diff options
Diffstat (limited to 'puppet')
54 files changed, 299 insertions, 438 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index c764d4ef..67dc056b 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -28,10 +28,6 @@ parameters: type: comma_delimited_list memcache_node_ips: type: comma_delimited_list - keystone_public_api_node_ips: - type: comma_delimited_list - keystone_admin_api_node_ips: - type: comma_delimited_list NetVipMap: type: json RedisVirtualIP: @@ -56,6 +52,12 @@ parameters: Heat action on performed top-level stack. constraints: - allowed_values: ['CREATE', 'UPDATE'] + # NOTE(jaosorior): This is being set as IPA as it's the first + # CA we'll actually be testing out. But we can change this if + # people request it. + CertmongerCA: + type: string + default: 'IPA' resources: @@ -136,22 +138,6 @@ resources: list_join: - "]','inet6:[" - {get_param: memcache_node_ips} - keystone_public_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: keystone_public_api_node_ips} - keystone_admin_api_node_ips: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: keystone_admin_api_node_ips} deploy_identifier: {get_param: DeployIdentifier} update_identifier: {get_param: UpdateIdentifier} @@ -210,6 +196,8 @@ resources: cloud_name_storage: {get_param: cloud_name_storage} cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt} cloud_name_ctlplane: {get_param: cloud_name_ctlplane} + # TLS parameters + certmonger_ca: {get_param: CertmongerCA} outputs: config_id: diff --git a/puppet/cinder-storage.yaml b/puppet/blockstorage-role.yaml index a66ea08b..a66ea08b 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/blockstorage-role.yaml diff --git a/puppet/cephstorage-config.yaml b/puppet/cephstorage-config.yaml deleted file mode 100644 index 3f428609..00000000 --- a/puppet/cephstorage-config.yaml +++ /dev/null @@ -1,41 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - A software config which runs manifests/overcloud_cephstorage.pp - -parameters: - ConfigDebug: - default: false - description: Whether to run config management (e.g. Puppet) in debug mode. - type: boolean - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - -resources: - - CephStoragePuppetConfigImpl: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules - inputs: - - name: step - type: Number - outputs: - - name: result - config: - list_join: - - '' - - - get_file: manifests/overcloud_cephstorage.pp - - {get_param: StepConfig} - -outputs: - OS::stack_id: - description: The software config which runs overcloud_controller.pp - value: {get_resource: CephStoragePuppetConfigImpl} diff --git a/puppet/ceph-storage.yaml b/puppet/cephstorage-role.yaml index 03a53b00..03a53b00 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/cephstorage-role.yaml diff --git a/puppet/compute-config.yaml b/puppet/compute-config.yaml deleted file mode 100644 index 2314c47d..00000000 --- a/puppet/compute-config.yaml +++ /dev/null @@ -1,41 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - A software config which runs manifests/overcloud_compute.pp - -parameters: - ConfigDebug: - default: false - description: Whether to run config management (e.g. Puppet) in debug mode. - type: boolean - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - -resources: - - ComputePuppetConfigImpl: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules - inputs: - - name: step - type: Number - outputs: - - name: result - config: - list_join: - - '' - - - get_file: manifests/overcloud_compute.pp - - {get_param: StepConfig} - -outputs: - OS::stack_id: - description: The software config which runs overcloud_controller.pp - value: {get_resource: ComputePuppetConfigImpl} diff --git a/puppet/compute.yaml b/puppet/compute-role.yaml index 0205d0a6..0205d0a6 100644 --- a/puppet/compute.yaml +++ b/puppet/compute-role.yaml diff --git a/puppet/blockstorage-config.yaml b/puppet/config.role.j2.yaml index e455c4cb..e59a0216 100644 --- a/puppet/blockstorage-config.yaml +++ b/puppet/config.role.j2.yaml @@ -1,7 +1,7 @@ heat_template_version: 2015-04-30 description: > - A software config which runs manifests/overcloud_volume.pp + A software config which runs puppet on the {{role}} role parameters: ConfigDebug: @@ -15,7 +15,7 @@ parameters: resources: - BlockStoragePuppetConfigImpl: + {{role}}PuppetConfigImpl: type: OS::Heat::SoftwareConfig properties: group: puppet @@ -24,18 +24,21 @@ resources: enable_hiera: True enable_facter: False modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + outputs: + - name: result inputs: - name: step type: Number - outputs: - - name: result config: list_join: - '' - - - get_file: manifests/overcloud_volume.pp + - - str_replace: + template: {get_file: manifests/overcloud_role.pp} + params: + __ROLE__: {{role.lower()}} - {get_param: StepConfig} outputs: OS::stack_id: - description: The software config which runs overcloud_controller.pp - value: {get_resource: BlockStoragePuppetConfigImpl} + description: The software config which runs puppet on the {{role}} role + value: {get_resource: {{role}}PuppetConfigImpl} diff --git a/puppet/controller-config.yaml b/puppet/controller-config.yaml deleted file mode 100644 index 99c7b26e..00000000 --- a/puppet/controller-config.yaml +++ /dev/null @@ -1,41 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - A software config which runs manifests/overcloud_controller.pp - -parameters: - ConfigDebug: - default: false - description: Whether to run config management (e.g. Puppet) in debug mode. - type: boolean - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - -resources: - - ControllerPuppetConfigImpl: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules - outputs: - - name: result - inputs: - - name: step - type: Number - config: - list_join: - - '' - - - get_file: manifests/overcloud_controller.pp - - {get_param: StepConfig} - -outputs: - OS::stack_id: - description: The software config which runs overcloud_controller.pp - value: {get_resource: ControllerPuppetConfigImpl} diff --git a/puppet/controller.yaml b/puppet/controller-role.yaml index ccb517f8..ccb517f8 100644 --- a/puppet/controller.yaml +++ b/puppet/controller-role.yaml diff --git a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml index 5dea044e..6a2ea4d5 100644 --- a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml +++ b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml @@ -94,10 +94,10 @@ resources: type: OS::Heat::StructuredDeploymentGroup properties: config: {get_resource: NetworkMidoNetConfig} - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} NetworkMidonetDeploymentComputes: type: OS::Heat::StructuredDeploymentGroup properties: config: {get_resource: NetworkMidoNetConfig} - servers: {get_param: servers, Compute} + servers: {get_param: [servers, Compute]} diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml index 728c7ccc..7bda0cd5 100644 --- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml @@ -132,7 +132,7 @@ resources: properties: name: NetworkCiscoDeployment config: {get_resource: NetworkCiscoConfig} - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} input_values: UCSM_ip: {get_param: NetworkUCSMIp} UCSM_username: {get_param: NetworkUCSMUsername} @@ -179,7 +179,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsController - servers: {get_param: servers, Controller} + servers: {get_param: [servers, Controller]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -187,7 +187,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsCompute - servers: {get_param: servers, Compute} + servers: {get_param: [servers, Compute]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -195,7 +195,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsBlockStorage - servers: {get_param: servers, BlockStorage} + servers: {get_param: [servers, BlockStorage]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -203,7 +203,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsObjectStorage - servers: {get_param: servers, ObjectStorage} + servers: {get_param: [servers, ObjectStorage]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE @@ -211,7 +211,7 @@ resources: type: OS::Heat::SoftwareDeployments properties: name: CollectMacDeploymentsCephStorage - servers: {get_param: servers, CephStorage} + servers: {get_param: [servers, CephStorage]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml index 6ff90881..48446e5a 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml @@ -70,12 +70,22 @@ parameters: CinderNetappStoragePools: type: string default: '' - CinderNetappEseriesHostType: + CinderNetappHostType: type: string - default: 'linux_dm_mp' + default: '' CinderNetappWebservicePath: type: string default: '/devmgr/v2' + # DEPRECATED options for compatibility with older versions + CinderNetappEseriesHostType: + type: string + default: 'linux_dm_mp' + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - CinderNetappEseriesHostType resources: CinderNetappConfig: @@ -108,7 +118,7 @@ resources: cinder::backend::netapp::netapp_controller_ips: {get_input: NetappControllerIps} cinder::backend::netapp::netapp_sa_password: {get_input: NetappSaPassword} cinder::backend::netapp::netapp_storage_pools: {get_input: NetappStoragePools} - cinder::backend::netapp::netapp_eseries_host_type: {get_input: NetappEseriesHostType} + cinder::backend::netapp::netapp_host_type: {get_input: NetappHostType} cinder::backend::netapp::netapp_webservice_path: {get_input: NetappWebservicePath} CinderNetappDeployment: @@ -139,7 +149,7 @@ resources: NetappControllerIps: {get_param: CinderNetappControllerIps} NetappSaPassword: {get_param: CinderNetappSaPassword} NetappStoragePools: {get_param: CinderNetappStoragePools} - NetappEseriesHostType: {get_param: CinderNetappEseriesHostType} + NetappHostType: {get_param: CinderNetappHostType} NetappWebservicePath: {get_param: CinderNetappWebservicePath} outputs: diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index e281ef51..49d84574 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -64,11 +64,9 @@ resources: | openssl md5 | cut -c 10- \ > ${heat_outputs_path}.key_modulus # We need to reload haproxy in case the certificate changed because - # puppet doesn't know the contents of the cert file. The pacemaker - # case is handled separately in a pacemaker-specific resource. - pacemaker_status=$(systemctl is-active pacemaker) + # puppet doesn't know the contents of the cert file. haproxy_status=$(systemctl is-active haproxy) - if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then + if [ "$haproxy_status" = "active" ]; then systemctl reload haproxy fi diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp deleted file mode 100644 index 2653badf..00000000 --- a/puppet/manifests/overcloud_cephstorage.pp +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if hiera('step') >= 4 { - hiera_include('ceph_classes', []) -} - -$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_ceph', hiera('step')]) -package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp deleted file mode 100644 index f96c193c..00000000 --- a/puppet/manifests/overcloud_compute.pp +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2014 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if hiera('step') >= 4 { - hiera_include('compute_classes', []) -} - -$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_compute', hiera('step')]) -package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp deleted file mode 100644 index 414a06ba..00000000 --- a/puppet/manifests/overcloud_object.pp +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if hiera('step') >= 4 { - hiera_include('object_classes', []) -} - -$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_object', hiera('step')]) -package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_role.pp index 25bdbfb2..1a59620c 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_role.pp @@ -13,9 +13,14 @@ # License for the specific language governing permissions and limitations # under the License. +# The content of this file will be used to generate +# the puppet manifests for all roles, the placeholder +# __ROLE__ will be replaced by 'controller', 'blockstorage', +# 'cephstorage' and all the deployed roles. + if hiera('step') >= 4 { - hiera_include('controller_classes', []) + hiera_include('__ROLE___classes', []) } -$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) +$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud___ROLE__', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp deleted file mode 100644 index e1cdadd5..00000000 --- a/puppet/manifests/overcloud_volume.pp +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if hiera('step') >= 4 { - hiera_include('volume_classes', []) -} - -$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_volume', hiera('step')]) -package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/objectstorage-config.yaml b/puppet/objectstorage-config.yaml deleted file mode 100644 index 33480544..00000000 --- a/puppet/objectstorage-config.yaml +++ /dev/null @@ -1,41 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - A software config which runs manifests/overcloud_object.pp - -parameters: - ConfigDebug: - default: false - description: Whether to run config management (e.g. Puppet) in debug mode. - type: boolean - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - -resources: - - ObjectStoragePuppetConfigImpl: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules - inputs: - - name: step - type: Number - outputs: - - name: result - config: - list_join: - - '' - - - get_file: manifests/overcloud_object.pp - - {get_param: StepConfig} - -outputs: - OS::stack_id: - description: The software config which runs overcloud_controller.pp - value: {get_resource: ObjectStoragePuppetConfigImpl} diff --git a/puppet/swift-storage.yaml b/puppet/objectstorage-role.yaml index 899ba66d..899ba66d 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/objectstorage-role.yaml diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index d3d9b5ad..f4f5bad8 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -75,6 +75,6 @@ outputs: aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]} tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms} service_config_settings: - get_attr: [AodhBase, role_data, service_config_settings] + get_attr: [AodhBase, role_data, service_config_settings] step_config: | include tripleo::profile::base::aodh::api diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 5314b837..0e2410f7 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -59,14 +59,7 @@ outputs: value: service_name: aodh_base config_settings: - aodh::evaluator::coordination_url: - list_join: - - '' - - - 'redis://:' - - {get_param: RedisPassword} - - '@' - - "%{hiera('redis_vip')}" - - ':6379/' + aodh_redis_password: {get_param: RedisPassword} aodh::db::database_connection: list_join: - '' @@ -87,13 +80,6 @@ outputs: aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } aodh::auth::auth_password: {get_param: AodhPassword} - aodh::db::mysql::user: aodh - aodh::db::mysql::password: {get_param: AodhPassword} - aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - aodh::db::mysql::dbname: aodh - aodh::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" aodh::auth::auth_region: 'regionOne' aodh::auth::auth_tenant_name: 'service' service_config_settings: @@ -104,3 +90,11 @@ outputs: aodh::keystone::auth::password: {get_param: AodhPassword} aodh::keystone::auth::region: {get_param: KeystoneRegion} aodh::keystone::auth::tenant: 'service' + mysql: + aodh::db::mysql::user: aodh + aodh::db::mysql::password: {get_param: AodhPassword} + aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + aodh::db::mysql::dbname: aodh + aodh::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index 2ae46d0e..c4abc307 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -51,13 +51,6 @@ outputs: config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::agent::central::coordination_url: - list_join: - - '' - - - 'redis://:' - - {get_param: RedisPassword} - - '@' - - "%{hiera('redis_vip')}" - - ':6379/' + - ceilometer_redis_password: {get_param: RedisPassword} step_config: | include ::tripleo::profile::base::ceilometer::agent::central diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index 50431e3d..ecea38b2 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -78,6 +78,6 @@ outputs: params: $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} service_config_settings: - get_attr: [CeilometerServiceBase, role_data, service_config_settings] + get_attr: [CeilometerServiceBase, role_data, service_config_settings] step_config: | include ::tripleo::profile::base::ceilometer::api diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 25fccd9e..4ace7526 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -101,7 +101,6 @@ outputs: ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion} ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_endpoint_type: 'internalURL' - ceilometer::db::mysql::password: {get_param: CeilometerPassword} ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher} ceilometer::dispatcher::gnocchi::url: {get_param: [EndpointMap, GnocchiInternal, uri]} ceilometer::dispatcher::gnocchi::filter_project: 'service' @@ -111,12 +110,6 @@ outputs: ceilometer::rabbit_password: {get_param: RabbitPassword} ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} ceilometer::rabbit_port: {get_param: RabbitClientPort} - ceilometer::db::mysql::user: ceilometer - ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - ceilometer::db::mysql::dbname: ceilometer - ceilometer::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" ceilometer::rabbit_heartbeat_timeout_threshold: 60 ceilometer::db::database_db_max_retries: -1 ceilometer::db::database_max_retries: -1 @@ -129,3 +122,11 @@ outputs: ceilometer::keystone::auth::password: {get_param: CeilometerPassword} ceilometer::keystone::auth::region: {get_param: KeystoneRegion} ceilometer::keystone::auth::tenant: 'service' + mysql: + ceilometer::db::mysql::password: {get_param: CeilometerPassword} + ceilometer::db::mysql::user: ceilometer + ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + ceilometer::db::mysql::dbname: ceilometer + ceilometer::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml index 4d15be8e..e3f1ef4e 100644 --- a/puppet/services/ceilometer-collector.yaml +++ b/puppet/services/ceilometer-collector.yaml @@ -55,5 +55,7 @@ outputs: map_merge: - get_attr: [MongoDbBase, role_data, config_settings] - get_attr: [CeilometerServiceBase, role_data, config_settings] + service_config_settings: + get_attr: [CeilometerServiceBase, role_data, service_config_settings] step_config: | include ::tripleo::profile::base::ceilometer::collector diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 875a3aa1..9c96acc4 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -101,3 +101,11 @@ outputs: cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]} cinder::keystone::auth::password: {get_param: CinderPassword} cinder::keystone::auth::region: {get_param: KeystoneRegion} + mysql: + cinder::db::mysql::password: {get_param: CinderPassword} + cinder::db::mysql::user: cinder + cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + cinder::db::mysql::dbname: cinder + cinder::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index 0db17189..59c9b844 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -60,20 +60,12 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/cinder' - cinder::db::mysql::password: {get_param: CinderPassword} cinder::debug: {get_param: Debug} cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL} cinder::rabbit_userid: {get_param: RabbitUserName} cinder::rabbit_password: {get_param: RabbitPassword} cinder::rabbit_port: {get_param: RabbitClientPort} - cinder::db::mysql::user: cinder - cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - cinder::db::mysql::dbname: cinder - cinder::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" cinder::rabbit_heartbeat_timeout_threshold: 60 - cinder::host: hostgroup cinder::cron::db_purge::destination: '/dev/null' cinder::db::database_db_max_retries: -1 cinder::db::database_max_retries: -1 diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index b0eea481..094a7c9f 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -74,5 +74,11 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::bind_address: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index c399bf4e..80ba9aef 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -130,7 +130,6 @@ outputs: glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} glance_backend: {get_param: GlanceBackend} - glance::db::mysql::password: {get_param: GlancePassword} glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName} glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort} glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index 2b7b4345..30df67fe 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -72,12 +72,6 @@ outputs: glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } glance::registry::debug: {get_param: Debug} glance::registry::workers: {get_param: GlanceWorkers} - glance::db::mysql::user: glance - glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - glance::db::mysql::dbname: glance - glance::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" glance::registry::db::database_db_max_retries: -1 glance::registry::db::database_max_retries: -1 tripleo.glance_registry.firewall_rules: @@ -93,3 +87,12 @@ outputs: glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]} step_config: | include ::tripleo::profile::base::glance::registry + service_config_settings: + mysql: + glance::db::mysql::password: {get_param: GlancePassword} + glance::db::mysql::user: glance + glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + glance::db::mysql::dbname: glance + glance::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index 481a44cb..15121790 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -112,3 +112,11 @@ outputs: gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } gnocchi::keystone::auth::region: {get_param: KeystoneRegion} gnocchi::keystone::auth::tenant: 'service' + mysql: + gnocchi::db::mysql::password: {get_param: GnocchiPassword} + gnocchi::db::mysql::user: gnocchi + gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + gnocchi::db::mysql::dbname: gnocchi + gnocchi::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index 9f114ac4..556baae0 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -56,6 +56,7 @@ outputs: service_name: gnocchi_base config_settings: #Gnocchi engine + gnocchi_redis_password: {get_param: RedisPassword} gnocchi::debug: {get_param: Debug} gnocchi::db::database_connection: list_join: @@ -66,16 +67,7 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' - gnocchi::db::mysql::password: {get_param: GnocchiPassword} gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types' - gnocchi::storage::coordination_url: - list_join: - - '' - - - 'redis://:' - - {get_param: RedisPassword} - - '@' - - "%{hiera('redis_vip')}" - - ':6379/' gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword} @@ -94,9 +86,3 @@ outputs: gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616' gnocchi::statsd::flush_delay: 10 gnocchi::statsd::archive_policy_name: 'low' - gnocchi::db::mysql::user: gnocchi - gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - gnocchi::db::mysql::dbname: gnocchi - gnocchi::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml index ebdebd1e..1400bc98 100644 --- a/puppet/services/gnocchi-metricd.yaml +++ b/puppet/services/gnocchi-metricd.yaml @@ -21,6 +21,10 @@ parameters: MonitoringSubscriptionGnocchiMetricd: default: 'overcloud-gnocchi-metricd' type: string + GnocchiMetricdWorkers: + default: '' + description: Number of workers for Gnocchi MetricD + type: string resources: GnocchiServiceBase: @@ -39,5 +43,6 @@ outputs: config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] + - gnocchi::metricd::workers: {get_param: GnocchiMetricdWorkers} step_config: | include ::tripleo::profile::base::gnocchi::metricd diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 1e7bec23..24c36362 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -83,14 +83,7 @@ outputs: - {get_param: [EndpointMap, MysqlInternal, host]} - '/heat' heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} - heat::db::mysql::password: {get_param: HeatPassword} heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} - heat::db::mysql::user: heat - heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - heat::db::mysql::dbname: heat - heat::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" heat::engine::auth_encryption_key: yaql: expression: $.data.passwords.where($ != '').first() @@ -100,3 +93,13 @@ outputs: - {get_param: [DefaultPasswords, heat_auth_encryption_key]} step_config: | include ::tripleo::profile::base::heat::engine + + service_config_settings: + mysql: + heat::db::mysql::password: {get_param: HeatPassword} + heat::db::mysql::user: heat + heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + heat::db::mysql::dbname: heat + heat::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 19e54f5b..c8a2e833 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -73,3 +73,11 @@ outputs: ironic::keystone::auth::auth_name: 'ironic' ironic::keystone::auth::password: {get_param: IronicPassword } ironic::keystone::auth::tenant: 'service' + mysql: + ironic::db::mysql::password: {get_param: IronicPassword} + ironic::db::mysql::user: ironic + ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + ironic::db::mysql::dbname: ironic + ironic::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index 2f242da8..0ff393c6 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -65,12 +65,5 @@ outputs: ironic::rabbit_password: {get_param: RabbitPassword} ironic::rabbit_port: {get_param: RabbitClientPort} ironic::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - ironic::db::mysql::password: {get_param: IronicPassword} - ironic::db::mysql::user: ironic - ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - ironic::db::mysql::dbname: ironic - ironic::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" step_config: | include ::tripleo::profile::base::ironic diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index e358930b..e3531636 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -118,7 +118,6 @@ outputs: logging_groups: - keystone config_settings: - config_settings: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] - keystone::database_connection: @@ -142,7 +141,6 @@ outputs: '/etc/keystone/credential-keys/1': content: {get_param: KeystoneCredential1} keystone::debug: {get_param: Debug} - keystone::db::mysql::password: {get_param: AdminToken} keystone::rabbit_userid: {get_param: RabbitUserName} keystone::rabbit_password: {get_param: RabbitPassword} keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL} @@ -156,12 +154,6 @@ outputs: keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} keystone::endpoint::region: {get_param: KeystoneRegion} keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} - keystone::db::mysql::user: keystone - keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - keystone::db::mysql::dbname: keystone - keystone::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" keystone::rabbit_heartbeat_timeout_threshold: 60 keystone::cron::token_flush::maxdelay: 3600 keystone::roles::admin::service_tenant: 'service' @@ -209,3 +201,12 @@ outputs: keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} step_config: | include ::tripleo::profile::base::keystone + service_config_settings: + mysql: + keystone::db::mysql::password: {get_param: AdminToken} + keystone::db::mysql::user: keystone + keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + keystone::db::mysql::dbname: keystone + keystone::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index 531b4b0b..4d3fd47c 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -63,6 +63,7 @@ outputs: include ::tripleo::profile::base::manila::api service_config_settings: keystone: + manila::keystone::auth::tenant: 'service' manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]} manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]} manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]} @@ -71,3 +72,11 @@ outputs: manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]} manila::keystone::auth::password: {get_param: ManilaPassword} manila::keystone::auth::region: {get_param: KeystoneRegion} + mysql: + manila::db::mysql::password: {get_param: ManilaPassword} + manila::db::mysql::user: manila + manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + manila::db::mysql::dbname: manila + manila::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml new file mode 100644 index 00000000..89a36d21 --- /dev/null +++ b/puppet/services/manila-backend-cephfs.yaml @@ -0,0 +1,61 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Manila Cephfs backend + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + # CephFS Native backend params: + ManilaCephFSNativeEnableBackend: + type: boolean + default: false + ManilaCephFSNativeBackendName: + type: string + default: cephfsnative + ManilaCephFSNativeDriverHandlesShareServers: + type: boolean + default: false + ManilaCephFSNativeShareBackendName: + type: string + default: 'cephfs' + ManilaCephFSNativeCephFSConfPath: + type: string + default: '/etc/ceph/cephfs.conf' + ManilaCephFSNativeCephFSAuthId: + type: string + default: 'manila' + ManilaCephFSNativeCephFSClusterName: + type: string + default: 'ceph' + ManilaCephFSNativeCephFSEnableSnapshots: + type: boolean + default: true + +outputs: + role_data: + description: Role data for the Manila Cephfs backend. + value: + service_name: manila_backend_cephfs + config_settings: + manila::backend::cephfsnative::enable_backend: {get_param: ManilaCephFSNativeEnableBackend} + manila::backend::cephfsnative::title: {get_param: ManilaCephFSNativeBackendName} + manila::backend::cephfsnative::driver_handles_share_servers: {get_param: ManilaCephFSNativeDriverHandlesShareServers} + manila::backend::cephfsnative::share_backend_name: {get_param: ManilaCephFSNativeShareBackendName} + manila::backend::cephfsnative::cephfs_conf_path: {get_param: ManilaCephFSNativeCephFSConfPath} + manila::backend::cephfsnative::cephfs_auth_id: {get_param: ManilaCephFSNativeCephFSAuthId} + manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName} + manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots} + step_config: diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index f4ec88c1..d228577a 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -52,11 +52,5 @@ outputs: manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL} manila::rabbit_port: {get_param: RabbitClientPort} manila::debug: {get_param: Debug} - manila::db::mysql::user: manila - manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - manila::db::mysql::dbname: manila manila::db::database_db_max_retries: -1 manila::db::database_max_retries: -1 - manila::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml index 28addd68..474cc24f 100644 --- a/puppet/services/manila-scheduler.yaml +++ b/puppet/services/manila-scheduler.yaml @@ -54,7 +54,6 @@ outputs: - manila::compute::nova::nova_admin_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]} manila::compute::nova::nova_admin_password: {get_param: NovaPassword} manila::compute::nova::nova_admin_tenant_name: 'service' - manila::db::mysql::password: {get_param: ManilaPassword} manila::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, NeutronAdmin, uri]} manila::network::neutron::neutron_admin_password: {get_param: NeutronPassword} diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 8cfa20bd..3b531ab3 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -37,13 +37,6 @@ parameters: default: 'True' description: Allow automatic l3-agent failover type: string - NeutronL3HA: - default: false - description: | - Whether to enable HA for virtual routers. While the default value is - 'false', L3 HA will be automatically enabled if the number of nodes hosting - controller configurations and DVR is disabled. - type: boolean NovaPassword: description: The password for the nova service and db account, used by nova-api. type: string @@ -72,6 +65,29 @@ parameters: default: 1 type: number + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Ocata cycle. + NeutronL3HA: + default: false + description: | + Whether to enable HA for virtual routers. While the default value is + 'false', L3 HA will be automatically enabled if the number of nodes + hosting controller configurations and DVR is disabled. This parameter is + being deprecated in Newton and is scheduled to be removed in Ocata. + Future releases will enable L3 HA by default if it is appropriate for the + deployment type. Alternate mechanisms will be available to override. + type: boolean + +parameter_groups: +- label: deprecated + description: | + The following parameters are deprecated and will be removed. They should not + be relied on for new deployments. If you have concerns regarding deprecated + parameters, please contact the TripleO development team on IRC or the + OpenStack mailing list. + parameters: + - NeutronL3HA + resources: NeutronBase: @@ -129,13 +145,6 @@ outputs: neutron::server::notifications::password: {get_param: NovaPassword} neutron::keystone::authtoken::project_name: 'service' neutron::server::sync_db: true - neutron::db::mysql::password: {get_param: NeutronPassword} - neutron::db::mysql::user: neutron - neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - neutron::db::mysql::dbname: ovs_neutron - neutron::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" tripleo.neutron_server.firewall_rules: '114 neutron server': dport: @@ -163,3 +172,11 @@ outputs: neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } neutron::keystone::auth::password: {get_param: NeutronPassword} neutron::keystone::auth::region: {get_param: KeystoneRegion} + mysql: + neutron::db::mysql::password: {get_param: NeutronPassword} + neutron::db::mysql::user: neutron + neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + neutron::db::mysql::dbname: ovs_neutron + neutron::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index a124d4a1..8be4c6d6 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -23,9 +23,16 @@ parameters: type: string hidden: true NeutronWorkers: - default: 0 - description: Number of workers for Neutron service. - type: number + default: '' + description: | + Sets the number of worker processes for the neutron metadata agent. The + default value results in the configuration being left unset and a + system-dependent default will be chosen (usually the number of + processors). Please note that this can result in a large number of + processes and memory consumption on systems with a large core count. On + such systems it is recommended that a non-default value be selected that + matches the load requirements. + type: string NeutronPassword: description: The password for the neutron service and db account, used by neutron agents. type: string diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 25ae0176..b2ec0038 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -115,3 +115,18 @@ outputs: nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} nova::keystone::auth::password: {get_param: NovaPassword} nova::keystone::auth::region: {get_param: KeystoneRegion} + mysql: + nova::db::mysql::password: {get_param: NovaPassword} + nova::db::mysql::user: nova + nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + nova::db::mysql::dbname: nova + nova::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + nova::db::mysql_api::password: {get_param: NovaPassword} + nova::db::mysql_api::user: nova_api + nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + nova::db::mysql_api::dbname: nova_api + nova::db::mysql_api::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 24a63bb4..8db00d8f 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -95,20 +95,6 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_api' - nova::db::mysql::password: {get_param: NovaPassword} - nova::db::mysql::user: nova - nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - nova::db::mysql::dbname: nova - nova::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - nova::db::mysql_api::password: {get_param: NovaPassword} - nova::db::mysql_api::user: nova_api - nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - nova::db::mysql_api::dbname: nova_api - nova::db::mysql_api::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" nova::debug: {get_param: Debug} nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' @@ -123,18 +109,6 @@ outputs: nova::notify_on_state_change: 'vm_and_task_state' nova::notification_driver: messagingv2 nova::network::neutron::neutron_auth_type: 'v3password' - nova::db::mysql::user: nova - nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - nova::db::mysql::dbname: nova - nova::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - nova::db::mysql_api::user: nova_api - nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - nova::db::mysql_api::dbname: nova_api - nova::db::mysql_api::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" nova::db::database_db_max_retries: -1 nova::db::database_max_retries: -1 nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index 11b9bf8f..d91a0181 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -41,5 +41,6 @@ outputs: - get_attr: [CinderVolumeBase, role_data, config_settings] - cinder::volume::manage_service: false cinder::volume::enabled: false + cinder::host: hostgroup step_config: include ::tripleo::profile::pacemaker::cinder::volume diff --git a/puppet/services/pacemaker/database/mongodb.yaml b/puppet/services/pacemaker/database/mongodb.yaml index 64ae2e91..982b6064 100644 --- a/puppet/services/pacemaker/database/mongodb.yaml +++ b/puppet/services/pacemaker/database/mongodb.yaml @@ -22,7 +22,7 @@ parameters: resources: MongoDbBase: - type: ../../database/mongodb-base.yaml + type: ../../database/mongodb.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index d555ed0a..7deaf0ca 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -35,6 +35,21 @@ outputs: value: service_name: mysql config_settings: - get_attr: [MysqlBase, role_data, config_settings] + map_merge: + - get_attr: [MysqlBase, role_data, config_settings] + - tripleo::profile::pacemaker::database::mysql::bind_address: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr: + get_param: [ServiceNetMap, MysqlNetwork] step_config: | include ::tripleo::profile::pacemaker::database::mysql diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml index d9156e67..196754eb 100644 --- a/puppet/services/pacemaker/database/redis.yaml +++ b/puppet/services/pacemaker/database/redis.yaml @@ -21,7 +21,7 @@ parameters: resources: RedisBase: - type: ../../database/redis-base.yaml + type: ../../database/redis.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 52300a2f..5387529d 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -38,6 +38,13 @@ parameters: type: string default: '' hidden: true + RabbitHAQueues: + description: + The number of HA queues to be configured in rabbit. The default is 0 which will + be automatically overridden to CEIL(N/2) where N is the number of nodes running + rabbitmq. + default: 0 + type: number MonitoringSubscriptionRabbitmq: default: 'overcloud-rabbitmq' type: string @@ -73,6 +80,7 @@ outputs: rabbitmq_config_variables: tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]' cluster_partition_handling: 'pause_minority' + queue_master_locator: '<<"min-masters">>' loopback_users: '[]' rabbitmq::erlang_cookie: yaql: @@ -88,5 +96,7 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]} + rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues} + step_config: | include ::tripleo::profile::base::rabbitmq diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 4f139b5f..54e63df4 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -82,3 +82,11 @@ outputs: sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} sahara::keystone::auth::password: {get_param: SaharaPassword } sahara::keystone::auth::region: {get_param: KeystoneRegion} + mysql: + sahara::db::mysql::password: {get_param: SaharaPassword} + sahara::db::mysql::user: sahara + sahara::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + sahara::db::mysql::dbname: sahara + sahara::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index c3986b77..5fc8ed61 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -60,13 +60,6 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/sahara' - sahara::db::mysql::password: {get_param: SaharaPassword} - sahara::db::mysql::user: sahara - sahara::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - sahara::db::mysql::dbname: sahara - sahara::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml index 7aa3706f..eb5237fe 100644 --- a/puppet/services/time/ntp.yaml +++ b/puppet/services/time/ntp.yaml @@ -32,7 +32,7 @@ outputs: value: service_name: ntp config_settings: - ntp::ntpservers: {get_param: NtpServer} + ntp::servers: {get_param: NtpServer} tripleo.ntp.firewall_rules: '105 ntp': dport: 123 |