diff options
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/blockstorage-role.yaml | 19 | ||||
| -rw-r--r-- | puppet/cephstorage-role.yaml | 19 | ||||
| -rw-r--r-- | puppet/compute-role.yaml | 21 | ||||
| -rw-r--r-- | puppet/controller-role.yaml | 20 | ||||
| -rw-r--r-- | puppet/major_upgrade_steps.j2.yaml | 18 | ||||
| -rw-r--r-- | puppet/objectstorage-role.yaml | 19 | ||||
| -rw-r--r-- | puppet/role.role.j2.yaml | 19 | ||||
| -rw-r--r-- | puppet/services/ceph-base.yaml | 1 | ||||
| -rw-r--r-- | puppet/services/ceph-mon.yaml | 6 | ||||
| -rw-r--r-- | puppet/services/disabled/ceilometer-expirer-disabled.yaml | 22 | ||||
| -rw-r--r-- | puppet/services/gnocchi-base.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/kernel.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/mistral-api.yaml | 44 | ||||
| -rw-r--r-- | puppet/services/neutron-linuxbridge-agent.yaml | 83 | ||||
| -rw-r--r-- | puppet/services/neutron-ovs-dpdk-agent.yaml | 41 | ||||
| -rw-r--r-- | puppet/services/nova-compute.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/pacemaker/cinder-volume.yaml | 15 | ||||
| -rw-r--r-- | puppet/services/swift-proxy.yaml | 8 |
18 files changed, 318 insertions, 43 deletions
diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 3fc663fb..d66cbd90 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -132,6 +132,20 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. + +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 resources: BlockStorage: @@ -362,6 +376,7 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment depends_on: PreNetworkConfig + condition: server_not_blacklisted properties: name: NetworkDeployment config: {get_resource: NetworkConfig} @@ -385,6 +400,7 @@ resources: BlockStorageUpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment + condition: server_not_blacklisted properties: name: BlockStorageUpgradeInitDeployment server: {get_resource: BlockStorage} @@ -393,6 +409,7 @@ resources: BlockStorageDeployment: type: OS::Heat::StructuredDeployment depends_on: BlockStorageUpgradeInitDeployment + condition: server_not_blacklisted properties: name: BlockStorageDeployment server: {get_resource: BlockStorage} @@ -459,6 +476,7 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment + condition: server_not_blacklisted properties: name: UpdateDeployment config: {get_resource: UpdateConfig} @@ -555,6 +573,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" description: Heat resource handle for the block storage server value: {get_resource: BlockStorage} + condition: server_not_blacklisted external_ip_address: description: IP address of the server in the external network value: {get_attr: [ExternalPort, ip_address]} diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 295e64f5..d4dfa719 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -138,6 +138,20 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. + +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 resources: CephStorage: @@ -368,6 +382,7 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment depends_on: PreNetworkConfig + condition: server_not_blacklisted properties: name: NetworkDeployment config: {get_resource: NetworkConfig} @@ -391,6 +406,7 @@ resources: CephStorageUpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment + condition: server_not_blacklisted properties: name: CephStorageUpgradeInitDeployment server: {get_resource: CephStorage} @@ -399,6 +415,7 @@ resources: CephStorageDeployment: type: OS::Heat::StructuredDeployment depends_on: CephStorageUpgradeInitDeployment + condition: server_not_blacklisted properties: name: CephStorageDeployment config: {get_resource: CephStorageConfig} @@ -471,6 +488,7 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment + condition: server_not_blacklisted properties: config: {get_resource: UpdateConfig} server: {get_resource: CephStorage} @@ -566,6 +584,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" description: Heat resource handle for the ceph storage server value: {get_resource: CephStorage} + condition: server_not_blacklisted external_ip_address: description: IP address of the server in the external network value: {get_attr: [ExternalPort, ip_address]} diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 05318f3f..ff1f6d2a 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -150,6 +150,20 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. + +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 resources: @@ -382,6 +396,7 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment depends_on: PreNetworkConfig + condition: server_not_blacklisted properties: name: NetworkDeployment config: {get_resource: NetworkConfig} @@ -408,6 +423,7 @@ resources: NovaComputeUpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment + condition: server_not_blacklisted properties: name: NovaComputeUpgradeInitDeployment server: {get_resource: NovaCompute} @@ -459,6 +475,7 @@ resources: NovaComputeDeployment: type: OS::TripleO::SoftwareDeployment depends_on: NovaComputeUpgradeInitDeployment + condition: server_not_blacklisted properties: name: NovaComputeDeployment config: {get_resource: NovaComputeConfig} @@ -494,6 +511,7 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment + condition: server_not_blacklisted properties: name: UpdateDeployment config: {get_resource: UpdateConfig} @@ -609,4 +627,5 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" nova_server_resource: description: Heat resource handle for the Nova compute server value: - {get_resource: NovaCompute}
\ No newline at end of file + {get_resource: NovaCompute} + condition: server_not_blacklisted diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 163ba57b..9bf110d5 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -164,6 +164,13 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. parameter_groups: - label: deprecated @@ -171,6 +178,14 @@ parameter_groups: parameters: - controllerExtraConfig +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 + + resources: Controller: @@ -400,6 +415,7 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment + condition: server_not_blacklisted depends_on: PreNetworkConfig properties: name: NetworkDeployment @@ -441,6 +457,7 @@ resources: # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first ControllerUpgradeInitDeployment: type: OS::Heat::SoftwareDeployment + condition: server_not_blacklisted depends_on: NetworkDeployment properties: name: ControllerUpgradeInitDeployment @@ -449,6 +466,7 @@ resources: ControllerDeployment: type: OS::TripleO::SoftwareDeployment + condition: server_not_blacklisted depends_on: ControllerUpgradeInitDeployment properties: name: ControllerDeployment @@ -532,6 +550,7 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment + condition: server_not_blacklisted depends_on: NetworkDeployment properties: name: UpdateDeployment @@ -649,6 +668,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" description: Heat resource handle for the Nova compute server value: {get_resource: Controller} + condition: server_not_blacklisted tls_key_modulus_md5: description: MD5 checksum of the TLS Key Modulus value: {get_attr: [NodeTLSData, key_modulus_md5]} diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index 8420f99d..b44095bd 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -44,24 +44,6 @@ resources: - '' - - "#!/bin/bash\n\n" - "set -eu\n\n" - - "if hiera -c /etc/puppet/hiera.yaml service_names | grep nova_compute ; then\n\n" - - " crudini --set /etc/nova/nova.conf placement auth_type password\n\n" - - " crudini --set /etc/nova/nova.conf placement username placement\n\n" - - " crudini --set /etc/nova/nova.conf placement project_domain_name Default\n\n" - - " crudini --set /etc/nova/nova.conf placement user_domain_name Default\n\n" - - " crudini --set /etc/nova/nova.conf placement project_name service\n\n" - - " crudini --set /etc/nova/nova.conf placement os_interface internal\n\n" - - str_replace: - template: | - crudini --set /etc/nova/nova.conf placement password 'SERVICE_PASSWORD' - crudini --set /etc/nova/nova.conf placement os_region_name 'REGION_NAME' - crudini --set /etc/nova/nova.conf placement auth_url 'AUTH_URL' - params: - SERVICE_PASSWORD: { get_param: NovaPassword } - REGION_NAME: { get_param: KeystoneRegion } - AUTH_URL: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - - " systemctl restart openstack-nova-compute\n\n" - - "fi\n\n" - str_replace: template: | ROLE='ROLE_NAME' diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 7ee12b19..2f7056c4 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -132,6 +132,20 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. + +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 resources: @@ -362,6 +376,7 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment depends_on: PreNetworkConfig + condition: server_not_blacklisted properties: name: NetworkDeployment config: {get_resource: NetworkConfig} @@ -385,6 +400,7 @@ resources: SwiftStorageUpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment + condition: server_not_blacklisted properties: name: SwiftStorageUpgradeInitDeployment server: {get_resource: SwiftStorage} @@ -430,6 +446,7 @@ resources: SwiftStorageHieraDeploy: type: OS::Heat::StructuredDeployment depends_on: SwiftStorageUpgradeInitDeployment + condition: server_not_blacklisted properties: name: SwiftStorageHieraDeploy server: {get_resource: SwiftStorage} @@ -458,6 +475,7 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment + condition: server_not_blacklisted properties: config: {get_resource: UpdateConfig} server: {get_resource: SwiftStorage} @@ -553,6 +571,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" description: Heat resource handle for the swift storage server value: {get_resource: SwiftStorage} + condition: server_not_blacklisted external_ip_address: description: IP address of the server in the external network value: {get_attr: [ExternalPort, ip_address]} diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index dbb517f0..7acf2dfb 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -154,6 +154,20 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. + +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 resources: {{role}}: @@ -384,6 +398,7 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment depends_on: PreNetworkConfig + condition: server_not_blacklisted properties: name: NetworkDeployment config: {get_resource: NetworkConfig} @@ -410,6 +425,7 @@ resources: {{role}}UpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment + condition: server_not_blacklisted properties: name: {{role}}UpgradeInitDeployment server: {get_resource: {{role}}} @@ -418,6 +434,7 @@ resources: {{role}}Deployment: type: OS::Heat::StructuredDeployment depends_on: {{role}}UpgradeInitDeployment + condition: server_not_blacklisted properties: name: {{role}}Deployment config: {get_resource: {{role}}Config} @@ -492,6 +509,7 @@ resources: UpdateDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment + condition: server_not_blacklisted properties: name: UpdateDeployment config: {get_resource: UpdateConfig} @@ -588,6 +606,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" description: Heat resource handle for {{role}} server value: {get_resource: {{role}}} + condition: server_not_blacklisted external_ip_address: description: IP address of the server in the external network value: {get_attr: [ExternalPort, ip_address]} diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index 5f19af68..e12c55eb 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -99,7 +99,6 @@ outputs: service_name: ceph_base config_settings: tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage} - ceph::profile::params::osd_pool_default_min_size: 1 ceph::profile::params::osds: {/srv/data: {}} ceph::profile::params::manage_repo: false ceph::profile::params::authentication_type: cephx diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index c36f0537..28552301 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -78,6 +78,10 @@ parameters: MonitoringSubscriptionCephMon: default: 'overcloud-ceph-mon' type: string + CephPoolDefaultSize: + description: default minimum replication for RBD copies + type: number + default: 3 resources: CephBase: @@ -102,7 +106,7 @@ outputs: ceph::profile::params::mon_key: {get_param: CephMonKey} ceph::profile::params::osd_pool_default_pg_num: 32 ceph::profile::params::osd_pool_default_pgp_num: 32 - ceph::profile::params::osd_pool_default_size: 3 + ceph::profile::params::osd_pool_default_size: {get_param: CephPoolDefaultSize} # repeat returns items in a list, so we need to map_merge twice tripleo::profile::base::ceph::mon::ceph_pools: map_merge: diff --git a/puppet/services/disabled/ceilometer-expirer-disabled.yaml b/puppet/services/disabled/ceilometer-expirer-disabled.yaml index e6d8ee6e..9b7b47ef 100644 --- a/puppet/services/disabled/ceilometer-expirer-disabled.yaml +++ b/puppet/services/disabled/ceilometer-expirer-disabled.yaml @@ -27,12 +27,24 @@ parameters: via parameter_defaults in the resource registry. type: json +resources: + CeilometerServiceBase: + type: ../ceilometer-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + outputs: role_data: - description: Role data for the disabled Ceilometer Expirer role. + description: Role data for the disabling Ceilometer Expirer role. value: service_name: ceilometer_expirer_disabled - upgrade_tasks: - - name: Stop and disable ceilometer_expirer service on upgrade - tags: step1 - service: name=openstack-ceilometer-expirer state=stopped enabled=no + config_settings: + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::expirer::enable_cron: false + step_config: | + include ::tripleo::profile::base::ceilometer::expirer diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index d62c349e..012bd727 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -76,7 +76,7 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - gnocchi::db::sync::extra_opts: '--skip-storage' + gnocchi::db::sync::extra_opts: '' gnocchi::storage::metric_processing_delay: {get_param: MetricProcessingDelay} gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 3 diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 3f9b0b7e..c142b475 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -77,6 +77,8 @@ outputs: value: 0 net.ipv4.conf.all.send_redirects: value: 0 + net.ipv4.conf.all.arp_accept: + value: 1 net.ipv4.conf.default.accept_redirects: value: 0 net.ipv4.conf.default.secure_redirects: diff --git a/puppet/services/mistral-api.yaml b/puppet/services/mistral-api.yaml index 00406736..b865ec1f 100644 --- a/puppet/services/mistral-api.yaml +++ b/puppet/services/mistral-api.yaml @@ -36,8 +36,21 @@ parameters: e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + mistral_workers_zero: {equals : [{get_param: MistralWorkers}, 0]} resources: + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} MistralBase: type: ./mistral-base.yaml properties: @@ -57,12 +70,25 @@ outputs: - get_attr: [MistralBase, role_data, config_settings] - mistral::api::api_workers: {get_param: MistralWorkers} mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]} + mistral::wsgi::apache::ssl: {get_param: EnableInternalTLS} mistral::policy::policies: {get_param: MistralApiPolicies} tripleo.mistral_api.firewall_rules: '133 mistral': dport: - 8989 - 13989 + mistral::api::service_name: 'httpd' + mistral::wsgi::apache::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]} + mistral::wsgi::apache::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MistralApiNetwork]} + - if: + - mistral_workers_zero + - {} + - mistral::wsgi::apache::workers: {get_param: MistralWorkers} service_config_settings: get_attr: [MistralBase, role_data, service_config_settings] step_config: | @@ -79,10 +105,16 @@ outputs: grep '\bactive\b' when: mistral_api_enabled.rc == 0 tags: step0,validation - - name: Stop mistral_api service + - name: check for mistral_api running under apache (post upgrade) + tags: step1 + shell: "httpd -t -D DUMP_VHOSTS | grep -q mistral_api_wsgi" + register: mistral_api_apache + ignore_errors: true + - name: Stop mistral_api service (running under httpd) tags: step1 - service: name=openstack-mistral-api state=stopped - - name: Install openstack-mistral-api package if it was disabled - tags: step3 - yum: name=openstack-mistral-api state=latest - when: mistral_api_enabled.rc != 0 + service: name=httpd state=stopped + when: mistral_api_apache.rc == 0 + - name: Stop and disable mistral_api service (pre-upgrade not under httpd) + tags: step1 + when: mistral_api_enabled.rc == 0 + service: name=openstack-mistral-api state=stopped enabled=no diff --git a/puppet/services/neutron-linuxbridge-agent.yaml b/puppet/services/neutron-linuxbridge-agent.yaml new file mode 100644 index 00000000..f4324054 --- /dev/null +++ b/puppet/services/neutron-linuxbridge-agent.yaml @@ -0,0 +1,83 @@ +heat_template_version: ocata + +description: > + OpenStack Neutron Linuxbridge agent configured with Puppet. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + PhysicalInterfaceMapping: + description: List of <physical_network>:<physical_interface> tuples + mapping physical network names to agent's node-specific + physical network interfaces. Defaults to empty list. + type: comma_delimited_list + default: '' + NeutronLinuxbridgeFirewallDriver: + default: '' + description: Configure the classname of the firewall driver to use for + implementing security groups. Possible values depend on + system configuration. The default value of an empty string + will result in a default supported configuration. + type: string + NeutronEnableL2Pop: + type: string + description: Enable/disable the L2 population feature in the Neutron agents. + default: 'False' + NeutronTunnelTypes: + default: 'vxlan' + description: The tunnel types for the Neutron tenant network. + type: comma_delimited_list + +conditions: + no_firewall_driver: {equals : [{get_param: NeutronLinuxbridgeFirewallDriver}, '']} + +resources: + + NeutronBase: + type: ./neutron-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron Linuxbridge agent service. + value: + service_name: neutron_linuxbridge_agent + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::ml2::linuxbridge::physical_interface_mappings: {get_param: PhysicalInterfaceMapping} + neutron::agents::ml2::linuxbridge::l2_population: {get_param: NeutronEnableL2Pop} + neutron::agents::ml2::linuxbridge::tunnel_types: {get_param: NeutronTunnelTypes} + neutron::agents::ml2::linuxbridge::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} + neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver' + neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq' + - + if: + - no_firewall_driver + - {} + - neutron::agents::ml2::linuxbridge::firewall_driver: {get_param: NeutronLinuxbridgeFirewallDriver} + step_config: | + include ::tripleo::profile::base::neutron::linuxbridge diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index 8f3f7b27..fec9e2a1 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -27,20 +27,23 @@ parameters: via parameter_defaults in the resource registry. type: json HostCpusList: + default: "'0'" description: List of cores to be used for host process type: string constraints: - allowed_pattern: "'[0-9,-]+'" NeutronDpdkCoreList: + default: "''" description: List of cores to be used for DPDK Poll Mode Driver type: string constraints: - - allowed_pattern: "'[0-9,-]+'" + - allowed_pattern: "'[0-9,-]*'" NeutronDpdkMemoryChannels: + default: "" description: Number of memory channels to be used for DPDK type: string constraints: - - allowed_pattern: "[0-9]+" + - allowed_pattern: "[0-9]*" NeutronDpdkSocketMemory: default: "" description: Memory allocated for each socket @@ -75,6 +78,32 @@ resources: OpenVswitchUpgrade: type: ./openvswitch-upgrade.yaml + # Merging role-specific parameters (RoleParameters) with the default parameters. + # RoleParameters will have the precedence over the default parameters. + RoleParametersValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - map_replace: + - neutron::agents::ml2::ovs::datapath_type: NeutronDatapathType + neutron::agents::ml2::ovs::vhostuser_socket_dir: NeutronVhostuserSocketDir + vswitch::dpdk::driver_type: NeutronDpdkDriverType + vswitch::dpdk::host_core_list: HostCpusList + vswitch::dpdk::pmd_core_list: NeutronDpdkCoreList + vswitch::dpdk::memory_channels: NeutronDpdkMemoryChannels + vswitch::dpdk::socket_mem: NeutronDpdkSocketMemory + - values: {get_param: [RoleParameters]} + - values: + NeutronDatapathType: {get_param: NeutronDatapathType} + NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir} + NeutronDpdkDriverType: {get_param: NeutronDpdkDriverType} + HostCpusList: {get_param: HostCpusList} + NeutronDpdkCoreList: {get_param: NeutronDpdkCoreList} + NeutronDpdkMemoryChannels: {get_param: NeutronDpdkMemoryChannels} + NeutronDpdkSocketMemory: {get_param: NeutronDpdkSocketMemory} + outputs: role_data: description: Role data for the Neutron OVS DPDK Agent service. @@ -87,13 +116,7 @@ outputs: - keys: tripleo.neutron_ovs_agent.firewall_rules: tripleo.neutron_ovs_dpdk_agent.firewall_rules - neutron::agents::ml2::ovs::enable_dpdk: true - neutron::agents::ml2::ovs::datapath_type: {get_param: NeutronDatapathType} - neutron::agents::ml2::ovs::vhostuser_socket_dir: {get_param: NeutronVhostuserSocketDir} - vswitch::dpdk::host_core_list: {get_param: HostCpusList} - vswitch::dpdk::pmd_core_list: {get_param: NeutronDpdkCoreList} - vswitch::dpdk::memory_channels: {get_param: NeutronDpdkMemoryChannels} - vswitch::dpdk::socket_mem: {get_param: NeutronDpdkSocketMemory} - vswitch::dpdk::driver_type: {get_param: NeutronDpdkDriverType} + - get_attr: [RoleParametersValue, value] step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]} upgrade_tasks: get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks] diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 16ccb9e0..e39e997a 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -72,7 +72,7 @@ parameters: description: > Reserved RAM for host processes. type: number - default: 2048 + default: 4096 constraints: - range: { min: 512 } MonitoringSubscriptionNovaCompute: diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index 659368a4..39914db5 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -54,3 +54,18 @@ outputs: cinder::host: hostgroup step_config: include ::tripleo::profile::pacemaker::cinder::volume + upgrade_tasks: + - name: Stop cinder_volume service (pacemaker) + tags: step1 + pacemaker_resource: + resource: openstack-cinder-volume + state: disable + wait_for_resource: true + - name: Sync cinder DB + tags: step5 + command: cinder-manage db sync + - name: Start cinder_volume service (pacemaker) + tags: step5 + pacemaker_resource: + resource: openstack-cinder-volume + state: enable diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index f3b7ee4a..9a304edb 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -61,6 +61,10 @@ parameters: description: Set to False to disable the swift proxy ceilometer pipeline. default: True type: boolean + SwiftCeilometerIgnoreProjects: + default: ['services'] + description: Comma-seperated list of project names to ignore. + type: comma_delimited_list RabbitClientPort: default: 5672 description: Set rabbit subscriber port, change this if using SSL @@ -116,6 +120,10 @@ outputs: swift::proxy::workers: {get_param: SwiftWorkers} swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName} swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} + swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + swift::proxy::ceilometer::password: {get_param: SwiftPassword} + swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects} swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} swift::proxy::ceilometer::nonblocking_notify: true tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort} |