diff options
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/all-nodes-config.yaml | 11 | ||||
| -rw-r--r-- | puppet/cinder-storage.yaml | 2 | ||||
| -rw-r--r-- | puppet/compute.yaml | 25 | ||||
| -rw-r--r-- | puppet/controller.yaml | 42 | ||||
| -rw-r--r-- | puppet/extraconfig/ceph/ceph-external-config.yaml | 2 | ||||
| -rw-r--r-- | puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml | 45 | ||||
| -rw-r--r-- | puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml | 1 | ||||
| -rw-r--r-- | puppet/extraconfig/tls/ca-inject.yaml | 2 | ||||
| -rw-r--r-- | puppet/hieradata/common.yaml | 16 | ||||
| -rw-r--r-- | puppet/hieradata/controller.yaml | 6 | ||||
| -rw-r--r-- | puppet/hieradata/database.yaml | 7 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_cephstorage.pp | 2 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_compute.pp | 16 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 45 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 177 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_object.pp | 2 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_volume.pp | 2 | ||||
| -rw-r--r-- | puppet/vip-config.yaml | 2 |
18 files changed, 273 insertions, 132 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 3dd3d5c9..e85975d4 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -69,8 +69,8 @@ resources: allNodesConfigImpl: type: OS::Heat::StructuredConfig properties: + group: os-apply-config config: - completion-signal: {get_input: deploy_signal_id} hosts: list_join: - "\n" @@ -227,6 +227,15 @@ resources: list_join: - "','" - {get_param: neutron_api_node_ips} + # TODO: pass a `midonet_api_node_ips` var + midonet_api_node_ips: + str_replace: + template: "['SERVERS_LIST']" + params: + SERVERS_LIST: + list_join: + - "','" + - {get_param: neutron_api_node_ips} keystone_public_api_node_ips: str_replace: template: "['SERVERS_LIST']" diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index f7e8f907..0bec3e93 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -13,7 +13,7 @@ parameters: description: The iSCSI helper to use with cinder. type: string CinderLVMLoopDeviceSize: - default: 5000 + default: 10280 description: The size of the loopback file used by the cinder LVM driver. type: number CinderPassword: diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 8b2bcd33..1101261e 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -118,6 +118,15 @@ parameters: default: nic1 description: A port to add to the NeutronPhysicalBridge. type: string + NeutronTenantMtu: + description: > + The default MTU for tenant networks. For VXLAN/GRE tunneling, this should + be at least 50 bytes smaller than the MTU on the physical network. This + value will be used to set the MTU on the virtual Ethernet device. + This number is related to the value of NeutronDnsmasqOptions, since that + will determine the MTU that is assigned to the VM host through DHCP. + default: 1400 + type: number NeutronTunnelTypes: type: comma_delimited_list description: | @@ -434,6 +443,7 @@ resources: - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - common + - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre - nova_nuage_data # Optionally provided by ComputeExtraConfigPre - midonet_data # Optionally provided by AllNodesExtraConfig @@ -463,7 +473,11 @@ resources: nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend} rbd_persistent_storage: {get_input: cinder_enable_rbd_backend} nova_password: {get_input: nova_password} + nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu} nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address} + nova::vncproxy::common::vncproxy_protocol: {get_input: nova_vncproxy_protocol} + nova::vncproxy::common::vncproxy_host: {get_input: nova_vncproxy_host} + nova::vncproxy::common::vncproxy_port: {get_input: nova_vncproxy_port} nova::network::neutron::neutron_ovs_bridge: {get_input: nova_ovs_bridge} nova::network::neutron::security_group_api: {get_input: nova_security_group_api} ceilometer::debug: {get_input: debug} @@ -487,6 +501,7 @@ resources: neutron_host: {get_input: neutron_host} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} + neutron::network_device_mtu: {get_input: neutron_tenant_mtu} neutron::plugins::ml2::tenant_network_types: {get_input: neutron_tenant_network_types} neutron::agents::ml2::ovs::tunnel_types: {get_input: neutron_tunnel_types} neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions} @@ -498,9 +513,9 @@ resources: neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} neutron_physical_bridge: {get_input: neutron_physical_bridge} neutron_public_interface: {get_input: neutron_public_interface} - nova::network::neutron::neutron_admin_password: {get_input: neutron_password} + nova::network::neutron::neutron_password: {get_input: neutron_password} nova::network::neutron::neutron_url: {get_input: neutron_internal_url} - nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} + nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url} neutron_router_distributed: {get_input: neutron_router_distributed} neutron_agent_mode: {get_input: neutron_agent_mode} neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} @@ -535,6 +550,9 @@ resources: nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend} cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]} + nova_vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} + nova_vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host]} + nova_vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} nova_ovs_bridge: {get_param: NovaOVSBridge} nova_security_group_api: {get_param: NovaSecurityGroupAPI} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} @@ -581,6 +599,7 @@ resources: template: MAPPINGS params: MAPPINGS: {get_param: NeutronBridgeMappings} + neutron_tenant_mtu: {get_param: NeutronTenantMtu} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} neutron_physical_bridge: {get_param: NeutronPhysicalBridge} @@ -612,7 +631,7 @@ resources: AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]} - neutron_admin_auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri]} + neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} keystone_vip: {get_param: KeystonePublicApiVirtualIP} admin_password: {get_param: AdminPassword} rabbit_username: {get_param: RabbitUserName} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index ea19c711..51c9b6c0 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -61,7 +61,7 @@ parameters: description: The iSCSI helper to use with cinder. type: string CinderLVMLoopDeviceSize: - default: 5000 + default: 10280 description: The size of the loopback file used by the cinder LVM driver. type: number CinderNfsMountOptions: @@ -492,6 +492,15 @@ parameters: default: '' description: If set, the public interface is a vlan with this device as the raw device. type: string + NeutronTenantMtu: + description: > + The default MTU for tenant networks. For VXLAN/GRE tunneling, this should + be at least 50 bytes smaller than the MTU on the physical network. This + value will be used to set the MTU on the virtual Ethernet device. + This number is related to the value of NeutronDnsmasqOptions, since that + will determine the MTU that is assigned to the VM host through DHCP. + default: 1400 + type: number NeutronTunnelTypes: default: 'vxlan' description: | @@ -510,7 +519,7 @@ parameters: default: ["1:4094", ] type: comma_delimited_list NeutronPluginExtensions: - default: "qos" + default: "qos,port_security" description: | Comma-separated list of extensions enabled for the Neutron plugin. type: comma_delimited_list @@ -1061,6 +1070,7 @@ resources: params: AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} neutron_password: {get_param: NeutronPassword} + neutron_tenant_mtu: {get_param: NeutronTenantMtu} neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions} neutron_dsn: list_join: @@ -1073,7 +1083,7 @@ resources: neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] } neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } - neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri_no_suffix ] } + neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] } ceilometer_backend: {get_param: CeilometerBackend} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} @@ -1104,6 +1114,14 @@ resources: - '@' - {get_param: MysqlVirtualIP} - '/nova' + nova_api_dsn: + list_join: + - '' + - - 'mysql+pymysql://nova_api:' + - {get_param: NovaPassword} + - '@' + - {get_param: MysqlVirtualIP} + - '/nova_api' instance_name_template: {get_param: InstanceNameTemplate} fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} @@ -1334,8 +1352,10 @@ resources: keystone_ssl_certificate: {get_input: keystone_ssl_certificate} keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key} keystone::database_connection: {get_input: keystone_dsn} - keystone::public_bind_host: {get_input: keystone_public_api_network} keystone::admin_bind_host: {get_input: keystone_admin_api_network} + keystone::public_bind_host: {get_input: keystone_public_api_network} + keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network} + keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network} keystone::debug: {get_input: debug} keystone::db::mysql::password: {get_input: admin_token} keystone::rabbit_userid: {get_input: rabbit_username} @@ -1353,7 +1373,7 @@ resources: keystone::admin_workers: {get_input: keystone_workers} keystone::public_workers: {get_input: keystone_workers} keystone_enable_db_purge: {get_input: keystone_enable_db_purge} - + keystone::public_endpoint: {get_input: keystone_public_url} # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} mongodb::server::nojournal: {get_input: mongodb_no_journal} @@ -1381,6 +1401,7 @@ resources: neutron::server::database_connection: {get_input: neutron_dsn} neutron::server::api_workers: {get_input: neutron_workers} neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge} + neutron::network_device_mtu: {get_input: neutron_tenant_mtu} neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata} @@ -1406,7 +1427,7 @@ resources: neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} - neutron::agents::ml2::ovs:bridge_mappings: {get_input: neutron_bridge_mappings} + neutron::agents::ml2::ovs::bridge_mappings: {get_input: neutron_bridge_mappings} neutron_public_interface: {get_input: neutron_public_interface} neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route} @@ -1426,7 +1447,7 @@ resources: neutron::keystone::auth::password: {get_input: neutron_password } neutron::keystone::auth::region: {get_input: keystone_region} neutron::server::notifications::nova_url: {get_input: nova_internal_url} - neutron::server::notifications::auth_url: {get_input: neutron_admin_auth_url} + neutron::server::notifications::auth_url: {get_input: neutron_auth_url} neutron::server::notifications::tenant_name: 'service' neutron::server::notifications::project_name: 'service' neutron::server::notifications::password: {get_input: nova_password} @@ -1465,15 +1486,18 @@ resources: nova::api::osapi_compute_workers: {get_input: nova_workers} nova::api::ec2_workers: {get_input: nova_workers} nova::api::metadata_workers: {get_input: nova_workers} + nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu} nova::database_connection: {get_input: nova_dsn} + nova::api_database_connection: {get_input: nova_api_dsn} nova::glance_api_servers: {get_input: glance_api_servers} nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} nova::api::instance_name_template: {get_input: instance_name_template} - nova::network::neutron::neutron_admin_password: {get_input: neutron_password} + nova::network::neutron::neutron_password: {get_input: neutron_password} nova::network::neutron::neutron_url: {get_input: neutron_internal_url} - nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} + nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url} nova::vncproxy::host: {get_input: nova_api_network} nova::db::mysql::password: {get_input: nova_password} + nova::db::mysql_api::password: {get_input: nova_password} nova_enable_db_purge: {get_input: nova_enable_db_purge} # Horizon diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml index 7cefc24b..ebd6c251 100644 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -76,7 +76,7 @@ resources: cinder_rbd_pool_name: {get_param: CinderRbdPoolName} glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} - glance::backend::rbd::rbd_store_pool: {get_param: CephClientUserName} + glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} nova::compute::rbd::rbd_keyring: list_join: - '.' diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml new file mode 100644 index 00000000..49c77190 --- /dev/null +++ b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2015-04-30 + +description: Configure hieradata for Big Switch agents on compute node + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + NeutronBigswitchAgentEnabled: + description: The state of the neutron-bsn-agent service. + type: boolean + default: false + NeutronBigswitchLLDPEnabled: + description: The state of the neutron-bsn-lldp service. + type: boolean + default: true + + +resources: + NeutronBigswitchConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + neutron_bigswitch_data: + mapped_data: + neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent} + neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp} + + NeutronBigswitchDeployment: + type: OS::Heat::StructuredDeployment + properties: + name: NeutronBigswitchDeployment + config: {get_resource: NeutronBigswitchConfig} + server: {get_param: server} + input_values: + neutron_enable_bigswitch_agent: {get_param: NeutronBigswitchAgentEnabled} + neutron_enable_bigswitch_lldp: {get_param: NeutronBigswitchLLDPEnabled} + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: {get_attr: [NeutronBigswitchDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml index 1e652960..467f57cc 100644 --- a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml +++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml @@ -44,7 +44,6 @@ resources: datafiles: neutron_bigswitch_data: mapped_data: - neutron_enable_bigswitch_ml2: true neutron::plugins::ml2::bigswitch::restproxy::servers: {get_input: restproxy_servers} neutron::plugins::ml2::bigswitch::restproxy::server_auth: {get_input: restproxy_server_auth} neutron::plugins::ml2::bigswitch::restproxy::auto_sync_on_failure: {get_input: restproxy_auto_sync_on_failure} diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml index 5a36e951..aab42849 100644 --- a/puppet/extraconfig/tls/ca-inject.yaml +++ b/puppet/extraconfig/tls/ca-inject.yaml @@ -45,7 +45,7 @@ resources: cat > ${cacert_path} << EOF ${cacert_content} EOF - chmod 0440 ${cacert_path} + chmod 0444 ${cacert_path} chown root:root ${cacert_path} ${update_anchor_command} md5sum ${cacert_path} > ${heat_outputs_path}.root_cert_md5sum diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml index b4b51abf..03366c7e 100644 --- a/puppet/hieradata/common.yaml +++ b/puppet/hieradata/common.yaml @@ -8,12 +8,15 @@ ceilometer::agent::auth::auth_region: 'regionOne' ceilometer::agent::auth::auth_tenant_name: 'admin' nova::api::admin_tenant_name: 'service' -nova::network::neutron::neutron_admin_tenant_name: 'service' -nova::network::neutron::neutron_admin_username: 'neutron' +nova::network::neutron::neutron_project_name: 'service' +nova::network::neutron::neutron_username: 'neutron' nova::network::neutron::dhcp_domain: '' neutron::allow_overlapping_ips: true +kernel_modules: + nf_conntrack: {} + sysctl_settings: net.ipv4.tcp_keepalive_intvl: value: 1 @@ -21,6 +24,15 @@ sysctl_settings: value: 5 net.ipv4.tcp_keepalive_time: value: 5 + net.nf_conntrack_max: + value: 500000 + net.netfilter.nf_conntrack_max: + value: 500000 + # prevent neutron bridges from autoconfiguring ipv6 addresses + net.ipv6.conf.default.accept_ra: + value: 0 + net.ipv6.conf.default.autoconf: + value: 0 nova::rabbit_heartbeat_timeout_threshold: 60 neutron::rabbit_heartbeat_timeout_threshold: 60 diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index f8ef6408..e0e0ffbc 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -34,6 +34,8 @@ glance::api::keystone_tenant: 'service' glance::registry::keystone_tenant: 'service' neutron::server::auth_tenant: 'service' neutron::agents::metadata::auth_tenant: 'service' +neutron::agents::l3::router_delete_namespaces: True +neutron::agents::dhcp::dhcp_delete_namespaces: True cinder::api::keystone_tenant: 'service' swift::proxy::authtoken::admin_tenant_name: 'service' ceilometer::api::keystone_tenant: 'service' @@ -50,6 +52,8 @@ keystone::config::keystone_config: value: 'HTTP_X_FORWARDED_PROTO' ec2/driver: value: 'keystone.contrib.ec2.backends.sql.Ec2' +keystone::service_name: 'httpd' +keystone::wsgi::apache::ssl: false #swift swift::proxy::pipeline: @@ -83,6 +87,7 @@ neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf nova::notify_on_state_change: 'vm_and_task_state' nova::api::default_floating_pool: 'public' nova::api::osapi_v3: true +nova::api::sync_db_api: true nova::scheduler::filter::ram_allocation_ratio: '1.0' nova::cron::archive_deleted_rows::hour: '*/12' nova::cron::archive_deleted_rows::destination: '/dev/null' @@ -93,6 +98,7 @@ ceilometer::agent::auth::auth_endpoint_type: 'internalURL' # cinder cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler cinder::cron::db_purge::destination: '/dev/null' +cinder::host: hostgroup # heat heat::engine::configure_delegated_roles: false diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml index 89577505..61714691 100644 --- a/puppet/hieradata/database.yaml +++ b/puppet/hieradata/database.yaml @@ -6,6 +6,13 @@ nova::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" +nova::db::mysql_api::user: nova_api +nova::db::mysql_api::host: "%{hiera('mysql_virtual_ip')}" +nova::db::mysql_api::dbname: nova_api +nova::db::mysql_api::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + # Glance glance::db::mysql::user: glance glance::db::mysql::host: "%{hiera('mysql_virtual_ip')}" diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index 1d801adc..0db5b45a 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -16,7 +16,9 @@ include ::tripleo::packages include ::tripleo::firewall +create_resources(kmod::load, hiera('kernel_modules'), {}) create_resources(sysctl::value, hiera('sysctl_settings'), {}) +Exec <| tag == 'kmod::load' |> -> Sysctl <| |> if count(hiera('ntp::servers')) > 0 { include ::ntp diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 593cc500..0f1318c3 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -16,7 +16,9 @@ include ::tripleo::packages include ::tripleo::firewall +create_resources(kmod::load, hiera('kernel_modules'), {}) create_resources(sysctl::value, hiera('sysctl_settings'), {}) +Exec <| tag == 'kmod::load' |> -> Sysctl <| |> if count(hiera('ntp::servers')) > 0 { include ::ntp @@ -37,6 +39,16 @@ exec { 'libvirt-default-net-destroy': before => Service['libvirt'], } +# When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique +exec { 'reset-iscsi-initiator-name': + command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi', + onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset', +}-> + +file { '/etc/iscsi/.initiator_reset': + ensure => present, +} + include ::nova include ::nova::config include ::nova::compute @@ -119,6 +131,10 @@ else { n1kv_version => hiera('n1kv_vem_version', undef), } } + + if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { + include ::neutron::agents::bigswitch + } } diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 70aebddd..14dde157 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -20,7 +20,9 @@ $enable_load_balancer = hiera('enable_load_balancer', true) if hiera('step') >= 1 { + create_resources(kmod::load, hiera('kernel_modules'), {}) create_resources(sysctl::value, hiera('sysctl_settings'), {}) + Exec <| tag == 'kmod::load' |> -> Sysctl <| |> $controller_node_ips = split(hiera('controller_node_ips'), ',') @@ -83,11 +85,15 @@ if hiera('step') >= 2 { $mysql_config_file = '/etc/my.cnf.d/server.cnf' } # TODO Galara + # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we + # set bind-address to a hostname instead of an ip address; to move Mysql + # from internal_api on another network we'll have to customize both + # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap class { '::mysql::server': config_file => $mysql_config_file, override_options => { 'mysqld' => { - 'bind-address' => hiera('mysql_bind_host'), + 'bind-address' => $::hostname, 'max_connections' => hiera('mysql_max_connections'), 'open_files_limit' => '-1', }, @@ -100,6 +106,7 @@ if hiera('step') >= 2 { include ::keystone::db::mysql include ::glance::db::mysql include ::nova::db::mysql + include ::nova::db::mysql_api include ::neutron::db::mysql include ::cinder::db::mysql include ::heat::db::mysql @@ -173,6 +180,7 @@ if hiera('step') >= 3 { include ::keystone::config include ::keystone::roles::admin include ::keystone::endpoint + include ::keystone::wsgi::apache #TODO: need a cleanup-keystone-tokens.sh solution here @@ -246,7 +254,8 @@ if hiera('step') >= 3 { if hiera('enable_zookeeper_on_controller') { class {'::tripleo::cluster::zookeeper': zookeeper_server_ips => $zookeeper_node_ips, - zookeeper_client_ip => $ipaddress, + # TODO: create a 'bind' hiera key for zookeeper + zookeeper_client_ip => hiera('neutron::bind_host'), zookeeper_hostnames => hiera('controller_node_names') } } @@ -255,7 +264,8 @@ if hiera('step') >= 3 { if hiera('enable_cassandra_on_controller') { class {'::tripleo::cluster::cassandra': cassandra_servers => $cassandra_node_ips, - cassandra_ip => $ipaddress + # TODO: create a 'bind' hiera key for cassandra + cassandra_ip => hiera('neutron::bind_host'), } } @@ -266,10 +276,11 @@ if hiera('step') >= 3 { class {'::tripleo::network::midonet::api': zookeeper_servers => $zookeeper_node_ips, - vip => $ipaddress, - keystone_ip => $ipaddress, + vip => hiera('tripleo::loadbalancer::public_virtual_ip'), + keystone_ip => hiera('tripleo::loadbalancer::public_virtual_ip'), keystone_admin_token => hiera('keystone::admin_token'), - bind_address => $ipaddress, + # TODO: create a 'bind' hiera key for api + bind_address => hiera('neutron::bind_host'), admin_password => hiera('admin_password') } @@ -312,7 +323,7 @@ if hiera('step') >= 3 { if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { class {'::neutron::plugins::midonet': - midonet_api_ip => $ipaddress, + midonet_api_ip => hiera('tripleo::loadbalancer::public_virtual_ip'), keystone_tenant => hiera('neutron::server::auth_tenant'), keystone_password => hiera('neutron::server::auth_password') } @@ -344,8 +355,9 @@ if hiera('step') >= 3 { include ::neutron::plugins::ml2::cisco::type_nexus_vxlan } - if hiera('neutron_enable_bigswitch_ml2', false) { + if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { include ::neutron::plugins::ml2::bigswitch::restproxy + include ::neutron::agents::bigswitch } neutron_l3_agent_config { 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); @@ -363,6 +375,7 @@ if hiera('step') >= 3 { include ::cinder include ::cinder::config + include ::tripleo::ssl::cinder_config include ::cinder::api include ::cinder::glance include ::cinder::scheduler @@ -410,10 +423,6 @@ if hiera('step') >= 3 { if hiera('cinder_enable_eqlx_backend', false) { $cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name') - cinder_config { - "${cinder_eqlx_backend}/host": value => 'hostgroup'; - } - cinder::backend::eqlx { $cinder_eqlx_backend : volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef), san_ip => hiera('cinder::backend::eqlx::san_ip', undef), @@ -421,7 +430,7 @@ if hiera('step') >= 3 { san_password => hiera('cinder::backend::eqlx::san_password', undef), san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef), eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef), - eqlx_pool => hiera('cinder::backend::eqlx::eqlx_lpool', undef), + eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef), eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef), eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef), eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef), @@ -431,10 +440,6 @@ if hiera('step') >= 3 { if hiera('cinder_enable_dellsc_backend', false) { $cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name') - cinder_config { - "${cinder_dellsc_backend}/host": value => 'hostgroup'; - } - cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend : volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef), san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef), @@ -443,7 +448,7 @@ if hiera('step') >= 3 { dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef), iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef), iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef), - dell_sc_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_port', undef), + dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef), dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef), dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef), } @@ -452,10 +457,6 @@ if hiera('step') >= 3 { if hiera('cinder_enable_netapp_backend', false) { $cinder_netapp_backend = hiera('cinder::backend::netapp::title') - cinder_config { - "${cinder_netapp_backend}/host": value => 'hostgroup'; - } - if hiera('cinder::backend::netapp::nfs_shares', undef) { $cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',') } diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index e0286162..c527c26e 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -39,7 +39,9 @@ $non_pcmk_start = hiera('step') >= 4 if hiera('step') >= 1 { + create_resources(kmod::load, hiera('kernel_modules'), {}) create_resources(sysctl::value, hiera('sysctl_settings'), {}) + Exec <| tag == 'kmod::load' |> -> Sysctl <| |> include ::timezone @@ -134,6 +136,11 @@ if hiera('step') >= 1 { $galera_nodes = downcase(hiera('galera_node_names', $::hostname)) $galera_nodes_count = count(split($galera_nodes, ',')) + # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we + # set bind-address to a hostname instead of an ip address; to move Mysql + # from internal_api on another network we'll have to customize both + # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap + $mysql_bind_host = hiera('mysql_bind_host') $mysqld_options = { 'mysqld' => { 'skip-name-resolve' => '1', @@ -143,7 +150,7 @@ if hiera('step') >= 1 { 'innodb_locks_unsafe_for_binlog'=> '1', 'query_cache_size' => '0', 'query_cache_type' => '0', - 'bind-address' => hiera('mysql_bind_host'), + 'bind-address' => $::hostname, 'max_connections' => hiera('mysql_max_connections'), 'open_files_limit' => '-1', 'wsrep_provider' => '/usr/lib64/galera/libgalera_smm.so', @@ -159,6 +166,7 @@ if hiera('step') >= 1 { 'wsrep_drupal_282555_workaround'=> '0', 'wsrep_causal_reads' => '0', 'wsrep_sst_method' => 'rsync', + 'wsrep_provider_options' => "gmcast.listen_addr=tcp://[${mysql_bind_host}]:4567;", }, } @@ -429,6 +437,9 @@ MYSQL_HOST=localhost\n", class { '::nova::db::mysql': require => Exec['galera-ready'], } + class { '::nova::db::mysql_api': + require => Exec['galera-ready'], + } class { '::neutron::db::mysql': require => Exec['galera-ready'], } @@ -574,6 +585,7 @@ if hiera('step') >= 3 { class { '::nova::api' : sync_db => $sync_db, + sync_db_api => $sync_db, manage_service => false, enabled => false, } @@ -610,8 +622,9 @@ if hiera('step') >= 3 { if hiera('enable_zookeeper_on_controller') { class {'::tripleo::cluster::zookeeper': zookeeper_server_ips => $zookeeper_node_ips, - zookeeper_client_ip => $ipaddress, - zookeeper_hostnames => hiera('controller_node_names') + # TODO: create a 'bind' hiera key for zookeeper + zookeeper_client_ip => hiera('neutron::bind_host'), + zookeeper_hostnames => split(hiera('controller_node_names'), ',') } } @@ -619,7 +632,8 @@ if hiera('step') >= 3 { if hiera('enable_cassandra_on_controller') { class {'::tripleo::cluster::cassandra': cassandra_servers => $cassandra_node_ips, - cassandra_ip => $ipaddress + # TODO: create a 'bind' hiera key for cassandra + cassandra_ip => hiera('neutron::bind_host'), } } @@ -629,11 +643,12 @@ if hiera('step') >= 3 { } class {'::tripleo::network::midonet::api': - zookeeper_servers => hiera('neutron_api_node_ips'), - vip => $public_vip, - keystone_ip => $public_vip, + zookeeper_servers => $zookeeper_node_ips, + vip => hiera('tripleo::loadbalancer::public_virtual_ip'), + keystone_ip => hiera('tripleo::loadbalancer::public_virtual_ip'), keystone_admin_token => hiera('keystone::admin_token'), - bind_address => $ipaddress, + # TODO: create a 'bind' hiera key for api + bind_address => hiera('neutron::bind_host'), admin_password => hiera('admin_password') } @@ -660,7 +675,7 @@ if hiera('step') >= 3 { } if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { class {'::neutron::plugins::midonet': - midonet_api_ip => $public_vip, + midonet_api_ip => hiera('tripleo::loadbalancer::public_virtual_ip'), keystone_tenant => hiera('neutron::server::auth_tenant'), keystone_password => hiera('neutron::server::auth_password') } @@ -717,8 +732,9 @@ if hiera('step') >= 3 { } } - if hiera('neutron_enable_bigswitch_ml2', false) { + if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { include ::neutron::plugins::ml2::bigswitch::restproxy + include ::neutron::agents::bigswitch } neutron_l3_agent_config { 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); @@ -729,6 +745,7 @@ if hiera('step') >= 3 { include ::cinder include ::cinder::config + include ::tripleo::ssl::cinder_config class { '::cinder::api': sync_db => $sync_db, manage_service => false, @@ -786,10 +803,6 @@ if hiera('step') >= 3 { if hiera('cinder_enable_eqlx_backend', false) { $cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name') - cinder_config { - "${cinder_eqlx_backend}/host": value => 'hostgroup'; - } - cinder::backend::eqlx { $cinder_eqlx_backend : volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef), san_ip => hiera('cinder::backend::eqlx::san_ip', undef), @@ -797,7 +810,7 @@ if hiera('step') >= 3 { san_password => hiera('cinder::backend::eqlx::san_password', undef), san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef), eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef), - eqlx_pool => hiera('cinder::backend::eqlx::eqlx_lpool', undef), + eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef), eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef), eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef), eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef), @@ -807,10 +820,6 @@ if hiera('step') >= 3 { if hiera('cinder_enable_dellsc_backend', false) { $cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name') - cinder_config { - "${cinder_dellsc_backend}/host": value => 'hostgroup'; - } - cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend : volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef), san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef), @@ -819,7 +828,7 @@ if hiera('step') >= 3 { dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef), iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef), iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef), - dell_sc_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_port', undef), + dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef), dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef), dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef), } @@ -828,10 +837,6 @@ if hiera('step') >= 3 { if hiera('cinder_enable_netapp_backend', false) { $cinder_netapp_backend = hiera('cinder::backend::netapp::title') - cinder_config { - "${cinder_netapp_backend}/host": value => 'hostgroup'; - } - if hiera('cinder::backend::netapp::nfs_shares', undef) { $cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',') } @@ -1006,6 +1011,7 @@ if hiera('step') >= 3 { service_enable => false, # service_manage => false, # <-- not supported with horizon&apache mod_wsgi? } + include ::keystone::wsgi::apache include ::apache::mod::status if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { $_profile_support = 'cisco' @@ -1049,57 +1055,49 @@ if hiera('step') >= 4 { if $pacemaker_master { - # Keystone - pacemaker::resource::service { $::keystone::params::service_name : - clone_params => 'interleave=true', - verify_on_create => true, - require => [File['/etc/keystone/ssl/certs/ca.pem'], - File['/etc/keystone/ssl/private/signing_key.pem'], - File['/etc/keystone/ssl/certs/signing_cert.pem']], - } if $enable_load_balancer { pacemaker::constraint::base { 'haproxy-then-keystone-constraint': constraint_type => 'order', first_resource => 'haproxy-clone', - second_resource => "${::keystone::params::service_name}-clone", + second_resource => "${::apache::params::service_name}-clone", first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Service[$::apache::params::service_name]], } } pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint': constraint_type => 'order', first_resource => 'rabbitmq-clone', - second_resource => "${::keystone::params::service_name}-clone", + second_resource => "${::apache::params::service_name}-clone", first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Ocf['rabbitmq'], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Service[$::apache::params::service_name]], } pacemaker::constraint::base { 'memcached-then-keystone-constraint': constraint_type => 'order', first_resource => 'memcached-clone', - second_resource => "${::keystone::params::service_name}-clone", + second_resource => "${::apache::params::service_name}-clone", first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Service['memcached'], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Service[$::apache::params::service_name]], } pacemaker::constraint::base { 'galera-then-keystone-constraint': constraint_type => 'order', first_resource => 'galera-master', - second_resource => "${::keystone::params::service_name}-clone", + second_resource => "${::apache::params::service_name}-clone", first_action => 'promote', second_action => 'start', require => [Pacemaker::Resource::Ocf['galera'], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Service[$::apache::params::service_name]], } # Cinder pacemaker::resource::service { $::cinder::params::api_service : clone_params => 'interleave=true', - require => Pacemaker::Resource::Service[$::keystone::params::service_name], + require => Pacemaker::Resource::Service[$::apache::params::service_name], } pacemaker::resource::service { $::cinder::params::scheduler_service : clone_params => 'interleave=true', @@ -1108,12 +1106,12 @@ if hiera('step') >= 4 { pacemaker::constraint::base { 'keystone-then-cinder-api-constraint': constraint_type => 'order', - first_resource => "${::keystone::params::service_name}-clone", + first_resource => "${::apache::params::service_name}-clone", second_resource => "${::cinder::params::api_service}-clone", first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Service[$::cinder::params::api_service], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Service[$::apache::params::service_name]], } pacemaker::constraint::base { 'cinder-api-then-cinder-scheduler-constraint': constraint_type => 'order', @@ -1151,25 +1149,25 @@ if hiera('step') >= 4 { # Sahara pacemaker::resource::service { $::sahara::params::api_service_name : clone_params => 'interleave=true', - require => Pacemaker::Resource::Service[$::keystone::params::service_name], + require => Pacemaker::Resource::Service[$::apache::params::service_name], } pacemaker::resource::service { $::sahara::params::engine_service_name : clone_params => 'interleave=true', } pacemaker::constraint::base { 'keystone-then-sahara-api-constraint': constraint_type => 'order', - first_resource => "${::keystone::params::service_name}-clone", + first_resource => "${::apache::params::service_name}-clone", second_resource => "${::sahara::params::api_service_name}-clone", first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Service[$::apache::params::service_name]], } # Glance pacemaker::resource::service { $::glance::params::registry_service_name : clone_params => 'interleave=true', - require => Pacemaker::Resource::Service[$::keystone::params::service_name], + require => Pacemaker::Resource::Service[$::apache::params::service_name], } pacemaker::resource::service { $::glance::params::api_service_name : clone_params => 'interleave=true', @@ -1177,12 +1175,12 @@ if hiera('step') >= 4 { pacemaker::constraint::base { 'keystone-then-glance-registry-constraint': constraint_type => 'order', - first_resource => "${::keystone::params::service_name}-clone", + first_resource => "${::apache::params::service_name}-clone", second_resource => "${::glance::params::registry_service_name}-clone", first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Service[$::apache::params::service_name]], } pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint': constraint_type => 'order', @@ -1220,12 +1218,12 @@ if hiera('step') >= 4 { } -> pacemaker::resource::service { $::neutron::params::server_service: clone_params => 'interleave=true', - require => Pacemaker::Resource::Service[$::keystone::params::service_name] + require => Pacemaker::Resource::Service[$::apache::params::service_name] } } else { pacemaker::resource::service { $::neutron::params::server_service: clone_params => 'interleave=true', - require => Pacemaker::Resource::Service[$::keystone::params::service_name] + require => Pacemaker::Resource::Service[$::apache::params::service_name] } } if hiera('neutron::enable_l3_agent', true) { @@ -1297,28 +1295,16 @@ if hiera('step') >= 4 { Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], } } - pacemaker::constraint::base { 'keystone-to-neutron-server-constraint': - constraint_type => 'order', - first_resource => "${::keystone::params::service_name}-clone", - second_resource => "${::neutron::params::server_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::keystone::params::service_name], - Pacemaker::Resource::Service[$::neutron::params::server_service]], - } - if hiera('neutron::enable_ovs_agent',true) { - pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::server_service}-clone", - second_resource => "${::neutron::params::ovs_agent_service}-clone", + constraint_type => 'order', + first_resource => "${::apache::params::service_name}-clone", + second_resource => "${::neutron::params::server_service}-clone", first_action => 'start', second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::server_service], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], + require => [Pacemaker::Resource::Service[$::apache::params::service_name], + Pacemaker::Resource::Service[$::neutron::params::server_service]], } - } - if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_ovs_agent',true) { + if hiera('neutron::enable_ovs_agent',true) { pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint': constraint_type => 'order', first_resource => "${::neutron::params::ovs_agent_service}-clone", @@ -1327,8 +1313,19 @@ if hiera('step') >= 4 { second_action => 'start', require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], - } + } + if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_ovs_agent',true) { + pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint': + constraint_type => 'order', + first_resource => "${::neutron::params::server_service}-clone", + second_resource => "${::neutron::params::ovs_agent_service}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::neutron::params::server_service], + Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], + } + pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation': source => "${::neutron::params::dhcp_agent_service}-clone", target => "${::neutron::params::ovs_agent_service}-clone", @@ -1414,34 +1411,29 @@ if hiera('step') >= 4 { # Nova pacemaker::resource::service { $::nova::params::api_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s', } pacemaker::resource::service { $::nova::params::conductor_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s', } pacemaker::resource::service { $::nova::params::consoleauth_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s', - require => Pacemaker::Resource::Service[$::keystone::params::service_name], + require => Pacemaker::Resource::Service[$::apache::params::service_name], } pacemaker::resource::service { $::nova::params::vncproxy_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s', } pacemaker::resource::service { $::nova::params::scheduler_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s', } pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint': constraint_type => 'order', - first_resource => "${::keystone::params::service_name}-clone", + first_resource => "${::apache::params::service_name}-clone", second_resource => "${::nova::params::consoleauth_service_name}-clone", first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Service[$::apache::params::service_name]], } pacemaker::constraint::base { 'nova-consoleauth-then-nova-vncproxy-constraint': constraint_type => 'order', @@ -1513,14 +1505,14 @@ if hiera('step') >= 4 { /mysql/: { pacemaker::resource::service { $::ceilometer::params::agent_central_service_name : clone_params => 'interleave=true', - require => Pacemaker::Resource::Service[$::keystone::params::service_name], + require => Pacemaker::Resource::Service[$::apache::params::service_name], } } default: { pacemaker::resource::service { $::ceilometer::params::agent_central_service_name : clone_params => 'interleave=true', - require => [Pacemaker::Resource::Service[$::keystone::params::service_name], - Pacemaker::Resource::Service[$::mongodb::params::service_name]], + require => [Pacemaker::Resource::Service[$::apache::params::service_name], + Pacemaker::Resource::Service[$::mongodb::params::service_name]], } } } @@ -1556,12 +1548,12 @@ if hiera('step') >= 4 { } pacemaker::constraint::base { 'keystone-then-ceilometer-central-constraint': constraint_type => 'order', - first_resource => "${::keystone::params::service_name}-clone", + first_resource => "${::apache::params::service_name}-clone", second_resource => "${::ceilometer::params::agent_central_service_name}-clone", first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Service[$::apache::params::service_name]], } pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint': constraint_type => 'order', @@ -1631,12 +1623,12 @@ if hiera('step') >= 4 { } pacemaker::constraint::base { 'keystone-then-heat-api-constraint': constraint_type => 'order', - first_resource => "${::keystone::params::service_name}-clone", + first_resource => "${::apache::params::service_name}-clone", second_resource => "${::heat::params::api_service_name}-clone", first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Service[$::heat::params::api_service_name], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Service[$::apache::params::service_name]], } pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint': constraint_type => 'order', @@ -1696,9 +1688,13 @@ if hiera('step') >= 4 { Pacemaker::Resource::Service[$::ceilometer::params::agent_notification_service_name]], } - # Horizon - pacemaker::resource::service { $::horizon::params::http_service: - clone_params => 'interleave=true', + # Horizon and Keystone + pacemaker::resource::service { $::apache::params::service_name: + clone_params => 'interleave=true', + verify_on_create => true, + require => [File['/etc/keystone/ssl/certs/ca.pem'], + File['/etc/keystone/ssl/private/signing_key.pem'], + File['/etc/keystone/ssl/certs/signing_cert.pem']], } #VSM @@ -1735,12 +1731,11 @@ if hiera('step') >= 5 { if $pacemaker_master { class {'::keystone::roles::admin' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], + require => Pacemaker::Resource::Service[$::apache::params::service_name], } -> class {'::keystone::endpoint' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], + require => Pacemaker::Resource::Service[$::apache::params::service_name], } - } } #END STEP 5 diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index 63ac396e..1ac66904 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -16,7 +16,9 @@ include ::tripleo::packages include ::tripleo::firewall +create_resources(kmod::load, hiera('kernel_modules'), {}) create_resources(sysctl::value, hiera('sysctl_settings'), {}) +Exec <| tag == 'kmod::load' |> -> Sysctl <| |> if count(hiera('ntp::servers')) > 0 { include ::ntp diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp index 5a69725a..72cd36c3 100644 --- a/puppet/manifests/overcloud_volume.pp +++ b/puppet/manifests/overcloud_volume.pp @@ -16,7 +16,9 @@ include ::tripleo::packages include ::tripleo::firewall +create_resources(kmod::load, hiera('kernel_modules'), {}) create_resources(sysctl::value, hiera('sysctl_settings'), {}) +Exec <| tag == 'kmod::load' |> -> Sysctl <| |> if count(hiera('ntp::servers')) > 0 { include ::ntp diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml index c49a1047..5e2f698f 100644 --- a/puppet/vip-config.yaml +++ b/puppet/vip-config.yaml @@ -16,6 +16,8 @@ resources: keystone_admin_api_vip: {get_input: keystone_admin_api_vip} keystone_public_api_vip: {get_input: keystone_public_api_vip} neutron_api_vip: {get_input: neutron_api_vip} + # TODO: pass a `midonet_api_vip` var + midonet_api_vip: {get_input: neutron_api_vip} cinder_api_vip: {get_input: cinder_api_vip} glance_api_vip: {get_input: glance_api_vip} glance_registry_vip: {get_input: glance_registry_vip} |