diff options
Diffstat (limited to 'puppet')
28 files changed, 811 insertions, 709 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 90eb1b09..b065ddd2 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -67,6 +67,12 @@ parameters: description: > Setting to a previously unused value during stack-update will trigger package update on all nodes + StackAction: + type: string + description: > + Heat action on performed top-level stack. + constraints: + - allowed_values: ['CREATE', 'UPDATE'] resources: @@ -303,6 +309,7 @@ resources: deploy_identifier: {get_param: DeployIdentifier} update_identifier: {get_param: UpdateIdentifier} + stack_action: {get_param: StackAction} outputs: config_id: diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index 6c6be473..fd161886 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -94,7 +94,7 @@ resources: cap_mon: 'allow profile bootstrap-osd' }, client.CLIENT_USER: { - secret: 'ADMIN_KEY', + secret: 'CLIENT_KEY', mode: '0644', cap_mon: 'allow r', cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' @@ -102,6 +102,7 @@ resources: }" params: CLIENT_USER: {get_param: CephClientUserName} + CLIENT_KEY: {get_param: ceph_client_key} ADMIN_KEY: {get_param: ceph_admin_key} NOVA_POOL: {get_param: NovaRbdPoolName} CINDER_POOL: {get_param: CinderRbdPoolName} diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index f26d07f7..f0eb71e4 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -256,6 +256,7 @@ resources: - ceph - '"%{::osfamily}"' - common + merge_behavior: deeper datafiles: common: raw_data: {get_file: hieradata/common.yaml} diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index 5b61e0b6..c1a04e24 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -316,6 +316,7 @@ resources: - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - common + merge_behavior: deeper datafiles: common: raw_data: {get_file: hieradata/common.yaml} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 6759d3b9..4c18067a 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -486,6 +486,7 @@ resources: - nova_nuage_data # Optionally provided by ComputeExtraConfigPre - midonet_data # Optionally provided by AllNodesExtraConfig - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre + merge_behavior: deeper datafiles: compute_extraconfig: mapped_data: {get_param: NovaComputeExtraConfig} diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml index 80b08a06..705e4b90 100644 --- a/puppet/controller-post.yaml +++ b/puppet/controller-post.yaml @@ -102,31 +102,9 @@ resources: step: 5 update_identifier: {get_param: NodeConfigIdentifiers} - ControllerOvercloudServicesDeployment_Step6: - type: OS::Heat::StructuredDeployments - depends_on: ControllerOvercloudServicesDeployment_Step5 - properties: - name: ControllerOvercloudServicesDeployment_Step6 - servers: {get_param: servers} - config: {get_resource: ControllerPuppetConfig} - input_values: - step: 6 - update_identifier: {get_param: NodeConfigIdentifiers} - - ControllerOvercloudServicesDeployment_Step7: - type: OS::Heat::StructuredDeployments - depends_on: ControllerOvercloudServicesDeployment_Step6 - properties: - name: ControllerOvercloudServicesDeployment_Step7 - servers: {get_param: servers} - config: {get_resource: ControllerPuppetConfig} - input_values: - step: 7 - update_identifier: {get_param: NodeConfigIdentifiers} - ControllerPostPuppet: type: OS::TripleO::Tasks::ControllerPostPuppet - depends_on: ControllerOvercloudServicesDeployment_Step7 + depends_on: ControllerOvercloudServicesDeployment_Step5 properties: servers: {get_param: servers} input_values: diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 56eb8b96..05556ffb 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: 2016-04-08 description: > OpenStack controller node configured by Puppet. @@ -97,6 +97,11 @@ parameters: default: 0 description: Number of workers for Cinder service. type: number + controllerExtraConfig: + default: {} + description: | + Deprecated. Use ControllerExtraConfig via parameter_defaults instead. + type: json ControllerExtraConfig: default: {} description: | @@ -186,49 +191,6 @@ parameters: type: string constraints: - custom_constraint: nova.flavor - GlanceNotifierStrategy: - description: Strategy to use for Glance notification queue - type: string - default: noop - GlanceLogFile: - description: The filepath of the file to use for logging messages from Glance. - type: string - default: '' - GlancePassword: - description: The password for the glance service and db account, used by the glance services. - type: string - hidden: true - GlanceBackend: - default: swift - description: The short name of the Glance backend to use. Should be one - of swift, rbd, or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] - GlanceFilePcmkDevice: - default: '' - description: > - An exported storage device that should be mounted by Pacemaker - as Glance storage. Effective when GlanceFilePcmkManage is true. - type: string - GlanceFilePcmkFstype: - default: 'nfs' - description: > - Filesystem type for Pacemaker mount used as Glance storage. - Effective when GlanceFilePcmkManage is true. - type: string - GlanceFilePcmkManage: - default: false - description: > - Whether to make Glance file backend a mount managed by Pacemaker. - Effective when GlanceBackend is 'file'. - type: boolean - GlanceFilePcmkOptions: - default: '' - description: > - Mount options for Pacemaker mount used as Glance storage. - Effective when GlanceFilePcmkManage is true. - type: string GnocchiBackend: default: file description: The short name of the Gnocchi backend to use. Should be one @@ -258,10 +220,6 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string - GlanceWorkers: - default: 0 - description: Number of workers for Glance service. - type: number HeatPassword: description: The password for the Heat service and db account, used by the Heat services. type: string @@ -356,10 +314,6 @@ parameters: type: string hidden: true default: '' # Has to be here because of the ignored empty value bug - NeutronExternalNetworkBridge: - description: Name of bridge used for external network traffic. - type: string - default: 'br-ex' NeutronBridgeMappings: description: > The OVS logical->physical bridge mappings to use. See the Neutron @@ -370,22 +324,6 @@ parameters: scripts or be sure to keep 'datacentre' as a mapping network name. type: comma_delimited_list default: "datacentre:br-ex" - NeutronDnsmasqOptions: - default: 'dhcp-option-force=26,1400' - description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. - type: string - NeutronEnableDHCPAgent: - description: Knob to enable/disable DHCP Agent - type: boolean - default: true - NeutronEnableL3Agent: - description: Knob to enable/disable L3 agent - type: boolean - default: true - NeutronEnableMetadataAgent: - description: Knob to enable/disable Metadata agent - type: boolean - default: true NeutronEnableOVSAgent: description: Knob to enable/disable OVS Agent type: boolean @@ -398,10 +336,6 @@ parameters: default: 'False' description: Whether to enable l3-agent HA type: string - NeutronDhcpAgentsPerNetwork: - type: number - default: 3 - description: The number of neutron dhcp agents to schedule per network NeutronDVR: default: 'False' description: Whether to configure Neutron Distributed Virtual Routers @@ -436,10 +370,6 @@ parameters: default: 'True' description: Allow automatic l3-agent failover type: string - NeutronEnableIsolatedMetadata: - default: 'False' - description: If True, DHCP provide metadata route to VM. - type: string NeutronEnableTunnelling: type: string default: "True" @@ -604,14 +534,6 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number - RabbitFDLimit: - default: 16384 - description: Configures RabbitMQ FD limit - type: string - RabbitIPv6: - default: false - description: Enable IPv6 in RabbitMQ - type: boolean RedisPassword: type: string description: The password to access the Redis service @@ -685,12 +607,6 @@ parameters: HeatApiVirtualIPUri: type: string default: '' - GlanceApiVirtualIP: - type: string - default: '' - GlanceRegistryVirtualIP: - type: string - default: '' MysqlVirtualIP: type: string default: '' @@ -762,6 +678,12 @@ parameters: type: json default: {} +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - controllerExtraConfig + resources: Controller: @@ -922,14 +844,12 @@ resources: bootstack_nodeid: {get_attr: [Controller, name]} ceilometer_workers: {get_param: CeilometerWorkers} cinder_workers: {get_param: CinderWorkers} - glance_workers: {get_param: GlanceWorkers} heat_workers: {get_param: HeatWorkers} nova_workers: {get_param: NovaWorkers} neutron_workers: {get_param: NeutronWorkers} swift_workers: {get_param: SwiftWorkers} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} - neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} haproxy_log_address: {get_param: HAProxySyslogAddress} haproxy_stats_password: {get_param: HAProxyStatsPassword} haproxy_stats_user: {get_param: HAProxyStatsUser} @@ -951,6 +871,9 @@ resources: - - 'http://' - {get_param: HeatApiVirtualIPUri} - ':8000/v1/waitcondition' + heat_public_url: {get_param: [EndpointMap, HeatPublic, uri]} + heat_internal_url: {get_param: [EndpointMap, HeatInternal, uri]} + heat_admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} heat_enable_db_purge: {get_param: HeatEnableDBPurge} horizon_allowed_hosts: {get_param: HorizonAllowedHosts} @@ -980,23 +903,12 @@ resources: - '@' - {get_param: MysqlVirtualIPUri} - '/cinder' - glance_port: {get_param: [EndpointMap, GlanceInternal, port]} - glance_password: {get_param: GlancePassword} - glance_backend: {get_param: GlanceBackend} - glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice} - glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} - glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} - glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} - glance_notifier_strategy: {get_param: GlanceNotifierStrategy} - glance_log_file: {get_param: GlanceLogFile} - glance_dsn: - list_join: - - '' - - - 'mysql+pymysql://glance:' - - {get_param: GlancePassword} - - '@' - - {get_param: MysqlVirtualIPUri} - - '/glance' + cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]} + cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]} + cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} + cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} + cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} + cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} heat_password: {get_param: HeatPassword} heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} heat_dsn: @@ -1044,9 +956,6 @@ resources: template: DRIVERS params: DRIVERS: {get_param: NeutronTypeDrivers} - neutron_enable_dhcp_agent: {get_param: NeutronEnableDHCPAgent} - neutron_enable_l3_agent: {get_param: NeutronEnableL3Agent} - neutron_enable_metadata_agent: {get_param: NeutronEnableMetadataAgent} neutron_enable_ovs_agent: {get_param: NeutronEnableOVSAgent} neutron_mechanism_drivers: str_replace: @@ -1055,7 +964,6 @@ resources: MECHANISMS: {get_param: NeutronMechanismDrivers} neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron_l3_ha: {get_param: NeutronL3HA} - neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} neutron_network_vlan_ranges: str_replace: template: RANGES @@ -1066,7 +974,6 @@ resources: template: MAPPINGS params: MAPPINGS: {get_param: NeutronBridgeMappings} - neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge} neutron_public_interface: {get_param: NeutronPublicInterface} neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute} @@ -1103,7 +1010,6 @@ resources: AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} neutron_password: {get_param: NeutronPassword} neutron_tenant_mtu: {get_param: NeutronTenantMtu} - neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions} neutron_dsn: list_join: - '' @@ -1122,6 +1028,9 @@ resources: ceilometer_password: {get_param: CeilometerPassword} ceilometer_store_events: {get_param: CeilometerStoreEvents} aodh_password: {get_param: AodhPassword} + aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] } + aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] } + aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] } ceilometer_meter_dispatcher: {get_param: CeilometerMeterDispatcher} gnocchi_password: {get_param: GnocchiPassword} gnocchi_backend: {get_param: GnocchiBackend} @@ -1151,6 +1060,11 @@ resources: - {get_param: MysqlVirtualIPUri} - '/gnocchi' gnocchi_internal_url: {get_param: [EndpointMap, GnocchiInternal, uri]} + gnocchi_public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] } + gnocchi_admin_url: { get_param: [ EndpointMap, GnocchiAdmin, uri ] } + ceilometer_public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} + ceilometer_internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} + ceilometer_admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} nova_enable_db_purge: {get_param: NovaEnableDBPurge} @@ -1176,6 +1090,9 @@ resources: - '/nova_api' upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute} instance_name_template: {get_param: InstanceNameTemplate} + nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]} + nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]} + nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} rabbit_username: {get_param: RabbitUserName} @@ -1183,8 +1100,6 @@ resources: rabbit_cookie: {get_param: RabbitCookie} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - rabbit_ipv6: {get_param: RabbitIPv6} - rabbit_fd_limit: {get_param: RabbitFDLimit} mongodb_no_journal: {get_param: MongoDbNoJournal} mongodb_ipv6: {get_param: MongoDbIPv6} ntp_servers: {get_param: NtpServer} @@ -1198,9 +1113,18 @@ resources: swift_replicas: {get_param: SwiftReplicas} swift_min_part_hours: {get_param: SwiftMinPartHours} swift_mount_check: {get_param: SwiftMountCheck} + swift_public_url: {get_param: [EndpointMap, SwiftPublic, uri]} + swift_internal_url: {get_param: [EndpointMap, SwiftInternal, uri]} + swift_admin_url: {get_param: [EndpointMap, SwiftAdmin, uri]} + swift_public_url_s3: {get_param: [EndpointMap, SwiftS3Public, uri]} + swift_internal_url_s3: {get_param: [EndpointMap, SwiftS3Internal, uri]} + swift_admin_url_s3: {get_param: [EndpointMap, SwiftS3Admin, uri]} enable_package_install: {get_param: EnablePackageInstall} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} sahara_password: {get_param: SaharaPassword} + sahara_public_url: {get_param: [EndpointMap, SaharaPublic, uri]} + sahara_internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} + sahara_admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} sahara_dsn: list_join: - '' @@ -1220,7 +1144,6 @@ resources: glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]} - glance_registry_host: {get_param: GlanceRegistryVirtualIP} heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} @@ -1234,6 +1157,11 @@ resources: nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} + horizon_subnet: + str_replace: + template: "['SUBNET']" + params: + SUBNET: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} redis_password: {get_param: RedisPassword} @@ -1280,11 +1208,15 @@ resources: - midonet_data #Optionally provided by AllNodesExtraConfig - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre - neutron_plumgrid_data # Optionally provided by ControllerExtraConfigPre + merge_behavior: deeper datafiles: service_configs: mapped_data: {get_param: ServiceConfigSettings} controller_extraconfig: - mapped_data: {get_param: ControllerExtraConfig} + mapped_data: + map_merge: + - {get_param: controllerExtraConfig} + - {get_param: ControllerExtraConfig} extraconfig: mapped_data: {get_param: ExtraConfig} common: @@ -1324,6 +1256,14 @@ resources: tripleo::ringbuilder::replicas: {get_input: swift_replicas} tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} swift_mount_check: {get_input: swift_mount_check} + swift::keystone::auth::public_url: {get_input: swift_public_url } + swift::keystone::auth::internal_url: {get_input: swift_internal_url } + swift::keystone::auth::admin_url: {get_input: swift_admin_url } + swift::keystone::auth::public_url_s3: {get_input: swift_public_url_v3 } + swift::keystone::auth::internal_url_s3: {get_input: swift_internal_url_v3 } + swift::keystone::auth::admin_url_s3: {get_input: swift_admin_url_v3 } + swift::keystone::auth::password: {get_input: swift_password } + swift::keystone::auth::region: {get_input: keystone_region} # Cinder cinder_enable_db_purge: {get_input: cinder_enable_db_purge} @@ -1348,39 +1288,19 @@ resources: cinder::glance::glance_api_servers: {get_input: glance_api_servers} cinder_backend_config: {get_input: CinderBackendConfig} cinder::db::mysql::password: {get_input: cinder_password} + cinder::keystone::auth::public_url: {get_input: cinder_public_url } + cinder::keystone::auth::internal_url: {get_input: cinder_internal_url } + cinder::keystone::auth::admin_url: {get_input: cinder_admin_url } + cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 } + cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 } + cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 } + cinder::keystone::auth::password: {get_input: cinder_password } + cinder::keystone::auth::region: {get_input: keystone_region} # Glance - glance::api::bind_port: {get_input: glance_port} glance::api::bind_host: {get_input: glance_api_network} - glance::api::auth_uri: {get_input: keystone_auth_uri} - glance::api::identity_uri: {get_input: keystone_identity_uri} - glance::api::registry_host: {get_input: glance_registry_host} - glance::api::keystone_password: {get_input: glance_password} - glance::api::debug: {get_input: debug} - glance::api::workers: {get_input: glance_workers} - glance_notifier_strategy: {get_input: glance_notifier_strategy} - glance_log_file: {get_input: glance_log_file} - glance_log_file: {get_input: glance_log_file} - glance::api::database_connection: {get_input: glance_dsn} - glance::registry::keystone_password: {get_input: glance_password} - glance::registry::database_connection: {get_input: glance_dsn} glance::registry::bind_host: {get_input: glance_registry_network} - glance::registry::auth_uri: {get_input: keystone_auth_uri} - glance::registry::identity_uri: {get_input: keystone_identity_uri} - glance::registry::debug: {get_input: debug} - glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_uri} - glance::registry::workers: {get_input: glance_workers} - glance::backend::swift::swift_store_user: service:glance - glance::backend::swift::swift_store_key: {get_input: glance_password} - glance_backend: {get_input: glance_backend} - glance::db::mysql::password: {get_input: glance_password} - glance_file_pcmk_device: {get_input: glance_file_pcmk_device} - glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype} - glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage} - glance_file_pcmk_options: {get_input: glance_file_pcmk_options} - glance::notify::rabbitmq::rabbit_userid: {get_input: rabbit_username} - glance::notify::rabbitmq::rabbit_password: {get_input: rabbit_password} - glance::notify::rabbitmq::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + glance::keystone::auth::region: {get_input: keystone_region} # Heat heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} @@ -1402,11 +1322,18 @@ resources: heat::api_cloudwatch::workers: {get_input: heat_workers} heat::api_cfn::bind_host: {get_input: heat_api_network} heat::api_cfn::workers: {get_input: heat_workers} + heat::engine::num_engine_workers: {get_input: heat_workers} heat::database_connection: {get_input: heat_dsn} heat::debug: {get_input: debug} heat::db::mysql::password: {get_input: heat_password} heat_enable_db_purge: {get_input: heat_enable_db_purge} heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password} + heat::keystone::auth::public_url: {get_input: heat_public_url } + heat::keystone::auth::internal_url: {get_input: heat_internal_url } + heat::keystone::auth::admin_url: {get_input: heat_admin_url } + heat::keystone::auth::password: {get_input: heat_password } + heat::keystone::auth::region: {get_input: keystone_region} + # Keystone keystone::admin_bind_host: {get_input: keystone_admin_api_network} keystone::public_bind_host: {get_input: keystone_public_api_network} @@ -1430,39 +1357,26 @@ resources: # Neutron neutron::bind_host: {get_input: neutron_api_network} - neutron::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_user: {get_input: rabbit_username} - neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - neutron::rabbit_port: {get_input: rabbit_client_port} - neutron::debug: {get_input: debug} neutron::server::auth_uri: {get_input: keystone_auth_uri} neutron::server::identity_uri: {get_input: keystone_identity_uri} neutron::server::database_connection: {get_input: neutron_dsn} neutron::server::api_workers: {get_input: neutron_workers} - neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge} neutron::network_device_mtu: {get_input: neutron_tenant_mtu} neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} - neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} neutron::plugins::ml2::flat_networks: {get_input: neutron_flat_networks} - neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret} neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network} - neutron::agents::metadata::metadata_workers: {get_input: neutron_workers} neutron_agent_mode: {get_input: neutron_agent_mode} neutron_router_distributed: {get_input: neutron_router_distributed} neutron::core_plugin: {get_input: neutron_core_plugin} neutron::service_plugins: {get_input: neutron_service_plugins} - neutron::enable_dhcp_agent: {get_input: neutron_enable_dhcp_agent} - neutron::enable_l3_agent: {get_input: neutron_enable_l3_agent} - neutron::enable_metadata_agent: {get_input: neutron_enable_metadata_agent} neutron::enable_ovs_agent: {get_input: neutron_enable_ovs_agent} neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers} neutron::plugins::ml2::mechanism_drivers: {get_input: neutron_mechanism_drivers} neutron::plugins::ml2::extension_drivers: {get_input: neutron_plugin_extensions} neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} neutron::server::l3_ha: {get_input: neutron_l3_ha} - neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network} neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} @@ -1475,10 +1389,7 @@ resources: neutron::agents::ml2::ovs::tunnel_types: {get_input: neutron_tunnel_types} neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions} neutron::server::auth_password: {get_input: neutron_password} - neutron::agents::metadata::auth_password: {get_input: neutron_password} - neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options} neutron_dsn: {get_input: neutron_dsn} - neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri} neutron::db::mysql::password: {get_input: neutron_password} neutron::keystone::auth::public_url: {get_input: neutron_public_url } neutron::keystone::auth::internal_url: {get_input: neutron_internal_url } @@ -1514,6 +1425,11 @@ resources: ceilometer::dispatcher::gnocchi::filter_project: 'service' ceilometer::dispatcher::gnocchi::archive_policy: 'low' ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' + ceilometer::keystone::auth::public_url: {get_input: ceilometer_public_url } + ceilometer::keystone::auth::internal_url: {get_input: ceilometer_internal_url } + ceilometer::keystone::auth::admin_url: {get_input: ceilometer_admin_url } + ceilometer::keystone::auth::password: {get_input: ceilometer_password } + ceilometer::keystone::auth::region: {get_input: keystone_region} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} @@ -1534,6 +1450,11 @@ resources: aodh::db::mysql::password: {get_input: aodh_password} # for a migration path from ceilometer-alarm to aodh, we use the same database & coordination aodh::evaluator::coordination_url: {get_input: ceilometer_coordination_url} + aodh::keystone::auth::public_url: {get_input: aodh_public_url } + aodh::keystone::auth::internal_url: {get_input: aodh_internal_url } + aodh::keystone::auth::admin_url: {get_input: aodh_admin_url } + aodh::keystone::auth::password: {get_input: aodh_password } + aodh::keystone::auth::region: {get_input: keystone_region} # Gnocchi gnocchi_backend: {get_input: gnocchi_backend} @@ -1550,6 +1471,11 @@ resources: gnocchi::db::mysql::password: {get_input: gnocchi_password} gnocchi::storage::swift::swift_authurl: {get_input: keystone_auth_uri} gnocchi::storage::swift::swift_key: {get_input: gnocchi_password} + gnocchi::keystone::auth::public_url: {get_input: gnocchi_public_url } + gnocchi::keystone::auth::internal_url: {get_input: gnocchi_internal_url } + gnocchi::keystone::auth::admin_url: {get_input: gnocchi_admin_url } + gnocchi::keystone::auth::password: {get_input: gnocchi_password } + gnocchi::keystone::auth::region: {get_input: keystone_region} # Nova nova::rabbit_userid: {get_input: rabbit_username} @@ -1565,7 +1491,6 @@ resources: nova::api::metadata_listen: {get_input: nova_metadata_network} nova::api::admin_password: {get_input: nova_password} nova::api::osapi_compute_workers: {get_input: nova_workers} - nova::api::ec2_workers: {get_input: nova_workers} nova::api::metadata_workers: {get_input: nova_workers} nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu} nova::database_connection: {get_input: nova_dsn} @@ -1580,8 +1505,14 @@ resources: nova::db::mysql::password: {get_input: nova_password} nova::db::mysql_api::password: {get_input: nova_password} nova_enable_db_purge: {get_input: nova_enable_db_purge} + nova::keystone::auth::public_url: {get_input: nova_public_url} + nova::keystone::auth::internal_url: {get_input: nova_internal_url} + nova::keystone::auth::admin_url: {get_input: nova_admin_url} + nova::keystone::auth::password: {get_input: nova_password } + nova::keystone::auth::region: {get_input: keystone_region} # Horizon + apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet} apache::ip: {get_input: horizon_network} horizon::allowed_hosts: {get_input: horizon_allowed_hosts} horizon::django_debug: {get_input: debug} @@ -1611,14 +1542,14 @@ resources: sahara::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} sahara::rabbit_port: {get_input: rabbit_client_port} sahara::db::mysql::password: {get_input: sahara_password} - - # Rabbit + sahara::keystone::auth::public_url: {get_input: sahara_public_url } + sahara::keystone::auth::internal_url: {get_input: sahara_internal_url } + sahara::keystone::auth::admin_url: {get_input: sahara_admin_url } + sahara::keystone::auth::password: {get_input: sahara_password } + sahara::keystone::auth::region: {get_input: keystone_region} + # RabbitMQ rabbitmq::node_ip_address: {get_input: rabbitmq_network} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} - rabbitmq::file_limit: {get_input: rabbit_fd_limit} - rabbitmq::default_user: {get_input: rabbit_username} - rabbitmq::default_pass: {get_input: rabbit_password} - rabbit_ipv6: {get_input: rabbit_ipv6} # Redis redis::bind: {get_input: redis_network} redis::requirepass: {get_input: redis_password} diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index 77b11378..e281ef51 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -63,6 +63,14 @@ resources: openssl rsa -noout -modulus -in ${cert_path} \ | openssl md5 | cut -c 10- \ > ${heat_outputs_path}.key_modulus + # We need to reload haproxy in case the certificate changed because + # puppet doesn't know the contents of the cert file. The pacemaker + # case is handled separately in a pacemaker-specific resource. + pacemaker_status=$(systemctl is-active pacemaker) + haproxy_status=$(systemctl is-active haproxy) + if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then + systemctl reload haproxy + fi ControllerTLSDeployment: type: OS::Heat::SoftwareDeployment diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 865210c9..1e888f39 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -11,6 +11,8 @@ nova::compute::libvirt::migration_support: true nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" +nova::network::neutron::neutron_auth_type: 'v3password' + # Changing the default from 512MB. The current templates can not deploy # overclouds with swap. On an idle compute node, we see ~1024MB of RAM # used. 2048 is suggested to account for other possible operations for diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 79db9418..7a446b50 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -50,13 +50,22 @@ glance::registry::keystone_tenant: 'service' neutron::server::auth_tenant: 'service' neutron::agents::metadata::auth_tenant: 'service' neutron::agents::l3::router_delete_namespaces: True -neutron::agents::dhcp::dhcp_delete_namespaces: True cinder::api::keystone_tenant: 'service' swift::proxy::authtoken::admin_tenant_name: 'service' ceilometer::api::keystone_tenant: 'service' gnocchi::api::keystone_tenant: 'service' heat::keystone_tenant: 'service' sahara::admin_tenant_name: 'service' +aodh::keystone::auth::tenant: 'service' +ceilometer::keystone::auth::tenant: 'service' +cinder::keystone::auth::tenant: 'service' +glance::keystone::auth::tenant: 'service' +gnocchi::keystone::auth::tenant: 'service' +heat::keystone::auth::tenant: 'service' +neutron::keystone::auth::tenant: 'service' +nova::keystone::auth::tenant: 'service' +sahara::keystone::auth::tenant: 'service' +swift::keystone::auth::tenant: 'service' # keystone keystone::cron::token_flush::maxdelay: 3600 @@ -86,6 +95,10 @@ swift::proxy::pipeline: - 'proxy-server' swift::proxy::account_autocreate: true +swift::keystone::auth::configure_s3_endpoint: false +swift::keystone::auth::operator_roles: + - admin + - swiftoperator # glance glance::api::pipeline: 'keystone' @@ -96,7 +109,6 @@ glance_file_pcmk_directory: '/var/lib/glance/images' # neutron neutron::server::sync_db: true -neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf # nova nova::notify_on_state_change: 'vm_and_task_state' @@ -141,6 +153,7 @@ horizon::django_session_engine: 'django.contrib.sessions.backends.cache' horizon::vhost_extra_params: add_listen: false priority: 10 + access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' # mysql mysql::server::manage_config_file: true @@ -152,7 +165,6 @@ tripleo::loadbalancer::neutron: true tripleo::loadbalancer::cinder: true tripleo::loadbalancer::glance_api: true tripleo::loadbalancer::glance_registry: true -tripleo::loadbalancer::nova_ec2: true tripleo::loadbalancer::nova_osapi: true tripleo::loadbalancer::nova_metadata: true tripleo::loadbalancer::nova_novncproxy: true diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 779e7f21..6c2716a0 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -113,8 +113,6 @@ if hiera('step') >= 2 { # FIXME: this should only occur on the bootstrap host (ditto for db syncs) # Create all the database schemas - include ::keystone::db::mysql - include ::glance::db::mysql include ::nova::db::mysql include ::nova::db::mysql_api include ::neutron::db::mysql @@ -129,36 +127,6 @@ if hiera('step') >= 2 { include ::aodh::db::mysql } - $rabbit_nodes = hiera('rabbit_node_ips') - if count($rabbit_nodes) > 1 { - - $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false)) - if $rabbit_ipv6 { - $rabbit_env = merge(hiera('rabbitmq_environment'), { - 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"' - }) - } else { - $rabbit_env = hiera('rabbitmq_environment') - } - - class { '::rabbitmq': - config_cluster => true, - cluster_nodes => $rabbit_nodes, - tcp_keepalive => false, - config_kernel_variables => hiera('rabbitmq_kernel_variables'), - config_variables => hiera('rabbitmq_config_variables'), - environment_variables => $rabbit_env, - } - rabbitmq_policy { 'ha-all@/': - pattern => '^(?!amq\.).*', - definition => { - 'ha-mode' => 'all', - }, - } - } else { - include ::rabbitmq - } - # pre-install swift here so we can build rings include ::swift @@ -215,26 +183,6 @@ if hiera('step') >= 2 { if hiera('step') >= 4 { - $glance_backend = downcase(hiera('glance_backend', 'swift')) - case $glance_backend { - 'swift': { $backend_store = 'glance.store.swift.Store' } - 'file': { $backend_store = 'glance.store.filesystem.Store' } - 'rbd': { $backend_store = 'glance.store.rbd.Store' } - default: { fail('Unrecognized glance_backend parameter.') } - } - $http_store = ['glance.store.http.Store'] - $glance_store = concat($http_store, $backend_store) - - # TODO: scrubber and other additional optional features - include ::glance - include ::glance::config - class { '::glance::api': - known_stores => $glance_store, - } - include ::glance::registry - include ::glance::notify::rabbitmq - include join(['::glance::backend::', $glance_backend]) - $nova_ipv6 = hiera('nova::use_ipv6', false) if $nova_ipv6 { $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') @@ -327,17 +275,6 @@ if hiera('step') >= 4 { metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'), } } else { - include ::neutron::agents::l3 - include ::neutron::agents::dhcp - include ::neutron::agents::metadata - - file { '/etc/neutron/dnsmasq-neutron.conf': - content => hiera('neutron_dnsmasq_options'), - owner => 'neutron', - group => 'neutron', - notify => Service['neutron-dhcp-service'], - require => Package['neutron'], - } # If the value of core plugin is set to 'midonet', # skip all the ML2 configuration @@ -380,17 +317,9 @@ if hiera('step') >= 4 { include ::neutron::plugins::ml2::bigswitch::restproxy include ::neutron::agents::bigswitch } - neutron_l3_agent_config { - 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); - } - neutron_dhcp_agent_config { - 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); - } Service['neutron-server'] -> Service['neutron-ovs-agent-service'] } - Service['neutron-server'] -> Service['neutron-dhcp-service'] - Service['neutron-server'] -> Service['neutron-l3'] Service['neutron-server'] -> Service['neutron-metadata'] } @@ -435,6 +364,7 @@ if hiera('step') >= 4 { $cinder_rbd_backend = 'tripleo_ceph' cinder::backend::rbd { $cinder_rbd_backend : + backend_host => hiera('cinder::host'), rbd_pool => hiera('cinder_rbd_pool_name'), rbd_user => hiera('ceph_client_user_name'), rbd_secret_uuid => hiera('ceph::profile::params::fsid'), @@ -618,6 +548,7 @@ if hiera('step') >= 4 { include ::sahara::service::engine # Horizon + include ::apache::mod::remoteip if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { $_profile_support = 'cisco' } else { diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index f5d4cf9c..5c6e15ad 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -23,10 +23,8 @@ Service <| tag == 'aodh-service' or tag == 'cinder-service' or tag == 'ceilometer-service' or - tag == 'glance-service' or tag == 'gnocchi-service' or tag == 'heat-service' or - tag == 'keystone-service' or tag == 'neutron-service' or tag == 'nova-service' or tag == 'sahara-service' @@ -48,7 +46,7 @@ if $::hostname == downcase(hiera('bootstrap_nodeid')) { $sync_db = false } -$enable_fencing = str2bool(hiera('enable_fencing', false)) and hiera('step') >= 6 +$enable_fencing = str2bool(hiera('enable_fencing', false)) and hiera('step') >= 5 $enable_load_balancer = hiera('enable_load_balancer', true) # When to start and enable services which haven't been Pacemakerized @@ -101,6 +99,10 @@ if hiera('step') >= 1 { if $enable_fencing { include ::tripleo::fencing + # enable stonith after all Pacemaker resources have been created + Pcmk_resource<||> -> Class['tripleo::fencing'] + Pcmk_constraint<||> -> Class['tripleo::fencing'] + Exec <| tag == 'pacemaker_constraint' |> -> Class['tripleo::fencing'] # enable stonith after all fencing devices have been created Class['tripleo::fencing'] -> Class['pacemaker::stonith'] } @@ -112,35 +114,6 @@ if hiera('step') >= 1 { op_params => 'start timeout=200s stop timeout=200s', } - # Only configure RabbitMQ in this step, don't start it yet to - # avoid races where non-master nodes attempt to start without - # config (eg. binding on 0.0.0.0) - # The module ignores erlang_cookie if cluster_config is false - $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false)) - if $rabbit_ipv6 { - $rabbit_env = merge(hiera('rabbitmq_environment'), { - 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"' - }) - } else { - $rabbit_env = hiera('rabbitmq_environment') - } - - class { '::rabbitmq': - service_manage => false, - tcp_keepalive => false, - config_kernel_variables => hiera('rabbitmq_kernel_variables'), - config_variables => hiera('rabbitmq_config_variables'), - environment_variables => $rabbit_env, - } -> - file { '/var/lib/rabbitmq/.erlang.cookie': - ensure => file, - owner => 'rabbitmq', - group => 'rabbitmq', - mode => '0400', - content => hiera('rabbitmq::erlang_cookie'), - replace => true, - } - if downcase(hiera('ceilometer_backend')) == 'mongodb' { include ::mongodb::globals include ::mongodb::client @@ -255,183 +228,46 @@ if hiera('step') >= 2 { } $control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip') - if is_ipv6_address($control_vip) { - $control_vip_netmask = '64' - } else { - $control_vip_netmask = '32' - } - pacemaker::resource::ip { 'control_vip': - ip_address => $control_vip, - cidr_netmask => $control_vip_netmask, - } - pacemaker::constraint::base { 'control_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${control_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['control_vip']], - } - pacemaker::constraint::colocation { 'control_vip-with-haproxy': - source => "ip-${control_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['control_vip']], + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_control_vip': + vip_name => 'control', + ip_address => $control_vip, } $public_vip = hiera('tripleo::loadbalancer::public_virtual_ip') - if is_ipv6_address($public_vip) { - $public_vip_netmask = '64' - } else { - $public_vip_netmask = '32' - } - if $public_vip and $public_vip != $control_vip { - pacemaker::resource::ip { 'public_vip': - ip_address => $public_vip, - cidr_netmask => $public_vip_netmask, - } - pacemaker::constraint::base { 'public_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${public_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['public_vip']], - } - pacemaker::constraint::colocation { 'public_vip-with-haproxy': - source => "ip-${public_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['public_vip']], - } + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_public_vip': + ensure => $public_vip and $public_vip != $control_vip, + vip_name => 'public', + ip_address => $public_vip, } $redis_vip = hiera('redis_vip') - if is_ipv6_address($redis_vip) { - $redis_vip_netmask = '64' - } else { - $redis_vip_netmask = '32' - } - if $redis_vip and $redis_vip != $control_vip { - pacemaker::resource::ip { 'redis_vip': - ip_address => $redis_vip, - cidr_netmask => $redis_vip_netmask, - } - pacemaker::constraint::base { 'redis_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${redis_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['redis_vip']], - } - pacemaker::constraint::colocation { 'redis_vip-with-haproxy': - source => "ip-${redis_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['redis_vip']], - } + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_redis_vip': + ensure => $redis_vip and $redis_vip != $control_vip, + vip_name => 'redis', + ip_address => $redis_vip, } + $internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip') - if is_ipv6_address($internal_api_vip) { - $internal_api_vip_netmask = '64' - } else { - $internal_api_vip_netmask = '32' - } - if $internal_api_vip and $internal_api_vip != $control_vip { - pacemaker::resource::ip { 'internal_api_vip': - ip_address => $internal_api_vip, - cidr_netmask => $internal_api_vip_netmask, - } - pacemaker::constraint::base { 'internal_api_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${internal_api_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['internal_api_vip']], - } - pacemaker::constraint::colocation { 'internal_api_vip-with-haproxy': - source => "ip-${internal_api_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['internal_api_vip']], - } + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_internal_api_vip': + ensure => $internal_api_vip and $internal_api_vip != $control_vip, + vip_name => 'internal_api', + ip_address => $internal_api_vip, } $storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip') - if is_ipv6_address($storage_vip) { - $storage_vip_netmask = '64' - } else { - $storage_vip_netmask = '32' - } - if $storage_vip and $storage_vip != $control_vip { - pacemaker::resource::ip { 'storage_vip': - ip_address => $storage_vip, - cidr_netmask => $storage_vip_netmask, - } - pacemaker::constraint::base { 'storage_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${storage_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_vip']], - } - pacemaker::constraint::colocation { 'storage_vip-with-haproxy': - source => "ip-${storage_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_vip']], - } + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_vip': + ensure => $storage_vip and $storage_vip != $control_vip, + vip_name => 'storage', + ip_address => $storage_vip, } $storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip') - if is_ipv6_address($storage_mgmt_vip) { - $storage_mgmt_vip_netmask = '64' - } else { - $storage_mgmt_vip_netmask = '32' - } - if $storage_mgmt_vip and $storage_mgmt_vip != $control_vip { - pacemaker::resource::ip { 'storage_mgmt_vip': - ip_address => $storage_mgmt_vip, - cidr_netmask => $storage_mgmt_vip_netmask, - } - pacemaker::constraint::base { 'storage_mgmt_vip-then-haproxy': - constraint_type => 'order', - first_resource => "ip-${storage_mgmt_vip}", - second_resource => 'haproxy-clone', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_mgmt_vip']], - } - pacemaker::constraint::colocation { 'storage_mgmt_vip-with-haproxy': - source => "ip-${storage_mgmt_vip}", - target => 'haproxy-clone', - score => 'INFINITY', - require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Ip['storage_mgmt_vip']], - } + tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_mgmt_vip': + ensure => $storage_mgmt_vip and $storage_mgmt_vip != $control_vip, + vip_name => 'storage_mgmt', + ip_address => $storage_mgmt_vip, } - } pacemaker::resource::service { $::memcached::params::service_name : @@ -439,14 +275,6 @@ if hiera('step') >= 2 { require => Class['::memcached'], } - pacemaker::resource::ocf { 'rabbitmq': - ocf_agent_name => 'heartbeat:rabbitmq-cluster', - resource_params => 'set_policy=\'ha-all ^(?!amq\.).* {"ha-mode":"all"}\'', - clone_params => 'ordered=true interleave=true', - meta_params => 'notify=true', - require => Class['::rabbitmq'], - } - if downcase(hiera('ceilometer_backend')) == 'mongodb' { pacemaker::resource::service { $::mongodb::params::service_name : op_params => 'start timeout=370s stop timeout=200s', @@ -516,12 +344,6 @@ MYSQL_HOST=localhost\n", # Create all the database schemas if $sync_db { - class { '::keystone::db::mysql': - require => Exec['galera-ready'], - } - class { '::glance::db::mysql': - require => Exec['galera-ready'], - } class { '::nova::db::mysql': require => Exec['galera-ready'], } @@ -610,33 +432,7 @@ MYSQL_HOST=localhost\n", } #END STEP 2 -if hiera('step') >= 4 { - - $glance_backend = downcase(hiera('glance_backend', 'swift')) - case $glance_backend { - 'swift': { $backend_store = 'glance.store.swift.Store' } - 'file': { $backend_store = 'glance.store.filesystem.Store' } - 'rbd': { $backend_store = 'glance.store.rbd.Store' } - default: { fail('Unrecognized glance_backend parameter.') } - } - $http_store = ['glance.store.http.Store'] - $glance_store = concat($http_store, $backend_store) - - # TODO: notifications, scrubber, etc. - include ::glance - include ::glance::config - class { '::glance::api': - known_stores => $glance_store, - manage_service => false, - enabled => false, - } - class { '::glance::registry' : - sync_db => $sync_db, - manage_service => false, - enabled => false, - } - include ::glance::notify::rabbitmq - include join(['::glance::backend::', $glance_backend]) +if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { $nova_ipv6 = hiera('nova::use_ipv6', false) if $nova_ipv6 { @@ -759,31 +555,6 @@ if hiera('step') >= 4 { metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'), } } - if hiera('neutron::enable_dhcp_agent',true) { - class { '::neutron::agents::dhcp' : - manage_service => false, - enabled => false, - } - file { '/etc/neutron/dnsmasq-neutron.conf': - content => hiera('neutron_dnsmasq_options'), - owner => 'neutron', - group => 'neutron', - notify => Service['neutron-dhcp-service'], - require => Package['neutron'], - } - } - if hiera('neutron::enable_l3_agent',true) { - class { '::neutron::agents::l3' : - manage_service => false, - enabled => false, - } - } - if hiera('neutron::enable_metadata_agent',true) { - class { '::neutron::agents::metadata': - manage_service => false, - enabled => false, - } - } include ::neutron::plugins::ml2 class { '::neutron::agents::ml2::ovs': manage_service => false, @@ -815,15 +586,6 @@ if hiera('step') >= 4 { include ::neutron::plugins::ml2::bigswitch::restproxy include ::neutron::agents::bigswitch } - neutron_l3_agent_config { - 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); - } - neutron_dhcp_agent_config { - 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); - } - neutron_config { - 'DEFAULT/notification_driver': value => 'messaging'; - } include ::cinder include ::cinder::config @@ -876,6 +638,7 @@ if hiera('step') >= 4 { $cinder_rbd_backend = 'tripleo_ceph' cinder::backend::rbd { $cinder_rbd_backend : + backend_host => hiera('cinder::host'), rbd_pool => hiera('cinder_rbd_pool_name'), rbd_user => hiera('ceph_client_user_name'), rbd_secret_uuid => hiera('ceph::profile::params::fsid'), @@ -1096,6 +859,7 @@ if hiera('step') >= 4 { service_enable => false, # service_manage => false, # <-- not supported with horizon&apache mod_wsgi? } + include ::apache::mod::remoteip include ::apache::mod::status if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { $_profile_support = 'cisco' @@ -1304,91 +1068,16 @@ if hiera('step') >= 5 { require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name], Pacemaker::Resource::Ocf['openstack-core']], } - - # Glance - if $glance_backend == 'file' and hiera('glance_file_pcmk_manage', false) { - $secontext = 'context="system_u:object_r:glance_var_lib_t:s0"' - pacemaker::resource::filesystem { 'glance-fs': - device => hiera('glance_file_pcmk_device'), - directory => hiera('glance_file_pcmk_directory'), - fstype => hiera('glance_file_pcmk_fstype'), - fsoptions => join([$secontext, hiera('glance_file_pcmk_options', '')],','), - verify_on_create => true, - clone_params => '', - } - } - - pacemaker::resource::service { $::glance::params::registry_service_name : - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'], - } - pacemaker::resource::service { $::glance::params::api_service_name : - clone_params => 'interleave=true', - } - - pacemaker::constraint::base { 'keystone-then-glance-registry-constraint': + pacemaker::constraint::base { 'sahara-api-then-sahara-engine-constraint': constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::glance::params::registry_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } - pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint': - constraint_type => 'order', - first_resource => "${::glance::params::registry_service_name}-clone", - second_resource => "${::glance::params::api_service_name}-clone", + first_resource => "${::sahara::params::api_service_name}-clone", + second_resource => "${::sahara::params::engine_service_name}-clone", first_action => 'start', second_action => 'start', - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Service[$::glance::params::api_service_name]], - } - pacemaker::constraint::colocation { 'glance-api-with-glance-registry-colocation': - source => "${::glance::params::api_service_name}-clone", - target => "${::glance::params::registry_service_name}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Service[$::glance::params::api_service_name]], - } - - if hiera('step') == 5 { - # Neutron - # NOTE(gfidente): Neutron will try to populate the database with some data - # as soon as neutron-server is started; to avoid races we want to make this - # happen only on one node, before normal Pacemaker initialization - # https://bugzilla.redhat.com/show_bug.cgi?id=1233061 - # NOTE(emilien): we need to run this Exec only at Step 4 otherwise this exec - # will try to start the service while it's already started by Pacemaker - # It would result to a deployment failure since systemd would return 1 to Puppet - # and the overcloud would fail to deploy (6 would be returned). - # This conditional prevents from a race condition during the deployment. - # https://bugzilla.redhat.com/show_bug.cgi?id=1290582 - exec { 'neutron-server-systemd-start-sleep' : - command => 'systemctl start neutron-server && /usr/bin/sleep 5', - path => '/usr/bin', - unless => '/sbin/pcs resource show neutron-server', - } -> - pacemaker::resource::service { $::neutron::params::server_service: - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'] - } - } else { - pacemaker::resource::service { $::neutron::params::server_service: - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'] - } - } - if hiera('neutron::enable_l3_agent', true) { - pacemaker::resource::service { $::neutron::params::l3_agent_service: - clone_params => 'interleave=true', - } - } - if hiera('neutron::enable_dhcp_agent', true) { - pacemaker::resource::service { $::neutron::params::dhcp_agent_service: - clone_params => 'interleave=true', - } + require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name], + Pacemaker::Resource::Service[$::sahara::params::engine_service_name]], } + if hiera('neutron::enable_ovs_agent', true) { pacemaker::resource::service { $::neutron::params::ovs_agent_service: clone_params => 'interleave=true', @@ -1399,11 +1088,6 @@ if hiera('step') >= 5 { clone_params => 'interleave=true', } } - if hiera('neutron::enable_metadata_agent', true) { - pacemaker::resource::service { $::neutron::params::metadata_agent_service: - clone_params => 'interleave=true', - } - } if hiera('neutron::enable_ovs_agent', true) { pacemaker::resource::ocf { $::neutron::params::ovs_cleanup_service: ocf_agent_name => 'neutron:OVSCleanup', @@ -1448,81 +1132,6 @@ if hiera('step') >= 5 { Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], } } - pacemaker::constraint::base { 'keystone-to-neutron-server-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::neutron::params::server_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['openstack-core'], - Pacemaker::Resource::Service[$::neutron::params::server_service]], - } - if hiera('neutron::enable_ovs_agent',true) { - pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::ovs_agent_service}-clone", - second_resource => "${::neutron::params::dhcp_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], - Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], - } - } - if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_ovs_agent',true) { - pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::server_service}-clone", - second_resource => "${::neutron::params::ovs_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::server_service], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], - } - - pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation': - source => "${::neutron::params::dhcp_agent_service}-clone", - target => "${::neutron::params::ovs_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], - Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], - } - } - if hiera('neutron::enable_dhcp_agent',true) and hiera('l3_agent_service',true) { - pacemaker::constraint::base { 'neutron-dhcp-agent-to-l3-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::dhcp_agent_service}-clone", - second_resource => "${::neutron::params::l3_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], - Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]] - } - pacemaker::constraint::colocation { 'neutron-dhcp-agent-to-l3-agent-colocation': - source => "${::neutron::params::l3_agent_service}-clone", - target => "${::neutron::params::dhcp_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], - Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]] - } - } - if hiera('neutron::enable_l3_agent',true) and hiera('neutron::enable_metadata_agent',true) { - pacemaker::constraint::base { 'neutron-l3-agent-to-metadata-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::l3_agent_service}-clone", - second_resource => "${::neutron::params::metadata_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], - Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]] - } - pacemaker::constraint::colocation { 'neutron-l3-agent-to-metadata-agent-colocation': - source => "${::neutron::params::metadata_agent_service}-clone", - target => "${::neutron::params::l3_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], - Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]] - } - } if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { #midonet-chain chain keystone-->neutron-server-->dhcp-->metadata->tomcat pacemaker::constraint::base { 'neutron-server-to-dhcp-agent-constraint': @@ -1720,6 +1329,15 @@ if hiera('step') >= 5 { require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], Pacemaker::Resource::Ocf['openstack-core']], } + pacemaker::constraint::base { 'keystone-then-ceilometer-notification-constraint': + constraint_type => 'order', + first_resource => 'openstack-core-clone', + second_resource => "${::ceilometer::params::agent_notification_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], + Pacemaker::Resource::Ocf['openstack-core']], + } pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint': constraint_type => 'order', first_resource => "${::ceilometer::params::agent_central_service_name}-clone", @@ -1803,6 +1421,15 @@ if hiera('step') >= 5 { require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], Pacemaker::Resource::Service[$::aodh::params::notifier_service_name]], } + pacemaker::constraint::base { 'aodh-evaluator-then-aodh-listener-constraint': + constraint_type => 'order', + first_resource => "${::aodh::params::evaluator_service_name}-clone", + second_resource => "${::aodh::params::listener_service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name], + Pacemaker::Resource::Service[$::aodh::params::listener_service_name]], + } pacemaker::constraint::colocation { 'aodh-listener-with-aodh-evaluator-colocation': source => "${::aodh::params::listener_service_name}-clone", target => "${::aodh::params::evaluator_service_name}-clone", @@ -1859,15 +1486,6 @@ if hiera('step') >= 5 { pacemaker::resource::service { $::heat::params::engine_service_name : clone_params => 'interleave=true', } - pacemaker::constraint::base { 'keystone-then-heat-api-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::heat::params::api_service_name}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::heat::params::api_service_name], - Pacemaker::Resource::Ocf['openstack-core']], - } pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint': constraint_type => 'order', first_resource => "${::heat::params::api_service_name}-clone", diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml new file mode 100644 index 00000000..ca50d91d --- /dev/null +++ b/puppet/services/glance-api.yaml @@ -0,0 +1,102 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Glance API service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + GlanceNotifierStrategy: + description: Strategy to use for Glance notification queue + type: string + default: noop + GlanceLogFile: + description: The filepath of the file to use for logging messages from Glance. + type: string + default: '' + GlancePassword: + description: The password for the glance service and db account, used by the glance services. + type: string + hidden: true + GlanceBackend: + default: swift + description: The short name of the Glance backend to use. Should be one + of swift, rbd, or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd'] + GlanceWorkers: + default: 0 + description: Number of workers for Glance service. + type: number + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + +outputs: + role_data: + description: Role data for the Glance API role. + value: + config_settings: + glance_dsn: &glance_dsn + list_join: + - '' + - - 'mysql+pymysql://glance:' + - {get_param: GlancePassword} + - '@' + - {get_param: MysqlVirtualIPUri} + - '/glance' + glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} + glance::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::api::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::api::registry_host: + str_replace: + template: "'REGISTRY_HOST'" + params: + REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]} + glance::api::keystone_password: {get_param: GlancePassword} + glance::api::debug: {get_param: Debug} + glance::api::workers: {get_param: GlanceWorkers} + glance_notifier_strategy: {get_param: GlanceNotifierStrategy} + glance_log_file: {get_param: GlanceLogFile} + glance::api::database_connection: *glance_dsn + glance::backend::swift::swift_store_auth_address: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::backend::swift::swift_store_user: service:glance + glance::backend::swift::swift_store_key: {get_param: GlancePassword} + glance_backend: {get_param: GlanceBackend} + glance::db::mysql::password: {get_param: GlancePassword} + glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName} + glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort} + glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} + glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + glance::keystone::auth::public_url: {get_param: [EndpointMap, GlancePublic, uri]} + glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} + glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} + glance::keystone::auth::password: {get_param: GlancePassword } + step_config: | + include ::tripleo::profile::base::glance::api diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml new file mode 100644 index 00000000..1a1a515a --- /dev/null +++ b/puppet/services/glance-registry.yaml @@ -0,0 +1,48 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Glance Registry service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + GlancePassword: + description: The password for the glance service and db account, used by the glance services. + type: string + hidden: true + GlanceWorkers: + default: 0 + description: Number of workers for Glance service. + type: number + +outputs: + role_data: + description: Role data for the Glance Registry role. + value: + config_settings: + glance_dsn: &glance_dsn + list_join: + - '' + - - 'mysql+pymysql://glance:' + - {get_param: GlancePassword} + - '@' + - {get_param: MysqlVirtualIPUri} + - '/glance' + glance::registry::keystone_password: {get_param: GlancePassword} + glance::registry::database_connection: *glance_dsn + glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::registry::debug: {get_param: Debug} + glance::registry::workers: {get_param: GlanceWorkers} + step_config: | + include ::tripleo::profile::base::glance::registry diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml new file mode 100644 index 00000000..b34bdd22 --- /dev/null +++ b/puppet/services/neutron-base.yaml @@ -0,0 +1,44 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron base service. Shared for all Neutron agents. + +parameters: + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + NeutronDhcpAgentsPerNetwork: + type: number + default: 3 + description: The number of neutron dhcp agents to schedule per network + Debug: + type: string + default: '' + description: Set to True to enable debugging on all services. + +outputs: + role_data: + description: Role data for the Neutron base service. + value: + config_settings: + neutron::rabbit_password: {get_param: RabbitPassword} + neutron::rabbit_user: {get_param: RabbitUserName} + neutron::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + neutron::rabbit_port: {get_param: RabbitClientPort} + neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} + neutron::debug: {get_param: Debug} diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml new file mode 100644 index 00000000..548b4ba0 --- /dev/null +++ b/puppet/services/neutron-dhcp.yaml @@ -0,0 +1,56 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron DHCP agent configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + NeutronEnableIsolatedMetadata: + default: 'False' + description: If True, DHCP provide metadata route to VM. + type: string + NeutronDnsmasqOptions: + default: 'dhcp-option-force=26,%MTU%' + description: > + Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU + to be set to the value of NeutronTenantMtu, which should be set to account + for tunnel overhead. + type: string + NeutronTenantMtu: + description: > + The default MTU for tenant networks. For VXLAN/GRE tunneling, this should + be at least 50 bytes smaller than the MTU on the physical network. This + value will be used to set the MTU on the virtual Ethernet device. + This value will be used to construct the NeutronDnsmasqOptions, since that + will determine the MTU that is assigned to the VM host through DHCP. + default: "1400" + type: string + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for the Neutron DHCP agent service. + value: + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf + tripleo::profile::base::neutron::dhcp: + str_replace: + template: {get_param: NeutronDnsmasqOptions} + params: + '%MTU%': {get_param: NeutronTenantMtu} + neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} + step_config: | + include tripleo::profile::base::neutron::dhcp diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml new file mode 100644 index 00000000..2ea1b19d --- /dev/null +++ b/puppet/services/neutron-l3.yaml @@ -0,0 +1,37 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron L3 agent configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + Debug: + type: string + default: '' + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. + type: string + default: 'br-ex' + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for the Neutron L3 agent service. + value: + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} + step_config: | + include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml new file mode 100644 index 00000000..1fe139f3 --- /dev/null +++ b/puppet/services/neutron-metadata.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Metadata agent configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + NeutronMetadataProxySharedSecret: + description: Shared secret to prevent spoofing + type: string + hidden: true + NeutronWorkers: + default: 0 + description: Number of workers for Neutron service. + type: number + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for the Neutron Metadata agent service. + value: + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret} + neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers} + neutron::agents::metadata::auth_password: {get_param: NeutronPassword} + neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + step_config: | + include tripleo::profile::base::neutron::metadata diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml new file mode 100644 index 00000000..ad964216 --- /dev/null +++ b/puppet/services/pacemaker/glance-api.yaml @@ -0,0 +1,62 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Glance API service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + GlanceFilePcmkDevice: + default: '' + description: > + An exported storage device that should be mounted by Pacemaker + as Glance storage. Effective when GlanceFilePcmkManage is true. + type: string + GlanceFilePcmkFstype: + default: 'nfs' + description: > + Filesystem type for Pacemaker mount used as Glance storage. + Effective when GlanceFilePcmkManage is true. + type: string + GlanceFilePcmkManage: + default: false + description: > + Whether to make Glance file backend a mount managed by Pacemaker. + Effective when GlanceBackend is 'file'. + type: boolean + GlanceFilePcmkOptions: + default: '' + description: > + Mount options for Pacemaker mount used as Glance storage. + Effective when GlanceFilePcmkManage is true. + type: string + +resources: + + GlanceApiBase: + type: ../glance-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Glance role. + value: + config_settings: + map_merge: + - get_attr: [GlanceApiBase, role_data, config_settings] + - glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice} + glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} + glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} + glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} + glance::api::manage_service: false + glance::api::enabled: false + step_config: | + include ::tripleo::profile::pacemaker::glance diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml new file mode 100644 index 00000000..393fbaaf --- /dev/null +++ b/puppet/services/pacemaker/glance-registry.yaml @@ -0,0 +1,36 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Glance Registry service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + + GlanceRegistryBase: + type: ../glance-registry.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Glance role. + value: + config_settings: + map_merge: + - get_attr: [GlanceRegistryBase, role_data, config_settings] + - glance::registry::manage_service: false + glance::registry::enabled: false + # No puppet manifests since glance-registry is included in + # ::tripleo::profile::pacemaker::glance which is maintained alongside of + # pacemaker/glance-api.yaml. + step_config: diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml index 8fcab15f..db52cae7 100644 --- a/puppet/services/pacemaker/keystone.yaml +++ b/puppet/services/pacemaker/keystone.yaml @@ -28,7 +28,7 @@ outputs: config_settings: map_merge: - get_attr: [KeystoneServiceBase, role_data, config_settings] - #- - # custom keystone hiera goes here if we need it!? + - keystone::manage_service: false + keystone::enabled: false step_config: | include ::tripleo::profile::pacemaker::keystone diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml new file mode 100644 index 00000000..0e972b28 --- /dev/null +++ b/puppet/services/pacemaker/neutron-dhcp.yaml @@ -0,0 +1,35 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron DHCP service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + + NeutronDhcpBase: + type: ../neutron-dhcp.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Neutron DHCP role. + value: + config_settings: + map_merge: + - get_attr: [NeutronDhcpBase, role_data, config_settings] + - tripleo::profile::pacemaker::neutron::enable_dhcp: True + neutron::agents::dhcp::enabled: false + neutron::agents::dhcp::manage_service: false + step_config: | + include ::tripleo::profile::pacemaker::neutron::dhcp diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml new file mode 100644 index 00000000..84bff808 --- /dev/null +++ b/puppet/services/pacemaker/neutron-l3.yaml @@ -0,0 +1,33 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron L3 service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + + NeutronL3Base: + type: ../neutron-l3.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Neutron L3 role. + value: + config_settings: + map_merge: + - get_attr: [NeutronL3Base, role_data, config_settings] + - tripleo::profile::pacemaker::neutron::enable_l3: True + step_config: | + include ::tripleo::profile::pacemaker::neutron::l3 diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml new file mode 100644 index 00000000..79baf1ea --- /dev/null +++ b/puppet/services/pacemaker/neutron-metadata.yaml @@ -0,0 +1,33 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Metadata service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + + NeutronMetadataBase: + type: ../neutron-metadata.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Neutron Metadata role. + value: + config_settings: + map_merge: + - get_attr: [NeutronMetadataBase, role_data, config_settings] + - tripleo::profile::pacemaker::neutron::enable_metadata: True + step_config: | + include ::tripleo::profile::pacemaker::neutron::metadata diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml new file mode 100644 index 00000000..613db449 --- /dev/null +++ b/puppet/services/pacemaker/rabbitmq.yaml @@ -0,0 +1,32 @@ +heat_template_version: 2016-04-08 + +description: > + RabbitMQ service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + RabbitMQServiceBase: + type: ../rabbitmq.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the RabbitMQ pacemaker role. + value: + config_settings: + map_merge: + - get_attr: [RabbitMQServiceBase, role_data, config_settings] + - rabbitmq::service_manage: false + step_config: | + include ::tripleo::profile::pacemaker::rabbitmq diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml new file mode 100644 index 00000000..ae5678a3 --- /dev/null +++ b/puppet/services/rabbitmq.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2016-04-08 + +description: > + RabbitMQ service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitFDLimit: + default: 16384 + description: Configures RabbitMQ FD limit + type: string + RabbitIPv6: + default: false + description: Enable IPv6 in RabbitMQ + type: boolean + +outputs: + role_data: + description: Role data for the RabbitMQ role. + value: + config_settings: + rabbitmq::file_limit: {get_param: RabbitFDLimit} + rabbitmq::default_user: {get_param: RabbitUserName} + rabbitmq::default_pass: {get_param: RabbitPassword} + rabbit_ipv6: {get_param: RabbitIPv6} + step_config: | + include ::tripleo::profile::base::rabbitmq diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml index eb06b241..b262f947 100644 --- a/puppet/swift-storage-post.yaml +++ b/puppet/swift-storage-post.yaml @@ -52,6 +52,10 @@ resources: group: puppet options: enable_debug: {get_param: ConfigDebug} + enable_hiera: True + enable_facter: False + inputs: + - name: step outputs: - name: result config: @@ -65,6 +69,7 @@ resources: servers: {get_param: servers} config: {get_resource: StorageRingbuilderPuppetConfig} input_values: + step: 3 # Note ringbuilder.pp expects >=3 update_identifier: {get_param: NodeConfigIdentifiers} # Note, this should come last, so use depends_on to ensure diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index ea226263..296428db 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -256,6 +256,7 @@ resources: - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - common + merge_behavior: deeper datafiles: common: raw_data: {get_file: hieradata/common.yaml} |