diff options
Diffstat (limited to 'puppet')
48 files changed, 1425 insertions, 698 deletions
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 9e35af5f..d3268ee2 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -458,9 +458,7 @@ resources: - all_nodes # provided by allNodesConfig - vip_data # provided by allNodesConfig - '"%{::osfamily}"' - - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre - - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml index cb8d498c..9b900bc4 100644 --- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml @@ -245,7 +245,9 @@ resources: for map_name in mappings: f_name = '/root/' + map_name map_data = os.getenv(map_name, "Nada") - with open(f_name, 'a') as f: + with os.fdopen(os.open(f_name, + os.O_CREAT | os.O_TRUNC | os.O_WRONLY, 0o644), + 'w') as f: f.write(map_data) if map_data is not "Nada": if map_name is not 'nexus_config': @@ -260,7 +262,9 @@ resources: for mac in vals[1:]: mac2host[mac.lower()] = vals[0] - with open('/root/mac2host', 'a') as f: + with os.fdopen(os.open('/root/mac2host', + os.O_CREAT | os.O_TRUNC | os.O_WRONLY, 0o644), + 'w') as f: f.write(str(mac2host)) # now we have mac to host, map host to switchport in hieradata diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml deleted file mode 100644 index 66252f1f..00000000 --- a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml +++ /dev/null @@ -1,59 +0,0 @@ -heat_template_version: ocata - -description: Compute node hieradata for Neutron OpenContrail configuration - -parameters: - server: - description: ID of the compute node to apply this config to - type: string - ContrailApiServerIp: - description: IP address of the OpenContrail API server - type: string - ContrailApiServerPort: - description: Port of the OpenContrail API - type: string - default: 8082 - -resources: - ComputeContrailConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - neutron_opencontrail_data: - mapped_data: - nova::network::neutron::network_api_class: nova.network.neutronv2.api.API - - contrail::vrouter::provision_vrouter::api_address: {get_input: contrail_api_server_ip} - contrail::vrouter::provision_vrouter::api_port: {get_input: contrail_api_server_port} - contrail::vrouter::provision_vrouter::keystone_admin_user: admin - contrail::vrouter::provision_vrouter::keystone_admin_tenant_name: admin - contrail::vrouter::provision_vrouter::keystone_admin_password: '"%{::admin_password}"' - - contrail::vnc_api::vnc_api_config: - 'auth/AUTHN_TYPE': - value: keystone - 'auth/AUTHN_PROTOCOL': - value: http - 'auth/AUTHN_SERVER': - value: "%{hiera('keystone_admin_api_vip')}" - 'auth/AUTHN_PORT': - value: 35357 - 'auth/AUTHN_URL': - value: '/v2.0/tokens' - - ComputeContrailDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: ComputeContrailConfig} - server: {get_param: server} - input_values: - contrail_api_server_ip: {get_param: ContrailApiServerIp} - contrail_api_server_port: {get_param: ContrailApiServerPort} - -outputs: - deploy_stdout: - description: Output of the extra hiera data deployment - value: {get_attr: [ComputeContrailDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml deleted file mode 100644 index 7d639883..00000000 --- a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml +++ /dev/null @@ -1,87 +0,0 @@ -heat_template_version: ocata - -description: Configure hieradata for Cinder Dell Storage Center configuration - -parameters: - server: - description: ID of the controller node to apply this config to - type: string - - # Config specific parameters, to be provided via parameter_defaults - CinderEnableDellScBackend: - type: boolean - default: true - CinderDellScBackendName: - type: string - default: 'tripleo_dellsc' - CinderDellScSanIp: - type: string - CinderDellScSanLogin: - type: string - default: 'Admin' - CinderDellScSanPassword: - type: string - hidden: true - CinderDellScSsn: - type: string - default: '64702' - CinderDellScIscsiIpAddress: - type: string - default: '' - CinderDellScIscsiPort: - type: string - default: '3260' - CinderDellScApiPort: - type: string - default: '3033' - CinderDellScServerFolder: - type: string - default: 'dellsc_server' - CinderDellScVolumeFolder: - type: string - default: 'dellsc_volume' - -resources: - CinderDellScConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - cinder_dellsc_data: - mapped_data: - tripleo::profile::base::cinder::volume::cinder_enable_dellsc_backend: {get_input: EnableDellScBackend} - cinder::backend::dellsc_iscsi::volume_backend_name: {get_input: DellScBackendName} - cinder::backend::dellsc_iscsi::san_ip: {get_input: DellScSanIp} - cinder::backend::dellsc_iscsi::san_login: {get_input: DellScSanLogin} - cinder::backend::dellsc_iscsi::san_password: {get_input: DellScSanPassword} - cinder::backend::dellsc_iscsi::dell_sc_ssn: {get_input: DellScSsn} - cinder::backend::dellsc_iscsi::iscsi_ip_address: {get_input: DellScIscsiIpAddress} - cinder::backend::dellsc_iscsi::iscsi_port: {get_input: DellScIscsiPort} - cinder::backend::dellsc_iscsi::dell_sc_api_port: {get_input: DellScApiPort} - cinder::backend::dellsc_iscsi::dell_sc_server_folder: {get_input: DellScServerFolder} - cinder::backend::dellsc_iscsi::dell_sc_volume_folder: {get_input: DellScVolumeFolder} - - CinderDellScDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: CinderDellScConfig} - server: {get_param: server} - input_values: - EnableDellScBackend: {get_param: CinderEnableDellScBackend} - DellScBackendName: {get_param: CinderDellScBackendName} - DellScSanIp: {get_param: CinderDellScSanIp} - DellScSanLogin: {get_param: CinderDellScSanLogin} - DellScSanPassword: {get_param: CinderDellScSanPassword} - DellScSsn: {get_param: CinderDellScSsn} - DellScIscsiIpAddress: {get_param: CinderDellScIscsiIpAddress} - DellScIscsiPort: {get_param: CinderDellScIscsiPort} - DellScApiPort: {get_param: CinderDellScApiPort} - DellScServerFolder: {get_param: CinderDellScServerFolder} - DellScVolumeFolder: {get_param: CinderDellScVolumeFolder} - -outputs: - deploy_stdout: - description: Deployment reference, used to trigger puppet apply on changes - value: {get_attr: [CinderDellScDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml deleted file mode 100644 index 30509044..00000000 --- a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml +++ /dev/null @@ -1,86 +0,0 @@ -heat_template_version: ocata - -description: Configure hieradata for Cinder Eqlx configuration - -parameters: - server: - description: ID of the controller node to apply this config to - type: string - - # Config specific parameters, to be provided via parameter_defaults - CinderEnableEqlxBackend: - type: boolean - default: true - CinderEqlxBackendName: - type: string - default: 'tripleo_eqlx' - CinderEqlxSanIp: - type: string - CinderEqlxSanLogin: - type: string - CinderEqlxSanPassword: - type: string - hidden: true - CinderEqlxSanThinProvision: - type: boolean - default: true - CinderEqlxGroupname: - type: string - default: 'group-0' - CinderEqlxPool: - type: string - default: 'default' - CinderEqlxChapLogin: - type: string - default: '' - CinderEqlxChapPassword: - type: string - default: '' - CinderEqlxUseChap: - type: boolean - default: false - -resources: - CinderEqlxConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - cinder_eqlx_data: - mapped_data: - tripleo::profile::base::cinder::volume::cinder_enable_eqlx_backend: {get_input: EnableEqlxBackend} - cinder::backend::eqlx::volume_backend_name: {get_input: EqlxBackendName} - cinder::backend::eqlx::san_ip: {get_input: EqlxSanIp} - cinder::backend::eqlx::san_login: {get_input: EqlxSanLogin} - cinder::backend::eqlx::san_password: {get_input: EqlxSanPassword} - cinder::backend::eqlx::san_thin_provision: {get_input: EqlxSanThinProvision} - cinder::backend::eqlx::eqlx_group_name: {get_input: EqlxGroupname} - cinder::backend::eqlx::eqlx_pool: {get_input: EqlxPool} - cinder::backend::eqlx::eqlx_use_chap: {get_input: EqlxUseChap} - cinder::backend::eqlx::eqlx_chap_login: {get_input: EqlxChapLogin} - cinder::backend::eqlx::eqlx_chap_password: {get_input: EqlxChapPassword} - - CinderEqlxDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: CinderEqlxConfig} - server: {get_param: server} - input_values: - EnableEqlxBackend: {get_param: CinderEnableEqlxBackend} - EqlxBackendName: {get_param: CinderEqlxBackendName} - EqlxSanIp: {get_param: CinderEqlxSanIp} - EqlxSanLogin: {get_param: CinderEqlxSanLogin} - EqlxSanPassword: {get_param: CinderEqlxSanPassword} - EqlxSanThinProvision: {get_param: CinderEqlxSanThinProvision} - EqlxGroupname: {get_param: CinderEqlxGroupname} - EqlxPool: {get_param: CinderEqlxPool} - EqlxUseChap: {get_param: CinderEqlxUseChap} - EqlxChapLogin: {get_param: CinderEqlxChapLogin} - EqlxChapPassword: {get_param: CinderEqlxChapPassword} - -outputs: - deploy_stdout: - description: Deployment reference, used to trigger puppet apply on changes - value: {get_attr: [CinderEqlxDeployment, deploy_stdout]} diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index eae85991..3362a01f 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -1,4 +1,7 @@ -{% set upgrade_steps_max = 8 -%} +{% set enabled_roles = roles|rejectattr('disable_upgrade_deployment')|list -%} +{% set batch_upgrade_steps_max = 3 -%} +{% set upgrade_steps_max = 6 -%} +{% set deliver_script = {'deliver': False} -%} heat_template_version: ocata description: 'Upgrade steps for all roles' @@ -15,57 +18,120 @@ parameters: description: > Setting to a previously unused value during stack-update will trigger the Upgrade resources to re-run on all roles. + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + NovaPassword: + description: The password for the nova service and db account, used by nova-api. + type: string + hidden: true conditions: # Conditions to disable any steps where the task list is empty -{% for step in range(0, upgrade_steps_max) %} - {% for role in roles %} - UpgradeBatchConfig_Step{{step}}Enabled: +{%- for role in roles %} + {{role.name}}UpgradeBatchConfigEnabled: not: equals: - {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]} - [] - UpgradeConfig_Step{{step}}Enabled: + {{role.name}}UpgradeConfigEnabled: not: equals: - {get_param: [role_data, {{role.name}}, upgrade_tasks]} - [] - {% endfor %} -{% endfor %} +{%- endfor %} resources: +{% for role in roles if role.disable_upgrade_deployment|default(false) %} + {{role.name}}DeliverUpgradeScriptConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "set -eu\n\n" + - "if hiera -c /etc/puppet/hiera.yaml service_names | grep nova_compute ; then\n\n" + - " crudini --set /etc/nova/nova.conf placement auth_type password\n\n" + - " crudini --set /etc/nova/nova.conf placement username placement\n\n" + - " crudini --set /etc/nova/nova.conf placement project_domain_name Default\n\n" + - " crudini --set /etc/nova/nova.conf placement user_domain_name Default\n\n" + - " crudini --set /etc/nova/nova.conf placement project_name service\n\n" + - " systemctl restart openstack-nova-compute\n\n" + - "fi\n\n" + - str_replace: + template: | + crudini --set /etc/nova/nova.conf placement password 'SERVICE_PASSWORD' + crudini --set /etc/nova/nova.conf placement region_name 'REGION_NAME' + crudini --set /etc/nova/nova.conf placement auth_url 'AUTH_URL' + ROLE='ROLE_NAME' + params: + SERVICE_PASSWORD: { get_param: NovaPassword } + REGION_NAME: { get_param: KeystoneRegion } + AUTH_URL: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + ROLE_NAME: {{role.name}} + - get_file: ../extraconfig/tasks/pacemaker_common_functions.sh + - get_file: ../extraconfig/tasks/tripleo_upgrade_node.sh + + {{role.name}}DeliverUpgradeScriptDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}DeliverUpgradeScriptConfig} +{% endfor %} + # Upgrade Steps for all roles, batched updates -# FIXME(shardy): would be nice to make the number of steps configurable -{% for step in range(0, upgrade_steps_max) %} - {% for role in roles %} - # Step {{step}} resources +# The UpgradeConfig resources could actually be created without +# serialization, but the event output is easier to follow if we +# do, and there should be minimal performance hit (creating the +# config is cheap compared to the time to apply the deployment). +{% for step in range(0, batch_upgrade_steps_max) %} + # Batch config resources step {{step}} + {%- for role in roles %} {{role.name}}UpgradeBatchConfig_Step{{step}}: type: OS::TripleO::UpgradeConfig - condition: UpgradeBatchConfig_Step{{step}}Enabled - # The UpgradeConfig resources could actually be created without - # serialization, but the event output is easier to follow if we - # do, and there should be minimal performance hit (creating the - # config is cheap compared to the time to apply the deployment). - {% if step > 0 %} + {%- if step > 0 %} + condition: {{role.name}}UpgradeBatchConfigEnabled + {% if role.name in enabled_roles %} + depends_on: + - {{role.name}}UpgradeBatch_Step{{step -1}} + {%- endif %} + {% else %} + {% for role in roles if role.disable_upgrade_deployment|default(false) %} + {% if deliver_script.update({'deliver': True}) %} {% endif %} + {% endfor %} + {% if deliver_script.deliver %} depends_on: - {% for dep in roles %} - - {{dep.name}}UpgradeBatch_Step{{step -1}} + {% endif %} + {% for dep in roles if dep.disable_upgrade_deployment|default(false) %} + - {{dep.name}}DeliverUpgradeScriptDeployment {% endfor %} {% endif %} properties: UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]} step: {{step}} + {%- endfor %} + # Batch deployment resources for step {{step}} (only for enabled roles) + {%- for role in enabled_roles %} {{role.name}}UpgradeBatch_Step{{step}}: - type: OS::Heat::StructuredDeploymentGroup - condition: UpgradeBatchConfig_Step{{step}}Enabled - {% if step > 0 %} + type: OS::Heat::SoftwareDeploymentGroup + condition: {{role.name}}UpgradeBatchConfigEnabled + {%- if step > 0 %} depends_on: - {% for dep in roles %} - - {{dep.name}}UpgradeBatch_Step{{step -1}} - {% endfor %} - {% endif %} + - {{role.name}}UpgradeBatch_Step{{step -1}} + {% else %} + depends_on: + - {{role.name}}UpgradeBatchConfig_Step{{step}} + {%- endif %} update_policy: batch_create: max_batch_size: {{role.upgrade_batch_size|default(1)}} @@ -78,52 +144,66 @@ resources: input_values: role: {{role.name}} update_identifier: {get_param: UpdateIdentifier} - {% endfor %} + {%- endfor %} +{%- endfor %} + +# Dump the puppet manifests to be apply later when disable_upgrade_deployment +# is to true +{% for role in roles if role.disable_upgrade_deployment|default(false) %} + {{role.name}}DeliverPuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - str_replace: + template: | + #!/bin/bash + cat > /root/{{role.name}}_puppet_config.pp << ENDOFCAT + PUPPET_CLASSES + ENDOFCAT + params: + PUPPET_CLASSES: {get_param: [role_data, {{role.name}}, step_config]} + + {{role.name}}DeliverPuppetDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}DeliverPuppetConfig} {% endfor %} # Upgrade Steps for all roles -# FIXME(shardy): would be nice to make the number of steps configurable -{% for step in range(0, upgrade_steps_max) %} - {% for role in roles %} - # Step {{step}} resources +{%- for step in range(0, upgrade_steps_max) %} + # Config resources for step {{step}} + {%- for role in roles %} {{role.name}}UpgradeConfig_Step{{step}}: type: OS::TripleO::UpgradeConfig - condition: UpgradeConfig_Step{{step}}Enabled # The UpgradeConfig resources could actually be created without # serialization, but the event output is easier to follow if we # do, and there should be minimal performance hit (creating the # config is cheap compared to the time to apply the deployment). + {%- if step > 0 %} + condition: {{role.name}}UpgradeConfigEnabled + {% if role.name in enabled_roles %} depends_on: - {% if step > 0 %} - {% for dep in roles %} - {% if not dep.disable_upgrade_deployment|default(false) %} - - {{dep.name}}Upgrade_Step{{step -1}} - {% endif %} - {% endfor %} - {% else %} - {% for dep in roles %} - - {{dep.name}}UpgradeBatch_Step{{upgrade_steps_max -1}} - {% endfor %} - {% endif %} + - {{role.name}}Upgrade_Step{{step -1}} + {% endif %} + {%- endif %} properties: UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]} step: {{step}} - {% if not role.disable_upgrade_deployment|default(false) %} + {%- endfor %} + + # Deployment resources for step {{step}} (only for enabled roles) + {%- for role in enabled_roles %} {{role.name}}Upgrade_Step{{step}}: - type: OS::Heat::StructuredDeploymentGroup - condition: UpgradeConfig_Step{{step}}Enabled + type: OS::Heat::SoftwareDeploymentGroup + {%- if step > 0 %} + condition: {{role.name}}UpgradeConfigEnabled depends_on: - {% if step > 0 %} - {% for dep in roles %} - {% if not dep.disable_upgrade_deployment|default(false) %} - - {{dep.name}}Upgrade_Step{{step -1}} - {% endif %} - {% endfor %} - {% else %} - {% for dep in roles %} - - {{dep.name}}UpgradeBatch_Step{{upgrade_steps_max -1}} - {% endfor %} - {% endif %} + - {{role.name}}Upgrade_Step{{step -1}} + {%- endif %} properties: name: {{role.name}}Upgrade_Step{{step}} servers: {get_param: [servers, {{role.name}}]} @@ -131,9 +211,21 @@ resources: input_values: role: {{role.name}} update_identifier: {get_param: UpdateIdentifier} - {% endif %} - {% endfor %} -{% endfor %} + {%- endfor %} +{%- endfor %} + + # Post upgrade deployment steps for all roles + # This runs the normal configuration (e.g puppet) steps unless upgrade + # is disabled for the role + AllNodesPostUpgradeSteps: + type: OS::TripleO::PostUpgradeSteps + depends_on: +{%- for dep in enabled_roles %} + - {{dep.name}}Upgrade_Step{{upgrade_steps_max - 1}} +{%- endfor %} + properties: + servers: {get_param: servers} + role_data: {get_param: role_data} outputs: # Output the config for each role, just use Step1 as the config should be @@ -144,4 +236,3 @@ outputs: {% for role in roles %} {{role.name.lower()}}: {get_attr: [{{role.name}}UpgradeConfig_Step1, upgrade_config]} {% endfor %} - diff --git a/puppet/post-upgrade.j2.yaml b/puppet/post-upgrade.j2.yaml new file mode 100644 index 00000000..b84039de --- /dev/null +++ b/puppet/post-upgrade.j2.yaml @@ -0,0 +1,27 @@ +heat_template_version: ocata + +description: > + Post-upgrade configuration steps via puppet for all roles + where upgrade is not disabled as defined in ../roles_data.yaml + +parameters: + servers: + type: json + description: Mapping of Role name e.g Controller to a list of servers + + role_data: + type: json + description: Mapping of Role name e.g Controller to the per-role data + + DeployIdentifier: + default: '' + type: string + description: > + Setting this to a unique value will re-run any deployment tasks which + perform configuration on a Heat stack-update. + +resources: +# Note the include here is the same as post.j2.yaml but the data used at +# the time of rendering is different if any roles disable upgrades +{% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%} +{% include 'puppet-steps.j2' %} diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml index 83c32868..21202775 100644 --- a/puppet/post.j2.yaml +++ b/puppet/post.j2.yaml @@ -12,7 +12,11 @@ parameters: role_data: type: json description: Mapping of Role name e.g Controller to the per-role data - + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json DeployIdentifier: default: '' type: string @@ -21,92 +25,4 @@ parameters: perform configuration on a Heat stack-update. resources: - # Post deployment steps for all roles - # A single config is re-applied with an incrementing step number -{% for role in roles %} - # {{role.name}} Role post deploy steps - {{role.name}}ArtifactsConfig: - type: deploy-artifacts.yaml - - {{role.name}}ArtifactsDeploy: - type: OS::Heat::StructuredDeployments - properties: - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}ArtifactsConfig} - - {{role.name}}PreConfig: - type: OS::TripleO::Tasks::{{role.name}}PreConfig - properties: - servers: {get_param: [servers, {{role.name}}]} - input_values: - update_identifier: {get_param: DeployIdentifier} - - {{role.name}}Config: - type: OS::TripleO::{{role.name}}Config - properties: - StepConfig: {get_param: [role_data, {{role.name}}, step_config]} - - {% if role.name == 'Controller' %} - ControllerPrePuppet: - type: OS::TripleO::Tasks::ControllerPrePuppet - properties: - servers: {get_param: [servers, Controller]} - input_values: - update_identifier: {get_param: DeployIdentifier} - {% endif %} - - # Step through a series of configuration steps -{% for step in range(1, 6) %} - {{role.name}}Deployment_Step{{step}}: - type: OS::Heat::StructuredDeploymentGroup - {% if step == 1 %} - depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] - {% else %} - depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step{{step -1}} - {% endfor %} - {% endif %} - properties: - name: {{role.name}}Deployment_Step{{step}} - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: {{step}} - update_identifier: {get_param: DeployIdentifier} -{% endfor %} - - {{role.name}}PostConfig: - type: OS::TripleO::Tasks::{{role.name}}PostConfig - depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step5 - {% endfor %} - properties: - servers: {get_param: servers} - input_values: - update_identifier: {get_param: DeployIdentifier} - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - {{role.name}}ExtraConfigPost: - depends_on: - {% for dep in roles %} - - {{dep.name}}PostConfig - {% endfor %} - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: [servers, {{role.name}}]} - - {% if role.name == 'Controller' %} - ControllerPostPuppet: - depends_on: - - ControllerExtraConfigPost - type: OS::TripleO::Tasks::ControllerPostPuppet - properties: - servers: {get_param: [servers, Controller]} - input_values: - update_identifier: {get_param: DeployIdentifier} - {% endif %} - -{% endfor %} +{% include 'puppet-steps.j2' %} diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2 new file mode 100644 index 00000000..c3b54ccd --- /dev/null +++ b/puppet/puppet-steps.j2 @@ -0,0 +1,88 @@ + # Post deployment steps for all roles + # A single config is re-applied with an incrementing step number +{% for role in roles %} + # {{role.name}} Role post-deploy steps + {{role.name}}ArtifactsConfig: + type: deploy-artifacts.yaml + + {{role.name}}ArtifactsDeploy: + type: OS::Heat::StructuredDeployments + properties: + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}ArtifactsConfig} + + {{role.name}}PreConfig: + type: OS::TripleO::Tasks::{{role.name}}PreConfig + properties: + servers: {get_param: [servers, {{role.name}}]} + input_values: + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Config: + type: OS::TripleO::{{role.name}}Config + properties: + StepConfig: {get_param: [role_data, {{role.name}}, step_config]} + + {% if role.name == 'Controller' %} + ControllerPrePuppet: + type: OS::TripleO::Tasks::ControllerPrePuppet + properties: + servers: {get_param: [servers, Controller]} + input_values: + update_identifier: {get_param: DeployIdentifier} + {% endif %} + + # Step through a series of configuration steps +{% for step in range(1, 6) %} + {{role.name}}Deployment_Step{{step}}: + type: OS::Heat::StructuredDeploymentGroup + {% if step == 1 %} + depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] + {% else %} + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step{{step -1}} + {% endfor %} + {% endif %} + properties: + name: {{role.name}}Deployment_Step{{step}} + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: {{step}} + update_identifier: {get_param: DeployIdentifier} +{% endfor %} + + {{role.name}}PostConfig: + type: OS::TripleO::Tasks::{{role.name}}PostConfig + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step5 + {% endfor %} + properties: + servers: {get_param: servers} + input_values: + update_identifier: {get_param: DeployIdentifier} + + # Note, this should come last, so use depends_on to ensure + # this is created after any other resources. + {{role.name}}ExtraConfigPost: + depends_on: + {% for dep in roles %} + - {{dep.name}}PostConfig + {% endfor %} + type: OS::TripleO::NodeExtraConfigPost + properties: + servers: {get_param: [servers, {{role.name}}]} + + {% if role.name == 'Controller' %} + ControllerPostPuppet: + depends_on: + - ControllerExtraConfigPost + type: OS::TripleO::Tasks::ControllerPostPuppet + properties: + servers: {get_param: [servers, Controller]} + input_values: + update_identifier: {get_param: DeployIdentifier} + {% endif %} +{% endfor %} diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 34cb350b..9c2d8c5c 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -57,10 +57,14 @@ is a list of ansible tasks to be performed during the upgrade process. Similar to the step_config, we allow a series of steps for the per-service upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first -step, "step2" for the second, etc. Note that each step is performed in batches, -then we move on to the next step which is also performed in batches (we don't -perform all steps on one node, then move on to the next one which means you -can sequence rolling upgrades of dependent services via the step value). +step, "step2" for the second, etc (currently only two steps are supported, but +more may be added when required as additional services get converted to batched +upgrades). + +Note that each step is performed in batches, then we move on to the next step +which is also performed in batches (we don't perform all steps on one node, +then move on to the next one which means you can sequence rolling upgrades of +dependent services via the step value). The tasks performed at each step is service specific, but note that all batch upgrade steps are performed before the `upgrade_tasks` described below. This @@ -93,9 +97,9 @@ step, "step2" for the second, etc. 5) Perform any migration tasks, e.g DB sync commands - 6) Start control-plane services - - 7) Any additional online migration tasks (e.g data migrations) +Note that the services are not started in the upgrade tasks - we instead re-run +puppet which does any reconfiguration required for the new version, then starts +the services. Nova Server Metadata Settings ----------------------------- diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 2401d764..4bd9fc47 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -86,12 +86,6 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: "PreUpgrade step0,validation: Check service openstack-aodh-api is running" - shell: /usr/bin/systemctl show 'openstack-aodh-api' --property ActiveState | grep '\bactive\b' - tags: step0,validation - name: Stop aodh_api service (running under httpd) tags: step2 service: name=httpd state=stopped - - name: Run aodh dbsync - tags: step5 - command: aodh-dbsync diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index cc0d158e..741f8da1 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -93,12 +93,6 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-api is running" - shell: /usr/bin/systemctl show 'openstack-ceilometer-api' --property ActiveState | grep '\bactive\b' - tags: step0,validation - name: Stop ceilometer_api service (running under httpd) tags: step2 service: name=httpd state=stopped - - name: Run ceilometer upgrade - tags: step5 - command: ceilometer-upgrade --config-file=/etc/ceilometer/ceilometer.conf --skip-gnocchi-resource-types diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml index 5341cfee..714434b1 100644 --- a/puppet/services/ceilometer-expirer.yaml +++ b/puppet/services/ceilometer-expirer.yaml @@ -40,7 +40,3 @@ outputs: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | include ::tripleo::profile::base::ceilometer::expirer - upgrade_tasks: - - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-expirer is running" - shell: /usr/bin/systemctl show 'openstack-ceilometer-expirer' --property ActiveState | grep '\bactive\b' - tags: step0,validation diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml index 98f83d08..9bd83aab 100644 --- a/puppet/services/ceph-osd.yaml +++ b/puppet/services/ceph-osd.yaml @@ -68,14 +68,14 @@ outputs: command: ceph osd set noscrub - name: Stop Ceph OSD tags: step1 - service: name=ceph-osd@$item state=stopped + service: name=ceph-osd@{{ item }} state=stopped with_items: "{{osd_ids.stdout.strip().split()}}" - name: Update ceph OSD packages tags: step1 yum: name=ceph-osd state=latest - name: Start ceph-osd service tags: step1 - service: name=ceph-osd@$item state=started + service: name=ceph-osd@{{ item }} state=started with_items: "{{osd_ids.stdout.strip().split()}}" - name: ceph osd unset noout tags: step1 diff --git a/puppet/services/cinder-backend-dellps.yaml b/puppet/services/cinder-backend-dellps.yaml new file mode 100644 index 00000000..1f15c53e --- /dev/null +++ b/puppet/services/cinder-backend-dellps.yaml @@ -0,0 +1,85 @@ +# Copyright (c) 2017 Dell Inc. or its subsidiaries. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +heat_template_version: ocata + +description: > + Openstack Cinder Dell EMC PS Series backend + +parameters: + CinderEnableDellPsBackend: + type: boolean + default: true + CinderDellPsBackendName: + type: string + default: 'tripleo_dellps' + CinderDellPsSanIp: + type: string + CinderDellPsSanLogin: + type: string + CinderDellPsSanPassword: + type: string + hidden: true + CinderDellPsSanThinProvision: + type: boolean + default: true + CinderDellPsGroupname: + type: string + default: 'group-0' + CinderDellPsPool: + type: string + default: 'default' + CinderDellPsChapLogin: + type: string + default: '' + CinderDellPsChapPassword: + type: string + default: '' + CinderDellPsUseChap: + type: boolean + default: false + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Dell EMC PS Series backend. + value: + service_name: cinder_backend_dellps + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_dellps_backend: {get_param: CinderEnableDellPsBackend} + cinder::backend::eqlx::volume_backend_name: {get_param: CinderDellPsBackendName} + cinder::backend::eqlx::san_ip: {get_param: CinderDellPsSanIp} + cinder::backend::eqlx::san_login: {get_param: CinderDellPsSanLogin} + cinder::backend::eqlx::san_password: {get_param: CinderDellPsSanPassword} + cinder::backend::eqlx::san_thin_provision: {get_param: CinderDellPsSanThinProvision} + cinder::backend::eqlx::eqlx_group_name: {get_param: CinderDellPsGroupname} + cinder::backend::eqlx::eqlx_pool: {get_param: CinderDellPsPool} + cinder::backend::eqlx::eqlx_use_chap: {get_param: CinderDellPsUseChap} + cinder::backend::eqlx::eqlx_chap_login: {get_param: CinderDellPsChapLogin} + cinder::backend::eqlx::eqlx_chap_password: {get_param: CinderDellPsChapPassword} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/cinder-backend-dellsc.yaml b/puppet/services/cinder-backend-dellsc.yaml new file mode 100644 index 00000000..6a6196ac --- /dev/null +++ b/puppet/services/cinder-backend-dellsc.yaml @@ -0,0 +1,85 @@ +# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: ocata + +description: > + Openstack Cinder Dell EMC Storage Center backend + +parameters: + CinderEnableDellScBackend: + type: boolean + default: true + CinderDellScBackendName: + type: string + default: 'tripleo_dellsc' + CinderDellScSanIp: + type: string + CinderDellScSanLogin: + type: string + default: 'Admin' + CinderDellScSanPassword: + type: string + hidden: true + CinderDellScSsn: + type: number + default: 64702 + CinderDellScIscsiIpAddress: + type: string + default: '' + CinderDellScIscsiPort: + type: number + default: 3260 + CinderDellScApiPort: + type: number + default: 3033 + CinderDellScServerFolder: + type: string + default: 'dellsc_server' + CinderDellScVolumeFolder: + type: string + default: 'dellsc_volume' + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Dell EMC Storage Center backend. + value: + service_name: cinder_backend_dellsc + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_dellsc_backend: {get_param: CinderEnableDellScBackend} + cinder::backend::dellsc_iscsi::volume_backend_name: {get_param: CinderDellScBackendName} + cinder::backend::dellsc_iscsi::san_ip: {get_param: CinderDellScSanIp} + cinder::backend::dellsc_iscsi::san_login: {get_param: CinderDellScSanLogin} + cinder::backend::dellsc_iscsi::san_password: {get_param: CinderDellScSanPassword} + cinder::backend::dellsc_iscsi::dell_sc_ssn: {get_param: CinderDellScSsn} + cinder::backend::dellsc_iscsi::iscsi_ip_address: {get_param: CinderDellScIscsiIpAddress} + cinder::backend::dellsc_iscsi::iscsi_port: {get_param: CinderDellScIscsiPort} + cinder::backend::dellsc_iscsi::dell_sc_api_port: {get_param: CinderDellScApiPort} + cinder::backend::dellsc_iscsi::dell_sc_server_folder: {get_param: CinderDellScServerFolder} + cinder::backend::dellsc_iscsi::dell_sc_volume_folder: {get_param: CinderDellScVolumeFolder} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml new file mode 100644 index 00000000..1b82f55c --- /dev/null +++ b/puppet/services/congress.yaml @@ -0,0 +1,90 @@ +heat_template_version: ocata + +description: > + OpenStack Congress service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CongressPassword: + description: The password for the congress service account. + type: string + hidden: true + Debug: + type: string + default: '' + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +outputs: + role_data: + description: Role data for the Congress role. + value: + service_name: congress + config_settings: + congress_password: {get_param: CongressPassword} + congress::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://congress:' + - {get_param: CongressPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/congress' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + congress::keystone::auth::tenant: 'service' + congress::keystone::auth::password: {get_param: CongressPassword} + congress::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + congress::debug: {get_param: Debug} + congress::rpc_backend: rabbit + congress::rabbit_userid: {get_param: RabbitUserName} + congress::rabbit_password: {get_param: RabbitPassword} + congress::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + congress::rabbit_port: {get_param: RabbitClientPort} + congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]} + + congress::db::mysql::password: {get_param: CongressPassword} + congress::db::mysql::user: congress + congress::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + congress::db::mysql::dbname: congress + congress::db::mysql::allowed_hosts: + - '%' + - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + + + step_config: | + include ::tripleo::profile::base::congress diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index 2aea29fd..23fcb2f6 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -103,12 +103,6 @@ outputs: # internal_api_subnet - > IP/CIDR gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]} gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi' - gnocchi::api::host: - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} gnocchi::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} @@ -134,12 +128,6 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: "PreUpgrade step0,validation: Check service openstack-gnocchi-api is running" - shell: /usr/bin/systemctl show 'openstack-gnocchi-api' --property ActiveState | grep '\bactive\b' - tags: step0,validation - name: Stop gnocchi_api service (running under httpd) tags: step2 service: name=httpd state=stopped - - name: Run gnocchi upgrade - tags: step5 - command: gnocchi-upgrade diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index ff91eb63..bc34b736 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -25,6 +25,10 @@ parameters: MonitoringSubscriptionIronicApi: default: 'overcloud-ironic-api' type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint resources: IronicBase: @@ -73,6 +77,7 @@ outputs: ironic::keystone::auth::auth_name: 'ironic' ironic::keystone::auth::password: {get_param: IronicPassword } ironic::keystone::auth::tenant: 'service' + ironic::keystone::auth::region: {get_param: KeystoneRegion} mysql: ironic::db::mysql::password: {get_param: IronicPassword} ironic::db::mysql::user: ironic diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index a10c03a5..48d87209 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -24,6 +24,14 @@ parameters: "full" for full cleaning, "metadata" to clean only disk metadata (partition table). type: string + IronicCleaningNetwork: + default: 'provisioning' + description: Name or UUID of the *overcloud* network used for cleaning + bare metal nodes. The default value of "provisioning" can be + left during the initial deployment (when no networks are + created yet) and should be changed to an actual UUID in + a post-deployment stack update. + type: string IronicEnabledDrivers: default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo'] description: Enabled Ironic drivers @@ -61,6 +69,7 @@ outputs: - ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase} + ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork} ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers} # We need an endpoint containing a real IP, not a VIP here ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]} diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index b989d502..7da4a9c2 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -313,8 +313,5 @@ outputs: - name: Sync keystone DB tags: step5 command: keystone-manage db_sync - - name: Start keystone service (running under httpd) - tags: step6 - service: name=httpd state=started metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml index ffa969e0..eba8a58b 100644 --- a/puppet/services/memcached.yaml +++ b/puppet/services/memcached.yaml @@ -40,3 +40,11 @@ outputs: dport: 11211 step_config: | include ::tripleo::profile::base::memcached + service_config_settings: + collectd: + tripleo.collectd.plugins.memcached: + - memcached + collectd::plugin::memcached::instances: + local: + host: "%{hiera('memcached::listen_ip')}" + port: 11211 diff --git a/puppet/services/metrics/collectd.yaml b/puppet/services/metrics/collectd.yaml new file mode 100644 index 00000000..e4e7dac7 --- /dev/null +++ b/puppet/services/metrics/collectd.yaml @@ -0,0 +1,111 @@ +heat_template_version: ocata + +description: Collectd client service + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + type: json + CollectdDefaultPlugins: + default: + - disk + - interface + - load + - memory + - processes + - tcpconns + type: comma_delimited_list + description: > + List of collectd plugins to activate on all overcloud hosts. See + the documentation for the puppet-collectd module for a list plugins + supported by the module (https://github.com/voxpupuli/puppet-collectd). + Set this key to override the default list of plugins. Use + CollectdExtraPlugins if you want to load additional plugins without + overriding the defaults. + CollectdExtraPlugins: + default: [] + type: comma_delimited_list + description: > + List of collectd plugins to activate on all overcloud hosts. See + the documentation for the puppet-collectd module for a list plugins + supported by the module (https://github.com/voxpupuli/puppet-collectd). + Set this key to load plugins in addition to those in + CollectdDefaultPlugins. + CollectdServer: + type: string + description: > + Address of remote collectd server to which we will send + metrics. + default: '' + CollectdServerPort: + type: number + default: 25826 + description: > + Port on remote collectd server to which we will send + metrics. + CollectdUsername: + type: string + description: > + Username for authenticating to the remote collectd server. The default + is to not configure any authentication. + default: '' + CollectdPassword: + type: string + hidden: true + description: > + Password for authenticating to the remote collectd server. The + default is to not configure any authentication. + default: '' + CollectdSecurityLevel: + type: string + description: > + Security level setting for remote collectd connection. + default: 'None' + constraints: + - allowed_values: + - None + - Sign + - Encrypt + +outputs: + role_data: + description: Role data for the Collectd client role. + value: + service_name: collectd + config_settings: + collectd::manage_repo: false + collectd::purge: true + collectd::recurse: true + collectd::purge_config: true + collectd::minimum_version: "5.7" + tripleo::profile::base::metrics::collectd::collectd_server: + get_param: CollectdServer + tripleo::profile::base::metrics::collectd::collectd_port: + get_param: CollectdServerPort + tripleo::profile::base::metrics::collectd::collectd_username: + get_param: CollectdUsername + tripleo::profile::base::metrics::collectd::collectd_password: + get_param: CollectdPassword + tripleo::profile::base::metrics::collectd::collectd_securitylevel: + get_param: CollectdSecurityLevel + tripleo.collectd.plugins.collectd: + yaql: + data: + default_plugins: {get_param: CollectdDefaultPlugins} + extra_plugins: {get_param: CollectdExtraPlugins} + expression: > + ($.data.default_plugins + $.data.extra_plugins) + .flatten().distinct() + step_config: | + include ::tripleo::profile::base::metrics::collectd diff --git a/puppet/services/network/contrail-analytics-database.yaml b/puppet/services/network/contrail-analytics-database.yaml new file mode 100644 index 00000000..67341ed3 --- /dev/null +++ b/puppet/services/network/contrail-analytics-database.yaml @@ -0,0 +1,43 @@ +heat_template_version: ocata + +description: > + Contrail Analytics Database service deployment using puppet, this YAML file + creates the interface between the HOT template + and the puppet manifest that actually installs + and configures Contrail Analytics Database. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role Contrail Analytics Database using composable services. + value: + service_name: contrail_analytics_database + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - contrail::analytics::database::host_ip: {get_param: [ServiceNetMap, ContrailAnalyticsDatabaseNetwork]} + step_config: | + include ::tripleo::network::contrail::analyticsdatabase diff --git a/puppet/services/network/contrail-analytics.yaml b/puppet/services/network/contrail-analytics.yaml index ad14d315..e3e0ec4b 100644 --- a/puppet/services/network/contrail-analytics.yaml +++ b/puppet/services/network/contrail-analytics.yaml @@ -21,44 +21,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - ContrailAnalyticsHostIP: - description: host IP address of Analytics - type: string - ContrailAnalyticsRedisServerIp: - description: Redis server ip address - type: string - ContrailAnalyticsCollectorServerHttpPort: - description: Collector http port - type: number - default: 8089 - ContrailAnalyticsCollectorSandeshPort: - description: Collector sandesh port - type: number - default: 8086 - ContrailAnalyticsHttpServerPort: - description: Analytics http port - type: number - default: 8090 - ContrailAnalyticsListenAddress: - default: '0.0.0.0' - description: IP address Config API is listening on - type: string - ContrailAnalyticsListenPort: - default: 8082 - description: Port Config API is listening on - type: number - ContrailAnalyticsRedisServerPort: - description: Redis server port - type: number - default: 6379 - ContrailAnalyticsRestApiIp: - description: IP address Analytics rest interface listens on - type: string - default: '0.0.0.0' - ContrailAnalyticsRestApiPort: - description: Analytics rest port - type: number - default: 8081 resources: ContrailBase: @@ -76,15 +38,14 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::analytics::collector_http_server_port: {get_param: ContrailAnalyticsCollectorServerHttpPort} - contrail::analytics::collector_sandesh_port: {get_param: ContrailAnalyticsCollectorSandeshPort} - contrail::analytics::host_ip: {get_param: ContrailAnalyticsHostIP} - contrail::analytics::http_server_port: {get_param: ContrailAnalyticsHttpServerPort} - contrail::analytics::listen_ip_address: {get_param: ContrailAnalyticsListenAddress} - contrail::analytics::listen_port: {get_param: ContrailAnalyticsListenPort} - contrail::analytics::redis_server: {get_param: ContrailAnalyticsRedisServerIp} - contrail::analytics::redis_server_port: {get_param: ContrailAnalyticsRedisServerPort} - contrail::analytics::rest_api_ip: {get_param: ContrailAnalyticsRestApiIp} - contrail::analytics::rest_api_port: {get_param: ContrailAnalyticsRestApiPort} + - contrail::analytics::collector_http_server_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, port]} + contrail::analytics::collector_sandesh_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, port]} + contrail::analytics::host_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} + contrail::analytics::http_server_port: {get_param: [EndpointMap, ContrailAnalyticsHttpInternal, port]} + contrail::analytics::listen_ip_address: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} + contrail::analytics::redis_server: '127.0.0.1' + contrail::analytics::redis_server_port: {get_param: [EndpointMap, ContrailAnalyticsRedisInternal, port]} + contrail::analytics::rest_api_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} + contrail::analytics::rest_api_port: {get_param: [EndpointMap, ContrailAnalyticsApiInternal, port]} step_config: | include ::tripleo::network::contrail::analytics diff --git a/puppet/services/network/contrail-base.yaml b/puppet/services/network/contrail-base.yaml index b49b2add..bc56a3ca 100644 --- a/puppet/services/network/contrail-base.yaml +++ b/puppet/services/network/contrail-base.yaml @@ -18,47 +18,42 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ContrailAAAMode: + description: AAAmode can be no-auth, cloud-admin or rbac + type: string + default: 'rbac' + ContrailAAAModeAnalytics: + description: AAAmode for analytics can be no-auth, cloud-admin or rbac + type: string + default: 'no-auth' AdminPassword: description: Keystone admin user password type: string + hidden: true AdminTenantName: description: Keystone admin tenant name type: string + default: 'admin' AdminToken: description: Keystone admin token type: string + hidden: true AdminUser: description: Keystone admin user name type: string - AuthHost: - description: Keystone host IP address - type: string - AuthPort: - default: 35357 - description: Keystone port + default: 'admin' + AuthPortSSL: + default: 13357 + description: Keystone SSL port + type: number + AuthPortSSLPublic: + default: 13000 + description: Keystone Public SSL port type: number - AuthProtocol: - default: 'http' - description: Keystone authentication protocol - type: string - ContrailDiscoveryServerIp: - description: Discovery server ip address - type: string - ContrailKafkaBrokerList: - description: List of kafka servers - type: comma_delimited_list ContrailAuth: default: 'keystone' description: Keystone authentication method type: string - ContrailCassandraServerList: - default: [] - description: List of cassandra servers - type: comma_delimited_list - ContrailDiscoveryServerPort: - description: Discovery server port - type: number - default: 5998 ContrailInsecure: default: false description: Keystone insecure mode @@ -67,14 +62,18 @@ parameters: default: '127.0.0.1:12111' description: Memcached server type: string - ContrailMultiTenancy: - default: true - description: Turn on/off multi-tenancy - type: boolean - ContrailZkServerIp: - default: [] - description: List of zookeeper servers - type: comma_delimited_list + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number outputs: role_data: @@ -82,19 +81,23 @@ outputs: value: service_name: contrail_base config_settings: + contrail::aaa_mode: {get_param: ContrailAAAMode} + contrail::analytics_aaa_mode: {get_param: ContrailAAAModeAnalytics} contrail::admin_password: {get_param: AdminPassword} contrail::admin_tenant_name: {get_param: AdminTenantName} contrail::admin_token: {get_param: AdminToken} contrail::admin_user: {get_param: AdminUser} - contrail::auth_host: {get_param: [EndpointMap, KeystoneInternal, host] } - contrail::auth_port: {get_param: [EndpointMap, KeystoneInternal, port] } - contrail::auth_protocol: {get_param: [EndpointMap, KeystoneInternal, protocol] } - contrail::disc_server_ip: {get_param: ContrailDiscoveryServerIp} - contrail::kafka_broker_list: {get_param: ContrailKafkaBrokerList} contrail::auth: {get_param: ContrailAuth} - contrail::cassandra_server_list: {get_param: ContrailCassandraServerList} - contrail::disc_server_port: {get_param: ContrailDiscoveryServerPort} + contrail::auth_host: {get_param: [EndpointMap, KeystonePublic, host] } + contrail::auth_port: {get_param: [EndpointMap, KeystoneAdmin, port] } + contrail::auth_port_ssl: {get_param: AuthPortSSL } + contrail::auth_port_public: {get_param: [EndpointMap, KeystonePublic, port] } + contrail::auth_port_ssl_public: {get_param: AuthPortSSLPublic } + contrail::auth_protocol: {get_param: [EndpointMap, KeystoneInternal, protocol] } + contrail::api_port: {get_param: [EndpointMap, ContrailConfigInternal, port] } + contrail::disc_server_port: {get_param: [EndpointMap, ContrailDiscoveryInternal, port] } contrail::insecure: {get_param: ContrailInsecure} contrail::memcached_server: {get_param: ContrailMemcachedServer} - contrail::multi_tenancy: {get_param: ContrailMultiTenancy} - contrail::zk_server_ip: {get_param: ContrailZkServerIp} + contrail::rabbit_password: {get_param: RabbitPassword} + contrail::rabbit_user: {get_param: RabbitUserName} + contrail::rabbit_port: {get_param: RabbitClientPort} diff --git a/puppet/services/network/contrail-config.yaml b/puppet/services/network/contrail-config.yaml index 03774480..185b6094 100644 --- a/puppet/services/network/contrail-config.yaml +++ b/puppet/services/network/contrail-config.yaml @@ -21,29 +21,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - ContrailConfigIfmapServerIp: - description: Ifmap server ip address - type: string ContrailConfigIfmapUserName: description: Ifmap user name type: string + default: 'api-server' ContrailConfigIfmapUserPassword: description: Ifmap user password type: string - ContrailConfigRabbitServerIp: - description: RabbitMq server ip address - type: string - ContrailConfigRedisServerIp: - description: Redis server ip address - type: string - ContrailConfigListenAddress: - default: '0.0.0.0' - description: IP address Config API is listening on - type: string - ContrailConfigListenPort: - default: 8082 - description: Port Config API is listening on - type: number + default: 'api-server' resources: ContrailBase: @@ -62,11 +47,10 @@ outputs: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - contrail::config::ifmap_password: {get_param: ContrailConfigIfmapUserPassword} - contrail::config::ifmap_server_ip: {get_param: ContrailConfigIfmapServerIp} contrail::config::ifmap_username: {get_param: ContrailConfigIfmapUserName} - contrail::config::listen_ip_address: {get_param: ContrailConfigListenAddress} - contrail::config::listen_port: {get_param: ContrailConfigListenPort} - contrail::config::rabbit_server: {get_param: ContrailConfigRabbitServerIp} - contrail::config::redis_server: {get_param: ContrailConfigRedisServerIp} + contrail::config::listen_ip_address: {get_param: [ServiceNetMap, ContrailConfigNetwork]} + contrail::config::listen_port: {get_param: [EndpointMap, ContrailConfigInternal, port] } + contrail::config::redis_server: '127.0.0.1' + contrail::config::host_ip: {get_param: [ServiceNetMap, ContrailConfigNetwork] } step_config: | include ::tripleo::network::contrail::config diff --git a/puppet/services/network/contrail-control.yaml b/puppet/services/network/contrail-control.yaml index 7c28d283..0964989b 100644 --- a/puppet/services/network/contrail-control.yaml +++ b/puppet/services/network/contrail-control.yaml @@ -21,15 +21,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - ContrailControlHostIP: - description: host IP address of Analytics - type: string - ContrailControlIfmapUserName: - description: Ifmap user name - type: string - ContrailControlIfmapUserPassword: - description: Ifmap user password + ContrailControlASN: + description: Autonomous System Number + type: number + default: 64512 + ContrailControlRNDCSecret: + description: sda1/256 hmac key, e.g. echo -n "values" | openssl dgst -sha256 -hmac key -binary | base64 type: string + hidden: true resources: ContrailBase: @@ -47,8 +46,8 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::control::host_ip: {get_param: ContrailControlHostIP} - contrail::control::ifmap_username: {get_param: ContrailControlIfmapUserName} - contrail::control::ifmap_password: {get_param: ContrailControlIfmapUserPassword} + - contrail::control::asn: {get_param: ContrailControlASN } + contrail::control::host_ip: {get_param: [ServiceNetMap, ContrailControlNetwork]} + contrail::control::rndc_secret: {get_param: ContrailControlRNDCSecret} step_config: | include ::tripleo::network::contrail::control diff --git a/puppet/services/network/contrail-database.yaml b/puppet/services/network/contrail-database.yaml index c56b90a2..b47c2c36 100644 --- a/puppet/services/network/contrail-database.yaml +++ b/puppet/services/network/contrail-database.yaml @@ -21,13 +21,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - ContrailDatabaseHostIP: - description: host IP address of Database node - type: string - ContrailDatabaseMinDisk: - description: Minimum disk size for database - type: number - default: 64 resources: ContrailBase: @@ -45,7 +38,6 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::database::host_ip: {get_param: ContrailDatabaseHostIP} - contrail::database::minimum_diskGB: {get_param: ContrailDatabaseMinDisk} + - contrail::database::host_ip: {get_param: [ServiceNetMap, ContrailDatabaseNetwork]} step_config: | - include ::tripleo::profile::contrail::database + include ::tripleo::network::contrail::database diff --git a/puppet/services/network/contrail-heat.yaml b/puppet/services/network/contrail-heat.yaml new file mode 100644 index 00000000..4dfc6579 --- /dev/null +++ b/puppet/services/network/contrail-heat.yaml @@ -0,0 +1,40 @@ +heat_template_version: ocata + +description: > + Contrail Heat plugin adds Contrail specific heat resources enabling heat + to orchestrate Contrail + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Contrail Heat plugin + value: + service_name: contrail_heat + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + step_config: | + include ::tripleo::network::contrail::heat diff --git a/puppet/services/network/contrail-neutron-plugin.yaml b/puppet/services/network/contrail-neutron-plugin.yaml new file mode 100644 index 00000000..2f2ceb37 --- /dev/null +++ b/puppet/services/network/contrail-neutron-plugin.yaml @@ -0,0 +1,45 @@ +heat_template_version: ocata + +description: > + OpenStack Neutron Opencontrail plugin + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ContrailExtensions: + description: List of OpenContrail extensions to be enabled + type: comma_delimited_list + default: '' + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron Opencontrail plugin + value: + service_name: contrail_neutron_plugin + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions + contrail::vrouter::contrail_extensions: {get_param: ContrailExtensions} + step_config: | + include tripleo::network::contrail::neutron_plugin diff --git a/puppet/services/neutron-compute-plugin-opencontrail.yaml b/puppet/services/network/contrail-provision.yaml index bbe4a051..765be9a9 100644 --- a/puppet/services/neutron-compute-plugin-opencontrail.yaml +++ b/puppet/services/network/contrail-provision.yaml @@ -1,7 +1,7 @@ heat_template_version: ocata description: > - OpenStack Neutron Compute OpenContrail plugin + Provision Contrail services after deployment parameters: ServiceNetMap: @@ -19,11 +19,21 @@ parameters: via parameter_defaults in the resource registry. type: json +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + outputs: role_data: - description: Role data for the Neutron Compute OpenContrail plugin + description: Contrail provisioning role value: - service_name: neutron_compute_plugin_opencontrail + service_name: contrail_provision config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] step_config: | - include ::tripleo::profile::base::neutron::opencontrail::vrouter + include ::tripleo::network::contrail::provision diff --git a/puppet/services/network/contrail-tsn.yaml b/puppet/services/network/contrail-tsn.yaml new file mode 100644 index 00000000..88adc4a5 --- /dev/null +++ b/puppet/services/network/contrail-tsn.yaml @@ -0,0 +1,64 @@ +heat_template_version: ocata + +description: > + Contrail TSN Service + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronMetadataProxySharedSecret: + description: Metadata Secret + type: string + VrouterPhysicalInterface: + default: 'eth0' + description: vRouter physical interface + type: string + VrouterGateway: + default: '192.168.24.1' + description: vRouter default gateway + type: string + VrouterNetmask: + default: '255.255.255.0' + description: vRouter netmask + type: string + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Contrail TSN Service + value: + service_name: contrail_tsn + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]} + contrail::vrouter::physical_interface: {get_param: VrouterPhysicalInterface} + contrail::vrouter::gateway: {get_param: VrouterGateway} + contrail::vrouter::netmask: {get_param: VrouterNetmask} + contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + contrail::vrouter::is_tsn: 'true' + tripleo.neutron_compute_plugin_opencontrail.firewall_rules: + '111 neutron_compute_plugin_opencontrail proxy': + dport: 8097 + proto: tcp + step_config: | + include ::tripleo::network::contrail::vrouter diff --git a/puppet/services/network/contrail-vrouter.yaml b/puppet/services/network/contrail-vrouter.yaml new file mode 100644 index 00000000..db9f0836 --- /dev/null +++ b/puppet/services/network/contrail-vrouter.yaml @@ -0,0 +1,64 @@ +heat_template_version: ocata + +description: > + OpenStack Neutron Compute OpenContrail plugin + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronMetadataProxySharedSecret: + description: Metadata Secret + type: string + hidden: true + ContrailVrouterPhysicalInterface: + default: 'eth0' + description: vRouter physical interface + type: string + ContrailVrouterGateway: + default: '192.0.2.1' + description: vRouter default gateway + type: string + ContrailVrouterNetmask: + default: '255.255.255.0' + description: vRouter netmask + type: string + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron Compute OpenContrail plugin + value: + service_name: contrail_vrouter + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]} + contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface} + contrail::vrouter::gateway: {get_param: ContrailVrouterGateway} + contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask} + contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + tripleo.neutron_compute_plugin_opencontrail.firewall_rules: + '111 neutron_compute_plugin_opencontrail proxy': + dport: 8097 + proto: tcp + step_config: | + include ::tripleo::network::contrail::vrouter diff --git a/puppet/services/network/contrail-webui.yaml b/puppet/services/network/contrail-webui.yaml index 72cc6fa5..3786cdd1 100644 --- a/puppet/services/network/contrail-webui.yaml +++ b/puppet/services/network/contrail-webui.yaml @@ -21,27 +21,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - ContrailWebUiAnalyticsVip: - description: Contrail Analytics VIP - type: string - ContrailWebUiConfigVip: - description: Contrail Config VIP - type: string - ContrailWebUiNeutronVip: - description: Neutron VIP - type: string - ContrailWebuiHttpPort: - default: 8080 - description: HTTP Port of Webui - type: number - ContrailWebuiHttpsPort: - default: 8143 - description: HTTPS Port of Webui - type: number - ContrailWebUiRedisIp: - description: Redis IP - type: string - default: '127.0.0.1' resources: ContrailBase: @@ -59,11 +38,8 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::webui::contrail_analytics_vip: {get_param: ContrailWebUiAnalyticsVip} - contrail::webui::contrail_config_vip: {get_param: ContrailWebUiConfigVip} - contrail::webui::contrail_webui_http_port: {get_param: ContrailWebuiHttpPort} - contrail::webui::contrail_webui_https_port: {get_param: ContrailWebuiHttpsPort} - contrail::webui::neutron_vip: {get_param: ContrailWebUiNeutronVip} - contrail::webui::redis_ip: {get_param: ContrailWebUiRedisIp} + - contrail::webui::http_port: {get_param: [EndpointMap, ContrailWebuiHttpInternal, port] } + contrail::webui::https_port: {get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] } + contrail::webui::redis_ip: '127.0.0.1' step_config: | include ::tripleo::network::contrail::webui diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index 71a0076f..3abd04f3 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -60,12 +60,6 @@ parameters: default: 'vxlan' description: The tenant network type for Neutron. type: comma_delimited_list - NeutronSupportedPCIVendorDevs: - description: | - List of supported pci vendor devices in the format VendorID:ProductID. - By default Intel & Mellanox SR-IOV capable NICs are supported. - type: comma_delimited_list - default: ['15b3:1004','8086:10ca'] resources: NeutronBase: @@ -91,7 +85,6 @@ outputs: neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges} neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges} neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType} - neutron::plugins::ml2::supported_pci_vendor_devs: {get_param: NeutronSupportedPCIVendorDevs} step_config: | include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/neutron-plugin-opencontrail.yaml b/puppet/services/neutron-plugin-opencontrail.yaml deleted file mode 100644 index 976e5f19..00000000 --- a/puppet/services/neutron-plugin-opencontrail.yaml +++ /dev/null @@ -1,74 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Neutron Opencontrail plugin - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - AdminPassword: - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - AdminToken: - description: The keystone auth secret and db password. - type: string - hidden: true - ContrailApiServerIp: - description: IP address of the OpenContrail API server - type: string - ContrailApiServerPort: - description: Port of the OpenContrail API - type: string - default: 8082 - ContrailMultiTenancy: - description: Whether to enable multi tenancy - type: boolean - default: false - ContrailExtensions: - description: List of OpenContrail extensions to be enabled - type: comma_delimited_list - default: '' - -resources: - - NeutronBase: - type: ./neutron-base.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron Opencontrail plugin - value: - service_name: neutron_plugin_opencontrail - config_settings: - map_merge: - - get_attr: [NeutronBase, role_data, config_settings] - - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions,/usr/lib/python2.7/site-packages/neutron_lbaas/extensions - - neutron::plugins::opencontrail::api_server_ip: {get_param: ContrailApiServerIp} - neutron::plugins::opencontrail::api_server_port: {get_param: ContrailApiServerPort} - neutron::plugins::opencontrail::multi_tenancy: {get_param: ContrailMultiTenancy} - neutron::plugins::opencontrail::contrail_extensions: {get_param: ContrailExtensions} - neutron::plugins::opencontrail::keystone_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri] } - neutron::plugins::opencontrail::keystone_admin_user: admin - neutron::plugins::opencontrail::keystone_admin_tenant_name: admin - neutron::plugins::opencontrail::keystone_admin_password: {get_param: AdminPassword} - neutron::plugins::opencontrail::keystone_admin_token: {get_param: AdminToken} - step_config: | - include tripleo::profile::base::neutron::plugins::opencontrail diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 892e63dd..0c5f3afe 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -63,13 +63,15 @@ conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} resources: - ApacheServiceBase: - type: ./apache.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - EnableInternalTLS: {get_param: EnableInternalTLS} + # Temporarily disable Nova API deployed in WSGI + # https://bugs.launchpad.net/nova/+bug/1661360 + # ApacheServiceBase: + # type: ./apache.yaml + # properties: + # ServiceNetMap: {get_param: ServiceNetMap} + # DefaultPasswords: {get_param: DefaultPasswords} + # EndpointMap: {get_param: EndpointMap} + # EnableInternalTLS: {get_param: EnableInternalTLS} NovaBase: type: ./nova-base.yaml @@ -90,7 +92,9 @@ outputs: config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] - - get_attr: [ApacheServiceBase, role_data, config_settings] + # Temporarily disable Nova API deployed in WSGI + # https://bugs.launchpad.net/nova/+bug/1661360 + # - get_attr: [ApacheServiceBase, role_data, config_settings] - nova::cron::archive_deleted_rows::hour: '*/12' nova::cron::archive_deleted_rows::destination: '/dev/null' tripleo.nova_api.firewall_rules: @@ -115,20 +119,23 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} - nova::api::service_name: 'httpd' - nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} + # Temporarily disable Nova API deployed in WSGI + # https://bugs.launchpad.net/nova/+bug/1661360 + nova_wsgi_enabled: false + # nova::api::service_name: 'httpd' + # nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} - nova::wsgi::apache_api::servername: - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} + # nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} + # nova::wsgi::apache_api::servername: + # str_replace: + # template: + # "%{hiera('fqdn_$NETWORK')}" + # params: + # $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} nova::api::instance_name_template: {get_param: InstanceNameTemplate} nova_enable_db_purge: {get_param: NovaEnableDBPurge} @@ -137,7 +144,9 @@ outputs: - nova_workers_zero - {} - nova::api::osapi_compute_workers: {get_param: NovaWorkers} - nova::wsgi::apache_api::workers: {get_param: NovaWorkers} + # Temporarily disable Nova API deployed in WSGI + # https://bugs.launchpad.net/nova/+bug/1661360 + # nova::wsgi::apache_api::workers: {get_param: NovaWorkers} step_config: | include tripleo::profile::base::nova::api service_config_settings: @@ -165,5 +174,7 @@ outputs: nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} nova::keystone::auth::password: {get_param: NovaPassword} nova::keystone::auth::region: {get_param: KeystoneRegion} - metadata_settings: - get_attr: [ApacheServiceBase, role_data, metadata_settings] + # Temporarily disable Nova API deployed in WSGI + # https://bugs.launchpad.net/nova/+bug/1661360 + # metadata_settings: + # get_attr: [ApacheServiceBase, role_data, metadata_settings] diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index c448bf49..49cba79c 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -145,8 +145,6 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" nova::api_database_connection: list_join: - '' @@ -156,8 +154,6 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_api' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" nova::placement_database_connection: list_join: - '' @@ -167,8 +163,6 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_placement' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" nova::debug: {get_param: Debug} nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 2312b635..f7484da2 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -141,3 +141,8 @@ outputs: # We'll probably treat it like we do with Neutron plugins. # Until then, just include it in the default nova-compute role. include tripleo::profile::base::nova::compute::libvirt + service_config_settings: + collectd: + tripleo.collectd.plugins.nova_compute: + - virt + collectd::plugins::virt::connection: "qemu:///system" diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index a9b2b3f9..faf1ae48 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -62,6 +62,7 @@ outputs: nova::compute::libvirt::qemu::configure_qemu: true nova::compute::libvirt::qemu::max_files: 32768 nova::compute::libvirt::qemu::max_processes: 131072 + nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} tripleo.nova_libvirt.firewall_rules: '200 nova_libvirt': dport: diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml index 4c6f4c37..58223baf 100644 --- a/puppet/services/octavia-api.yaml +++ b/puppet/services/octavia-api.yaml @@ -70,13 +70,15 @@ outputs: - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} octavia::keystone::authtoken::project_name: 'service' + octavia::keystone::authtoken::password: {get_param: OctaviaPassword} octavia::api::sync_db: true tripleo.octavia_api.firewall_rules: '120 octavia api': dport: - 9876 - 13876 - octavia::host: {get_param: [ServiceNetMap, OctaviaApiNetwork]} + octavia::api::host: {get_param: [ServiceNetMap, OctaviaApiNetwork]} + neutron::server::service_providers: ['LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default'] step_config: | include tripleo::profile::base::octavia::api service_config_settings: diff --git a/puppet/services/octavia-health-manager.yaml b/puppet/services/octavia-health-manager.yaml new file mode 100644 index 00000000..51d32f23 --- /dev/null +++ b/puppet/services/octavia-health-manager.yaml @@ -0,0 +1,61 @@ +heat_template_version: ocata + +description: > + OpenStack Octavia Health Manager service. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionOctaviaHealthManager: + default: 'overcloud-octavia-health-manager' + type: string + OctaviaHealthManagerLoggingSource: + type: json + default: + tag: openstack.octavia.health-manager + path: /var/log/octavia/health-manager.log + OctaviaHeartbeatKey: + type: string + description: Key to identify heartbeat messages for amphorae. + hidden: true + +resources: + + OctaviaBase: + type: ./octavia-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Octavia Health Manager service. + value: + service_name: octavia_health_manager + monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHealthManager} + logging_source: {get_param: OctaviaHealthManagerLoggingSource} + logging_groups: + - octavia + config_settings: + map_merge: + - get_attr: [OctaviaBase, role_data, config_settings] + - octavia::health_manager::heartbeat_key: {get_param: OctaviaHeartbeatKey} + octavia::health_manager::event_streamer_driver: 'queue_event_streamer' + step_config: | + include tripleo::profile::base::octavia::health_manager + + + diff --git a/puppet/services/octavia-housekeeping.yaml b/puppet/services/octavia-housekeeping.yaml new file mode 100644 index 00000000..84c33433 --- /dev/null +++ b/puppet/services/octavia-housekeeping.yaml @@ -0,0 +1,70 @@ +heat_template_version: ocata + +description: > + OpenStack Octavia Housekeeping service. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + OctaviaAmphoraExpiryAge: + default: 0 + description: The interval in seconds after which an unused Amphora will + be considered expired and cleaned up. If left to 0, the + configuration will not be set and the system will use + the service defaults. + type: number + MonitoringSubscriptionOctaviaHousekeeping: + default: 'overcloud-octavia-housekeeping' + type: string + OctaviaHousekeepingLoggingSource: + type: json + default: + tag: openstack.octavia.housekeeping + path: /var/log/octavia/housekeeping.log + +conditions: + amphora_expiry_is_zero: {equals: [{get_param: OctaviaAmphoraExpiryAge}, 0]} + + +resources: + + OctaviaBase: + type: ./octavia-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Octavia Housekeeping service. + value: + service_name: octavia_housekeeping + monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHousekeeping} + logging_source: {get_param: OctaviaHousekeepingLoggingSource} + logging_groups: + - octavia + config_settings: + map_merge: + - get_attr: [OctaviaBase, role_data, config_settings] + - + if: + - amphora_expiry_is_zero + - {} + - octavia::worker::amphora_expiry_age: {get_param: OctaviaAmphoraExpiryAge} + step_config: | + include tripleo::profile::base::octavia::housekeeping + + diff --git a/puppet/services/octavia-worker.yaml b/puppet/services/octavia-worker.yaml new file mode 100644 index 00000000..9212b76b --- /dev/null +++ b/puppet/services/octavia-worker.yaml @@ -0,0 +1,102 @@ +heat_template_version: ocata + +description: > + OpenStack Octavia Worker service. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionOctaviaWorker: + default: 'overcloud-octavia-worker' + type: string + OctaviaWorkerLoggingSource: + type: json + default: + tag: openstack.octavia.worker + path: /var/log/octavia/worker.log + OctaviaAmphoraImageTag: + default: '' + description: Glance image tag for identifying the amphora image. + type: string + OctaviaAmphoraNetworkList: + default: [] + description: List of networks to attach to amphorae. + type: comma_delimited_list + OctaviaLoadBalancerTopology: + default: '' + description: Load balancer topology configuration. + type: string + OctaviaFlavorId: + default: 65 + description: Nova flavor ID to be used when creating the nova flavor for + amphora. + type: number + OctaviaFlavorProperties: + default: {} + description: Dictionary describing the nova flavor for amphora. + type: json + OctaviaManageNovaFlavor: + default: false + description: Configure the nova flavor for the amphora. + type: boolean + OctaviaSSHKeyName: + default: 'octavia-ssh-key' + description: name for ssh key to be configured so the amphora can + be logged into. + type: string + +conditions: + octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]} + octavia_amphora_tag_unset: {equals: [{get_param: OctaviaAmphoraImageTag}, ""]} + +resources: + + OctaviaBase: + type: ./octavia-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Octavia WoWorker service. + value: + service_name: octavia_worker + monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaWorker} + logging_source: {get_param: OctaviaWorkerLoggingSource} + logging_groups: + -octavia + config_settings: + map_merge: + - get_attr: [OctaviaBase, role_data, config_settings] + - octavia::worker::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList} + octavia::worker::amp_flavor_id: {get_param: OctaviaFlavorId} + octavia::worker::nova_flavor_config: {get_param: OctaviaFlavorProperties} + octavia::worker::manage_nova_flavor: {get_param: OctaviaManageNovaFlavor} + octavia::worker::ssh_key_name: {get_param: OctaviaSSHKeyName} + - + if: + - octavia_amphora_tag_unset + - {} + - octavia::worker::amp_image_tag: {get_param: OctaviaAmphoraImageTag} + - + if: + - octavia_topology_unset + - {} + - octavia::worker::loadbalancer_topology: {get_param: OctaviaLoadBalancerTopology} + step_config: | + include tripleo::profile::base::octavia::worker + diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index a8a9fb99..ca21cfbe 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -39,6 +39,12 @@ parameters: description: The password for the 'pcsd' user for pacemaker. hidden: true default: '' + CorosyncSettleTries: + type: number + description: Number of tries for cluster settling. This has the + same default as the pacemaker puppet module. Override + to a smaller value when in need to replace a controller node. + default: 360 FencingConfig: default: {} description: | @@ -81,6 +87,10 @@ parameters: \[(?<pid>[^ ]*)\] (?<host>[^ ]*) (?<message>.*)$/ + PacemakerResources: + type: comma_delimited_list + description: List of resources managed by pacemaker + default: ['rabbitmq','haproxy'] outputs: role_data: @@ -97,6 +107,7 @@ outputs: pacemaker::resource_defaults::defaults: resource-stickiness: { value: INFINITY } corosync_token_timeout: 10000 + pacemaker::corosync::settle_tries: {get_param: CorosyncSettleTries} tripleo.pacemaker.firewall_rules: '130 pacemaker tcp': proto: 'tcp' @@ -120,3 +131,17 @@ outputs: tripleo::profile::base::pacemaker::remote_authkey: {get_param: PacemakerRemoteAuthkey} step_config: | include ::tripleo::profile::base::pacemaker + upgrade_tasks: + - name: Check pacemaker cluster running before upgrade + tags: step0,validation + pacemaker_cluster: state=online check_and_fail=true + - name: Stop pacemaker cluster + tags: step1 + pacemaker_cluster: state=offline + - name: Start pacemaker cluster + tags: step4 + pacemaker_cluster: state=online + - name: Check pacemaker resource + tags: step4 + pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=200 + with_items: {get_param: PacemakerResources} diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 62d227a2..31a4c178 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -57,6 +57,12 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string conditions: @@ -91,6 +97,7 @@ outputs: swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} swift::proxy::ceilometer::nonblocking_notify: true tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort} + tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RabbitClientUseSSL} tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled} tripleo.swift_proxy.firewall_rules: '122 swift proxy': diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml new file mode 100644 index 00000000..5cf09a6d --- /dev/null +++ b/puppet/services/tacker.yaml @@ -0,0 +1,91 @@ +heat_template_version: ocata + +description: > + OpenStack Tacker service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + TackerPassword: + description: The password for the tacker service account. + type: string + hidden: true + Debug: + type: string + default: '' + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +outputs: + role_data: + description: Role data for the Tacker role. + value: + service_name: tacker + config_settings: + tacker_password: {get_param: TackerPassword} + tacker::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://tacker:' + - {get_param: TackerPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/tacker' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + + tacker::keystone::auth::tenant: 'service' + tacker::keystone::auth::password: {get_param: TackerPassword} + tacker::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + tacker::debug: {get_param: Debug} + tacker::rpc_backend: rabbit + tacker::rabbit_userid: {get_param: RabbitUserName} + tacker::rabbit_password: {get_param: RabbitPassword} + tacker::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + tacker::rabbit_port: {get_param: RabbitClientPort} + tacker::server::bind_host: {get_param: [ServiceNetMap, TackerApiNetwork]} + + tacker::db::mysql::password: {get_param: TackerPassword} + tacker::db::mysql::user: tacker + tacker::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + tacker::db::mysql::dbname: tacker + tacker::db::mysql::allowed_hosts: + - '%' + - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + + + step_config: | + include ::tripleo::profile::base::tacker |