diff options
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/controller-post.yaml | 24 | ||||
| -rw-r--r-- | puppet/controller.yaml | 75 | ||||
| -rw-r--r-- | puppet/hieradata/compute.yaml | 2 | ||||
| -rw-r--r-- | puppet/hieradata/controller.yaml | 4 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 49 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 194 | ||||
| -rw-r--r-- | puppet/services/neutron-base.yaml | 44 | ||||
| -rw-r--r-- | puppet/services/neutron-dhcp.yaml | 56 | ||||
| -rw-r--r-- | puppet/services/neutron-l3.yaml | 37 | ||||
| -rw-r--r-- | puppet/services/neutron-metadata.yaml | 45 | ||||
| -rw-r--r-- | puppet/services/pacemaker/glance-api.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/pacemaker/glance-registry.yaml | 5 | ||||
| -rw-r--r-- | puppet/services/pacemaker/keystone.yaml | 4 | ||||
| -rw-r--r-- | puppet/services/pacemaker/neutron-dhcp.yaml | 35 | ||||
| -rw-r--r-- | puppet/services/pacemaker/neutron-l3.yaml | 33 | ||||
| -rw-r--r-- | puppet/services/pacemaker/neutron-metadata.yaml | 33 | ||||
| -rw-r--r-- | puppet/services/pacemaker/rabbitmq.yaml | 32 | ||||
| -rw-r--r-- | puppet/services/rabbitmq.yaml | 42 | ||||
| -rw-r--r-- | puppet/swift-storage-post.yaml | 5 |
19 files changed, 379 insertions, 342 deletions
diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml index 80b08a06..705e4b90 100644 --- a/puppet/controller-post.yaml +++ b/puppet/controller-post.yaml @@ -102,31 +102,9 @@ resources: step: 5 update_identifier: {get_param: NodeConfigIdentifiers} - ControllerOvercloudServicesDeployment_Step6: - type: OS::Heat::StructuredDeployments - depends_on: ControllerOvercloudServicesDeployment_Step5 - properties: - name: ControllerOvercloudServicesDeployment_Step6 - servers: {get_param: servers} - config: {get_resource: ControllerPuppetConfig} - input_values: - step: 6 - update_identifier: {get_param: NodeConfigIdentifiers} - - ControllerOvercloudServicesDeployment_Step7: - type: OS::Heat::StructuredDeployments - depends_on: ControllerOvercloudServicesDeployment_Step6 - properties: - name: ControllerOvercloudServicesDeployment_Step7 - servers: {get_param: servers} - config: {get_resource: ControllerPuppetConfig} - input_values: - step: 7 - update_identifier: {get_param: NodeConfigIdentifiers} - ControllerPostPuppet: type: OS::TripleO::Tasks::ControllerPostPuppet - depends_on: ControllerOvercloudServicesDeployment_Step7 + depends_on: ControllerOvercloudServicesDeployment_Step5 properties: servers: {get_param: servers} input_values: diff --git a/puppet/controller.yaml b/puppet/controller.yaml index a08ed1bb..05556ffb 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -314,10 +314,6 @@ parameters: type: string hidden: true default: '' # Has to be here because of the ignored empty value bug - NeutronExternalNetworkBridge: - description: Name of bridge used for external network traffic. - type: string - default: 'br-ex' NeutronBridgeMappings: description: > The OVS logical->physical bridge mappings to use. See the Neutron @@ -328,22 +324,6 @@ parameters: scripts or be sure to keep 'datacentre' as a mapping network name. type: comma_delimited_list default: "datacentre:br-ex" - NeutronDnsmasqOptions: - default: 'dhcp-option-force=26,1400' - description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. - type: string - NeutronEnableDHCPAgent: - description: Knob to enable/disable DHCP Agent - type: boolean - default: true - NeutronEnableL3Agent: - description: Knob to enable/disable L3 agent - type: boolean - default: true - NeutronEnableMetadataAgent: - description: Knob to enable/disable Metadata agent - type: boolean - default: true NeutronEnableOVSAgent: description: Knob to enable/disable OVS Agent type: boolean @@ -356,10 +336,6 @@ parameters: default: 'False' description: Whether to enable l3-agent HA type: string - NeutronDhcpAgentsPerNetwork: - type: number - default: 3 - description: The number of neutron dhcp agents to schedule per network NeutronDVR: default: 'False' description: Whether to configure Neutron Distributed Virtual Routers @@ -394,10 +370,6 @@ parameters: default: 'True' description: Allow automatic l3-agent failover type: string - NeutronEnableIsolatedMetadata: - default: 'False' - description: If True, DHCP provide metadata route to VM. - type: string NeutronEnableTunnelling: type: string default: "True" @@ -562,14 +534,6 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number - RabbitFDLimit: - default: 16384 - description: Configures RabbitMQ FD limit - type: string - RabbitIPv6: - default: false - description: Enable IPv6 in RabbitMQ - type: boolean RedisPassword: type: string description: The password to access the Redis service @@ -886,7 +850,6 @@ resources: swift_workers: {get_param: SwiftWorkers} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} - neutron_enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} haproxy_log_address: {get_param: HAProxySyslogAddress} haproxy_stats_password: {get_param: HAProxyStatsPassword} haproxy_stats_user: {get_param: HAProxyStatsUser} @@ -993,9 +956,6 @@ resources: template: DRIVERS params: DRIVERS: {get_param: NeutronTypeDrivers} - neutron_enable_dhcp_agent: {get_param: NeutronEnableDHCPAgent} - neutron_enable_l3_agent: {get_param: NeutronEnableL3Agent} - neutron_enable_metadata_agent: {get_param: NeutronEnableMetadataAgent} neutron_enable_ovs_agent: {get_param: NeutronEnableOVSAgent} neutron_mechanism_drivers: str_replace: @@ -1004,7 +964,6 @@ resources: MECHANISMS: {get_param: NeutronMechanismDrivers} neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron_l3_ha: {get_param: NeutronL3HA} - neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} neutron_network_vlan_ranges: str_replace: template: RANGES @@ -1015,7 +974,6 @@ resources: template: MAPPINGS params: MAPPINGS: {get_param: NeutronBridgeMappings} - neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge} neutron_public_interface: {get_param: NeutronPublicInterface} neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute} @@ -1052,7 +1010,6 @@ resources: AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} neutron_password: {get_param: NeutronPassword} neutron_tenant_mtu: {get_param: NeutronTenantMtu} - neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions} neutron_dsn: list_join: - '' @@ -1136,9 +1093,6 @@ resources: nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]} nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]} nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} - nova_ec2_public_url: {get_param: [EndpointMap, NovaEC2Public, uri]} - nova_ec2_internal_url: {get_param: [EndpointMap, NovaEC2Internal, uri]} - nova_ec2_admin_url: {get_param: [EndpointMap, NovaEC2Admin, uri]} fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} rabbit_username: {get_param: RabbitUserName} @@ -1146,8 +1100,6 @@ resources: rabbit_cookie: {get_param: RabbitCookie} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} - rabbit_ipv6: {get_param: RabbitIPv6} - rabbit_fd_limit: {get_param: RabbitFDLimit} mongodb_no_journal: {get_param: MongoDbNoJournal} mongodb_ipv6: {get_param: MongoDbIPv6} ntp_servers: {get_param: NtpServer} @@ -1405,39 +1357,26 @@ resources: # Neutron neutron::bind_host: {get_input: neutron_api_network} - neutron::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_user: {get_input: rabbit_username} - neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - neutron::rabbit_port: {get_input: rabbit_client_port} - neutron::debug: {get_input: debug} neutron::server::auth_uri: {get_input: keystone_auth_uri} neutron::server::identity_uri: {get_input: keystone_identity_uri} neutron::server::database_connection: {get_input: neutron_dsn} neutron::server::api_workers: {get_input: neutron_workers} - neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge} neutron::network_device_mtu: {get_input: neutron_tenant_mtu} neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} - neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} neutron::plugins::ml2::flat_networks: {get_input: neutron_flat_networks} - neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret} neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network} - neutron::agents::metadata::metadata_workers: {get_input: neutron_workers} neutron_agent_mode: {get_input: neutron_agent_mode} neutron_router_distributed: {get_input: neutron_router_distributed} neutron::core_plugin: {get_input: neutron_core_plugin} neutron::service_plugins: {get_input: neutron_service_plugins} - neutron::enable_dhcp_agent: {get_input: neutron_enable_dhcp_agent} - neutron::enable_l3_agent: {get_input: neutron_enable_l3_agent} - neutron::enable_metadata_agent: {get_input: neutron_enable_metadata_agent} neutron::enable_ovs_agent: {get_input: neutron_enable_ovs_agent} neutron::plugins::ml2::type_drivers: {get_input: neutron_type_drivers} neutron::plugins::ml2::mechanism_drivers: {get_input: neutron_mechanism_drivers} neutron::plugins::ml2::extension_drivers: {get_input: neutron_plugin_extensions} neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} neutron::server::l3_ha: {get_input: neutron_l3_ha} - neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network} neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} @@ -1450,10 +1389,7 @@ resources: neutron::agents::ml2::ovs::tunnel_types: {get_input: neutron_tunnel_types} neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions} neutron::server::auth_password: {get_input: neutron_password} - neutron::agents::metadata::auth_password: {get_input: neutron_password} - neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options} neutron_dsn: {get_input: neutron_dsn} - neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri} neutron::db::mysql::password: {get_input: neutron_password} neutron::keystone::auth::public_url: {get_input: neutron_public_url } neutron::keystone::auth::internal_url: {get_input: neutron_internal_url } @@ -1555,7 +1491,6 @@ resources: nova::api::metadata_listen: {get_input: nova_metadata_network} nova::api::admin_password: {get_input: nova_password} nova::api::osapi_compute_workers: {get_input: nova_workers} - nova::api::ec2_workers: {get_input: nova_workers} nova::api::metadata_workers: {get_input: nova_workers} nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu} nova::database_connection: {get_input: nova_dsn} @@ -1573,9 +1508,6 @@ resources: nova::keystone::auth::public_url: {get_input: nova_public_url} nova::keystone::auth::internal_url: {get_input: nova_internal_url} nova::keystone::auth::admin_url: {get_input: nova_admin_url} - nova::keystone::auth::ec2_public_url: {get_input: nova_ec2_public_url} - nova::keystone::auth::ec2_internal_url: {get_input: nova_ec2_internal_url} - nova::keystone::auth::ec2_admin_url: {get_input: nova_ec2_admin_url} nova::keystone::auth::password: {get_input: nova_password } nova::keystone::auth::region: {get_input: keystone_region} @@ -1615,14 +1547,9 @@ resources: sahara::keystone::auth::admin_url: {get_input: sahara_admin_url } sahara::keystone::auth::password: {get_input: sahara_password } sahara::keystone::auth::region: {get_input: keystone_region} - - # Rabbit + # RabbitMQ rabbitmq::node_ip_address: {get_input: rabbitmq_network} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} - rabbitmq::file_limit: {get_input: rabbit_fd_limit} - rabbitmq::default_user: {get_input: rabbit_username} - rabbitmq::default_pass: {get_input: rabbit_password} - rabbit_ipv6: {get_input: rabbit_ipv6} # Redis redis::bind: {get_input: redis_network} redis::requirepass: {get_input: redis_password} diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 865210c9..1e888f39 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -11,6 +11,8 @@ nova::compute::libvirt::migration_support: true nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" +nova::network::neutron::neutron_auth_type: 'v3password' + # Changing the default from 512MB. The current templates can not deploy # overclouds with swap. On an idle compute node, we see ~1024MB of RAM # used. 2048 is suggested to account for other possible operations for diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index b662bc64..7a446b50 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -50,7 +50,6 @@ glance::registry::keystone_tenant: 'service' neutron::server::auth_tenant: 'service' neutron::agents::metadata::auth_tenant: 'service' neutron::agents::l3::router_delete_namespaces: True -neutron::agents::dhcp::dhcp_delete_namespaces: True cinder::api::keystone_tenant: 'service' swift::proxy::authtoken::admin_tenant_name: 'service' ceilometer::api::keystone_tenant: 'service' @@ -110,7 +109,6 @@ glance_file_pcmk_directory: '/var/lib/glance/images' # neutron neutron::server::sync_db: true -neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf # nova nova::notify_on_state_change: 'vm_and_task_state' @@ -120,7 +118,6 @@ nova::scheduler::filter::ram_allocation_ratio: '1.0' nova::cron::archive_deleted_rows::hour: '*/12' nova::cron::archive_deleted_rows::destination: '/dev/null' nova::notification_driver: messaging -nova::keystone::auth::configure_ec2_endpoint: false # ceilometer ceilometer::agent::auth::auth_endpoint_type: 'internalURL' @@ -168,7 +165,6 @@ tripleo::loadbalancer::neutron: true tripleo::loadbalancer::cinder: true tripleo::loadbalancer::glance_api: true tripleo::loadbalancer::glance_registry: true -tripleo::loadbalancer::nova_ec2: true tripleo::loadbalancer::nova_osapi: true tripleo::loadbalancer::nova_metadata: true tripleo::loadbalancer::nova_novncproxy: true diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index ef330e29..6c2716a0 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -127,36 +127,6 @@ if hiera('step') >= 2 { include ::aodh::db::mysql } - $rabbit_nodes = hiera('rabbit_node_ips') - if count($rabbit_nodes) > 1 { - - $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false)) - if $rabbit_ipv6 { - $rabbit_env = merge(hiera('rabbitmq_environment'), { - 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"' - }) - } else { - $rabbit_env = hiera('rabbitmq_environment') - } - - class { '::rabbitmq': - config_cluster => true, - cluster_nodes => $rabbit_nodes, - tcp_keepalive => false, - config_kernel_variables => hiera('rabbitmq_kernel_variables'), - config_variables => hiera('rabbitmq_config_variables'), - environment_variables => $rabbit_env, - } - rabbitmq_policy { 'ha-all@/': - pattern => '^(?!amq\.).*', - definition => { - 'ha-mode' => 'all', - }, - } - } else { - include ::rabbitmq - } - # pre-install swift here so we can build rings include ::swift @@ -305,17 +275,6 @@ if hiera('step') >= 4 { metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'), } } else { - include ::neutron::agents::l3 - include ::neutron::agents::dhcp - include ::neutron::agents::metadata - - file { '/etc/neutron/dnsmasq-neutron.conf': - content => hiera('neutron_dnsmasq_options'), - owner => 'neutron', - group => 'neutron', - notify => Service['neutron-dhcp-service'], - require => Package['neutron'], - } # If the value of core plugin is set to 'midonet', # skip all the ML2 configuration @@ -358,17 +317,9 @@ if hiera('step') >= 4 { include ::neutron::plugins::ml2::bigswitch::restproxy include ::neutron::agents::bigswitch } - neutron_l3_agent_config { - 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); - } - neutron_dhcp_agent_config { - 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); - } Service['neutron-server'] -> Service['neutron-ovs-agent-service'] } - Service['neutron-server'] -> Service['neutron-dhcp-service'] - Service['neutron-server'] -> Service['neutron-l3'] Service['neutron-server'] -> Service['neutron-metadata'] } diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 0652a1c6..5c6e15ad 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -46,7 +46,7 @@ if $::hostname == downcase(hiera('bootstrap_nodeid')) { $sync_db = false } -$enable_fencing = str2bool(hiera('enable_fencing', false)) and hiera('step') >= 6 +$enable_fencing = str2bool(hiera('enable_fencing', false)) and hiera('step') >= 5 $enable_load_balancer = hiera('enable_load_balancer', true) # When to start and enable services which haven't been Pacemakerized @@ -99,6 +99,10 @@ if hiera('step') >= 1 { if $enable_fencing { include ::tripleo::fencing + # enable stonith after all Pacemaker resources have been created + Pcmk_resource<||> -> Class['tripleo::fencing'] + Pcmk_constraint<||> -> Class['tripleo::fencing'] + Exec <| tag == 'pacemaker_constraint' |> -> Class['tripleo::fencing'] # enable stonith after all fencing devices have been created Class['tripleo::fencing'] -> Class['pacemaker::stonith'] } @@ -110,35 +114,6 @@ if hiera('step') >= 1 { op_params => 'start timeout=200s stop timeout=200s', } - # Only configure RabbitMQ in this step, don't start it yet to - # avoid races where non-master nodes attempt to start without - # config (eg. binding on 0.0.0.0) - # The module ignores erlang_cookie if cluster_config is false - $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false)) - if $rabbit_ipv6 { - $rabbit_env = merge(hiera('rabbitmq_environment'), { - 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"' - }) - } else { - $rabbit_env = hiera('rabbitmq_environment') - } - - class { '::rabbitmq': - service_manage => false, - tcp_keepalive => false, - config_kernel_variables => hiera('rabbitmq_kernel_variables'), - config_variables => hiera('rabbitmq_config_variables'), - environment_variables => $rabbit_env, - } -> - file { '/var/lib/rabbitmq/.erlang.cookie': - ensure => file, - owner => 'rabbitmq', - group => 'rabbitmq', - mode => '0400', - content => hiera('rabbitmq::erlang_cookie'), - replace => true, - } - if downcase(hiera('ceilometer_backend')) == 'mongodb' { include ::mongodb::globals include ::mongodb::client @@ -300,14 +275,6 @@ if hiera('step') >= 2 { require => Class['::memcached'], } - pacemaker::resource::ocf { 'rabbitmq': - ocf_agent_name => 'heartbeat:rabbitmq-cluster', - resource_params => 'set_policy=\'ha-all ^(?!amq\.).* {"ha-mode":"all"}\'', - clone_params => 'ordered=true interleave=true', - meta_params => 'notify=true', - require => Class['::rabbitmq'], - } - if downcase(hiera('ceilometer_backend')) == 'mongodb' { pacemaker::resource::service { $::mongodb::params::service_name : op_params => 'start timeout=370s stop timeout=200s', @@ -588,31 +555,6 @@ if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { metadata_proxy_shared_secret => hiera('nova::api::neutron_metadata_proxy_shared_secret'), } } - if hiera('neutron::enable_dhcp_agent',true) { - class { '::neutron::agents::dhcp' : - manage_service => false, - enabled => false, - } - file { '/etc/neutron/dnsmasq-neutron.conf': - content => hiera('neutron_dnsmasq_options'), - owner => 'neutron', - group => 'neutron', - notify => Service['neutron-dhcp-service'], - require => Package['neutron'], - } - } - if hiera('neutron::enable_l3_agent',true) { - class { '::neutron::agents::l3' : - manage_service => false, - enabled => false, - } - } - if hiera('neutron::enable_metadata_agent',true) { - class { '::neutron::agents::metadata': - manage_service => false, - enabled => false, - } - } include ::neutron::plugins::ml2 class { '::neutron::agents::ml2::ovs': manage_service => false, @@ -644,15 +586,6 @@ if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { include ::neutron::plugins::ml2::bigswitch::restproxy include ::neutron::agents::bigswitch } - neutron_l3_agent_config { - 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); - } - neutron_dhcp_agent_config { - 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); - } - neutron_config { - 'DEFAULT/notification_driver': value => 'messaging'; - } include ::cinder include ::cinder::config @@ -1145,43 +1078,6 @@ if hiera('step') >= 5 { Pacemaker::Resource::Service[$::sahara::params::engine_service_name]], } - if hiera('step') == 5 { - # Neutron - # NOTE(gfidente): Neutron will try to populate the database with some data - # as soon as neutron-server is started; to avoid races we want to make this - # happen only on one node, before normal Pacemaker initialization - # https://bugzilla.redhat.com/show_bug.cgi?id=1233061 - # NOTE(emilien): we need to run this Exec only at Step 4 otherwise this exec - # will try to start the service while it's already started by Pacemaker - # It would result to a deployment failure since systemd would return 1 to Puppet - # and the overcloud would fail to deploy (6 would be returned). - # This conditional prevents from a race condition during the deployment. - # https://bugzilla.redhat.com/show_bug.cgi?id=1290582 - exec { 'neutron-server-systemd-start-sleep' : - command => 'systemctl start neutron-server && /usr/bin/sleep 5', - path => '/usr/bin', - unless => '/sbin/pcs resource show neutron-server', - } -> - pacemaker::resource::service { $::neutron::params::server_service: - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'] - } - } else { - pacemaker::resource::service { $::neutron::params::server_service: - clone_params => 'interleave=true', - require => Pacemaker::Resource::Ocf['openstack-core'] - } - } - if hiera('neutron::enable_l3_agent', true) { - pacemaker::resource::service { $::neutron::params::l3_agent_service: - clone_params => 'interleave=true', - } - } - if hiera('neutron::enable_dhcp_agent', true) { - pacemaker::resource::service { $::neutron::params::dhcp_agent_service: - clone_params => 'interleave=true', - } - } if hiera('neutron::enable_ovs_agent', true) { pacemaker::resource::service { $::neutron::params::ovs_agent_service: clone_params => 'interleave=true', @@ -1192,11 +1088,6 @@ if hiera('step') >= 5 { clone_params => 'interleave=true', } } - if hiera('neutron::enable_metadata_agent', true) { - pacemaker::resource::service { $::neutron::params::metadata_agent_service: - clone_params => 'interleave=true', - } - } if hiera('neutron::enable_ovs_agent', true) { pacemaker::resource::ocf { $::neutron::params::ovs_cleanup_service: ocf_agent_name => 'neutron:OVSCleanup', @@ -1241,81 +1132,6 @@ if hiera('step') >= 5 { Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], } } - pacemaker::constraint::base { 'keystone-to-neutron-server-constraint': - constraint_type => 'order', - first_resource => 'openstack-core-clone', - second_resource => "${::neutron::params::server_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Ocf['openstack-core'], - Pacemaker::Resource::Service[$::neutron::params::server_service]], - } - if hiera('neutron::enable_ovs_agent',true) { - pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::ovs_agent_service}-clone", - second_resource => "${::neutron::params::dhcp_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], - Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], - } - } - if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_ovs_agent',true) { - pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::server_service}-clone", - second_resource => "${::neutron::params::ovs_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::server_service], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], - } - - pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation': - source => "${::neutron::params::dhcp_agent_service}-clone", - target => "${::neutron::params::ovs_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], - Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], - } - } - if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_l3_agent',true) { - pacemaker::constraint::base { 'neutron-dhcp-agent-to-l3-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::dhcp_agent_service}-clone", - second_resource => "${::neutron::params::l3_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], - Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]] - } - pacemaker::constraint::colocation { 'neutron-dhcp-agent-to-l3-agent-colocation': - source => "${::neutron::params::l3_agent_service}-clone", - target => "${::neutron::params::dhcp_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service], - Pacemaker::Resource::Service[$::neutron::params::l3_agent_service]] - } - } - if hiera('neutron::enable_l3_agent',true) and hiera('neutron::enable_metadata_agent',true) { - pacemaker::constraint::base { 'neutron-l3-agent-to-metadata-agent-constraint': - constraint_type => 'order', - first_resource => "${::neutron::params::l3_agent_service}-clone", - second_resource => "${::neutron::params::metadata_agent_service}-clone", - first_action => 'start', - second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], - Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]] - } - pacemaker::constraint::colocation { 'neutron-l3-agent-to-metadata-agent-colocation': - source => "${::neutron::params::metadata_agent_service}-clone", - target => "${::neutron::params::l3_agent_service}-clone", - score => 'INFINITY', - require => [Pacemaker::Resource::Service[$::neutron::params::l3_agent_service], - Pacemaker::Resource::Service[$::neutron::params::metadata_agent_service]] - } - } if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { #midonet-chain chain keystone-->neutron-server-->dhcp-->metadata->tomcat pacemaker::constraint::base { 'neutron-server-to-dhcp-agent-constraint': diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml new file mode 100644 index 00000000..b34bdd22 --- /dev/null +++ b/puppet/services/neutron-base.yaml @@ -0,0 +1,44 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron base service. Shared for all Neutron agents. + +parameters: + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + NeutronDhcpAgentsPerNetwork: + type: number + default: 3 + description: The number of neutron dhcp agents to schedule per network + Debug: + type: string + default: '' + description: Set to True to enable debugging on all services. + +outputs: + role_data: + description: Role data for the Neutron base service. + value: + config_settings: + neutron::rabbit_password: {get_param: RabbitPassword} + neutron::rabbit_user: {get_param: RabbitUserName} + neutron::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + neutron::rabbit_port: {get_param: RabbitClientPort} + neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} + neutron::debug: {get_param: Debug} diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml new file mode 100644 index 00000000..548b4ba0 --- /dev/null +++ b/puppet/services/neutron-dhcp.yaml @@ -0,0 +1,56 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron DHCP agent configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + NeutronEnableIsolatedMetadata: + default: 'False' + description: If True, DHCP provide metadata route to VM. + type: string + NeutronDnsmasqOptions: + default: 'dhcp-option-force=26,%MTU%' + description: > + Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU + to be set to the value of NeutronTenantMtu, which should be set to account + for tunnel overhead. + type: string + NeutronTenantMtu: + description: > + The default MTU for tenant networks. For VXLAN/GRE tunneling, this should + be at least 50 bytes smaller than the MTU on the physical network. This + value will be used to set the MTU on the virtual Ethernet device. + This value will be used to construct the NeutronDnsmasqOptions, since that + will determine the MTU that is assigned to the VM host through DHCP. + default: "1400" + type: string + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for the Neutron DHCP agent service. + value: + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf + tripleo::profile::base::neutron::dhcp: + str_replace: + template: {get_param: NeutronDnsmasqOptions} + params: + '%MTU%': {get_param: NeutronTenantMtu} + neutron::agents::dhcp::enable_isolated_metadata: {get_param: NeutronEnableIsolatedMetadata} + step_config: | + include tripleo::profile::base::neutron::dhcp diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml new file mode 100644 index 00000000..2ea1b19d --- /dev/null +++ b/puppet/services/neutron-l3.yaml @@ -0,0 +1,37 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron L3 agent configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + Debug: + type: string + default: '' + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. + type: string + default: 'br-ex' + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for the Neutron L3 agent service. + value: + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} + step_config: | + include tripleo::profile::base::neutron::l3 diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml new file mode 100644 index 00000000..1fe139f3 --- /dev/null +++ b/puppet/services/neutron-metadata.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Metadata agent configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + NeutronMetadataProxySharedSecret: + description: Shared secret to prevent spoofing + type: string + hidden: true + NeutronWorkers: + default: 0 + description: Number of workers for Neutron service. + type: number + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + +resources: + + NeutronBase: + type: ./neutron-base.yaml + +outputs: + role_data: + description: Role data for the Neutron Metadata agent service. + value: + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret} + neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers} + neutron::agents::metadata::auth_password: {get_param: NeutronPassword} + neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + step_config: | + include tripleo::profile::base::neutron::metadata diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml index 815eb5bf..ad964216 100644 --- a/puppet/services/pacemaker/glance-api.yaml +++ b/puppet/services/pacemaker/glance-api.yaml @@ -56,5 +56,7 @@ outputs: glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} + glance::api::manage_service: false + glance::api::enabled: false step_config: | include ::tripleo::profile::pacemaker::glance diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml index 56353459..393fbaaf 100644 --- a/puppet/services/pacemaker/glance-registry.yaml +++ b/puppet/services/pacemaker/glance-registry.yaml @@ -26,7 +26,10 @@ outputs: description: Role data for the Glance role. value: config_settings: - get_attr: [GlanceRegistryBase, role_data, config_settings] + map_merge: + - get_attr: [GlanceRegistryBase, role_data, config_settings] + - glance::registry::manage_service: false + glance::registry::enabled: false # No puppet manifests since glance-registry is included in # ::tripleo::profile::pacemaker::glance which is maintained alongside of # pacemaker/glance-api.yaml. diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml index 8fcab15f..db52cae7 100644 --- a/puppet/services/pacemaker/keystone.yaml +++ b/puppet/services/pacemaker/keystone.yaml @@ -28,7 +28,7 @@ outputs: config_settings: map_merge: - get_attr: [KeystoneServiceBase, role_data, config_settings] - #- - # custom keystone hiera goes here if we need it!? + - keystone::manage_service: false + keystone::enabled: false step_config: | include ::tripleo::profile::pacemaker::keystone diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml new file mode 100644 index 00000000..0e972b28 --- /dev/null +++ b/puppet/services/pacemaker/neutron-dhcp.yaml @@ -0,0 +1,35 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron DHCP service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + + NeutronDhcpBase: + type: ../neutron-dhcp.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Neutron DHCP role. + value: + config_settings: + map_merge: + - get_attr: [NeutronDhcpBase, role_data, config_settings] + - tripleo::profile::pacemaker::neutron::enable_dhcp: True + neutron::agents::dhcp::enabled: false + neutron::agents::dhcp::manage_service: false + step_config: | + include ::tripleo::profile::pacemaker::neutron::dhcp diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml new file mode 100644 index 00000000..84bff808 --- /dev/null +++ b/puppet/services/pacemaker/neutron-l3.yaml @@ -0,0 +1,33 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron L3 service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + + NeutronL3Base: + type: ../neutron-l3.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Neutron L3 role. + value: + config_settings: + map_merge: + - get_attr: [NeutronL3Base, role_data, config_settings] + - tripleo::profile::pacemaker::neutron::enable_l3: True + step_config: | + include ::tripleo::profile::pacemaker::neutron::l3 diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml new file mode 100644 index 00000000..79baf1ea --- /dev/null +++ b/puppet/services/pacemaker/neutron-metadata.yaml @@ -0,0 +1,33 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Neutron Metadata service with Pacemaker configured with Puppet. + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + + NeutronMetadataBase: + type: ../neutron-metadata.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the Neutron Metadata role. + value: + config_settings: + map_merge: + - get_attr: [NeutronMetadataBase, role_data, config_settings] + - tripleo::profile::pacemaker::neutron::enable_metadata: True + step_config: | + include ::tripleo::profile::pacemaker::neutron::metadata diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml new file mode 100644 index 00000000..613db449 --- /dev/null +++ b/puppet/services/pacemaker/rabbitmq.yaml @@ -0,0 +1,32 @@ +heat_template_version: 2016-04-08 + +description: > + RabbitMQ service with Pacemaker configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + +resources: + RabbitMQServiceBase: + type: ../rabbitmq.yaml + properties: + EndpointMap: {get_param: EndpointMap} + MysqlVirtualIPUri: {get_param: MysqlVirtualIPUri} + +outputs: + role_data: + description: Role data for the RabbitMQ pacemaker role. + value: + config_settings: + map_merge: + - get_attr: [RabbitMQServiceBase, role_data, config_settings] + - rabbitmq::service_manage: false + step_config: | + include ::tripleo::profile::pacemaker::rabbitmq diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml new file mode 100644 index 00000000..ae5678a3 --- /dev/null +++ b/puppet/services/rabbitmq.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2016-04-08 + +description: > + RabbitMQ service configured with Puppet + +parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MysqlVirtualIPUri: + type: string + default: '' + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitFDLimit: + default: 16384 + description: Configures RabbitMQ FD limit + type: string + RabbitIPv6: + default: false + description: Enable IPv6 in RabbitMQ + type: boolean + +outputs: + role_data: + description: Role data for the RabbitMQ role. + value: + config_settings: + rabbitmq::file_limit: {get_param: RabbitFDLimit} + rabbitmq::default_user: {get_param: RabbitUserName} + rabbitmq::default_pass: {get_param: RabbitPassword} + rabbit_ipv6: {get_param: RabbitIPv6} + step_config: | + include ::tripleo::profile::base::rabbitmq diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml index eb06b241..b262f947 100644 --- a/puppet/swift-storage-post.yaml +++ b/puppet/swift-storage-post.yaml @@ -52,6 +52,10 @@ resources: group: puppet options: enable_debug: {get_param: ConfigDebug} + enable_hiera: True + enable_facter: False + inputs: + - name: step outputs: - name: result config: @@ -65,6 +69,7 @@ resources: servers: {get_param: servers} config: {get_resource: StorageRingbuilderPuppetConfig} input_values: + step: 3 # Note ringbuilder.pp expects >=3 update_identifier: {get_param: NodeConfigIdentifiers} # Note, this should come last, so use depends_on to ensure |