aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/services/database/mongodb.yaml5
-rw-r--r--puppet/services/kernel.yaml20
-rw-r--r--puppet/services/neutron-base.yaml5
-rw-r--r--puppet/services/neutron-compute-plugin-nuage.yaml10
-rw-r--r--puppet/services/neutron-l2gw-api.yaml54
-rw-r--r--puppet/services/neutron-plugin-nuage.yaml7
-rw-r--r--puppet/services/nova-base.yaml6
-rw-r--r--puppet/services/swift-proxy.yaml33
8 files changed, 132 insertions, 8 deletions
diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml
index 63ec4446..50597216 100644
--- a/puppet/services/database/mongodb.yaml
+++ b/puppet/services/database/mongodb.yaml
@@ -19,6 +19,10 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MongodbMemoryLimit:
+ default: '20G'
+ description: Limit the amount of memory mongodb uses with systemd.
+ type: string
MongoDbLoggingSource:
type: json
description: Fluentd logging configuration for mongodb.
@@ -49,6 +53,7 @@ outputs:
map_merge:
- get_attr: [MongoDbBase, role_data, config_settings]
- tripleo::profile::base::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]}
+ tripleo::profile::base::database::mongodb::memory_limit: {get_param: MongodbMemoryLimit}
mongodb::server::service_manage: True
tripleo.mongodb.firewall_rules:
'101 mongodb_config':
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index ee4c771f..9b314b2a 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -39,6 +39,20 @@ outputs:
value: 5
net.ipv4.tcp_keepalive_time:
value: 5
+ net.ipv4.conf.default.send_redirects:
+ value: 0
+ net.ipv4.conf.all.send_redirects:
+ value: 0
+ net.ipv4.conf.default.accept_redirects:
+ value: 0
+ net.ipv4.conf.default.secure_redirects:
+ value: 0
+ net.ipv4.conf.all.secure_redirects:
+ value: 0
+ net.ipv4.conf.default.log_martians:
+ value: 1
+ net.ipv4.conf.all.log_martians:
+ value: 1
net.nf_conntrack_max:
value: 500000
net.netfilter.nf_conntrack_max:
@@ -52,11 +66,17 @@ outputs:
value: 0
net.ipv6.conf.default.autoconf:
value: 0
+ net.ipv6.conf.default.accept_redirects:
+ value: 0
+ net.ipv6.conf.all.accept_redirects:
+ value: 0
net.core.netdev_max_backlog:
value: 10000
kernel.pid_max:
value: {get_param: KernelPidMax}
kernel.dmesg_restrict:
value: 1
+ fs.suid_dumpable:
+ value: 0
step_config: |
include ::tripleo::profile::base::kernel
diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml
index 5ed54f31..9f605062 100644
--- a/puppet/services/neutron-base.yaml
+++ b/puppet/services/neutron-base.yaml
@@ -22,6 +22,10 @@ parameters:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ DatabaseSyncTimeout:
+ default: 300
+ description: DB Sync Timeout default
+ type: number
NeutronDhcpAgentsPerNetwork:
type: number
default: 0
@@ -95,6 +99,7 @@ outputs:
neutron::host: '%{::fqdn}'
neutron::db::database_db_max_retries: -1
neutron::db::database_max_retries: -1
+ neutron::db::sync::db_sync_timeout: {get_param: DatabaseSyncTimeout}
neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu}
- if:
- dhcp_agents_zero
diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml
index 04431e28..ea717690 100644
--- a/puppet/services/neutron-compute-plugin-nuage.yaml
+++ b/puppet/services/neutron-compute-plugin-nuage.yaml
@@ -22,6 +22,10 @@ parameters:
description: The password for the nova service account, used by nova-api.
type: string
hidden: true
+ NuageMetadataPort:
+ description: TCP Port to listen for metadata server requests
+ type: string
+ default: '9697'
outputs:
role_data:
@@ -32,5 +36,11 @@ outputs:
tripleo::profile::base::neutron::agents::nuage::nova_os_tenant_name: 'service'
tripleo::profile::base::neutron::agents::nuage::nova_os_password: {get_param: NovaPassword}
tripleo::profile::base::neutron::agents::nuage::nova_auth_ip: {get_param: [EndpointMap, KeystoneInternal, host]}
+ tripleo.neutron_compute_plugin_nuage.firewall_rules:
+ '118 neutron vxlan networks':
+ proto: 'udp'
+ dport: 4789
+ '100 metadata agent':
+ dport: {get_param: NuageMetadataPort}
step_config: |
include ::tripleo::profile::base::neutron::agents::nuage
diff --git a/puppet/services/neutron-l2gw-api.yaml b/puppet/services/neutron-l2gw-api.yaml
new file mode 100644
index 00000000..b6f0d281
--- /dev/null
+++ b/puppet/services/neutron-l2gw-api.yaml
@@ -0,0 +1,54 @@
+heat_template_version: ocata
+
+description: >
+ L2 Gateway service plugin configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ L2gwServiceDefaultInterfaceName:
+ default: 'FortyGigE1/0/1'
+ description: default interface name of the L2 gateway
+ type: string
+ L2gwServiceDefaultDeviceName:
+ default: 'Switch1'
+ description: default device name of the L2 gateway
+ type: string
+ L2gwServiceQuotaL2Gateway:
+ default: 5
+ description: quota of the L2 gateway
+ type: number
+ L2gwServicePeriodicMonitoringInterval:
+ default: 5
+ description: The periodic interval at which the plugin
+ type: number
+ L2gwServiceProvider:
+ default: ["L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default"]
+ description: Backend to use as a service provider for L2 Gateway
+ type: comma_delimited_list
+
+outputs:
+ role_data:
+ description: Role data for the L2 Gateway role.
+ value:
+ service_name: neutron_l2gw_api
+ config_settings:
+ neutron::services::l2gw::default_interface_name: {get_param: L2gwServiceDefaultInterfaceName}
+ neutron::services::l2gw::default_device_name: {get_param: L2gwServiceDefaultDeviceName}
+ neutron::services::l2gw::quota_l2_gateway: {get_param: L2gwServiceQuotaL2Gateway}
+ neutron::services::l2gw::periodic_monitoring_interval: {get_param: L2gwServicePeriodicMonitoringInterval}
+ neutron::services::l2gw::service_providers: {get_param: L2gwServiceProvider}
+ step_config: |
+ include tripleo::profile::base::neutron::l2gw
diff --git a/puppet/services/neutron-plugin-nuage.yaml b/puppet/services/neutron-plugin-nuage.yaml
index e09cd704..6229a3f1 100644
--- a/puppet/services/neutron-plugin-nuage.yaml
+++ b/puppet/services/neutron-plugin-nuage.yaml
@@ -19,10 +19,6 @@ parameters:
via parameter_defaults in the resource registry.
type: json
# Config specific parameters, to be provided via parameter_defaults
- NeutronNuageOSControllerIp:
- description: IP address of the OpenStack Controller
- type: string
-
NeutronNuageNetPartitionName:
description: Specifies the title that you will see on the VSD
type: string
@@ -76,8 +72,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- - neutron::plugins::nuage::nuage_oscontroller_ip: {get_param: NeutronNuageOSControllerIp}
- neutron::plugins::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName}
+ - neutron::plugins::nuage::nuage_net_partition_name: {get_param: NeutronNuageNetPartitionName}
neutron::plugins::nuage::nuage_vsd_ip: {get_param: NeutronNuageVSDIp}
neutron::plugins::nuage::nuage_vsd_username: {get_param: NeutronNuageVSDUsername}
neutron::plugins::nuage::nuage_vsd_password: {get_param: NeutronNuageVSDPassword}
diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml
index 7b568e9e..9e7f0145 100644
--- a/puppet/services/nova-base.yaml
+++ b/puppet/services/nova-base.yaml
@@ -52,6 +52,10 @@ parameters:
default: 5672
description: Set rabbit subscriber port, change this if using SSL
type: number
+ DatabaseSyncTimeout:
+ default: 300
+ description: DB Sync Timeout default
+ type: number
Debug:
type: string
default: ''
@@ -198,6 +202,8 @@ outputs:
nova::network::neutron::neutron_auth_type: 'v3password'
nova::db::database_db_max_retries: -1
nova::db::database_max_retries: -1
+ nova::db::sync::db_sync_timeout: {get_param: DatabaseSyncTimeout}
+ nova::db::sync_api::db_sync_timeout: {get_param: DatabaseSyncTimeout}
nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
nova::use_ipv6: {get_param: NovaIPv6}
nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge}
diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml
index 0c3cc1ec..0ecc942c 100644
--- a/puppet/services/swift-proxy.yaml
+++ b/puppet/services/swift-proxy.yaml
@@ -63,10 +63,14 @@ parameters:
Rabbit client subscriber parameter to specify
an SSL connection to the RabbitMQ host.
type: string
+ EnableInternalTLS:
+ type: boolean
+ default: false
conditions:
ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]}
+ use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
resources:
SwiftBase:
@@ -76,6 +80,14 @@ resources:
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+ TLSProxyBase:
+ type: OS::TripleO::Services::TLSProxyBase
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
+
outputs:
role_data:
description: Role data for the Swift proxy service.
@@ -85,7 +97,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [SwiftBase, role_data, config_settings]
-
+ - get_attr: [TLSProxyBase, role_data, config_settings]
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
swift::proxy::authtoken::password: {get_param: SwiftPassword}
@@ -146,7 +158,22 @@ outputs:
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- swift::proxy::proxy_local_net_ip: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
+ tripleo::profile::base::swift::proxy::tls_proxy_bind_ip:
+ get_param: [ServiceNetMap, SwiftProxyNetwork]
+ tripleo::profile::base::swift::proxy::tls_proxy_fqdn:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, SwiftProxyNetwork]}
+ tripleo::profile::base::swift::proxy::tls_proxy_port:
+ get_param: [EndpointMap, SwiftInternal, port]
+ swift::proxy::port: {get_param: [EndpointMap, SwiftInternal, port]}
+ swift::proxy::proxy_local_net_ip:
+ if:
+ - use_tls_proxy
+ - 'localhost'
+ - {get_param: [ServiceNetMap, SwiftProxyNetwork]}
step_config: |
include ::tripleo::profile::base::swift::proxy
service_config_settings:
@@ -169,3 +196,5 @@ outputs:
- name: Stop swift_proxy service
tags: step1
service: name=openstack-swift-proxy state=stopped
+ metadata_settings:
+ get_attr: [TLSProxyBase, role_data, metadata_settings]