripleo::packages::enable_install: {get_input: enable_package_install} + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} + # Hook for site-specific additional pre-deployment config, + # applying to all nodes, e.g node registration/unregistration + NodeExtraConfig: + depends_on: BlockStorageDeployment + type: OS::TripleO::NodeExtraConfig + properties: + server: {get_resource: BlockStorage} + UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate @@ -280,7 +277,7 @@ outputs: str_replace: template: "IP HOST.localdomain HOST" params: - IP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]} HOST: {get_attr: [BlockStorage, name]} nova_server_resource: description: Heat resource handle for the block storage server @@ -297,4 +294,8 @@ outputs: value: {get_attr: [StorageMgmtPort, ip_address]} config_identifier: description: identifier which changes if the node configuration may need re-applying - value: {get_attr: [BlockStorageDeployment, deploy_stdout]} + value: + list_join: + - '' + - - {get_attr: [BlockStorageDeployment, deploy_stdout]} + - {get_param: UpdateIdentifier} diff --git a/puppet/compute-post-puppet.yaml b/puppet/compute-post.yaml index b4a6126b..b63b06b4 100644 --- a/puppet/compute-post-puppet.yaml +++ b/puppet/compute-post.yaml @@ -4,6 +4,10 @@ description: > OpenStack compute node post deployment for Puppet. parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean servers: type: json NodeConfigIdentifiers: @@ -17,6 +21,8 @@ resources: type: OS::Heat::SoftwareConfig properties: group: puppet + options: + enable_debug: {get_param: ConfigDebug} outputs: - name: result config: diff --git a/puppet/compute-puppet.yaml b/puppet/compute.yaml index 7e49bc22..18547732 100644 --- a/puppet/compute-puppet.yaml +++ b/puppet/compute.yaml @@ -25,6 +25,14 @@ parameters: description: The password for the ceilometer service account. type: string hidden: true + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean Debug: default: '' description: Set to True to enable debugging on all services. @@ -32,40 +40,8 @@ parameters: ExtraConfig: default: {} description: | - Additional configuration to inject into the cluster. The JSON should have - the following structure: - {"FILEKEY": - {"config": - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } - } - For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "force_config_drive", - "value": "always" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } - } + Additional hiera configuration to inject into the cluster. Note + that NovaComputeExtraConfig takes precedence over ExtraConfig. type: json Flavor: description: Flavor for the nova compute node @@ -75,14 +51,6 @@ parameters: GlanceHost: type: string default: '' # Has to be here because of the ignored empty value bug - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string Image: type: string default: overcloud-compute @@ -98,9 +66,12 @@ parameters: default: default constraints: - custom_constraint: nova.keypair - KeystoneHost: + KeystoneAdminApiVirtualIP: type: string default: '' + KeystonePublicApiVirtualIP: + type: string + default: '' NeutronBridgeMappings: description: > The OVS logical->physical bridge mappings to use. See the Neutron @@ -125,7 +96,7 @@ parameters: NeutronNetworkType: type: string description: The tenant network type for Neutron, either gre or vxlan. - default: 'gre' + default: 'vxlan' NeutronNetworkVLANRanges: default: 'datacentre' description: > @@ -151,7 +122,19 @@ parameters: description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' - default: 'gre' + default: 'vxlan' + NeutronTunnelIdRanges: + description: | + Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges + of GRE tunnel IDs that are available for tenant network allocation + default: ["1:1000", ] + type: comma_delimited_list + NeutronVniRanges: + description: | + Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges + of VXLAN VNI IDs that are available for tenant network allocation + default: ["1:1000", ] + type: comma_delimited_list NeutronPublicInterfaceRawDevice: default: '' type: string @@ -162,6 +145,24 @@ parameters: default: 'unset' description: Shared secret to prevent spoofing type: string + hidden: true + NeutronCorePlugin: + default: 'ml2' + description: | + The core plugin for Neutron. The value should be the entrypoint to be loaded + from neutron.core_plugins namespace. + type: string + NeutronServicePlugins: + default: "router" + description: | + Comma-separated list of service plugin entrypoints to be loaded from the + neutron.service_plugins namespace. + type: comma_delimited_list + NeutronTypeDrivers: + default: "vxlan,vlan,flat,gre" + description: | + Comma-separated list of network type driver entrypoints to be loaded. + type: comma_delimited_list NeutronMechanismDrivers: default: 'openvswitch' description: | @@ -210,8 +211,9 @@ parameters: type: string default: '' # Has to be here because of the ignored empty value bug NtpServer: - type: string default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list RabbitHost: type: string default: '' # Has to be here because of the ignored empty value bug @@ -252,6 +254,11 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json UpdateIdentifier: default: '' type: string @@ -276,9 +283,26 @@ resources: networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} + user_data: {get_resource: UserData} name: {get_param: Hostname} + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeUserData: type: OS::TripleO::NodeUserData @@ -300,6 +324,7 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: + ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} StorageIp: {get_attr: [StoragePort, ip_address]} TenantIp: {get_attr: [TenantPort, ip_address]} @@ -307,6 +332,7 @@ resources: NetworkConfig: type: OS::TripleO::Compute::Net::SoftwareConfig properties: + ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} @@ -327,14 +353,22 @@ resources: config: hiera: hierarchy: + - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - compute_extraconfig + - extraconfig - compute - ceph_cluster # provided by CephClusterConfig - ceph - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - common + - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre datafiles: + compute_extraconfig: + mapped_data: {get_param: NovaComputeExtraConfig} + extraconfig: + mapped_data: {get_param: ExtraConfig} common: raw_data: {get_file: hieradata/common.yaml} ceph: @@ -342,6 +376,7 @@ resources: compute: raw_data: {get_file: hieradata/compute.yaml} mapped_data: + cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} nova::debug: {get_input: debug} nova::rabbit_userid: {get_input: rabbit_username} nova::rabbit_password: {get_input: rabbit_password} @@ -351,7 +386,8 @@ resources: nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} nova_api_host: {get_input: nova_api_host} nova::compute::vncproxy_host: {get_input: nova_public_ip} - nova_enable_rbd_backend: {get_input: nova_enable_rbd_backend} + nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend} + rbd_persistent_storage: {get_input: cinder_enable_rbd_backend} nova_password: {get_input: nova_password} nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address} ceilometer::debug: {get_input: debug} @@ -368,7 +404,7 @@ resources: nova::glance_api_servers: {get_input: glance_api_servers} neutron::debug: {get_input: debug} neutron::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_user: {get_input: rabbit_user} + neutron::rabbit_user: {get_input: rabbit_username} neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} neutron::rabbit_port: {get_input: rabbit_client_port} neutron_flat_networks: {get_input: neutron_flat_networks} @@ -378,21 +414,27 @@ resources: neutron_tenant_network_type: {get_input: neutron_tenant_network_type} neutron_tunnel_types: {get_input: neutron_tunnel_types} neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} + neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} + neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} neutron_bridge_mappings: {get_input: neutron_bridge_mappings} neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} neutron_physical_bridge: {get_input: neutron_physical_bridge} neutron_public_interface: {get_input: neutron_public_interface} nova::network::neutron::neutron_admin_password: {get_input: neutron_password} - nova::network::neutron::neutron_url: {get_input: neutron_url} + nova::network::neutron::neutron_url: {get_input: neutron_internal_url} nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} neutron_router_distributed: {get_input: neutron_router_distributed} neutron_agent_mode: {get_input: neutron_agent_mode} neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} + neutron::core_plugin: {get_input: neutron_core_plugin} + neutron::service_plugins: {get_input: neutron_service_plugins} + neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers} neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers} neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} admin_password: {get_input: admin_password} ntp::servers: {get_input: ntp_servers} - enable_package_install: {get_input: enable_package_install} + tripleo::packages::enable_install: {get_input: enable_package_install} + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} NovaComputeDeployment: type: OS::TripleO::SoftwareDeployment @@ -401,6 +443,7 @@ resources: config: {get_resource: NovaComputeConfig} server: {get_resource: NovaCompute} input_values: + cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} debug: {get_param: Debug} nova_compute_driver: {get_param: NovaComputeDriver} nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType} @@ -408,31 +451,36 @@ resources: nova_api_host: {get_param: NovaApiHost} nova_password: {get_param: NovaPassword} nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend} + cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} ceilometer_compute_agent: {get_param: CeilometerComputeAgent} - ceilometer_agent_auth_url: - list_join: - - '' - - - 'http://' - - {get_param: KeystoneHost} - - ':5000/v2.0' + ceilometer_agent_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]} snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - glance_api_servers: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceHost} - - ':' - - {get_param: GlancePort} + glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} neutron_flat_networks: {get_param: NeutronFlatNetworks} neutron_host: {get_param: NeutronHost} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} neutron_tenant_network_type: {get_param: NeutronNetworkType} neutron_tunnel_types: {get_param: NeutronTunnelTypes} + neutron_tunnel_id_ranges: + str_replace: + template: "['RANGES']" + params: + RANGES: + list_join: + - "','" + - {get_param: NeutronTunnelIdRanges} + neutron_vni_ranges: + str_replace: + template: "['RANGES']" + params: + RANGES: + list_join: + - "','" + - {get_param: NeutronVniRanges} neutron_network_vlan_ranges: str_replace: template: "['RANGES']" @@ -449,31 +497,50 @@ resources: neutron_agent_mode: {get_param: NeutronAgentMode} neutron_router_distributed: {get_param: NeutronDVR} neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + neutron_core_plugin: {get_param: NeutronCorePlugin} + neutron_service_plugins: + str_replace: + template: "['PLUGINS']" + params: + PLUGINS: + list_join: + - "','" + - {get_param: NeutronServicePlugins} + neutron_type_drivers: + str_replace: + template: "['DRIVERS']" + params: + DRIVERS: + list_join: + - "','" + - {get_param: NeutronTypeDrivers} neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} - neutron_url: - list_join: - - '' - - - 'http://' - - {get_param: NeutronHost} - - ':9696' - neutron_admin_auth_url: - list_join: - - '' - - - 'http://' - - {get_param: NeutronHost} - - ':35357/v2.0' + neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]} + neutron_admin_auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri]} admin_password: {get_param: AdminPassword} rabbit_username: {get_param: RabbitUserName} rabbit_password: {get_param: RabbitPassword} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} + ntp_servers: {get_param: NtpServer} enable_package_install: {get_param: EnablePackageInstall} + enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + + # Hook for site-specific additional pre-deployment config, e.g extra hieradata + ComputeExtraConfigPre: + depends_on: NovaComputeDeployment + type: OS::TripleO::ComputeExtraConfigPre + properties: + server: {get_resource: NovaCompute} + + # Hook for site-specific additional pre-deployment config, + # applying to all nodes, e.g node registration/unregistration + NodeExtraConfig: + depends_on: ComputeExtraConfigPre + type: OS::TripleO::NodeExtraConfig + properties: + server: {get_resource: NovaCompute} UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate @@ -510,7 +577,7 @@ outputs: str_replace: template: "IP HOST.localdomain HOST" params: - IP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]} HOST: {get_attr: [NovaCompute, name]} nova_server_resource: description: Heat resource handle for the Nova compute server @@ -518,5 +585,9 @@ outputs: {get_resource: NovaCompute} config_identifier: description: identifier which changes if the node configuration may need re-applying - value: {get_attr: [NovaComputeDeployment, deploy_stdout]} - + value: + list_join: + - ',' + - - {get_attr: [NovaComputeDeployment, deploy_stdout]} + - {get_attr: [ComputeExtraConfigPre, deploy_stdout]} + - {get_param: UpdateIdentifier} diff --git a/puppet/controller-config-pacemaker.yaml b/puppet/controller-config-pacemaker.yaml index 38161cd7..dc81498a 100644 --- a/puppet/controller-config-pacemaker.yaml +++ b/puppet/controller-config-pacemaker.yaml @@ -3,6 +3,12 @@ heat_template_version: 2015-04-30 description: > A software config which runs manifests/overcloud_controller_pacemaker.pp +parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean + resources: ControllerPuppetConfigImpl: @@ -10,6 +16,7 @@ resources: properties: group: puppet options: + enable_debug: {get_param: ConfigDebug} enable_hiera: True enable_facter: False outputs: diff --git a/puppet/controller-config.yaml b/puppet/controller-config.yaml index 4135ffac..f85e1a9e 100644 --- a/puppet/controller-config.yaml +++ b/puppet/controller-config.yaml @@ -3,6 +3,12 @@ heat_template_version: 2015-04-30 description: > A software config which runs manifests/overcloud_controller.pp +parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean + resources: ControllerPuppetConfigImpl: @@ -10,6 +16,7 @@ resources: properties: group: puppet options: + enable_debug: {get_param: ConfigDebug} enable_hiera: True enable_facter: False outputs: diff --git a/puppet/controller-post-puppet.yaml b/puppet/controller-post.yaml index e88561e6..941e1ac5 100644 --- a/puppet/controller-post-puppet.yaml +++ b/puppet/controller-post.yaml @@ -4,6 +4,10 @@ description: > OpenStack controller node post deployment for Puppet. parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean servers: type: json NodeConfigIdentifiers: @@ -46,6 +50,7 @@ resources: properties: group: puppet options: + enable_debug: {get_param: ConfigDebug} enable_hiera: True enable_facter: False inputs: @@ -83,6 +88,16 @@ resources: step: 4 update_identifier: {get_param: NodeConfigIdentifiers} + ControllerOvercloudServicesDeployment_Step6: + type: OS::Heat::StructuredDeployments + depends_on: ControllerOvercloudServicesDeployment_Step5 + properties: + servers: {get_param: servers} + config: {get_resource: ControllerPuppetConfig} + input_values: + step: 5 + update_identifier: {get_param: NodeConfigIdentifiers} + # Note, this should come last, so use depends_on to ensure # this is created after any other resources. ExtraConfig: diff --git a/puppet/controller-puppet.yaml b/puppet/controller.yaml index c5adeb91..ae2b66e3 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller.yaml @@ -4,6 +4,11 @@ description: > OpenStack controller node configured by Puppet. parameters: + AdminEmail: + default: 'admin@example.com' + description: The email for the keystone admin account. + type: string + hidden: true AdminPassword: default: unset description: The password for the keystone admin account, used for monitoring, querying neutron etc. @@ -14,6 +19,9 @@ parameters: description: The keystone auth secret and db password. type: string hidden: true + CeilometerApiVirtualIP: + type: string + default: '' CeilometerBackend: default: 'mongodb' description: The ceilometer backend type. @@ -28,6 +36,13 @@ parameters: description: The password for the ceilometer service and db account. type: string hidden: true + CinderApiVirtualIP: + type: string + default: '' + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean CinderEnableIscsiBackend: default: true description: Whether to enable or not the Iscsi backend for Cinder @@ -44,6 +59,18 @@ parameters: default: 5000 description: The size of the loopback file used by the cinder LVM driver. type: number + CinderNfsMountOptions: + default: '' + description: > + Mount options for NFS mounts used by Cinder NFS backend. Effective + when CinderEnableNfsBackend is true. + type: string + CinderNfsServers: + default: '' + description: > + NFS servers used by Cinder NFS backend. Effective when + CinderEnableNfsBackend is true. + type: comma_delimited_list CinderPassword: default: unset description: The password for the cinder service and db account, used by cinder-api. @@ -61,8 +88,7 @@ parameters: ControllerExtraConfig: default: {} description: | - Controller specific configuration to inject into the cluster. Same - structure as ExtraConfig. + Controller specific hiera configuration data to inject into the cluster. type: json ControlVirtualInterface: default: 'br-ex' @@ -72,6 +98,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + EnableFencing: + default: false + description: Whether to enable fencing in Pacemaker or not. + type: boolean EnableGalera: default: true description: Whether to use Galera instead of regular MariaDB. @@ -87,39 +117,39 @@ parameters: ExtraConfig: default: {} description: | - Additional configuration to inject into the cluster. The JSON should have + Additional hieradata to inject into the cluster, note that + ControllerExtraConfig takes precedence over ExtraConfig. + type: json + FencingConfig: + default: {} + description: | + Pacemaker fencing configuration. The JSON should have the following structure: - {"FILEKEY": - {"config": - [{"section": "SECTIONNAME", - "values": - [{"option": "OPTIONNAME", - "value": "VALUENAME" - } - ] - } - ] - } + { + "devices": [ + { + "agent": "AGENT_NAME", + "host_mac": "HOST_MAC_ADDRESS", + "params": {"PARAM_NAME": "PARAM_VALUE"} + } + ] } For instance: - {"nova": - {"config": - [{"section": "default", - "values": - [{"option": "compute_manager", - "value": "ironic.nova.compute.manager.ClusterComputeManager" - } - ] - }, - {"section": "cells", - "values": - [{"option": "driver", - "value": "nova.cells.rpc_driver.CellsRPCDriver" - } - ] - } - ] - } + { + "devices": [ + { + "agent": "fence_xvm", + "host_mac": "52:54:00:aa:bb:cc", + "params": { + "multicast_address": "225.0.0.12", + "port": "baremetal_0", + "manage_fw": true, + "manage_key_file": true, + "key_file": "/etc/fence_xvm.key", + "key_file_password": "abcdef" + } + } + ] } type: json Flavor: @@ -140,14 +170,6 @@ parameters: description: The password for the glance service and db account, used by the glance services. type: string hidden: true - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string GlanceBackend: default: swift description: The short name of the Glance backend to use. Should be one @@ -155,6 +177,34 @@ parameters: type: string constraints: - allowed_values: ['swift', 'file', 'rbd'] + GlanceFilePcmkDevice: + default: '' + description: > + An exported storage device that should be mounted by Pacemaker + as Glance storage. Effective when GlanceFilePcmkManage is true. + type: string + GlanceFilePcmkFstype: + default: 'nfs' + description: > + Filesystem type for Pacemaker mount used as Glance storage. + Effective when GlanceFilePcmkManage is true. + type: string + GlanceFilePcmkManage: + default: false + description: > + Whether to make Glance file backend a mount managed by Pacemaker. + Effective when GlanceBackend is 'file'. + type: boolean + GlanceFilePcmkOptions: + default: '' + description: > + Mount options for Pacemaker mount used as Glance storage. + Effective when GlanceFilePcmkManage is true. + type: string + HAProxySyslogAddress: + default: /dev/log + description: Syslog address where HAproxy will send its log + type: string HeatPassword: default: unset description: The password for the Heat service and db account, used by the Heat services. @@ -168,9 +218,15 @@ parameters: HeatAuthEncryptionKey: description: Auth encryption key for heat-engine type: string + hidden: true + HorizonAllowedHosts: + default: '*' + description: A list of IP/Hostname allowed to connect to horizon + type: comma_delimited_list HorizonSecret: description: Secret key for Django type: string + hidden: true Image: type: string default: overcloud-control @@ -208,6 +264,20 @@ parameters: description: Keystone key for signing tokens. type: string hidden: true + KeystoneNotificationDriver: + description: Comma-separated list of Oslo notification drivers used by Keystone + default: ['messaging'] + type: comma_delimited_list + KeystoneNotificationFormat: + description: The Keystone notification format + default: 'basic' + type: string + constraints: + - allowed_values: [ 'basic', 'cadf' ] + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -222,6 +292,10 @@ parameters: lower level default. type: number default: 0 + MysqlMaxConnections: + description: Configures MySQL max_connections config setting + type: number + default: 4096 MysqlRootPassword: type: string hidden: true @@ -252,6 +326,10 @@ parameters: default: 'False' description: Whether to enable l3-agent HA type: string + NeutronDhcpAgentsPerNetwork: + type: number + default: 3 + description: The number of neutron dhcp agents to schedule per network NeutronDVR: default: 'False' description: Whether to configure Neutron Distributed Virtual Routers @@ -260,6 +338,24 @@ parameters: default: 'unset' description: Shared secret to prevent spoofing type: string + hidden: true + NeutronCorePlugin: + default: 'ml2' + description: | + The core plugin for Neutron. The value should be the entrypoint to be loaded + from neutron.core_plugins namespace. + type: string + NeutronServicePlugins: + default: "router" + description: | + Comma-separated list of service plugin entrypoints to be loaded from the + neutron.service_plugins namespace. + type: comma_delimited_list + NeutronTypeDrivers: + default: "vxlan,vlan,flat,gre" + description: | + Comma-separated list of network type driver entrypoints to be loaded. + type: comma_delimited_list NeutronMechanismDrivers: default: 'openvswitch' description: | @@ -282,7 +378,7 @@ parameters: description: Whether to enable l3-agent HA type: string NeutronNetworkType: - default: 'gre' + default: 'vxlan' description: The tenant network type for Neutron, either gre or vxlan. type: string NeutronNetworkVLANRanges: @@ -324,29 +420,50 @@ parameters: description: If set, the public interface is a vlan with this device as the raw device. type: string NeutronTunnelTypes: - default: 'gre' + default: 'vxlan' description: | The tunnel types for the Neutron tenant network. To specify multiple values, use a comma separated string, like so: 'gre,vxlan' type: string + NeutronTunnelIdRanges: + description: | + Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges + of GRE tunnel IDs that are available for tenant network allocation + default: ["1:1000", ] + type: comma_delimited_list + NeutronVniRanges: + description: | + Comma-separated list of <vni_min>:<vni_max> tuples enumerating ranges + of VXLAN VNI IDs that are available for tenant network allocation + default: ["1:1000", ] + type: comma_delimited_list + NovaApiVirtualIP: + type: string + default: '' NovaPassword: default: unset description: The password for the nova service and db account, used by nova-api. type: string hidden: true + MongoDbNoJournal: + default: false + description: Should MongoDb journaling be disabled + type: boolean NtpServer: - type: string default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list PcsdPassword: type: string description: The password for the 'pcsd' user. + hidden: true PublicVirtualInterface: default: 'br-ex' description: > Specifies the interface where the public-facing virtual ip will be assigned. This should be int_public when a VLAN is being used. type: string - PublicVirtualIP: # DEPRECATED: use per service settings instead + PublicVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug RabbitCookie: @@ -372,6 +489,10 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + RabbitFDLimit: + default: 16384 + description: Configures RabbitMQ FD limit + type: string RedisVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug @@ -422,6 +543,9 @@ parameters: services. hidden: true type: string + SwiftProxyVirtualIP: + type: string + default: '' SwiftReplicas: type: number default: 3 @@ -435,9 +559,15 @@ parameters: GlanceApiVirtualIP: type: string default: '' + GlanceRegistryVirtualIP: + type: string + default: '' MysqlVirtualIP: type: string default: '' + KeystoneAdminApiVirtualIP: + type: string + default: '' KeystonePublicApiVirtualIP: type: string default: '' @@ -453,6 +583,11 @@ parameters: description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json UpdateIdentifier: default: '' type: string @@ -475,9 +610,26 @@ resources: networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} + user_data: {get_resource: UserData} name: {get_param: Hostname} + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeUserData: type: OS::TripleO::NodeUserData @@ -509,6 +661,7 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: + ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} ExternalIp: {get_attr: [ExternalPort, ip_address]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} StorageIp: {get_attr: [StoragePort, ip_address]} @@ -516,17 +669,19 @@ resources: TenantIp: {get_attr: [TenantPort, ip_address]} NetIpSubnetMap: - type: OS::TripleO::Network::Ports::NetIpMap + type: OS::TripleO::Network::Ports::NetIpSubnetMap properties: - ExternalIp: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIp: {get_attr: [InternalApiPort, ip_subnet]} - StorageIp: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIp: {get_attr: [TenantPort, ip_subnet]} + ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} + ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} NetworkConfig: type: OS::TripleO::Controller::Net::SoftwareConfig properties: + ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} @@ -551,6 +706,7 @@ resources: input_values: bootstack_nodeid: {get_attr: [Controller, name]} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + haproxy_log_address: {get_param: HAProxySyslogAddress} heat.watch_server_url: list_join: - '' @@ -570,12 +726,24 @@ resources: - {get_param: HeatApiVirtualIP} - ':8000/v1/waitcondition' heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} + horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} + admin_email: {get_param: AdminEmail} admin_password: {get_param: AdminPassword} admin_token: {get_param: AdminToken} neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} debug: {get_param: Debug} + cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} + cinder_nfs_mount_options: {get_param: CinderNfsMountOptions} + cinder_nfs_servers: + str_replace: + template: "['SERVERS']" + params: + SERVERS: + list_join: + - "','" + - {get_param: CinderNfsServers} cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} cinder_password: {get_param: CinderPassword} cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} @@ -589,9 +757,13 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/cinder' - glance_port: {get_param: GlancePort} + glance_port: {get_param: [EndpointMap, GlanceInternal, port]} glance_password: {get_param: GlancePassword} glance_backend: {get_param: GlanceBackend} + glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice} + glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} + glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} + glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} glance_notifier_strategy: {get_param: GlanceNotifierStrategy} glance_log_file: {get_param: GlanceLogFile} glance_dsn: @@ -612,12 +784,13 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/heat' - keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]} keystone_ca_certificate: {get_param: KeystoneCACertificate} keystone_signing_key: {get_param: KeystoneSigningKey} keystone_signing_certificate: {get_param: KeystoneSigningCertificate} keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone_notification_driver: {get_param: KeystoneNotificationDriver} + keystone_notification_format: {get_param: KeystoneNotificationFormat} keystone_dsn: list_join: - '' @@ -626,22 +799,17 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/keystone' - keystone_identity_uri: - list_join: - - '' - - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} - - ':35357/' - keystone_auth_uri: - list_join: - - '' - - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} - - ':5000/v2.0/' + keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] } + keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } + enable_fencing: {get_param: EnableFencing} enable_galera: {get_param: EnableGalera} enable_ceph_storage: {get_param: EnableCephStorage} enable_swift_storage: {get_param: EnableSwiftStorage} mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} + mysql_max_connections: {get_param: MysqlMaxConnections} mysql_root_password: {get_param: MysqlRootPassword} mysql_cluster_name: str_replace: @@ -652,9 +820,27 @@ resources: neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} neutron_agent_mode: {get_param: NeutronAgentMode} neutron_router_distributed: {get_param: NeutronDVR} + neutron_core_plugin: {get_param: NeutronCorePlugin} + neutron_service_plugins: + str_replace: + template: "['PLUGINS']" + params: + PLUGINS: + list_join: + - "','" + - {get_param: NeutronServicePlugins} + neutron_type_drivers: + str_replace: + template: "['DRIVERS']" + params: + DRIVERS: + list_join: + - "','" + - {get_param: NeutronTypeDrivers} neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron_l3_ha: {get_param: NeutronL3HA} + neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} neutron_network_vlan_ranges: str_replace: template: "['RANGES']" @@ -671,6 +857,22 @@ resources: neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag} neutron_tenant_network_type: {get_param: NeutronNetworkType} neutron_tunnel_types: {get_param: NeutronTunnelTypes} + neutron_tunnel_id_ranges: + str_replace: + template: "['RANGES']" + params: + RANGES: + list_join: + - "','" + - {get_param: NeutronTunnelIdRanges} + neutron_vni_ranges: + str_replace: + template: "['RANGES']" + params: + RANGES: + list_join: + - "','" + - {get_param: NeutronVniRanges} neutron_password: {get_param: NeutronPassword} neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions} neutron_dsn: @@ -681,18 +883,10 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/ovs_neutron?charset=utf8' - neutron_url: - list_join: - - '' - - - 'http://' - - {get_param: NeutronApiVirtualIP} - - ':9696' - neutron_admin_auth_url: - list_join: - - '' - - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} - - ':35357/v2.0' + neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } + neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] } + neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } + neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri ] } ceilometer_backend: {get_param: CeilometerBackend} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} @@ -705,7 +899,9 @@ resources: ceilometer_dsn: list_join: - '' - - - 'mysql://ceilometer:unset@' + - - 'mysql://ceilometer:' + - {get_param: CeilometerPassword} + - '@' - {get_param: MysqlVirtualIP} - '/ceilometer' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} @@ -719,17 +915,23 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/nova' + fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} rabbit_username: {get_param: RabbitUserName} rabbit_password: {get_param: RabbitPassword} rabbit_cookie: {get_param: RabbitCookie} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: + mongodb_no_journal: {get_param: MongoDbNoJournal} + # We need to force this into quotes or hiera will return integer causing + # the puppet module validation regexp to fail. + # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401 + rabbit_fd_limit: str_replace: - template: '["server"]' + template: "'LIMIT'" params: - server: {get_param: NtpServer} + LIMIT: {get_param: RabbitFDLimit} + ntp_servers: {get_param: NtpServer} control_virtual_interface: {get_param: ControlVirtualInterface} public_virtual_interface: {get_param: PublicVirtualInterface} swift_hash_suffix: {get_param: SwiftHashSuffix} @@ -739,23 +941,19 @@ resources: swift_min_part_hours: {get_param: SwiftMinPartHours} swift_mount_check: {get_param: SwiftMountCheck} enable_package_install: {get_param: EnablePackageInstall} + enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} - glance_api_servers: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceApiVirtualIP} - - ':' - - {get_param: GlancePort} + glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]} + glance_registry_host: {get_param: GlanceRegistryVirtualIP} heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} + keystone_region: {get_param: KeystoneRegion} mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} @@ -768,8 +966,9 @@ resources: redis_vip: {get_param: RedisVirtualIP} memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} - ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} + mysql_virtual_ip: {get_param: MysqlVirtualIP} + ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} + ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} # Map heat metadata into hiera datafiles @@ -780,8 +979,12 @@ resources: config: hiera: hierarchy: + - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - controller_extraconfig + - extraconfig - controller + - database - object - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - ceph_cluster # provided by CephClusterConfig @@ -791,7 +994,15 @@ resources: - vip_data # provided by vip-config - '"%{::osfamily}"' - common + - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre + - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre + - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre + - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre datafiles: + controller_extraconfig: + mapped_data: {get_param: ControllerExtraConfig} + extraconfig: + mapped_data: {get_param: ExtraConfig} common: raw_data: {get_file: hieradata/common.yaml} ceph: @@ -800,6 +1011,8 @@ resources: ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} ceph::profile::params::public_network: {get_input: ceph_public_network} ceph::mon::public_addr: {get_input: ceph_public_ip} + database: + raw_data: {get_file: hieradata/database.yaml} object: raw_data: {get_file: hieradata/object.yaml} controller: @@ -808,7 +1021,9 @@ resources: bootstack_nodeid: {get_input: bootstack_nodeid} # Pacemaker + enable_fencing: {get_input: enable_fencing} hacluster_pwd: {get_input: pcsd_password} + tripleo::fencing::config: {get_input: fencing_config} # Swift swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network} @@ -827,7 +1042,10 @@ resources: tripleo::ringbuilder::build_ring: True # Cinder + cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend} + cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options} + cinder_nfs_servers: {get_input: cinder_nfs_servers} cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size} cinder_iscsi_helper: {get_input: cinder_iscsi_helper} cinder_iscsi_ip_address: {get_input: cinder_iscsi_network} @@ -844,13 +1062,14 @@ resources: cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend} cinder::glance::glance_api_servers: {get_input: glance_api_servers} cinder_backend_config: {get_input: CinderBackendConfig} + cinder::db::mysql::password: {get_input: cinder_password} # Glance glance::api::bind_port: {get_input: glance_port} glance::api::bind_host: {get_input: glance_api_network} glance::api::auth_uri: {get_input: keystone_auth_uri} glance::api::identity_uri: {get_input: keystone_identity_uri} - glance::api::registry_host: {get_input: glance_registry_network} + glance::api::registry_host: {get_input: glance_registry_host} glance::api::keystone_password: {get_input: glance_password} glance::api::debug: {get_input: debug} glance_notifier_strategy: {get_input: glance_notifier_strategy} @@ -859,14 +1078,19 @@ resources: glance::api::database_connection: {get_input: glance_dsn} glance::registry::keystone_password: {get_input: glance_password} glance::registry::database_connection: {get_input: glance_dsn} - glance::registry::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} + glance::registry::bind_host: {get_input: glance_registry_network} glance::registry::auth_uri: {get_input: keystone_auth_uri} glance::registry::identity_uri: {get_input: keystone_identity_uri} glance::registry::debug: {get_input: debug} - glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address} + glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri} glance::backend::swift::swift_store_user: service:glance glance::backend::swift::swift_store_key: {get_input: glance_password} glance_backend: {get_input: glance_backend} + glance::db::mysql::password: {get_input: glance_password} + glance_file_pcmk_device: {get_input: glance_file_pcmk_device} + glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype} + glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage} + glance_file_pcmk_options: {get_input: glance_file_pcmk_options} # Heat heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} @@ -879,14 +1103,15 @@ resources: heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} heat::rabbit_port: {get_input: rabbit_client_port} heat::auth_uri: {get_input: keystone_auth_uri} + heat::keystone_ec2_uri: {get_input: keystone_ec2_uri} heat::identity_uri: {get_input: keystone_identity_uri} heat::keystone_password: {get_input: heat_password} heat::api::bind_host: {get_input: heat_api_network} heat::api_cloudwatch::bind_host: {get_input: heat_api_network} heat::api_cfn::bind_host: {get_input: heat_api_network} heat::database_connection: {get_input: heat_dsn} - heat::instance_user: heat-admin heat::debug: {get_input: debug} + heat::db::mysql::password: {get_input: heat_password} # Keystone keystone::admin_token: {get_input: admin_token} @@ -899,22 +1124,38 @@ resources: keystone::public_bind_host: {get_input: keystone_public_api_network} keystone::admin_bind_host: {get_input: keystone_admin_api_network} keystone::debug: {get_input: debug} + keystone::db::mysql::password: {get_input: admin_token} + keystone::rabbit_userid: {get_input: rabbit_username} + keystone::rabbit_password: {get_input: rabbit_password} + keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + keystone::rabbit_port: {get_input: rabbit_client_port} + keystone::notification_driver: {get_input: keystone_notification_driver} + keystone::notification_format: {get_input: keystone_notification_format} + keystone::roles::admin::email: {get_input: admin_email} + keystone::roles::admin::password: {get_input: admin_password} + keystone::endpoint::public_url: {get_input: keystone_public_url} + keystone::endpoint::internal_url: {get_input: keystone_internal_url} + keystone::endpoint::admin_url: {get_input: keystone_identity_uri} + keystone::endpoint::region: {get_input: keystone_region} # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} + mongodb::server::nojournal: {get_input: mongodb_no_journal} # MySQL admin_password: {get_input: admin_password} enable_galera: {get_input: enable_galera} enable_ceph_storage: {get_input: enable_ceph_storage} enable_swift_storage: {get_input: enable_swift_storage} mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} + mysql_max_connections: {get_input: mysql_max_connections} mysql::server::root_password: {get_input: mysql_root_password} mysql_cluster_name: {get_input: mysql_cluster_name} mysql_bind_host: {get_input: mysql_network} + mysql_virtual_ip: {get_input: mysql_virtual_ip} # Neutron neutron::bind_host: {get_input: neutron_api_network} neutron::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_user: {get_input: rabbit_user} + neutron::rabbit_user: {get_input: rabbit_username} neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} neutron::rabbit_port: {get_input: rabbit_client_port} neutron::debug: {get_input: debug} @@ -929,10 +1170,16 @@ resources: neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network} neutron_agent_mode: {get_input: neutron_agent_mode} neutron_router_distributed: {get_input: neutron_router_distributed} + neutron::core_plugin: {get_input: neutron_core_plugin} + neutron::service_plugins: {get_input: neutron_service_plugins} + neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers} neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers} neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} neutron::server::l3_ha: {get_input: neutron_l3_ha} + neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network} neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} + neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} + neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} neutron_bridge_mappings: {get_input: neutron_bridge_mappings} neutron_public_interface: {get_input: neutron_public_interface} neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} @@ -945,6 +1192,7 @@ resources: neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options} neutron_dsn: {get_input: neutron_dsn} neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri} + neutron::db::mysql::password: {get_input: neutron_password} # Ceilometer ceilometer_backend: {get_input: ceilometer_backend} @@ -960,8 +1208,9 @@ resources: ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri} ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri} ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} - ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address} + ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri} ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} + ceilometer::db::mysql::password: {get_input: ceilometer_password} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} @@ -980,12 +1229,14 @@ resources: nova::glance_api_servers: {get_input: glance_api_servers} nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} nova::network::neutron::neutron_admin_password: {get_input: neutron_password} - nova::network::neutron::neutron_url: {get_input: neutron_url} + nova::network::neutron::neutron_url: {get_input: neutron_internal_url} nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} nova::vncproxy::host: {get_input: nova_api_network} + nova::db::mysql::password: {get_input: nova_password} # Horizon apache::ip: {get_input: horizon_network} + horizon::allowed_hosts: {get_input: horizon_allowed_hosts} horizon::django_debug: {get_input: debug} horizon::secret_key: {get_input: horizon_secret} horizon::bind_address: {get_input: horizon_network} @@ -994,6 +1245,9 @@ resources: # Rabbit rabbitmq::node_ip_address: {get_input: rabbitmq_network} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} + rabbitmq::file_limit: {get_input: rabbit_fd_limit} + rabbitmq::default_user: {get_input: rabbit_username} + rabbitmq::default_pass: {get_input: rabbit_password} # Redis redis::bind: {get_input: redis_network} redis_vip: {get_input: redis_vip} @@ -1005,7 +1259,24 @@ resources: public_virtual_interface: {get_input: public_virtual_interface} tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface} tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} - enable_package_install: {get_input: enable_package_install} + tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address} + tripleo::packages::enable_install: {get_input: enable_package_install} + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + + # Hook for site-specific additional pre-deployment config, e.g extra hieradata + ControllerExtraConfigPre: + depends_on: ControllerDeployment + type: OS::TripleO::ControllerExtraConfigPre + properties: + server: {get_resource: Controller} + + # Hook for site-specific additional pre-deployment config, + # applying to all nodes, e.g node registration/unregistration + NodeExtraConfig: + depends_on: ControllerExtraConfigPre + type: OS::TripleO::NodeExtraConfig + properties: + server: {get_resource: Controller} UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate @@ -1055,7 +1326,7 @@ outputs: str_replace: template: IP HOST.localdomain HOST CLOUDNAME params: - IP: {get_attr: [Controller, networks, ctlplane, 0]} + IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} HOST: {get_attr: [Controller, name]} CLOUDNAME: {get_param: CloudName} nova_server_resource: @@ -1078,4 +1349,9 @@ outputs: IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} config_identifier: description: identifier which changes if the controller configuration may need re-applying - value: {get_attr: [ControllerDeployment, deploy_stdout]} + value: + list_join: + - ',' + - - {get_attr: [ControllerDeployment, deploy_stdout]} + - {get_attr: [ControllerExtraConfigPre, deploy_stdout]} + - {get_param: UpdateIdentifier} diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml new file mode 100644 index 00000000..2413f5a4 --- /dev/null +++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml @@ -0,0 +1,338 @@ +heat_template_version: 2015-04-30 + +description: Configure hieradata for Network Cisco configuration + +parameters: + # Parameters passed from the parent template + controller_servers: + type: json + compute_servers: + type: json + blockstorage_servers: + type: json + objectstorage_servers: + type: json + cephstorage_servers: + type: json + + # extra parameters passed via parameter_defaults + NetworkUCSMIp: + type: string + description: Cisco UCSM IP + default: 127.0.0.1 + NetworkUCSMUsername: + type: string + description: Cisco UCSM username + default: admin + NetworkUCSMPassword: + type: string + description: Cisco UCSM password + default: password + NetworkUCSMHostList: + type: string + description: > + Mac address to service profile mapping for UCSM-controlled hosts + The format is + '<host1-mac>:<profile>, <host2-mac>:<profile>, ...' + default: '' + NetworkUCSMSupportedPciDevs: + type: string + description: Cisco UCSM SR-IOV and VM-FEX vendors supported + default: '' + NetworkNexusConfig: + type: json + description: Nexus switch configuration + default: {} + NetworkNexusManagedPhysicalNetwork: + type: string + description: The name of the physical_network + default: '' + NetworkNexusVlanNamePrefix: + type: string + description: A short prefix to prepend to the VLAN name + default: 'q-' + NetworkNexusSviRoundRobin: + type: boolean + description: A flag to enable round robin scheduling + default: false + NetworkNexusProviderVlanNamePrefix: + type: string + description: A short prefix to prepend to the VLAN name + default: 'p-' + NetworkNexusPersistentSwitchConfig: + type: string + description: To make Nexus device persistent + default: false + NetworkNexusSwitchHeartbeatTime: + type: number + description: Time interval to check the state of the Nexus device + default: 0 + NetworkNexusSwitchReplayCount: + type: number + description: Number of times to attempt config replay + default: 3 + NetworkNexusProviderVlanAutoCreate: + type: boolean + description: A flag whether to manage the creation and removal of VLANs + default: true + NetworkNexusProviderVlanAutoTrunk: + type: boolean + description: A flag whether to manage the trunk ports on the Nexus + default: true + NetworkNexusVxlanGlobalConfig: + type: boolean + description: A flag whether to manage the VXLAN global settings + default: true + NetworkNexusHostKeyChecks: + type: boolean + description: enable strict host key checks when connecting to Nexus switches + default: false + NetworkNexusVxlanVniRanges: + type: string + description: VXLAN Network IDs that are available for tenant network + default: '' + NetworkNexusVxlanMcastRanges: + type: string + description: Multicast groups for the VXLAN interface. + default: '' + + +resources: + # First we lay down the base configuration via the static hieradata mappings + NetworkCiscoConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + neutron_cisco_data: + mapped_data: + neutron::plugins::ml2::cisco::ucsm::ucsm_ip: {get_input: UCSM_ip} + neutron::plugins::ml2::cisco::ucsm::ucsm_username: {get_input: UCSM_username} + neutron::plugins::ml2::cisco::ucsm::ucsm_password: {get_input: UCSM_password} + neutron::plugins::ml2::cisco::ucsm::ucsm_host_list: {get_input: UCSM_host_list} + neutron::plugins::ml2::cisco::ucsm::supported_pci_devs: {get_input: UCSMSupportedPciDevs} + neutron::plugins::ml2::cisco::nexus::nexus_config: {get_input: NexusConfig} + neutron::plugins::ml2::cisco::nexus::managed_physical_network: {get_input: NexusManagedPhysicalNetwork} + neutron::plugins::ml2::cisco::nexus::vlan_name_prefix: {get_input: NexusVlanNamePrefix} + neutron::plugins::ml2::cisco::nexus::svi_round_robin: {get_input: NexusSviRoundRobin} + neutron::plugins::ml2::cisco::nexus::provider_vlan_name_prefix: {get_input: NexusProviderVlanNamePrefix} + neutron::plugins::ml2::cisco::nexus::persistent_switch_config: {get_input: NexusPersistentSwitchConfig} + neutron::plugins::ml2::cisco::nexus::switch_heartbeat_time: {get_input: NexusSwitchHeartbeatTime} + neutron::plugins::ml2::cisco::nexus::switch_replay_count: {get_input: NexusSwitchReplayCount} + neutron::plugins::ml2::cisco::nexus::provider_vlan_auto_create: {get_input: NexusProviderVlanAutoCreate} + neutron::plugins::ml2::cisco::nexus::provider_vlan_auto_trunk: {get_input: NexusProviderVlanAutoTrunk} + neutron::plugins::ml2::cisco::nexus::vxlan_global_config: {get_input: NexusVxlanGlobalConfig} + neutron::plugins::ml2::cisco::nexus::host_key_checks: {get_input: NexusHostKeyChecks} + neutron::plugins::ml2::cisco::type_nexus_vxlan::vni_ranges: {get_input: NexusVxlanVniRanges} + neutron::plugins::ml2::cisco::type_nexus_vxlan::mcast_ranges: {get_input: NexusVxlanMcastRanges} + + NetworkCiscoDeployment: + type: OS::Heat::StructuredDeployments + properties: + config: {get_resource: NetworkCiscoConfig} + servers: {get_param: controller_servers} + input_values: + UCSM_ip: {get_param: NetworkUCSMIp} + UCSM_username: {get_param: NetworkUCSMUsername} + UCSM_password: {get_param: NetworkUCSMPassword} + UCSM_host_list: {get_attr: [MappingToUCSMDeploymentsController, deploy_stdout]} + UCSMSupportedPciDevs: {get_param: NetworkUCSMSupportedPciDevs} + NexusConfig: {get_attr: [MappingToNexusDeploymentsController, deploy_stdout]} + NexusManagedPhysicalNetwork: {get_param: NetworkNexusManagedPhysicalNetwork} + NexusVlanNamePrefix: {get_param: NetworkNexusVlanNamePrefix} + NexusSviRoundRobin: {get_param: NetworkNexusSviRoundRobin} + NexusProviderVlanNamePrefix: {get_param: NetworkNexusProviderVlanNamePrefix} + NexusPersistentSwitchConfig: {get_param: NetworkNexusPersistentSwitchConfig} + NexusSwitchHeartbeatTime: {get_param: NetworkNexusSwitchHeartbeatTime} + NexusSwitchReplayCount: {get_param: NetworkNexusSwitchReplayCount} + NexusProviderVlanAutoCreate: {get_param: NetworkNexusProviderVlanAutoCreate} + NexusProviderVlanAutoTrunk: {get_param: NetworkNexusProviderVlanAutoTrunk} + NexusVxlanGlobalConfig: {get_param: NetworkNexusVxlanGlobalConfig} + NexusHostKeyChecks: {get_param: NetworkNexusHostKeyChecks} + NexusVxlanVniRanges: {get_param: NetworkNexusVxlanVniRanges} + NexusVxlanMcastRanges: {get_param: NetworkNexusVxlanMcastRanges} + + # Now we collect the Mac->Hostname mappings for all nodes, which enables + # calculation of the neutron::plugins::ml2::cisco::nexus::nexus_config data + CollectMacConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/sh + MACS=$(ifconfig | grep ether | awk '{print $2}' | tr "\n" " ") + HOST_FQDN=$(hostname -f) + if [ -z "$HOST_FQDN" ]; then + HOSTNAME=$(hostname -s) + # hardcoding the domain name to avoid DNS lookup dependency + # same type of hardcoding appears elsewhere + # --ie. controller-puppet.yaml + # FIXME_HOSTNAME_DOMAIN_HARDCODE + echo "$HOSTNAME.localdomain $MACS" + else + echo "$HOST_FQDN $MACS" + fi + + CollectMacDeploymentsController: + type: OS::Heat::SoftwareDeployments + properties: + servers: {get_param: controller_servers} + config: {get_resource: CollectMacConfig} + actions: ['CREATE'] # Only do this on CREATE + + CollectMacDeploymentsCompute: + type: OS::Heat::SoftwareDeployments + properties: + servers: {get_param: compute_servers} + config: {get_resource: CollectMacConfig} + actions: ['CREATE'] # Only do this on CREATE + + CollectMacDeploymentsBlockStorage: + type: OS::Heat::SoftwareDeployments + properties: + servers: {get_param: blockstorage_servers} + config: {get_resource: CollectMacConfig} + actions: ['CREATE'] # Only do this on CREATE + + CollectMacDeploymentsObjectStorage: + type: OS::Heat::SoftwareDeployments + properties: + servers: {get_param: objectstorage_servers} + config: {get_resource: CollectMacConfig} + actions: ['CREATE'] # Only do this on CREATE + + CollectMacDeploymentsCephStorage: + type: OS::Heat::SoftwareDeployments + properties: + servers: {get_param: cephstorage_servers} + config: {get_resource: CollectMacConfig} + actions: ['CREATE'] # Only do this on CREATE + + # Now we calculate the additional nexus config based on the mappings + MappingToNexusConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: controller_mappings + - name: compute_mappings + - name: blockstorage_mappings + - name: objectstorage_mappings + - name: cephstorage_mappings + - name: nexus_config + config: | + #!/bin/python + import ast + import json + import os + from copy import deepcopy + + mappings = ['controller_mappings', + 'compute_mappings', + 'blockstorage_mappings', + 'objectstorage_mappings', + 'cephstorage_mappings', + 'nexus_config'] + mapdict_list = [] + nexus = {} + for map_name in mappings: + f_name = '/root/' + map_name + map_data = os.getenv(map_name, "Nada") + with open(f_name, 'a') as f: + f.write(map_data) + if map_data is not "Nada": + if map_name is not 'nexus_config': + mapdict_list.append(ast.literal_eval(map_data)) + else: + nexus = ast.literal_eval(map_data) + + mac2host = {} + for mapdict in mapdict_list: + for (listnum, host2mac_list) in mapdict.iteritems(): + vals = host2mac_list.rstrip().split() + for mac in vals[1:]: + mac2host[mac.lower()] = vals[0] + + with open('/root/mac2host', 'a') as f: + f.write(str(mac2host)) + + # now we have mac to host, map host to switchport in hieradata + # nexus = ast.literal_eval(os.getenv('nexus_config', None)) + nexus_cp = deepcopy(nexus) + for nexus_switch in nexus: + for (mac,swport) in nexus[nexus_switch]['servers'].iteritems(): + lmac=mac.lower() + if lmac in mac2host: + hostname = mac2host[lmac] + # for puppet we need a unique title even at the 2nd key level + serv_key = nexus_switch + "::" + hostname + if serv_key in nexus_cp[nexus_switch]['servers']: + nexus_cp[nexus_switch]['servers'][serv_key]['ports'] += ',' + swport['ports'] + else: + nexus_cp[nexus_switch]['servers'][serv_key] = swport + nexus_cp[nexus_switch]['servers'][serv_key]['hostname'] = hostname + del nexus_cp[nexus_switch]['servers'][mac] + # Note this echo means you can view the data via heat deployment-show + print json.dumps(nexus_cp) + + MappingToNexusDeploymentsController: + type: OS::Heat::SoftwareDeployment + properties: + server: {get_param: [controller_servers, '0']} + config: {get_resource: MappingToNexusConfig} + input_values: + # FIXME(shardy): It'd be more convenient if we could join these + # items together but because the returned format is a map (not a list) + # we can't use list_join or str_replace. Possible Heat TODO. + controller_mappings: {get_attr: [CollectMacDeploymentsController, deploy_stdouts]} + compute_mappings: {get_attr: [CollectMacDeploymentsCompute, deploy_stdouts]} + blockstorage_mappings: {get_attr: [CollectMacDeploymentsBlockStorage, deploy_stdouts]} + objectstorage_mappings: {get_attr: [CollectMacDeploymentsObjectStorage, deploy_stdouts]} + cephstorage_mappings: {get_attr: [CollectMacDeploymentsCephStorage, deploy_stdouts]} + nexus_config: {get_param: NetworkNexusConfig} + actions: ['CREATE'] # Only do this on CREATE + + MappingToUCSMConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: ucsm_config + config: | + #!/bin/python + import ast + import os + with open('/root/mac2host', 'r') as f: + s=f.read() + m2h=ast.literal_eval(s) + ucs_config = os.getenv('ucsm_config', "Nada") + ucs_data = [] + lines = ucs_config.split(',') + for line in lines: + entry=line.rsplit(":",1) + mac = entry[0].lower().strip() + if mac in m2h: + ucs_data.append(m2h[mac] + ":" + entry[1]) + + print ", ".join(ucs_data) + + + MappingToUCSMDeploymentsController: + type: OS::Heat::SoftwareDeployment + depends_on: MappingToNexusDeploymentsController + properties: + server: {get_param: [controller_servers, '0']} + config: {get_resource: MappingToUCSMConfig} + input_values: + ucsm_config: {get_param: NetworkUCSMHostList} + actions: ['CREATE'] # Only do this on CREATE + +outputs: + # The Deployment applying the hieradata outputs the derived config-id, which + # changes if the input_values change, so if the stdouts from + # NetworkCiscoDeployment change, we need to reapply puppet (which will + # happen if we return a different config_identifier) + config_identifier: + value: {get_attr: [NetworkCiscoDeployment, deploy_stdouts]} diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml new file mode 100644 index 00000000..7cefc24b --- /dev/null +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -0,0 +1,95 @@ +heat_template_version: 2015-04-30 +description: 'Configure parameters for an external Ceph cluster via Puppet.' + +parameters: + ceph_storage_count: + default: 0 + type: number + description: Number of Ceph storage nodes. Used to enable/disable managed Ceph installation. + ceph_external_mon_ips: + default: '' + type: string + description: List of external Ceph Mon host IPs. + ceph_client_key: + default: '' + type: string + description: Ceph key used to create the 'openstack' user keyring. + ceph_fsid: + default: '' + type: string + # The following parameters are unused for external Ceph clusters and + # are here and exist for compatibility + ceph_admin_key: + default: '' + type: string + ceph_mon_key: + default: '' + type: string + ceph_mon_names: + type: comma_delimited_list + ceph_mon_ips: + type: comma_delimited_list + NovaRbdPoolName: + default: vms + type: string + CinderRbdPoolName: + default: volumes + type: string + GlanceRbdPoolName: + default: images + type: string + CephClientUserName: + default: openstack + type: string + +resources: + CephClusterConfigImpl: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + ceph_cluster: + mapped_data: + ceph_storage_count: {get_param: ceph_storage_count} + enable_external_ceph: true + ceph::profile::params::mon_host: {get_param: ceph_external_mon_ips} + ceph::profile::params::fsid: {get_param: ceph_fsid} + ceph::profile::params::client_keys: + str_replace: + template: "{ + client.CLIENT_USER: { + secret: 'CLIENT_KEY', + mode: '0644', + cap_mon: 'allow r', + cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL' + } + }" + params: + CLIENT_USER: {get_param: CephClientUserName} + CLIENT_KEY: {get_param: ceph_client_key} + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} + cinder_rbd_pool_name: {get_param: CinderRbdPoolName} + glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} + nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + glance::backend::rbd::rbd_store_pool: {get_param: CephClientUserName} + nova::compute::rbd::rbd_keyring: + list_join: + - '.' + - - 'client' + - {get_param: CephClientUserName} + ceph_client_user_name: {get_param: CephClientUserName} + ceph_pools: + - {get_param: CinderRbdPoolName} + - {get_param: NovaRbdPoolName} + - {get_param: GlanceRbdPoolName} + +outputs: + config_id: + description: The ID of the CephClusterConfigImpl resource. + value: + {get_resource: CephClusterConfigImpl} diff --git a/puppet/extraconfig/pre_deploy/README b/puppet/extraconfig/pre_deploy/README new file mode 100644 index 00000000..51fc3406 --- /dev/null +++ b/puppet/extraconfig/pre_deploy/README @@ -0,0 +1,12 @@ +This tree contains additional configuration which happens "pre deployment", +e.g before the OpenStack services themselves are configured but after the +nodes themselves have been provisioned and initially configured. + +Typically for puppet deployments these additional configs will put in place +hieradata which is then consumed by the subsequent puppet configuration +which occurs during the post-deployment phase. + +If you need to specify multiple configs, you can chain them together in a +template, see the multiple.yaml example: + + OS::TripleO::ControllerExtraConfigPre: puppet/extraconfig/pre_deploy/controller/multiple.yaml diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml new file mode 100644 index 00000000..7ec2190f --- /dev/null +++ b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml @@ -0,0 +1,147 @@ +heat_template_version: 2015-04-30 + +description: Configure hieradata for Cinder Netapp configuration + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + + # Config specific parameters, to be provided via parameter_defaults + CinderEnableNetappBackend: + type: boolean + default: true + CinderNetappBackendName: + type: string + default: 'tripleo_netapp' + CinderNetappLogin: + type: string + CinderNetappPassword: + type: string + hidden: true + CinderNetappServerHostname: + type: string + CinderNetappServerPort: + type: string + default: '80' + CinderNetappSizeMultiplier: + type: string + default: '1.2' + CinderNetappStorageFamily: + type: string + default: 'ontap_cluster' + CinderNetappStorageProtocol: + type: string + default: 'nfs' + CinderNetappTransportType: + type: string + default: 'http' + CinderNetappVfiler: + type: string + default: '' + CinderNetappVolumeList: + type: string + default: '' + CinderNetappVserver: + type: string + default: '' + CinderNetappPartnerBackendName: + type: string + default: '' + CinderNetappNfsShares: + type: string + default: '' + CinderNetappNfsSharesConfig: + type: string + default: '/etc/cinder/shares.conf' + CinderNetappNfsMountOptions: + type: string + default: '' + CinderNetappCopyOffloadToolPath: + type: string + default: '' + CinderNetappControllerIps: + type: string + default: '' + CinderNetappSaPassword: + type: string + default: '' + hidden: true + CinderNetappStoragePools: + type: string + default: '' + CinderNetappEseriesHostType: + type: string + default: 'linux_dm_mp' + CinderNetappWebservicePath: + type: string + default: '/devmgr/v2' + +resources: + CinderNetappConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + cinder_netapp_data: + mapped_data: + cinder_enable_netapp_backend: {get_input: EnableNetappBackend} + cinder::backend::netapp::title: {get_input: NetappBackendName} + cinder::backend::netapp::netapp_login: {get_input: NetappLogin} + cinder::backend::netapp::netapp_password: {get_input: NetappPassword} + cinder::backend::netapp::netapp_server_hostname: {get_input: NetappServerHostname} + cinder::backend::netapp::netapp_server_port: {get_input: NetappServerPort} + cinder::backend::netapp::netapp_size_multiplier: {get_input: NetappSizeMultiplier} + cinder::backend::netapp::netapp_storage_family: {get_input: NetappStorageFamily} + cinder::backend::netapp::netapp_storage_protocol: {get_input: NetappStorageProtocol} + cinder::backend::netapp::netapp_transport_type: {get_input: NetappTransportType} + cinder::backend::netapp::netapp_vfiler: {get_input: NetappVfiler} + cinder::backend::netapp::netapp_volume_list: {get_input: NetappVolumeList} + cinder::backend::netapp::netapp_vserver: {get_input: NetappVserver} + cinder::backend::netapp::netapp_partner_backend_name: {get_input: NetappPartnerBackendName} + cinder::backend::netapp::nfs_shares: {get_input: NetappNfsShares} + cinder::backend::netapp::nfs_shares_config: {get_input: NetappNfsSharesConfig} + cinder::backend::netapp::nfs_mount_options: {get_input: NetappNfsMountOptions} + cinder::backend::netapp::netapp_copyoffload_tool_path: {get_input: NetappCopyOffloadToolPath} + cinder::backend::netapp::netapp_controller_ips: {get_input: NetappControllerIps} + cinder::backend::netapp::netapp_sa_password: {get_input: NetappSaPassword} + cinder::backend::netapp::netapp_storage_pools: {get_input: NetappStoragePools} + cinder::backend::netapp::netapp_eseries_host_type: {get_input: NetappEseriesHostType} + cinder::backend::netapp::netapp_webservice_path: {get_input: NetappWebservicePath} + + CinderNetappDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: CinderNetappConfig} + server: {get_param: server} + input_values: + EnableNetappBackend: {get_param: CinderEnableNetappBackend} + NetappBackendName: {get_param: CinderNetappBackendName} + NetappLogin: {get_param: CinderNetappLogin} + NetappPassword: {get_param: CinderNetappPassword} + NetappServerHostname: {get_param: CinderNetappServerHostname} + NetappServerPort: {get_param: CinderNetappServerPort} + NetappSizeMultiplier: {get_param: CinderNetappSizeMultiplier} + NetappStorageFamily: {get_param: CinderNetappStorageFamily} + NetappStorageProtocol: {get_param: CinderNetappStorageProtocol} + NetappTransportType: {get_param: CinderNetappTransportType} + NetappVfiler: {get_param: CinderNetappVfiler} + NetappVolumeList: {get_param: CinderNetappVolumeList} + NetappVserver: {get_param: CinderNetappVserver} + NetappPartnerBackendName: {get_param: CinderNetappPartnerBackendName} + NetappNfsShares: {get_param: CinderNetappNfsShares} + NetappNfsSharesConfig: {get_param: CinderNetappNfsSharesConfig} + NetappNfsMountOptions: {get_param: CinderNetappNfsMountOptions} + NetappCopyOffloadToolPath: {get_param: CinderNetappCopyOffloadToolPath} + NetappControllerIps: {get_param: CinderNetappControllerIps} + NetappSaPassword: {get_param: CinderNetappSaPassword} + NetappStoragePools: {get_param: CinderNetappStoragePools} + NetappEseriesHostType: {get_param: CinderNetappEseriesHostType} + NetappWebservicePath: {get_param: CinderNetappWebservicePath} + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: {get_attr: [CinderNetappDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/controller/multiple.yaml b/puppet/extraconfig/pre_deploy/controller/multiple.yaml new file mode 100644 index 00000000..f949a397 --- /dev/null +++ b/puppet/extraconfig/pre_deploy/controller/multiple.yaml @@ -0,0 +1,18 @@ +heat_template_version: 2014-10-16 +description: 'Extra Pre-Deployment Config, multiple' +parameters: + server: + type: string + +resources: + + CinderNetappConfig: + type: cinder-netapp.yaml + properties: + server: {get_param: server} + + # Note depends_on may be used for serialization if ordering is important + OtherConfig: + type: other.yaml + properties: + server: {get_param: server} diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml new file mode 100644 index 00000000..bf06d25d --- /dev/null +++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml @@ -0,0 +1,73 @@ +heat_template_version: 2015-04-30 + +description: Configure hieradata for Neutron Big Switch configuration + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + NeutronBigswitchRestproxyServers: + description: 'Big Switch controllers ("IP:port,IP:port")' + type: string + NeutronBigswitchRestproxyServerAuth: + description: 'Big Switch controller credentials ("username:password")' + type: string + NeutronBigswitchRestproxyAutoSyncOnFailure: + description: Resynchronize with the new master server on Big Switch failover. + type: boolean + default: true + NeutronBigswitchRestproxyConsistencyInterval: + description: Keepalive message interval (from Neutron to Big Switch controller). + type: number + default: 60 + NeutronBigswitchRestproxyNeutronId: + description: Unique identifier of the Neutron instance for the Big Switch controller. + type: string + default: 'neutron' + NeutronBigswitchRestproxyServerSsl: + description: Whether Neutron should use SSL to talk to the Big Switch controllers. + type: boolean + default: true + NeutronBigswitchRestproxySslCertDirectory: + description: Directory where Big Switch controller certificate will be stored. + type: string + default: '/var/lib/neutron' + + +resources: + NeutronBigswitchConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + neutron_bigswitch_data: + mapped_data: + neutron_enable_bigswitch_ml2: true + neutron::plugins::ml2::bigswitch::restproxy::servers: {get_input: restproxy_servers} + neutron::plugins::ml2::bigswitch::restproxy::server_auth: {get_input: restproxy_server_auth} + neutron::plugins::ml2::bigswitch::restproxy::auto_sync_on_failure: {get_input: restproxy_auto_sync_on_failure} + neutron::plugins::ml2::bigswitch::restproxy::consistency_interval: {get_input: restproxy_consistency_interval} + neutron::plugins::ml2::bigswitch::restproxy::neutron_id: {get_input: restproxy_neutron_id} + neutron::plugins::ml2::bigswitch::restproxy::server_ssl: {get_input: restproxy_server_ssl} + neutron::plugins::ml2::bigswitch::restproxy::ssl_cert_directory: {get_input: restproxy_ssl_cert_directory} + + NeutronBigswitchDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: NeutronBigswitchConfig} + server: {get_param: server} + input_values: + restproxy_servers: {get_param: NeutronBigswitchRestproxyServers} + restproxy_server_auth: {get_param: NeutronBigswitchRestproxyServerAuth } + restproxy_auto_sync_on_failure: {get_param: NeutronBigswitchRestproxyAutoSyncOnFailure} + restproxy_consistency_interval: {get_param: NeutronBigswitchRestproxyConsistencyInterval} + restproxy_neutron_id: {get_param: NeutronBigswitchRestproxyNeutronId} + restproxy_server_ssl: {get_param: NeutronBigswitchRestproxyServerSsl} + restproxy_ssl_cert_directory: {get_param: NeutronBigswitchRestproxySslCertDirectory} + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: {get_attr: [NeutronBigswitchDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml new file mode 100644 index 00000000..6730ddf1 --- /dev/null +++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml @@ -0,0 +1,179 @@ +heat_template_version: 2015-04-30 + +description: Configure hieradata for Cisco N1KV configuration + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + + # Config specific parameters, to be provided via parameter_defaults + N1000vVSMIP: + type: string + default: '192.0.2.50' + N1000vVSMDomainID: + type: number + default: 100 + N1000vVSMIPV6: + type: string + default: '::1' + N1000vVEMHostMgmtIntf: + type: string + default: 'br-ex' + N1000vUplinkProfile: + type: string + default: '{eth1: system-uplink,}' + N1000vVtepConfig: + type: string + default: '{}' + N1000vVEMSource: + type: string + default: '' + N1000vVEMVersion: + type: string + default: '' + N1000vPortDB: + type: string + default: 'ovs' + N1000vVtepsInSameSub: + type: boolean + default: false + N1000vVEMFastpathFlood: + type: string + default: 'enable' +#VSM Puppet Parameter + N1000vVSMSource: + type: string + default: '' + N1000vVSMVersion: + type: string + default: 'latest' + N1000vVSMHostMgmtIntf: + type: string + default: 'br-ex' + N1000vVSMRole: + type: string + default: 'primary' + N1000vVSMPassword: + type: string + default: 'Password' + N1000vMgmtNetmask: + type: string + default: '255.255.255.0' + N1000vMgmtGatewayIP: + type: string + default: '192.0.2.1' + N1000vPacemakerControl: + type: boolean + default: true + N1000vExistingBridge: + type: boolean + default: true + N1000vVSMHostMgmtIntfVlan: + type: number + default: 0 +#Plugin Parameters + N1000vVSMUser: + type: string + default: 'admin' + N1000vPollDuration: + type: number + default: 60 + N1000vHttpPoolSize: + type: number + default: 5 + N1000vHttpTimeout: + type: number + default: 15 + N1000vSyncInterval: + type: number + default: 300 + N1000vMaxVSMRetries: + type: number + default: 2 + +resources: + CiscoN1kvConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + cisco_n1kv_data: + mapped_data: + #enable_cisco_n1kv: {get_input: EnableCiscoN1kv} + # VEM Parameters + n1kv_vem_source: {get_input: n1kv_vem_source} + n1kv_vem_version: {get_input: n1kv_vem_version} + neutron::agents::n1kv_vem::n1kv_vsm_ip: {get_input: n1kv_vsm_ip} + neutron::agents::n1kv_vem::n1kv_vsm_domain_id: {get_input: n1kv_vsm_domain_id} + neutron::agents::n1kv_vem::n1kv_vsm_ip_v6: {get_input: n1kv_vsm_ip_v6} + neutron::agents::n1kv_vem::host_mgmt_intf: {get_input: n1kv_vem_host_mgmt_intf} + neutron::agents::n1kv_vem::uplink_profile: {get_input: n1kv_vem_uplink_profile} + neutron::agents::n1kv_vem::vtep_config: {get_input: n1kv_vem_vtep_config} + neutron::agents::n1kv_vem::portdb: {get_input: n1kv_vem_portdb} + neutron::agents::n1kv_vem::vteps_in_same_subnet: {get_input: n1kv_vem_vteps_in_same_subnet} + neutron::agents::n1kv_vem::fastpath_flood: {get_input: n1kv_vem_fastpath_flood} + #VSM Parameter + n1kv_vsm_source: {get_input: n1kv_vsm_source} + n1kv_vsm_version: {get_input: n1kv_vsm_version} + n1k_vsm::phy_if_bridge: {get_input: n1kv_vsm_host_mgmt_intf} + n1k_vsm::vsm_role: {get_input: n1kv_vsm_role} + n1k_vsm::pacemaker_control: {get_input: n1kv_vsm_pacemaker_ctrl} + n1k_vsm::existing_bridge: {get_input: n1kv_vsm_existing_br} + n1k_vsm::vsm_admin_passwd: {get_input: n1kv_vsm_password} + n1k_vsm::vsm_domain_id: {get_input: n1kv_vsm_domain_id} + n1k_vsm::vsm_mgmt_ip: {get_input: n1kv_vsm_ip} + n1k_vsm::vsm_mgmt_netmask: {get_input: n1kv_vsm_mgmt_netmask} + n1k_vsm::vsm_mgmt_gateway: {get_input: n1kv_vsm_gateway_ip} + n1k_vsm::phy_gateway: {get_input: n1kv_vsm_gateway_ip} + n1k_vsm::phy_bridge_vlan: {get_input: n1kv_phy_brige_vlan} + # Cisco N1KV driver Parameters + neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_ip: {get_input: n1kv_vsm_ip} + neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_username: {get_input: n1kv_vsm_username} + neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_password: {get_input: n1kv_vsm_password} + neutron::plugins::ml2::cisco::nexus1000v::poll_duration: {get_input: n1kv_vsm_poll_duration} + neutron::plugins::ml2::cisco::nexus1000v::http_pool_size: {get_input: n1kv_vsm_http_pool_size} + neutron::plugins::ml2::cisco::nexus1000v::http_timeout: {get_input: n1kv_vsm_http_timeout} + neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_sync_interval: {get_input: n1kv_vsm_sync_interval} + neutron::plugins::ml2::cisco::nexus1000v::max_vsm_retries: {get_input: n1kv_max_vsm_retries} + + CiscoN1kvDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: CiscoN1kvConfig} + server: {get_param: server} + input_values: + n1kv_vsm_ip: {get_param: N1000vVSMIP} + n1kv_vsm_domain_id: {get_param: N1000vVSMDomainID} + n1kv_vsm_ip_v6: {get_param: N1000vVSMIPV6} + n1kv_vem_host_mgmt_intf: {get_param: N1000vVEMHostMgmtIntf} + n1kv_vem_uplink_profile: {get_param: N1000vUplinkProfile} + n1kv_vem_vtep_config: {get_param: N1000vVtepConfig} + n1kv_vem_source: {get_param: N1000vVEMSource} + n1kv_vem_version: {get_param: N1000vVEMVersion} + n1kv_vem_portdb: {get_param: N1000vPortDB} + n1kv_vem_vteps_in_same_subnet: {get_param: N1000vVtepsInSameSub} + n1kv_vem_fastpath_flood: {get_param: N1000vVEMFastpathFlood} + n1kv_vsm_source: {get_param: N1000vVSMSource} + n1kv_vsm_version: {get_param: N1000vVSMVersion} + n1kv_vsm_host_mgmt_intf: {get_param: N1000vVSMHostMgmtIntf} + n1kv_vsm_role: {get_param: N1000vVSMRole} + n1kv_vsm_password: {get_param: N1000vVSMPassword} + n1kv_vsm_mgmt_netmask: {get_param: N1000vMgmtNetmask} + n1kv_vsm_gateway_ip: {get_param: N1000vMgmtGatewayIP} + n1kv_phy_brige_vlan: {get_param: N1000vVSMHostMgmtIntfVlan} + n1kv_vsm_pacemaker_ctrl: {get_param: N1000vPacemakerControl} + n1kv_vsm_existing_br: {get_param: N1000vExistingBridge} + n1kv_vsm_username: {get_param: N1000vVSMUser} + n1kv_vsm_poll_duration: {get_param: N1000vPollDuration} + n1kv_vsm_http_pool_size: {get_param: N1000vHttpPoolSize} + n1kv_vsm_http_timeout: {get_param: N1000vHttpTimeout} + n1kv_vsm_sync_interval: {get_param: N1000vSyncInterval} + n1kv_max_vsm_retries: {get_param: N1000vMaxVSMRetries} + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: {get_attr: [CiscoN1kvDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/default.yaml b/puppet/extraconfig/pre_deploy/default.yaml new file mode 100644 index 00000000..dcbc6811 --- /dev/null +++ b/puppet/extraconfig/pre_deploy/default.yaml @@ -0,0 +1,8 @@ +heat_template_version: 2014-10-16 +description: 'Noop Extra Pre-Deployment Config' +parameters: + server: + type: string +outputs: + deploy_stdout: + value: "None" diff --git a/puppet/extraconfig/pre_deploy/per_node.yaml b/puppet/extraconfig/pre_deploy/per_node.yaml new file mode 100644 index 00000000..80c8ad6e --- /dev/null +++ b/puppet/extraconfig/pre_deploy/per_node.yaml @@ -0,0 +1,56 @@ +heat_template_version: 2015-04-30 + +description: Configure hieradata overrides for specific nodes + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + + # Config specific parameters, to be provided via parameter_defaults + # This would be a lookup of the node UUID as provided by dmidecode + # to the json required for the node-specific hieradata + # Note this needs to be a json blob e.g: + # parameter_defaults: + # NodeDataLookup: | + # {"AB4114B1-9C9D-409A-BEFB-D88C151BF2C3": {"foo": "bar"}, + # "8CF1A7EA-7B4B-4433-AC83-17675514B1B8": {"foo2": "bar2"}} + NodeDataLookup: + type: string + default: '' + description: json string containing per-node configuration map + +resources: + NodeSpecificConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: node_lookup + config: | + #!/bin/sh + node_id=$(dmidecode --s system-uuid) + + # Create a /etc/puppet/hieradata/UUID.json file to provide + # the data of the NodeDataLookup parameter that matches the + # system UUID + echo $node_lookup | python -c " + import json + import sys + input = sys.stdin.readline() or '{}' + cnt = json.loads(input) + print json.dumps(cnt.get('${node_id}', {})) + " > /etc/puppet/hieradata/${node_id}.json + + NodeSpecificDeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: NodeSpecificConfig} + server: {get_param: server} + input_values: + node_lookup: {get_param: NodeDataLookup} + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: {get_attr: [NodeSpecificDeployment, deploy_stdout]} diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml index 280457df..ca6d3954 100644 --- a/puppet/hieradata/ceph.yaml +++ b/puppet/hieradata/ceph.yaml @@ -7,7 +7,6 @@ ceph::profile::params::osds: {/srv/data: {}} ceph::profile::params::manage_repo: false ceph::profile::params::authentication_type: cephx -ceph_pools: - - volumes - - vms - - images +ceph_classes: [] + +ceph_osd_selinux_permissive: true diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml index 40c44aef..030f661d 100644 --- a/puppet/hieradata/common.yaml +++ b/puppet/hieradata/common.yaml @@ -13,15 +13,7 @@ nova::network::neutron::vif_plugging_is_fatal: false nova::network::neutron::vif_plugging_timeout: 30 nova::network::neutron::dhcp_domain: '' -neutron::plugins::ml2::tunnel_id_ranges: - - '1:1000' -neutron::plugins::ml2::vni_ranges: - - '1:1000' -neutron::plugins::ml2::type_drivers: - - flat - - gre - - vxlan - - vlan +neutron::allow_overlapping_ips: true sysctl_settings: net.ipv4.tcp_keepalive_intvl: @@ -29,4 +21,13 @@ sysctl_settings: net.ipv4.tcp_keepalive_probes: value: 5 net.ipv4.tcp_keepalive_time: - value: 5
\ No newline at end of file + value: 5 + +nova::rabbit_heartbeat_timeout_threshold: 60 +neutron::rabbit_heartbeat_timeout_threshold: 60 +cinder::rabbit_heartbeat_timeout_threshold: 60 +ceilometer::rabbit_heartbeat_timeout_threshold: 60 +heat::rabbit_heartbeat_timeout_threshold: 60 +keystone::rabbit_heartbeat_timeout_threshold: 60 + +nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 4915d3c8..173020f8 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -10,9 +10,9 @@ nova::compute::vnc_enabled: true nova::compute::libvirt::vncserver_listen: '0.0.0.0' nova::compute::libvirt::migration_support: true -nova::compute::rbd::libvirt_rbd_user: 'openstack' -nova::compute::rbd::rbd_keyring: 'client.openstack' -nova::compute::rbd::libvirt_images_rbd_pool: 'vms' nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" ceilometer::agent::auth::auth_tenant_name: 'service' +ceilometer::agent::auth::auth_endpoint_type: 'internalURL' + +compute_classes: [] diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 3de9bd91..a4914c0e 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -22,6 +22,7 @@ rabbitmq_config_variables: cluster_partition_handling: 'pause_minority' mongodb::server::replset: tripleo +mongodb::server::journal: false redis::port: 6379 redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}" @@ -39,6 +40,11 @@ swift::proxy::authtoken::admin_tenant_name: 'service' ceilometer::api::keystone_tenant: 'service' heat::keystone_tenant: 'service' +# keystone +keystone::cron::token_flush::maxdelay: 3600 +keystone::roles::admin::service_tenant: 'service' +keystone::roles::admin::admin_tenant: 'admin' + #swift swift::proxy::pipeline: - 'catch_errors' @@ -47,9 +53,9 @@ swift::proxy::pipeline: - 'ratelimit' - 'tempurl' - 'formpost' - - 'staticweb' - 'authtoken' - 'keystone' + - 'staticweb' - 'proxy-logging' - 'proxy-server' @@ -57,37 +63,45 @@ swift::proxy::account_autocreate: true # glance glance::api::pipeline: 'keystone' +glance::api::show_image_direct_url: true glance::registry::pipeline: 'keystone' glance::backend::swift::swift_store_create_container_on_put: true glance::backend::rbd::rbd_store_user: 'openstack' +glance_file_pcmk_directory: '/var/lib/glance/images' # neutron -neutron::core_plugin: 'ml2' -neutron::service_plugins: - - 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin' -neutron::dhcp_agents_per_network: 2 neutron::server::sync_db: true neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf # nova nova::notify_on_state_change: 'vm_and_task_state' +nova::api::default_floating_pool: 'public' nova::api::osapi_v3: true +nova::scheduler::filter::ram_allocation_ratio: '1.0' + +# ceilometer +ceilometer::agent::auth::auth_endpoint_type: 'internalURL' # cinder cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler # heat -heat::engine::heat_stack_user_role: '' heat::engine::configure_delegated_roles: false heat::engine::trusts_delegated_roles: [] +heat::instance_user: '' # pacemaker pacemaker::corosync::cluster_name: 'tripleo_cluster' pacemaker::corosync::manage_fw: false +pacemaker::resource_defaults::defaults: + resource-stickiness: { value: INFINITY } # horizon -horizon::allowed_hosts: '*' +horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache horizon::django_session_engine: 'django.contrib.sessions.backends.cache' +horizon::vhost_extra_params: + add_listen: false + priority: 10 # mysql mysql::server::manage_config_file: true @@ -111,3 +125,5 @@ tripleo::loadbalancer::heat_api: true tripleo::loadbalancer::heat_cloudwatch: true tripleo::loadbalancer::heat_cfn: true tripleo::loadbalancer::horizon: true + +controller_classes: [] diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml new file mode 100644 index 00000000..7e925d90 --- /dev/null +++ b/puppet/hieradata/database.yaml @@ -0,0 +1,55 @@ +# Nova +nova::db::mysql::user: nova +nova::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +nova::db::mysql::dbname: nova +nova::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + +# Glance +glance::db::mysql::user: glance +glance::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +glance::db::mysql::dbname: glance +glance::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + +# Keystone +keystone::db::mysql::user: keystone +keystone::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +keystone::db::mysql::dbname: keystone +keystone::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + +# Neutron +neutron::db::mysql::user: neutron +neutron::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +neutron::db::mysql::dbname: ovs_neutron +neutron::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + +# Cinder +cinder::db::mysql::user: cinder +cinder::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +cinder::db::mysql::dbname: cinder +cinder::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + +# Heat +heat::db::mysql::user: heat +heat::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +heat::db::mysql::dbname: heat +heat::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + +# Ceilometer +ceilometer::db::mysql::user: ceilometer +ceilometer::db::mysql::host: "%{hiera('mysql_virtual_ip')}" +ceilometer::db::mysql::dbname: ceilometer +ceilometer::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/hieradata/object.yaml b/puppet/hieradata/object.yaml index 59a8b1cf..d4a0e81d 100644 --- a/puppet/hieradata/object.yaml +++ b/puppet/hieradata/object.yaml @@ -1,4 +1,7 @@ # Hiera data for swift storage nodes +swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' +swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' + swift::storage::all::object_pipeline: - healthcheck - recon @@ -14,3 +17,5 @@ swift::proxy::keystone::operator_roles: - admin - swiftoperator - ResellerAdmin + +object_classes: [] diff --git a/puppet/hieradata/volume.yaml b/puppet/hieradata/volume.yaml index ad9e2c2a..f4cd78a9 100644 --- a/puppet/hieradata/volume.yaml +++ b/puppet/hieradata/volume.yaml @@ -2,3 +2,11 @@ # cinder cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler + +cinder::config::cinder_config: + DEFAULT/nova_catalog_info: + value: 'compute:Compute Service:internalURL' + DEFAULT/swift_catalog_info: + value: 'object-store:swift:internalURL' + +volume_classes: []
\ No newline at end of file diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index b645f9fe..51f5e88d 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -13,16 +13,7 @@ # License for the specific language governing permissions and limitations # under the License. -if !str2bool(hiera('enable_package_install', 'false')) { - case $::osfamily { - 'RedHat': { - Package { provider => 'norpm' } # provided by tripleo-puppet - } - default: { - warning('enable_package_install option not supported.') - } - } -} +include ::tripleo::packages create_resources(sysctl::value, hiera('sysctl_settings'), {}) @@ -30,5 +21,22 @@ if count(hiera('ntp::servers')) > 0 { include ::ntp } +if str2bool(hiera('ceph_osd_selinux_permissive', true)) { + exec { 'set selinux to permissive on boot': + command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", + onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", + path => ['/usr/bin', '/usr/sbin'], + } + + exec { 'set selinux to permissive': + command => 'setenforce 0', + onlyif => "which setenforce && getenforce | grep -i 'enforcing'", + path => ['/usr/bin', '/usr/sbin'], + } -> Class['ceph::profile::osd'] +} + include ::ceph::profile::client -include ::ceph::profile::osd
\ No newline at end of file +include ::ceph::profile::osd + +hiera_include('ceph_classes') +package_manifest{'/var/lib/tripleo/installed-packages/overcloud_ceph': ensure => present} diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 00bab7f6..cd41cc79 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -13,16 +13,7 @@ # License for the specific language governing permissions and limitations # under the License. -if !str2bool(hiera('enable_package_install', 'false')) { - case $::osfamily { - 'RedHat': { - Package { provider => 'norpm' } # provided by tripleo-puppet - } - default: { - warning('enable_package_install option not supported.') - } - } -} +include ::tripleo::packages create_resources(sysctl::value, hiera('sysctl_settings'), {}) @@ -33,17 +24,18 @@ if count(hiera('ntp::servers')) > 0 { file { ['/etc/libvirt/qemu/networks/autostart/default.xml', '/etc/libvirt/qemu/networks/default.xml']: ensure => absent, - before => Service['libvirt'] + before => Service['libvirt'], } # in case libvirt has been already running before the Puppet run, make # sure the default network is destroyed exec { 'libvirt-default-net-destroy': command => '/usr/bin/virsh net-destroy default', - onlyif => '/usr/bin/virsh net-info default | /bin/grep -i "^active:\s*yes"', - before => Service['libvirt'], + onlyif => '/usr/bin/virsh net-info default | /bin/grep -i "^active:\s*yes"', + before => Service['libvirt'], } include ::nova +include ::nova::config include ::nova::compute nova_config { @@ -51,31 +43,53 @@ nova_config { 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; } -$nova_enable_rbd_backend = hiera('nova_enable_rbd_backend', false) -if $nova_enable_rbd_backend { +$rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) +$rbd_persistent_storage = hiera('rbd_persistent_storage', false) +if $rbd_ephemeral_storage or $rbd_persistent_storage { include ::ceph::profile::client $client_keys = hiera('ceph::profile::params::client_keys') + $client_user = join(['client.', hiera('ceph_client_user_name')]) class { '::nova::compute::rbd': - libvirt_rbd_secret_key => $client_keys['client.openstack']['secret'], + libvirt_rbd_secret_key => $client_keys[$client_user]['secret'], } } +if hiera('cinder_enable_nfs_backend', false) { + if str2bool($::selinux) { + selboolean { 'virt_use_nfs': + value => on, + persistent => true, + } -> Package['nfs-utils'] + } + + package {'nfs-utils': } -> Service['nova-compute'] +} + include ::nova::compute::libvirt include ::nova::network::neutron include ::neutron -class { 'neutron::plugins::ml2': +class { '::neutron::plugins::ml2': flat_networks => split(hiera('neutron_flat_networks'), ','), tenant_network_types => [hiera('neutron_tenant_network_type')], } -class { 'neutron::agents::ml2::ovs': +class { '::neutron::agents::ml2::ovs': bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), tunnel_types => split(hiera('neutron_tunnel_types'), ','), } +if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { + class { '::neutron::agents::n1kv_vem': + n1kv_source => hiera('n1kv_vem_source', undef), + n1kv_version => hiera('n1kv_vem_version', undef), + } +} + + include ::ceilometer +include ::ceilometer::config include ::ceilometer::agent::compute include ::ceilometer::agent::auth @@ -84,7 +98,10 @@ snmp::snmpv3_user { $snmpd_user: authtype => 'MD5', authpass => hiera('snmpd_readonly_user_password'), } -class { 'snmp': +class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } + +hiera_include('compute_classes') +package_manifest{'/var/lib/tripleo/installed-packages/overcloud_compute': ensure => present} diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index bc20bad5..34be39f3 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -13,16 +13,7 @@ # License for the specific language governing permissions and limitations # under the License. -if !str2bool(hiera('enable_package_install', 'false')) { - case $::osfamily { - 'RedHat': { - Package { provider => 'norpm' } # provided by tripleo-puppet - } - default: { - warning('enable_package_install option not supported.') - } - } -} +include ::tripleo::packages if hiera('step') >= 1 { @@ -79,84 +70,34 @@ if hiera('step') >= 2 { include ::tripleo::redis_notification } - if str2bool(hiera('enable_galera', 'true')) { + if str2bool(hiera('enable_galera', true)) { $mysql_config_file = '/etc/my.cnf.d/galera.cnf' } else { $mysql_config_file = '/etc/my.cnf.d/server.cnf' } # TODO Galara - class { 'mysql::server': - config_file => $mysql_config_file, - override_options => { + class { '::mysql::server': + config_file => $mysql_config_file, + override_options => { 'mysqld' => { - 'bind-address' => hiera('mysql_bind_host'), - 'max_connections' => '1024', + 'bind-address' => hiera('mysql_bind_host'), + 'max_connections' => hiera('mysql_max_connections'), 'open_files_limit' => '-1', }, - } + }, + remove_default_accounts => true, } # FIXME: this should only occur on the bootstrap host (ditto for db syncs) # Create all the database schemas - # Example DSN format: mysql://user:password@host/dbname - $allowed_hosts = ['%',hiera('mysql_bind_host')] - $keystone_dsn = split(hiera('keystone::database_connection'), '[@:/?]') - class { 'keystone::db::mysql': - user => $keystone_dsn[3], - password => $keystone_dsn[4], - host => $keystone_dsn[5], - dbname => $keystone_dsn[6], - allowed_hosts => $allowed_hosts, - } - $glance_dsn = split(hiera('glance::api::database_connection'), '[@:/?]') - class { 'glance::db::mysql': - user => $glance_dsn[3], - password => $glance_dsn[4], - host => $glance_dsn[5], - dbname => $glance_dsn[6], - allowed_hosts => $allowed_hosts, - } - $nova_dsn = split(hiera('nova::database_connection'), '[@:/?]') - class { 'nova::db::mysql': - user => $nova_dsn[3], - password => $nova_dsn[4], - host => $nova_dsn[5], - dbname => $nova_dsn[6], - allowed_hosts => $allowed_hosts, - } - $neutron_dsn = split(hiera('neutron::server::database_connection'), '[@:/?]') - class { 'neutron::db::mysql': - user => $neutron_dsn[3], - password => $neutron_dsn[4], - host => $neutron_dsn[5], - dbname => $neutron_dsn[6], - allowed_hosts => $allowed_hosts, - } - $cinder_dsn = split(hiera('cinder::database_connection'), '[@:/?]') - class { 'cinder::db::mysql': - user => $cinder_dsn[3], - password => $cinder_dsn[4], - host => $cinder_dsn[5], - dbname => $cinder_dsn[6], - allowed_hosts => $allowed_hosts, - } - $heat_dsn = split(hiera('heat::database_connection'), '[@:/?]') - class { 'heat::db::mysql': - user => $heat_dsn[3], - password => $heat_dsn[4], - host => $heat_dsn[5], - dbname => $heat_dsn[6], - allowed_hosts => $allowed_hosts, - } + include ::keystone::db::mysql + include ::glance::db::mysql + include ::nova::db::mysql + include ::neutron::db::mysql + include ::cinder::db::mysql + include ::heat::db::mysql if downcase(hiera('ceilometer_backend')) == 'mysql' { - $ceilometer_dsn = split(hiera('ceilometer_mysql_conn_string'), '[@:/?]') - class { 'ceilometer::db::mysql': - user => $ceilometer_dsn[3], - password => $ceilometer_dsn[4], - host => $ceilometer_dsn[5], - dbname => $ceilometer_dsn[6], - allowed_hosts => $allowed_hosts, - } + include ::ceilometer::db::mysql } $rabbit_nodes = hiera('rabbit_node_ips') @@ -182,26 +123,44 @@ if hiera('step') >= 2 { # pre-install swift here so we can build rings include ::swift - $cinder_enable_rbd_backend = hiera('cinder_enable_rbd_backend', false) - $enable_ceph = $cinder_enable_rbd_backend + $enable_ceph = hiera('ceph_storage_count', 0) > 0 if $enable_ceph { - class { 'ceph::profile::params': - mon_initial_members => downcase(hiera('ceph_mon_initial_members')) + class { '::ceph::profile::params': + mon_initial_members => downcase(hiera('ceph_mon_initial_members')), } include ::ceph::profile::mon } - if str2bool(hiera('enable_ceph_storage', 'false')) { - include ::ceph::profile::client + if str2bool(hiera('enable_ceph_storage', false)) { + if str2bool(hiera('ceph_osd_selinux_permissive', true)) { + exec { 'set selinux to permissive on boot': + command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", + onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", + path => ['/usr/bin', '/usr/sbin'], + } + + exec { 'set selinux to permissive': + command => 'setenforce 0', + onlyif => "which setenforce && getenforce | grep -i 'enforcing'", + path => ['/usr/bin', '/usr/sbin'], + } -> Class['ceph::profile::osd'] + } + include ::ceph::profile::osd } + if str2bool(hiera('enable_external_ceph', false)) { + include ::ceph::profile::client + } + } #END STEP 2 if hiera('step') >= 3 { include ::keystone + include ::keystone::roles::admin + include ::keystone::endpoint #TODO: need a cleanup-keystone-tokens.sh solution here keystone_config { @@ -237,21 +196,26 @@ if hiera('step') >= 3 { $glance_backend = downcase(hiera('glance_backend', 'swift')) case $glance_backend { - swift: { $glance_store = 'glance.store.swift.Store' } - file: { $glance_store = 'glance.store.filesystem.Store' } - rbd: { $glance_store = 'glance.store.rbd.Store' } + 'swift': { $backend_store = 'glance.store.swift.Store' } + 'file': { $backend_store = 'glance.store.filesystem.Store' } + 'rbd': { $backend_store = 'glance.store.rbd.Store' } default: { fail('Unrecognized glance_backend parameter.') } } + $http_store = ['glance.store.http.Store'] + $glance_store = concat($http_store, $backend_store) # TODO: notifications, scrubber, etc. include ::glance - class { 'glance::api': - known_stores => [$glance_store] + class { '::glance::api': + known_stores => $glance_store, } include ::glance::registry include join(['::glance::backend::', $glance_backend]) - include ::nova + class { '::nova' : + memcached_servers => suffix(hiera('memcache_node_ips'), ':11211'), + } + include ::nova::config include ::nova::api include ::nova::cert include ::nova::conductor @@ -259,6 +223,7 @@ if hiera('step') >= 3 { include ::nova::network::neutron include ::nova::vncproxy include ::nova::scheduler + include ::nova::scheduler::filter include ::neutron include ::neutron::server @@ -274,13 +239,46 @@ if hiera('step') >= 3 { require => Package['neutron'], } - class { 'neutron::plugins::ml2': - flat_networks => split(hiera('neutron_flat_networks'), ','), + class { '::neutron::plugins::ml2': + flat_networks => split(hiera('neutron_flat_networks'), ','), tenant_network_types => [hiera('neutron_tenant_network_type')], + mechanism_drivers => [hiera('neutron_mechanism_drivers')], } - class { 'neutron::agents::ml2::ovs': + class { '::neutron::agents::ml2::ovs': bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), - tunnel_types => split(hiera('neutron_tunnel_types'), ','), + tunnel_types => split(hiera('neutron_tunnel_types'), ','), + } + if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { + include ::neutron::plugins::ml2::cisco::nexus1000v + + class { '::neutron::agents::n1kv_vem': + n1kv_source => hiera('n1kv_vem_source', undef), + n1kv_version => hiera('n1kv_vem_version', undef), + } + + class { '::n1k_vsm': + n1kv_source => hiera('n1kv_vsm_source', undef), + n1kv_version => hiera('n1kv_vsm_version', undef), + pacemaker_control => false, + } + } + + if 'cisco_ucsm' in hiera('neutron_mechanism_drivers') { + include ::neutron::plugins::ml2::cisco::ucsm + } + if 'cisco_nexus' in hiera('neutron_mechanism_drivers') { + include ::neutron::plugins::ml2::cisco::nexus + include ::neutron::plugins::ml2::cisco::type_nexus_vxlan + } + + if hiera('neutron_enable_bigswitch_ml2', false) { + include ::neutron::plugins::ml2::bigswitch::restproxy + } + neutron_l3_agent_config { + 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); + } + neutron_dhcp_agent_config { + 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); } Service['neutron-server'] -> Service['neutron-dhcp-service'] @@ -293,7 +291,7 @@ if hiera('step') >= 3 { include ::cinder::glance include ::cinder::scheduler include ::cinder::volume - class {'cinder::setup_test_volume': + class { '::cinder::setup_test_volume': size => join([hiera('cinder_lvm_loop_device_size'), 'M']), } @@ -317,20 +315,21 @@ if hiera('step') >= 3 { $ceph_pools = hiera('ceph_pools') ceph::pool { $ceph_pools : } + + $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]] + + } else { + $cinder_pool_requires = [] } - if $cinder_enable_rbd_backend { + if hiera('cinder_enable_rbd_backend', false) { $cinder_rbd_backend = 'tripleo_ceph' - cinder_config { - "${cinder_rbd_backend}/host": value => 'hostgroup'; - } - cinder::backend::rbd { $cinder_rbd_backend : - rbd_pool => 'volumes', - rbd_user => 'openstack', + rbd_pool => hiera('cinder_rbd_pool_name'), + rbd_user => hiera('ceph_client_user_name'), rbd_secret_uuid => hiera('ceph::profile::params::fsid'), - require => Ceph::Pool['volumes'], + require => $cinder_pool_requires, } } @@ -341,16 +340,53 @@ if hiera('step') >= 3 { "${cinder_netapp_backend}/host": value => 'hostgroup'; } - if hiera('cinder_netapp_nfs_shares', undef) { - $cinder_netapp_nfs_shares = split(hiera('cinder_netapp_nfs_shares', undef), ',') + if hiera('cinder::backend::netapp::nfs_shares', undef) { + $cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',') } cinder::backend::netapp { $cinder_netapp_backend : - nfs_shares => $cinder_netapp_nfs_shares, + netapp_login => hiera('cinder::backend::netapp::netapp_login', undef), + netapp_password => hiera('cinder::backend::netapp::netapp_password', undef), + netapp_server_hostname => hiera('cinder::backend::netapp::netapp_server_hostname', undef), + netapp_server_port => hiera('cinder::backend::netapp::netapp_server_port', undef), + netapp_size_multiplier => hiera('cinder::backend::netapp::netapp_size_multiplier', undef), + netapp_storage_family => hiera('cinder::backend::netapp::netapp_storage_family', undef), + netapp_storage_protocol => hiera('cinder::backend::netapp::netapp_storage_protocol', undef), + netapp_transport_type => hiera('cinder::backend::netapp::netapp_transport_type', undef), + netapp_vfiler => hiera('cinder::backend::netapp::netapp_vfiler', undef), + netapp_volume_list => hiera('cinder::backend::netapp::netapp_volume_list', undef), + netapp_vserver => hiera('cinder::backend::netapp::netapp_vserver', undef), + netapp_partner_backend_name => hiera('cinder::backend::netapp::netapp_partner_backend_name', undef), + nfs_shares => $cinder_netapp_nfs_shares, + nfs_shares_config => hiera('cinder::backend::netapp::nfs_shares_config', undef), + netapp_copyoffload_tool_path => hiera('cinder::backend::netapp::netapp_copyoffload_tool_path', undef), + netapp_controller_ips => hiera('cinder::backend::netapp::netapp_controller_ips', undef), + netapp_sa_password => hiera('cinder::backend::netapp::netapp_sa_password', undef), + netapp_storage_pools => hiera('cinder::backend::netapp::netapp_storage_pools', undef), + netapp_eseries_host_type => hiera('cinder::backend::netapp::netapp_eseries_host_type', undef), + netapp_webservice_path => hiera('cinder::backend::netapp::netapp_webservice_path', undef), } } - $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_netapp_backend]) + if hiera('cinder_enable_nfs_backend', false) { + $cinder_nfs_backend = 'tripleo_nfs' + + if str2bool($::selinux) { + selboolean { 'virt_use_nfs': + value => on, + persistent => true, + } -> Package['nfs-utils'] + } + + package {'nfs-utils': } -> + cinder::backend::nfs { $cinder_nfs_backend : + nfs_servers => hiera('cinder_nfs_servers'), + nfs_mount_options => hiera('cinder_nfs_mount_options',''), + nfs_shares_config => '/etc/cinder/shares-nfs.conf', + } + } + + $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_netapp_backend, $cinder_nfs_backend]) class { '::cinder::backends' : enabled_backends => $cinder_enabled_backends, } @@ -370,9 +406,9 @@ if hiera('step') >= 3 { include ::swift::proxy::formpost # swift storage - if str2bool(hiera('enable_swift_storage', 'true')) { - class {'swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')) + if str2bool(hiera('enable_swift_storage', true)) { + class { '::swift::storage::all': + mount_check => str2bool(hiera('swift_mount_check')), } if(!defined(File['/srv/node'])) { file { '/srv/node': @@ -398,6 +434,7 @@ if hiera('step') >= 3 { } } include ::ceilometer + include ::ceilometer::config include ::ceilometer::api include ::ceilometer::agent::notification include ::ceilometer::agent::central @@ -405,7 +442,7 @@ if hiera('step') >= 3 { include ::ceilometer::alarm::evaluator include ::ceilometer::expirer include ::ceilometer::collector - include ceilometer::agent::auth + include ::ceilometer::agent::auth class { '::ceilometer::db' : database_connection => $ceilometer_database_connection, } @@ -420,10 +457,16 @@ if hiera('step') >= 3 { include ::heat::engine # Horizon - $vhost_params = { add_listen => false } - class { 'horizon': - cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'), - vhost_extra_params => $vhost_params, + if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { + $_profile_support = 'cisco' + } else { + $_profile_support = 'None' + } + $neutron_options = {'profile_support' => $_profile_support } + + class { '::horizon': + cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'), + neutron_options => $neutron_options, } $snmpd_user = hiera('snmpd_readonly_user_name') @@ -431,9 +474,18 @@ if hiera('step') >= 3 { authtype => 'MD5', authpass => hiera('snmpd_readonly_user_password'), } - class { 'snmp': + class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } + hiera_include('controller_classes') + } #END STEP 3 + +if hiera('step') >= 4 { + include ::keystone::cron::token_flush +} #END STEP 4 + +$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) +package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 3d693313..b9623714 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -18,16 +18,7 @@ Pcmk_resource <| |> { try_sleep => 3, } -if !str2bool(hiera('enable_package_install', 'false')) { - case $::osfamily { - 'RedHat': { - Package { provider => 'norpm' } # provided by tripleo-puppet - } - default: { - warning('enable_package_install option not supported.') - } - } -} +include ::tripleo::packages if $::hostname == downcase(hiera('bootstrap_nodeid')) { $pacemaker_master = true @@ -37,6 +28,8 @@ if $::hostname == downcase(hiera('bootstrap_nodeid')) { $sync_db = false } +$enable_fencing = str2bool(hiera('enable_fencing', false)) and hiera('step') >= 5 + # When to start and enable services which haven't been Pacemakerized # FIXME: remove when we start all OpenStack services using Pacemaker # (occurences of this variable will be gradually replaced with false) @@ -62,7 +55,7 @@ if hiera('step') >= 1 { $pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G')) user { 'hacluster': - ensure => present, + ensure => present, } -> class { '::pacemaker': hacluster_pwd => hiera('hacluster_pwd'), @@ -72,7 +65,20 @@ if hiera('step') >= 1 { setup_cluster => $pacemaker_master, } class { '::pacemaker::stonith': - disable => true, + disable => !$enable_fencing, + } + if $enable_fencing { + include ::tripleo::fencing + + # enable stonith after all fencing devices have been created + Class['tripleo::fencing'] -> Class['pacemaker::stonith'] + } + + # FIXME(gfidente): sets 100secs as default start timeout op + # param; until we can use pcmk global defaults we'll still + # need to add it to every resource which redefines op params + Pacemaker::Resource::Service { + op_params => 'start timeout=100s stop timeout=100s', } # Only configure RabbitMQ in this step, don't start it yet to @@ -87,7 +93,7 @@ if hiera('step') >= 1 { environment_variables => hiera('rabbitmq_environment'), } -> file { '/var/lib/rabbitmq/.erlang.cookie': - ensure => 'present', + ensure => file, owner => 'rabbitmq', group => 'rabbitmq', mode => '0400', @@ -114,7 +120,7 @@ if hiera('step') >= 1 { } # Galera - if str2bool(hiera('enable_galera', 'true')) { + if str2bool(hiera('enable_galera', true)) { $mysql_config_file = '/etc/my.cnf.d/galera.cnf' } else { $mysql_config_file = '/etc/my.cnf.d/server.cnf' @@ -132,7 +138,7 @@ if hiera('step') >= 1 { 'query_cache_size' => '0', 'query_cache_type' => '0', 'bind-address' => hiera('mysql_bind_host'), - 'max_connections' => '1024', + 'max_connections' => hiera('mysql_max_connections'), 'open_files_limit' => '-1', 'wsrep_provider' => '/usr/lib64/galera/libgalera_smm.so', 'wsrep_cluster_name' => 'galera_cluster', @@ -148,16 +154,17 @@ if hiera('step') >= 1 { 'wsrep_causal_reads' => '0', 'wsrep_notify_cmd' => '', 'wsrep_sst_method' => 'rsync', - } + }, } class { '::mysql::server': - create_root_user => false, - create_root_my_cnf => false, - config_file => $mysql_config_file, - override_options => $mysqld_options, - service_manage => false, - service_enabled => false, + create_root_user => false, + create_root_my_cnf => false, + config_file => $mysql_config_file, + override_options => $mysqld_options, + remove_default_accounts => $pacemaker_master, + service_manage => false, + service_enabled => false, } } @@ -171,17 +178,84 @@ if hiera('step') >= 2 { if $pacemaker_master { + include ::pacemaker::resource_defaults + # FIXME: we should not have to access tripleo::loadbalancer class # parameters here to configure pacemaker VIPs. The configuration # of pacemaker VIPs could move into puppet-tripleo or we should # make use of less specific hiera parameters here for the settings. + pacemaker::resource::service { 'haproxy': + clone_params => true, + } + $control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip') pacemaker::resource::ip { 'control_vip': ip_address => $control_vip, } + pacemaker::constraint::base { 'control_vip-then-haproxy': + constraint_type => 'order', + first_resource => "ip-${control_vip}", + second_resource => 'haproxy-clone', + first_action => 'start', + second_action => 'start', + constraint_params => 'kind=Optional', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['control_vip']], + } + pacemaker::constraint::colocation { 'control_vip-with-haproxy': + source => "ip-${control_vip}", + target => 'haproxy-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['control_vip']], + } + $public_vip = hiera('tripleo::loadbalancer::public_virtual_ip') - pacemaker::resource::ip { 'public_vip': - ip_address => $public_vip, + if $public_vip and $public_vip != $control_vip { + pacemaker::resource::ip { 'public_vip': + ip_address => $public_vip, + } + pacemaker::constraint::base { 'public_vip-then-haproxy': + constraint_type => 'order', + first_resource => "ip-${public_vip}", + second_resource => 'haproxy-clone', + first_action => 'start', + second_action => 'start', + constraint_params => 'kind=Optional', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['public_vip']], + } + pacemaker::constraint::colocation { 'public_vip-with-haproxy': + source => "ip-${public_vip}", + target => 'haproxy-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['public_vip']], + } + } + + $redis_vip = hiera('redis_vip') + if $redis_vip and $redis_vip != $control_vip { + pacemaker::resource::ip { 'redis_vip': + ip_address => $redis_vip, + } + pacemaker::constraint::base { 'redis_vip-then-haproxy': + constraint_type => 'order', + first_resource => "ip-${redis_vip}", + second_resource => 'haproxy-clone', + first_action => 'start', + second_action => 'start', + constraint_params => 'kind=Optional', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['redis_vip']], + } + pacemaker::constraint::colocation { 'redis_vip-with-haproxy': + source => "ip-${redis_vip}", + target => 'haproxy-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['redis_vip']], + } } $internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip') @@ -189,6 +263,23 @@ if hiera('step') >= 2 { pacemaker::resource::ip { 'internal_api_vip': ip_address => $internal_api_vip, } + pacemaker::constraint::base { 'internal_api_vip-then-haproxy': + constraint_type => 'order', + first_resource => "ip-${internal_api_vip}", + second_resource => 'haproxy-clone', + first_action => 'start', + second_action => 'start', + constraint_params => 'kind=Optional', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['internal_api_vip']], + } + pacemaker::constraint::colocation { 'internal_api_vip-with-haproxy': + source => "ip-${internal_api_vip}", + target => 'haproxy-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['internal_api_vip']], + } } $storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip') @@ -196,6 +287,23 @@ if hiera('step') >= 2 { pacemaker::resource::ip { 'storage_vip': ip_address => $storage_vip, } + pacemaker::constraint::base { 'storage_vip-then-haproxy': + constraint_type => 'order', + first_resource => "ip-${storage_vip}", + second_resource => 'haproxy-clone', + first_action => 'start', + second_action => 'start', + constraint_params => 'kind=Optional', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['storage_vip']], + } + pacemaker::constraint::colocation { 'storage_vip-with-haproxy': + source => "ip-${storage_vip}", + target => 'haproxy-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['storage_vip']], + } } $storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip') @@ -203,13 +311,27 @@ if hiera('step') >= 2 { pacemaker::resource::ip { 'storage_mgmt_vip': ip_address => $storage_mgmt_vip, } + pacemaker::constraint::base { 'storage_mgmt_vip-then-haproxy': + constraint_type => 'order', + first_resource => "ip-${storage_mgmt_vip}", + second_resource => 'haproxy-clone', + first_action => 'start', + second_action => 'start', + constraint_params => 'kind=Optional', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['storage_mgmt_vip']], + } + pacemaker::constraint::colocation { 'storage_mgmt_vip-with-haproxy': + source => "ip-${storage_mgmt_vip}", + target => 'haproxy-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Ip['storage_mgmt_vip']], + } } - pacemaker::resource::service { 'haproxy': - clone_params => true, - } pacemaker::resource::service { $::memcached::params::service_name : - clone_params => true, + clone_params => 'interleave=true', require => Class['::memcached'], } @@ -222,7 +344,7 @@ if hiera('step') >= 2 { if downcase(hiera('ceilometer_backend')) == 'mongodb' { pacemaker::resource::service { $::mongodb::params::service_name : - op_params => 'start timeout=120s', + op_params => 'start timeout=120s stop timeout=100s', clone_params => true, require => Class['::mongodb::server'], } @@ -255,28 +377,6 @@ if hiera('step') >= 2 { resource_params => 'wait_last_known_master=true', require => Class['::redis'], } - $redis_vip = hiera('redis_vip') - if $redis_vip and $redis_vip != $control_vip { - pacemaker::resource::ip { 'vip-redis': - ip_address => $redis_vip, - } - } - pacemaker::constraint::base { 'redis-master-then-vip-redis': - constraint_type => 'order', - first_resource => 'redis-master', - second_resource => "ip-${redis_vip}", - first_action => 'promote', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['redis'], - Pacemaker::Resource::Ip['vip-redis']], - } - pacemaker::constraint::colocation { 'vip-redis-with-redis-master': - source => "ip-${redis_vip}", - target => 'redis-master', - score => 'INFINITY', - require => [Pacemaker::Resource::Ocf['redis'], - Pacemaker::Resource::Ip['vip-redis']], - } } @@ -285,7 +385,7 @@ if hiera('step') >= 2 { timeout => 30, tries => 180, try_sleep => 10, - environment => ["AVAILABLE_WHEN_READONLY=0"], + environment => ['AVAILABLE_WHEN_READONLY=0'], require => File['/etc/sysconfig/clustercheck'], } @@ -310,72 +410,29 @@ MYSQL_HOST=localhost\n", } # Create all the database schemas - # Example DSN format: mysql://user:password@host/dbname if $sync_db { - $allowed_hosts = ['%',hiera('mysql_bind_host')] - $keystone_dsn = split(hiera('keystone::database_connection'), '[@:/?]') - class { 'keystone::db::mysql': - user => $keystone_dsn[3], - password => $keystone_dsn[4], - host => $keystone_dsn[5], - dbname => $keystone_dsn[6], - allowed_hosts => $allowed_hosts, - require => Exec['galera-ready'], - } - $glance_dsn = split(hiera('glance::api::database_connection'), '[@:/?]') - class { 'glance::db::mysql': - user => $glance_dsn[3], - password => $glance_dsn[4], - host => $glance_dsn[5], - dbname => $glance_dsn[6], - allowed_hosts => $allowed_hosts, - require => Exec['galera-ready'], - } - $nova_dsn = split(hiera('nova::database_connection'), '[@:/?]') - class { 'nova::db::mysql': - user => $nova_dsn[3], - password => $nova_dsn[4], - host => $nova_dsn[5], - dbname => $nova_dsn[6], - allowed_hosts => $allowed_hosts, - require => Exec['galera-ready'], - } - $neutron_dsn = split(hiera('neutron::server::database_connection'), '[@:/?]') - class { 'neutron::db::mysql': - user => $neutron_dsn[3], - password => $neutron_dsn[4], - host => $neutron_dsn[5], - dbname => $neutron_dsn[6], - allowed_hosts => $allowed_hosts, - require => Exec['galera-ready'], - } - $cinder_dsn = split(hiera('cinder::database_connection'), '[@:/?]') - class { 'cinder::db::mysql': - user => $cinder_dsn[3], - password => $cinder_dsn[4], - host => $cinder_dsn[5], - dbname => $cinder_dsn[6], - allowed_hosts => $allowed_hosts, - require => Exec['galera-ready'], - } - $heat_dsn = split(hiera('heat::database_connection'), '[@:/?]') - class { 'heat::db::mysql': - user => $heat_dsn[3], - password => $heat_dsn[4], - host => $heat_dsn[5], - dbname => $heat_dsn[6], - allowed_hosts => $allowed_hosts, - require => Exec['galera-ready'], + class { '::keystone::db::mysql': + require => Exec['galera-ready'], + } + class { '::glance::db::mysql': + require => Exec['galera-ready'], + } + class { '::nova::db::mysql': + require => Exec['galera-ready'], + } + class { '::neutron::db::mysql': + require => Exec['galera-ready'], + } + class { '::cinder::db::mysql': + require => Exec['galera-ready'], } + class { '::heat::db::mysql': + require => Exec['galera-ready'], + } + if downcase(hiera('ceilometer_backend')) == 'mysql' { - $ceilometer_dsn = split(hiera('ceilometer_mysql_conn_string'), '[@:/?]') - class { 'ceilometer::db::mysql': - user => $ceilometer_dsn[3], - password => $ceilometer_dsn[4], - host => $ceilometer_dsn[5], - dbname => $ceilometer_dsn[6], - allowed_hosts => $allowed_hosts, - require => Exec['galera-ready'], + class { '::ceilometer::db::mysql': + require => Exec['galera-ready'], } } } @@ -384,30 +441,46 @@ MYSQL_HOST=localhost\n", include ::swift # Ceph - $cinder_enable_rbd_backend = hiera('cinder_enable_rbd_backend', false) - $enable_ceph = $cinder_enable_rbd_backend + $enable_ceph = hiera('ceph_storage_count', 0) > 0 if $enable_ceph { - class { 'ceph::profile::params': - mon_initial_members => downcase(hiera('ceph_mon_initial_members')) + class { '::ceph::profile::params': + mon_initial_members => downcase(hiera('ceph_mon_initial_members')), } include ::ceph::profile::mon } - if str2bool(hiera('enable_ceph_storage', 'false')) { - include ::ceph::profile::client + if str2bool(hiera('enable_ceph_storage', false)) { + if str2bool(hiera('ceph_osd_selinux_permissive', true)) { + exec { 'set selinux to permissive on boot': + command => "sed -ie 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config", + onlyif => "test -f /etc/selinux/config && ! grep '^SELINUX=permissive' /etc/selinux/config", + path => ['/usr/bin', '/usr/sbin'], + } + + exec { 'set selinux to permissive': + command => 'setenforce 0', + onlyif => "which setenforce && getenforce | grep -i 'enforcing'", + path => ['/usr/bin', '/usr/sbin'], + } -> Class['ceph::profile::osd'] + } + include ::ceph::profile::osd } + if str2bool(hiera('enable_external_ceph', false)) { + include ::ceph::profile::client + } + } #END STEP 2 if hiera('step') >= 3 { class { '::keystone': - sync_db => $sync_db, + sync_db => $sync_db, manage_service => false, - enabled => false, + enabled => false, } #TODO: need a cleanup-keystone-tokens.sh solution here @@ -444,73 +517,90 @@ if hiera('step') >= 3 { $glance_backend = downcase(hiera('glance_backend', 'swift')) case $glance_backend { - swift: { $glance_store = 'glance.store.swift.Store' } - file: { $glance_store = 'glance.store.filesystem.Store' } - rbd: { $glance_store = 'glance.store.rbd.Store' } + 'swift': { $backend_store = 'glance.store.swift.Store' } + 'file': { $backend_store = 'glance.store.filesystem.Store' } + 'rbd': { $backend_store = 'glance.store.rbd.Store' } default: { fail('Unrecognized glance_backend parameter.') } } + $http_store = ['glance.store.http.Store'] + $glance_store = concat($http_store, $backend_store) + + if $glance_backend == 'file' and hiera('glance_file_pcmk_manage', false) { + pacemaker::resource::filesystem { 'glance-fs': + device => hiera('glance_file_pcmk_device'), + directory => hiera('glance_file_pcmk_directory'), + fstype => hiera('glance_file_pcmk_fstype'), + fsoptions => hiera('glance_file_pcmk_options', ''), + clone_params => '', + } + } # TODO: notifications, scrubber, etc. include ::glance - class { 'glance::api': - known_stores => [$glance_store], + class { '::glance::api': + known_stores => $glance_store, manage_service => false, - enabled => false, + enabled => false, } class { '::glance::registry' : - sync_db => $sync_db, + sync_db => $sync_db, manage_service => false, - enabled => false, + enabled => false, } include join(['::glance::backend::', $glance_backend]) - include ::nova + class { '::nova' : + memcached_servers => suffix(hiera('memcache_node_ips'), ':11211'), + } + + include ::nova::config class { '::nova::api' : - sync_db => $sync_db, + sync_db => $sync_db, manage_service => false, - enabled => false, + enabled => false, } class { '::nova::cert' : manage_service => false, - enabled => false, + enabled => false, } class { '::nova::conductor' : manage_service => false, - enabled => false, + enabled => false, } class { '::nova::consoleauth' : manage_service => false, - enabled => false, + enabled => false, } class { '::nova::vncproxy' : manage_service => false, - enabled => false, + enabled => false, } + include ::nova::scheduler::filter class { '::nova::scheduler' : manage_service => false, - enabled => false, + enabled => false, } include ::nova::network::neutron # Neutron class definitions include ::neutron class { '::neutron::server' : - sync_db => $sync_db, + sync_db => $sync_db, manage_service => false, - enabled => false, + enabled => false, } class { '::neutron::agents::dhcp' : manage_service => false, - enabled => false, + enabled => false, } class { '::neutron::agents::l3' : manage_service => false, - enabled => false, + enabled => false, } - class { 'neutron::agents::metadata': + class { '::neutron::agents::metadata': manage_service => false, - enabled => false, + enabled => false, } file { '/etc/neutron/dnsmasq-neutron.conf': content => hiera('neutron_dnsmasq_options'), @@ -519,33 +609,65 @@ if hiera('step') >= 3 { notify => Service['neutron-dhcp-service'], require => Package['neutron'], } - class { 'neutron::plugins::ml2': - flat_networks => split(hiera('neutron_flat_networks'), ','), + class { '::neutron::plugins::ml2': + flat_networks => split(hiera('neutron_flat_networks'), ','), tenant_network_types => [hiera('neutron_tenant_network_type')], + mechanism_drivers => [hiera('neutron_mechanism_drivers')], + } + class { '::neutron::agents::ml2::ovs': + manage_service => false, + enabled => false, + bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), + tunnel_types => split(hiera('neutron_tunnel_types'), ','), + } + + if 'cisco_ucsm' in hiera('neutron_mechanism_drivers') { + include ::neutron::plugins::ml2::cisco::ucsm + } + if 'cisco_nexus' in hiera('neutron_mechanism_drivers') { + include ::neutron::plugins::ml2::cisco::nexus + include ::neutron::plugins::ml2::cisco::type_nexus_vxlan + } + if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { + include ::neutron::plugins::ml2::cisco::nexus1000v + + class { '::neutron::agents::n1kv_vem': + n1kv_source => hiera('n1kv_vem_source', undef), + n1kv_version => hiera('n1kv_vem_version', undef), + } + + class { '::n1k_vsm': + n1kv_source => hiera('n1kv_vsm_source', undef), + n1kv_version => hiera('n1kv_vsm_version', undef), + } } - class { 'neutron::agents::ml2::ovs': - # manage_service => false # not implemented - enabled => false, - bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), - tunnel_types => split(hiera('neutron_tunnel_types'), ','), + + if hiera('neutron_enable_bigswitch_ml2', false) { + include ::neutron::plugins::ml2::bigswitch::restproxy + } + neutron_l3_agent_config { + 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); + } + neutron_dhcp_agent_config { + 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); } include ::cinder class { '::cinder::api': - sync_db => $sync_db, + sync_db => $sync_db, manage_service => false, - enabled => false, + enabled => false, } class { '::cinder::scheduler' : manage_service => false, - enabled => false, + enabled => false, } class { '::cinder::volume' : manage_service => false, - enabled => false, + enabled => false, } include ::cinder::glance - class {'cinder::setup_test_volume': + class { '::cinder::setup_test_volume': size => join([hiera('cinder_lvm_loop_device_size'), 'M']), } @@ -569,20 +691,21 @@ if hiera('step') >= 3 { $ceph_pools = hiera('ceph_pools') ceph::pool { $ceph_pools : } + + $cinder_pool_requires = [Ceph::Pool[hiera('cinder_rbd_pool_name')]] + + } else { + $cinder_pool_requires = [] } - if $cinder_enable_rbd_backend { + if hiera('cinder_enable_rbd_backend', false) { $cinder_rbd_backend = 'tripleo_ceph' - cinder_config { - "${cinder_rbd_backend}/host": value => 'hostgroup'; - } - cinder::backend::rbd { $cinder_rbd_backend : - rbd_pool => 'volumes', - rbd_user => 'openstack', + rbd_pool => hiera('cinder_rbd_pool_name'), + rbd_user => hiera('ceph_client_user_name'), rbd_secret_uuid => hiera('ceph::profile::params::fsid'), - require => Ceph::Pool['volumes'], + require => $cinder_pool_requires, } } @@ -593,16 +716,53 @@ if hiera('step') >= 3 { "${cinder_netapp_backend}/host": value => 'hostgroup'; } - if hiera('cinder_netapp_nfs_shares', undef) { - $cinder_netapp_nfs_shares = split(hiera('cinder_netapp_nfs_shares', undef), ',') + if hiera('cinder::backend::netapp::nfs_shares', undef) { + $cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',') } cinder::backend::netapp { $cinder_netapp_backend : - nfs_shares => $cinder_netapp_nfs_shares, - } - } - - $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_netapp_backend]) + netapp_login => hiera('cinder::backend::netapp::netapp_login', undef), + netapp_password => hiera('cinder::backend::netapp::netapp_password', undef), + netapp_server_hostname => hiera('cinder::backend::netapp::netapp_server_hostname', undef), + netapp_server_port => hiera('cinder::backend::netapp::netapp_server_port', undef), + netapp_size_multiplier => hiera('cinder::backend::netapp::netapp_size_multiplier', undef), + netapp_storage_family => hiera('cinder::backend::netapp::netapp_storage_family', undef), + netapp_storage_protocol => hiera('cinder::backend::netapp::netapp_storage_protocol', undef), + netapp_transport_type => hiera('cinder::backend::netapp::netapp_transport_type', undef), + netapp_vfiler => hiera('cinder::backend::netapp::netapp_vfiler', undef), + netapp_volume_list => hiera('cinder::backend::netapp::netapp_volume_list', undef), + netapp_vserver => hiera('cinder::backend::netapp::netapp_vserver', undef), + netapp_partner_backend_name => hiera('cinder::backend::netapp::netapp_partner_backend_name', undef), + nfs_shares => $cinder_netapp_nfs_shares, + nfs_shares_config => hiera('cinder::backend::netapp::nfs_shares_config', undef), + netapp_copyoffload_tool_path => hiera('cinder::backend::netapp::netapp_copyoffload_tool_path', undef), + netapp_controller_ips => hiera('cinder::backend::netapp::netapp_controller_ips', undef), + netapp_sa_password => hiera('cinder::backend::netapp::netapp_sa_password', undef), + netapp_storage_pools => hiera('cinder::backend::netapp::netapp_storage_pools', undef), + netapp_eseries_host_type => hiera('cinder::backend::netapp::netapp_eseries_host_type', undef), + netapp_webservice_path => hiera('cinder::backend::netapp::netapp_webservice_path', undef), + } + } + + if hiera('cinder_enable_nfs_backend', false) { + $cinder_nfs_backend = 'tripleo_nfs' + + if str2bool($::selinux) { + selboolean { 'virt_use_nfs': + value => on, + persistent => true, + } -> Package['nfs-utils'] + } + + package { 'nfs-utils': } -> + cinder::backend::nfs { $cinder_nfs_backend: + nfs_servers => hiera('cinder_nfs_servers'), + nfs_mount_options => hiera('cinder_nfs_mount_options',''), + nfs_shares_config => '/etc/cinder/shares-nfs.conf', + } + } + + $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_netapp_backend, $cinder_nfs_backend]) class { '::cinder::backends' : enabled_backends => $cinder_enabled_backends, } @@ -610,7 +770,7 @@ if hiera('step') >= 3 { # swift proxy class { '::swift::proxy' : manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, + enabled => $non_pcmk_start, } include ::swift::proxy::proxy_logging include ::swift::proxy::healthcheck @@ -618,28 +778,27 @@ if hiera('step') >= 3 { include ::swift::proxy::keystone include ::swift::proxy::authtoken include ::swift::proxy::staticweb - include ::swift::proxy::ceilometer include ::swift::proxy::ratelimit include ::swift::proxy::catch_errors include ::swift::proxy::tempurl include ::swift::proxy::formpost # swift storage - if str2bool(hiera('enable_swift_storage', 'true')) { + if str2bool(hiera('enable_swift_storage', true)) { class {'::swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')) + mount_check => str2bool(hiera('swift_mount_check')), } class {'::swift::storage::account': manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, + enabled => $non_pcmk_start, } class {'::swift::storage::container': manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, + enabled => $non_pcmk_start, } class {'::swift::storage::object': manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, + enabled => $non_pcmk_start, } if(!defined(File['/srv/node'])) { file { '/srv/node': @@ -655,47 +814,47 @@ if hiera('step') >= 3 { } # Ceilometer - $ceilometer_backend = downcase(hiera('ceilometer_backend')) - case $ceilometer_backend { - /mysql/ : { + case downcase(hiera('ceilometer_backend')) { + /mysql/: { $ceilometer_database_connection = hiera('ceilometer_mysql_conn_string') } - default : { + default: { $mongo_node_string = join($mongo_node_ips_with_port, ',') $ceilometer_database_connection = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" } } include ::ceilometer + include ::ceilometer::config class { '::ceilometer::api' : manage_service => false, - enabled => false, + enabled => false, } class { '::ceilometer::agent::notification' : manage_service => false, - enabled => false, + enabled => false, } class { '::ceilometer::agent::central' : manage_service => false, - enabled => false, + enabled => false, } class { '::ceilometer::alarm::notifier' : manage_service => false, - enabled => false, + enabled => false, } class { '::ceilometer::alarm::evaluator' : manage_service => false, - enabled => false, + enabled => false, } class { '::ceilometer::collector' : manage_service => false, - enabled => false, + enabled => false, } include ::ceilometer::expirer class { '::ceilometer::db' : database_connection => $ceilometer_database_connection, sync_db => $sync_db, } - include ceilometer::agent::auth + include ::ceilometer::agent::auth Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } @@ -705,33 +864,37 @@ if hiera('step') >= 3 { } class { '::heat::api' : manage_service => false, - enabled => false, + enabled => false, } class { '::heat::api_cfn' : manage_service => false, - enabled => false, + enabled => false, } class { '::heat::api_cloudwatch' : manage_service => false, - enabled => false, + enabled => false, } class { '::heat::engine' : manage_service => false, - enabled => false, + enabled => false, } # httpd/apache and horizon # NOTE(gfidente): server-status can be consumed by the pacemaker resource agent - include ::apache + class { '::apache' : + service_enable => false, + # service_manage => false, # <-- not supported with horizon&apache mod_wsgi? + } include ::apache::mod::status - $vhost_params = { - add_listen => false, - priority => 10, + if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { + $_profile_support = 'cisco' + } else { + $_profile_support = 'None' } - class { 'horizon': - cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'), - vhost_extra_params => $vhost_params, - server_aliases => $::hostname, + $neutron_options = {'profile_support' => $_profile_support } + class { '::horizon': + cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'), + neutron_options => $neutron_options, } $snmpd_user = hiera('snmpd_readonly_user_name') @@ -739,28 +902,73 @@ if hiera('step') >= 3 { authtype => 'MD5', authpass => hiera('snmpd_readonly_user_password'), } - class { 'snmp': + class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } + hiera_include('controller_classes') + } #END STEP 3 if hiera('step') >= 4 { + include ::keystone::cron::token_flush + if $pacemaker_master { # Keystone pacemaker::resource::service { $::keystone::params::service_name : - clone_params => "interleave=true", + clone_params => 'interleave=true', + verify_on_create => true, + require => [File['/etc/keystone/ssl/certs/ca.pem'], + File['/etc/keystone/ssl/private/signing_key.pem'], + File['/etc/keystone/ssl/certs/signing_cert.pem']], + } + + pacemaker::constraint::base { 'haproxy-then-keystone-constraint': + constraint_type => 'order', + first_resource => 'haproxy-clone', + second_resource => "${::keystone::params::service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service['haproxy'], + Pacemaker::Resource::Service[$::keystone::params::service_name]], + } + pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint': + constraint_type => 'order', + first_resource => 'rabbitmq-clone', + second_resource => "${::keystone::params::service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Ocf['rabbitmq'], + Pacemaker::Resource::Service[$::keystone::params::service_name]], + } + pacemaker::constraint::base { 'memcached-then-keystone-constraint': + constraint_type => 'order', + first_resource => 'memcached-clone', + second_resource => "${::keystone::params::service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service['memcached'], + Pacemaker::Resource::Service[$::keystone::params::service_name]], + } + pacemaker::constraint::base { 'galera-then-keystone-constraint': + constraint_type => 'order', + first_resource => 'galera-master', + second_resource => "${::keystone::params::service_name}-clone", + first_action => 'promote', + second_action => 'start', + require => [Pacemaker::Resource::Ocf['galera'], + Pacemaker::Resource::Service[$::keystone::params::service_name]], } # Cinder pacemaker::resource::service { $::cinder::params::api_service : - clone_params => "interleave=true", + clone_params => 'interleave=true', require => Pacemaker::Resource::Service[$::keystone::params::service_name], } pacemaker::resource::service { $::cinder::params::scheduler_service : - clone_params => "interleave=true", + clone_params => 'interleave=true', } pacemaker::resource::service { $::cinder::params::volume_service : } @@ -774,45 +982,45 @@ if hiera('step') >= 4 { Pacemaker::Resource::Service[$::keystone::params::service_name]], } pacemaker::constraint::base { 'cinder-api-then-cinder-scheduler-constraint': - constraint_type => "order", - first_resource => "${::cinder::params::api_service}-clone", + constraint_type => 'order', + first_resource => "${::cinder::params::api_service}-clone", second_resource => "${::cinder::params::scheduler_service}-clone", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Service[$::cinder::params::api_service], - Pacemaker::Resource::Service[$::cinder::params::scheduler_service]], + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::cinder::params::api_service], + Pacemaker::Resource::Service[$::cinder::params::scheduler_service]], } pacemaker::constraint::colocation { 'cinder-scheduler-with-cinder-api-colocation': - source => "${::cinder::params::scheduler_service}-clone", - target => "${::cinder::params::api_service}-clone", - score => "INFINITY", + source => "${::cinder::params::scheduler_service}-clone", + target => "${::cinder::params::api_service}-clone", + score => 'INFINITY', require => [Pacemaker::Resource::Service[$::cinder::params::api_service], Pacemaker::Resource::Service[$::cinder::params::scheduler_service]], } pacemaker::constraint::base { 'cinder-scheduler-then-cinder-volume-constraint': - constraint_type => "order", - first_resource => "${::cinder::params::scheduler_service}-clone", - second_resource => "${::cinder::params::volume_service}", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service], - Pacemaker::Resource::Service[$::cinder::params::volume_service]], + constraint_type => 'order', + first_resource => "${::cinder::params::scheduler_service}-clone", + second_resource => $::cinder::params::volume_service, + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service], + Pacemaker::Resource::Service[$::cinder::params::volume_service]], } pacemaker::constraint::colocation { 'cinder-volume-with-cinder-scheduler-colocation': - source => "${::cinder::params::volume_service}", - target => "${::cinder::params::scheduler_service}-clone", - score => "INFINITY", + source => $::cinder::params::volume_service, + target => "${::cinder::params::scheduler_service}-clone", + score => 'INFINITY', require => [Pacemaker::Resource::Service[$::cinder::params::scheduler_service], Pacemaker::Resource::Service[$::cinder::params::volume_service]], } # Glance pacemaker::resource::service { $::glance::params::registry_service_name : - clone_params => "interleave=true", + clone_params => 'interleave=true', require => Pacemaker::Resource::Service[$::keystone::params::service_name], } pacemaker::resource::service { $::glance::params::api_service_name : - clone_params => "interleave=true", + clone_params => 'interleave=true', } pacemaker::constraint::base { 'keystone-then-glance-registry-constraint': @@ -825,18 +1033,18 @@ if hiera('step') >= 4 { Pacemaker::Resource::Service[$::keystone::params::service_name]], } pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint': - constraint_type => "order", + constraint_type => 'order', first_resource => "${::glance::params::registry_service_name}-clone", second_resource => "${::glance::params::api_service_name}-clone", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Service[$::glance::params::api_service_name]], + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], + Pacemaker::Resource::Service[$::glance::params::api_service_name]], } pacemaker::constraint::colocation { 'glance-api-with-glance-registry-colocation': source => "${::glance::params::api_service_name}-clone", target => "${::glance::params::registry_service_name}-clone", - score => "INFINITY", + score => 'INFINITY', require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], Pacemaker::Resource::Service[$::glance::params::api_service_name]], } @@ -846,178 +1054,156 @@ if hiera('step') >= 4 { # as soon as neutron-server is started; to avoid races we want to make this # happen only on one node, before normal Pacemaker initialization # https://bugzilla.redhat.com/show_bug.cgi?id=1233061 - exec { 'neutron-server-start-wait-stop' : - command => "systemctl start neutron-server && \ - sleep 5s && \ - systemctl stop neutron-server", - path => ["/usr/bin", "/usr/sbin"], - } -> + exec { '/usr/bin/systemctl start neutron-server && /usr/bin/sleep 5' : } -> pacemaker::resource::service { $::neutron::params::server_service: - op_params => "start timeout=90", - clone_params => "interleave=true", - require => Pacemaker::Resource::Service[$::keystone::params::service_name] + clone_params => 'interleave=true', + require => Pacemaker::Resource::Service[$::keystone::params::service_name], } pacemaker::resource::service { $::neutron::params::l3_agent_service: - clone_params => "interleave=true", + clone_params => 'interleave=true', } pacemaker::resource::service { $::neutron::params::dhcp_agent_service: - clone_params => "interleave=true", + clone_params => 'interleave=true', } pacemaker::resource::service { $::neutron::params::ovs_agent_service: - clone_params => "interleave=true", + clone_params => 'interleave=true', } pacemaker::resource::service { $::neutron::params::metadata_agent_service: - clone_params => "interleave=true", + clone_params => 'interleave=true', } pacemaker::resource::ocf { $::neutron::params::ovs_cleanup_service: - ocf_agent_name => "neutron:OVSCleanup", - clone_params => "interleave=true", + ocf_agent_name => 'neutron:OVSCleanup', + clone_params => 'interleave=true', } pacemaker::resource::ocf { 'neutron-netns-cleanup': - ocf_agent_name => "neutron:NetnsCleanup", - clone_params => "interleave=true", - } - pacemaker::resource::ocf { 'neutron-scale': - ocf_agent_name => "neutron:NeutronScale", - clone_params => "globally-unique=true clone-max=3 interleave=true", - } - pacemaker::constraint::base { 'keystone-to-neutron-server-constraint': - constraint_type => "order", - first_resource => "${::keystone::params::service_name}-clone", - second_resource => "${::neutron::params::server_service}-clone", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Service[$::keystone::params::service_name], - Pacemaker::Resource::Service[$::neutron::params::server_service]], - } - pacemaker::constraint::base { 'neutron-server-to-neutron-scale-constraint': - constraint_type => "order", - first_resource => "${::neutron::params::server_service}-clone", - second_resource => "neutron-scale-clone", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Service[$::neutron::params::server_service], - Pacemaker::Resource::Ocf['neutron-scale']], - } - pacemaker::constraint::base { 'neutron-scale-to-ovs-cleanup-constraint': - constraint_type => "order", - first_resource => "neutron-scale-clone", - second_resource => "${::neutron::params::ovs_cleanup_service}-clone", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Ocf['neutron-scale'], - Pacemaker::Resource::Ocf["${::neutron::params::ovs_cleanup_service}"]], - } - pacemaker::constraint::colocation { 'neutron-scale-to-ovs-cleanup-colocation': - source => "${::neutron::params::ovs_cleanup_service}-clone", - target => "neutron-scale-clone", - score => "INFINITY", - require => [Pacemaker::Resource::Ocf['neutron-scale'], - Pacemaker::Resource::Ocf["${::neutron::params::ovs_cleanup_service}"]], + ocf_agent_name => 'neutron:NetnsCleanup', + clone_params => 'interleave=true', } + + # neutron - one chain ovs-cleanup-->netns-cleanup-->ovs-agent pacemaker::constraint::base { 'neutron-ovs-cleanup-to-netns-cleanup-constraint': - constraint_type => "order", - first_resource => "${::neutron::params::ovs_cleanup_service}-clone", - second_resource => "neutron-netns-cleanup-clone", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Ocf["${::neutron::params::ovs_cleanup_service}"], - Pacemaker::Resource::Ocf['neutron-netns-cleanup']], + constraint_type => 'order', + first_resource => "${::neutron::params::ovs_cleanup_service}-clone", + second_resource => 'neutron-netns-cleanup-clone', + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service], + Pacemaker::Resource::Ocf['neutron-netns-cleanup']], } pacemaker::constraint::colocation { 'neutron-ovs-cleanup-to-netns-cleanup-colocation': - source => "neutron-netns-cleanup-clone", - target => "${::neutron::params::ovs_cleanup_service}-clone", - score => "INFINITY", - require => [Pacemaker::Resource::Ocf["${::neutron::params::ovs_cleanup_service}"], + source => 'neutron-netns-cleanup-clone', + target => "${::neutron::params::ovs_cleanup_service}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Ocf[$::neutron::params::ovs_cleanup_service], Pacemaker::Resource::Ocf['neutron-netns-cleanup']], } pacemaker::constraint::base { 'neutron-netns-cleanup-to-openvswitch-agent-constraint': - constraint_type => "order", - first_resource => "neutron-netns-cleanup-clone", + constraint_type => 'order', + first_resource => 'neutron-netns-cleanup-clone', second_resource => "${::neutron::params::ovs_agent_service}-clone", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Ocf["neutron-netns-cleanup"], - Pacemaker::Resource::Service["${::neutron::params::ovs_agent_service}"]], + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'], + Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], } pacemaker::constraint::colocation { 'neutron-netns-cleanup-to-openvswitch-agent-colocation': - source => "${::neutron::params::ovs_agent_service}-clone", - target => "neutron-netns-cleanup-clone", - score => "INFINITY", - require => [Pacemaker::Resource::Ocf["neutron-netns-cleanup"], - Pacemaker::Resource::Service["${::neutron::params::ovs_agent_service}"]], + source => "${::neutron::params::ovs_agent_service}-clone", + target => 'neutron-netns-cleanup-clone', + score => 'INFINITY', + require => [Pacemaker::Resource::Ocf['neutron-netns-cleanup'], + Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], + } + + #another chain keystone-->neutron-server-->ovs-agent-->dhcp-->l3 + pacemaker::constraint::base { 'keystone-to-neutron-server-constraint': + constraint_type => 'order', + first_resource => "${::keystone::params::service_name}-clone", + second_resource => "${::neutron::params::server_service}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::keystone::params::service_name], + Pacemaker::Resource::Service[$::neutron::params::server_service]], + } + pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint': + constraint_type => 'order', + first_resource => "${::neutron::params::server_service}-clone", + second_resource => "${::neutron::params::ovs_agent_service}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::neutron::params::server_service], + Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], } pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint': - constraint_type => "order", - first_resource => "${::neutron::params::ovs_agent_service}-clone", + constraint_type => 'order', + first_resource => "${::neutron::params::ovs_agent_service}-clone", second_resource => "${::neutron::params::dhcp_agent_service}-clone", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Service["${::neutron::params::ovs_agent_service}"], - Pacemaker::Resource::Service["${::neutron::params::dhcp_agent_service}"]], + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], + Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], } pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation': - source => "${::neutron::params::dhcp_agent_service}-clone", - target => "${::neutron::params::ovs_agent_service}-clone", - score => "INFINITY", - require => [Pacemaker::Resource::Service["${::neutron::params::ovs_agent_service}"], - Pacemaker::Resource::Service["${::neutron::params::dhcp_agent_service}"]], + source => "${::neutron::params::dhcp_agent_service}-clone", + target => "${::neutron::params::ovs_agent_service}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], + Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], } pacemaker::constraint::base { 'neutron-dhcp-agent-to-l3-agent-constraint': - constraint_type => "order", - first_resource => "${::neutron::params::dhcp_agent_service}-clone", + constraint_type => 'order', + first_resource => "${::neutron::params::dhcp_agent_service}-clone", second_resource => "${::neutron::params::l3_agent_service}-clone", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Service["${::neutron::params::dhcp_agent_service}"], - Pacemaker::Resource::Service["${::neutron::params::l3_agent_service}"]] + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], + Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]], } pacemaker::constraint::colocation { 'neutron-dhcp-agent-to-l3-agent-colocation': - source => "${::neutron::params::l3_agent_service}-clone", - target => "${::neutron::params::dhcp_agent_service}-clone", - score => "INFINITY", - require => [Pacemaker::Resource::Service["${::neutron::params::dhcp_agent_service}"], - Pacemaker::Resource::Service["${::neutron::params::l3_agent_service}"]] + source => "${::neutron::params::l3_agent_service}-clone", + target => "${::neutron::params::dhcp_agent_service}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], + Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]], } pacemaker::constraint::base { 'neutron-l3-agent-to-metadata-agent-constraint': - constraint_type => "order", - first_resource => "${::neutron::params::l3_agent_service}-clone", + constraint_type => 'order', + first_resource => "${::neutron::params::l3_agent_service}-clone", second_resource => "${::neutron::params::metadata_agent_service}-clone", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Service["${::neutron::params::l3_agent_service}"], - Pacemaker::Resource::Service["${::neutron::params::metadata_agent_service}"]] + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], + Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]], } pacemaker::constraint::colocation { 'neutron-l3-agent-to-metadata-agent-colocation': - source => "${::neutron::params::metadata_agent_service}-clone", - target => "${::neutron::params::l3_agent_service}-clone", - score => "INFINITY", - require => [Pacemaker::Resource::Service["${::neutron::params::l3_agent_service}"], - Pacemaker::Resource::Service["${::neutron::params::metadata_agent_service}"]] + source => "${::neutron::params::metadata_agent_service}-clone", + target => "${::neutron::params::l3_agent_service}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], + Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]], } # Nova pacemaker::resource::service { $::nova::params::api_service_name : - clone_params => "interleave=true", - op_params => "monitor start-delay=10s", + clone_params => 'interleave=true', + op_params => 'start timeout=100s stop timeout=100s monitor start-delay=10s', } pacemaker::resource::service { $::nova::params::conductor_service_name : - clone_params => "interleave=true", - op_params => "monitor start-delay=10s", + clone_params => 'interleave=true', + op_params => 'start timeout=100s stop timeout=100s monitor start-delay=10s', } pacemaker::resource::service { $::nova::params::consoleauth_service_name : - clone_params => "interleave=true", - op_params => "monitor start-delay=10s", - require => Pacemaker::Resource::Service[$::keystone::params::service_name], + clone_params => 'interleave=true', + op_params => 'start timeout=100s stop timeout=100s monitor start-delay=10s', + require => Pacemaker::Resource::Service[$::keystone::params::service_name], } pacemaker::resource::service { $::nova::params::vncproxy_service_name : - clone_params => "interleave=true", - op_params => "monitor start-delay=10s", + clone_params => 'interleave=true', + op_params => 'start timeout=100s stop timeout=100s monitor start-delay=10s', } pacemaker::resource::service { $::nova::params::scheduler_service_name : - clone_params => "interleave=true", - op_params => "monitor start-delay=10s", + clone_params => 'interleave=true', + op_params => 'start timeout=100s stop timeout=100s monitor start-delay=10s', } pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint': @@ -1030,77 +1216,85 @@ if hiera('step') >= 4 { Pacemaker::Resource::Service[$::keystone::params::service_name]], } pacemaker::constraint::base { 'nova-consoleauth-then-nova-vncproxy-constraint': - constraint_type => "order", + constraint_type => 'order', first_resource => "${::nova::params::consoleauth_service_name}-clone", second_resource => "${::nova::params::vncproxy_service_name}-clone", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], - Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]], + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], + Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]], } pacemaker::constraint::colocation { 'nova-vncproxy-with-nova-consoleauth-colocation': - source => "${::nova::params::vncproxy_service_name}-clone", - target => "${::nova::params::consoleauth_service_name}-clone", - score => "INFINITY", + source => "${::nova::params::vncproxy_service_name}-clone", + target => "${::nova::params::consoleauth_service_name}-clone", + score => 'INFINITY', require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name]], } - # FIXME(gfidente): novncproxy will not start unless websockify is updated to 0.6 - # which is not the case for f20 nor f21; ucomment when it becomes available - #pacemaker::constraint::base { 'nova-vncproxy-then-nova-api-constraint': - # constraint_type => "order", - # first_resource => "${::nova::params::vncproxy_service_name}-clone", - # second_resource => "${::nova::params::api_service_name}-clone", - # first_action => "start", - # second_action => "start", - # require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name], - # Pacemaker::Resource::Service[$::nova::params::api_service_name]], - #} - #pacemaker::constraint::colocation { 'nova-api-with-nova-vncproxy-colocation': - # source => "${::nova::params::api_service_name}-clone", - # target => "${::nova::params::vncproxy_service_name}-clone", - # score => "INFINITY", - # require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name], - # Pacemaker::Resource::Service[$::nova::params::api_service_name]], - #} + pacemaker::constraint::base { 'nova-vncproxy-then-nova-api-constraint': + constraint_type => 'order', + first_resource => "${::nova::params::vncproxy_service_name}-clone", + second_resource => "${::nova::params::api_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name], + Pacemaker::Resource::Service[$::nova::params::api_service_name]], + } + pacemaker::constraint::colocation { 'nova-api-with-nova-vncproxy-colocation': + source => "${::nova::params::api_service_name}-clone", + target => "${::nova::params::vncproxy_service_name}-clone", + score => 'INFINITY', + require => [Pacemaker::Resource::Service[$::nova::params::vncproxy_service_name], + Pacemaker::Resource::Service[$::nova::params::api_service_name]], + } pacemaker::constraint::base { 'nova-api-then-nova-scheduler-constraint': - constraint_type => "order", + constraint_type => 'order', first_resource => "${::nova::params::api_service_name}-clone", second_resource => "${::nova::params::scheduler_service_name}-clone", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Service[$::nova::params::api_service_name], - Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]], + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::nova::params::api_service_name], + Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]], } pacemaker::constraint::colocation { 'nova-scheduler-with-nova-api-colocation': - source => "${::nova::params::scheduler_service_name}-clone", - target => "${::nova::params::api_service_name}-clone", - score => "INFINITY", + source => "${::nova::params::scheduler_service_name}-clone", + target => "${::nova::params::api_service_name}-clone", + score => 'INFINITY', require => [Pacemaker::Resource::Service[$::nova::params::api_service_name], Pacemaker::Resource::Service[$::nova::params::scheduler_service_name]], } pacemaker::constraint::base { 'nova-scheduler-then-nova-conductor-constraint': - constraint_type => "order", + constraint_type => 'order', first_resource => "${::nova::params::scheduler_service_name}-clone", second_resource => "${::nova::params::conductor_service_name}-clone", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name], - Pacemaker::Resource::Service[$::nova::params::conductor_service_name]], + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name], + Pacemaker::Resource::Service[$::nova::params::conductor_service_name]], } pacemaker::constraint::colocation { 'nova-conductor-with-nova-scheduler-colocation': - source => "${::nova::params::conductor_service_name}-clone", - target => "${::nova::params::scheduler_service_name}-clone", - score => "INFINITY", + source => "${::nova::params::conductor_service_name}-clone", + target => "${::nova::params::scheduler_service_name}-clone", + score => 'INFINITY', require => [Pacemaker::Resource::Service[$::nova::params::scheduler_service_name], Pacemaker::Resource::Service[$::nova::params::conductor_service_name]], } # Ceilometer - pacemaker::resource::service { $::ceilometer::params::agent_central_service_name : - clone_params => 'interleave=true', - require => [Pacemaker::Resource::Service[$::keystone::params::service_name], - Pacemaker::Resource::Service[$::mongodb::params::service_name]], + case downcase(hiera('ceilometer_backend')) { + /mysql/: { + pacemaker::resource::service { $::ceilometer::params::agent_central_service_name : + clone_params => 'interleave=true', + require => Pacemaker::Resource::Service[$::keystone::params::service_name], + } + } + default: { + pacemaker::resource::service { $::ceilometer::params::agent_central_service_name : + clone_params => 'interleave=true', + require => [Pacemaker::Resource::Service[$::keystone::params::service_name], + Pacemaker::Resource::Service[$::mongodb::params::service_name]], + } + } } pacemaker::resource::service { $::ceilometer::params::collector_service_name : clone_params => 'interleave=true', @@ -1122,6 +1316,22 @@ if hiera('step') >= 4 { clone_params => 'interleave=true', resource_params => 'startdelay=10', } + # Fedora doesn't know `require-all` parameter for constraints yet + if $::operatingsystem == 'Fedora' { + $redis_ceilometer_constraint_params = undef + } else { + $redis_ceilometer_constraint_params = 'require-all=false' + } + pacemaker::constraint::base { 'redis-then-ceilometer-central-constraint': + constraint_type => 'order', + first_resource => 'redis-master', + second_resource => "${::ceilometer::params::agent_central_service_name}-clone", + first_action => 'promote', + second_action => 'start', + constraint_params => $redis_ceilometer_constraint_params, + require => [Pacemaker::Resource::Ocf['redis'], + Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name]], + } pacemaker::constraint::base { 'keystone-then-ceilometer-central-constraint': constraint_type => 'order', first_resource => "${::keystone::params::service_name}-clone", @@ -1231,15 +1441,6 @@ if hiera('step') >= 4 { Pacemaker::Resource::Service[$::mongodb::params::service_name]], } } - pacemaker::constraint::base { 'vip-redis-then-ceilometer-central': - constraint_type => 'order', - first_resource => "ip-${redis_vip}", - second_resource => "${::ceilometer::params::agent_central_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], - Pacemaker::Resource::Ip['vip-redis']], - } # Heat pacemaker::resource::service { $::heat::params::api_service_name : @@ -1269,8 +1470,8 @@ if hiera('step') >= 4 { second_resource => "${::heat::params::api_cfn_service_name}-clone", first_action => 'start', second_action => 'start', - require => [Pacemaker::Resource::Service[$::heat::params::api_service_name], - Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name]], + require => [Pacemaker::Resource::Service[$::heat::params::api_service_name], + Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name]], } pacemaker::constraint::colocation { 'heat-api-cfn-with-heat-api-colocation': source => "${::heat::params::api_cfn_service_name}-clone", @@ -1285,8 +1486,8 @@ if hiera('step') >= 4 { second_resource => "${::heat::params::api_cloudwatch_service_name}-clone", first_action => 'start', second_action => 'start', - require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name], - Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name]], + require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name], + Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name]], } pacemaker::constraint::colocation { 'heat-api-cloudwatch-with-heat-api-cfn-colocation': source => "${::heat::params::api_cloudwatch_service_name}-clone", @@ -1301,8 +1502,8 @@ if hiera('step') >= 4 { second_resource => "${::heat::params::engine_service_name}-clone", first_action => 'start', second_action => 'start', - require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name], - Pacemaker::Resource::Service[$::heat::params::engine_service_name]], + require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name], + Pacemaker::Resource::Service[$::heat::params::engine_service_name]], } pacemaker::constraint::colocation { 'heat-engine-with-heat-api-cloudwatch-colocation': source => "${::heat::params::engine_service_name}-clone", @@ -1323,10 +1524,52 @@ if hiera('step') >= 4 { # Horizon pacemaker::resource::service { $::horizon::params::http_service: - clone_params => "interleave=true", + clone_params => 'interleave=true', } + #VSM + if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { + pacemaker::resource::ocf { 'vsm-p' : + ocf_agent_name => 'heartbeat:VirtualDomain', + resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_primary_deploy.xml', + require => Class['n1k_vsm'], + meta_params => 'resource-stickiness=INFINITY', + } + if str2bool(hiera('n1k_vsm::pacemaker_control', true)) { + pacemaker::resource::ocf { 'vsm-s' : + ocf_agent_name => 'heartbeat:VirtualDomain', + resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_secondary_deploy.xml', + require => Class['n1k_vsm'], + meta_params => 'resource-stickiness=INFINITY', + } + pacemaker::constraint::colocation { 'vsm-colocation-contraint': + source => 'vsm-p', + target => 'vsm-s', + score => '-INFINITY', + require => [Pacemaker::Resource::Ocf['vsm-p'], + Pacemaker::Resource::Ocf['vsm-s']], + } + } + } } } #END STEP 4 + +if hiera('step') >= 5 { + + if $pacemaker_master { + + class {'::keystone::roles::admin' : + require => Pacemaker::Resource::Service[$::keystone::params::service_name], + } -> + class {'::keystone::endpoint' : + require => Pacemaker::Resource::Service[$::keystone::params::service_name], + } + + } + +} #END STEP 5 + +$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')]) +package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index 24799c8c..5f0b4c82 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -13,16 +13,7 @@ # License for the specific language governing permissions and limitations # under the License. -if !str2bool(hiera('enable_package_install', 'false')) { - case $::osfamily { - 'RedHat': { - Package { provider => 'norpm' } # provided by tripleo-puppet - } - default: { - warning('enable_package_install option not supported.') - } - } -} +include ::tripleo::packages create_resources(sysctl::value, hiera('sysctl_settings'), {}) @@ -31,8 +22,8 @@ if count(hiera('ntp::servers')) > 0 { } include ::swift -class {'swift::storage::all': - mount_check => str2bool(hiera('swift_mount_check')) +class { '::swift::storage::all': + mount_check => str2bool(hiera('swift_mount_check')), } if(!defined(File['/srv/node'])) { file { '/srv/node': @@ -52,7 +43,10 @@ snmp::snmpv3_user { $snmpd_user: authtype => 'MD5', authpass => hiera('snmpd_readonly_user_password'), } -class { 'snmp': +class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } + +hiera_include('object_classes') +package_manifest{'/var/lib/tripleo/installed-packages/overcloud_object': ensure => present} diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp index edfeaeca..7f24959a 100644 --- a/puppet/manifests/overcloud_volume.pp +++ b/puppet/manifests/overcloud_volume.pp @@ -13,16 +13,7 @@ # License for the specific language governing permissions and limitations # under the License. -if str2bool(hiera('disable_package_install', 'false')) { - case $::osfamily { - 'RedHat': { - Package { provider => 'norpm' } # provided by tripleo-puppet - } - default: { - warning('disable_package_install option not supported.') - } - } -} +include ::tripleo::packages create_resources(sysctl::value, hiera('sysctl_settings'), {}) @@ -31,6 +22,7 @@ if count(hiera('ntp::servers')) > 0 { } include ::cinder +include ::cinder::config include ::cinder::glance include ::cinder::volume include ::cinder::setup_test_volume @@ -55,7 +47,10 @@ snmp::snmpv3_user { $snmpd_user: authtype => 'MD5', authpass => hiera('snmpd_readonly_user_password'), } -class { 'snmp': +class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } + +hiera_include('volume_classes') +package_manifest{'/var/lib/tripleo/installed-packages/overcloud_volume': ensure => present} diff --git a/puppet/manifests/ringbuilder.pp b/puppet/manifests/ringbuilder.pp index 531706d2..4296208b 100644 --- a/puppet/manifests/ringbuilder.pp +++ b/puppet/manifests/ringbuilder.pp @@ -13,16 +13,7 @@ # License for the specific language governing permissions and limitations # under the License. -if str2bool(hiera('disable_package_install', 'false')) { - case $::osfamily { - 'RedHat': { - Package { provider => 'norpm' } # provided by tripleo-puppet - } - default: { - warning('disable_package_install option not supported.') - } - } -} +include ::tripleo::packages define add_devices( $swift_zones = '1' @@ -46,31 +37,33 @@ define add_devices( $base = regsubst($name,'^r1.*-(.*)$','\1') $object = regsubst($base, '%PORT%', '6000') ring_object_device { $object: - zone => '1', - weight => 100, + zone => '1', + weight => 100, } $container = regsubst($base, '%PORT%', '6001') ring_container_device { $container: - zone => '1', - weight => 100, + zone => '1', + weight => 100, } $account = regsubst($base, '%PORT%', '6002') ring_account_device { $account: - zone => '1', - weight => 100, + zone => '1', + weight => 100, } } class tripleo::ringbuilder ( $swift_zones = '1', $devices = '', - $build_ring = 'True', + $build_ring = true, $part_power, $replicas, $min_part_hours, ) { - if str2bool(downcase("$build_ring")) { + validate_bool($build_ring) + + if $build_ring { $device_array = strip(split(rstrip($devices), ',')) @@ -83,7 +76,7 @@ class tripleo::ringbuilder ( # add all other devices add_devices {$device_array: - swift_zones => $swift_zones + swift_zones => $swift_zones, } -> # rebalance @@ -99,3 +92,5 @@ class tripleo::ringbuilder ( } include ::tripleo::ringbuilder + +package_manifest{'/var/lib/tripleo/installed-packages/ringbuilder': ensure => present} diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml index ee50c86a..d22f5386 100644 --- a/puppet/swift-storage-post.yaml +++ b/puppet/swift-storage-post.yaml @@ -2,6 +2,10 @@ heat_template_version: 2015-04-30 description: 'OpenStack swift storage node post deployment for Puppet' parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean servers: type: json NodeConfigIdentifiers: @@ -15,6 +19,8 @@ resources: type: OS::Heat::SoftwareConfig properties: group: puppet + options: + enable_debug: {get_param: ConfigDebug} outputs: - name: result config: @@ -32,6 +38,8 @@ resources: type: OS::Heat::SoftwareConfig properties: group: puppet + options: + enable_debug: {get_param: ConfigDebug} outputs: - name: result config: diff --git a/puppet/swift-storage-puppet.yaml b/puppet/swift-storage.yaml index 82922a87..3d9b9018 100644 --- a/puppet/swift-storage-puppet.yaml +++ b/puppet/swift-storage.yaml @@ -45,8 +45,9 @@ parameters: type: string hidden: true NtpServer: - type: string default: '' + description: Comma-separated list of ntp servers + type: comma_delimited_list EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -65,6 +66,18 @@ parameters: Hostname: type: string default: '' # Defaults to Heat created hostname + ExtraConfig: + default: {} + description: | + Additional hiera configuration to inject into the cluster. Note + that ObjectStorageExtraConfig takes precedence over ExtraConfig. + type: json + ObjectStorageExtraConfig: + default: {} + description: | + Role specific additional hiera configuration to inject into the cluster. + type: json + resources: @@ -77,9 +90,26 @@ resources: networks: - network: ctlplane user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: NodeUserData} + user_data: {get_resource: UserData} name: {get_param: Hostname} + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id NodeUserData: type: OS::TripleO::NodeUserData @@ -101,6 +131,7 @@ resources: NetworkConfig: type: OS::TripleO::ObjectStorage::Net::SoftwareConfig properties: + ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} @@ -108,6 +139,7 @@ resources: NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: + ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} StorageIp: {get_attr: [StoragePort, ip_address]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} @@ -125,7 +157,10 @@ resources: config: hiera: hierarchy: + - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - object_extraconfig + - extraconfig - object - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - all_nodes # provided by allNodesConfig @@ -134,6 +169,10 @@ resources: datafiles: common: raw_data: {get_file: hieradata/common.yaml} + object_extraconfig: + mapped_data: {get_param: ObjectStorageExtraConfig} + extraconfig: + mapped_data: {get_param: ExtraConfig} object: raw_data: {get_file: hieradata/object.yaml} mapped_data: # data supplied directly to this deployment configuration, etc @@ -150,7 +189,8 @@ resources: tripleo::ringbuilder::build_ring: True snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - enable_package_install: {get_input: enable_package_install} + tripleo::packages::enable_install: {get_input: enable_package_install} + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} SwiftStorageHieraDeploy: @@ -168,14 +208,19 @@ resources: swift_min_part_hours: {get_param: MinPartHours} swift_part_power: {get_param: PartPower} swift_replicas: { get_param: Replicas} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} + ntp_servers: {get_param: NtpServer} enable_package_install: {get_param: EnablePackageInstall} + enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} + # Hook for site-specific additional pre-deployment config, + # applying to all nodes, e.g node registration/unregistration + NodeExtraConfig: + depends_on: SwiftStorageHieraDeploy + type: OS::TripleO::NodeExtraConfig + properties: + server: {get_resource: SwiftStorage} + UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate @@ -194,7 +239,7 @@ outputs: str_replace: template: "IP HOST.localdomain HOST" params: - IP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]} HOST: {get_attr: [SwiftStorage, name]} nova_server_resource: description: Heat resource handle for the swift storage server @@ -218,5 +263,8 @@ outputs: value: {get_attr: [StorageMgmtPort, ip_address]} config_identifier: description: identifier which changes if the node configuration may need re-applying - value: {get_attr: [SwiftStorageHieraDeploy, deploy_stdout]} - + value: + list_join: + - ',' + - - {get_attr: [SwiftStorageHieraDeploy, deploy_stdout]} + - {get_param: UpdateIdentifier} |