aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/all-nodes-config.yaml7
-rw-r--r--puppet/ceph-cluster-config.yaml3
-rw-r--r--puppet/ceph-storage.yaml1
-rw-r--r--puppet/cinder-storage.yaml1
-rw-r--r--puppet/compute.yaml1
-rw-r--r--puppet/controller-post.yaml24
-rw-r--r--puppet/controller.yaml273
-rw-r--r--puppet/extraconfig/tls/tls-cert-inject.yaml8
-rw-r--r--puppet/hieradata/compute.yaml2
-rw-r--r--puppet/hieradata/controller.yaml18
-rw-r--r--puppet/manifests/overcloud_controller.pp73
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp494
-rw-r--r--puppet/services/glance-api.yaml102
-rw-r--r--puppet/services/glance-registry.yaml48
-rw-r--r--puppet/services/neutron-base.yaml44
-rw-r--r--puppet/services/neutron-dhcp.yaml56
-rw-r--r--puppet/services/neutron-l3.yaml37
-rw-r--r--puppet/services/neutron-metadata.yaml45
-rw-r--r--puppet/services/pacemaker/glance-api.yaml62
-rw-r--r--puppet/services/pacemaker/glance-registry.yaml36
-rw-r--r--puppet/services/pacemaker/keystone.yaml4
-rw-r--r--puppet/services/pacemaker/neutron-dhcp.yaml35
-rw-r--r--puppet/services/pacemaker/neutron-l3.yaml33
-rw-r--r--puppet/services/pacemaker/neutron-metadata.yaml33
-rw-r--r--puppet/services/pacemaker/rabbitmq.yaml32
-rw-r--r--puppet/services/rabbitmq.yaml42
-rw-r--r--puppet/swift-storage-post.yaml5
-rw-r--r--puppet/swift-storage.yaml1
28 files changed, 811 insertions, 709 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index 90eb1b09..b065ddd2 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -67,6 +67,12 @@ parameters:
description: >
Setting to a previously unused value during stack-update will trigger
package update on all nodes
+ StackAction:
+ type: string
+ description: >
+ Heat action on performed top-level stack.
+ constraints:
+ - allowed_values: ['CREATE', 'UPDATE']
resources:
@@ -303,6 +309,7 @@ resources:
deploy_identifier: {get_param: DeployIdentifier}
update_identifier: {get_param: UpdateIdentifier}
+ stack_action: {get_param: StackAction}
outputs:
config_id:
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml
index 6c6be473..fd161886 100644
--- a/puppet/ceph-cluster-config.yaml
+++ b/puppet/ceph-cluster-config.yaml
@@ -94,7 +94,7 @@ resources:
cap_mon: 'allow profile bootstrap-osd'
},
client.CLIENT_USER: {
- secret: 'ADMIN_KEY',
+ secret: 'CLIENT_KEY',
mode: '0644',
cap_mon: 'allow r',
cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
@@ -102,6 +102,7 @@ resources:
}"
params:
CLIENT_USER: {get_param: CephClientUserName}
+ CLIENT_KEY: {get_param: ceph_client_key}
ADMIN_KEY: {get_param: ceph_admin_key}
NOVA_POOL: {get_param: NovaRbdPoolName}
CINDER_POOL: {get_param: CinderRbdPoolName}
diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml
index f26d07f7..f0eb71e4 100644
--- a/puppet/ceph-storage.yaml
+++ b/puppet/ceph-storage.yaml
@@ -256,6 +256,7 @@ resources:
- ceph
- '"%{::osfamily}"'
- common
+ merge_behavior: deeper
datafiles:
common:
raw_data: {get_file: hieradata/common.yaml}
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index 5b61e0b6..c1a04e24 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -316,6 +316,7 @@ resources:
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- common
+ merge_behavior: deeper
datafiles:
common:
raw_data: {get_file: hieradata/common.yaml}
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index 6759d3b9..4c18067a 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -486,6 +486,7 @@ resources:
- nova_nuage_data # Optionally provided by ComputeExtraConfigPre
- midonet_data # Optionally provided by AllNodesExtraConfig
- neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre
+ merge_behavior: deeper
datafiles:
compute_extraconfig:
mapped_data: {get_param: NovaComputeExtraConfig}
diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml
index 80b08a06..705e4b90 100644
--- a/puppet/controller-post.yaml
+++ b/puppet/controller-post.yaml
@@ -102,31 +102,9 @@ resources:
step: 5
update_identifier: {get_param: NodeConfigIdentifiers}
- ControllerOvercloudServicesDeployment_Step6:
- type: OS::Heat::StructuredDeployments
- depends_on: ControllerOvercloudServicesDeployment_Step5
- properties:
- name: ControllerOvercloudServicesDeployment_Step6
- servers: {get_param: servers}
- config: {get_resource: ControllerPuppetConfig}
- input_values:
- step: 6
- update_identifier: {get_param: NodeConfigIdentifiers}
-
- ControllerOvercloudServicesDeployment_Step7:
- type: OS::Heat::StructuredDeployments
- depends_on: ControllerOvercloudServicesDeployment_Step6
- properties:
- name: ControllerOvercloudServicesDeployment_Step7
- servers: {get_param: servers}
- config: {get_resource: ControllerPuppetConfig}
- input_values:
- step: 7
- update_identifier: {get_param: NodeConfigIdentifiers}
-
ControllerPostPuppet:
type: OS::TripleO::Tasks::ControllerPostPuppet
- depends_on: ControllerOvercloudServicesDeployment_Step7
+ depends_on: ControllerOvercloudServicesDeployment_Step5
properties:
servers: {get_param: servers}
input_values:
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 56eb8b96..05556ffb 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-10-15
+heat_template_version: 2016-04-08
description: >
OpenStack controller node configured by Puppet.
@@ -97,6 +97,11 @@ parameters:
default: 0
description: Number of workers for Cinder service.
type: number
+ controllerExtraConfig:
+ default: {}
+ description: |
+ Deprecated. Use ControllerExtraConfig via parameter_defaults instead.
+ type: json
ControllerExtraConfig:
default: {}
description: |
@@ -186,49 +191,6 @@ parameters:
type: string
constraints:
- custom_constraint: nova.flavor
- GlanceNotifierStrategy:
- description: Strategy to use for Glance notification queue
- type: string
- default: noop
- GlanceLogFile:
- description: The filepath of the file to use for logging messages from Glance.
- type: string
- default: ''
- GlancePassword:
- description: The password for the glance service and db account, used by the glance services.
- type: string
- hidden: true
- GlanceBackend:
- default: swift
- description: The short name of the Glance backend to use. Should be one
- of swift, rbd, or file
- type: string
- constraints:
- - allowed_values: ['swift', 'file', 'rbd']
- GlanceFilePcmkDevice:
- default: ''
- description: >
- An exported storage device that should be mounted by Pacemaker
- as Glance storage. Effective when GlanceFilePcmkManage is true.
- type: string
- GlanceFilePcmkFstype:
- default: 'nfs'
- description: >
- Filesystem type for Pacemaker mount used as Glance storage.
- Effective when GlanceFilePcmkManage is true.
- type: string
- GlanceFilePcmkManage:
- default: false
- description: >
- Whether to make Glance file backend a mount managed by Pacemaker.
- Effective when GlanceBackend is 'file'.
- type: boolean
- GlanceFilePcmkOptions:
- default: ''
- description: >
- Mount options for Pacemaker mount used as Glance storage.
- Effective when GlanceFilePcmkManage is true.
- type: string
GnocchiBackend:
default: file
description: The short name of the Gnocchi backend to use. Should be one
@@ -258,10 +220,6 @@ parameters:
default: /dev/log
description: Syslog address where HAproxy will send its log
type: string
- GlanceWorkers:
- default: 0
- description: Number of workers for Glance service.
- type: number
HeatPassword:
description: The password for the Heat service and db account, used by the Heat services.
type: string
@@ -356,10 +314,6 @@ parameters:
type: string
hidden: true
default: '' # Has to be here because of the ignored empty value bug
- NeutronExternalNetworkBridge:
- description: Name of bridge used for external network traffic.
- type: string
- default: 'br-ex'
NeutronBridgeMappings:
description: >
The OVS logical->physical bridge mappings to use. See the Neutron
@@ -370,22 +324,6 @@ parameters:
scripts or be sure to keep 'datacentre' as a mapping network name.
type: comma_delimited_list
default: "datacentre:br-ex"
- NeutronDnsmasqOptions:
- default: 'dhcp-option-force=26,1400'
- description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead.
- type: string
- NeutronEnableDHCPAgent:
- description: Knob to enable/disable DHCP Agent
- type: boolean
- default: true
- NeutronEnableL3Agent:
- description: Knob to enable/disable L3 agent
- type: boolean
- default: true
- NeutronEnableMetadataAgent:
- description: Knob to enable/disable Metadata agent
- type: boolean
- default: true
NeutronEnableOVSAgent:
description: Knob to enable/disable OVS Agent
type: boolean
@@ -398,10 +336,6 @@ parameters:
default: 'False'
description: Whether to enable l3-agent HA
type: string
- NeutronDhcpAgentsPerNetwork:
- type: number
- default: 3
- description: The number of neutron dhcp agents to schedule per network
NeutronDVR:
default: 'False'
description: Whether to configure Neutron Distributed Virtual Routers
@@ -436,10 +370,6 @@ parameters:
default: 'True'
description: Allow automatic l3-agent failover
type: string
- NeutronEnableIsolatedMetadata:
- default: 'False'
- description: If True, DHCP provide metadata route to VM.
- type: string
NeutronEnableTunnelling:
type: string
default: "True"
@@ -604,14 +534,6 @@ parameters:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
- RabbitFDLimit:
- default: 16384
- description: Configures RabbitMQ FD limit
- type: string
- RabbitIPv6:
- default: false
- description: Enable IPv6 in RabbitMQ
- type: boolean
RedisPassword:
type: string
description: The password to access the Redis service
@@ -685,12 +607,6 @@ parameters:
HeatApiVirtualIPUri:
type: string
default: ''
- GlanceApiVirtualIP:
- type: string
- default: ''
- GlanceRegistryVirtualIP:
- type: string
- default: ''
MysqlVirtualIP:
type: string
default: ''
@@ -762,6 +678,12 @@ parameters:
type: json
default: {}
+parameter_groups:
+- label: deprecated
+ description: Do not use deprecated params, they will be removed.
+ parameters:
+ - controllerExtraConfig
+
resources:
Controller:
@@ -922,14 +844,12 @@ resources:
bootstack_nodeid: {get_attr: [Controller, name]}
ceilometer_workers: {get_param: CeilometerWorkers}
cinder_workers: {get_param: CinderWorkers}
- glance_workers: {get_param: GlanceWorkers}
heat_workers: {get_param: HeatWorkers}
nova_workers: {get_param: NovaWorkers}
neutron_workers: {get_param: NeutronWorkers}
swift_workers: {get_param: SwiftWorkers}
neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
- neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
haproxy_log_address: {get_param: HAProxySyslogAddress}
haproxy_stats_password: {get_param: HAProxyStatsPassword}
haproxy_stats_user: {get_param: HAProxyStatsUser}
@@ -951,6 +871,9 @@ resources:
- - 'http://'
- {get_param: HeatApiVirtualIPUri}
- ':8000/v1/waitcondition'
+ heat_public_url: {get_param: [EndpointMap, HeatPublic, uri]}
+ heat_internal_url: {get_param: [EndpointMap, HeatInternal, uri]}
+ heat_admin_url: {get_param: [EndpointMap, HeatAdmin, uri]}
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
heat_enable_db_purge: {get_param: HeatEnableDBPurge}
horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
@@ -980,23 +903,12 @@ resources:
- '@'
- {get_param: MysqlVirtualIPUri}
- '/cinder'
- glance_port: {get_param: [EndpointMap, GlanceInternal, port]}
- glance_password: {get_param: GlancePassword}
- glance_backend: {get_param: GlanceBackend}
- glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
- glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
- glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
- glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
- glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
- glance_log_file: {get_param: GlanceLogFile}
- glance_dsn:
- list_join:
- - ''
- - - 'mysql+pymysql://glance:'
- - {get_param: GlancePassword}
- - '@'
- - {get_param: MysqlVirtualIPUri}
- - '/glance'
+ cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]}
+ cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]}
+ cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]}
+ cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]}
+ cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]}
+ cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]}
heat_password: {get_param: HeatPassword}
heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
heat_dsn:
@@ -1044,9 +956,6 @@ resources:
template: DRIVERS
params:
DRIVERS: {get_param: NeutronTypeDrivers}
- neutron_enable_dhcp_agent: {get_param: NeutronEnableDHCPAgent}
- neutron_enable_l3_agent: {get_param: NeutronEnableL3Agent}
- neutron_enable_metadata_agent: {get_param: NeutronEnableMetadataAgent}
neutron_enable_ovs_agent: {get_param: NeutronEnableOVSAgent}
neutron_mechanism_drivers:
str_replace:
@@ -1055,7 +964,6 @@ resources:
MECHANISMS: {get_param: NeutronMechanismDrivers}
neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
neutron_l3_ha: {get_param: NeutronL3HA}
- neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
neutron_network_vlan_ranges:
str_replace:
template: RANGES
@@ -1066,7 +974,6 @@ resources:
template: MAPPINGS
params:
MAPPINGS: {get_param: NeutronBridgeMappings}
- neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge}
neutron_public_interface: {get_param: NeutronPublicInterface}
neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute}
@@ -1103,7 +1010,6 @@ resources:
AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions}
neutron_password: {get_param: NeutronPassword}
neutron_tenant_mtu: {get_param: NeutronTenantMtu}
- neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
neutron_dsn:
list_join:
- ''
@@ -1122,6 +1028,9 @@ resources:
ceilometer_password: {get_param: CeilometerPassword}
ceilometer_store_events: {get_param: CeilometerStoreEvents}
aodh_password: {get_param: AodhPassword}
+ aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] }
+ aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] }
+ aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] }
ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher}
gnocchi_password: {get_param: GnocchiPassword}
gnocchi_backend: {get_param: GnocchiBackend}
@@ -1151,6 +1060,11 @@ resources:
- {get_param: MysqlVirtualIPUri}
- '/gnocchi'
gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]}
+ gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
+ gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] }
+ ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]}
+ ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]}
+ ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]}
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
@@ -1176,6 +1090,9 @@ resources:
- '/nova_api'
upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
instance_name_template: {get_param: InstanceNameTemplate}
+ nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]}
+ nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]}
+ nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
rabbit_username: {get_param: RabbitUserName}
@@ -1183,8 +1100,6 @@ resources:
rabbit_cookie: {get_param: RabbitCookie}
rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
rabbit_client_port: {get_param: RabbitClientPort}
- rabbit_ipv6: {get_param: RabbitIPv6}
- rabbit_fd_limit: {get_param: RabbitFDLimit}
mongodb_no_journal: {get_param: MongoDbNoJournal}
mongodb_ipv6: {get_param: MongoDbIPv6}
ntp_servers: {get_param: NtpServer}
@@ -1198,9 +1113,18 @@ resources:
swift_replicas: {get_param: SwiftReplicas}
swift_min_part_hours: {get_param: SwiftMinPartHours}
swift_mount_check: {get_param: SwiftMountCheck}
+ swift_public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
+ swift_internal_url: {get_param: [EndpointMap, SwiftInternal, uri]}
+ swift_admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]}
+ swift_public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]}
+ swift_internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]}
+ swift_admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]}
enable_package_install: {get_param: EnablePackageInstall}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
sahara_password: {get_param: SaharaPassword}
+ sahara_public_url: {get_param: [EndpointMap, SaharaPublic, uri]}
+ sahara_internal_url: {get_param: [EndpointMap, SaharaInternal, uri]}
+ sahara_admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
sahara_dsn:
list_join:
- ''
@@ -1220,7 +1144,6 @@ resources:
glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
- glance_registry_host: {get_param: GlanceRegistryVirtualIP}
heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
@@ -1234,6 +1157,11 @@ resources:
nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
+ horizon_subnet:
+ str_replace:
+ template: "['SUBNET']"
+ params:
+ SUBNET: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
redis_password: {get_param: RedisPassword}
@@ -1280,11 +1208,15 @@ resources:
- midonet_data #Optionally provided by AllNodesExtraConfig
- neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre
- neutron_plumgrid_data # Optionally provided by ControllerExtraConfigPre
+ merge_behavior: deeper
datafiles:
service_configs:
mapped_data: {get_param: ServiceConfigSettings}
controller_extraconfig:
- mapped_data: {get_param: ControllerExtraConfig}
+ mapped_data:
+ map_merge:
+ - {get_param: controllerExtraConfig}
+ - {get_param: ControllerExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
common:
@@ -1324,6 +1256,14 @@ resources:
tripleo::ringbuilder::replicas: {get_input: swift_replicas}
tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours}
swift_mount_check: {get_input: swift_mount_check}
+ swift::keystone::auth::public_url: {get_input: swift_public_url }
+ swift::keystone::auth::internal_url: {get_input: swift_internal_url }
+ swift::keystone::auth::admin_url: {get_input: swift_admin_url }
+ swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 }
+ swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 }
+ swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 }
+ swift::keystone::auth::password: {get_input: swift_password }
+ swift::keystone::auth::region: {get_input: keystone_region}
# Cinder
cinder_enable_db_purge: {get_input: cinder_enable_db_purge}
@@ -1348,39 +1288,19 @@ resources:
cinder::glance::glance_api_servers: {get_input: glance_api_servers}
cinder_backend_config: {get_input: CinderBackendConfig}
cinder::db::mysql::password: {get_input: cinder_password}
+ cinder::keystone::auth::public_url: {get_input: cinder_public_url }
+ cinder::keystone::auth::internal_url: {get_input: cinder_internal_url }
+ cinder::keystone::auth::admin_url: {get_input: cinder_admin_url }
+ cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 }
+ cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 }
+ cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 }
+ cinder::keystone::auth::password: {get_input: cinder_password }
+ cinder::keystone::auth::region: {get_input: keystone_region}
# Glance
- glance::api::bind_port: {get_input: glance_port}
glance::api::bind_host: {get_input: glance_api_network}
- glance::api::auth_uri: {get_input: keystone_auth_uri}
- glance::api::identity_uri: {get_input: keystone_identity_uri}
- glance::api::registry_host: {get_input: glance_registry_host}
- glance::api::keystone_password: {get_input: glance_password}
- glance::api::debug: {get_input: debug}
- glance::api::workers: {get_input: glance_workers}
- glance_notifier_strategy: {get_input: glance_notifier_strategy}
- glance_log_file: {get_input: glance_log_file}
- glance_log_file: {get_input: glance_log_file}
- glance::api::database_connection: {get_input: glance_dsn}
- glance::registry::keystone_password: {get_input: glance_password}
- glance::registry::database_connection: {get_input: glance_dsn}
glance::registry::bind_host: {get_input: glance_registry_network}
- glance::registry::auth_uri: {get_input: keystone_auth_uri}
- glance::registry::identity_uri: {get_input: keystone_identity_uri}
- glance::registry::debug: {get_input: debug}
- glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri}
- glance::registry::workers: {get_input: glance_workers}
- glance::backend::swift::swift_store_user: service:glance
- glance::backend::swift::swift_store_key: {get_input: glance_password}
- glance_backend: {get_input: glance_backend}
- glance::db::mysql::password: {get_input: glance_password}
- glance_file_pcmk_device: {get_input: glance_file_pcmk_device}
- glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
- glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
- glance_file_pcmk_options: {get_input: glance_file_pcmk_options}
- glance::notify::rabbitmq::rabbit_userid: {get_input: rabbit_username}
- glance::notify::rabbitmq::rabbit_password: {get_input: rabbit_password}
- glance::notify::rabbitmq::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
+ glance::keystone::auth::region: {get_input: keystone_region}
# Heat
heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
@@ -1402,11 +1322,18 @@ resources:
heat::api_cloudwatch::workers: {get_input: heat_workers}
heat::api_cfn::bind_host: {get_input: heat_api_network}
heat::api_cfn::workers: {get_input: heat_workers}
+ heat::engine::num_engine_workers: {get_input: heat_workers}
heat::database_connection: {get_input: heat_dsn}
heat::debug: {get_input: debug}
heat::db::mysql::password: {get_input: heat_password}
heat_enable_db_purge: {get_input: heat_enable_db_purge}
heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password}
+ heat::keystone::auth::public_url: {get_input: heat_public_url }
+ heat::keystone::auth::internal_url: {get_input: heat_internal_url }
+ heat::keystone::auth::admin_url: {get_input: heat_admin_url }
+ heat::keystone::auth::password: {get_input: heat_password }
+ heat::keystone::auth::region: {get_input: keystone_region}
+
# Keystone
keystone::admin_bind_host: {get_input: keystone_admin_api_network}
keystone::public_bind_host: {get_input: keystone_public_api_network}
@@ -1430,39 +1357,26 @@ resources:
# Neutron
neutron::bind_host: {get_input: neutron_api_network}
- neutron::rabbit_password: {get_input: rabbit_password}
- neutron::rabbit_user: {get_input: rabbit_username}
- neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
- neutron::rabbit_port: {get_input: rabbit_client_port}
- neutron::debug: {get_input: debug}
neutron::server::auth_uri: {get_input: keystone_auth_uri}
neutron::server::identity_uri: {get_input: keystone_identity_uri}
neutron::server::database_connection: {get_input: neutron_dsn}
neutron::server::api_workers: {get_input: neutron_workers}
- neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
neutron::network_device_mtu: {get_input: neutron_tenant_mtu}
neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop}
- neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata}
neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
neutron::plugins::ml2::flat_networks: {get_input: neutron_flat_networks}
- neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
- neutron::agents::metadata::metadata_workers: {get_input: neutron_workers}
neutron_agent_mode: {get_input: neutron_agent_mode}
neutron_router_distributed: {get_input: neutron_router_distributed}
neutron::core_plugin: {get_input: neutron_core_plugin}
neutron::service_plugins: {get_input: neutron_service_plugins}
- neutron::enable_dhcp_agent: {get_input: neutron_enable_dhcp_agent}
- neutron::enable_l3_agent: {get_input: neutron_enable_l3_agent}
- neutron::enable_metadata_agent: {get_input: neutron_enable_metadata_agent}
neutron::enable_ovs_agent: {get_input: neutron_enable_ovs_agent}
neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers}
neutron::plugins::ml2::mechanism_drivers: {get_input: neutron_mechanism_drivers}
neutron::plugins::ml2::extension_drivers: {get_input: neutron_plugin_extensions}
neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover}
neutron::server::l3_ha: {get_input: neutron_l3_ha}
- neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network}
neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
@@ -1475,10 +1389,7 @@ resources:
neutron::agents::ml2::ovs::tunnel_types: {get_input: neutron_tunnel_types}
neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions}
neutron::server::auth_password: {get_input: neutron_password}
- neutron::agents::metadata::auth_password: {get_input: neutron_password}
- neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options}
neutron_dsn: {get_input: neutron_dsn}
- neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri}
neutron::db::mysql::password: {get_input: neutron_password}
neutron::keystone::auth::public_url: {get_input: neutron_public_url }
neutron::keystone::auth::internal_url: {get_input: neutron_internal_url }
@@ -1514,6 +1425,11 @@ resources:
ceilometer::dispatcher::gnocchi::filter_project: 'service'
ceilometer::dispatcher::gnocchi::archive_policy: 'low'
ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml'
+ ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url }
+ ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url }
+ ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url }
+ ceilometer::keystone::auth::password: {get_input: ceilometer_password }
+ ceilometer::keystone::auth::region: {get_input: keystone_region}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
@@ -1534,6 +1450,11 @@ resources:
aodh::db::mysql::password: {get_input: aodh_password}
# for a migration path from ceilometer-alarm to aodh, we use the same database & coordination
aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url}
+ aodh::keystone::auth::public_url: {get_input: aodh_public_url }
+ aodh::keystone::auth::internal_url: {get_input: aodh_internal_url }
+ aodh::keystone::auth::admin_url: {get_input: aodh_admin_url }
+ aodh::keystone::auth::password: {get_input: aodh_password }
+ aodh::keystone::auth::region: {get_input: keystone_region}
# Gnocchi
gnocchi_backend: {get_input: gnocchi_backend}
@@ -1550,6 +1471,11 @@ resources:
gnocchi::db::mysql::password: {get_input: gnocchi_password}
gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri}
gnocchi::storage::swift::swift_key: {get_input: gnocchi_password}
+ gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url }
+ gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url }
+ gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url }
+ gnocchi::keystone::auth::password: {get_input: gnocchi_password }
+ gnocchi::keystone::auth::region: {get_input: keystone_region}
# Nova
nova::rabbit_userid: {get_input: rabbit_username}
@@ -1565,7 +1491,6 @@ resources:
nova::api::metadata_listen: {get_input: nova_metadata_network}
nova::api::admin_password: {get_input: nova_password}
nova::api::osapi_compute_workers: {get_input: nova_workers}
- nova::api::ec2_workers: {get_input: nova_workers}
nova::api::metadata_workers: {get_input: nova_workers}
nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
nova::database_connection: {get_input: nova_dsn}
@@ -1580,8 +1505,14 @@ resources:
nova::db::mysql::password: {get_input: nova_password}
nova::db::mysql_api::password: {get_input: nova_password}
nova_enable_db_purge: {get_input: nova_enable_db_purge}
+ nova::keystone::auth::public_url: {get_input: nova_public_url}
+ nova::keystone::auth::internal_url: {get_input: nova_internal_url}
+ nova::keystone::auth::admin_url: {get_input: nova_admin_url}
+ nova::keystone::auth::password: {get_input: nova_password }
+ nova::keystone::auth::region: {get_input: keystone_region}
# Horizon
+ apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
apache::ip: {get_input: horizon_network}
horizon::allowed_hosts: {get_input: horizon_allowed_hosts}
horizon::django_debug: {get_input: debug}
@@ -1611,14 +1542,14 @@ resources:
sahara::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
sahara::rabbit_port: {get_input: rabbit_client_port}
sahara::db::mysql::password: {get_input: sahara_password}
-
- # Rabbit
+ sahara::keystone::auth::public_url: {get_input: sahara_public_url }
+ sahara::keystone::auth::internal_url: {get_input: sahara_internal_url }
+ sahara::keystone::auth::admin_url: {get_input: sahara_admin_url }
+ sahara::keystone::auth::password: {get_input: sahara_password }
+ sahara::keystone::auth::region: {get_input: keystone_region}
+ # RabbitMQ
rabbitmq::node_ip_address: {get_input: rabbitmq_network}
rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
- rabbitmq::file_limit: {get_input: rabbit_fd_limit}
- rabbitmq::default_user: {get_input: rabbit_username}
- rabbitmq::default_pass: {get_input: rabbit_password}
- rabbit_ipv6: {get_input: rabbit_ipv6}
# Redis
redis::bind: {get_input: redis_network}
redis::requirepass: {get_input: redis_password}
diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml
index 77b11378..e281ef51 100644
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@@ -63,6 +63,14 @@ resources:
openssl rsa -noout -modulus -in ${cert_path} \
| openssl md5 | cut -c 10- \
> ${heat_outputs_path}.key_modulus
+ # We need to reload haproxy in case the certificate changed because
+ # puppet doesn't know the contents of the cert file. The pacemaker
+ # case is handled separately in a pacemaker-specific resource.
+ pacemaker_status=$(systemctl is-active pacemaker)
+ haproxy_status=$(systemctl is-active haproxy)
+ if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then
+ systemctl reload haproxy
+ fi
ControllerTLSDeployment:
type: OS::Heat::SoftwareDeployment
diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml
index 865210c9..1e888f39 100644
--- a/puppet/hieradata/compute.yaml
+++ b/puppet/hieradata/compute.yaml
@@ -11,6 +11,8 @@ nova::compute::libvirt::migration_support: true
nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}"
+nova::network::neutron::neutron_auth_type: 'v3password'
+
# Changing the default from 512MB. The current templates can not deploy
# overclouds with swap. On an idle compute node, we see ~1024MB of RAM
# used. 2048 is suggested to account for other possible operations for
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 79db9418..7a446b50 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -50,13 +50,22 @@ glance::registry::keystone_tenant: 'service'
neutron::server::auth_tenant: 'service'
neutron::agents::metadata::auth_tenant: 'service'
neutron::agents::l3::router_delete_namespaces: True
-neutron::agents::dhcp::dhcp_delete_namespaces: True
cinder::api::keystone_tenant: 'service'
swift::proxy::authtoken::admin_tenant_name: 'service'
ceilometer::api::keystone_tenant: 'service'
gnocchi::api::keystone_tenant: 'service'
heat::keystone_tenant: 'service'
sahara::admin_tenant_name: 'service'
+aodh::keystone::auth::tenant: 'service'
+ceilometer::keystone::auth::tenant: 'service'
+cinder::keystone::auth::tenant: 'service'
+glance::keystone::auth::tenant: 'service'
+gnocchi::keystone::auth::tenant: 'service'
+heat::keystone::auth::tenant: 'service'
+neutron::keystone::auth::tenant: 'service'
+nova::keystone::auth::tenant: 'service'
+sahara::keystone::auth::tenant: 'service'
+swift::keystone::auth::tenant: 'service'
# keystone
keystone::cron::token_flush::maxdelay: 3600
@@ -86,6 +95,10 @@ swift::proxy::pipeline:
- 'proxy-server'
swift::proxy::account_autocreate: true
+swift::keystone::auth::configure_s3_endpoint: false
+swift::keystone::auth::operator_roles:
+ - admin
+ - swiftoperator
# glance
glance::api::pipeline: 'keystone'
@@ -96,7 +109,6 @@ glance_file_pcmk_directory: '/var/lib/glance/images'
# neutron
neutron::server::sync_db: true
-neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf
# nova
nova::notify_on_state_change: 'vm_and_task_state'
@@ -141,6 +153,7 @@ horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
horizon::vhost_extra_params:
add_listen: false
priority: 10
+ access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
# mysql
mysql::server::manage_config_file: true
@@ -152,7 +165,6 @@ tripleo::loadbalancer::neutron: true
tripleo::loadbalancer::cinder: true
tripleo::loadbalancer::glance_api: true
tripleo::loadbalancer::glance_registry: true
-tripleo::loadbalancer::nova_ec2: true
tripleo::loadbalancer::nova_osapi: true
tripleo::loadbalancer::nova_metadata: true
tripleo::loadbalancer::nova_novncproxy: true
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 779e7f21..6c2716a0 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -113,8 +113,6 @@ if hiera('step') >= 2 {
# FIXME: this should only occur on the bootstrap host (ditto for db syncs)
# Create all the database schemas
- include ::keystone::db::mysql
- include ::glance::db::mysql
include ::nova::db::mysql
include ::nova::db::mysql_api
include ::neutron::db::mysql
@@ -129,36 +127,6 @@ if hiera('step') >= 2 {
include ::aodh::db::mysql
}
- $rabbit_nodes = hiera('rabbit_node_ips')
- if count($rabbit_nodes) > 1 {
-
- $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false))
- if $rabbit_ipv6 {
- $rabbit_env = merge(hiera('rabbitmq_environment'), {
- 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"'
- })
- } else {
- $rabbit_env = hiera('rabbitmq_environment')
- }
-
- class { '::rabbitmq':
- config_cluster => true,
- cluster_nodes => $rabbit_nodes,
- tcp_keepalive => false,
- config_kernel_variables => hiera('rabbitmq_kernel_variables'),
- config_variables => hiera('rabbitmq_config_variables'),
- environment_variables => $rabbit_env,
- }
- rabbitmq_policy { 'ha-all@/':
- pattern => '^(?!amq\.).*',
- definition => {
- 'ha-mode' => 'all',
- },
- }
- } else {
- include ::rabbitmq
- }
-
# pre-install swift here so we can build rings
include ::swift
@@ -215,26 +183,6 @@ if hiera('step') >= 2 {
if hiera('step') >= 4 {
- $glance_backend = downcase(hiera('glance_backend', 'swift'))
- case $glance_backend {
- 'swift': { $backend_store = 'glance.store.swift.Store' }
- 'file': { $backend_store = 'glance.store.filesystem.Store' }
- 'rbd': { $backend_store = 'glance.store.rbd.Store' }
- default: { fail('Unrecognized glance_backend parameter.') }
- }
- $http_store = ['glance.store.http.Store']
- $glance_store = concat($http_store, $backend_store)
-
- # TODO: scrubber and other additional optional features
- include ::glance
- include ::glance::config
- class { '::glance::api':
- known_stores => $glance_store,
- }
- include ::glance::registry
- include ::glance::notify::rabbitmq
- include join(['::glance::backend::', $glance_backend])
-
$nova_ipv6 = hiera('nova::use_ipv6', false)
if $nova_ipv6 {
$memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211')
@@ -327,17 +275,6 @@ if hiera('step') >= 4 {
metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'),
}
} else {
- include ::neutron::agents::l3
- include ::neutron::agents::dhcp
- include ::neutron::agents::metadata
-
- file { '/etc/neutron/dnsmasq-neutron.conf':
- content => hiera('neutron_dnsmasq_options'),
- owner => 'neutron',
- group => 'neutron',
- notify => Service['neutron-dhcp-service'],
- require => Package['neutron'],
- }
# If the value of core plugin is set to 'midonet',
# skip all the ML2 configuration
@@ -380,17 +317,9 @@ if hiera('step') >= 4 {
include ::neutron::plugins::ml2::bigswitch::restproxy
include ::neutron::agents::bigswitch
}
- neutron_l3_agent_config {
- 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false);
- }
- neutron_dhcp_agent_config {
- 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false);
- }
Service['neutron-server'] -> Service['neutron-ovs-agent-service']
}
- Service['neutron-server'] -> Service['neutron-dhcp-service']
- Service['neutron-server'] -> Service['neutron-l3']
Service['neutron-server'] -> Service['neutron-metadata']
}
@@ -435,6 +364,7 @@ if hiera('step') >= 4 {
$cinder_rbd_backend = 'tripleo_ceph'
cinder::backend::rbd { $cinder_rbd_backend :
+ backend_host => hiera('cinder::host'),
rbd_pool => hiera('cinder_rbd_pool_name'),
rbd_user => hiera('ceph_client_user_name'),
rbd_secret_uuid => hiera('ceph::profile::params::fsid'),
@@ -618,6 +548,7 @@ if hiera('step') >= 4 {
include ::sahara::service::engine
# Horizon
+ include ::apache::mod::remoteip
if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
$_profile_support = 'cisco'
} else {
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index f5d4cf9c..5c6e15ad 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -23,10 +23,8 @@ Service <|
tag == 'aodh-service' or
tag == 'cinder-service' or
tag == 'ceilometer-service' or
- tag == 'glance-service' or
tag == 'gnocchi-service' or
tag == 'heat-service' or
- tag == 'keystone-service' or
tag == 'neutron-service' or
tag == 'nova-service' or
tag == 'sahara-service'
@@ -48,7 +46,7 @@ if $::hostname == downcase(hiera('bootstrap_nodeid')) {
$sync_db = false
}
-$enable_fencing = str2bool(hiera('enable_fencing', false)) and hiera('step') >= 6
+$enable_fencing = str2bool(hiera('enable_fencing', false)) and hiera('step') >= 5
$enable_load_balancer = hiera('enable_load_balancer', true)
# When to start and enable services which haven't been Pacemakerized
@@ -101,6 +99,10 @@ if hiera('step') >= 1 {
if $enable_fencing {
include ::tripleo::fencing
+ # enable stonith after all Pacemaker resources have been created
+ Pcmk_resource<||> -> Class['tripleo::fencing']
+ Pcmk_constraint<||> -> Class['tripleo::fencing']
+ Exec <| tag == 'pacemaker_constraint' |> -> Class['tripleo::fencing']
# enable stonith after all fencing devices have been created
Class['tripleo::fencing'] -> Class['pacemaker::stonith']
}
@@ -112,35 +114,6 @@ if hiera('step') >= 1 {
op_params => 'start timeout=200s stop timeout=200s',
}
- # Only configure RabbitMQ in this step, don't start it yet to
- # avoid races where non-master nodes attempt to start without
- # config (eg. binding on 0.0.0.0)
- # The module ignores erlang_cookie if cluster_config is false
- $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false))
- if $rabbit_ipv6 {
- $rabbit_env = merge(hiera('rabbitmq_environment'), {
- 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"'
- })
- } else {
- $rabbit_env = hiera('rabbitmq_environment')
- }
-
- class { '::rabbitmq':
- service_manage => false,
- tcp_keepalive => false,
- config_kernel_variables => hiera('rabbitmq_kernel_variables'),
- config_variables => hiera('rabbitmq_config_variables'),
- environment_variables => $rabbit_env,
- } ->
- file { '/var/lib/rabbitmq/.erlang.cookie':
- ensure => file,
- owner => 'rabbitmq',
- group => 'rabbitmq',
- mode => '0400',
- content => hiera('rabbitmq::erlang_cookie'),
- replace => true,
- }
-
if downcase(hiera('ceilometer_backend')) == 'mongodb' {
include ::mongodb::globals
include ::mongodb::client
@@ -255,183 +228,46 @@ if hiera('step') >= 2 {
}
$control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip')
- if is_ipv6_address($control_vip) {
- $control_vip_netmask = '64'
- } else {
- $control_vip_netmask = '32'
- }
- pacemaker::resource::ip { 'control_vip':
- ip_address => $control_vip,
- cidr_netmask => $control_vip_netmask,
- }
- pacemaker::constraint::base { 'control_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${control_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['control_vip']],
- }
- pacemaker::constraint::colocation { 'control_vip-with-haproxy':
- source => "ip-${control_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['control_vip']],
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_control_vip':
+ vip_name => 'control',
+ ip_address => $control_vip,
}
$public_vip = hiera('tripleo::loadbalancer::public_virtual_ip')
- if is_ipv6_address($public_vip) {
- $public_vip_netmask = '64'
- } else {
- $public_vip_netmask = '32'
- }
- if $public_vip and $public_vip != $control_vip {
- pacemaker::resource::ip { 'public_vip':
- ip_address => $public_vip,
- cidr_netmask => $public_vip_netmask,
- }
- pacemaker::constraint::base { 'public_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${public_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['public_vip']],
- }
- pacemaker::constraint::colocation { 'public_vip-with-haproxy':
- source => "ip-${public_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['public_vip']],
- }
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_public_vip':
+ ensure => $public_vip and $public_vip != $control_vip,
+ vip_name => 'public',
+ ip_address => $public_vip,
}
$redis_vip = hiera('redis_vip')
- if is_ipv6_address($redis_vip) {
- $redis_vip_netmask = '64'
- } else {
- $redis_vip_netmask = '32'
- }
- if $redis_vip and $redis_vip != $control_vip {
- pacemaker::resource::ip { 'redis_vip':
- ip_address => $redis_vip,
- cidr_netmask => $redis_vip_netmask,
- }
- pacemaker::constraint::base { 'redis_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${redis_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['redis_vip']],
- }
- pacemaker::constraint::colocation { 'redis_vip-with-haproxy':
- source => "ip-${redis_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['redis_vip']],
- }
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_redis_vip':
+ ensure => $redis_vip and $redis_vip != $control_vip,
+ vip_name => 'redis',
+ ip_address => $redis_vip,
}
+
$internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip')
- if is_ipv6_address($internal_api_vip) {
- $internal_api_vip_netmask = '64'
- } else {
- $internal_api_vip_netmask = '32'
- }
- if $internal_api_vip and $internal_api_vip != $control_vip {
- pacemaker::resource::ip { 'internal_api_vip':
- ip_address => $internal_api_vip,
- cidr_netmask => $internal_api_vip_netmask,
- }
- pacemaker::constraint::base { 'internal_api_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${internal_api_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['internal_api_vip']],
- }
- pacemaker::constraint::colocation { 'internal_api_vip-with-haproxy':
- source => "ip-${internal_api_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['internal_api_vip']],
- }
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_internal_api_vip':
+ ensure => $internal_api_vip and $internal_api_vip != $control_vip,
+ vip_name => 'internal_api',
+ ip_address => $internal_api_vip,
}
$storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip')
- if is_ipv6_address($storage_vip) {
- $storage_vip_netmask = '64'
- } else {
- $storage_vip_netmask = '32'
- }
- if $storage_vip and $storage_vip != $control_vip {
- pacemaker::resource::ip { 'storage_vip':
- ip_address => $storage_vip,
- cidr_netmask => $storage_vip_netmask,
- }
- pacemaker::constraint::base { 'storage_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${storage_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['storage_vip']],
- }
- pacemaker::constraint::colocation { 'storage_vip-with-haproxy':
- source => "ip-${storage_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['storage_vip']],
- }
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_vip':
+ ensure => $storage_vip and $storage_vip != $control_vip,
+ vip_name => 'storage',
+ ip_address => $storage_vip,
}
$storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip')
- if is_ipv6_address($storage_mgmt_vip) {
- $storage_mgmt_vip_netmask = '64'
- } else {
- $storage_mgmt_vip_netmask = '32'
- }
- if $storage_mgmt_vip and $storage_mgmt_vip != $control_vip {
- pacemaker::resource::ip { 'storage_mgmt_vip':
- ip_address => $storage_mgmt_vip,
- cidr_netmask => $storage_mgmt_vip_netmask,
- }
- pacemaker::constraint::base { 'storage_mgmt_vip-then-haproxy':
- constraint_type => 'order',
- first_resource => "ip-${storage_mgmt_vip}",
- second_resource => 'haproxy-clone',
- first_action => 'start',
- second_action => 'start',
- constraint_params => 'kind=Optional',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['storage_mgmt_vip']],
- }
- pacemaker::constraint::colocation { 'storage_mgmt_vip-with-haproxy':
- source => "ip-${storage_mgmt_vip}",
- target => 'haproxy-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Ip['storage_mgmt_vip']],
- }
+ tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_mgmt_vip':
+ ensure => $storage_mgmt_vip and $storage_mgmt_vip != $control_vip,
+ vip_name => 'storage_mgmt',
+ ip_address => $storage_mgmt_vip,
}
-
}
pacemaker::resource::service { $::memcached::params::service_name :
@@ -439,14 +275,6 @@ if hiera('step') >= 2 {
require => Class['::memcached'],
}
- pacemaker::resource::ocf { 'rabbitmq':
- ocf_agent_name => 'heartbeat:rabbitmq-cluster',
- resource_params => 'set_policy=\'ha-all ^(?!amq\.).* {"ha-mode":"all"}\'',
- clone_params => 'ordered=true interleave=true',
- meta_params => 'notify=true',
- require => Class['::rabbitmq'],
- }
-
if downcase(hiera('ceilometer_backend')) == 'mongodb' {
pacemaker::resource::service { $::mongodb::params::service_name :
op_params => 'start timeout=370s stop timeout=200s',
@@ -516,12 +344,6 @@ MYSQL_HOST=localhost\n",
# Create all the database schemas
if $sync_db {
- class { '::keystone::db::mysql':
- require => Exec['galera-ready'],
- }
- class { '::glance::db::mysql':
- require => Exec['galera-ready'],
- }
class { '::nova::db::mysql':
require => Exec['galera-ready'],
}
@@ -610,33 +432,7 @@ MYSQL_HOST=localhost\n",
} #END STEP 2
-if hiera('step') >= 4 {
-
- $glance_backend = downcase(hiera('glance_backend', 'swift'))
- case $glance_backend {
- 'swift': { $backend_store = 'glance.store.swift.Store' }
- 'file': { $backend_store = 'glance.store.filesystem.Store' }
- 'rbd': { $backend_store = 'glance.store.rbd.Store' }
- default: { fail('Unrecognized glance_backend parameter.') }
- }
- $http_store = ['glance.store.http.Store']
- $glance_store = concat($http_store, $backend_store)
-
- # TODO: notifications, scrubber, etc.
- include ::glance
- include ::glance::config
- class { '::glance::api':
- known_stores => $glance_store,
- manage_service => false,
- enabled => false,
- }
- class { '::glance::registry' :
- sync_db => $sync_db,
- manage_service => false,
- enabled => false,
- }
- include ::glance::notify::rabbitmq
- include join(['::glance::backend::', $glance_backend])
+if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) {
$nova_ipv6 = hiera('nova::use_ipv6', false)
if $nova_ipv6 {
@@ -759,31 +555,6 @@ if hiera('step') >= 4 {
metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'),
}
}
- if hiera('neutron::enable_dhcp_agent',true) {
- class { '::neutron::agents::dhcp' :
- manage_service => false,
- enabled => false,
- }
- file { '/etc/neutron/dnsmasq-neutron.conf':
- content => hiera('neutron_dnsmasq_options'),
- owner => 'neutron',
- group => 'neutron',
- notify => Service['neutron-dhcp-service'],
- require => Package['neutron'],
- }
- }
- if hiera('neutron::enable_l3_agent',true) {
- class { '::neutron::agents::l3' :
- manage_service => false,
- enabled => false,
- }
- }
- if hiera('neutron::enable_metadata_agent',true) {
- class { '::neutron::agents::metadata':
- manage_service => false,
- enabled => false,
- }
- }
include ::neutron::plugins::ml2
class { '::neutron::agents::ml2::ovs':
manage_service => false,
@@ -815,15 +586,6 @@ if hiera('step') >= 4 {
include ::neutron::plugins::ml2::bigswitch::restproxy
include ::neutron::agents::bigswitch
}
- neutron_l3_agent_config {
- 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false);
- }
- neutron_dhcp_agent_config {
- 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false);
- }
- neutron_config {
- 'DEFAULT/notification_driver': value => 'messaging';
- }
include ::cinder
include ::cinder::config
@@ -876,6 +638,7 @@ if hiera('step') >= 4 {
$cinder_rbd_backend = 'tripleo_ceph'
cinder::backend::rbd { $cinder_rbd_backend :
+ backend_host => hiera('cinder::host'),
rbd_pool => hiera('cinder_rbd_pool_name'),
rbd_user => hiera('ceph_client_user_name'),
rbd_secret_uuid => hiera('ceph::profile::params::fsid'),
@@ -1096,6 +859,7 @@ if hiera('step') >= 4 {
service_enable => false,
# service_manage => false, # <-- not supported with horizon&apache mod_wsgi?
}
+ include ::apache::mod::remoteip
include ::apache::mod::status
if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
$_profile_support = 'cisco'
@@ -1304,91 +1068,16 @@ if hiera('step') >= 5 {
require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name],
Pacemaker::Resource::Ocf['openstack-core']],
}
-
- # Glance
- if $glance_backend == 'file' and hiera('glance_file_pcmk_manage', false) {
- $secontext = 'context="system_u:object_r:glance_var_lib_t:s0"'
- pacemaker::resource::filesystem { 'glance-fs':
- device => hiera('glance_file_pcmk_device'),
- directory => hiera('glance_file_pcmk_directory'),
- fstype => hiera('glance_file_pcmk_fstype'),
- fsoptions => join([$secontext, hiera('glance_file_pcmk_options', '')],','),
- verify_on_create => true,
- clone_params => '',
- }
- }
-
- pacemaker::resource::service { $::glance::params::registry_service_name :
- clone_params => 'interleave=true',
- require => Pacemaker::Resource::Ocf['openstack-core'],
- }
- pacemaker::resource::service { $::glance::params::api_service_name :
- clone_params => 'interleave=true',
- }
-
- pacemaker::constraint::base { 'keystone-then-glance-registry-constraint':
+ pacemaker::constraint::base { 'sahara-api-then-sahara-engine-constraint':
constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::glance::params::registry_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
- pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint':
- constraint_type => 'order',
- first_resource => "${::glance::params::registry_service_name}-clone",
- second_resource => "${::glance::params::api_service_name}-clone",
+ first_resource => "${::sahara::params::api_service_name}-clone",
+ second_resource => "${::sahara::params::engine_service_name}-clone",
first_action => 'start',
second_action => 'start',
- require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
- Pacemaker::Resource::Service[$::glance::params::api_service_name]],
- }
- pacemaker::constraint::colocation { 'glance-api-with-glance-registry-colocation':
- source => "${::glance::params::api_service_name}-clone",
- target => "${::glance::params::registry_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
- Pacemaker::Resource::Service[$::glance::params::api_service_name]],
- }
-
- if hiera('step') == 5 {
- # Neutron
- # NOTE(gfidente): Neutron will try to populate the database with some data
- # as soon as neutron-server is started; to avoid races we want to make this
- # happen only on one node, before normal Pacemaker initialization
- # https://bugzilla.redhat.com/show_bug.cgi?id=1233061
- # NOTE(emilien): we need to run this Exec only at Step 4 otherwise this exec
- # will try to start the service while it's already started by Pacemaker
- # It would result to a deployment failure since systemd would return 1 to Puppet
- # and the overcloud would fail to deploy (6 would be returned).
- # This conditional prevents from a race condition during the deployment.
- # https://bugzilla.redhat.com/show_bug.cgi?id=1290582
- exec { 'neutron-server-systemd-start-sleep' :
- command => 'systemctl start neutron-server && /usr/bin/sleep 5',
- path => '/usr/bin',
- unless => '/sbin/pcs resource show neutron-server',
- } ->
- pacemaker::resource::service { $::neutron::params::server_service:
- clone_params => 'interleave=true',
- require => Pacemaker::Resource::Ocf['openstack-core']
- }
- } else {
- pacemaker::resource::service { $::neutron::params::server_service:
- clone_params => 'interleave=true',
- require => Pacemaker::Resource::Ocf['openstack-core']
- }
- }
- if hiera('neutron::enable_l3_agent', true) {
- pacemaker::resource::service { $::neutron::params::l3_agent_service:
- clone_params => 'interleave=true',
- }
- }
- if hiera('neutron::enable_dhcp_agent', true) {
- pacemaker::resource::service { $::neutron::params::dhcp_agent_service:
- clone_params => 'interleave=true',
- }
+ require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name],
+ Pacemaker::Resource::Service[$::sahara::params::engine_service_name]],
}
+
if hiera('neutron::enable_ovs_agent', true) {
pacemaker::resource::service { $::neutron::params::ovs_agent_service:
clone_params => 'interleave=true',
@@ -1399,11 +1088,6 @@ if hiera('step') >= 5 {
clone_params => 'interleave=true',
}
}
- if hiera('neutron::enable_metadata_agent', true) {
- pacemaker::resource::service { $::neutron::params::metadata_agent_service:
- clone_params => 'interleave=true',
- }
- }
if hiera('neutron::enable_ovs_agent', true) {
pacemaker::resource::ocf { $::neutron::params::ovs_cleanup_service:
ocf_agent_name => 'neutron:OVSCleanup',
@@ -1448,81 +1132,6 @@ if hiera('step') >= 5 {
Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
}
}
- pacemaker::constraint::base { 'keystone-to-neutron-server-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::neutron::params::server_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Ocf['openstack-core'],
- Pacemaker::Resource::Service[$::neutron::params::server_service]],
- }
- if hiera('neutron::enable_ovs_agent',true) {
- pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::ovs_agent_service}-clone",
- second_resource => "${::neutron::params::dhcp_agent_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]],
- }
- }
- if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_ovs_agent',true) {
- pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::server_service}-clone",
- second_resource => "${::neutron::params::ovs_agent_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::server_service],
- Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
- }
-
- pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation':
- source => "${::neutron::params::dhcp_agent_service}-clone",
- target => "${::neutron::params::ovs_agent_service}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]],
- }
- }
- if hiera('neutron::enable_dhcp_agent',true) and hiera('l3_agent_service',true) {
- pacemaker::constraint::base { 'neutron-dhcp-agent-to-l3-agent-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::dhcp_agent_service}-clone",
- second_resource => "${::neutron::params::l3_agent_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]]
- }
- pacemaker::constraint::colocation { 'neutron-dhcp-agent-to-l3-agent-colocation':
- source => "${::neutron::params::l3_agent_service}-clone",
- target => "${::neutron::params::dhcp_agent_service}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]]
- }
- }
- if hiera('neutron::enable_l3_agent',true) and hiera('neutron::enable_metadata_agent',true) {
- pacemaker::constraint::base { 'neutron-l3-agent-to-metadata-agent-constraint':
- constraint_type => 'order',
- first_resource => "${::neutron::params::l3_agent_service}-clone",
- second_resource => "${::neutron::params::metadata_agent_service}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]]
- }
- pacemaker::constraint::colocation { 'neutron-l3-agent-to-metadata-agent-colocation':
- source => "${::neutron::params::metadata_agent_service}-clone",
- target => "${::neutron::params::l3_agent_service}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]]
- }
- }
if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
#midonet-chain chain keystone-->neutron-server-->dhcp-->metadata->tomcat
pacemaker::constraint::base { 'neutron-server-to-dhcp-agent-constraint':
@@ -1720,6 +1329,15 @@ if hiera('step') >= 5 {
require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
Pacemaker::Resource::Ocf['openstack-core']],
}
+ pacemaker::constraint::base { 'keystone-then-ceilometer-notification-constraint':
+ constraint_type => 'order',
+ first_resource => 'openstack-core-clone',
+ second_resource => "${::ceilometer::params::agent_notification_service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
+ Pacemaker::Resource::Ocf['openstack-core']],
+ }
pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint':
constraint_type => 'order',
first_resource => "${::ceilometer::params::agent_central_service_name}-clone",
@@ -1803,6 +1421,15 @@ if hiera('step') >= 5 {
require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]],
}
+ pacemaker::constraint::base { 'aodh-evaluator-then-aodh-listener-constraint':
+ constraint_type => 'order',
+ first_resource => "${::aodh::params::evaluator_service_name}-clone",
+ second_resource => "${::aodh::params::listener_service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
+ Pacemaker::Resource::Service[$::aodh::params::listener_service_name]],
+ }
pacemaker::constraint::colocation { 'aodh-listener-with-aodh-evaluator-colocation':
source => "${::aodh::params::listener_service_name}-clone",
target => "${::aodh::params::evaluator_service_name}-clone",
@@ -1859,15 +1486,6 @@ if hiera('step') >= 5 {
pacemaker::resource::service { $::heat::params::engine_service_name :
clone_params => 'interleave=true',
}
- pacemaker::constraint::base { 'keystone-then-heat-api-constraint':
- constraint_type => 'order',
- first_resource => 'openstack-core-clone',
- second_resource => "${::heat::params::api_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::heat::params::api_service_name],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint':
constraint_type => 'order',
first_resource => "${::heat::params::api_service_name}-clone",
diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml
new file mode 100644
index 00000000..ca50d91d
--- /dev/null
+++ b/puppet/services/glance-api.yaml
@@ -0,0 +1,102 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Glance API service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ GlanceNotifierStrategy:
+ description: Strategy to use for Glance notification queue
+ type: string
+ default: noop
+ GlanceLogFile:
+ description: The filepath of the file to use for logging messages from Glance.
+ type: string
+ default: ''
+ GlancePassword:
+ description: The password for the glance service and db account, used by the glance services.
+ type: string
+ hidden: true
+ GlanceBackend:
+ default: swift
+ description: The short name of the Glance backend to use. Should be one
+ of swift, rbd, or file
+ type: string
+ constraints:
+ - allowed_values: ['swift', 'file', 'rbd']
+ GlanceWorkers:
+ default: 0
+ description: Number of workers for Glance service.
+ type: number
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+
+outputs:
+ role_data:
+ description: Role data for the Glance API role.
+ value:
+ config_settings:
+ glance_dsn: &glance_dsn
+ list_join:
+ - ''
+ - - 'mysql+pymysql://glance:'
+ - {get_param: GlancePassword}
+ - '@'
+ - {get_param: MysqlVirtualIPUri}
+ - '/glance'
+ glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
+ glance::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::api::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::api::registry_host:
+ str_replace:
+ template: "'REGISTRY_HOST'"
+ params:
+ REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]}
+ glance::api::keystone_password: {get_param: GlancePassword}
+ glance::api::debug: {get_param: Debug}
+ glance::api::workers: {get_param: GlanceWorkers}
+ glance_notifier_strategy: {get_param: GlanceNotifierStrategy}
+ glance_log_file: {get_param: GlanceLogFile}
+ glance::api::database_connection: *glance_dsn
+ glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::backend::swift::swift_store_user: service:glance
+ glance::backend::swift::swift_store_key: {get_param: GlancePassword}
+ glance_backend: {get_param: GlanceBackend}
+ glance::db::mysql::password: {get_param: GlancePassword}
+ glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
+ glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
+ glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
+ glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]}
+ glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]}
+ glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]}
+ glance::keystone::auth::password: {get_param: GlancePassword }
+ step_config: |
+ include ::tripleo::profile::base::glance::api
diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml
new file mode 100644
index 00000000..1a1a515a
--- /dev/null
+++ b/puppet/services/glance-registry.yaml
@@ -0,0 +1,48 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Glance Registry service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ GlancePassword:
+ description: The password for the glance service and db account, used by the glance services.
+ type: string
+ hidden: true
+ GlanceWorkers:
+ default: 0
+ description: Number of workers for Glance service.
+ type: number
+
+outputs:
+ role_data:
+ description: Role data for the Glance Registry role.
+ value:
+ config_settings:
+ glance_dsn: &glance_dsn
+ list_join:
+ - ''
+ - - 'mysql+pymysql://glance:'
+ - {get_param: GlancePassword}
+ - '@'
+ - {get_param: MysqlVirtualIPUri}
+ - '/glance'
+ glance::registry::keystone_password: {get_param: GlancePassword}
+ glance::registry::database_connection: *glance_dsn
+ glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::registry::debug: {get_param: Debug}
+ glance::registry::workers: {get_param: GlanceWorkers}
+ step_config: |
+ include ::tripleo::profile::base::glance::registry
diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml
new file mode 100644
index 00000000..b34bdd22
--- /dev/null
+++ b/puppet/services/neutron-base.yaml
@@ -0,0 +1,44 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron base service. Shared for all Neutron agents.
+
+parameters:
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitClientUseSSL:
+ default: false
+ description: >
+ Rabbit client subscriber parameter to specify
+ an SSL connection to the RabbitMQ host.
+ type: string
+ RabbitClientPort:
+ default: 5672
+ description: Set rabbit subscriber port, change this if using SSL
+ type: number
+ NeutronDhcpAgentsPerNetwork:
+ type: number
+ default: 3
+ description: The number of neutron dhcp agents to schedule per network
+ Debug:
+ type: string
+ default: ''
+ description: Set to True to enable debugging on all services.
+
+outputs:
+ role_data:
+ description: Role data for the Neutron base service.
+ value:
+ config_settings:
+ neutron::rabbit_password: {get_param: RabbitPassword}
+ neutron::rabbit_user: {get_param: RabbitUserName}
+ neutron::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ neutron::rabbit_port: {get_param: RabbitClientPort}
+ neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
+ neutron::debug: {get_param: Debug}
diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml
new file mode 100644
index 00000000..548b4ba0
--- /dev/null
+++ b/puppet/services/neutron-dhcp.yaml
@@ -0,0 +1,56 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron DHCP agent configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+ NeutronEnableIsolatedMetadata:
+ default: 'False'
+ description: If True, DHCP provide metadata route to VM.
+ type: string
+ NeutronDnsmasqOptions:
+ default: 'dhcp-option-force=26,%MTU%'
+ description: >
+ Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU
+ to be set to the value of NeutronTenantMtu, which should be set to account
+ for tunnel overhead.
+ type: string
+ NeutronTenantMtu:
+ description: >
+ The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
+ be at least 50 bytes smaller than the MTU on the physical network. This
+ value will be used to set the MTU on the virtual Ethernet device.
+ This value will be used to construct the NeutronDnsmasqOptions, since that
+ will determine the MTU that is assigned to the VM host through DHCP.
+ default: "1400"
+ type: string
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+
+outputs:
+ role_data:
+ description: Role data for the Neutron DHCP agent service.
+ value:
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf
+ tripleo::profile::base::neutron::dhcp:
+ str_replace:
+ template: {get_param: NeutronDnsmasqOptions}
+ params:
+ '%MTU%': {get_param: NeutronTenantMtu}
+ neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata}
+ step_config: |
+ include tripleo::profile::base::neutron::dhcp
diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml
new file mode 100644
index 00000000..2ea1b19d
--- /dev/null
+++ b/puppet/services/neutron-l3.yaml
@@ -0,0 +1,37 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron L3 agent configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+ Debug:
+ type: string
+ default: ''
+ NeutronExternalNetworkBridge:
+ description: Name of bridge used for external network traffic.
+ type: string
+ default: 'br-ex'
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+
+outputs:
+ role_data:
+ description: Role data for the Neutron L3 agent service.
+ value:
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge}
+ step_config: |
+ include tripleo::profile::base::neutron::l3
diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml
new file mode 100644
index 00000000..1fe139f3
--- /dev/null
+++ b/puppet/services/neutron-metadata.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron Metadata agent configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+ NeutronMetadataProxySharedSecret:
+ description: Shared secret to prevent spoofing
+ type: string
+ hidden: true
+ NeutronWorkers:
+ default: 0
+ description: Number of workers for Neutron service.
+ type: number
+ NeutronPassword:
+ description: The password for the neutron service and db account, used by neutron agents.
+ type: string
+ hidden: true
+
+resources:
+
+ NeutronBase:
+ type: ./neutron-base.yaml
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Metadata agent service.
+ value:
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronBase, role_data, config_settings]
+ - neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret}
+ neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers}
+ neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
+ neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ step_config: |
+ include tripleo::profile::base::neutron::metadata
diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml
new file mode 100644
index 00000000..ad964216
--- /dev/null
+++ b/puppet/services/pacemaker/glance-api.yaml
@@ -0,0 +1,62 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Glance API service with Pacemaker configured with Puppet.
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+ GlanceFilePcmkDevice:
+ default: ''
+ description: >
+ An exported storage device that should be mounted by Pacemaker
+ as Glance storage. Effective when GlanceFilePcmkManage is true.
+ type: string
+ GlanceFilePcmkFstype:
+ default: 'nfs'
+ description: >
+ Filesystem type for Pacemaker mount used as Glance storage.
+ Effective when GlanceFilePcmkManage is true.
+ type: string
+ GlanceFilePcmkManage:
+ default: false
+ description: >
+ Whether to make Glance file backend a mount managed by Pacemaker.
+ Effective when GlanceBackend is 'file'.
+ type: boolean
+ GlanceFilePcmkOptions:
+ default: ''
+ description: >
+ Mount options for Pacemaker mount used as Glance storage.
+ Effective when GlanceFilePcmkManage is true.
+ type: string
+
+resources:
+
+ GlanceApiBase:
+ type: ../glance-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri}
+
+outputs:
+ role_data:
+ description: Role data for the Glance role.
+ value:
+ config_settings:
+ map_merge:
+ - get_attr: [GlanceApiBase, role_data, config_settings]
+ - glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice}
+ glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype}
+ glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage}
+ glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions}
+ glance::api::manage_service: false
+ glance::api::enabled: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::glance
diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml
new file mode 100644
index 00000000..393fbaaf
--- /dev/null
+++ b/puppet/services/pacemaker/glance-registry.yaml
@@ -0,0 +1,36 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Glance Registry service with Pacemaker configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+
+resources:
+
+ GlanceRegistryBase:
+ type: ../glance-registry.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri}
+
+outputs:
+ role_data:
+ description: Role data for the Glance role.
+ value:
+ config_settings:
+ map_merge:
+ - get_attr: [GlanceRegistryBase, role_data, config_settings]
+ - glance::registry::manage_service: false
+ glance::registry::enabled: false
+ # No puppet manifests since glance-registry is included in
+ # ::tripleo::profile::pacemaker::glance which is maintained alongside of
+ # pacemaker/glance-api.yaml.
+ step_config:
diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml
index 8fcab15f..db52cae7 100644
--- a/puppet/services/pacemaker/keystone.yaml
+++ b/puppet/services/pacemaker/keystone.yaml
@@ -28,7 +28,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [KeystoneServiceBase, role_data, config_settings]
- #-
- # custom keystone hiera goes here if we need it!?
+ - keystone::manage_service: false
+ keystone::enabled: false
step_config: |
include ::tripleo::profile::pacemaker::keystone
diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml
new file mode 100644
index 00000000..0e972b28
--- /dev/null
+++ b/puppet/services/pacemaker/neutron-dhcp.yaml
@@ -0,0 +1,35 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron DHCP service with Pacemaker configured with Puppet.
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+
+resources:
+
+ NeutronDhcpBase:
+ type: ../neutron-dhcp.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron DHCP role.
+ value:
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronDhcpBase, role_data, config_settings]
+ - tripleo::profile::pacemaker::neutron::enable_dhcp: True
+ neutron::agents::dhcp::enabled: false
+ neutron::agents::dhcp::manage_service: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::neutron::dhcp
diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml
new file mode 100644
index 00000000..84bff808
--- /dev/null
+++ b/puppet/services/pacemaker/neutron-l3.yaml
@@ -0,0 +1,33 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron L3 service with Pacemaker configured with Puppet.
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+
+resources:
+
+ NeutronL3Base:
+ type: ../neutron-l3.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron L3 role.
+ value:
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronL3Base, role_data, config_settings]
+ - tripleo::profile::pacemaker::neutron::enable_l3: True
+ step_config: |
+ include ::tripleo::profile::pacemaker::neutron::l3
diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml
new file mode 100644
index 00000000..79baf1ea
--- /dev/null
+++ b/puppet/services/pacemaker/neutron-metadata.yaml
@@ -0,0 +1,33 @@
+heat_template_version: 2016-04-08
+
+description: >
+ OpenStack Neutron Metadata service with Pacemaker configured with Puppet.
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+
+resources:
+
+ NeutronMetadataBase:
+ type: ../neutron-metadata.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri}
+
+outputs:
+ role_data:
+ description: Role data for the Neutron Metadata role.
+ value:
+ config_settings:
+ map_merge:
+ - get_attr: [NeutronMetadataBase, role_data, config_settings]
+ - tripleo::profile::pacemaker::neutron::enable_metadata: True
+ step_config: |
+ include ::tripleo::profile::pacemaker::neutron::metadata
diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml
new file mode 100644
index 00000000..613db449
--- /dev/null
+++ b/puppet/services/pacemaker/rabbitmq.yaml
@@ -0,0 +1,32 @@
+heat_template_version: 2016-04-08
+
+description: >
+ RabbitMQ service with Pacemaker configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+
+resources:
+ RabbitMQServiceBase:
+ type: ../rabbitmq.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri}
+
+outputs:
+ role_data:
+ description: Role data for the RabbitMQ pacemaker role.
+ value:
+ config_settings:
+ map_merge:
+ - get_attr: [RabbitMQServiceBase, role_data, config_settings]
+ - rabbitmq::service_manage: false
+ step_config: |
+ include ::tripleo::profile::pacemaker::rabbitmq
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
new file mode 100644
index 00000000..ae5678a3
--- /dev/null
+++ b/puppet/services/rabbitmq.yaml
@@ -0,0 +1,42 @@
+heat_template_version: 2016-04-08
+
+description: >
+ RabbitMQ service configured with Puppet
+
+parameters:
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
+ RabbitUserName:
+ default: guest
+ description: The username for RabbitMQ
+ type: string
+ RabbitPassword:
+ description: The password for RabbitMQ
+ type: string
+ hidden: true
+ RabbitFDLimit:
+ default: 16384
+ description: Configures RabbitMQ FD limit
+ type: string
+ RabbitIPv6:
+ default: false
+ description: Enable IPv6 in RabbitMQ
+ type: boolean
+
+outputs:
+ role_data:
+ description: Role data for the RabbitMQ role.
+ value:
+ config_settings:
+ rabbitmq::file_limit: {get_param: RabbitFDLimit}
+ rabbitmq::default_user: {get_param: RabbitUserName}
+ rabbitmq::default_pass: {get_param: RabbitPassword}
+ rabbit_ipv6: {get_param: RabbitIPv6}
+ step_config: |
+ include ::tripleo::profile::base::rabbitmq
diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml
index eb06b241..b262f947 100644
--- a/puppet/swift-storage-post.yaml
+++ b/puppet/swift-storage-post.yaml
@@ -52,6 +52,10 @@ resources:
group: puppet
options:
enable_debug: {get_param: ConfigDebug}
+ enable_hiera: True
+ enable_facter: False
+ inputs:
+ - name: step
outputs:
- name: result
config:
@@ -65,6 +69,7 @@ resources:
servers: {get_param: servers}
config: {get_resource: StorageRingbuilderPuppetConfig}
input_values:
+ step: 3 # Note ringbuilder.pp expects >=3
update_identifier: {get_param: NodeConfigIdentifiers}
# Note, this should come last, so use depends_on to ensure
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index ea226263..296428db 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -256,6 +256,7 @@ resources:
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- common
+ merge_behavior: deeper
datafiles:
common:
raw_data: {get_file: hieradata/common.yaml}