diff options
Diffstat (limited to 'puppet')
42 files changed, 669 insertions, 322 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 803a5d49..793b17dd 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -2,18 +2,10 @@ heat_template_version: 2015-04-30 description: 'All Nodes Config for Puppet' parameters: - compute_hosts: - type: comma_delimited_list - controller_hosts: + hosts: type: comma_delimited_list controller_ips: type: comma_delimited_list - block_storage_hosts: - type: comma_delimited_list - object_storage_hosts: - type: comma_delimited_list - ceph_storage_hosts: - type: comma_delimited_list controller_names: type: comma_delimited_list rabbit_node_ips: @@ -48,6 +40,8 @@ parameters: type: comma_delimited_list cinder_api_node_ips: type: comma_delimited_list + manila_api_node_ips: + type: comma_delimited_list neutron_api_node_ips: type: comma_delimited_list keystone_public_api_node_ips: @@ -89,21 +83,7 @@ resources: hosts: list_join: - "\n" - - - list_join: - - "\n" - - {get_param: compute_hosts} - - list_join: - - "\n" - - {get_param: controller_hosts} - - list_join: - - "\n" - - {get_param: block_storage_hosts} - - list_join: - - "\n" - - {get_param: object_storage_hosts} - - list_join: - - "\n" - - {get_param: ceph_storage_hosts} + - {get_param: hosts} hiera: datafiles: bootstrap_node: @@ -260,6 +240,14 @@ resources: list_join: - "','" - {get_param: cinder_api_node_ips} + manila_api_node_ips: + str_replace: + template: "['SERVERS_LIST']" + params: + SERVERS_LIST: + list_join: + - "','" + - {get_param: manila_api_node_ips} neutron_api_node_ips: str_replace: template: "['SERVERS_LIST']" @@ -332,6 +320,7 @@ resources: aodh::rabbit_hosts: *rabbit_nodes_array cinder::rabbit_hosts: *rabbit_nodes_array glance::notify::rabbitmq::rabbit_hosts: *rabbit_nodes_array + manila::rabbit_hosts: *rabbit_nodes_array heat::rabbit_hosts: *rabbit_nodes_array neutron::rabbit_hosts: *rabbit_nodes_array nova::rabbit_hosts: *rabbit_nodes_array diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index 77ca4dc6..2f007536 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -6,9 +6,9 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - Image: + CephStorageImage: type: string - default: overcloud-ceph-storage + default: overcloud-full constraints: - custom_constraint: glance.image ImageUpdatePolicy: @@ -81,7 +81,7 @@ parameters: Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. type: json - SchedulerHints: + CephStorageSchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} @@ -106,7 +106,7 @@ resources: os-collect-config: command: {get_param: ConfigCommand} properties: - image: {get_param: Image} + image: {get_param: CephStorageImage} image_update_policy: {get_param: ImageUpdatePolicy} flavor: {get_param: Flavor} key_name: {get_param: KeyName} @@ -120,7 +120,7 @@ resources: params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} - scheduler_hints: {get_param: SchedulerHints} + scheduler_hints: {get_param: CephStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -256,7 +256,6 @@ resources: - ceph - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - - common - network merge_behavior: deeper datafiles: @@ -265,8 +264,6 @@ resources: service_names: {get_param: ServiceNames} service_configs: mapped_data: {get_param: ServiceConfigSettings} - common: - raw_data: {get_file: hieradata/common.yaml} network: mapped_data: net_ip_map: {get_attr: [NetIpMap, net_ip_map]} diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index edd81b9d..28f16866 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -1,9 +1,11 @@ heat_template_version: 2015-04-30 description: 'OpenStack cinder storage configured by Puppet' parameters: - Image: - default: overcloud-cinder-volume + BlockStorageImage: + default: overcloud-full type: string + constraints: + - custom_constraint: glance.image ExtraConfig: default: {} description: | @@ -81,7 +83,7 @@ parameters: Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. type: json - SchedulerHints: + BlockStorageSchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} @@ -107,7 +109,7 @@ resources: command: {get_param: ConfigCommand} properties: image: - {get_param: Image} + {get_param: BlockStorageImage} flavor: {get_param: Flavor} key_name: {get_param: KeyName} networks: @@ -120,7 +122,7 @@ resources: params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} - scheduler_hints: {get_param: SchedulerHints} + scheduler_hints: {get_param: BlockStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -261,7 +263,6 @@ resources: - volume - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - - common - network merge_behavior: deeper datafiles: @@ -270,8 +271,6 @@ resources: service_names: {get_param: ServiceNames} service_configs: mapped_data: {get_param: ServiceConfigSettings} - common: - raw_data: {get_file: hieradata/common.yaml} network: mapped_data: net_ip_map: {get_attr: [NetIpMap, net_ip_map]} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 0e029162..1ae55cd3 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -48,9 +48,9 @@ parameters: GlanceHost: type: string default: '' # Has to be here because of the ignored empty value bug - Image: + NovaImage: type: string - default: overcloud-compute + default: overcloud-full constraints: - custom_constraint: glance.image ImageUpdatePolicy: @@ -205,7 +205,7 @@ parameters: Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. type: json - SchedulerHints: + NovaComputeSchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} @@ -228,8 +228,7 @@ resources: os-collect-config: command: {get_param: ConfigCommand} properties: - image: - {get_param: Image} + image: {get_param: NovaImage} image_update_policy: get_param: ImageUpdatePolicy flavor: {get_param: Flavor} @@ -244,7 +243,7 @@ resources: params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} - scheduler_hints: {get_param: SchedulerHints} + scheduler_hints: {get_param: NovaComputeSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -371,7 +370,6 @@ resources: - ceph - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - - common - network - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre @@ -389,8 +387,6 @@ resources: mapped_data: {get_param: NovaComputeExtraConfig} extraconfig: mapped_data: {get_param: ExtraConfig} - common: - raw_data: {get_file: hieradata/common.yaml} network: mapped_data: net_ip_map: {get_attr: [NetIpMap, net_ip_map]} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 679fd90b..93ba4760 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -117,9 +117,9 @@ parameters: description: Secret key for Django type: string hidden: true - Image: + controllerImage: type: string - default: overcloud-control + default: overcloud-full constraints: - custom_constraint: glance.image ImageUpdatePolicy: @@ -311,7 +311,7 @@ parameters: Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. type: json - SchedulerHints: + ControllerSchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} @@ -340,7 +340,7 @@ resources: os-collect-config: command: {get_param: ConfigCommand} properties: - image: {get_param: Image} + image: {get_param: controllerImage} image_update_policy: {get_param: ImageUpdatePolicy} flavor: {get_param: Flavor} key_name: {get_param: KeyName} @@ -354,7 +354,7 @@ resources: params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} - scheduler_hints: {get_param: SchedulerHints} + scheduler_hints: {get_param: ControllerSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -525,7 +525,6 @@ resources: neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] } - aodh_password: {get_param: AodhPassword} aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] } aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] } aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] } @@ -537,15 +536,6 @@ resources: - '@' - {get_param: RedisVirtualIPUri} - ':6379/' - aodh_dsn: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://aodh:' - - {get_param: AodhPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/aodh' gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } @@ -586,6 +576,7 @@ resources: keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} keystone_region: {get_param: KeystoneRegion} + manila_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ManilaApiNetwork]}]} mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} @@ -627,7 +618,6 @@ resources: - service_configs - service_names - controller - - database - object - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - ceph_cluster # provided by CephClusterConfig @@ -636,7 +626,6 @@ resources: - all_nodes # provided by allNodesConfig - vip_data # provided by vip-config - '"%{::osfamily}"' - - common - network - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre @@ -659,8 +648,6 @@ resources: - {get_param: ControllerExtraConfig} extraconfig: mapped_data: {get_param: ExtraConfig} - common: - raw_data: {get_file: hieradata/common.yaml} network: mapped_data: net_ip_map: {get_attr: [NetIpMap, net_ip_map]} @@ -672,8 +659,6 @@ resources: ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} ceph::profile::params::public_network: {get_input: ceph_public_network} ceph::profile::params::public_addr: {get_input: ceph_public_ip} - database: - raw_data: {get_file: hieradata/database.yaml} object: raw_data: {get_file: hieradata/object.yaml} controller: @@ -723,6 +708,9 @@ resources: keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network} keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network} + # Manila + manila::api::bind_host: {get_input: manila_api_network} + # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} @@ -747,36 +735,15 @@ resources: neutron::keystone::auth::password: {get_input: neutron_password } neutron::keystone::auth::region: {get_input: keystone_region} + # Aodh + aodh::api::host: {get_input: aodh_api_network} + aodh::wsgi::apache::bind_host: {get_input: aodh_api_network} + # Ceilometer ceilometer::api::host: {get_input: ceilometer_api_network} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - # Aodh - aodh_mysql_conn_string: {get_input: aodh_dsn} - aodh::rabbit_userid: {get_input: rabbit_username} - aodh::rabbit_password: {get_input: rabbit_password} - aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - aodh::rabbit_port: {get_input: rabbit_client_port} - aodh::debug: {get_input: debug} - aodh::wsgi::apache::ssl: false - aodh::wsgi::apache::bind_host: {get_input: aodh_api_network} - aodh::api::service_name: 'httpd' - aodh::api::host: {get_input: aodh_api_network} - aodh::api::keystone_password: {get_input: aodh_password} - aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri} - aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri} - aodh::auth::auth_url: {get_input: keystone_auth_uri} - aodh::auth::auth_password: {get_input: aodh_password} - aodh::db::mysql::password: {get_input: aodh_password} - # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination - aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url} - aodh::keystone::auth::public_url: {get_input: aodh_public_url } - aodh::keystone::auth::internal_url: {get_input: aodh_internal_url } - aodh::keystone::auth::admin_url: {get_input: aodh_admin_url } - aodh::keystone::auth::password: {get_input: aodh_password } - aodh::keystone::auth::region: {get_input: keystone_region} - # Gnocchi gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network} gnocchi::api::host: {get_input: gnocchi_api_network} @@ -818,6 +785,9 @@ resources: horizon::bind_address: {get_input: horizon_network} horizon::keystone_url: {get_input: keystone_auth_uri} + # Sahara + sahara::host: {get_input: sahara_api_network} + # RabbitMQ rabbitmq::node_ip_address: {get_input: rabbitmq_network} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml deleted file mode 100644 index e7ae521e..00000000 --- a/puppet/hieradata/common.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# Do not add hieradata in this file, and use composable services. - -# TODO(emilien) move it to composable aodh roles later -aodh::auth::auth_region: 'regionOne' -aodh::auth::auth_tenant_name: 'service' diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 905ea304..d18e0bc9 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -1,16 +1,3 @@ # Do not add hieradata in this file, and use composable services. -# TODO(emilien) move it to composable aodh roles later -aodh::api::keystone_tenant: 'service' -aodh::keystone::auth::tenant: 'service' - -# TODO(emilien) move it to composable roles later -# Already WIP with https://review.openstack.org/330785 -# and https://review.openstack.org/338527 -tripleo::firewall::firewall_rules: - '128 aodh': - dport: - - 8042 - - 13042 - controller_classes: [] diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml deleted file mode 100644 index 05d4b697..00000000 --- a/puppet/hieradata/database.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# Do not add hieradata in this file, and use composable services. - -# Aodh -# TODO(emilien) move it to composable aodh roles later -aodh::db::mysql::user: aodh -aodh::db::mysql::host: "%{hiera('mysql_virtual_ip')}" -aodh::db::mysql::dbname: aodh -aodh::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 067207f2..69e48e95 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -16,29 +16,8 @@ include ::tripleo::packages include ::tripleo::firewall -if hiera('step') >= 2 { - # FIXME: this should only occur on the bootstrap host (ditto for db syncs) - # Create all the database schemas - include ::aodh::db::mysql - -} #END STEP 2 - if hiera('step') >= 4 { - # Aodh - class { '::aodh' : - database_connection => hiera('aodh_mysql_conn_string'), - } - include ::aodh::db::sync - include ::aodh::auth - include ::aodh::api - include ::aodh::wsgi::apache - include ::aodh::evaluator - include ::aodh::notifier - include ::aodh::listener - include ::aodh::client - hiera_include('controller_classes') - } #END STEP 4 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 709d9968..0aec972d 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -13,16 +13,6 @@ # License for the specific language governing permissions and limitations # under the License. -# TODO(jistr): use pcs resource provider instead of just no-ops -Service <| - tag == 'aodh-service' -|> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', -} - include ::tripleo::packages include ::tripleo::firewall @@ -34,109 +24,9 @@ if $::hostname == downcase(hiera('bootstrap_nodeid')) { $sync_db = false } -if hiera('step') >= 2 { - if $pacemaker_master { - class { '::aodh::db::mysql': - require => Exec['galera-ready'], - } - } -} #END STEP 2 - if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { - # Aodh - class { '::aodh' : - database_connection => hiera('aodh_mysql_conn_string'), - } - include ::aodh::config - include ::aodh::auth - include ::aodh::client - include ::aodh::wsgi::apache - class { '::aodh::api': - manage_service => false, - enabled => false, - service_name => 'httpd', - } - class { '::aodh::evaluator': - manage_service => false, - enabled => false, - } - class { '::aodh::notifier': - manage_service => false, - enabled => false, - } - class { '::aodh::listener': - manage_service => false, - enabled => false, - } - hiera_include('controller_classes') - } #END STEP 4 -if hiera('step') >= 5 { - if $pacemaker_master { - - # Fedora doesn't know `require-all` parameter for constraints yet - if $::operatingsystem == 'Fedora' { - $redis_aodh_constraint_params = undef - } else { - $redis_aodh_constraint_params = 'require-all=false' - } - pacemaker::constraint::base { 'redis-then-aodh-evaluator-constraint': - constraint_type => 'order', - first_resource => 'redis-master', - second_resource => "${::aodh::params::evaluator_service_name}-clone", - first_action => 'promote', - second_action => 'start', - constraint_params => $redis_aodh_constraint_params, - require => [Pacemaker::Resource::Ocf['redis'], - Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name]], - } - # Aodh - pacemaker::resource::service { $::aodh::params::evaluator_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::aodh::params::notifier_service_name : - clone_params => 'interleave=true', - } - pacemaker::resource::service { $::aodh::params::listener_service_name : - clone_params => 'interleave=true', - } - pacemaker::constraint::base { 'aodh-evaluator-then-aodh-notifier-constraint': - constraint_type => 'order', - first_resource => "${::aodh::params::evaluator_service_name}-clone", - second_resource => "${::aodh::params::notifier_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], - Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]], - } - pacemaker::constraint::colocation { 'aodh-notifier-with-aodh-evaluator-colocation': - source => "${::aodh::params::notifier_service_name}-clone", - target => "${::aodh::params::evaluator_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], - Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]], - } - pacemaker::constraint::base { 'aodh-evaluator-then-aodh-listener-constraint': - constraint_type => 'order', - first_resource => "${::aodh::params::evaluator_service_name}-clone", - second_resource => "${::aodh::params::listener_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], - Pacemaker::Resource::Service[$::aodh::params::listener_service_name]], - } - pacemaker::constraint::colocation { 'aodh-listener-with-aodh-evaluator-colocation': - source => "${::aodh::params::listener_service_name}-clone", - target => "${::aodh::params::evaluator_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], - Pacemaker::Resource::Service[$::aodh::params::listener_service_name]], - } - } - -} #END STEP 5 - $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml new file mode 100644 index 00000000..ab51212c --- /dev/null +++ b/puppet/services/aodh-api.yaml @@ -0,0 +1,37 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + AodhBase: + type: ./aodh-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Aodh API service. + value: + service_name: aodh_api + config_settings: + map_merge: + - get_attr: [AodhBase, role_data, config_settings] + - aodh::wsgi::apache::ssl: false + aodh::api::service_name: 'httpd' + aodh::api::keystone_tenant: 'service' + - tripleo.aodh_api.firewall_rules: + '128 aodh-api': + dport: + - 8042 + - 13042 + + step_config: | + include tripleo::profile::base::aodh::api diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml new file mode 100644 index 00000000..30c3f416 --- /dev/null +++ b/puppet/services/aodh-base.yaml @@ -0,0 +1,94 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + AodhPassword: + description: The password for the aodh services. + type: string + hidden: true + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +outputs: + role_data: + description: Role data for the Aodh role. + value: + service_name: aodh_base + config_settings: + aodh::evaluator::coordination_url: + list_join: + - '' + - - 'redis://:' + - {get_param: RedisPassword} + - '@' + - "%{hiera('redis_vip')}" + - ':6379/' + aodh::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://aodh:' + - {get_param: AodhPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/aodh' + aodh::debug: {get_param: Debug} + aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri] } + aodh::rabbit_userid: {get_param: RabbitUserName} + aodh::rabbit_password: {get_param: RabbitPassword} + aodh::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + aodh::rabbit_port: {get_param: RabbitClientPort} + aodh::api::keystone_password: {get_param: AodhPassword} + aodh::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + aodh::api::keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + aodh::auth::auth_password: {get_param: AodhPassword} + aodh::keystone::auth::public_url: {get_param: [EndpointMap, AodhPublic, uri]} + aodh::keystone::auth::internal_url: {get_param: [EndpointMap, AodhInternal, uri]} + aodh::keystone::auth::admin_url: {get_param: [EndpointMap, AodhAdmin, uri]} + aodh::keystone::auth::password: {get_param: AodhPassword} + aodh::keystone::auth::region: {get_param: KeystoneRegion} + aodh::keystone::auth::tenant: 'service' + aodh::db::mysql::user: aodh + aodh::db::mysql::password: {get_param: AodhPassword} + aodh::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + aodh::db::mysql::dbname: aodh + aodh::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + aodh::auth::auth_region: 'regionOne' + aodh::auth::auth_tenant_name: 'service' diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml new file mode 100644 index 00000000..103f691a --- /dev/null +++ b/puppet/services/aodh-evaluator.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh Evaluator service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + AodhBase: + type: ./aodh-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Aodh Evaluator service. + value: + service_name: aodh_evaluator + config_settings: + get_attr: [AodhBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::aodh::evaluator diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml new file mode 100644 index 00000000..01caf8b5 --- /dev/null +++ b/puppet/services/aodh-listener.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh Listener service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + AodhBase: + type: ./aodh-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Aodh Listener service. + value: + service_name: aodh_listener + config_settings: + get_attr: [AodhBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::aodh::listener diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml new file mode 100644 index 00000000..de07f780 --- /dev/null +++ b/puppet/services/aodh-notifier.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Aodh Notifier service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + AodhBase: + type: ./aodh-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Aodh Notifier service. + value: + service_name: aodh_notifier + config_settings: + get_attr: [AodhBase, role_data, config_settings] + step_config: | + include tripleo::profile::base::aodh::notifier diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index db5a82b1..5342cefb 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -83,7 +83,7 @@ outputs: ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents} - ceilometer::agent::auth::auth_region: 'regionOne' + ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion} ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_endpoint_type: 'internalURL' ceilometer::db::mysql::password: {get_param: CeilometerPassword} @@ -109,3 +109,5 @@ outputs: - '%' - "%{hiera('mysql_bind_host')}" ceilometer::rabbit_heartbeat_timeout_threshold: 60 + ceilometer::db::database_db_max_retries: -1 + ceilometer::db::database_max_retries: -1 diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 5e58dee9..fa2324b3 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -34,10 +34,10 @@ outputs: config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] - - cinder::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - cinder::api::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - cinder::api::keystone_password: {get_param: CinderPassword} - cinder::api::keystone_tenant: 'service' + - cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + cinder::keystone::authtoken::password: {get_param: CinderPassword} + cinder::keystone::authtoken::project_name: 'service' cinder::api::enable_proxy_headers_parsing: true cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' # TODO(emilien) move it to puppet-cinder diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index b224cd65..d923e7c6 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -67,3 +67,5 @@ outputs: cinder::keystone::auth::tenant: 'service' cinder::host: hostgroup cinder::cron::db_purge::destination: '/dev/null' + cinder::db::database_db_max_retries: -1 + cinder::db::database_max_retries: -1 diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 00751f51..99065789 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -106,6 +106,8 @@ outputs: glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} glance::keystone::auth::password: {get_param: GlancePassword } + glance::registry::db::database_db_max_retries: -1 + glance::registry::db::database_max_retries: -1 tripleo.glance_api.firewall_rules: '112 glance_api': dport: diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index 5ad4bb9a..40d18191 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -50,6 +50,8 @@ outputs: glance::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + glance::registry::db::database_db_max_retries: -1 + glance::registry::db::database_max_retries: -1 tripleo.glance_registry.firewall_rules: '112 glance_registry': diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index 5c1e015e..a408d5d7 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -30,6 +30,10 @@ parameters: CephClientUserName: default: openstack type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint outputs: aux_parameters: @@ -52,7 +56,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' - gnocchi::keystone::auth::region: 'regionOne' + gnocchi::keystone::auth::region: {get_param: KeystoneRegion} gnocchi::keystone::auth::tenant: 'service' gnocchi::keystone::auth::password: {get_param: GnocchiPassword} gnocchi::db::mysql::password: {get_param: GnocchiPassword} @@ -90,5 +94,5 @@ outputs: gnocchi::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" - gnocchi::auth::auth_region: 'regionOne' + gnocchi::auth::auth_region: {get_param: KeystoneRegion} gnocchi::auth::auth_tenant_name: 'service' diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index c40136f5..01f2a51b 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -56,3 +56,5 @@ outputs: heat::cron::purge_deleted::age_type: 'days' heat::cron::purge_deleted::maxdelay: 3600 heat::cron::purge_deleted::destination: '/dev/null' + heat::db::database_db_max_retries: -1 + heat::db::database_max_retries: -1 diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 79c0dcc2..d45ed86e 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -4,24 +4,11 @@ description: > OpenStack Keystone service configured with Puppet parameters: - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string KeystoneEnableDBPurge: default: true description: | Whether to create cron job for purging soft deleted rows in Keystone database. type: boolean - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true KeystoneSSLCertificate: default: '' description: Keystone certificate for verifying token validity. @@ -105,9 +92,6 @@ outputs: - '/keystone' keystone::admin_token: {get_param: AdminToken} keystone::roles::admin::password: {get_param: AdminPassword} - keystone_ca_certificate: {get_param: KeystoneCACertificate} - keystone_signing_key: {get_param: KeystoneSigningKey} - keystone_signing_certificate: {get_param: KeystoneSigningCertificate} keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} keystone::enable_proxy_headers_parsing: true @@ -147,6 +131,8 @@ outputs: keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} # override via extraconfig: keystone::wsgi::apache::threads: 1 + keystone::db::database_db_max_retries: -1 + keystone::db::database_max_retries: -1 tripleo.keystone.firewall_rules: '111 keystone': dport: diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml new file mode 100644 index 00000000..ccae4467 --- /dev/null +++ b/puppet/services/manila-api.yaml @@ -0,0 +1,46 @@ +heat_template_version: 2016-04-08 + +description: > + Manila-api service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ManilaPassword: + description: The password for the manila service account. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +resources: + ManilaBase: + type: ./manila-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Manila-api role. + value: + service_name: manila_api + config_settings: + map_merge: + - get_attr: [ManilaBase, role_data, config_settings] + - manila::api::keystone_password: {get_param: ManilaPassword} + manila::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + manila::api::keystone_auth_host: {get_param: [EndpointMap, ManilaInternal, host]} + manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaPublic, uri]} + manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaInternal, uri]} + manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaAdmin, uri]} + manila::keystone::auth::password: {get_param: ManilaPassword } + manila::keystone::auth::region: {get_param: KeystoneRegion } + manila::api::keystone_tenant: 'service' + step_config: | + include ::tripleo::profile::base::manila::api + diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml new file mode 100644 index 00000000..c156379b --- /dev/null +++ b/puppet/services/manila-base.yaml @@ -0,0 +1,119 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Manila base service. Shared by manila-api/scheduler/share services + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + # Config specific parameters, to be provided via parameter_defaults + ManilaGenericEnableBackend: + type: boolean + default: true + ManilaGenericBackendName: + type: string + default: tripleo_generic + ManilaGenericDriverHandlesShareServers: + type: string + default: true + ManilaGenericSmbTemplateConfigPath: + type: string + default: '$state_path/smb.conf' + ManilaGenericVolumeNameTemplate: + type: string + default: 'manila-share-%s' + ManilaGenericVolumeSnapshotNameTemplate: + type: string + default: 'manila-snapshot-%s' + ManilaGenericShareMountPath: + type: string + default: '/shares' + ManilaGenericMaxTimeToCreateVolume: + type: string + default: '180' + ManilaGenericMaxTimeToAttach: + type: string + default: '120' + ManilaGenericServiceInstanceSmbConfigPath: + type: string + default: '$share_mount_path/smb.conf' + ManilaGenericShareVolumeFsType: + type: string + default: 'ext4' + ManilaGenericCinderVolumeType: + type: string + default: '' + ManilaGenericServiceInstanceUser: + type: string + default: '' + ManilaGenericServiceInstancePassword: #SET THIS via parameter_defaults + type: string + hidden: true + ManilaGenericServiceInstanceFlavorId: + type: number + default: 1 + ManilaGenericServiceNetworkCidr: + type: string + default: '172.16.0.0/16' + +outputs: + role_data: + description: Role data for the Manila Base service. + value: + service_name: manila_base + config_settings: + manila::rabbit_userid: {get_param: RabbitUserName} + manila::rabbit_password: {get_param: RabbitPassword} + manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + manila::rabbit_port: {get_param: RabbitClientPort} + manila::debug: {get_param: Debug} + manila::db::mysql::user: manila + manila::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + manila::db::mysql::dbname: manila + manila::db::database_db_max_retries: -1 + manila::db::database_max_retries: -1 + manila_generic_enable_backend: {get_param: ManilaGenericEnableBackend} + manila::backend::generic::title: {get_param: ManilaGenericBackendName} + manila::backend::generic::driver_handles_share_servers: {get_param: ManilaGenericDriverHandlesShareServers} + manila::backend::generic::smb_template_config_path: {get_param: ManilaGenericSmbTemplateConfigPath} + manila::backend::generic::volume_name_template: {get_param: ManilaGenericVolumeNameTemplate} + manila::backend::generic::volume_snapshot_name_template: {get_param: ManilaGenericVolumeSnapshotNameTemplate} + manila::backend::generic::share_mount_path: {get_param: ManilaGenericShareMountPath} + manila::backend::generic::max_time_to_create_volume: {get_param: ManilaGenericMaxTimeToCreateVolume} + manila::backend::generic::max_time_to_attach: {get_param: ManilaGenericMaxTimeToAttach} + manila::backend::generic::service_instance_smb_config_path: {get_param: ManilaGenericServiceInstanceSmbConfigPath} + manila::backend::generic::share_volume_fstype: {get_param: ManilaGenericShareVolumeFsType} + manila::backend::generic::cinder_volume_type: {get_param: ManilaGenericCinderVolumeType} + manila::service_instance::service_instance_user: {get_param: ManilaGenericServiceInstanceUser} + manila::service_instance::service_instance_password: {get_param: ManilaGenericServiceInstancePassword} + manila::service_instance::service_instance_flavor_id: {get_param: ManilaGenericServiceInstanceFlavorId} + manila::service_instance::service_network_cidr: {get_param: ManilaGenericServiceNetworkCidr} + manila::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml new file mode 100644 index 00000000..b1d55a05 --- /dev/null +++ b/puppet/services/manila-scheduler.yaml @@ -0,0 +1,57 @@ +heat_template_version: 2016-04-08 + +description: > + Manila-scheduler service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaPassword: + type: string + description: The password for the nova service and db account, used by nova-api. + hidden: true + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + ManilaPassword: + description: The password for the manila service account. + type: string + hidden: true + +resources: + ManilaBase: + type: ./manila-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Manila-scheduler role. + value: + service_name: manila_scheduler + config_settings: + map_merge: + - get_attr: [ManilaBase, role_data, config_settings] + - manila::compute::nova::nova_admin_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]} + manila::compute::nova::nova_admin_password: {get_param: NovaPassword} + manila::compute::nova::nova_admin_tenant_name: 'service' + manila::db::mysql::password: {get_param: ManilaPassword} + manila::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} + manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, NeutronAdmin, uri]} + manila::network::neutron::neutron_admin_password: {get_param: NeutronPassword} + manila::sql_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://manila:' + - {get_param: ManilaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/manila' + step_config: | + include ::tripleo::profile::base::manila::scheduler + diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml new file mode 100644 index 00000000..20f36aa3 --- /dev/null +++ b/puppet/services/manila-share.yaml @@ -0,0 +1,29 @@ +heat_template_version: 2016-04-08 + +description: > + Manila-share service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + ManilaBase: + type: ./manila-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Manila-share role. + value: + service_name: manila_share + config_settings: + map_merge: + - get_attr: [ManilaBase, role_data, config_settings] + - manila::volume::cinder::cinder_admin_tenant_name: 'service' + step_config: | + include ::tripleo::profile::base::manila::share diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index c1134824..3f8ac7e8 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -65,3 +65,5 @@ outputs: neutron::rabbit_heartbeat_timeout_threshold: 60 neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed neutron::keystone::auth::tenant: 'service' + neutron::db::database_db_max_retries: -1 + neutron::db::database_max_retries: -1 diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml new file mode 100644 index 00000000..f10b5922 --- /dev/null +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -0,0 +1,37 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron L3 agent for DVR enabled compute nodes + configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + Debug: + type: string + default: '' + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. + type: string + default: 'br-ex' + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for DVR L3 Agent on Compute Nodes + value: + service_name: neutron_l3_compute_dvr + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} + neutron::agents::l3::agent_mode : 'dvr' + step_config: | + include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index a7232a39..ede41935 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -16,6 +16,15 @@ parameters: description: Name of bridge used for external network traffic. type: string default: 'br-ex' + NeutronL3AgentMode: + description: | + Agent mode for L3 agent. Must be one of legacy or dvr_snat. + default: 'legacy' + type: string + constraints: + - allowed_values: + - legacy + - dvr_snat resources: @@ -32,5 +41,6 @@ outputs: - get_attr: [NeutronBase, role_data, config_settings] - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} neutron::agents::l3::router_delete_namespaces: True + neutron::agents::l3::agent_mode : {get_param: NeutronL3AgentMode} step_config: | include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index d8679f2e..7a97cd84 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -37,6 +37,11 @@ parameters: description: | Comma-separated list of extensions enabled for the Neutron agents. type: comma_delimited_list + NeutronEnableDVR: + default: False + description: | + Enable support for distributed routing in the OVS Agent. + type: boolean resources: @@ -53,6 +58,7 @@ outputs: - get_attr: [NeutronBase, role_data, config_settings] neutron::agents::ml2::ovs::enable_tunneling: {get_param: NeutronEnableTunnelling} neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop} + neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR} neutron::agents::ml2::ovs::bridge_mappings: str_replace: template: MAPPINGS diff --git a/puppet/services/neutron-server.yaml b/puppet/services/neutron-server.yaml index 1c7cef49..d64fd66d 100644 --- a/puppet/services/neutron-server.yaml +++ b/puppet/services/neutron-server.yaml @@ -29,6 +29,10 @@ parameters: description: The password for the nova service and db account, used by nova-api. type: string hidden: true + NeutronEnableDVR: + description: Enable Neutron DVR. + default: false + type: boolean resources: @@ -85,5 +89,6 @@ outputs: dport: 4789 '106 vrrp': proto: vrrp + neutron::server::router_distributed: {get_param: NeutronEnableDVR} step_config: | include tripleo::profile::base::neutron::server diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 21dbacd2..e3379821 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -101,3 +101,5 @@ outputs: nova::db::mysql_api::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + nova::db::database_db_max_retries: -1 + nova::db::database_max_retries: -1 diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml index 811a6697..c450530b 100644 --- a/puppet/services/pacemaker/haproxy.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -27,5 +27,6 @@ outputs: - tripleo::haproxy::haproxy_service_manage: false tripleo::haproxy::mysql_clustercheck: true enable_keepalived: false + tripleo::haproxy::keepalived: false step_config: | include ::tripleo::profile::pacemaker::haproxy diff --git a/puppet/services/pacemaker/manila-share.yaml b/puppet/services/pacemaker/manila-share.yaml new file mode 100644 index 00000000..0f88e89c --- /dev/null +++ b/puppet/services/pacemaker/manila-share.yaml @@ -0,0 +1,27 @@ +heat_template_version: 2016-04-08 + +description: > + The manila-share service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + ManilaShareBase: + type: ../manila-share.yaml + +outputs: + role_data: + description: Role data for the manila-share pacemaker role. + value: + service_name: manila_share + config_settings: + map_merge: + - get_attr: [ManilaShareBase, role_data, config_settings] + step_config: | + include ::tripleo::profile::pacemaker::manila diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml index ac05a01a..a06afb2d 100644 --- a/puppet/services/pacemaker/sahara-api.yaml +++ b/puppet/services/pacemaker/sahara-api.yaml @@ -28,4 +28,4 @@ outputs: - sahara::service::api::manage_service: false sahara::service::api::enabled: false step_config: | - include ::tripleo::profile::pacemaker::sahara + include ::tripleo::profile::pacemaker::sahara::api diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml index f6bd8f61..a1191f87 100644 --- a/puppet/services/pacemaker/sahara-engine.yaml +++ b/puppet/services/pacemaker/sahara-engine.yaml @@ -27,7 +27,5 @@ outputs: - get_attr: [SaharaEngineBase, role_data, config_settings] - sahara::service::engine::manage_service: false sahara::service::engine::enabled: false - # No puppet manifests since sahara-engine is included in - # ::tripleo::profile::pacemaker::sahara which is maintained alongside of - # pacemaker/sahara-api.yaml. - step_config: + step_config: | + include ::tripleo::profile::pacemaker::sahara::engine diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 7ca9bbd5..85324312 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -10,7 +10,6 @@ parameters: via parameter_defaults in the resource registry. type: json SaharaPassword: - default: unset description: The password for the sahara service account, used by sahara-api. type: string hidden: true @@ -18,9 +17,6 @@ parameters: default: 0 description: The number of workers for the sahara-api. type: number - SaharaApiVirtualIP: - type: string - default: '' KeystoneRegion: type: string default: 'regionOne' @@ -29,6 +25,8 @@ parameters: resources: SaharaBase: type: ./sahara-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} outputs: role_data: @@ -38,12 +36,8 @@ outputs: config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] - - sahara::host: {get_param: SaharaApiVirtualIP} - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} - sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - sahara::admin_password: {get_param: SaharaPassword} - sahara::service::api::api_workers: {get_param: SaharaApiWorkers} + - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} + sahara::service::api::api_workers: {get_param: SaharaWorkers} sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]} sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index 3e320128..7ec44a49 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -4,6 +4,11 @@ description: > OpenStack Sahara base service. Shared for all Sahara services. parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json RabbitPassword: description: The password for RabbitMQ type: string @@ -22,6 +27,10 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + SaharaPassword: + description: The password for the sahara service account, used by sahara-api. + type: string + hidden: true Debug: type: string default: '' @@ -33,11 +42,30 @@ outputs: value: service_name: sahara_base config_settings: + sahara::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://sahara:' + - {get_param: SaharaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/sahara' + sahara::db::mysql::password: {get_param: SaharaPassword} + sahara::db::mysql::user: sahara + sahara::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + sahara::db::mysql::dbname: sahara + sahara::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} sahara::rabbit_port: {get_param: RabbitClientPort} sahara::debug: {get_param: Debug} + sahara::admin_password: {get_param: SaharaPassword} + sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } sahara::use_neutron: true sahara::plugins: - cdh @@ -49,3 +77,5 @@ outputs: sahara::rpc_backend: rabbit sahara::admin_tenant_name: 'service' sahara::keystone::auth::tenant: 'service' + sahara::db::database_db_max_retries: -1 + sahara::db::database_max_retries: -1 diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index 074f83c7..de2ac7ef 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -9,15 +9,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - SaharaPassword: - default: unset - description: The password for the sahara service account, used by sahara-api. - type: string - hidden: true resources: SaharaBase: type: ./sahara-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} outputs: role_data: @@ -27,22 +24,5 @@ outputs: config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] - - sahara_dsn: &sahara_dsn - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://sahara:' - - {get_param: SaharaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/sahara' - sahara::database_connection: *sahara_dsn - sahara::db::mysql::password: {get_param: SaharaPassword} - sahara::db::mysql::user: sahara - sahara::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} - sahara::db::mysql::dbname: sahara - sahara::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" step_config: | include ::tripleo::profile::base::sahara::engine diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index 034592a7..5e331f44 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -11,9 +11,11 @@ parameters: in the ring. hidden: true type: string - Image: - default: overcloud-swift-storage + SwiftStorageImage: + default: overcloud-full type: string + constraints: + - custom_constraint: glance.image KeyName: default: default description: Name of an existing Nova key pair to enable SSH access to the instances @@ -86,7 +88,7 @@ parameters: Extra properties or metadata passed to Nova for the created nodes in the overcloud. It's accessible via the Nova metadata API. type: json - SchedulerHints: + ObjectStorageSchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} @@ -112,7 +114,7 @@ resources: os-collect-config: command: {get_param: ConfigCommand} properties: - image: {get_param: Image} + image: {get_param: SwiftStorageImage} flavor: {get_param: Flavor} key_name: {get_param: KeyName} networks: @@ -125,7 +127,7 @@ resources: params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} - scheduler_hints: {get_param: SchedulerHints} + scheduler_hints: {get_param: ObjectStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -248,7 +250,6 @@ resources: - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - - common - network merge_behavior: deeper datafiles: @@ -257,8 +258,6 @@ resources: service_names: {get_param: ServiceNames} service_configs: mapped_data: {get_param: ServiceConfigSettings} - common: - raw_data: {get_file: hieradata/common.yaml} network: mapped_data: net_ip_map: {get_attr: [NetIpMap, net_ip_map]} diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml index 51129053..7ce23a20 100644 --- a/puppet/vip-config.yaml +++ b/puppet/vip-config.yaml @@ -23,6 +23,7 @@ resources: glance_registry_vip: {get_input: glance_registry_vip} sahara_api_vip: {get_input: sahara_api_vip} swift_proxy_vip: {get_input: swift_proxy_vip} + manila_api_vip: {get_input: manila_api_vip} nova_api_vip: {get_input: nova_api_vip} nova_metadata_vip: {get_input: nova_metadata_vip} ceilometer_api_vip: {get_input: ceilometer_api_vip} |