diff options
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/controller-role.yaml | 1 | ||||
-rw-r--r-- | puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml | 157 | ||||
-rw-r--r-- | puppet/services/apache.yaml | 6 | ||||
-rw-r--r-- | puppet/services/cinder-backend-netapp.yaml | 129 | ||||
-rw-r--r-- | puppet/services/external-swift-proxy.yaml | 70 | ||||
-rw-r--r-- | puppet/services/kernel.yaml | 8 |
6 files changed, 211 insertions, 160 deletions
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 2f4f583c..3d32add2 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -467,7 +467,6 @@ resources: - all_nodes # provided by allNodesConfig - vip_data # provided by allNodesConfig - '"%{::osfamily}"' - - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml deleted file mode 100644 index 378f7f98..00000000 --- a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml +++ /dev/null @@ -1,157 +0,0 @@ -heat_template_version: ocata - -description: Configure hieradata for Cinder Netapp configuration - -parameters: - server: - description: ID of the controller node to apply this config to - type: string - - # Config specific parameters, to be provided via parameter_defaults - CinderEnableNetappBackend: - type: boolean - default: true - CinderNetappBackendName: - type: string - default: 'tripleo_netapp' - CinderNetappLogin: - type: string - CinderNetappPassword: - type: string - hidden: true - CinderNetappServerHostname: - type: string - CinderNetappServerPort: - type: string - default: '80' - CinderNetappSizeMultiplier: - type: string - default: '1.2' - CinderNetappStorageFamily: - type: string - default: 'ontap_cluster' - CinderNetappStorageProtocol: - type: string - default: 'nfs' - CinderNetappTransportType: - type: string - default: 'http' - CinderNetappVfiler: - type: string - default: '' - CinderNetappVolumeList: - type: string - default: '' - CinderNetappVserver: - type: string - default: '' - CinderNetappPartnerBackendName: - type: string - default: '' - CinderNetappNfsShares: - type: string - default: '' - CinderNetappNfsSharesConfig: - type: string - default: '/etc/cinder/shares.conf' - CinderNetappNfsMountOptions: - type: string - default: '' - CinderNetappCopyOffloadToolPath: - type: string - default: '' - CinderNetappControllerIps: - type: string - default: '' - CinderNetappSaPassword: - type: string - default: '' - hidden: true - CinderNetappStoragePools: - type: string - default: '' - CinderNetappHostType: - type: string - default: '' - CinderNetappWebservicePath: - type: string - default: '/devmgr/v2' - # DEPRECATED options for compatibility with older versions - CinderNetappEseriesHostType: - type: string - default: 'linux_dm_mp' - -parameter_groups: -- label: deprecated - description: Do not use deprecated params, they will be removed. - parameters: - - CinderNetappEseriesHostType - -resources: - CinderNetappConfig: - type: OS::Heat::StructuredConfig - properties: - group: hiera - config: - datafiles: - cinder_netapp_data: - mapped_data: - tripleo::profile::base::cinder::volume::cinder_enable_netapp_backend: {get_input: EnableNetappBackend} - cinder::backend::netapp::title: {get_input: NetappBackendName} - cinder::backend::netapp::netapp_login: {get_input: NetappLogin} - cinder::backend::netapp::netapp_password: {get_input: NetappPassword} - cinder::backend::netapp::netapp_server_hostname: {get_input: NetappServerHostname} - cinder::backend::netapp::netapp_server_port: {get_input: NetappServerPort} - cinder::backend::netapp::netapp_size_multiplier: {get_input: NetappSizeMultiplier} - cinder::backend::netapp::netapp_storage_family: {get_input: NetappStorageFamily} - cinder::backend::netapp::netapp_storage_protocol: {get_input: NetappStorageProtocol} - cinder::backend::netapp::netapp_transport_type: {get_input: NetappTransportType} - cinder::backend::netapp::netapp_vfiler: {get_input: NetappVfiler} - cinder::backend::netapp::netapp_volume_list: {get_input: NetappVolumeList} - cinder::backend::netapp::netapp_vserver: {get_input: NetappVserver} - cinder::backend::netapp::netapp_partner_backend_name: {get_input: NetappPartnerBackendName} - cinder::backend::netapp::nfs_shares: {get_input: NetappNfsShares} - cinder::backend::netapp::nfs_shares_config: {get_input: NetappNfsSharesConfig} - cinder::backend::netapp::nfs_mount_options: {get_input: NetappNfsMountOptions} - cinder::backend::netapp::netapp_copyoffload_tool_path: {get_input: NetappCopyOffloadToolPath} - cinder::backend::netapp::netapp_controller_ips: {get_input: NetappControllerIps} - cinder::backend::netapp::netapp_sa_password: {get_input: NetappSaPassword} - cinder::backend::netapp::netapp_storage_pools: {get_input: NetappStoragePools} - cinder::backend::netapp::netapp_host_type: {get_input: NetappHostType} - cinder::backend::netapp::netapp_webservice_path: {get_input: NetappWebservicePath} - - CinderNetappDeployment: - type: OS::Heat::StructuredDeployment - properties: - name: CinderNetappDeployment - config: {get_resource: CinderNetappConfig} - server: {get_param: server} - input_values: - EnableNetappBackend: {get_param: CinderEnableNetappBackend} - NetappBackendName: {get_param: CinderNetappBackendName} - NetappLogin: {get_param: CinderNetappLogin} - NetappPassword: {get_param: CinderNetappPassword} - NetappServerHostname: {get_param: CinderNetappServerHostname} - NetappServerPort: {get_param: CinderNetappServerPort} - NetappSizeMultiplier: {get_param: CinderNetappSizeMultiplier} - NetappStorageFamily: {get_param: CinderNetappStorageFamily} - NetappStorageProtocol: {get_param: CinderNetappStorageProtocol} - NetappTransportType: {get_param: CinderNetappTransportType} - NetappVfiler: {get_param: CinderNetappVfiler} - NetappVolumeList: {get_param: CinderNetappVolumeList} - NetappVserver: {get_param: CinderNetappVserver} - NetappPartnerBackendName: {get_param: CinderNetappPartnerBackendName} - NetappNfsShares: {get_param: CinderNetappNfsShares} - NetappNfsSharesConfig: {get_param: CinderNetappNfsSharesConfig} - NetappNfsMountOptions: {get_param: CinderNetappNfsMountOptions} - NetappCopyOffloadToolPath: {get_param: CinderNetappCopyOffloadToolPath} - NetappControllerIps: {get_param: CinderNetappControllerIps} - NetappSaPassword: {get_param: CinderNetappSaPassword} - NetappStoragePools: {get_param: CinderNetappStoragePools} - NetappHostType: {get_param: CinderNetappHostType} - NetappWebservicePath: {get_param: CinderNetappWebservicePath} - -outputs: - deploy_stdout: - description: Deployment reference, used to trigger puppet apply on changes - value: {get_attr: [CinderNetappDeployment, deploy_stdout]} diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index 9bd282f8..6e53b1f7 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -77,13 +77,15 @@ outputs: - "%{hiera('apache_remote_proxy_ips_network')}" - generate_service_certificates: true + tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd' + tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd' apache_certificates_specs: map_merge: repeat: template: httpd-NETWORK: - service_certificate: '/etc/pki/tls/certs/httpd-NETWORK.crt' - service_key: '/etc/pki/tls/private/httpd-NETWORK.key' + service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt' + service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key' hostname: "%{hiera('fqdn_NETWORK')}" principal: "HTTP/%{hiera('fqdn_NETWORK')}" for_each: diff --git a/puppet/services/cinder-backend-netapp.yaml b/puppet/services/cinder-backend-netapp.yaml new file mode 100644 index 00000000..29a0ce1b --- /dev/null +++ b/puppet/services/cinder-backend-netapp.yaml @@ -0,0 +1,129 @@ +heat_template_version: ocata + +description: Openstack Cinder Netapp backend + +parameters: + CinderEnableNetappBackend: + type: boolean + default: true + CinderNetappBackendName: + type: string + default: 'tripleo_netapp' + CinderNetappLogin: + type: string + CinderNetappPassword: + type: string + hidden: true + CinderNetappServerHostname: + type: string + CinderNetappServerPort: + type: string + default: '80' + CinderNetappSizeMultiplier: + type: string + default: '1.2' + CinderNetappStorageFamily: + type: string + default: 'ontap_cluster' + CinderNetappStorageProtocol: + type: string + default: 'nfs' + CinderNetappTransportType: + type: string + default: 'http' + CinderNetappVfiler: + type: string + default: '' + CinderNetappVolumeList: + type: string + default: '' + CinderNetappVserver: + type: string + default: '' + CinderNetappPartnerBackendName: + type: string + default: '' + CinderNetappNfsShares: + type: string + default: '' + CinderNetappNfsSharesConfig: + type: string + default: '/etc/cinder/shares.conf' + CinderNetappNfsMountOptions: + type: string + default: '' + CinderNetappCopyOffloadToolPath: + type: string + default: '' + CinderNetappControllerIps: + type: string + default: '' + CinderNetappSaPassword: + type: string + default: '' + hidden: true + CinderNetappStoragePools: + type: string + default: '' + CinderNetappHostType: + type: string + default: '' + CinderNetappWebservicePath: + type: string + default: '/devmgr/v2' + # DEPRECATED options for compatibility with older versions + CinderNetappEseriesHostType: + type: string + default: 'linux_dm_mp' + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - CinderNetappEseriesHostType + +outputs: + role_data: + description: Role data for the Cinder NetApp backend. + value: + service_name: cinder_backend_netapp + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_netapp_backend: {get_param: CinderEnableNetappBackend} + cinder::backend::netapp::title: {get_param: CinderNetappBackendName} + cinder::backend::netapp::netapp_login: {get_param: CinderNetappLogin} + cinder::backend::netapp::netapp_password: {get_param: CinderNetappPassword} + cinder::backend::netapp::netapp_server_hostname: {get_param: CinderNetappServerHostname} + cinder::backend::netapp::netapp_server_port: {get_param: CinderNetappServerPort} + cinder::backend::netapp::netapp_size_multiplier: {get_param: CinderNetappSizeMultiplier} + cinder::backend::netapp::netapp_storage_family: {get_param: CinderNetappStorageFamily} + cinder::backend::netapp::netapp_storage_protocol: {get_param: CinderNetappStorageProtocol} + cinder::backend::netapp::netapp_transport_type: {get_param: CinderNetappTransportType} + cinder::backend::netapp::netapp_vfiler: {get_param: CinderNetappVfiler} + cinder::backend::netapp::netapp_volume_list: {get_param: CinderNetappVolumeList} + cinder::backend::netapp::netapp_vserver: {get_param: CinderNetappVserver} + cinder::backend::netapp::netapp_partner_backend_name: {get_param: CinderNetappPartnerBackendName} + cinder::backend::netapp::nfs_shares: {get_param: CinderNetappNfsShares} + cinder::backend::netapp::nfs_shares_config: {get_param: CinderNetappNfsSharesConfig} + cinder::backend::netapp::nfs_mount_options: {get_param: CinderNetappNfsMountOptions} + cinder::backend::netapp::netapp_copyoffload_tool_path: {get_param: CinderNetappCopyOffloadToolPath} + cinder::backend::netapp::netapp_controller_ips: {get_param: CinderNetappControllerIps} + cinder::backend::netapp::netapp_sa_password: {get_param: CinderNetappSaPassword} + cinder::backend::netapp::netapp_storage_pools: {get_param: CinderNetappStoragePools} + cinder::backend::netapp::netapp_host_type: {get_param: CinderNetappHostType} + cinder::backend::netapp::netapp_webservice_path: {get_param: CinderNetappWebservicePath} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/external-swift-proxy.yaml b/puppet/services/external-swift-proxy.yaml new file mode 100644 index 00000000..75f5b6a0 --- /dev/null +++ b/puppet/services/external-swift-proxy.yaml @@ -0,0 +1,70 @@ +heat_template_version: ocata + +description: > + External Swift Proxy endpoint configured with Puppet + +parameters: + ExternalPublicUrl: + description: Public endpoint url for the external swift proxy + type: string + ExternalInternalUrl: + description: Internal endpoint url for the external swift proxy + type: string + ExternalAdminUrl: + description: External endpoint url for the external swift proxy + type: string + ExternalSwiftUserTenant: + description: Tenant where swift user will be set as admin + type: string + default: 'service' + SwiftPassword: + description: The password for the swift service account, used by the swift proxy services. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + +outputs: + role_data: + description: Role data for External Swift proxy. + value: + service_name: external_swift_proxy + config_settings: + + step_config: + + service_config_settings: + keystone: + swift::keystone::auth::public_url: {get_param: ExternalPublicUrl} + swift::keystone::auth::internal_url: {get_param: ExternalInternalUrl} + swift::keystone::auth::admin_url: {get_param: ExternalAdminUrl} + swift::keystone::auth::public_url_s3: '' + swift::keystone::auth::internal_url_s3: '' + swift::keystone::auth::admin_url_s3: '' + swift::keystone::auth::password: {get_param: SwiftPassword} + swift::keystone::auth::region: {get_param: KeystoneRegion} + swift::keystone::auth::tenant: {get_param: ExternalSwiftUserTenant} + swift::keystone::auth::configure_s3_endpoint: false + swift::keystone::auth::operator_roles: + - admin + - swiftoperator + - ResellerAdmin + diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 94b15d4b..2a335b67 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -22,6 +22,10 @@ parameters: default: 1048576 description: Configures sysctl kernel.pid_max key type: number + KernelDisableIPv6: + default: 0 + description: Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys + type: number outputs: role_data: @@ -57,6 +61,10 @@ outputs: value: 500000 net.netfilter.nf_conntrack_max: value: 500000 + net.ipv6.conf.default.disable_ipv6: + value: {get_param: KernelDisableIPv6} + net.ipv6.conf.all.disable_ipv6: + value: {get_param: KernelDisableIPv6} # prevent neutron bridges from autoconfiguring ipv6 addresses net.ipv6.conf.all.accept_ra: value: 0 |