diff options
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/ceph-cluster-config.yaml | 4 | ||||
-rw-r--r-- | puppet/compute-post.yaml | 45 | ||||
-rw-r--r-- | puppet/compute.yaml | 6 | ||||
-rw-r--r-- | puppet/extraconfig/ceph/ceph-external-config.yaml | 4 | ||||
-rw-r--r-- | puppet/manifests/overcloud_compute.pp | 346 | ||||
-rw-r--r-- | puppet/manifests/overcloud_controller.pp | 1 | ||||
-rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 1 |
7 files changed, 226 insertions, 181 deletions
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index fd161886..f5873ddb 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -123,8 +123,10 @@ resources: gnocchi::storage::ceph::ceph_keyring: list_join: - '.' - - - 'client' + - - '/etc/ceph/ceph' + - 'client' - {get_param: CephClientUserName} + - 'keyring' ceph_client_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml index a122df0e..698cadba 100644 --- a/puppet/compute-post.yaml +++ b/puppet/compute-post.yaml @@ -13,7 +13,10 @@ parameters: NodeConfigIdentifiers: type: json description: Value which changes if the node configuration may need to be re-applied - + StepConfig: + type: string + description: Config manifests that will be used to step through the deployment. + default: '' resources: @@ -34,25 +37,55 @@ resources: group: puppet options: enable_debug: {get_param: ConfigDebug} + enable_hiera: True + enable_facter: False + inputs: + - name: step outputs: - name: result config: - get_file: manifests/overcloud_compute.pp + list_join: + - '' + - - get_file: manifests/overcloud_compute.pp + - {get_param: StepConfig} + + ComputeServicesBaseDeployment_Step2: + type: OS::Heat::StructuredDeployments + depends_on: [ComputeArtifactsDeploy] + properties: + name: ComputeServicesBaseDeployment_Step2 + servers: {get_param: servers} + config: {get_resource: ComputePuppetConfig} + input_values: + step: 2 + update_identifier: {get_param: NodeConfigIdentifiers} + + ComputeOvercloudServicesDeployment_Step3: + type: OS::Heat::StructuredDeployments + depends_on: ComputeServicesBaseDeployment_Step2 + properties: + name: ComputeOvercloudServicesDeployment_Step3 + servers: {get_param: servers} + config: {get_resource: ComputePuppetConfig} + input_values: + step: 3 + update_identifier: {get_param: NodeConfigIdentifiers} - ComputePuppetDeployment: + ComputeOvercloudServicesDeployment_Step4: type: OS::Heat::StructuredDeployments - depends_on: ComputeArtifactsDeploy + depends_on: ComputeOvercloudServicesDeployment_Step3 properties: - name: ComputePuppetDeployment + name: ComputeOvercloudServicesDeployment_Step4 servers: {get_param: servers} config: {get_resource: ComputePuppetConfig} input_values: + step: 4 update_identifier: {get_param: NodeConfigIdentifiers} # Note, this should come last, so use depends_on to ensure # this is created after any other resources. ExtraConfig: - depends_on: ComputePuppetDeployment + depends_on: ComputeOvercloudServicesDeployment_Step4 type: OS::TripleO::NodeExtraConfigPost properties: servers: {get_param: servers} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index e56deefd..ee00a890 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -339,6 +339,9 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + ServiceConfigSettings: + type: json + default: {} resources: @@ -481,6 +484,7 @@ resources: - heat_config_%{::deploy_config_name} - compute_extraconfig - extraconfig + - service_configs - compute - ceph_cluster # provided by CephClusterConfig - ceph @@ -495,6 +499,8 @@ resources: - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre merge_behavior: deeper datafiles: + service_configs: + mapped_data: {get_param: ServiceConfigSettings} compute_extraconfig: mapped_data: {get_param: NovaComputeExtraConfig} extraconfig: diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml index 5942088c..308c609a 100644 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -97,8 +97,10 @@ resources: gnocchi::storage::ceph::ceph_keyring: list_join: - '.' - - - 'client' + - - '/etc/ceph/ceph' + - 'client' - {get_param: CephClientUserName} + - 'keyring' ceph_client_user_name: {get_param: CephClientUserName} ceph_pools: - {get_param: CinderRbdPoolName} diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 43e87789..6ff74e12 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -16,8 +16,8 @@ include ::tripleo::packages include ::tripleo::firewall -create_resources(kmod::load, hiera('kernel_modules'), {}) -create_resources(sysctl::value, hiera('sysctl_settings'), {}) +create_resources(kmod::load, hiera('kernel_modules'), { }) +create_resources(sysctl::value, hiera('sysctl_settings'), { }) Exec <| tag == 'kmod::load' |> -> Sysctl <| |> if count(hiera('ntp::servers')) > 0 { @@ -26,200 +26,204 @@ if count(hiera('ntp::servers')) > 0 { include ::timezone -file { ['/etc/libvirt/qemu/networks/autostart/default.xml', - '/etc/libvirt/qemu/networks/default.xml']: - ensure => absent, - before => Service['libvirt'], -} -# in case libvirt has been already running before the Puppet run, make -# sure the default network is destroyed -exec { 'libvirt-default-net-destroy': - command => '/usr/bin/virsh net-destroy default', - onlyif => '/usr/bin/virsh net-info default | /bin/grep -i "^active:\s*yes"', - before => Service['libvirt'], -} - -# When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique -exec { 'reset-iscsi-initiator-name': - command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi', - onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset', -}-> - -file { '/etc/iscsi/.initiator_reset': - ensure => present, -} - -include ::nova -include ::nova::config -include ::nova::compute +if hiera('step') >= 4 { -$rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) -$rbd_persistent_storage = hiera('rbd_persistent_storage', false) -if $rbd_ephemeral_storage or $rbd_persistent_storage { - if str2bool(hiera('ceph_ipv6', false)) { - $mon_host = hiera('ceph_mon_host_v6') - } else { - $mon_host = hiera('ceph_mon_host') + file { ['/etc/libvirt/qemu/networks/autostart/default.xml', + '/etc/libvirt/qemu/networks/default.xml']: + ensure => absent, + before => Service['libvirt'], } - class { '::ceph::profile::params': - mon_host => $mon_host, + # in case libvirt has been already running before the Puppet run, make + # sure the default network is destroyed + exec { 'libvirt-default-net-destroy': + command => '/usr/bin/virsh net-destroy default', + onlyif => '/usr/bin/virsh net-info default | /bin/grep -i "^active:\s*yes"', + before => Service['libvirt'], } - include ::ceph::conf - include ::ceph::profile::client - $client_keys = hiera('ceph::profile::params::client_keys') - $client_user = join(['client.', hiera('ceph_client_user_name')]) - class { '::nova::compute::rbd': - libvirt_rbd_secret_key => $client_keys[$client_user]['secret'], + # When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique + exec { 'reset-iscsi-initiator-name': + command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi', + onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset', + }-> + + file { '/etc/iscsi/.initiator_reset': + ensure => present, } -} -if hiera('cinder_enable_nfs_backend', false) { - if str2bool($::selinux) { - selboolean { 'virt_use_nfs': - value => on, - persistent => true, - } -> Package['nfs-utils'] + include ::nova + include ::nova::config + include ::nova::compute + + $rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) + $rbd_persistent_storage = hiera('rbd_persistent_storage', false) + if $rbd_ephemeral_storage or $rbd_persistent_storage { + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } + class { '::ceph::profile::params': + mon_host => $mon_host, + } + include ::ceph::conf + include ::ceph::profile::client + + $client_keys = hiera('ceph::profile::params::client_keys') + $client_user = join(['client.', hiera('ceph_client_user_name')]) + class { '::nova::compute::rbd': + libvirt_rbd_secret_key => $client_keys[$client_user]['secret'], + } } - package {'nfs-utils': } -> Service['nova-compute'] -} + if hiera('cinder_enable_nfs_backend', false) { + if str2bool($::selinux) { + selboolean { 'virt_use_nfs': + value => on, + persistent => true, + } -> Package['nfs-utils'] + } -if str2bool(hiera('nova::use_ipv6', false)) { - $vncserver_listen = '::0' -} else { - $vncserver_listen = '0.0.0.0' -} + package { 'nfs-utils': } -> Service['nova-compute'] + } -if $rbd_ephemeral_storage { - class { '::nova::compute::libvirt': - libvirt_disk_cachemodes => ['network=writeback'], - libvirt_hw_disk_discard => 'unmap', - vncserver_listen => $vncserver_listen, + if str2bool(hiera('nova::use_ipv6', false)) { + $vncserver_listen = '::0' + } else { + $vncserver_listen = '0.0.0.0' } -} else { - class { '::nova::compute::libvirt' : - vncserver_listen => $vncserver_listen, + + if $rbd_ephemeral_storage { + class { '::nova::compute::libvirt': + libvirt_disk_cachemodes => ['network=writeback'], + libvirt_hw_disk_discard => 'unmap', + vncserver_listen => $vncserver_listen, + } + } else { + class { '::nova::compute::libvirt' : + vncserver_listen => $vncserver_listen, + } } -} -nova_config { - 'DEFAULT/my_ip': value => $ipaddress; - 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; - 'DEFAULT/host': value => $fqdn; - # TUNNELLED mode provides a security enhancement when using shared storage but is not - # supported when not using shared storage. - # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 - # In future versions of QEMU (2.6, mostly), Dan's native encryption - # work will obsolete the need to use TUNNELLED transport mode. - 'libvirt/live_migration_tunnelled': value => $rbd_ephemeral_storage; -} + nova_config { + 'DEFAULT/my_ip': value => $ipaddress; + 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; + 'DEFAULT/host': value => $fqdn; + # TUNNELLED mode provides a security enhancement when using shared storage but is not + # supported when not using shared storage. + # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 + # In future versions of QEMU (2.6, mostly), Dan's native encryption + # work will obsolete the need to use TUNNELLED transport mode. + 'libvirt/live_migration_tunnelled': value => $rbd_ephemeral_storage; + } -if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { - file {'/etc/libvirt/qemu.conf': - ensure => present, - content => hiera('midonet_libvirt_qemu_data') + if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { + file { '/etc/libvirt/qemu.conf': + ensure => present, + content => hiera('midonet_libvirt_qemu_data') + } } -} -include ::nova::network::neutron -include ::neutron -include ::neutron::config - -# If the value of core plugin is set to 'nuage', -# include nuage agent, -# If the value of core plugin is set to 'midonet', -# include midonet agent, -# else use the default value of 'ml2' -if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { - include ::nuage::vrs - include ::nova::compute::neutron - - class { '::nuage::metadataagent': - nova_os_tenant_name => hiera('nova::api::admin_tenant_name'), - nova_os_password => hiera('nova_password'), - nova_metadata_ip => hiera('nova_metadata_node_ips'), - nova_auth_ip => hiera('keystone_public_api_virtual_ip'), + include ::nova::network::neutron + include ::neutron + include ::neutron::config + + # If the value of core plugin is set to 'nuage', + # include nuage agent, + # If the value of core plugin is set to 'midonet', + # include midonet agent, + # else use the default value of 'ml2' + if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { + include ::nuage::vrs + include ::nova::compute::neutron + + class { '::nuage::metadataagent': + nova_os_tenant_name => hiera('nova::api::admin_tenant_name'), + nova_os_password => hiera('nova_password'), + nova_metadata_ip => hiera('nova_metadata_node_ips'), + nova_auth_ip => hiera('keystone_public_api_virtual_ip'), + } } -} -elsif hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { + elsif hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { - # TODO(devvesa) provide non-controller ips for these services - $zookeeper_node_ips = hiera('neutron_api_node_ips') - $cassandra_node_ips = hiera('neutron_api_node_ips') + # TODO(devvesa) provide non-controller ips for these services + $zookeeper_node_ips = hiera('neutron_api_node_ips') + $cassandra_node_ips = hiera('neutron_api_node_ips') - class {'::tripleo::network::midonet::agent': - zookeeper_servers => $zookeeper_node_ips, - cassandra_seeds => $cassandra_node_ips + class { '::tripleo::network::midonet::agent': + zookeeper_servers => $zookeeper_node_ips, + cassandra_seeds => $cassandra_node_ips + } } -} -elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { - - include ::contrail::vrouter - # NOTE: it's not possible to use this class without a functional - # contrail controller up and running - #class {'::contrail::vrouter::provision_vrouter': - # require => Class['contrail::vrouter'], - #} -} -elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { - # forward all ipv4 traffic - # this is required for the vms to pass through the gateways public interface - sysctl::value { 'net.ipv4.ip_forward': value => '1' } - - # ifc_ctl_pp needs to be invoked by root as part of the vif.py when a VM is powered on - file { '/etc/sudoers.d/ifc_ctl_sudoers': - ensure => file, - owner => root, - group => root, - mode => '0440', - content => "nova ALL=(root) NOPASSWD: /opt/pg/bin/ifc_ctl_pp *\n", + elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { + + include ::contrail::vrouter + # NOTE: it's not possible to use this class without a functional + # contrail controller up and running + #class {'::contrail::vrouter::provision_vrouter': + # require => Class['contrail::vrouter'], + #} } -} -else { - - # NOTE: this code won't live in puppet-neutron until Neutron OVS agent - # can be gracefully restarted. See https://review.openstack.org/#/c/297211 - # In the meantime, it's safe to restart the agent on each change in neutron.conf, - # because Puppet changes are supposed to be done during bootstrap and upgrades. - # Some resource managed by Neutron_config (like messaging and logging options) require - # a restart of OVS agent. This code does it. - # In Newton, OVS agent will be able to be restarted gracefully so we'll drop the code - # from here and fix it in puppet-neutron. - Neutron_config<||> ~> Service['neutron-ovs-agent-service'] - - include ::neutron::plugins::ml2 - include ::neutron::agents::ml2::ovs - - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { - class { '::neutron::agents::n1kv_vem': - n1kv_source => hiera('n1kv_vem_source', undef), - n1kv_version => hiera('n1kv_vem_version', undef), + elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' { + # forward all ipv4 traffic + # this is required for the vms to pass through the gateways public interface + sysctl::value { 'net.ipv4.ip_forward': value => '1' } + + # ifc_ctl_pp needs to be invoked by root as part of the vif.py when a VM is powered on + file { '/etc/sudoers.d/ifc_ctl_sudoers': + ensure => file, + owner => root, + group => root, + mode => '0440', + content => "nova ALL=(root) NOPASSWD: /opt/pg/bin/ifc_ctl_pp *\n", } } + else { + + # NOTE: this code won't live in puppet-neutron until Neutron OVS agent + # can be gracefully restarted. See https://review.openstack.org/#/c/297211 + # In the meantime, it's safe to restart the agent on each change in neutron.conf, + # because Puppet changes are supposed to be done during bootstrap and upgrades. + # Some resource managed by Neutron_config (like messaging and logging options) require + # a restart of OVS agent. This code does it. + # In Newton, OVS agent will be able to be restarted gracefully so we'll drop the code + # from here and fix it in puppet-neutron. + Neutron_config<||> ~> Service['neutron-ovs-agent-service'] + + include ::neutron::plugins::ml2 + include ::neutron::agents::ml2::ovs + + if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { + class { '::neutron::agents::n1kv_vem': + n1kv_source => hiera('n1kv_vem_source', undef), + n1kv_version => hiera('n1kv_vem_version', undef), + } + } - if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { - include ::neutron::agents::bigswitch + if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { + include ::neutron::agents::bigswitch + } } -} -neutron_config { - 'DEFAULT/host': value => $fqdn; -} + neutron_config { + 'DEFAULT/host': value => $fqdn; + } -include ::ceilometer -include ::ceilometer::config -include ::ceilometer::agent::compute -include ::ceilometer::agent::auth + include ::ceilometer + include ::ceilometer::config + include ::ceilometer::agent::compute + include ::ceilometer::agent::auth -$snmpd_user = hiera('snmpd_readonly_user_name') -snmp::snmpv3_user { $snmpd_user: - authtype => 'MD5', - authpass => hiera('snmpd_readonly_user_password'), -} -class { '::snmp': - agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], -} + $snmpd_user = hiera('snmpd_readonly_user_name') + snmp::snmpv3_user { $snmpd_user: + authtype => 'MD5', + authpass => hiera('snmpd_readonly_user_password'), + } + class { '::snmp': + agentaddress => ['udp:161','udp6:[::1]:161'], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + } -hiera_include('compute_classes') -package_manifest{'/var/lib/tripleo/installed-packages/overcloud_compute': ensure => present} + hiera_include('compute_classes') + package_manifest{ '/var/lib/tripleo/installed-packages/overcloud_compute': ensure => present } + +} diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 8b2dc8b0..536c680f 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -315,7 +315,6 @@ if hiera('step') >= 4 { include ::cinder include ::cinder::config - include ::tripleo::ssl::cinder_config include ::cinder::api include ::cinder::glance include ::cinder::scheduler diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 932012ad..30345694 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -542,7 +542,6 @@ MYSQL_HOST=localhost\n", include ::cinder include ::cinder::config - include ::tripleo::ssl::cinder_config class { '::cinder::api': sync_db => $sync_db, manage_service => false, |