diff options
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/cinder-storage.yaml | 2 | ||||
| -rw-r--r-- | puppet/controller.yaml | 140 | ||||
| -rw-r--r-- | puppet/services/database/mysql.yaml | 34 | ||||
| -rw-r--r-- | puppet/services/database/redis-base.yaml | 1 | ||||
| -rw-r--r-- | puppet/services/haproxy.yaml | 32 | ||||
| -rw-r--r-- | puppet/services/keepalived.yaml | 13 | ||||
| -rw-r--r-- | puppet/services/neutron-dhcp.yaml | 15 | ||||
| -rw-r--r-- | puppet/services/pacemaker/database/mysql.yaml | 10 | ||||
| -rw-r--r-- | puppet/services/rabbitmq.yaml | 20 | ||||
| -rw-r--r-- | puppet/services/swift-storage.yaml | 5 | ||||
| -rw-r--r-- | puppet/swift-storage.yaml | 13 |
11 files changed, 150 insertions, 135 deletions
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index ff2c5d1c..ef3f08ff 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -106,7 +106,7 @@ resources: properties: image: {get_param: BlockStorageImage} - flavor: {get_param: Flavor} + flavor: {get_param: OvercloudBlockStorageFlavor} key_name: {get_param: KeyName} networks: - network: ctlplane diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 75b412aa..1b2706ea 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -4,10 +4,6 @@ description: > OpenStack controller node configured by Puppet. parameters: - AdminPassword: - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true AodhPassword: description: The password for the aodh services. type: string @@ -31,10 +27,6 @@ parameters: ... } type: json - ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. - type: string CorosyncIPv6: default: false description: Enable IPv6 in Corosync @@ -47,10 +39,6 @@ parameters: default: false description: Whether to enable fencing in Pacemaker or not. type: boolean - EnableGalera: - default: true - description: Whether to use Galera instead of regular MariaDB. - type: boolean EnableLoadBalancer: default: true description: Whether to deploy a LoadBalancer on the Controller @@ -99,17 +87,6 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - HAProxyStatsPassword: - description: Password for HAProxy stats endpoint - type: string - HAProxyStatsUser: - description: User for HAProxy stats endpoint - default: admin - type: string - HAProxySyslogAddress: - default: /dev/log - description: Syslog address where HAproxy will send its log - type: string HeatAuthEncryptionKey: description: Auth encryption key for heat-engine type: string @@ -149,31 +126,6 @@ parameters: default: false description: Whether IPtables rules should be purged before setting up the new ones. type: boolean - MysqlClusterUniquePart: - description: A unique identifier of the MySQL cluster the controller is in. - type: string - default: 'unset' # Has to be here because of the ignored empty value bug - # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446 - # constraints: - # - length: {min: 4, max: 10} - MysqlInnodbBufferPoolSize: - description: > - Specifies the size of the buffer pool in megabytes. Setting to - zero should be interpreted as "no value" and will defer to the - lower level default. - type: number - default: 0 - MysqlMaxConnections: - description: Configures MySQL max_connections config setting - type: number - default: 4096 - MysqlClustercheckPassword: - type: string - hidden: true - MysqlRootPassword: - type: string - hidden: true - default: '' # Has to be here because of the ignored empty value bug NeutronMetadataProxySharedSecret: description: Shared secret to prevent spoofing type: string @@ -203,34 +155,6 @@ parameters: type: string description: The password for the 'pcsd' user. hidden: true - PublicVirtualInterface: - default: 'br-ex' - description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. - type: string - RabbitCookie: - type: string - default: '' # Has to be here because of the ignored empty value bug - hidden: true - RabbitPassword: - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number RedisPassword: description: The password for Redis type: string @@ -247,13 +171,14 @@ parameters: in the ring. hidden: true type: string + SwiftRawDisks: + default: {} + description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' + type: json UpgradeLevelNovaCompute: type: string description: Nova Compute upgrade level default: '' - MysqlVirtualIP: - type: string - default: '' ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -480,30 +405,16 @@ resources: server: {get_resource: Controller} input_values: bootstack_nodeid: {get_attr: [Controller, name]} - haproxy_log_address: {get_param: HAProxySyslogAddress} - haproxy_stats_password: {get_param: HAProxyStatsPassword} - haproxy_stats_user: {get_param: HAProxyStatsUser} heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} horizon_secret: {get_param: HorizonSecret} - admin_password: {get_param: AdminPassword} debug: {get_param: Debug} keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } enable_fencing: {get_param: EnableFencing} - enable_galera: {get_param: EnableGalera} enable_load_balancer: {get_param: EnableLoadBalancer} manage_firewall: {get_param: ManageFirewall} purge_firewall_rules: {get_param: PurgeFirewallRules} - mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} - mysql_max_connections: {get_param: MysqlMaxConnections} - mysql_root_password: {get_param: MysqlRootPassword} - mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} - mysql_cluster_name: - str_replace: - template: tripleo-CLUSTER - params: - CLUSTER: {get_param: MysqlClusterUniquePart} neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] } aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] } @@ -525,13 +436,6 @@ resources: instance_name_template: {get_param: InstanceNameTemplate} fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - rabbit_cookie: {get_param: RabbitCookie} - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_client_port: {get_param: RabbitClientPort} - control_virtual_interface: {get_param: ControlVirtualInterface} - public_virtual_interface: {get_param: PublicVirtualInterface} swift_hash_suffix: {get_param: SwiftHashSuffix} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} @@ -564,13 +468,10 @@ resources: template: "NETWORK_subnet" params: NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} - rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitmqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} redis_vip: {get_param: RedisVirtualIP} sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} - mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - mysql_virtual_ip: {get_param: MysqlVirtualIP} ceph_cluster_network: get_attr: - NetIpMap @@ -680,17 +581,6 @@ resources: # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} - # MySQL - admin_password: {get_input: admin_password} - enable_galera: {get_input: enable_galera} - mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} - mysql_max_connections: {get_input: mysql_max_connections} - mysql::server::root_password: {get_input: mysql_root_password} - mysql_clustercheck_password: {get_input: mysql_clustercheck_password} - mysql_cluster_name: {get_input: mysql_cluster_name} - mysql_bind_host: {get_input: mysql_network} - mysql_virtual_ip: {get_input: mysql_virtual_ip} - # Neutron neutron::bind_host: {get_input: neutron_api_network} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} @@ -734,9 +624,6 @@ resources: # Sahara sahara::host: {get_input: sahara_api_network} - # RabbitMQ - rabbitmq::node_ip_address: {get_input: rabbitmq_network} - rabbitmq::erlang_cookie: {get_input: rabbit_cookie} # Redis redis::bind: {get_input: redis_network} redis_vip: {get_input: redis_vip} @@ -746,17 +633,7 @@ resources: # Misc memcached_ipv6: {get_input: memcached_ipv6} memcached::listen_ip: {get_input: memcached_network} - control_virtual_interface: {get_input: control_virtual_interface} - public_virtual_interface: {get_input: public_virtual_interface} - tripleo::keepalived::control_virtual_interface: {get_input: control_virtual_interface} - tripleo::keepalived::public_virtual_interface: {get_input: public_virtual_interface} - tripleo::haproxy::control_virtual_interface: {get_input: control_virtual_interface} - tripleo::haproxy::public_virtual_interface: {get_input: public_virtual_interface} - tripleo::haproxy::haproxy_log_address: {get_input: haproxy_log_address} tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} - tripleo::haproxy::haproxy_stats_user: {get_input: haproxy_stats_user} - tripleo::haproxy::haproxy_stats_password: {get_input: haproxy_stats_password} - tripleo::haproxy::redis_password: {get_input: redis_password} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} # Hook for site-specific additional pre-deployment config, e.g extra hieradata @@ -873,7 +750,14 @@ outputs: description: Swift device formatted for swift-ring-builder value: str_replace: - template: 'r1z1-IP:%PORT%/d1' + template: + list_join: + - ',' + - ['r1z1-IP:%PORT%/d1'] + - repeat: + template: 'r1z1-IP:%PORT%/DEVICE' + for_each: + DEVICE: {get_param: SwiftRawDisks} params: IP: get_attr: diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 8d2185f6..b0eea481 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > MySQL service deployment using puppet @@ -19,6 +19,21 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MysqlMaxConnections: + description: Configures MySQL max_connections config setting + type: number + default: 4096 + MysqlRootPassword: + type: string + hidden: true + default: '' + MysqlClustercheckPassword: + type: string + hidden: true + EnableGalera: + default: true + description: Whether to use Galera instead of regular MariaDB. + type: boolean outputs: role_data: @@ -42,5 +57,22 @@ outputs: - 4567 - 4568 - 9200 + mysql_max_connections: {get_param: MysqlMaxConnections} + mysql::server::root_password: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: MysqlRootPassword} + - {get_param: [DefaultPasswords, mysql_root_password]} + mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} + enable_galera: {get_param: EnableGalera} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index 301b2bb1..40711432 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -36,4 +36,3 @@ outputs: redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"' redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"' redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' - tripleo::loadbalancer::redis_password: {get_param: RedisPassword} diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 00574c2f..8ac669a9 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -18,6 +18,32 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HAProxyStatsPassword: + description: Password for HAProxy stats endpoint + hidden: true + type: string + HAProxyStatsUser: + description: User for HAProxy stats endpoint + default: admin + type: string + HAProxySyslogAddress: + default: /dev/log + description: Syslog address where HAproxy will send its log + type: string + RedisPassword: + description: The password for Redis + type: string + hidden: true + ControlVirtualInterface: + default: 'br-ex' + description: Interface where virtual ip will be assigned. + type: string + PublicVirtualInterface: + default: 'br-ex' + description: > + Specifies the interface where the public-facing virtual ip will be assigned. + This should be int_public when a VLAN is being used. + type: string outputs: role_data: @@ -49,5 +75,11 @@ outputs: tripleo::haproxy::heat_cloudwatch: true tripleo::haproxy::heat_cfn: true tripleo::haproxy::horizon: true + tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} + tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser} + tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} + tripleo::haproxy::redis_password: {get_param: RedisPassword} + tripleo::haproxy::control_virtual_interface: {get_param: ControlVirtualInterface} + tripleo::haproxy::public_virtual_interface: {get_param: PublicVirtualInterface} step_config: | include ::tripleo::profile::base::haproxy diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index c8c977c6..b783345b 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -18,11 +18,24 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ControlVirtualInterface: + default: 'br-ex' + description: Interface where virtual ip will be assigned. + type: string + PublicVirtualInterface: + default: 'br-ex' + description: > + Specifies the interface where the public-facing virtual ip will be assigned. + This should be int_public when a VLAN is being used. + type: string outputs: role_data: description: Role data for the Keepalived role. value: service_name: keepalived + config_settings: + tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface} + tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface} step_config: | include ::tripleo::profile::base::keepalived diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index ed2dbd0e..513cb2d4 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -18,10 +18,19 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + NeutronEnableMetadataNetwork: + default: false + description: If True, DHCP provide metadata network. Requires either + IsolatedMetadata or ForceMetadata parameters to also be True. + type: boolean NeutronEnableIsolatedMetadata: - default: 'False' + default: false description: If True, DHCP provide metadata route to VM. - type: string + type: boolean + NeutronEnableForceMetadata: + default: false + description: If True, DHCP always provides metadata route to VM. + type: boolean resources: @@ -41,6 +50,8 @@ outputs: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} + neutron::agents::dhcp::enable_force_metadata: {get_param: NeutronEnableForceMetadata} + neutron::agents::dhcp::enable_metadata_network: {get_param: NeutronEnableMetadataNetwork} tripleo.neutron_dhcp.firewall_rules: '115 neutron dhcp input': proto: 'udp' diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index e63a8f1e..d555ed0a 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -20,11 +20,21 @@ parameters: via parameter_defaults in the resource registry. type: json +resources: + + MysqlBase: + type: ../../database/mysql.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + outputs: role_data: description: Service MySQL with Pacemaker using composable services. value: service_name: mysql config_settings: + get_attr: [MysqlBase, role_data, config_settings] step_config: | include ::tripleo::profile::pacemaker::database::mysql diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 5d580648..06595b07 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > RabbitMQ service configured with Puppet @@ -34,6 +34,10 @@ parameters: default: false description: Enable IPv6 in RabbitMQ type: boolean + RabbitCookie: + type: string + default: '' + hidden: true outputs: role_data: @@ -66,5 +70,19 @@ outputs: tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]' cluster_partition_handling: 'pause_minority' loopback_users: '[]' + rabbitmq::erlang_cookie: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: RabbitCookie} + - {get_param: [DefaultPasswords, rabbit_cookie]} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]} step_config: | include ::tripleo::profile::base::rabbitmq diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index 558f2752..664a701f 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -26,6 +26,10 @@ parameters: default: false description: Value of mount_check in Swift account/container/object -server.conf type: boolean + SwiftRawDisks: + default: {} + description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' + type: json # DEPRECATED options for compatibility with overcloud.yaml # This should be removed and manipulation of the ControllerServices list @@ -69,5 +73,6 @@ outputs: swift::storage::all::account_pipeline: - healthcheck - account-server + swift::storage::disks: {get_param: SwiftRawDisks} step_config: | include ::tripleo::profile::base::swift::storage diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index dc28ee76..1f3022b8 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -101,6 +101,10 @@ parameters: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + SwiftRawDisks: + default: {} + description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' + type: json resources: @@ -377,7 +381,14 @@ outputs: description: Swift device formatted for swift-ring-builder value: str_replace: - template: 'r1z1-IP:%PORT%/d1' + template: + list_join: + - ',' + - ['r1z1-IP:%PORT%/d1'] + - repeat: + template: 'r1z1-IP:%PORT%/DEVICE' + for_each: + DEVICE: {get_param: SwiftRawDisks} params: IP: get_attr: |