aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/all-nodes-config.yaml28
-rw-r--r--puppet/ceph-cluster-config.yaml17
-rw-r--r--puppet/ceph-storage.yaml25
-rw-r--r--puppet/cinder-storage.yaml32
-rw-r--r--puppet/compute.yaml26
-rw-r--r--puppet/controller-config-pacemaker.yaml10
-rw-r--r--puppet/controller-config.yaml10
-rw-r--r--puppet/controller-post.yaml45
-rw-r--r--puppet/controller.yaml498
-rw-r--r--puppet/extraconfig/ceph/ceph-external-config.yaml14
-rwxr-xr-xpuppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml113
-rw-r--r--puppet/extraconfig/tls/ca-inject.yaml2
-rw-r--r--puppet/extraconfig/tls/tls-cert-inject.yaml12
-rw-r--r--puppet/hieradata/common.yaml6
-rw-r--r--puppet/hieradata/compute.yaml2
-rw-r--r--puppet/hieradata/controller.yaml50
-rw-r--r--puppet/hieradata/database.yaml8
-rw-r--r--puppet/manifests/overcloud_compute.pp43
-rw-r--r--puppet/manifests/overcloud_controller.pp175
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp708
-rw-r--r--puppet/manifests/ringbuilder.pp8
-rw-r--r--puppet/services/README.rst50
-rw-r--r--puppet/services/glance-api.yaml102
-rw-r--r--puppet/services/glance-registry.yaml48
-rw-r--r--puppet/services/keystone.yaml135
-rw-r--r--puppet/services/neutron-base.yaml44
-rw-r--r--puppet/services/neutron-dhcp.yaml56
-rw-r--r--puppet/services/pacemaker/glance-api.yaml60
-rw-r--r--puppet/services/pacemaker/glance-registry.yaml33
-rw-r--r--puppet/services/pacemaker/keystone.yaml34
-rw-r--r--puppet/services/pacemaker/neutron-dhcp.yaml33
-rw-r--r--puppet/services/services.yaml40
-rw-r--r--puppet/swift-storage.yaml35
-rw-r--r--puppet/vip-config.yaml2
34 files changed, 1597 insertions, 907 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index 2f2a1e9d..b065ddd2 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -34,6 +34,8 @@ parameters:
type: comma_delimited_list
ceilometer_api_node_ips:
type: comma_delimited_list
+ aodh_api_node_ips:
+ type: comma_delimited_list
nova_api_node_ips:
type: comma_delimited_list
nova_metadata_node_ips:
@@ -42,6 +44,8 @@ parameters:
type: comma_delimited_list
glance_registry_node_ips:
type: comma_delimited_list
+ gnocchi_api_node_ips:
+ type: comma_delimited_list
cinder_api_node_ips:
type: comma_delimited_list
neutron_api_node_ips:
@@ -63,6 +67,12 @@ parameters:
description: >
Setting to a previously unused value during stack-update will trigger
package update on all nodes
+ StackAction:
+ type: string
+ description: >
+ Heat action on performed top-level stack.
+ constraints:
+ - allowed_values: ['CREATE', 'UPDATE']
resources:
@@ -187,6 +197,22 @@ resources:
list_join:
- "','"
- {get_param: ceilometer_api_node_ips}
+ aodh_api_node_ips:
+ str_replace:
+ template: "['SERVERS_LIST']"
+ params:
+ SERVERS_LIST:
+ list_join:
+ - "','"
+ - {get_param: aodh_api_node_ips}
+ gnocchi_api_node_ips:
+ str_replace:
+ template: "['SERVERS_LIST']"
+ params:
+ SERVERS_LIST:
+ list_join:
+ - "','"
+ - {get_param: gnocchi_api_node_ips}
nova_api_node_ips:
str_replace:
template: "['SERVERS_LIST']"
@@ -272,6 +298,7 @@ resources:
# NOTE(gfidente): interpolation with %{} in the
# hieradata file can't be used as it returns string
ceilometer::rabbit_hosts: *rabbit_nodes_array
+ aodh::rabbit_hosts: *rabbit_nodes_array
cinder::rabbit_hosts: *rabbit_nodes_array
glance::notify::rabbitmq::rabbit_hosts: *rabbit_nodes_array
heat::rabbit_hosts: *rabbit_nodes_array
@@ -282,6 +309,7 @@ resources:
deploy_identifier: {get_param: DeployIdentifier}
update_identifier: {get_param: UpdateIdentifier}
+ stack_action: {get_param: StackAction}
outputs:
config_id:
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml
index dc2f98ed..fd161886 100644
--- a/puppet/ceph-cluster-config.yaml
+++ b/puppet/ceph-cluster-config.yaml
@@ -36,6 +36,9 @@ parameters:
GlanceRbdPoolName:
default: images
type: string
+ GnocchiRbdPoolName:
+ default: metrics
+ type: string
CephClientUserName:
default: openstack
type: string
@@ -91,21 +94,25 @@ resources:
cap_mon: 'allow profile bootstrap-osd'
},
client.CLIENT_USER: {
- secret: 'ADMIN_KEY',
+ secret: 'CLIENT_KEY',
mode: '0644',
cap_mon: 'allow r',
- cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL'
+ cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
}
}"
params:
CLIENT_USER: {get_param: CephClientUserName}
+ CLIENT_KEY: {get_param: ceph_client_key}
ADMIN_KEY: {get_param: ceph_admin_key}
NOVA_POOL: {get_param: NovaRbdPoolName}
CINDER_POOL: {get_param: CinderRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
+ GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
+ gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName}
+ gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
nova::compute::rbd::rbd_keyring:
@@ -113,11 +120,17 @@ resources:
- '.'
- - 'client'
- {get_param: CephClientUserName}
+ gnocchi::storage::ceph::ceph_keyring:
+ list_join:
+ - '.'
+ - - 'client'
+ - {get_param: CephClientUserName}
ceph_client_user_name: {get_param: CephClientUserName}
ceph_pools:
- {get_param: CinderRbdPoolName}
- {get_param: NovaRbdPoolName}
- {get_param: GlanceRbdPoolName}
+ - {get_param: GnocchiRbdPoolName}
outputs:
config_id:
diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml
index d2988926..f0eb71e4 100644
--- a/puppet/ceph-storage.yaml
+++ b/puppet/ceph-storage.yaml
@@ -256,6 +256,7 @@ resources:
- ceph
- '"%{::osfamily}"'
- common
+ merge_behavior: deeper
datafiles:
common:
raw_data: {get_file: hieradata/common.yaml}
@@ -313,12 +314,12 @@ outputs:
str_replace:
template: |
PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST
- STORAGEIP STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST
- TENANTIP TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST
+ EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
+ INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
+ STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
+ STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
+ TENANTIP TENANTHOST.DOMAIN TENANTHOST
+ MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -326,37 +327,37 @@ outputs:
EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
EXTERNALHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [CephStorage, name]}
- external
INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
INTERNAL_APIHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [CephStorage, name]}
- internalapi
STORAGEIP: {get_attr: [StoragePort, ip_address]}
STORAGEHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [CephStorage, name]}
- storage
STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
STORAGE_MGMTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [CephStorage, name]}
- storagemgmt
TENANTIP: {get_attr: [TenantPort, ip_address]}
TENANTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [CephStorage, name]}
- tenant
MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
MANAGEMENTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [CephStorage, name]}
- management
nova_server_resource:
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index 888f3cf8..c1a04e24 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -51,7 +51,6 @@ parameters:
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
RabbitPassword:
- default: 'guest'
type: string
hidden: true
RabbitUserName:
@@ -286,7 +285,11 @@ resources:
size: {get_param: CinderLVMLoopDeviceSize}
cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
cinder_iscsi_helper: {get_param: CinderISCSIHelper}
- cinder_iscsi_ip_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
+ cinder_iscsi_ip_address:
+ str_replace:
+ template: "'IP'"
+ params:
+ IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
rabbit_username: {get_param: RabbitUserName}
rabbit_password: {get_param: RabbitPassword}
@@ -313,6 +316,7 @@ resources:
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- common
+ merge_behavior: deeper
datafiles:
common:
raw_data: {get_file: hieradata/common.yaml}
@@ -376,12 +380,12 @@ outputs:
str_replace:
template: |
PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST
- STORAGEIP STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST
- TENANTIP TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST
+ EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
+ INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
+ STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
+ STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
+ TENANTIP TENANTHOST.DOMAIN TENANTHOST
+ MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -389,37 +393,37 @@ outputs:
EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
EXTERNALHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [BlockStorage, name]}
- external
INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
INTERNAL_APIHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [BlockStorage, name]}
- internalapi
STORAGEIP: {get_attr: [StoragePort, ip_address]}
STORAGEHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [BlockStorage, name]}
- storage
STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
STORAGE_MGMTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [BlockStorage, name]}
- storagemgmt
TENANTIP: {get_attr: [TenantPort, ip_address]}
TENANTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [BlockStorage, name]}
- tenant
MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
MANAGEMENTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [BlockStorage, name]}
- management
nova_server_resource:
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index ee5bced6..4c18067a 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -251,7 +251,6 @@ parameters:
type: string
default: '' # Has to be here because of the ignored empty value bug
RabbitPassword:
- default: guest
description: The password for RabbitMQ
type: string
hidden: true
@@ -487,6 +486,7 @@ resources:
- nova_nuage_data # Optionally provided by ComputeExtraConfigPre
- midonet_data # Optionally provided by AllNodesExtraConfig
- neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre
+ merge_behavior: deeper
datafiles:
compute_extraconfig:
mapped_data: {get_param: NovaComputeExtraConfig}
@@ -761,12 +761,12 @@ outputs:
str_replace:
template: |
PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST
- STORAGEIP STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST
- TENANTIP TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST
+ EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
+ INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
+ STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
+ STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
+ TENANTIP TENANTHOST.DOMAIN TENANTHOST
+ MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -774,37 +774,37 @@ outputs:
EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
EXTERNALHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [NovaCompute, name]}
- external
INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
INTERNAL_APIHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [NovaCompute, name]}
- internalapi
STORAGEIP: {get_attr: [StoragePort, ip_address]}
STORAGEHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [NovaCompute, name]}
- storage
STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
STORAGE_MGMTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [NovaCompute, name]}
- storagemgmt
TENANTIP: {get_attr: [TenantPort, ip_address]}
TENANTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [NovaCompute, name]}
- tenant
MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
MANAGEMENTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [NovaCompute, name]}
- management
nova_server_resource:
diff --git a/puppet/controller-config-pacemaker.yaml b/puppet/controller-config-pacemaker.yaml
index dc81498a..dfebcf82 100644
--- a/puppet/controller-config-pacemaker.yaml
+++ b/puppet/controller-config-pacemaker.yaml
@@ -8,6 +8,10 @@ parameters:
default: false
description: Whether to run config management (e.g. Puppet) in debug mode.
type: boolean
+ StepConfig:
+ type: string
+ description: Config manifests that will be used to step through the deployment.
+ default: ''
resources:
@@ -22,7 +26,11 @@ resources:
outputs:
- name: result
config:
- get_file: manifests/overcloud_controller_pacemaker.pp
+ list_join:
+ - ''
+ - - get_file: manifests/overcloud_controller_pacemaker.pp
+ - get_file: manifests/ringbuilder.pp
+ - {get_param: StepConfig}
outputs:
OS::stack_id:
diff --git a/puppet/controller-config.yaml b/puppet/controller-config.yaml
index f85e1a9e..458aff32 100644
--- a/puppet/controller-config.yaml
+++ b/puppet/controller-config.yaml
@@ -8,6 +8,10 @@ parameters:
default: false
description: Whether to run config management (e.g. Puppet) in debug mode.
type: boolean
+ StepConfig:
+ type: string
+ description: Config manifests that will be used to step through the deployment.
+ default: ''
resources:
@@ -22,7 +26,11 @@ resources:
outputs:
- name: result
config:
- get_file: manifests/overcloud_controller.pp
+ list_join:
+ - ''
+ - - get_file: manifests/overcloud_controller.pp
+ - get_file: manifests/ringbuilder.pp
+ - {get_param: StepConfig}
outputs:
OS::stack_id:
diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml
index 713ad706..705e4b90 100644
--- a/puppet/controller-post.yaml
+++ b/puppet/controller-post.yaml
@@ -13,7 +13,10 @@ parameters:
NodeConfigIdentifiers:
type: json
description: Value which changes if the node configuration may need to be re-applied
-
+ StepConfig:
+ type: string
+ description: Config manifests that will be used to step through the deployment.
+ default: ''
resources:
@@ -35,6 +38,8 @@ resources:
ControllerPuppetConfig:
type: OS::TripleO::ControllerConfig
+ properties:
+ StepConfig: {get_param: StepConfig}
# Step through a series of Puppet runs using the same manifest.
# NOTE: To enable stepping through the deployments via heat hooks,
@@ -64,39 +69,26 @@ resources:
update_identifier: {get_param: NodeConfigIdentifiers}
actions: ['CREATE'] # no need for two passes on an UPDATE
- ControllerRingbuilderPuppetConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- inputs:
- outputs:
- - name: result
- config:
- get_file: manifests/ringbuilder.pp
-
- ControllerRingbuilderDeployment_Step3:
+ ControllerOvercloudServicesDeployment_Step3:
type: OS::Heat::StructuredDeployments
depends_on: ControllerServicesBaseDeployment_Step2
properties:
- name: ControllerRingbuilderDeployment_Step3
+ name: ControllerOvercloudServicesDeployment_Step3
servers: {get_param: servers}
- config: {get_resource: ControllerRingbuilderPuppetConfig}
+ config: {get_resource: ControllerPuppetConfig}
input_values:
+ step: 3
update_identifier: {get_param: NodeConfigIdentifiers}
ControllerOvercloudServicesDeployment_Step4:
type: OS::Heat::StructuredDeployments
- depends_on: ControllerRingbuilderDeployment_Step3
+ depends_on: ControllerOvercloudServicesDeployment_Step3
properties:
name: ControllerOvercloudServicesDeployment_Step4
servers: {get_param: servers}
config: {get_resource: ControllerPuppetConfig}
input_values:
- step: 3
+ step: 4
update_identifier: {get_param: NodeConfigIdentifiers}
ControllerOvercloudServicesDeployment_Step5:
@@ -107,23 +99,12 @@ resources:
servers: {get_param: servers}
config: {get_resource: ControllerPuppetConfig}
input_values:
- step: 4
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- ControllerOvercloudServicesDeployment_Step6:
- type: OS::Heat::StructuredDeployments
- depends_on: ControllerOvercloudServicesDeployment_Step5
- properties:
- name: ControllerOvercloudServicesDeployment_Step6
- servers: {get_param: servers}
- config: {get_resource: ControllerPuppetConfig}
- input_values:
step: 5
update_identifier: {get_param: NodeConfigIdentifiers}
ControllerPostPuppet:
type: OS::TripleO::Tasks::ControllerPostPuppet
- depends_on: ControllerOvercloudServicesDeployment_Step6
+ depends_on: ControllerOvercloudServicesDeployment_Step5
properties:
servers: {get_param: servers}
input_values:
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 21551e35..7334d4a1 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -1,20 +1,18 @@
-heat_template_version: 2015-10-15
+heat_template_version: 2016-04-08
description: >
OpenStack controller node configured by Puppet.
parameters:
- AdminEmail:
- default: 'admin@example.com'
- description: The email for the keystone admin account.
- type: string
- hidden: true
AdminPassword:
description: The password for the keystone admin account, used for monitoring, querying neutron etc.
type: string
hidden: true
- AdminToken:
- description: The keystone auth secret and db password.
+ AodhApiVirtualIP:
+ type: string
+ default: ''
+ AodhPassword:
+ description: The password for the aodh services.
type: string
hidden: true
CeilometerApiVirtualIP:
@@ -36,6 +34,12 @@ parameters:
default: false
description: Whether to store events in ceilometer.
type: boolean
+ CeilometerMeterDispatcher:
+ default: 'database'
+ description: Dispatcher to process meter data
+ type: string
+ constraints:
+ - allowed_values: ['gnocchi', 'database']
CinderApiVirtualIP:
type: string
default: ''
@@ -93,6 +97,11 @@ parameters:
default: 0
description: Number of workers for Cinder service.
type: number
+ controllerExtraConfig:
+ default: {}
+ description: |
+ Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
+ type: json
ControllerExtraConfig:
default: {}
description: |
@@ -182,63 +191,41 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- GlanceNotifierStrategy:
- description: Strategy to use for Glance notification queue
- type: string
- default: noop
- GlanceLogFile:
- description: The filepath of the file to use for logging messages from Glance.
- type: string
- default: ''
- GlancePassword:
- description: The password for the glance service and db account, used by the glance services.
- type: string
- hidden: true
- GlanceBackend:
- default: swift
- description: The short name of the Glance backend to use. Should be one
+ GnocchiBackend:
+ default: file
+ description: The short name of the Gnocchi backend to use. Should be one
of swift, rbd, or file
type: string
constraints:
- allowed_values: ['swift', 'file', 'rbd']
- GlanceFilePcmkDevice:
- default: ''
- description: >
- An exported storage device that should be mounted by Pacemaker
- as Glance storage. Effective when GlanceFilePcmkManage is true.
+ GnocchiIndexerBackend:
+ default: 'mysql'
+ description: The short name of the Gnocchi indexer backend to use.
type: string
- GlanceFilePcmkFstype:
- default: 'nfs'
- description: >
- Filesystem type for Pacemaker mount used as Glance storage.
- Effective when GlanceFilePcmkManage is true.
+ GnocchiApiVirtualIP:
type: string
- GlanceFilePcmkManage:
- default: false
- description: >
- Whether to make Glance file backend a mount managed by Pacemaker.
- Effective when GlanceBackend is 'file'.
- type: boolean
- GlanceFilePcmkOptions:
default: ''
- description: >
- Mount options for Pacemaker mount used as Glance storage.
- Effective when GlanceFilePcmkManage is true.
+ GnocchiPassword:
+ description: The password for the gnocchi service and db account.
+ type: string
+ hidden: true
+ HAProxyStatsPassword:
+ description: Password for HAProxy stats endpoint
+ type: string
+ HAProxyStatsUser:
+ description: User for HAProxy stats endpoint
+ default: admin
type: string
HAProxySyslogAddress:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
- GlanceWorkers:
- default: 0
- description: Number of workers for Glance service.
- type: number
HeatPassword:
description: The password for the Heat service and db account, used by the Heat services.
type: string
hidden: true
HeatStackDomainAdminPassword:
- description: Password for heat_domain_admin user.
+ description: Password for heat_stack_domain_admin user.
type: string
hidden: true
HeatAuthEncryptionKey:
@@ -281,43 +268,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.keypair
- KeystoneCACertificate:
- default: ''
- description: Keystone self-signed certificate authority certificate.
- type: string
- KeystoneEnableDBPurge:
- default: true
- description: |
- Whether to create cron job for purging soft deleted rows in Keystone database.
- type: boolean
- KeystoneSigningCertificate:
- default: ''
- description: Keystone certificate for verifying token validity.
- type: string
- KeystoneSigningKey:
- default: ''
- description: Keystone key for signing tokens.
- type: string
- hidden: true
- KeystoneSSLCertificate:
- default: ''
- description: Keystone certificate for verifying token validity.
- type: string
- KeystoneSSLCertificateKey:
- default: ''
- description: Keystone key for signing tokens.
- type: string
- hidden: true
- KeystoneNotificationDriver:
- description: Comma-separated list of Oslo notification drivers used by Keystone
- default: ['messaging']
- type: comma_delimited_list
- KeystoneNotificationFormat:
- description: The Keystone notification format
- default: 'basic'
- type: string
- constraints:
- - allowed_values: [ 'basic', 'cadf' ]
KeystoneRegion:
type: string
default: 'regionOne'
@@ -326,14 +276,14 @@ parameters:
default: false
description: Whether to manage IPtables rules.
type: boolean
+ MemcachedIPv6:
+ default: false
+ description: Enable IPv6 features in Memcached.
+ type: boolean
PurgeFirewallRules:
default: false
description: Whether IPtables rules should be purged before setting up the new ones.
type: boolean
- KeystoneWorkers:
- default: 0
- description: Number of workers for Keystone service.
- type: number
SaharaApiVirtualIP:
type: string
default: ''
@@ -378,14 +328,6 @@ parameters:
scripts or be sure to keep 'datacentre' as a mapping network name.
type: comma_delimited_list
default: "datacentre:br-ex"
- NeutronDnsmasqOptions:
- default: 'dhcp-option-force=26,1400'
- description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
- type: string
- NeutronEnableDHCPAgent:
- description: Knob to enable/disable DHCP Agent
- type: boolean
- default: true
NeutronEnableL3Agent:
description: Knob to enable/disable L3 agent
type: boolean
@@ -406,10 +348,6 @@ parameters:
default: 'False'
description: Whether to enable l3-agent HA
type: string
- NeutronDhcpAgentsPerNetwork:
- type: number
- default: 3
- description: The number of neutron dhcp agents to schedule per network
NeutronDVR:
default: 'False'
description: Whether to configure Neutron Distributed Virtual Routers
@@ -444,10 +382,6 @@ parameters:
default: 'True'
description: Allow automatic l3-agent failover
type: string
- NeutronEnableIsolatedMetadata:
- default: 'False'
- description: If True, DHCP provide metadata route to VM.
- type: string
NeutronEnableTunnelling:
type: string
default: "True"
@@ -595,7 +529,6 @@ parameters:
default: '' # Has to be here because of the ignored empty value bug
hidden: true
RabbitPassword:
- default: guest
description: The password for RabbitMQ
type: string
hidden: true
@@ -621,6 +554,10 @@ parameters:
default: false
description: Enable IPv6 in RabbitMQ
type: boolean
+ RedisPassword:
+ type: string
+ description: The password to access the Redis service
+ hidden: true
RedisVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
@@ -653,6 +590,10 @@ parameters:
default: 10
description: Partition Power to use when building Swift rings
type: number
+ SwiftRingBuild:
+ default: true
+ description: Whether to manage Swift rings or not
+ type: boolean
SwiftPassword:
description: The password for the swift service account, used by the swift proxy
services.
@@ -686,24 +627,12 @@ parameters:
HeatApiVirtualIPUri:
type: string
default: ''
- GlanceApiVirtualIP:
- type: string
- default: ''
- GlanceRegistryVirtualIP:
- type: string
- default: ''
MysqlVirtualIP:
type: string
default: ''
MysqlVirtualIPUri:
type: string
default: ''
- KeystoneAdminApiVirtualIP:
- type: string
- default: ''
- KeystonePublicApiVirtualIP:
- type: string
- default: ''
NeutronApiVirtualIP:
type: string
default: ''
@@ -765,6 +694,15 @@ parameters:
type: json
description: Optional scheduler hints to pass to nova
default: {}
+ ServiceConfigSettings:
+ type: json
+ default: {}
+
+parameter_groups:
+- label: deprecated
+ description: Do not use deprecated params, they will be removed.
+ parameters:
+ - controllerExtraConfig
resources:
@@ -926,16 +864,15 @@ resources:
bootstack_nodeid: {get_attr: [Controller, name]}
ceilometer_workers: {get_param: CeilometerWorkers}
cinder_workers: {get_param: CinderWorkers}
- glance_workers: {get_param: GlanceWorkers}
heat_workers: {get_param: HeatWorkers}
- keystone_workers: {get_param: KeystoneWorkers}
nova_workers: {get_param: NovaWorkers}
neutron_workers: {get_param: NeutronWorkers}
swift_workers: {get_param: SwiftWorkers}
neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
- neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
haproxy_log_address: {get_param: HAProxySyslogAddress}
+ haproxy_stats_password: {get_param: HAProxyStatsPassword}
+ haproxy_stats_user: {get_param: HAProxyStatsUser}
heat.watch_server_url:
list_join:
- ''
@@ -954,13 +891,14 @@ resources:
- - 'http://'
- {get_param: HeatApiVirtualIPUri}
- ':8000/v1/waitcondition'
+ heat_public_url: {get_param: [EndpointMap, HeatPublic, uri]}
+ heat_internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
+ heat_admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
heat_enable_db_purge: {get_param: HeatEnableDBPurge}
horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
horizon_secret: {get_param: HorizonSecret}
- admin_email: {get_param: AdminEmail}
admin_password: {get_param: AdminPassword}
- admin_token: {get_param: AdminToken}
neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP}
debug: {get_param: Debug}
cinder_enable_db_purge: {get_param: CinderEnableDBPurge}
@@ -985,23 +923,12 @@ resources:
- '@'
- {get_param: MysqlVirtualIPUri}
- '/cinder'
- glance_port: {get_param: [EndpointMap, GlanceInternal, port]}
- glance_password: {get_param: GlancePassword}
- glance_backend: {get_param: GlanceBackend}
- glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
- glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
- glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
- glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
- glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
- glance_log_file: {get_param: GlanceLogFile}
- glance_dsn:
- list_join:
- - ''
- - - 'mysql+pymysql://glance:'
- - {get_param: GlancePassword}
- - '@'
- - {get_param: MysqlVirtualIPUri}
- - '/glance'
+ cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]}
+ cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
+ cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
+ cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
+ cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
+ cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
heat_password: {get_param: HeatPassword}
heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
heat_dsn:
@@ -1012,26 +939,8 @@ resources:
- '@'
- {get_param: MysqlVirtualIPUri}
- '/heat'
- keystone_ca_certificate: {get_param: KeystoneCACertificate}
- keystone_signing_key: {get_param: KeystoneSigningKey}
- keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
- keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
- keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
- keystone_notification_driver: {get_param: KeystoneNotificationDriver}
- keystone_notification_format: {get_param: KeystoneNotificationFormat}
- keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
- keystone_dsn:
- list_join:
- - ''
- - - 'mysql+pymysql://keystone:'
- - {get_param: AdminToken}
- - '@'
- - {get_param: MysqlVirtualIPUri}
- - '/keystone'
keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- keystone_public_url: { get_param: [EndpointMap, KeystonePublic, uri_no_suffix] }
- keystone_internal_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
enable_fencing: {get_param: EnableFencing}
enable_galera: {get_param: EnableGalera}
@@ -1067,7 +976,6 @@ resources:
template: DRIVERS
params:
DRIVERS: {get_param: NeutronTypeDrivers}
- neutron_enable_dhcp_agent: {get_param: NeutronEnableDHCPAgent}
neutron_enable_l3_agent: {get_param: NeutronEnableL3Agent}
neutron_enable_metadata_agent: {get_param: NeutronEnableMetadataAgent}
neutron_enable_ovs_agent: {get_param: NeutronEnableOVSAgent}
@@ -1078,7 +986,6 @@ resources:
MECHANISMS: {get_param: NeutronMechanismDrivers}
neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
neutron_l3_ha: {get_param: NeutronL3HA}
- neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
neutron_network_vlan_ranges:
str_replace:
template: RANGES
@@ -1126,7 +1033,6 @@ resources:
AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions}
neutron_password: {get_param: NeutronPassword}
neutron_tenant_mtu: {get_param: NeutronTenantMtu}
- neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
neutron_dsn:
list_join:
- ''
@@ -1144,12 +1050,22 @@ resources:
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
ceilometer_store_events: {get_param: CeilometerStoreEvents}
+ aodh_password: {get_param: AodhPassword}
+ aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
+ aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
+ aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
+ ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher}
+ gnocchi_password: {get_param: GnocchiPassword}
+ gnocchi_backend: {get_param: GnocchiBackend}
+ gnocchi_indexer_backend: {get_param: GnocchiIndexerBackend}
ceilometer_coordination_url:
list_join:
- ''
- - - 'redis://'
+ - - 'redis://:'
+ - {get_param: RedisPassword}
+ - '@'
- {get_param: RedisVirtualIPUri}
- - ':6379'
+ - ':6379/'
ceilometer_dsn:
list_join:
- ''
@@ -1158,11 +1074,26 @@ resources:
- '@'
- {get_param: MysqlVirtualIPUri}
- '/ceilometer'
+ gnocchi_dsn:
+ list_join:
+ - ''
+ - - 'mysql+pymysql://gnocchi:'
+ - {get_param: GnocchiPassword}
+ - '@'
+ - {get_param: MysqlVirtualIPUri}
+ - '/gnocchi'
+ gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
+ gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
+ gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
+ ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
+ ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
+ ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
nova_ipv6: {get_param: NovaIPv6}
corosync_ipv6: {get_param: CorosyncIPv6}
+ memcached_ipv6: {get_param: MemcachedIPv6}
nova_password: {get_param: NovaPassword}
nova_dsn:
list_join:
@@ -1182,6 +1113,12 @@ resources:
- '/nova_api'
upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
instance_name_template: {get_param: InstanceNameTemplate}
+ nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]}
+ nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
+ nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
+ nova_ec2_public_url: {get_param: [EndpointMap, NovaEC2Public, uri]}
+ nova_ec2_internal_url: {get_param: [EndpointMap, NovaEC2Internal, uri]}
+ nova_ec2_admin_url: {get_param: [EndpointMap, NovaEC2Admin, uri]}
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
rabbit_username: {get_param: RabbitUserName}
@@ -1190,16 +1127,9 @@ resources:
rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
rabbit_client_port: {get_param: RabbitClientPort}
rabbit_ipv6: {get_param: RabbitIPv6}
+ rabbit_fd_limit: {get_param: RabbitFDLimit}
mongodb_no_journal: {get_param: MongoDbNoJournal}
mongodb_ipv6: {get_param: MongoDbIPv6}
- # We need to force this into quotes or hiera will return integer causing
- # the puppet module validation regexp to fail.
- # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401
- rabbit_fd_limit:
- str_replace:
- template: "'LIMIT'"
- params:
- LIMIT: {get_param: RabbitFDLimit}
ntp_servers: {get_param: NtpServer}
timezone: {get_param: TimeZone}
control_virtual_interface: {get_param: ControlVirtualInterface}
@@ -1207,12 +1137,22 @@ resources:
swift_hash_suffix: {get_param: SwiftHashSuffix}
swift_password: {get_param: SwiftPassword}
swift_part_power: {get_param: SwiftPartPower}
+ swift_ring_build: {get_param: SwiftRingBuild}
swift_replicas: {get_param: SwiftReplicas}
swift_min_part_hours: {get_param: SwiftMinPartHours}
swift_mount_check: {get_param: SwiftMountCheck}
+ swift_public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
+ swift_internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
+ swift_admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
+ swift_public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
+ swift_internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
+ swift_admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
sahara_password: {get_param: SaharaPassword}
+ sahara_public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
+ sahara_internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
+ sahara_admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
sahara_dsn:
list_join:
- ''
@@ -1223,12 +1163,15 @@ resources:
- '/sahara'
swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
- cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
+ cinder_iscsi_network:
+ str_replace:
+ template: "'IP'"
+ params:
+ IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
- glance_registry_host: {get_param: GlanceRegistryVirtualIP}
heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
@@ -1237,11 +1180,19 @@ resources:
neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]}
ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
+ aodh_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, AodhApiNetwork]}]}
+ gnocchi_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GnocchiApiNetwork]}]}
nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
+ horizon_subnet:
+ str_replace:
+ template: "['SUBNET']"
+ params:
+ SUBNET: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
+ redis_password: {get_param: RedisPassword}
redis_vip: {get_param: RedisVirtualIP}
sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
@@ -1263,6 +1214,7 @@ resources:
- heat_config_%{::deploy_config_name}
- controller_extraconfig
- extraconfig
+ - service_configs
- controller
- database
- object
@@ -1283,9 +1235,16 @@ resources:
- neutron_nuage_data # Optionally provided by ControllerExtraConfigPre
- midonet_data #Optionally provided by AllNodesExtraConfig
- neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre
+ - neutron_plumgrid_data # Optionally provided by ControllerExtraConfigPre
+ merge_behavior: deeper
datafiles:
+ service_configs:
+ mapped_data: {get_param: ServiceConfigSettings}
controller_extraconfig:
- mapped_data: {get_param: ControllerExtraConfig}
+ mapped_data:
+ map_merge:
+ - {get_param: controllerExtraConfig}
+ - {get_param: ControllerExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
common:
@@ -1320,14 +1279,19 @@ resources:
swift::swift_hash_suffix: {get_input: swift_hash_suffix}
swift::proxy::authtoken::admin_password: {get_input: swift_password}
swift::proxy::workers: {get_input: swift_workers}
+ tripleo::ringbuilder::build_ring: { get_input: swift_ring_build }
tripleo::ringbuilder::part_power: {get_input: swift_part_power}
tripleo::ringbuilder::replicas: {get_input: swift_replicas}
tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
swift_mount_check: {get_input: swift_mount_check}
-
- # NOTE(dprince): build_ring support is currently not wired in.
- # See: https://review.openstack.org/#/c/109225/
- tripleo::ringbuilder::build_ring: True
+ swift::keystone::auth::public_url: {get_input: swift_public_url }
+ swift::keystone::auth::internal_url: {get_input: swift_internal_url }
+ swift::keystone::auth::admin_url: {get_input: swift_admin_url }
+ swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 }
+ swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 }
+ swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 }
+ swift::keystone::auth::password: {get_input: swift_password }
+ swift::keystone::auth::region: {get_input: keystone_region}
# Cinder
cinder_enable_db_purge: {get_input: cinder_enable_db_purge}
@@ -1352,39 +1316,19 @@ resources:
cinder::glance::glance_api_servers: {get_input: glance_api_servers}
cinder_backend_config: {get_input: CinderBackendConfig}
cinder::db::mysql::password: {get_input: cinder_password}
+ cinder::keystone::auth::public_url: {get_input: cinder_public_url }
+ cinder::keystone::auth::internal_url: {get_input: cinder_internal_url }
+ cinder::keystone::auth::admin_url: {get_input: cinder_admin_url }
+ cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 }
+ cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 }
+ cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 }
+ cinder::keystone::auth::password: {get_input: cinder_password }
+ cinder::keystone::auth::region: {get_input: keystone_region}
# Glance
- glance::api::bind_port: {get_input: glance_port}
glance::api::bind_host: {get_input: glance_api_network}
- glance::api::auth_uri: {get_input: keystone_auth_uri}
- glance::api::identity_uri: {get_input: keystone_identity_uri}
- glance::api::registry_host: {get_input: glance_registry_host}
- glance::api::keystone_password: {get_input: glance_password}
- glance::api::debug: {get_input: debug}
- glance::api::workers: {get_input: glance_workers}
- glance_notifier_strategy: {get_input: glance_notifier_strategy}
- glance_log_file: {get_input: glance_log_file}
- glance_log_file: {get_input: glance_log_file}
- glance::api::database_connection: {get_input: glance_dsn}
- glance::registry::keystone_password: {get_input: glance_password}
- glance::registry::database_connection: {get_input: glance_dsn}
glance::registry::bind_host: {get_input: glance_registry_network}
- glance::registry::auth_uri: {get_input: keystone_auth_uri}
- glance::registry::identity_uri: {get_input: keystone_identity_uri}
- glance::registry::debug: {get_input: debug}
- glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri}
- glance::registry::workers: {get_input: glance_workers}
- glance::backend::swift::swift_store_user: service:glance
- glance::backend::swift::swift_store_key: {get_input: glance_password}
- glance_backend: {get_input: glance_backend}
- glance::db::mysql::password: {get_input: glance_password}
- glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
- glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
- glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
- glance_file_pcmk_options: {get_input: glance_file_pcmk_options}
- glance::notify::rabbitmq::rabbit_userid: {get_input: rabbit_username}
- glance::notify::rabbitmq::rabbit_password: {get_input: rabbit_password}
- glance::notify::rabbitmq::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ glance::keystone::auth::region: {get_input: keystone_region}
# Heat
heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
@@ -1406,41 +1350,23 @@ resources:
heat::api_cloudwatch::workers: {get_input: heat_workers}
heat::api_cfn::bind_host: {get_input: heat_api_network}
heat::api_cfn::workers: {get_input: heat_workers}
+ heat::engine::num_engine_workers: {get_input: heat_workers}
heat::database_connection: {get_input: heat_dsn}
heat::debug: {get_input: debug}
heat::db::mysql::password: {get_input: heat_password}
heat_enable_db_purge: {get_input: heat_enable_db_purge}
+ heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password}
+ heat::keystone::auth::public_url: {get_input: heat_public_url }
+ heat::keystone::auth::internal_url: {get_input: heat_internal_url }
+ heat::keystone::auth::admin_url: {get_input: heat_admin_url }
+ heat::keystone::auth::password: {get_input: heat_password }
+ heat::keystone::auth::region: {get_input: keystone_region}
# Keystone
- keystone::admin_token: {get_input: admin_token}
- keystone_ca_certificate: {get_input: keystone_ca_certificate}
- keystone_signing_key: {get_input: keystone_signing_key}
- keystone_signing_certificate: {get_input: keystone_signing_certificate}
- keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
- keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
- keystone::database_connection: {get_input: keystone_dsn}
keystone::admin_bind_host: {get_input: keystone_admin_api_network}
keystone::public_bind_host: {get_input: keystone_public_api_network}
keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
- keystone::debug: {get_input: debug}
- keystone::db::mysql::password: {get_input: admin_token}
- keystone::rabbit_userid: {get_input: rabbit_username}
- keystone::rabbit_password: {get_input: rabbit_password}
- keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- keystone::rabbit_port: {get_input: rabbit_client_port}
- keystone::notification_driver: {get_input: keystone_notification_driver}
- keystone::notification_format: {get_input: keystone_notification_format}
- keystone::roles::admin::email: {get_input: admin_email}
- keystone::roles::admin::password: {get_input: admin_password}
- keystone::endpoint::public_url: {get_input: keystone_public_url}
- keystone::endpoint::internal_url: {get_input: keystone_internal_url}
- keystone::endpoint::admin_url: {get_input: keystone_identity_uri}
- keystone::endpoint::region: {get_input: keystone_region}
- keystone::admin_workers: {get_input: keystone_workers}
- keystone::public_workers: {get_input: keystone_workers}
- keystone_enable_db_purge: {get_input: keystone_enable_db_purge}
- keystone::public_endpoint: {get_input: keystone_public_url}
# MongoDB
mongodb::server::bind_ip: {get_input: mongo_db_network}
mongodb::server::nojournal: {get_input: mongodb_no_journal}
@@ -1459,11 +1385,6 @@ resources:
# Neutron
neutron::bind_host: {get_input: neutron_api_network}
- neutron::rabbit_password: {get_input: rabbit_password}
- neutron::rabbit_user: {get_input: rabbit_username}
- neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- neutron::rabbit_port: {get_input: rabbit_client_port}
- neutron::debug: {get_input: debug}
neutron::server::auth_uri: {get_input: keystone_auth_uri}
neutron::server::identity_uri: {get_input: keystone_identity_uri}
neutron::server::database_connection: {get_input: neutron_dsn}
@@ -1472,7 +1393,6 @@ resources:
neutron::network_device_mtu: {get_input: neutron_tenant_mtu}
neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop}
- neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata}
neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
neutron::plugins::ml2::flat_networks: {get_input: neutron_flat_networks}
neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
@@ -1482,7 +1402,6 @@ resources:
neutron_router_distributed: {get_input: neutron_router_distributed}
neutron::core_plugin: {get_input: neutron_core_plugin}
neutron::service_plugins: {get_input: neutron_service_plugins}
- neutron::enable_dhcp_agent: {get_input: neutron_enable_dhcp_agent}
neutron::enable_l3_agent: {get_input: neutron_enable_l3_agent}
neutron::enable_metadata_agent: {get_input: neutron_enable_metadata_agent}
neutron::enable_ovs_agent: {get_input: neutron_enable_ovs_agent}
@@ -1491,7 +1410,6 @@ resources:
neutron::plugins::ml2::extension_drivers: {get_input: neutron_plugin_extensions}
neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
neutron::server::l3_ha: {get_input: neutron_l3_ha}
- neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
@@ -1505,7 +1423,6 @@ resources:
neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions}
neutron::server::auth_password: {get_input: neutron_password}
neutron::agents::metadata::auth_password: {get_input: neutron_password}
- neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
neutron_dsn: {get_input: neutron_dsn}
neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
neutron::db::mysql::password: {get_input: neutron_password}
@@ -1538,9 +1455,63 @@ resources:
ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events}
ceilometer::db::mysql::password: {get_input: ceilometer_password}
+ ceilometer::collector::meter_dispatcher: {get_input: ceilometer_meter_dispatcher}
+ ceilometer::dispatcher::gnocchi::url: {get_input: gnocchi_internal_url }
+ ceilometer::dispatcher::gnocchi::filter_project: 'service'
+ ceilometer::dispatcher::gnocchi::archive_policy: 'low'
+ ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
+ ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url }
+ ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url }
+ ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url }
+ ceilometer::keystone::auth::password: {get_input: ceilometer_password }
+ ceilometer::keystone::auth::region: {get_input: keystone_region}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
+ # Aodh
+ aodh::rabbit_userid: {get_input: rabbit_username}
+ aodh::rabbit_password: {get_input: rabbit_password}
+ aodh::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ aodh::rabbit_port: {get_input: rabbit_client_port}
+ aodh::debug: {get_input: debug}
+ aodh::wsgi::apache::ssl: false
+ aodh::wsgi::apache::bind_host: {get_input: aodh_api_network}
+ aodh::api::service_name: 'httpd'
+ aodh::api::host: {get_input: aodh_api_network}
+ aodh::api::keystone_password: {get_input: aodh_password}
+ aodh::api::keystone_auth_uri: {get_input: keystone_auth_uri}
+ aodh::api::keystone_identity_uri: {get_input: keystone_identity_uri}
+ aodh::auth::auth_password: {get_input: aodh_password}
+ aodh::db::mysql::password: {get_input: aodh_password}
+ # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination
+ aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url}
+ aodh::keystone::auth::public_url: {get_input: aodh_public_url }
+ aodh::keystone::auth::internal_url: {get_input: aodh_internal_url }
+ aodh::keystone::auth::admin_url: {get_input: aodh_admin_url }
+ aodh::keystone::auth::password: {get_input: aodh_password }
+ aodh::keystone::auth::region: {get_input: keystone_region}
+
+ # Gnocchi
+ gnocchi_backend: {get_input: gnocchi_backend}
+ gnocchi_indexer_backend: {get_input: gnocchi_indexer_backend}
+ gnocchi_mysql_conn_string: {get_input: gnocchi_dsn}
+ gnocchi::debug: {get_input: debug}
+ gnocchi::wsgi::apache::ssl: false
+ gnocchi::wsgi::apache::bind_host: {get_input: gnocchi_api_network}
+ gnocchi::api::service_name: 'httpd'
+ gnocchi::api::host: {get_input: gnocchi_api_network}
+ gnocchi::api::keystone_password: {get_input: gnocchi_password}
+ gnocchi::api::keystone_auth_uri: {get_input: keystone_auth_uri}
+ gnocchi::api::keystone_identity_uri: {get_input: keystone_identity_uri}
+ gnocchi::db::mysql::password: {get_input: gnocchi_password}
+ gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
+ gnocchi::storage::swift::swift_key: {get_input: gnocchi_password}
+ gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url }
+ gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url }
+ gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url }
+ gnocchi::keystone::auth::password: {get_input: gnocchi_password }
+ gnocchi::keystone::auth::region: {get_input: keystone_region}
+
# Nova
nova::rabbit_userid: {get_input: rabbit_username}
nova::rabbit_password: {get_input: rabbit_password}
@@ -1570,8 +1541,17 @@ resources:
nova::db::mysql::password: {get_input: nova_password}
nova::db::mysql_api::password: {get_input: nova_password}
nova_enable_db_purge: {get_input: nova_enable_db_purge}
+ nova::keystone::auth::public_url: {get_input: nova_public_url}
+ nova::keystone::auth::internal_url: {get_input: nova_internal_url}
+ nova::keystone::auth::admin_url: {get_input: nova_admin_url}
+ nova::keystone::auth::ec2_public_url: {get_input: nova_ec2_public_url}
+ nova::keystone::auth::ec2_internal_url: {get_input: nova_ec2_internal_url}
+ nova::keystone::auth::ec2_admin_url: {get_input: nova_ec2_admin_url}
+ nova::keystone::auth::password: {get_input: nova_password }
+ nova::keystone::auth::region: {get_input: keystone_region}
# Horizon
+ apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
apache::ip: {get_input: horizon_network}
horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
horizon::django_debug: {get_input: debug}
@@ -1601,6 +1581,11 @@ resources:
sahara::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
sahara::rabbit_port: {get_input: rabbit_client_port}
sahara::db::mysql::password: {get_input: sahara_password}
+ sahara::keystone::auth::public_url: {get_input: sahara_public_url }
+ sahara::keystone::auth::internal_url: {get_input: sahara_internal_url }
+ sahara::keystone::auth::admin_url: {get_input: sahara_admin_url }
+ sahara::keystone::auth::password: {get_input: sahara_password }
+ sahara::keystone::auth::region: {get_input: keystone_region}
# Rabbit
rabbitmq::node_ip_address: {get_input: rabbitmq_network}
@@ -1611,11 +1596,15 @@ resources:
rabbit_ipv6: {get_input: rabbit_ipv6}
# Redis
redis::bind: {get_input: redis_network}
+ redis::requirepass: {get_input: redis_password}
+ redis::masterauth: {get_input: redis_password}
+ redis::sentinel_auth_pass: {get_input: redis_password}
redis_vip: {get_input: redis_vip}
# Firewall
tripleo::firewall::manage_firewall: {get_input: manage_firewall}
tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
# Misc
+ memcached_ipv6: {get_input: memcached_ipv6}
memcached::listen_ip: {get_input: memcached_network}
neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
ntp::servers: {get_input: ntp_servers}
@@ -1626,6 +1615,9 @@ resources:
tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface}
tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address}
tripleo::loadbalancer::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
+ tripleo::loadbalancer::haproxy_stats_user: {get_input: haproxy_stats_user}
+ tripleo::loadbalancer::haproxy_stats_password: {get_input: haproxy_stats_password}
+ tripleo::loadbalancer::redis_password: {get_input: redis_password}
tripleo::packages::enable_install: {get_input: enable_package_install}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
@@ -1696,12 +1688,12 @@ outputs:
str_replace:
template: |
PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST
- STORAGEIP STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST
- TENANTIP TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST
+ EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
+ INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
+ STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
+ STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
+ TENANTIP TENANTHOST.DOMAIN TENANTHOST
+ MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -1709,37 +1701,37 @@ outputs:
EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
EXTERNALHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [Controller, name]}
- external
INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
INTERNAL_APIHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [Controller, name]}
- internalapi
STORAGEIP: {get_attr: [StoragePort, ip_address]}
STORAGEHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [Controller, name]}
- storage
STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
STORAGE_MGMTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [Controller, name]}
- storagemgmt
TENANTIP: {get_attr: [TenantPort, ip_address]}
TENANTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [Controller, name]}
- tenant
MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
MANAGEMENTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [Controller, name]}
- management
nova_server_resource:
diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml
index 312d49a0..5942088c 100644
--- a/puppet/extraconfig/ceph/ceph-external-config.yaml
+++ b/puppet/extraconfig/ceph/ceph-external-config.yaml
@@ -38,6 +38,9 @@ parameters:
GlanceRbdPoolName:
default: images
type: string
+ GnocchiRbdPoolName:
+ default: metrics
+ type: string
CephClientUserName:
default: openstack
type: string
@@ -68,7 +71,7 @@ resources:
secret: 'CLIENT_KEY',
mode: '0644',
cap_mon: 'allow r',
- cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL'
+ cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
}
}"
params:
@@ -77,10 +80,13 @@ resources:
NOVA_POOL: {get_param: NovaRbdPoolName}
CINDER_POOL: {get_param: CinderRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
+ GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6}
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
+ gnocchi::storage::ceph::ceph_pool: {get_param: GnocchiRbdPoolName}
+ gnocchi::storage::ceph::ceph_username: {get_param: CephClientUserName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
nova::compute::rbd::rbd_keyring:
@@ -88,11 +94,17 @@ resources:
- '.'
- - 'client'
- {get_param: CephClientUserName}
+ gnocchi::storage::ceph::ceph_keyring:
+ list_join:
+ - '.'
+ - - 'client'
+ - {get_param: CephClientUserName}
ceph_client_user_name: {get_param: CephClientUserName}
ceph_pools:
- {get_param: CinderRbdPoolName}
- {get_param: NovaRbdPoolName}
- {get_param: GlanceRbdPoolName}
+ - {get_param: GnocchiRbdPoolName}
outputs:
config_id:
diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml
new file mode 100755
index 00000000..7c0a7ad2
--- /dev/null
+++ b/puppet/extraconfig/pre_deploy/controller/neutron-plumgrid.yaml
@@ -0,0 +1,113 @@
+heat_template_version: 2015-04-30
+
+description: Controller hieradata for Neutron PLUMgrid configuration
+
+parameters:
+ server:
+ description: ID of the controller node to apply this config to
+ type: string
+ PLUMgridDirectorServer:
+ description: IP address of the PLUMgrid Director Server
+ type: string
+ default: 127.0.0.1
+ PLUMgridDirectorServerPort:
+ description: Port of the PLUMgrid Director Server
+ type: string
+ default: 443
+ PLUMgridUsername:
+ description: Username for PLUMgrid platform
+ type: string
+ PLUMgridPassword:
+ description: Password for PLUMgrid platform
+ type: string
+ hidden: true
+ PLUMgridServerTimeOut:
+ description: Request timeout duration (seconds) to PLUMgrid platform
+ type: string
+ default: 99
+ PLUMgridNovaMetadataIP:
+ description: IP address of Nova Metadata
+ type: string
+ default: 169.254.169.254
+ PLUMgridNovaMetadataPort:
+ description: Port of Nova Metadata
+ type: string
+ default: 8775
+ PLUMgridL2GatewayVendor:
+ description: Vendor for L2 Gateway Switch
+ type: string
+ default: vendor
+ PLUMgridL2GatewayUsername:
+ description: Username for L2 Gateway Switch
+ type: string
+ default: username
+ PLUMgridL2GatewayPassword:
+ description: Password for L2 Gateway Switch
+ type: string
+ hidden: true
+ PLUMgridIdentityVersion:
+ description: Keystone Identity version
+ type: string
+ default: v2.0
+ PLUMgridConnectorType:
+ description: Neutron Network Connector Type
+ type: string
+ default: distributed
+ PLUMgridNeutronPluginVersion:
+ description: PLUMgrid Neutron Plugin version
+ type: string
+ default: present
+ PLUMgridPlumlibVersion:
+ description: PLUMgrid Plumlib version
+ type: string
+ default: present
+
+
+resources:
+ ControllerPLUMgridConfig:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ hiera:
+ datafiles:
+ neutron_plumgrid_data:
+ mapped_data:
+ neutron::plugins::plumgrid::director_server: {get_input: plumgrid_director_server}
+ neutron::plugins::plumgrid::director_server_port: {get_input: plumgrid_director_server_port}
+ neutron::plugins::plumgrid::username: {get_input: plumgrid_username}
+ neutron::plugins::plumgrid::password: {get_input: plumgrid_password}
+ neutron::plugins::plumgrid::nova_metadata_ip: {get_input: plumgrid_nova_metadata_ip}
+ neutron::plugins::plumgrid::nova_metadata_port: {get_input: plumgrid_nova_metadata_port}
+ neutron::plugins::plumgrid::l2gateway_vendor: {get_input: plumgrid_l2gateway_vendor}
+ neutron::plugins::plumgrid::l2gateway_sw_username: {get_input: plumgrid_l2gateway_sw_username}
+ neutron::plugins::plumgrid::l2gateway_sw_password: {get_input: plumgrid_l2gateway_sw_password}
+ neutron::plugins::plumgrid::connector_type: {get_input: plumgrid_connector_type}
+ neutron::plugins::plumgrid::identity_version: {get_input: plumgrid_identity_version}
+ neutron::plugins::plumgrid::package_ensure: {get_input: plumgrid_neutron_plugin_version}
+ neutron::plugins::plumgrid::plumlib_package_ensure: {get_input: plumgrid_plumlib_version}
+
+ ControllerPLUMgridDeployment:
+ type: OS::Heat::StructuredDeployment
+ properties:
+ config: {get_resource: ControllerPLUMgridConfig}
+ server: {get_param: server}
+ input_values:
+ plumgrid_director_server: {get_param: PLUMgridDirectorServer}
+ plumgrid_director_server_port: {get_param: PLUMgridDirectorServerPort}
+ plumgrid_username: {get_param: PLUMgridUsername}
+ plumgrid_password: {get_param: PLUMgridPassword}
+ plumgrid_nova_metadata_ip: {get_param: PLUMgridNovaMetadataIP}
+ plumgrid_nova_metadata_port: {get_param: PLUMgridNovaMetadataPort}
+ plumgrid_l2gateway_vendor: {get_param: PLUMgridL2GatewayVendor}
+ plumgrid_l2gateway_sw_username: {get_param: PLUMgridL2GatewayUsername}
+ plumgrid_l2gateway_sw_password: {get_param: PLUMgridL2GatewayPassword}
+ plumgrid_identity_version: {get_param: PLUMgridIdentityVersion}
+ plumgrid_connector_type: {get_param: PLUMgridConnectorType}
+ plumgrid_neutron_plugin_version: {get_param: PLUMgridNeutronPluginVersion}
+ plumgrid_plumlib_version: {get_param: PLUMgridPlumlibVersion}
+
+outputs:
+ deploy_stdout:
+ description: Deployment reference, used to trigger puppet apply on changes
+ value: {get_attr: [ControllerPLUMgridDeployment, deploy_stdout]}
diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml
index aab42849..f955034d 100644
--- a/puppet/extraconfig/tls/ca-inject.yaml
+++ b/puppet/extraconfig/tls/ca-inject.yaml
@@ -4,7 +4,7 @@ description: >
This is a template which will inject the trusted anchor.
parameters:
- # Can be overriden via parameter_defaults in the environment
+ # Can be overridden via parameter_defaults in the environment
SSLRootCertificate:
description: >
The content of a CA's SSL certificate file in PEM format.
diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml
index 20bb3737..e281ef51 100644
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@@ -5,7 +5,7 @@ description: >
for the load balancer using the given parameters.
parameters:
- # Can be overriden via parameter_defaults in the environment
+ # Can be overridden via parameter_defaults in the environment
SSLCertificate:
description: >
The content of the SSL certificate (without Key) in PEM format.
@@ -21,7 +21,7 @@ parameters:
type: string
hidden: true
- # Can be overriden by parameter_defaults if the user wants to try deploying
+ # Can be overridden by parameter_defaults if the user wants to try deploying
# this in a distro that doesn't support this path.
DeployedSSLCertificatePath:
default: '/etc/pki/tls/private/overcloud_endpoint.pem'
@@ -63,6 +63,14 @@ resources:
openssl rsa -noout -modulus -in ${cert_path} \
| openssl md5 | cut -c 10- \
> ${heat_outputs_path}.key_modulus
+ # We need to reload haproxy in case the certificate changed because
+ # puppet doesn't know the contents of the cert file. The pacemaker
+ # case is handled separately in a pacemaker-specific resource.
+ pacemaker_status=$(systemctl is-active pacemaker)
+ haproxy_status=$(systemctl is-active haproxy)
+ if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then
+ systemctl reload haproxy
+ fi
ControllerTLSDeployment:
type: OS::Heat::SoftwareDeployment
diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml
index 98cec364..34965959 100644
--- a/puppet/hieradata/common.yaml
+++ b/puppet/hieradata/common.yaml
@@ -5,6 +5,12 @@ ssh::server::storeconfigs_enabled: false
ceilometer::agent::auth::auth_region: 'regionOne'
ceilometer::agent::auth::auth_tenant_name: 'service'
+aodh::auth::auth_region: 'regionOne'
+aodh::auth::auth_tenant_name: 'service'
+
+gnocchi::auth::auth_region: 'regionOne'
+gnocchi::auth::auth_tenant_name: 'service'
+
nova::api::admin_tenant_name: 'service'
nova::network::neutron::neutron_project_name: 'service'
nova::network::neutron::neutron_username: 'neutron'
diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml
index 865210c9..1e888f39 100644
--- a/puppet/hieradata/compute.yaml
+++ b/puppet/hieradata/compute.yaml
@@ -11,6 +11,8 @@ nova::compute::libvirt::migration_support: true
nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}"
+nova::network::neutron::neutron_auth_type: 'v3password'
+
# Changing the default from 512MB. The current templates can not deploy
# overclouds with swap. On an idle compute node, we see ~1024MB of RAM
# used. 2048 is suggested to account for other possible operations for
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index e80bee07..416233ce 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -1,10 +1,21 @@
# Hiera data here applies to all controller nodes
+
nova::api::enabled: true
nova::conductor::enabled: true
nova::consoleauth::enabled: true
nova::vncproxy::enabled: true
nova::scheduler::enabled: true
+# gnocchi
+gnocchi::db::sync::extra_opts: '--skip-storage'
+gnocchi::storage::swift::swift_user: 'service:gnocchi'
+gnocchi::storage::swift::swift_auth_version: 2
+gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26'
+gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3'
+gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
+gnocchi::statsd::flush_delay: 10
+gnocchi::statsd::archive_policy_name: 'low'
+
# rabbitmq
rabbitmq::delete_guest_user: false
rabbitmq::wipe_db_on_cookie_change: true
@@ -29,18 +40,32 @@ redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
+# keystone
+keystone::roles::admin::email: 'root@localhost'
+
# service tenant
glance::api::keystone_tenant: 'service'
+aodh::api::keystone_tenant: 'service'
glance::registry::keystone_tenant: 'service'
neutron::server::auth_tenant: 'service'
neutron::agents::metadata::auth_tenant: 'service'
neutron::agents::l3::router_delete_namespaces: True
-neutron::agents::dhcp::dhcp_delete_namespaces: True
cinder::api::keystone_tenant: 'service'
swift::proxy::authtoken::admin_tenant_name: 'service'
ceilometer::api::keystone_tenant: 'service'
+gnocchi::api::keystone_tenant: 'service'
heat::keystone_tenant: 'service'
sahara::admin_tenant_name: 'service'
+aodh::keystone::auth::tenant: 'service'
+ceilometer::keystone::auth::tenant: 'service'
+cinder::keystone::auth::tenant: 'service'
+glance::keystone::auth::tenant: 'service'
+gnocchi::keystone::auth::tenant: 'service'
+heat::keystone::auth::tenant: 'service'
+neutron::keystone::auth::tenant: 'service'
+nova::keystone::auth::tenant: 'service'
+sahara::keystone::auth::tenant: 'service'
+swift::keystone::auth::tenant: 'service'
# keystone
keystone::cron::token_flush::maxdelay: 3600
@@ -70,28 +95,30 @@ swift::proxy::pipeline:
- 'proxy-server'
swift::proxy::account_autocreate: true
+swift::keystone::auth::configure_s3_endpoint: false
+swift::keystone::auth::operator_roles:
+ - admin
+ - swiftoperator
# glance
glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true
glance::registry::pipeline: 'keystone'
glance::backend::swift::swift_store_create_container_on_put: true
-glance::backend::rbd::rbd_store_user: 'openstack'
glance_file_pcmk_directory: '/var/lib/glance/images'
# neutron
neutron::server::sync_db: true
-neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf
# nova
nova::notify_on_state_change: 'vm_and_task_state'
nova::api::default_floating_pool: 'public'
-nova::api::osapi_v3: true
nova::api::sync_db_api: true
nova::scheduler::filter::ram_allocation_ratio: '1.0'
nova::cron::archive_deleted_rows::hour: '*/12'
nova::cron::archive_deleted_rows::destination: '/dev/null'
nova::notification_driver: messaging
+nova::keystone::auth::configure_ec2_endpoint: false
# ceilometer
ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
@@ -110,12 +137,16 @@ heat::cron::purge_deleted::age: 30
heat::cron::purge_deleted::age_type: 'days'
heat::cron::purge_deleted::maxdelay: 3600
heat::cron::purge_deleted::destination: '/dev/null'
+heat::keystone::domain::domain_name: 'heat_stack'
+heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
+heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost'
# pacemaker
pacemaker::corosync::cluster_name: 'tripleo_cluster'
pacemaker::corosync::manage_fw: false
pacemaker::resource_defaults::defaults:
resource-stickiness: { value: INFINITY }
+corosync_token_timeout: 10000
# horizon
horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
@@ -123,6 +154,7 @@ horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
horizon::vhost_extra_params:
add_listen: false
priority: 10
+ access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
# mysql
mysql::server::manage_config_file: true
@@ -143,6 +175,8 @@ tripleo::loadbalancer::redis: true
tripleo::loadbalancer::sahara: true
tripleo::loadbalancer::swift_proxy_server: true
tripleo::loadbalancer::ceilometer: true
+tripleo::loadbalancer::aodh: true
+tripleo::loadbalancer::gnocchi: true
tripleo::loadbalancer::heat_api: true
tripleo::loadbalancer::heat_cloudwatch: true
tripleo::loadbalancer::heat_cfn: true
@@ -255,3 +289,11 @@ tripleo::firewall::firewall_rules:
'127 snmp':
port: 161
proto: 'udp'
+ '128 aodh':
+ port:
+ - 8042
+ - 13042
+ '129 gnocchi-api':
+ port:
+ - 8041
+ - 13041
diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml
index 61714691..4eb199c8 100644
--- a/puppet/hieradata/database.yaml
+++ b/puppet/hieradata/database.yaml
@@ -61,6 +61,14 @@ ceilometer::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+# Gnocchi
+gnocchi::db::mysql::user: gnocchi
+gnocchi::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
+gnocchi::db::mysql::dbname: gnocchi
+gnocchi::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+
sahara::db::mysql::user: sahara
sahara::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
sahara::db::mysql::dbname: sahara
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index 7c8cda71..cc58cb14 100644
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -53,12 +53,6 @@ include ::nova
include ::nova::config
include ::nova::compute
-nova_config {
- 'DEFAULT/my_ip': value => $ipaddress;
- 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver';
- 'DEFAULT/host': value => $fqdn;
-}
-
$rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false)
$rbd_persistent_storage = hiera('rbd_persistent_storage', false)
if $rbd_ephemeral_storage or $rbd_persistent_storage {
@@ -99,6 +93,19 @@ if str2bool(hiera('nova::use_ipv6', false)) {
class { '::nova::compute::libvirt' :
vncserver_listen => $vncserver_listen,
}
+
+nova_config {
+ 'DEFAULT/my_ip': value => $ipaddress;
+ 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver';
+ 'DEFAULT/host': value => $fqdn;
+ # TUNNELLED mode provides a security enhancement when using shared storage but is not
+ # supported when not using shared storage.
+ # See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12
+ # In future versions of QEMU (2.6, mostly), Dan's native encryption
+ # work will obsolete the need to use TUNNELLED transport mode.
+ 'libvirt/live_migration_tunnelled': value => $rbd_ephemeral_storage;
+}
+
if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
file {'/etc/libvirt/qemu.conf':
ensure => present,
@@ -145,8 +152,32 @@ elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencont
# require => Class['contrail::vrouter'],
#}
}
+elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' {
+ # forward all ipv4 traffic
+ # this is required for the vms to pass through the gateways public interface
+ sysctl::value { 'net.ipv4.ip_forward': value => '1' }
+
+ # ifc_ctl_pp needs to be invoked by root as part of the vif.py when a VM is powered on
+ file { '/etc/sudoers.d/ifc_ctl_sudoers':
+ ensure => file,
+ owner => root,
+ group => root,
+ mode => '0440',
+ content => "nova ALL=(root) NOPASSWD: /opt/pg/bin/ifc_ctl_pp *\n",
+ }
+}
else {
+ # NOTE: this code won't live in puppet-neutron until Neutron OVS agent
+ # can be gracefully restarted. See https://review.openstack.org/#/c/297211
+ # In the meantime, it's safe to restart the agent on each change in neutron.conf,
+ # because Puppet changes are supposed to be done during bootstrap and upgrades.
+ # Some resource managed by Neutron_config (like messaging and logging options) require
+ # a restart of OVS agent. This code does it.
+ # In Newton, OVS agent will be able to be restarted gracefully so we'll drop the code
+ # from here and fix it in puppet-neutron.
+ Neutron_config<||> ~> Service['neutron-ovs-agent-service']
+
include ::neutron::plugins::ml2
include ::neutron::agents::ml2::ovs
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 4a03fefa..34ca845c 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -46,7 +46,7 @@ if hiera('step') >= 2 {
# MongoDB
if downcase(hiera('ceilometer_backend')) == 'mongodb' {
include ::mongodb::globals
-
+ include ::mongodb::client
include ::mongodb::server
# NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and
# without the brackets as 'members' argument for the 'mongodb_replset'
@@ -113,16 +113,18 @@ if hiera('step') >= 2 {
# FIXME: this should only occur on the bootstrap host (ditto for db syncs)
# Create all the database schemas
- include ::keystone::db::mysql
- include ::glance::db::mysql
include ::nova::db::mysql
include ::nova::db::mysql_api
include ::neutron::db::mysql
include ::cinder::db::mysql
include ::heat::db::mysql
include ::sahara::db::mysql
+ if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' {
+ include ::gnocchi::db::mysql
+ }
if downcase(hiera('ceilometer_backend')) == 'mysql' {
include ::ceilometer::db::mysql
+ include ::aodh::db::mysql
}
$rabbit_nodes = hiera('rabbit_node_ips')
@@ -209,66 +211,17 @@ if hiera('step') >= 2 {
} #END STEP 2
-if hiera('step') >= 3 {
-
- include ::keystone
- include ::keystone::config
- include ::keystone::roles::admin
- include ::keystone::endpoint
- include ::keystone::wsgi::apache
-
- #TODO: need a cleanup-keystone-tokens.sh solution here
-
- file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]:
- ensure => 'directory',
- owner => 'keystone',
- group => 'keystone',
- require => Package['keystone'],
- }
- file { '/etc/keystone/ssl/certs/signing_cert.pem':
- content => hiera('keystone_signing_certificate'),
- owner => 'keystone',
- group => 'keystone',
- notify => Service['keystone'],
- require => File['/etc/keystone/ssl/certs'],
- }
- file { '/etc/keystone/ssl/private/signing_key.pem':
- content => hiera('keystone_signing_key'),
- owner => 'keystone',
- group => 'keystone',
- notify => Service['keystone'],
- require => File['/etc/keystone/ssl/private'],
- }
- file { '/etc/keystone/ssl/certs/ca.pem':
- content => hiera('keystone_ca_certificate'),
- owner => 'keystone',
- group => 'keystone',
- notify => Service['keystone'],
- require => File['/etc/keystone/ssl/certs'],
- }
-
- $glance_backend = downcase(hiera('glance_backend', 'swift'))
- case $glance_backend {
- 'swift': { $backend_store = 'glance.store.swift.Store' }
- 'file': { $backend_store = 'glance.store.filesystem.Store' }
- 'rbd': { $backend_store = 'glance.store.rbd.Store' }
- default: { fail('Unrecognized glance_backend parameter.') }
- }
- $http_store = ['glance.store.http.Store']
- $glance_store = concat($http_store, $backend_store)
-
- # TODO: scrubber and other additional optional features
- include ::glance
- include ::glance::config
- class { '::glance::api':
- known_stores => $glance_store,
- }
- include ::glance::registry
- include ::glance::notify::rabbitmq
- include join(['::glance::backend::', $glance_backend])
+if hiera('step') >= 4 {
+
+ $nova_ipv6 = hiera('nova::use_ipv6', false)
+ if $nova_ipv6 {
+ $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211')
+ } else {
+ $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211')
+ }
class { '::nova' :
- memcached_servers => suffix(hiera('memcache_node_ips'), ':11211'),
+ memcached_servers => $memcached_servers
}
include ::nova::config
include ::nova::api
@@ -336,26 +289,25 @@ if hiera('step') >= 3 {
include ::neutron::server
include ::neutron::server::notifications
- # If the value of core plugin is set to 'nuage' or 'opencontrail',
- # include nuage or opencontrail core plugins, and it does not
- # need the l3, dhcp and metadata agents
+ # If the value of core plugin is set to 'nuage' or'opencontrail' or 'plumgrid',
+ # include nuage or opencontrail or plumgrid core plugins
+ # else use the default value of 'ml2'
if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' {
include ::neutron::plugins::nuage
} elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' {
include ::neutron::plugins::opencontrail
+ }
+ elsif hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' {
+ class { '::neutron::plugins::plumgrid' :
+ connection => hiera('neutron::server::database_connection'),
+ controller_priv_host => hiera('keystone_admin_api_vip'),
+ admin_password => hiera('admin_password'),
+ metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'),
+ }
} else {
include ::neutron::agents::l3
- include ::neutron::agents::dhcp
include ::neutron::agents::metadata
- file { '/etc/neutron/dnsmasq-neutron.conf':
- content => hiera('neutron_dnsmasq_options'),
- owner => 'neutron',
- group => 'neutron',
- notify => Service['neutron-dhcp-service'],
- require => Package['neutron'],
- }
-
# If the value of core plugin is set to 'midonet',
# skip all the ML2 configuration
if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
@@ -400,13 +352,9 @@ if hiera('step') >= 3 {
neutron_l3_agent_config {
'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false);
}
- neutron_dhcp_agent_config {
- 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false);
- }
Service['neutron-server'] -> Service['neutron-ovs-agent-service']
}
- Service['neutron-server'] -> Service['neutron-dhcp-service']
Service['neutron-server'] -> Service['neutron-l3']
Service['neutron-server'] -> Service['neutron-metadata']
}
@@ -452,6 +400,7 @@ if hiera('step') >= 3 {
$cinder_rbd_backend = 'tripleo_ceph'
cinder::backend::rbd { $cinder_rbd_backend :
+ backend_host => hiera('cinder::host'),
rbd_pool => hiera('cinder_rbd_pool_name'),
rbd_user => hiera('ceph_client_user_name'),
rbd_secret_uuid => hiera('ceph::profile::params::fsid'),
@@ -597,12 +546,28 @@ if hiera('step') >= 3 {
include ::ceilometer::expirer
include ::ceilometer::collector
include ::ceilometer::agent::auth
+ include ::ceilometer::dispatcher::gnocchi
class { '::ceilometer::db' :
database_connection => $ceilometer_database_connection,
}
Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" }
+ # Aodh
+ class { '::aodh' :
+ database_connection => $ceilometer_database_connection,
+ }
+ include ::aodh::db::sync
+ # To manage the upgrade:
+ Exec['ceilometer-dbsync'] -> Exec['aodh-db-sync']
+ include ::aodh::auth
+ include ::aodh::api
+ include ::aodh::wsgi::apache
+ include ::aodh::evaluator
+ include ::aodh::notifier
+ include ::aodh::listener
+ include ::aodh::client
+
# Heat
class { '::heat' :
notification_driver => 'messaging',
@@ -619,6 +584,7 @@ if hiera('step') >= 3 {
include ::sahara::service::engine
# Horizon
+ include ::apache::mod::remoteip
if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
$_profile_support = 'cisco'
} else {
@@ -626,11 +592,38 @@ if hiera('step') >= 3 {
}
$neutron_options = {'profile_support' => $_profile_support }
+ $memcached_ipv6 = hiera('memcached_ipv6', false)
+ if $memcached_ipv6 {
+ $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]')
+ } else {
+ $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1')
+ }
+
class { '::horizon':
- cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'),
+ cache_server_ip => $horizon_memcached_servers,
neutron_options => $neutron_options,
}
+ # Gnocchi
+ $gnocchi_database_connection = hiera('gnocchi_mysql_conn_string')
+ class { '::gnocchi':
+ database_connection => $gnocchi_database_connection,
+ }
+ include ::gnocchi::api
+ include ::gnocchi::wsgi::apache
+ include ::gnocchi::client
+ include ::gnocchi::db::sync
+ include ::gnocchi::storage
+ include ::gnocchi::metricd
+ include ::gnocchi::statsd
+ $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift'))
+ case $gnocchi_backend {
+ 'swift': { include ::gnocchi::storage::swift }
+ 'file': { include ::gnocchi::storage::file }
+ 'rbd': { include ::gnocchi::storage::ceph }
+ default: { fail('Unrecognized gnocchi_backend parameter.') }
+ }
+
$snmpd_user = hiera('snmpd_readonly_user_name')
snmp::snmpv3_user { $snmpd_user:
authtype => 'MD5',
@@ -643,17 +636,13 @@ if hiera('step') >= 3 {
hiera_include('controller_classes')
-} #END STEP 3
+} #END STEP 4
-if hiera('step') >= 4 {
- $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true)
+if hiera('step') >= 5 {
$nova_enable_db_purge = hiera('nova_enable_db_purge', true)
$cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
$heat_enable_db_purge = hiera('heat_enable_db_purge', true)
- if $keystone_enable_db_purge {
- include ::keystone::cron::token_flush
- }
if $nova_enable_db_purge {
include ::nova::cron::archive_deleted_rows
}
@@ -663,7 +652,23 @@ if hiera('step') >= 4 {
if $heat_enable_db_purge {
include ::heat::cron::purge_deleted
}
-} #END STEP 4
+
+ if downcase(hiera('bootstrap_nodeid')) == $::hostname {
+ # Class ::heat::keystone::domain has to run on bootstrap node
+ # because it creates DB entities via API calls.
+ include ::heat::keystone::domain
+
+ Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain']
+ } else {
+ # On non-bootstrap node we don't need to create Keystone resources again
+ class { '::heat::keystone::domain':
+ manage_domain => false,
+ manage_user => false,
+ manage_role => false,
+ }
+ }
+
+} #END STEP 5
$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')])
package_manifest{$package_manifest_name: ensure => present}
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 7637029c..1890918e 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -18,6 +18,23 @@ Pcmk_resource <| |> {
try_sleep => 3,
}
+# TODO(jistr): use pcs resource provider instead of just no-ops
+Service <|
+ tag == 'aodh-service' or
+ tag == 'cinder-service' or
+ tag == 'ceilometer-service' or
+ tag == 'gnocchi-service' or
+ tag == 'heat-service' or
+ tag == 'neutron-service' or
+ tag == 'nova-service' or
+ tag == 'sahara-service'
+|> {
+ hasrestart => true,
+ restart => '/bin/true',
+ start => '/bin/true',
+ stop => '/bin/true',
+}
+
include ::tripleo::packages
include ::tripleo::firewall
@@ -34,8 +51,8 @@ $enable_load_balancer = hiera('enable_load_balancer', true)
# When to start and enable services which haven't been Pacemakerized
# FIXME: remove when we start all OpenStack services using Pacemaker
-# (occurences of this variable will be gradually replaced with false)
-$non_pcmk_start = hiera('step') >= 4
+# (occurrences of this variable will be gradually replaced with false)
+$non_pcmk_start = hiera('step') >= 5
if hiera('step') >= 1 {
@@ -64,13 +81,10 @@ if hiera('step') >= 1 {
$pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G'))
$corosync_ipv6 = str2bool(hiera('corosync_ipv6', false))
if $corosync_ipv6 {
- $cluster_setup_extras = { '--ipv6' => '' }
+ $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000), '--ipv6' => '' }
} else {
- $cluster_setup_extras = {}
+ $cluster_setup_extras = { '--token' => hiera('corosync_token_timeout', 1000) }
}
- user { 'hacluster':
- ensure => present,
- } ->
class { '::pacemaker':
hacluster_pwd => hiera('hacluster_pwd'),
} ->
@@ -85,6 +99,10 @@ if hiera('step') >= 1 {
if $enable_fencing {
include ::tripleo::fencing
+ # enable stonith after all Pacemaker resources have been created
+ Pcmk_resource<||> -> Class['tripleo::fencing']
+ Pcmk_constraint<||> -> Class['tripleo::fencing']
+ Exec <| tag == 'pacemaker_constraint' |> -> Class['tripleo::fencing']
# enable stonith after all fencing devices have been created
Class['tripleo::fencing'] -> Class['pacemaker::stonith']
}
@@ -127,6 +145,7 @@ if hiera('step') >= 1 {
if downcase(hiera('ceilometer_backend')) == 'mongodb' {
include ::mongodb::globals
+ include ::mongodb::client
class { '::mongodb::server' :
service_manage => false,
}
@@ -169,8 +188,10 @@ if hiera('step') >= 1 {
'bind-address' => $::hostname,
'max_connections' => hiera('mysql_max_connections'),
'open_files_limit' => '-1',
+ 'wsrep_on' => 'ON',
'wsrep_provider' => '/usr/lib64/galera/libgalera_smm.so',
'wsrep_cluster_name' => 'galera_cluster',
+ 'wsrep_cluster_address' => "gcomm://${galera_nodes}",
'wsrep_slave_threads' => '1',
'wsrep_certify_nonPK' => '1',
'wsrep_max_ws_rows' => '131072',
@@ -236,183 +257,46 @@ if hiera('step') >= 2 {
}
$control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip')
- if is_ipv6_address($control_vip) {
- $control_vip_netmask = '64'
- } else {
- $control_vip_netmask = '32'
- }
- pacemaker::resource::ip { 'control_vip':
- ip_address => $control_vip,
- cidr_netmask => $control_vip_netmask,
- }
- pacemaker::constraint::base { 'control_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${control_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['control_vip']],
- }
- pacemaker::constraint::colocation { 'control_vip-with-haproxy':
- source => "ip-${control_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['control_vip']],
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_control_vip':
+ vip_name => 'control',
+ ip_address => $control_vip,
}
$public_vip = hiera('tripleo::loadbalancer::public_virtual_ip')
- if is_ipv6_address($public_vip) {
- $public_vip_netmask = '64'
- } else {
- $public_vip_netmask = '32'
- }
- if $public_vip and $public_vip != $control_vip {
- pacemaker::resource::ip { 'public_vip':
- ip_address => $public_vip,
- cidr_netmask => $public_vip_netmask,
- }
- pacemaker::constraint::base { 'public_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${public_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['public_vip']],
- }
- pacemaker::constraint::colocation { 'public_vip-with-haproxy':
- source => "ip-${public_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['public_vip']],
- }
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_public_vip':
+ ensure => $public_vip and $public_vip != $control_vip,
+ vip_name => 'public',
+ ip_address => $public_vip,
}
$redis_vip = hiera('redis_vip')
- if is_ipv6_address($redis_vip) {
- $redis_vip_netmask = '64'
- } else {
- $redis_vip_netmask = '32'
- }
- if $redis_vip and $redis_vip != $control_vip {
- pacemaker::resource::ip { 'redis_vip':
- ip_address => $redis_vip,
- cidr_netmask => $redis_vip_netmask,
- }
- pacemaker::constraint::base { 'redis_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${redis_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['redis_vip']],
- }
- pacemaker::constraint::colocation { 'redis_vip-with-haproxy':
- source => "ip-${redis_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['redis_vip']],
- }
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_redis_vip':
+ ensure => $redis_vip and $redis_vip != $control_vip,
+ vip_name => 'redis',
+ ip_address => $redis_vip,
}
+
$internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip')
- if is_ipv6_address($internal_api_vip) {
- $internal_api_vip_netmask = '64'
- } else {
- $internal_api_vip_netmask = '32'
- }
- if $internal_api_vip and $internal_api_vip != $control_vip {
- pacemaker::resource::ip { 'internal_api_vip':
- ip_address => $internal_api_vip,
- cidr_netmask => $internal_api_vip_netmask,
- }
- pacemaker::constraint::base { 'internal_api_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${internal_api_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['internal_api_vip']],
- }
- pacemaker::constraint::colocation { 'internal_api_vip-with-haproxy':
- source => "ip-${internal_api_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['internal_api_vip']],
- }
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_internal_api_vip':
+ ensure => $internal_api_vip and $internal_api_vip != $control_vip,
+ vip_name => 'internal_api',
+ ip_address => $internal_api_vip,
}
$storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip')
- if is_ipv6_address($storage_vip) {
- $storage_vip_netmask = '64'
- } else {
- $storage_vip_netmask = '32'
- }
- if $storage_vip and $storage_vip != $control_vip {
- pacemaker::resource::ip { 'storage_vip':
- ip_address => $storage_vip,
- cidr_netmask => $storage_vip_netmask,
- }
- pacemaker::constraint::base { 'storage_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${storage_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['storage_vip']],
- }
- pacemaker::constraint::colocation { 'storage_vip-with-haproxy':
- source => "ip-${storage_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['storage_vip']],
- }
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_vip':
+ ensure => $storage_vip and $storage_vip != $control_vip,
+ vip_name => 'storage',
+ ip_address => $storage_vip,
}
$storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip')
- if is_ipv6_address($storage_mgmt_vip) {
- $storage_mgmt_vip_netmask = '64'
- } else {
- $storage_mgmt_vip_netmask = '32'
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_mgmt_vip':
+ ensure => $storage_mgmt_vip and $storage_mgmt_vip != $control_vip,
+ vip_name => 'storage_mgmt',
+ ip_address => $storage_mgmt_vip,
}
- if $storage_mgmt_vip and $storage_mgmt_vip != $control_vip {
- pacemaker::resource::ip { 'storage_mgmt_vip':
- ip_address => $storage_mgmt_vip,
- cidr_netmask => $storage_mgmt_vip_netmask,
- }
- pacemaker::constraint::base { 'storage_mgmt_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${storage_mgmt_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['storage_mgmt_vip']],
- }
- pacemaker::constraint::colocation { 'storage_mgmt_vip-with-haproxy':
- source => "ip-${storage_mgmt_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['storage_mgmt_vip']],
- }
- }
-
}
pacemaker::resource::service { $::memcached::params::service_name :
@@ -497,12 +381,6 @@ MYSQL_HOST=localhost\n",
# Create all the database schemas
if $sync_db {
- class { '::keystone::db::mysql':
- require => Exec['galera-ready'],
- }
- class { '::glance::db::mysql':
- require => Exec['galera-ready'],
- }
class { '::nova::db::mysql':
require => Exec['galera-ready'],
}
@@ -525,6 +403,11 @@ MYSQL_HOST=localhost\n",
}
}
+ if downcase(hiera('gnocchi_indexer_backend')) == 'mysql' {
+ class { '::gnocchi::db::mysql':
+ require => Exec['galera-ready'],
+ }
+ }
class { '::sahara::db::mysql':
require => Exec['galera-ready'],
}
@@ -586,82 +469,7 @@ MYSQL_HOST=localhost\n",
} #END STEP 2
-if hiera('step') >= 3 {
-
- class { '::keystone':
- sync_db => $sync_db,
- manage_service => false,
- enabled => false,
- enable_bootstrap => $pacemaker_master,
- }
- include ::keystone::config
-
- #TODO: need a cleanup-keystone-tokens.sh solution here
-
- file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]:
- ensure => 'directory',
- owner => 'keystone',
- group => 'keystone',
- require => Package['keystone'],
- }
- file { '/etc/keystone/ssl/certs/signing_cert.pem':
- content => hiera('keystone_signing_certificate'),
- owner => 'keystone',
- group => 'keystone',
- notify => Service['keystone'],
- require => File['/etc/keystone/ssl/certs'],
- }
- file { '/etc/keystone/ssl/private/signing_key.pem':
- content => hiera('keystone_signing_key'),
- owner => 'keystone',
- group => 'keystone',
- notify => Service['keystone'],
- require => File['/etc/keystone/ssl/private'],
- }
- file { '/etc/keystone/ssl/certs/ca.pem':
- content => hiera('keystone_ca_certificate'),
- owner => 'keystone',
- group => 'keystone',
- notify => Service['keystone'],
- require => File['/etc/keystone/ssl/certs'],
- }
-
- $glance_backend = downcase(hiera('glance_backend', 'swift'))
- case $glance_backend {
- 'swift': { $backend_store = 'glance.store.swift.Store' }
- 'file': { $backend_store = 'glance.store.filesystem.Store' }
- 'rbd': { $backend_store = 'glance.store.rbd.Store' }
- default: { fail('Unrecognized glance_backend parameter.') }
- }
- $http_store = ['glance.store.http.Store']
- $glance_store = concat($http_store, $backend_store)
-
- if $glance_backend == 'file' and hiera('glance_file_pcmk_manage', false) {
- $secontext = 'context="system_u:object_r:glance_var_lib_t:s0"'
- pacemaker::resource::filesystem { 'glance-fs':
- device => hiera('glance_file_pcmk_device'),
- directory => hiera('glance_file_pcmk_directory'),
- fstype => hiera('glance_file_pcmk_fstype'),
- fsoptions => join([$secontext, hiera('glance_file_pcmk_options', '')],','),
- clone_params => '',
- }
- }
-
- # TODO: notifications, scrubber, etc.
- include ::glance
- include ::glance::config
- class { '::glance::api':
- known_stores => $glance_store,
- manage_service => false,
- enabled => false,
- }
- class { '::glance::registry' :
- sync_db => $sync_db,
- manage_service => false,
- enabled => false,
- }
- include ::glance::notify::rabbitmq
- include join(['::glance::backend::', $glance_backend])
+if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) {
$nova_ipv6 = hiera('nova::use_ipv6', false)
if $nova_ipv6 {
@@ -776,17 +584,12 @@ if hiera('step') >= 3 {
keystone_password => hiera('neutron::server::auth_password')
}
}
- if hiera('neutron::enable_dhcp_agent',true) {
- class { '::neutron::agents::dhcp' :
- manage_service => false,
- enabled => false,
- }
- file { '/etc/neutron/dnsmasq-neutron.conf':
- content => hiera('neutron_dnsmasq_options'),
- owner => 'neutron',
- group => 'neutron',
- notify => Service['neutron-dhcp-service'],
- require => Package['neutron'],
+ if hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' {
+ class { '::neutron::plugins::plumgrid' :
+ connection => hiera('neutron::server::database_connection'),
+ controller_priv_host => hiera('keystone_admin_api_vip'),
+ admin_password => hiera('admin_password'),
+ metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'),
}
}
if hiera('neutron::enable_l3_agent',true) {
@@ -835,12 +638,6 @@ if hiera('step') >= 3 {
neutron_l3_agent_config {
'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false);
}
- neutron_dhcp_agent_config {
- 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false);
- }
- neutron_config {
- 'DEFAULT/notification_driver': value => 'messaging';
- }
include ::cinder
include ::cinder::config
@@ -893,6 +690,7 @@ if hiera('step') >= 3 {
$cinder_rbd_backend = 'tripleo_ceph'
cinder::backend::rbd { $cinder_rbd_backend :
+ backend_host => hiera('cinder::host'),
rbd_pool => hiera('cinder_rbd_pool_name'),
rbd_user => hiera('ceph_client_user_name'),
rbd_secret_uuid => hiera('ceph::profile::params::fsid'),
@@ -1080,6 +878,7 @@ if hiera('step') >= 3 {
sync_db => $sync_db,
}
include ::ceilometer::agent::auth
+ include ::ceilometer::dispatcher::gnocchi
Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" }
@@ -1112,7 +911,7 @@ if hiera('step') >= 3 {
service_enable => false,
# service_manage => false, # <-- not supported with horizon&apache mod_wsgi?
}
- include ::keystone::wsgi::apache
+ include ::apache::mod::remoteip
include ::apache::mod::status
if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
$_profile_support = 'cisco'
@@ -1120,11 +919,79 @@ if hiera('step') >= 3 {
$_profile_support = 'None'
}
$neutron_options = {'profile_support' => $_profile_support }
+
+ $memcached_ipv6 = hiera('memcached_ipv6', false)
+ if $memcached_ipv6 {
+ $horizon_memcached_servers = hiera('memcache_node_ips_v6', '[::1]')
+ } else {
+ $horizon_memcached_servers = hiera('memcache_node_ips', '127.0.0.1')
+ }
+
class { '::horizon':
- cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'),
+ cache_server_ip => $horizon_memcached_servers,
neutron_options => $neutron_options,
}
+ # Aodh
+ class { '::aodh' :
+ database_connection => $ceilometer_database_connection,
+ }
+ include ::aodh::config
+ include ::aodh::auth
+ include ::aodh::client
+ include ::aodh::wsgi::apache
+ class { '::aodh::api':
+ manage_service => false,
+ enabled => false,
+ service_name => 'httpd',
+ }
+ class { '::aodh::evaluator':
+ manage_service => false,
+ enabled => false,
+ }
+ class { '::aodh::notifier':
+ manage_service => false,
+ enabled => false,
+ }
+ class { '::aodh::listener':
+ manage_service => false,
+ enabled => false,
+ }
+
+ # Gnocchi
+ $gnocchi_database_connection = hiera('gnocchi_mysql_conn_string')
+ include ::gnocchi::client
+ if $sync_db {
+ include ::gnocchi::db::sync
+ }
+ include ::gnocchi::storage
+ $gnocchi_backend = downcase(hiera('gnocchi_backend', 'swift'))
+ case $gnocchi_backend {
+ 'swift': { include ::gnocchi::storage::swift }
+ 'file': { include ::gnocchi::storage::file }
+ 'rbd': { include ::gnocchi::storage::ceph }
+ default: { fail('Unrecognized gnocchi_backend parameter.') }
+ }
+ class { '::gnocchi':
+ database_connection => $gnocchi_database_connection,
+ }
+ class { '::gnocchi::api' :
+ manage_service => false,
+ enabled => false,
+ service_name => 'httpd',
+ }
+ class { '::gnocchi::wsgi::apache' :
+ ssl => false,
+ }
+ class { '::gnocchi::metricd' :
+ manage_service => false,
+ enabled => false,
+ }
+ class { '::gnocchi::statsd' :
+ manage_service => false,
+ enabled => false,
+ }
+
$snmpd_user = hiera('snmpd_readonly_user_name')
snmp::snmpv3_user { $snmpd_user:
authtype => 'MD5',
@@ -1137,17 +1004,13 @@ if hiera('step') >= 3 {
hiera_include('controller_classes')
-} #END STEP 3
+} #END STEP 4
-if hiera('step') >= 4 {
- $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true)
+if hiera('step') >= 5 {
$nova_enable_db_purge = hiera('nova_enable_db_purge', true)
$cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
$heat_enable_db_purge = hiera('heat_enable_db_purge', true)
- if $keystone_enable_db_purge {
- include ::keystone::cron::token_flush
- }
if $nova_enable_db_purge {
include ::nova::cron::archive_deleted_rows
}
@@ -1160,18 +1023,6 @@ if hiera('step') >= 4 {
if $pacemaker_master {
- if $enable_load_balancer {
- pacemaker::constraint::base { 'haproxy-then-keystone-constraint':
- constraint_type => 'order',
- first_resource => 'haproxy-clone',
- second_resource => 'openstack-core-clone',
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
- }
-
pacemaker::constraint::base { 'openstack-core-then-httpd-constraint':
constraint_type => 'order',
first_resource => 'openstack-core-clone',
@@ -1181,15 +1032,6 @@ if hiera('step') >= 4 {
require => [Pacemaker::Resource::Service[$::apache::params::service_name],
Pacemaker::Resource::Ocf['openstack-core']],
}
- pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint':
- constraint_type => 'order',
- first_resource => 'rabbitmq-clone',
- second_resource => 'openstack-core-clone',
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Ocf['rabbitmq'],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
pacemaker::constraint::base { 'memcached-then-openstack-core-constraint':
constraint_type => 'order',
first_resource => 'memcached-clone',
@@ -1278,79 +1120,22 @@ if hiera('step') >= 4 {
require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name],
Pacemaker::Resource::Ocf['openstack-core']],
}
-
- # Glance
- pacemaker::resource::service { $::glance::params::registry_service_name :
- clone_params => 'interleave=true',
- require => Pacemaker::Resource::Ocf['openstack-core'],
- }
- pacemaker::resource::service { $::glance::params::api_service_name :
- clone_params => 'interleave=true',
- }
-
- pacemaker::constraint::base { 'keystone-then-glance-registry-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::glance::params::registry_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
- pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint':
+ pacemaker::constraint::base { 'sahara-api-then-sahara-engine-constraint':
constraint_type => 'order',
- first_resource => "${::glance::params::registry_service_name}-clone",
- second_resource => "${::glance::params::api_service_name}-clone",
+ first_resource => "${::sahara::params::api_service_name}-clone",
+ second_resource => "${::sahara::params::engine_service_name}-clone",
first_action => 'start',
second_action => 'start',
- require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
- Pacemaker::Resource::Service[$::glance::params::api_service_name]],
- }
- pacemaker::constraint::colocation { 'glance-api-with-glance-registry-colocation':
- source => "${::glance::params::api_service_name}-clone",
- target => "${::glance::params::registry_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
- Pacemaker::Resource::Service[$::glance::params::api_service_name]],
- }
-
- if hiera('step') == 4 {
- # Neutron
- # NOTE(gfidente): Neutron will try to populate the database with some data
- # as soon as neutron-server is started; to avoid races we want to make this
- # happen only on one node, before normal Pacemaker initialization
- # https://bugzilla.redhat.com/show_bug.cgi?id=1233061
- # NOTE(emilien): we need to run this Exec only at Step 4 otherwise this exec
- # will try to start the service while it's already started by Pacemaker
- # It would result to a deployment failure since systemd would return 1 to Puppet
- # and the overcloud would fail to deploy (6 would be returned).
- # This conditional prevents from a race condition during the deployment.
- # https://bugzilla.redhat.com/show_bug.cgi?id=1290582
- exec { 'neutron-server-systemd-start-sleep' :
- command => 'systemctl start neutron-server && /usr/bin/sleep 5',
- path => '/usr/bin',
- unless => '/sbin/pcs resource show neutron-server',
- } ->
- pacemaker::resource::service { $::neutron::params::server_service:
- clone_params => 'interleave=true',
- require => Pacemaker::Resource::Ocf['openstack-core']
- }
- } else {
- pacemaker::resource::service { $::neutron::params::server_service:
- clone_params => 'interleave=true',
- require => Pacemaker::Resource::Ocf['openstack-core']
- }
+ require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name],
+ Pacemaker::Resource::Service[$::sahara::params::engine_service_name]],
}
+
if hiera('neutron::enable_l3_agent', true) {
pacemaker::resource::service { $::neutron::params::l3_agent_service:
clone_params => 'interleave=true',
}
}
- if hiera('neutron::enable_dhcp_agent', true) {
- pacemaker::resource::service { $::neutron::params::dhcp_agent_service:
- clone_params => 'interleave=true',
- }
- }
+
if hiera('neutron::enable_ovs_agent', true) {
pacemaker::resource::service { $::neutron::params::ovs_agent_service:
clone_params => 'interleave=true',
@@ -1410,81 +1195,6 @@ if hiera('step') >= 4 {
Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
}
}
- pacemaker::constraint::base { 'keystone-to-neutron-server-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::neutron::params::server_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Ocf['openstack-core'],
- Pacemaker::Resource::Service[$::neutron::params::server_service]],
- }
- if hiera('neutron::enable_ovs_agent',true) {
- pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::ovs_agent_service}-clone",
- second_resource => "${::neutron::params::dhcp_agent_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]],
- }
- }
- if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_ovs_agent',true) {
- pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::server_service}-clone",
- second_resource => "${::neutron::params::ovs_agent_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::server_service],
- Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
- }
-
- pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation':
- source => "${::neutron::params::dhcp_agent_service}-clone",
- target => "${::neutron::params::ovs_agent_service}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]],
- }
- }
- if hiera('neutron::enable_dhcp_agent',true) and hiera('l3_agent_service',true) {
- pacemaker::constraint::base { 'neutron-dhcp-agent-to-l3-agent-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::dhcp_agent_service}-clone",
- second_resource => "${::neutron::params::l3_agent_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]]
- }
- pacemaker::constraint::colocation { 'neutron-dhcp-agent-to-l3-agent-colocation':
- source => "${::neutron::params::l3_agent_service}-clone",
- target => "${::neutron::params::dhcp_agent_service}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]]
- }
- }
- if hiera('neutron::enable_l3_agent',true) and hiera('neutron::enable_metadata_agent',true) {
- pacemaker::constraint::base { 'neutron-l3-agent-to-metadata-agent-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::l3_agent_service}-clone",
- second_resource => "${::neutron::params::metadata_agent_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]]
- }
- pacemaker::constraint::colocation { 'neutron-l3-agent-to-metadata-agent-colocation':
- source => "${::neutron::params::metadata_agent_service}-clone",
- target => "${::neutron::params::l3_agent_service}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]]
- }
- }
if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
#midonet-chain chain keystone-->neutron-server-->dhcp-->metadata->tomcat
pacemaker::constraint::base { 'neutron-server-to-dhcp-agent-constraint':
@@ -1615,7 +1325,7 @@ if hiera('step') >= 4 {
Pacemaker::Resource::Service[$::nova::params::conductor_service_name]],
}
- # Ceilometer
+ # Ceilometer and Aodh
case downcase(hiera('ceilometer_backend')) {
/mysql/: {
pacemaker::resource::service { $::ceilometer::params::agent_central_service_name:
@@ -1648,8 +1358,10 @@ if hiera('step') >= 4 {
# Fedora doesn't know `require-all` parameter for constraints yet
if $::operatingsystem == 'Fedora' {
$redis_ceilometer_constraint_params = undef
+ $redis_aodh_constraint_params = undef
} else {
$redis_ceilometer_constraint_params = 'require-all=false'
+ $redis_aodh_constraint_params = 'require-all=false'
}
pacemaker::constraint::base { 'redis-then-ceilometer-central-constraint':
constraint_type => 'order',
@@ -1661,6 +1373,16 @@ if hiera('step') >= 4 {
require => [Pacemaker::Resource::Ocf['redis'],
Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name]],
}
+ pacemaker::constraint::base { 'redis-then-aodh-evaluator-constraint':
+ constraint_type => 'order',
+ first_resource => 'redis-master',
+ second_resource => "${::aodh::params::evaluator_service_name}-clone",
+ first_action => 'promote',
+ second_action => 'start',
+ constraint_params => $redis_aodh_constraint_params,
+ require => [Pacemaker::Resource::Ocf['redis'],
+ Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name]],
+ }
pacemaker::constraint::base { 'keystone-then-ceilometer-central-constraint':
constraint_type => 'order',
first_resource => 'openstack-core-clone',
@@ -1670,6 +1392,15 @@ if hiera('step') >= 4 {
require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
Pacemaker::Resource::Ocf['openstack-core']],
}
+ pacemaker::constraint::base { 'keystone-then-ceilometer-notification-constraint':
+ constraint_type => 'order',
+ first_resource => 'openstack-core-clone',
+ second_resource => "${::ceilometer::params::agent_notification_service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
+ Pacemaker::Resource::Ocf['openstack-core']],
+ }
pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint':
constraint_type => 'order',
first_resource => "${::ceilometer::params::agent_central_service_name}-clone",
@@ -1711,6 +1442,64 @@ if hiera('step') >= 4 {
require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name],
Pacemaker::Resource::Ocf['delay']],
}
+ # Aodh
+ pacemaker::resource::service { $::aodh::params::evaluator_service_name :
+ clone_params => 'interleave=true',
+ }
+ pacemaker::resource::service { $::aodh::params::notifier_service_name :
+ clone_params => 'interleave=true',
+ }
+ pacemaker::resource::service { $::aodh::params::listener_service_name :
+ clone_params => 'interleave=true',
+ }
+ pacemaker::constraint::base { 'aodh-delay-then-aodh-evaluator-constraint':
+ constraint_type => 'order',
+ first_resource => 'delay-clone',
+ second_resource => "${::aodh::params::evaluator_service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
+ Pacemaker::Resource::Ocf['delay']],
+ }
+ pacemaker::constraint::colocation { 'aodh-evaluator-with-aodh-delay-colocation':
+ source => "${::aodh::params::evaluator_service_name}-clone",
+ target => 'delay-clone',
+ score => 'INFINITY',
+ require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
+ Pacemaker::Resource::Ocf['delay']],
+ }
+ pacemaker::constraint::base { 'aodh-evaluator-then-aodh-notifier-constraint':
+ constraint_type => 'order',
+ first_resource => "${::aodh::params::evaluator_service_name}-clone",
+ second_resource => "${::aodh::params::notifier_service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
+ Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]],
+ }
+ pacemaker::constraint::colocation { 'aodh-notifier-with-aodh-evaluator-colocation':
+ source => "${::aodh::params::notifier_service_name}-clone",
+ target => "${::aodh::params::evaluator_service_name}-clone",
+ score => 'INFINITY',
+ require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
+ Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]],
+ }
+ pacemaker::constraint::base { 'aodh-evaluator-then-aodh-listener-constraint':
+ constraint_type => 'order',
+ first_resource => "${::aodh::params::evaluator_service_name}-clone",
+ second_resource => "${::aodh::params::listener_service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
+ Pacemaker::Resource::Service[$::aodh::params::listener_service_name]],
+ }
+ pacemaker::constraint::colocation { 'aodh-listener-with-aodh-evaluator-colocation':
+ source => "${::aodh::params::listener_service_name}-clone",
+ target => "${::aodh::params::evaluator_service_name}-clone",
+ score => 'INFINITY',
+ require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
+ Pacemaker::Resource::Service[$::aodh::params::listener_service_name]],
+ }
if downcase(hiera('ceilometer_backend')) == 'mongodb' {
pacemaker::constraint::base { 'mongodb-then-ceilometer-central-constraint':
constraint_type => 'order',
@@ -1723,6 +1512,30 @@ if hiera('step') >= 4 {
}
}
+ # gnocchi
+ pacemaker::resource::service { $::gnocchi::params::metricd_service_name :
+ clone_params => 'interleave=true',
+ }
+ pacemaker::resource::service { $::gnocchi::params::statsd_service_name :
+ clone_params => 'interleave=true',
+ }
+ pacemaker::constraint::base { 'gnocchi-metricd-then-gnocchi-statsd-constraint':
+ constraint_type => 'order',
+ first_resource => "${::gnocchi::params::metricd_service_name}-clone",
+ second_resource => "${::gnocchi::params::statsd_service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name],
+ Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]],
+ }
+ pacemaker::constraint::colocation { 'gnocchi-statsd-with-metricd-colocation':
+ source => "${::gnocchi::params::statsd_service_name}-clone",
+ target => "${::gnocchi::params::metricd_service_name}-clone",
+ score => 'INFINITY',
+ require => [Pacemaker::Resource::Service[$::gnocchi::params::metricd_service_name],
+ Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]],
+ }
+
# Heat
pacemaker::resource::service { $::heat::params::api_service_name :
clone_params => 'interleave=true',
@@ -1736,15 +1549,6 @@ if hiera('step') >= 4 {
pacemaker::resource::service { $::heat::params::engine_service_name :
clone_params => 'interleave=true',
}
- pacemaker::constraint::base { 'keystone-then-heat-api-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::heat::params::api_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::heat::params::api_service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint':
constraint_type => 'order',
first_resource => "${::heat::params::api_service_name}-clone",
@@ -1839,20 +1643,6 @@ if hiera('step') >= 4 {
}
-} #END STEP 4
-
-if hiera('step') >= 5 {
-
- if $pacemaker_master {
-
- class {'::keystone::roles::admin' :
- require => Pacemaker::Resource::Service[$::apache::params::service_name],
- } ->
- class {'::keystone::endpoint' :
- require => Pacemaker::Resource::Service[$::apache::params::service_name],
- }
- }
-
} #END STEP 5
$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')])
diff --git a/puppet/manifests/ringbuilder.pp b/puppet/manifests/ringbuilder.pp
index 2d880d33..a623da29 100644
--- a/puppet/manifests/ringbuilder.pp
+++ b/puppet/manifests/ringbuilder.pp
@@ -13,8 +13,6 @@
# License for the specific language governing permissions and limitations
# under the License.
-include ::tripleo::packages
-
define add_devices(
$swift_zones = '1'
){
@@ -91,6 +89,6 @@ class tripleo::ringbuilder (
}
}
-include ::tripleo::ringbuilder
-
-package_manifest{'/var/lib/tripleo/installed-packages/ringbuilder': ensure => present}
+if hiera('step') >= 3 {
+ include ::tripleo::ringbuilder
+}
diff --git a/puppet/services/README.rst b/puppet/services/README.rst
new file mode 100644
index 00000000..38d2ac64
--- /dev/null
+++ b/puppet/services/README.rst
@@ -0,0 +1,50 @@
+========
+services
+========
+
+A TripleO nested stack Heat template that encapsulates generic configuration
+data to configure a specific service. This generally includes everything
+needed to configure the service excluding the local bind ports which
+are still managed in the per-node role templates directly (controller.yaml,
+compute.yaml, etc.). All other (global) service settings go into
+the puppet/service templates.
+
+Input Parameters
+----------------
+
+Each service may define its own input parameters and defaults.
+Operators will use the parameter_defaults section of any Heat
+environment to set per service parameters.
+
+Config Settings
+---------------
+
+Each service may define a config_settings output variable which returns
+Hiera settings to be configured.
+
+Steps
+-----
+
+Each service may define an output variable which returns a puppet manifest
+snippet that will run at each of the following steps. Earlier manifests
+are re-asserted when applying latter ones.
+
+ * config_settings: Custom hiera settings for this service.
+
+ * step_config: A puppet manifest that is used to step through the deployment
+ sequence. Each sequence is given a "step" (via hiera('step') that provides
+ information for when puppet classes should activate themselves.
+
+ Steps correlate to the following:
+
+ 1) Load Balancer configuration
+
+ 2) Core Services (Database/Rabbit/NTP/etc.)
+
+ 3) Early Openstack Service setup (Ringbuilder, etc.)
+
+ 4) General OpenStack Services
+
+ 5) Service activation (Pacemaker)
+
+ 6) Fencing (Pacemaker)
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
new file mode 100644
index 00000000..ca50d91d
--- /dev/null
+++ b/puppet/services/glance-api.yaml
@@ -0,0 +1,102 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Glance API service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ GlanceNotifierStrategy:
+ description: Strategy to use for Glance notification queue
+ type: string
+ default: noop
+ GlanceLogFile:
+ description: The filepath of the file to use for logging messages from Glance.
+ type: string
+ default: ''
+ GlancePassword:
+ description: The password for the glance service and db account, used by the glance services.
+ type: string
+ hidden: true
+ GlanceBackend:
+ default: swift
+ description: The short name of the Glance backend to use. Should be one
+ of swift, rbd, or file
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'file', 'rbd']
+ GlanceWorkers:
+ default: 0
+ description: Number of workers for Glance service.
+ type: number
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the Glance API role.
+ value:
+ config_settings:
+ glance_dsn: &glance_dsn
+ list_join:
+ - ''
+ - - 'mysql+pymysql://glance:'
+ - {get_param: GlancePassword}
+ - '@'
+ - {get_param: MysqlVirtualIPUri}
+ - '/glance'
+ glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
+ glance::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::api::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::api::registry_host:
+ str_replace:
+ template: "'REGISTRY_HOST'"
+ params:
+ REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]}
+ glance::api::keystone_password: {get_param: GlancePassword}
+ glance::api::debug: {get_param: Debug}
+ glance::api::workers: {get_param: GlanceWorkers}
+ glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
+ glance_log_file: {get_param: GlanceLogFile}
+ glance::api::database_connection: *glance_dsn
+ glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::backend::swift::swift_store_user: service:glance
+ glance::backend::swift::swift_store_key: {get_param: GlancePassword}
+ glance_backend: {get_param: GlanceBackend}
+ glance::db::mysql::password: {get_param: GlancePassword}
+ glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
+ glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
+ glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
+ glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
+ glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
+ glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
+ glance::keystone::auth::password: {get_param: GlancePassword }
+ step_config: |
+ include ::tripleo::profile::base::glance::api
diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml
new file mode 100644
index 00000000..1a1a515a
--- /dev/null
+++ b/puppet/services/glance-registry.yaml
@@ -0,0 +1,48 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Glance Registry service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ GlancePassword:
+ description: The password for the glance service and db account, used by the glance services.
+ type: string
+ hidden: true
+ GlanceWorkers:
+ default: 0
+ description: Number of workers for Glance service.
+ type: number
+
+outputs:
+ role_data:
+ description: Role data for the Glance Registry role.
+ value:
+ config_settings:
+ glance_dsn: &glance_dsn
+ list_join:
+ - ''
+ - - 'mysql+pymysql://glance:'
+ - {get_param: GlancePassword}
+ - '@'
+ - {get_param: MysqlVirtualIPUri}
+ - '/glance'
+ glance::registry::keystone_password: {get_param: GlancePassword}
+ glance::registry::database_connection: *glance_dsn
+ glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::registry::debug: {get_param: Debug}
+ glance::registry::workers: {get_param: GlanceWorkers}
+ step_config: |
+ include ::tripleo::profile::base::glance::registry
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
new file mode 100644
index 00000000..1654f0e7
--- /dev/null
+++ b/puppet/services/keystone.yaml
@@ -0,0 +1,135 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Keystone service configured with Puppet
+
+parameters:
+ KeystoneCACertificate:
+ default: ''
+ description: Keystone self-signed certificate authority certificate.
+ type: string
+ KeystoneEnableDBPurge:
+ default: true
+ description: |
+ Whether to create cron job for purging soft deleted rows in Keystone database.
+ type: boolean
+ KeystoneSigningCertificate:
+ default: ''
+ description: Keystone certificate for verifying token validity.
+ type: string
+ KeystoneSigningKey:
+ default: ''
+ description: Keystone key for signing tokens.
+ type: string
+ hidden: true
+ KeystoneSSLCertificate:
+ default: ''
+ description: Keystone certificate for verifying token validity.
+ type: string
+ KeystoneSSLCertificateKey:
+ default: ''
+ description: Keystone key for signing tokens.
+ type: string
+ hidden: true
+ KeystoneNotificationDriver:
+ description: Comma-separated list of Oslo notification drivers used by Keystone
+ default: ['messaging']
+ type: comma_delimited_list
+ KeystoneNotificationFormat:
+ description: The Keystone notification format
+ default: 'basic'
+ type: string
+ constraints:
+ - allowed_values: [ 'basic', 'cadf' ]
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ KeystoneWorkers:
+ default: 0
+ description: Number of workers for Keystone service.
+ type: number
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+ Debug:
+ type: string
+ default: ''
+ AdminEmail:
+ default: 'admin@example.com'
+ description: The email for the keystone admin account.
+ type: string
+ hidden: true
+ AdminPassword:
+ description: The password for the keystone admin account, used for monitoring, querying neutron etc.
+ type: string
+ hidden: true
+ AdminToken:
+ description: The keystone auth secret and db password.
+ type: string
+ hidden: true
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+
+outputs:
+ role_data:
+ description: Role data for the Keystone role.
+ value:
+ config_settings:
+ keystone_dsn: &keystone_dsn
+ list_join:
+ - ''
+ - - 'mysql+pymysql://keystone:'
+ - {get_param: AdminToken}
+ - '@'
+ - {get_param: MysqlVirtualIPUri}
+ - '/keystone'
+ keystone::database_connection: *keystone_dsn
+ keystone::admin_token: {get_param: AdminToken}
+ keystone::roles::admin::password: {get_param: AdminPassword}
+ keystone_ca_certificate: {get_param: KeystoneCACertificate}
+ keystone_signing_key: {get_param: KeystoneSigningKey}
+ keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
+ keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
+ keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+ keystone::debug: {get_param: Debug}
+ keystone::db::mysql::password: {get_param: AdminToken}
+ keystone::rabbit_userid: {get_param: RabbitUserName}
+ keystone::rabbit_password: {get_param: RabbitPassword}
+ keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ keystone::rabbit_port: {get_param: RabbitClientPort}
+ keystone::notification_driver: {get_param: KeystoneNotificationDriver}
+ keystone::notification_format: {get_param: KeystoneNotificationFormat}
+ keystone::roles::admin::email: {get_param: AdminEmail}
+ keystone::roles::admin::password: {get_param: AdminPassword}
+ keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
+ keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ keystone::endpoint::region: {get_param: KeystoneRegion}
+ keystone::admin_workers: {get_param: KeystoneWorkers}
+ keystone::public_workers: {get_param: KeystoneWorkers}
+ keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
+ keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
+ step_config: |
+ include ::tripleo::profile::base::keystone
diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml
new file mode 100644
index 00000000..b34bdd22
--- /dev/null
+++ b/puppet/services/neutron-base.yaml
@@ -0,0 +1,44 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron base service. Shared for all Neutron agents.
+
+parameters:
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ NeutronDhcpAgentsPerNetwork:
+ type: number
+ default: 3
+ description: The number of neutron dhcp agents to schedule per network
+ Debug:
+ type: string
+ default: ''
+ description: Set to True to enable debugging on all services.
+
+outputs:
+ role_data:
+ description: Role data for the Neutron base service.
+ value:
+ config_settings:
+ neutron::rabbit_password: {get_param: RabbitPassword}
+ neutron::rabbit_user: {get_param: RabbitUserName}
+ neutron::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ neutron::rabbit_port: {get_param: RabbitClientPort}
+ neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
+ neutron::debug: {get_param: Debug}
diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml
new file mode 100644
index 00000000..548b4ba0
--- /dev/null
+++ b/puppet/services/neutron-dhcp.yaml
@@ -0,0 +1,56 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron DHCP agent configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+ NeutronEnableIsolatedMetadata:
+ default: 'False'
+ description: If True, DHCP provide metadata route to VM.
+ type: string
+ NeutronDnsmasqOptions:
+ default: 'dhcp-option-force=26,%MTU%'
+ description: >
+ Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU
+ to be set to the value of NeutronTenantMtu, which should be set to account
+ for tunnel overhead.
+ type: string
+ NeutronTenantMtu:
+ description: >
+ The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
+ be at least 50 bytes smaller than the MTU on the physical network. This
+ value will be used to set the MTU on the virtual Ethernet device.
+ This value will be used to construct the NeutronDnsmasqOptions, since that
+ will determine the MTU that is assigned to the VM host through DHCP.
+ default: "1400"
+ type: string
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+
+outputs:
+ role_data:
+ description: Role data for the Neutron DHCP agent service.
+ value:
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf
+ tripleo::profile::base::neutron::dhcp:
+ str_replace:
+ template: {get_param: NeutronDnsmasqOptions}
+ params:
+ '%MTU%': {get_param: NeutronTenantMtu}
+ neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
+ step_config: |
+ include tripleo::profile::base::neutron::dhcp
diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml
new file mode 100644
index 00000000..815eb5bf
--- /dev/null
+++ b/puppet/services/pacemaker/glance-api.yaml
@@ -0,0 +1,60 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Glance API service with Pacemaker configured with Puppet.
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+ GlanceFilePcmkDevice:
+ default: ''
+ description: >
+ An exported storage device that should be mounted by Pacemaker
+ as Glance storage. Effective when GlanceFilePcmkManage is true.
+ type: string
+ GlanceFilePcmkFstype:
+ default: 'nfs'
+ description: >
+ Filesystem type for Pacemaker mount used as Glance storage.
+ Effective when GlanceFilePcmkManage is true.
+ type: string
+ GlanceFilePcmkManage:
+ default: false
+ description: >
+ Whether to make Glance file backend a mount managed by Pacemaker.
+ Effective when GlanceBackend is 'file'.
+ type: boolean
+ GlanceFilePcmkOptions:
+ default: ''
+ description: >
+ Mount options for Pacemaker mount used as Glance storage.
+ Effective when GlanceFilePcmkManage is true.
+ type: string
+
+resources:
+
+ GlanceApiBase:
+ type: ../glance-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri}
+
+outputs:
+ role_data:
+ description: Role data for the Glance role.
+ value:
+ config_settings:
+ map_merge:
+ - get_attr: [GlanceApiBase, role_data, config_settings]
+ - glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
+ glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
+ glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
+ glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
+ step_config: |
+ include ::tripleo::profile::pacemaker::glance
diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml
new file mode 100644
index 00000000..56353459
--- /dev/null
+++ b/puppet/services/pacemaker/glance-registry.yaml
@@ -0,0 +1,33 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Glance Registry service with Pacemaker configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+
+resources:
+
+ GlanceRegistryBase:
+ type: ../glance-registry.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri}
+
+outputs:
+ role_data:
+ description: Role data for the Glance role.
+ value:
+ config_settings:
+ get_attr: [GlanceRegistryBase, role_data, config_settings]
+ # No puppet manifests since glance-registry is included in
+ # ::tripleo::profile::pacemaker::glance which is maintained alongside of
+ # pacemaker/glance-api.yaml.
+ step_config:
diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml
new file mode 100644
index 00000000..8fcab15f
--- /dev/null
+++ b/puppet/services/pacemaker/keystone.yaml
@@ -0,0 +1,34 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Keystone service with Pacemaker configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+
+resources:
+
+ KeystoneServiceBase:
+ type: ../keystone.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri}
+
+outputs:
+ role_data:
+ description: Role data for the Keystone pacemaker role.
+ value:
+ config_settings:
+ map_merge:
+ - get_attr: [KeystoneServiceBase, role_data, config_settings]
+ #-
+ # custom keystone hiera goes here if we need it!?
+ step_config: |
+ include ::tripleo::profile::pacemaker::keystone
diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml
new file mode 100644
index 00000000..4be711ca
--- /dev/null
+++ b/puppet/services/pacemaker/neutron-dhcp.yaml
@@ -0,0 +1,33 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron DHCP service with Pacemaker configured with Puppet.
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+
+resources:
+
+ NeutronDhcpBase:
+ type: ../neutron-dhcp.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron DHCP role.
+ value:
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronDhcpBase, role_data, config_settings]
+ - tripleo::profile::pacemaker::neutron::enable_dhcp: True
+ step_config: |
+ include ::tripleo::profile::pacemaker::neutron::dhcp
diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml
new file mode 100644
index 00000000..f9681634
--- /dev/null
+++ b/puppet/services/services.yaml
@@ -0,0 +1,40 @@
+heat_template_version: 2016-04-08
+
+description: >
+ Utility stack to convert an array of services into a set of combined
+ role configs.
+
+parameters:
+ Services:
+ default: []
+ description: |
+ List nested stack service templates.
+ type: comma_delimited_list
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ default: ''
+ type: string
+ description: The URI virtual IP for the MySQL service.
+
+resources:
+
+ ServiceChain:
+ type: OS::Heat::ResourceChain
+ properties:
+ resources: {get_param: Services}
+ concurrent: true
+ resource_properties:
+ EndpointMap: {get_param: EndpointMap}
+ MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri}
+
+outputs:
+ config_settings:
+ description: Configuration settings.
+ value: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}}
+ step_config:
+ description: Step configuration.
+ value: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]}
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index c26aca77..296428db 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -30,6 +30,10 @@ parameters:
default: 10
description: Partition Power to use when building Swift rings
type: number
+ RingBuild:
+ default: true
+ description: Whether to manage Swift rings or not
+ type: boolean
Replicas:
type: number
default: 3
@@ -252,6 +256,7 @@ resources:
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- common
+ merge_behavior: deeper
datafiles:
common:
raw_data: {get_file: hieradata/common.yaml}
@@ -263,17 +268,14 @@ resources:
raw_data: {get_file: hieradata/object.yaml}
mapped_data: # data supplied directly to this deployment configuration, etc
swift::swift_hash_suffix: { get_input: swift_hash_suffix }
+ tripleo::ringbuilder::build_ring: { get_input: swift_ring_build }
tripleo::ringbuilder::part_power: { get_input: swift_part_power }
tripleo::ringbuilder::replicas: {get_input: swift_replicas }
- # Swift
swift::storage::all::storage_local_net_ip: {get_input: swift_management_network}
swift_mount_check: {get_input: swift_mount_check }
tripleo::ringbuilder::min_part_hours: { get_input: swift_min_part_hours }
ntp::servers: {get_input: ntp_servers}
timezone::timezone: {get_input: timezone}
- # NOTE(dprince): build_ring support is currently not wired in.
- # See: https://review.openstack.org/#/c/109225/
- tripleo::ringbuilder::build_ring: True
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
tripleo::packages::enable_install: {get_input: enable_package_install}
@@ -294,6 +296,7 @@ resources:
swift_hash_suffix: {get_param: HashSuffix}
swift_mount_check: {get_param: MountCheck}
swift_min_part_hours: {get_param: MinPartHours}
+ swift_ring_build: {get_param: RingBuild}
swift_part_power: {get_param: PartPower}
swift_replicas: { get_param: Replicas}
ntp_servers: {get_param: NtpServer}
@@ -335,12 +338,12 @@ outputs:
str_replace:
template: |
PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST
- STORAGEIP STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST
- TENANTIP TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST
+ EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
+ INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
+ STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
+ STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
+ TENANTIP TENANTHOST.DOMAIN TENANTHOST
+ MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
params:
PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
@@ -348,37 +351,37 @@ outputs:
EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
EXTERNALHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [SwiftStorage, name]}
- external
INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
INTERNAL_APIHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [SwiftStorage, name]}
- internalapi
STORAGEIP: {get_attr: [StoragePort, ip_address]}
STORAGEHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [SwiftStorage, name]}
- storage
STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
STORAGE_MGMTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [SwiftStorage, name]}
- storagemgmt
TENANTIP: {get_attr: [TenantPort, ip_address]}
TENANTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [SwiftStorage, name]}
- tenant
MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
MANAGEMENTHOST:
list_join:
- - '-'
+ - '.'
- - {get_attr: [SwiftStorage, name]}
- management
nova_server_resource:
diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml
index 5e2f698f..3e8e9182 100644
--- a/puppet/vip-config.yaml
+++ b/puppet/vip-config.yaml
@@ -26,6 +26,8 @@ resources:
nova_api_vip: {get_input: nova_api_vip}
nova_metadata_vip: {get_input: nova_metadata_vip}
ceilometer_api_vip: {get_input: ceilometer_api_vip}
+ aodh_api_vip: {get_input: aodh_api_vip}
+ gnocchi_api_vip: {get_input: gnocchi_api_vip}
heat_api_vip: {get_input: heat_api_vip}
horizon_vip: {get_input: horizon_vip}
redis_vip: {get_input: redis_vip}