diff options
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/cinder-storage-puppet.yaml | 7 | ||||
-rw-r--r-- | puppet/controller-puppet.yaml | 38 | ||||
-rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 76 |
3 files changed, 69 insertions, 52 deletions
diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml index c69a0f3c..007a489c 100644 --- a/puppet/cinder-storage-puppet.yaml +++ b/puppet/cinder-storage-puppet.yaml @@ -16,6 +16,11 @@ parameters: default: 5000 description: The size of the loopback file used by the cinder LVM driver. type: number + CinderPassword: + default: unset + description: The password for the cinder service and db account, used by cinder-api. + type: string + hidden: true Debug: default: '' description: Set to True to enable debugging on all services. @@ -158,7 +163,7 @@ resources: config: {get_resource: BlockStorageConfig} input_values: debug: {get_param: Debug} - cinder_dsn: {list_join: ['', ['mysql://cinder:unset@', {get_param: VirtualIP} , '/cinder']]} + cinder_dsn: {list_join: ['', ['mysql://cinder:', {get_param: CinderPassword}, '@', {get_param: VirtualIP} , '/cinder']]} snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} cinder_lvm_loop_device_size: diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml index 3f134d87..5cb57a73 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller-puppet.yaml @@ -11,7 +11,7 @@ parameters: hidden: true AdminToken: default: unset - description: The keystone auth secret. + description: The keystone auth secret and db password. type: string hidden: true CeilometerBackend: @@ -25,7 +25,7 @@ parameters: hidden: true CeilometerPassword: default: unset - description: The password for the ceilometer service account. + description: The password for the ceilometer service and db account. type: string hidden: true CinderEnableIscsiBackend: @@ -46,7 +46,7 @@ parameters: type: number CinderPassword: default: unset - description: The password for the cinder service account, used by cinder-api. + description: The password for the cinder service and db account, used by cinder-api. type: string hidden: true CloudName: @@ -137,7 +137,7 @@ parameters: default: '' GlancePassword: default: unset - description: The password for the glance service account, used by the glance services. + description: The password for the glance service and db account, used by the glance services. type: string hidden: true GlancePort: @@ -157,7 +157,7 @@ parameters: - allowed_values: ['swift', 'file', 'rbd'] HeatPassword: default: unset - description: The password for the Heat service account, used by the Heat services. + description: The password for the Heat service and db account, used by the Heat services. type: string hidden: true HeatStackDomainAdminPassword: @@ -290,7 +290,7 @@ parameters: type: string NeutronPassword: default: unset - description: The password for the neutron service account, used by neutron agents. + description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true NeutronPublicInterface: @@ -327,7 +327,7 @@ parameters: type: string NovaPassword: default: unset - description: The password for the nova service account, used by nova-api. + description: The password for the nova service and db account, used by nova-api. type: string hidden: true NtpServer: @@ -545,7 +545,9 @@ resources: cinder_dsn: list_join: - '' - - - 'mysql://cinder:unset@' + - - 'mysql://cinder:' + - {get_param: CinderPassword} + - '@' - {get_param: VirtualIP} - '/cinder' glance_port: {get_param: GlancePort} @@ -558,7 +560,9 @@ resources: glance_dsn: list_join: - '' - - - 'mysql://glance:unset@' + - - 'mysql://glance:' + - {get_param: GlancePassword} + - '@' - {get_param: VirtualIP} - '/glance' heat_password: {get_param: HeatPassword} @@ -566,7 +570,9 @@ resources: heat_dsn: list_join: - '' - - - 'mysql://heat:unset@' + - - 'mysql://heat:' + - {get_param: HeatPassword} + - '@' - {get_param: VirtualIP} - '/heat' keystone_ca_certificate: {get_param: KeystoneCACertificate} @@ -577,7 +583,9 @@ resources: keystone_dsn: list_join: - '' - - - 'mysql://keystone:unset@' + - - 'mysql://keystone:' + - {get_param: AdminToken} + - '@' - {get_param: VirtualIP} - '/keystone' keystone_identity_uri: @@ -622,7 +630,9 @@ resources: neutron_dsn: list_join: - '' - - - 'mysql://neutron:unset@' + - - 'mysql://neutron:' + - {get_param: NeutronPassword} + - '@' - {get_param: VirtualIP} - '/ovs_neutron?charset=utf8' neutron_url: @@ -652,7 +662,9 @@ resources: nova_dsn: list_join: - '' - - - 'mysql://nova:unset@' + - - 'mysql://nova:' + - {get_param: NovaPassword} + - '@' - {get_param: VirtualIP} - '/nova' pcsd_password: {get_param: PcsdPassword} diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 99344532..a7aa40cb 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -94,14 +94,14 @@ if hiera('step') >= 1 { replace => true, } - # MongoDB - include ::mongodb::globals - - # FIXME: replace with service_manage => false on ::mongodb::server - # when this is merged: https://github.com/puppetlabs/pupp etlabs-mongodb/pull/198 - class { '::mongodb::server' : - service_ensure => undef, - service_enable => false, + if downcase(hiera('ceilometer_backend')) == 'mongodb' { + include ::mongodb::globals + # FIXME: replace with service_manage => false on ::mongodb::server + # when this is merged: https://github.com/puppetlabs/pupp etlabs-mongodb/pull/198 + class { '::mongodb::server' : + service_ensure => undef, + service_enable => false, + } } # Galera @@ -208,10 +208,6 @@ if hiera('step') >= 2 { require => Class['::mysql::server'], before => Exec['galera-ready'], } - mysql_user { 'clustercheckuser@localhost' : - password_hash => mysql_password($clustercheck_password), - require => Exec['galera-ready'], - } } # Redis @@ -363,8 +359,8 @@ if hiera('step') >= 3 { class { '::keystone': sync_db => $sync_db, - manage_service => $non_pcmk_start, - enabled => $non_pcmk_start, + manage_service => false, + enabled => false, } #TODO: need a cleanup-keystone-tokens.sh solution here @@ -696,6 +692,11 @@ if hiera('step') >= 3 { if hiera('step') >= 4 { if $pacemaker_master { + # Keystone + pacemaker::resource::service { $::keystone::params::service_name : + clone_params => "interleave=true", + } + # Cinder pacemaker::resource::service { $::cinder::params::api_service : clone_params => "interleave=true", @@ -738,31 +739,30 @@ if hiera('step') >= 4 { Pacemaker::Resource::Service[$::cinder::params::volume_service]], } - } - - # Glance - pacemaker::resource::service { $::glance::params::registry_service_name : - clone_params => "interleave=true", - } - pacemaker::resource::service { $::glance::params::api_service_name : - clone_params => "interleave=true", - } + # Glance + pacemaker::resource::service { $::glance::params::registry_service_name : + clone_params => "interleave=true", + } + pacemaker::resource::service { $::glance::params::api_service_name : + clone_params => "interleave=true", + } - pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint': - constraint_type => "order", - first_resource => "${::glance::params::registry_service_name}-clone", - second_resource => "${::glance::params::api_service_name}-clone", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Service[$::glance::params::api_service_name]], - } - pacemaker::constraint::colocation { 'glance-registry-with-glance-api-colocation': - source => "${::glance::params::registry_service_name}-clone", - target => "${::glance::params::api_service_name}-clone", - score => "INFINITY", - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Service[$::glance::params::api_service_name]], + pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint': + constraint_type => "order", + first_resource => "${::glance::params::registry_service_name}-clone", + second_resource => "${::glance::params::api_service_name}-clone", + first_action => "start", + second_action => "start", + require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], + Pacemaker::Resource::Service[$::glance::params::api_service_name]], + } + pacemaker::constraint::colocation { 'glance-registry-with-glance-api-colocation': + source => "${::glance::params::registry_service_name}-clone", + target => "${::glance::params::api_service_name}-clone", + score => "INFINITY", + require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], + Pacemaker::Resource::Service[$::glance::params::api_service_name]], + } } } #END STEP 4 |