diff options
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/ceph-cluster-config.yaml | 15 | ||||
| -rw-r--r-- | puppet/ceph-storage.yaml | 18 | ||||
| -rw-r--r-- | puppet/cinder-storage.yaml | 21 | ||||
| -rw-r--r-- | puppet/compute.yaml | 34 | ||||
| -rw-r--r-- | puppet/controller.yaml | 68 | ||||
| -rw-r--r-- | puppet/extraconfig/ceph/ceph-external-config.yaml | 8 | ||||
| -rw-r--r-- | puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml | 2 | ||||
| -rw-r--r-- | puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml | 2 | ||||
| -rw-r--r-- | puppet/extraconfig/tls/ca-inject.yaml | 2 | ||||
| -rw-r--r-- | puppet/extraconfig/tls/tls-cert-inject.yaml | 4 | ||||
| -rw-r--r-- | puppet/hieradata/compute.yaml | 1 | ||||
| -rw-r--r-- | puppet/hieradata/controller.yaml | 8 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_cephstorage.pp | 8 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_compute.pp | 38 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 82 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 73 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_object.pp | 2 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_volume.pp | 2 | ||||
| -rw-r--r-- | puppet/swift-storage.yaml | 28 |
19 files changed, 351 insertions, 65 deletions
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index 96198c3f..dc2f98ed 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -39,6 +39,9 @@ parameters: CephClientUserName: default: openstack type: string + CephIPv6: + default: False + type: boolean resources: CephClusterConfigImpl: @@ -50,15 +53,25 @@ resources: datafiles: ceph_cluster: mapped_data: + ceph_ipv6: {get_param: CephIPv6} ceph_storage_count: {get_param: ceph_storage_count} ceph_mon_initial_members: list_join: - ',' - {get_param: ceph_mon_names} - ceph::profile::params::mon_host: + ceph_mon_host: list_join: - ',' - {get_param: ceph_mon_ips} + ceph_mon_host_v6: + str_replace: + template: "'[IPS_LIST]'" + params: + IPS_LIST: + list_join: + - '],[' + - {get_param: ceph_mon_ips} + ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} ceph::profile::params::fsid: {get_param: ceph_fsid} ceph::profile::params::mon_key: {get_param: ceph_mon_key} # We should use a separated key for the non-admin clients diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index 88120b9c..d2988926 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -62,6 +62,9 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json + CephStorageIPs: + default: {} + type: json NetworkDeploymentActions: type: comma_delimited_list description: > @@ -90,6 +93,9 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + NodeIndex: + type: number + default: 0 resources: CephStorage: @@ -135,31 +141,43 @@ resources: type: OS::TripleO::CephStorage::Ports::ExternalPort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} InternalApiPort: type: OS::TripleO::CephStorage::Ports::InternalApiPort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} StoragePort: type: OS::TripleO::CephStorage::Ports::StoragePort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} StorageMgmtPort: type: OS::TripleO::CephStorage::Ports::StorageMgmtPort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} TenantPort: type: OS::TripleO::CephStorage::Ports::TenantPort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} ManagementPort: type: OS::TripleO::CephStorage::Ports::ManagementPort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} NetworkConfig: type: OS::TripleO::CephStorage::Net::SoftwareConfig diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index 09c4d3e3..878b31c2 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -9,7 +9,7 @@ parameters: description: Whether to enable or not the Iscsi backend for Cinder type: boolean CinderISCSIHelper: - default: tgtadm + default: lioadm description: The iSCSI helper to use with cinder. type: string CinderLVMLoopDeviceSize: @@ -38,6 +38,9 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json + BlockStorageIPs: + default: {} + type: json Flavor: description: Flavor for block storage nodes to request when deploying. type: string @@ -48,7 +51,6 @@ parameters: description: Name of an existing Nova key pair to enable SSH access to the instances type: string RabbitPassword: - default: 'guest' type: string hidden: true RabbitUserName: @@ -141,6 +143,9 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + NodeIndex: + type: number + default: 0 resources: @@ -187,31 +192,43 @@ resources: type: OS::TripleO::BlockStorage::Ports::ExternalPort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} InternalApiPort: type: OS::TripleO::BlockStorage::Ports::InternalApiPort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} StoragePort: type: OS::TripleO::BlockStorage::Ports::StoragePort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} StorageMgmtPort: type: OS::TripleO::BlockStorage::Ports::StorageMgmtPort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} TenantPort: type: OS::TripleO::BlockStorage::Ports::TenantPort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} ManagementPort: type: OS::TripleO::BlockStorage::Ports::ManagementPort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} NetworkConfig: type: OS::TripleO::BlockStorage::Net::SoftwareConfig diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 58ca71e7..f5c848c8 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -195,6 +195,9 @@ parameters: default: 'dvr_snat' description: Agent mode for the neutron-l3-agent on the controller hosts type: string + NodeIndex: + type: number + default: 0 NovaApiHost: type: string default: '' # Has to be here because of the ignored empty value bug @@ -207,6 +210,9 @@ parameters: NovaCompute specific configuration to inject into the cluster. Same structure as ExtraConfig. type: json + NovaComputeIPs: + default: {} + type: json NovaComputeLibvirtType: type: string default: kvm @@ -218,6 +224,10 @@ parameters: default: false description: Whether to enable or not the Rbd backend for Nova type: boolean + NovaIPv6: + default: false + description: Enable IPv6 features in Nova + type: boolean NovaPassword: description: The password for the nova service account, used by nova-api. type: string @@ -241,7 +251,6 @@ parameters: type: string default: '' # Has to be here because of the ignored empty value bug RabbitPassword: - default: guest description: The password for RabbitMQ type: string hidden: true @@ -378,31 +387,43 @@ resources: type: OS::TripleO::Compute::Ports::ExternalPort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} InternalApiPort: type: OS::TripleO::Compute::Ports::InternalApiPort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} StoragePort: type: OS::TripleO::Compute::Ports::StoragePort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} StorageMgmtPort: type: OS::TripleO::Compute::Ports::StorageMgmtPort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} TenantPort: type: OS::TripleO::Compute::Ports::TenantPort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} ManagementPort: type: OS::TripleO::Compute::Ports::ManagementPort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap @@ -478,6 +499,7 @@ resources: raw_data: {get_file: hieradata/compute.yaml} mapped_data: cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} + nova::use_ipv6: {get_input: nova_ipv6} nova::debug: {get_input: debug} nova::rabbit_userid: {get_input: rabbit_username} nova::rabbit_password: {get_input: rabbit_password} @@ -567,10 +589,18 @@ resources: nova_api_host: {get_param: NovaApiHost} nova_password: {get_param: NovaPassword} nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend} + nova_ipv6: {get_param: NovaIPv6} cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]} nova_vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} - nova_vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host]} + # Remove brackets that may come if the IP address is IPv6. + # For DNS names and IPv4, this will just get the NovaVNCProxyPublic value + nova_vncproxy_host: + str_replace: + template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]} + params: + '[': '' + ']': '' nova_vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} nova_ovs_bridge: {get_param: NovaOVSBridge} nova_security_group_api: {get_param: NovaSecurityGroupAPI} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 879bde55..4086fe4e 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -69,7 +69,7 @@ parameters: description: Whether to enable or not the Rbd backend for Cinder type: boolean CinderISCSIHelper: - default: tgtadm + default: lioadm description: The iSCSI helper to use with cinder. type: string CinderLVMLoopDeviceSize: @@ -233,6 +233,13 @@ parameters: Mount options for Pacemaker mount used as Glance storage. Effective when GlanceFilePcmkManage is true. type: string + HAProxyStatsPassword: + description: Password for HAProxy stats endpoint + type: string + HAProxyStatsUser: + description: User for HAProxy stats endpoint + default: admin + type: string HAProxySyslogAddress: default: /dev/log description: Syslog address where HAproxy will send its log @@ -246,7 +253,7 @@ parameters: type: string hidden: true HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. + description: Password for heat_stack_domain_admin user. type: string hidden: true HeatAuthEncryptionKey: @@ -334,6 +341,10 @@ parameters: default: false description: Whether to manage IPtables rules. type: boolean + MemcachedIPv6: + default: false + description: Enable IPv6 features in Memcached. + type: boolean PurgeFirewallRules: default: false description: Whether IPtables rules should be purged before setting up the new ones. @@ -603,7 +614,6 @@ parameters: default: '' # Has to be here because of the ignored empty value bug hidden: true RabbitPassword: - default: guest description: The password for RabbitMQ type: string hidden: true @@ -625,6 +635,14 @@ parameters: default: 16384 description: Configures RabbitMQ FD limit type: string + RabbitIPv6: + default: false + description: Enable IPv6 in RabbitMQ + type: boolean + RedisPassword: + type: string + description: The password to access the Redis service + hidden: true RedisVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug @@ -657,6 +675,10 @@ parameters: default: 10 description: Partition Power to use when building Swift rings type: number + SwiftRingBuild: + default: true + description: Whether to manage Swift rings or not + type: boolean SwiftPassword: description: The password for the swift service account, used by the swift proxy services. @@ -940,6 +962,8 @@ resources: neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} haproxy_log_address: {get_param: HAProxySyslogAddress} + haproxy_stats_password: {get_param: HAProxyStatsPassword} + haproxy_stats_user: {get_param: HAProxyStatsUser} heat.watch_server_url: list_join: - '' @@ -1152,9 +1176,11 @@ resources: ceilometer_coordination_url: list_join: - '' - - - 'redis://' + - - 'redis://:' + - {get_param: RedisPassword} + - '@' - {get_param: RedisVirtualIPUri} - - ':6379' + - ':6379/' ceilometer_dsn: list_join: - '' @@ -1168,6 +1194,7 @@ resources: nova_enable_db_purge: {get_param: NovaEnableDBPurge} nova_ipv6: {get_param: NovaIPv6} corosync_ipv6: {get_param: CorosyncIPv6} + memcached_ipv6: {get_param: MemcachedIPv6} nova_password: {get_param: NovaPassword} nova_dsn: list_join: @@ -1194,16 +1221,10 @@ resources: rabbit_cookie: {get_param: RabbitCookie} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} + rabbit_ipv6: {get_param: RabbitIPv6} + rabbit_fd_limit: {get_param: RabbitFDLimit} mongodb_no_journal: {get_param: MongoDbNoJournal} mongodb_ipv6: {get_param: MongoDbIPv6} - # We need to force this into quotes or hiera will return integer causing - # the puppet module validation regexp to fail. - # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401 - rabbit_fd_limit: - str_replace: - template: "'LIMIT'" - params: - LIMIT: {get_param: RabbitFDLimit} ntp_servers: {get_param: NtpServer} timezone: {get_param: TimeZone} control_virtual_interface: {get_param: ControlVirtualInterface} @@ -1211,6 +1232,7 @@ resources: swift_hash_suffix: {get_param: SwiftHashSuffix} swift_password: {get_param: SwiftPassword} swift_part_power: {get_param: SwiftPartPower} + swift_ring_build: {get_param: SwiftRingBuild} swift_replicas: {get_param: SwiftReplicas} swift_min_part_hours: {get_param: SwiftMinPartHours} swift_mount_check: {get_param: SwiftMountCheck} @@ -1227,7 +1249,7 @@ resources: - '/sahara' swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} - cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} + cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} @@ -1247,6 +1269,7 @@ resources: horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} + redis_password: {get_param: RedisPassword} redis_vip: {get_param: RedisVirtualIP} sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} @@ -1300,7 +1323,7 @@ resources: mapped_data: ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} ceph::profile::params::public_network: {get_input: ceph_public_network} - ceph::mon::public_addr: {get_input: ceph_public_ip} + ceph::profile::params::public_addr: {get_input: ceph_public_ip} database: raw_data: {get_file: hieradata/database.yaml} object: @@ -1325,15 +1348,12 @@ resources: swift::swift_hash_suffix: {get_input: swift_hash_suffix} swift::proxy::authtoken::admin_password: {get_input: swift_password} swift::proxy::workers: {get_input: swift_workers} + tripleo::ringbuilder::build_ring: { get_input: swift_ring_build } tripleo::ringbuilder::part_power: {get_input: swift_part_power} tripleo::ringbuilder::replicas: {get_input: swift_replicas} tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} swift_mount_check: {get_input: swift_mount_check} - # NOTE(dprince): build_ring support is currently not wired in. - # See: https://review.openstack.org/#/c/109225/ - tripleo::ringbuilder::build_ring: True - # Cinder cinder_enable_db_purge: {get_input: cinder_enable_db_purge} cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} @@ -1415,9 +1435,11 @@ resources: heat::debug: {get_input: debug} heat::db::mysql::password: {get_input: heat_password} heat_enable_db_purge: {get_input: heat_enable_db_purge} + heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password} # Keystone keystone::admin_token: {get_input: admin_token} + keystone::roles::admin::password: {get_input: admin_password} keystone_ca_certificate: {get_input: keystone_ca_certificate} keystone_signing_key: {get_input: keystone_signing_key} keystone_signing_certificate: {get_input: keystone_signing_certificate} @@ -1631,13 +1653,18 @@ resources: rabbitmq::file_limit: {get_input: rabbit_fd_limit} rabbitmq::default_user: {get_input: rabbit_username} rabbitmq::default_pass: {get_input: rabbit_password} + rabbit_ipv6: {get_input: rabbit_ipv6} # Redis redis::bind: {get_input: redis_network} + redis::requirepass: {get_input: redis_password} + redis::masterauth: {get_input: redis_password} + redis::sentinel_auth_pass: {get_input: redis_password} redis_vip: {get_input: redis_vip} # Firewall tripleo::firewall::manage_firewall: {get_input: manage_firewall} tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules} # Misc + memcached_ipv6: {get_input: memcached_ipv6} memcached::listen_ip: {get_input: memcached_network} neutron_public_interface_ip: {get_input: neutron_public_interface_ip} ntp::servers: {get_input: ntp_servers} @@ -1648,6 +1675,9 @@ resources: tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address} tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} + tripleo::loadbalancer::haproxy_stats_user: {get_input: haproxy_stats_user} + tripleo::loadbalancer::haproxy_stats_password: {get_input: haproxy_stats_password} + tripleo::loadbalancer::redis_password: {get_input: redis_password} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml index ebd6c251..312d49a0 100644 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -41,6 +41,9 @@ parameters: CephClientUserName: default: openstack type: string + CephIPv6: + default: False + type: boolean resources: CephClusterConfigImpl: @@ -54,7 +57,9 @@ resources: mapped_data: ceph_storage_count: {get_param: ceph_storage_count} enable_external_ceph: true - ceph::profile::params::mon_host: {get_param: ceph_external_mon_ips} + ceph_ipv6: {get_param: CephIPv6} + ceph_mon_host: {get_param: ceph_external_mon_ips} + ceph_mon_host_v6: {get_param: ceph_external_mon_ips} ceph::profile::params::fsid: {get_param: ceph_fsid} ceph::profile::params::client_keys: str_replace: @@ -72,6 +77,7 @@ resources: NOVA_POOL: {get_param: NovaRbdPoolName} CINDER_POOL: {get_param: CinderRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} + ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} cinder_rbd_pool_name: {get_param: CinderRbdPoolName} glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml index 905f196d..9b6981bb 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-11-12 +heat_template_version: 2015-10-15 description: Configure hieradata for Cinder Dell Storage Center configuration diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml index c73608f1..36db334e 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-11-06 +heat_template_version: 2015-10-15 description: Configure hieradata for Cinder Eqlx configuration diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml index aab42849..f955034d 100644 --- a/puppet/extraconfig/tls/ca-inject.yaml +++ b/puppet/extraconfig/tls/ca-inject.yaml @@ -4,7 +4,7 @@ description: > This is a template which will inject the trusted anchor. parameters: - # Can be overriden via parameter_defaults in the environment + # Can be overridden via parameter_defaults in the environment SSLRootCertificate: description: > The content of a CA's SSL certificate file in PEM format. diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index 20bb3737..77b11378 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -5,7 +5,7 @@ description: > for the load balancer using the given parameters. parameters: - # Can be overriden via parameter_defaults in the environment + # Can be overridden via parameter_defaults in the environment SSLCertificate: description: > The content of the SSL certificate (without Key) in PEM format. @@ -21,7 +21,7 @@ parameters: type: string hidden: true - # Can be overriden by parameter_defaults if the user wants to try deploying + # Can be overridden by parameter_defaults if the user wants to try deploying # this in a distro that doesn't support this path. DeployedSSLCertificatePath: default: '/etc/pki/tls/private/overcloud_endpoint.pem' diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 572eef9f..865210c9 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -7,7 +7,6 @@ nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' nova::compute::vnc_enabled: true -nova::compute::libvirt::vncserver_listen: '0.0.0.0' nova::compute::libvirt::migration_support: true nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 3c60e905..3e523f1b 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -1,4 +1,5 @@ # Hiera data here applies to all controller nodes + nova::api::enabled: true nova::conductor::enabled: true nova::consoleauth::enabled: true @@ -29,6 +30,9 @@ redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}" redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}" redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' +# keystone +keystone::roles::admin::email: 'root@localhost' + # service tenant glance::api::keystone_tenant: 'service' aodh::api::keystone_tenant: 'service' @@ -77,7 +81,6 @@ glance::api::pipeline: 'keystone' glance::api::show_image_direct_url: true glance::registry::pipeline: 'keystone' glance::backend::swift::swift_store_create_container_on_put: true -glance::backend::rbd::rbd_store_user: 'openstack' glance_file_pcmk_directory: '/var/lib/glance/images' # neutron @@ -111,6 +114,9 @@ heat::cron::purge_deleted::age: 30 heat::cron::purge_deleted::age_type: 'days' heat::cron::purge_deleted::maxdelay: 3600 heat::cron::purge_deleted::destination: '/dev/null' +heat::keystone::domain::domain_name: 'heat_stack' +heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' +heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' # pacemaker pacemaker::corosync::cluster_name: 'tripleo_cluster' diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index 0db5b45a..fd7faff1 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -40,6 +40,14 @@ if str2bool(hiera('ceph_osd_selinux_permissive', true)) { } -> Class['ceph::profile::osd'] } +if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') +} else { + $mon_host = hiera('ceph_mon_host') +} +class { '::ceph::profile::params': + mon_host => $mon_host, +} include ::ceph::conf include ::ceph::profile::client include ::ceph::profile::osd diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index dcf63740..13ae31c5 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -53,15 +53,17 @@ include ::nova include ::nova::config include ::nova::compute -nova_config { - 'DEFAULT/my_ip': value => $ipaddress; - 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; - 'DEFAULT/host': value => $fqdn; -} - $rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) $rbd_persistent_storage = hiera('rbd_persistent_storage', false) if $rbd_ephemeral_storage or $rbd_persistent_storage { + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } + class { '::ceph::profile::params': + mon_host => $mon_host, + } include ::ceph::conf include ::ceph::profile::client @@ -83,7 +85,27 @@ if hiera('cinder_enable_nfs_backend', false) { package {'nfs-utils': } -> Service['nova-compute'] } -include ::nova::compute::libvirt +if str2bool(hiera('nova::use_ipv6', false)) { + $vncserver_listen = '::0' +} else { + $vncserver_listen = '0.0.0.0' +} +class { '::nova::compute::libvirt' : + vncserver_listen => $vncserver_listen, +} + +nova_config { + 'DEFAULT/my_ip': value => $ipaddress; + 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; + 'DEFAULT/host': value => $fqdn; + # TUNNELLED mode provides a security enhancement when using shared storage but is not + # supported when not using shared storage. + # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 + # In future versions of QEMU (2.6, mostly), Dan's native encryption + # work will obsolete the need to use TUNNELLED transport mode. + 'libvirt/live_migration_tunnelled': value => $rbd_ephemeral_storage; +} + if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { file {'/etc/libvirt/qemu.conf': ensure => present, @@ -163,7 +185,7 @@ snmp::snmpv3_user { $snmpd_user: } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('compute_classes') diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index b78648fb..5b3e8f77 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -46,16 +46,26 @@ if hiera('step') >= 2 { # MongoDB if downcase(hiera('ceilometer_backend')) == 'mongodb' { include ::mongodb::globals - + include ::mongodb::client include ::mongodb::server - $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') + # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and + # without the brackets as 'members' argument for the 'mongodb_replset' + # resource. + if str2bool(hiera('mongodb::server::ipv6', false)) { + $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[') + $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + } else { + $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + } $mongo_node_string = join($mongo_node_ips_with_port, ',') $mongodb_replset = hiera('mongodb::server::replset') $ceilometer_mongodb_conn_string = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" if downcase(hiera('bootstrap_nodeid')) == $::hostname { mongodb_replset { $mongodb_replset : - members => $mongo_node_ips_with_port, + members => $mongo_node_ips_with_port_nobr, } } } @@ -118,13 +128,23 @@ if hiera('step') >= 2 { $rabbit_nodes = hiera('rabbit_node_ips') if count($rabbit_nodes) > 1 { + + $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false)) + if $rabbit_ipv6 { + $rabbit_env = merge(hiera('rabbitmq_environment'), { + 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"' + }) + } else { + $rabbit_env = hiera('rabbitmq_environment') + } + class { '::rabbitmq': config_cluster => true, cluster_nodes => $rabbit_nodes, tcp_keepalive => false, config_kernel_variables => hiera('rabbitmq_kernel_variables'), config_variables => hiera('rabbitmq_config_variables'), - environment_variables => hiera('rabbitmq_environment'), + environment_variables => $rabbit_env, } rabbitmq_policy { 'ha-all@/': pattern => '^(?!amq\.).*', @@ -142,8 +162,15 @@ if hiera('step') >= 2 { $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) if $enable_ceph { + $mon_initial_members = downcase(hiera('ceph_mon_initial_members')) + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } class { '::ceph::profile::params': - mon_initial_members => downcase(hiera('ceph_mon_initial_members')), + mon_initial_members => $mon_initial_members, + mon_host => $mon_host, } include ::ceph::conf include ::ceph::profile::mon @@ -169,6 +196,14 @@ if hiera('step') >= 2 { } if str2bool(hiera('enable_external_ceph', false)) { + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } + class { '::ceph::profile::params': + mon_host => $mon_host, + } include ::ceph::conf include ::ceph::profile::client } @@ -233,8 +268,15 @@ if hiera('step') >= 3 { include ::glance::notify::rabbitmq include join(['::glance::backend::', $glance_backend]) + $nova_ipv6 = hiera('nova::use_ipv6', false) + if $nova_ipv6 { + $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') + } else { + $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211') + } + class { '::nova' : - memcached_servers => suffix(hiera('memcache_node_ips'), ':11211'), + memcached_servers => $memcached_servers } include ::nova::config include ::nova::api @@ -607,8 +649,15 @@ if hiera('step') >= 3 { } $neutron_options = {'profile_support' => $_profile_support } + $memcached_ipv6 = hiera('memcached_ipv6', false) + if $memcached_ipv6 { + $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]') + } else { + $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1') + } + class { '::horizon': - cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'), + cache_server_ip => $horizon_memcached_servers, neutron_options => $neutron_options, } @@ -619,7 +668,7 @@ if hiera('step') >= 3 { } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('controller_classes') @@ -644,6 +693,23 @@ if hiera('step') >= 4 { if $heat_enable_db_purge { include ::heat::cron::purge_deleted } + + if downcase(hiera('bootstrap_nodeid')) == $::hostname { + include ::keystone::roles::admin + # Class ::heat::keystone::domain has to run on bootstrap node + # because it creates DB entities via API calls. + include ::heat::keystone::domain + + Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain'] + } else { + # On non-bootstrap node we don't need to create Keystone resources again + class { '::heat::keystone::domain': + manage_domain => false, + manage_user => false, + manage_role => false, + } + } + } #END STEP 4 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index c91e179e..7c5fd6bd 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -34,7 +34,7 @@ $enable_load_balancer = hiera('enable_load_balancer', true) # When to start and enable services which haven't been Pacemakerized # FIXME: remove when we start all OpenStack services using Pacemaker -# (occurences of this variable will be gradually replaced with false) +# (occurrences of this variable will be gradually replaced with false) $non_pcmk_start = hiera('step') >= 4 if hiera('step') >= 1 { @@ -68,9 +68,6 @@ if hiera('step') >= 1 { } else { $cluster_setup_extras = {} } - user { 'hacluster': - ensure => present, - } -> class { '::pacemaker': hacluster_pwd => hiera('hacluster_pwd'), } -> @@ -100,12 +97,21 @@ if hiera('step') >= 1 { # avoid races where non-master nodes attempt to start without # config (eg. binding on 0.0.0.0) # The module ignores erlang_cookie if cluster_config is false + $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false)) + if $rabbit_ipv6 { + $rabbit_env = merge(hiera('rabbitmq_environment'), { + 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"' + }) + } else { + $rabbit_env = hiera('rabbitmq_environment') + } + class { '::rabbitmq': service_manage => false, tcp_keepalive => false, config_kernel_variables => hiera('rabbitmq_kernel_variables'), config_variables => hiera('rabbitmq_config_variables'), - environment_variables => hiera('rabbitmq_environment'), + environment_variables => $rabbit_env, } -> file { '/var/lib/rabbitmq/.erlang.cookie': ensure => file, @@ -118,6 +124,7 @@ if hiera('step') >= 1 { if downcase(hiera('ceilometer_backend')) == 'mongodb' { include ::mongodb::globals + include ::mongodb::client class { '::mongodb::server' : service_manage => false, } @@ -192,8 +199,19 @@ if hiera('step') >= 1 { if hiera('step') >= 2 { # NOTE(gfidente): the following vars are needed on all nodes so they - # need to stay out of pacemaker_master conditional - $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') + # need to stay out of pacemaker_master conditional. + # The addresses mangling will hopefully go away when we'll be able to + # configure the connection string via hostnames, until then, we need to pass + # the list of IPv6 addresses *with* port and without the brackets as 'members' + # argument for the 'mongodb_replset' resource. + if str2bool(hiera('mongodb::server::ipv6', false)) { + $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[') + $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + } else { + $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + } $mongodb_replset = hiera('mongodb::server::replset') if $pacemaker_master { @@ -422,7 +440,7 @@ if hiera('step') >= 2 { before => Mongodb_replset[$mongodb_replset], } mongodb_replset { $mongodb_replset : - members => $mongo_node_ips_with_port, + members => $mongo_node_ips_with_port_nobr, } } @@ -517,8 +535,15 @@ MYSQL_HOST=localhost\n", $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) if $enable_ceph { + $mon_initial_members = downcase(hiera('ceph_mon_initial_members')) + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } class { '::ceph::profile::params': - mon_initial_members => downcase(hiera('ceph_mon_initial_members')), + mon_initial_members => $mon_initial_members, + mon_host => $mon_host, } include ::ceph::conf include ::ceph::profile::mon @@ -544,6 +569,14 @@ MYSQL_HOST=localhost\n", } if str2bool(hiera('enable_external_ceph', false)) { + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } + class { '::ceph::profile::params': + mon_host => $mon_host, + } include ::ceph::conf include ::ceph::profile::client } @@ -1085,8 +1118,16 @@ if hiera('step') >= 3 { $_profile_support = 'None' } $neutron_options = {'profile_support' => $_profile_support } + + $memcached_ipv6 = hiera('memcached_ipv6', false) + if $memcached_ipv6 { + $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]') + } else { + $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1') + } + class { '::horizon': - cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'), + cache_server_ip => $horizon_memcached_servers, neutron_options => $neutron_options, } @@ -1123,7 +1164,7 @@ if hiera('step') >= 3 { } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('controller_classes') @@ -1903,6 +1944,16 @@ if hiera('step') >= 5 { class {'::keystone::endpoint' : require => Pacemaker::Resource::Service[$::apache::params::service_name], } + include ::heat::keystone::domain + Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain'] + + } else { + # On non-master controller we don't need to create Keystone resources again + class { '::heat::keystone::domain': + manage_domain => false, + manage_user => false, + manage_role => false, + } } } #END STEP 5 diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index 1ac66904..ae074589 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -50,7 +50,7 @@ snmp::snmpv3_user { $snmpd_user: } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('object_classes') diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp index 66722f57..134dc43b 100644 --- a/puppet/manifests/overcloud_volume.pp +++ b/puppet/manifests/overcloud_volume.pp @@ -54,7 +54,7 @@ snmp::snmpv3_user { $snmpd_user: } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('volume_classes') diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index 3b04be83..8a4ea21f 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -30,6 +30,10 @@ parameters: default: 10 description: Partition Power to use when building Swift rings type: number + RingBuild: + default: true + description: Whether to manage Swift rings or not + type: boolean Replicas: type: number default: 3 @@ -83,6 +87,9 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json + SwiftStorageIPs: + default: {} + type: json NetworkDeploymentActions: type: comma_delimited_list description: > @@ -111,6 +118,9 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + NodeIndex: + type: number + default: 0 resources: @@ -156,31 +166,43 @@ resources: type: OS::TripleO::SwiftStorage::Ports::ExternalPort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} InternalApiPort: type: OS::TripleO::SwiftStorage::Ports::InternalApiPort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} StoragePort: type: OS::TripleO::SwiftStorage::Ports::StoragePort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} StorageMgmtPort: type: OS::TripleO::SwiftStorage::Ports::StorageMgmtPort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} TenantPort: type: OS::TripleO::SwiftStorage::Ports::TenantPort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} ManagementPort: type: OS::TripleO::SwiftStorage::Ports::ManagementPort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} NetworkConfig: type: OS::TripleO::ObjectStorage::Net::SoftwareConfig @@ -245,17 +267,14 @@ resources: raw_data: {get_file: hieradata/object.yaml} mapped_data: # data supplied directly to this deployment configuration, etc swift::swift_hash_suffix: { get_input: swift_hash_suffix } + tripleo::ringbuilder::build_ring: { get_input: swift_ring_build } tripleo::ringbuilder::part_power: { get_input: swift_part_power } tripleo::ringbuilder::replicas: {get_input: swift_replicas } - # Swift swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} swift_mount_check: {get_input: swift_mount_check } tripleo::ringbuilder::min_part_hours: { get_input: swift_min_part_hours } ntp::servers: {get_input: ntp_servers} timezone::timezone: {get_input: timezone} - # NOTE(dprince): build_ring support is currently not wired in. - # See: https://review.openstack.org/#/c/109225/ - tripleo::ringbuilder::build_ring: True snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} tripleo::packages::enable_install: {get_input: enable_package_install} @@ -276,6 +295,7 @@ resources: swift_hash_suffix: {get_param: HashSuffix} swift_mount_check: {get_param: MountCheck} swift_min_part_hours: {get_param: MinPartHours} + swift_ring_build: {get_param: RingBuild} swift_part_power: {get_param: PartPower} swift_replicas: { get_param: Replicas} ntp_servers: {get_param: NtpServer} |