diff options
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/ceph-storage-post-puppet.yaml | 2 | ||||
| -rw-r--r-- | puppet/cinder-storage-post.yaml | 3 | ||||
| -rw-r--r-- | puppet/cinder-storage-puppet.yaml | 16 | ||||
| -rw-r--r-- | puppet/compute-puppet.yaml | 10 | ||||
| -rw-r--r-- | puppet/controller-post-puppet.yaml | 83 | ||||
| -rw-r--r-- | puppet/controller-puppet.yaml | 63 | ||||
| -rw-r--r-- | puppet/hieradata/ceph.yaml | 6 | ||||
| -rw-r--r-- | puppet/hieradata/compute.yaml | 5 | ||||
| -rw-r--r-- | puppet/hieradata/controller.yaml | 18 | ||||
| -rw-r--r-- | puppet/manifests/loadbalancer.pp | 386 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_compute.pp | 12 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 71 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_volume.pp | 16 | ||||
| -rw-r--r-- | puppet/swift-storage-post.yaml | 7 |
14 files changed, 218 insertions, 480 deletions
diff --git a/puppet/ceph-storage-post-puppet.yaml b/puppet/ceph-storage-post-puppet.yaml index dd01d4fd..5e1c42fa 100644 --- a/puppet/ceph-storage-post-puppet.yaml +++ b/puppet/ceph-storage-post-puppet.yaml @@ -17,7 +17,7 @@ resources: config: get_file: manifests/overcloud_cephstorage.pp - CephStoragePuppetDeployment: + CephStorageDeployment_Step1: type: OS::Heat::StructuredDeployments properties: servers: {get_param: servers} diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml index 960cc5b3..28e87800 100644 --- a/puppet/cinder-storage-post.yaml +++ b/puppet/cinder-storage-post.yaml @@ -18,9 +18,8 @@ resources: config: get_file: manifests/overcloud_volume.pp - VolumePuppetDeployment: + VolumeDeployment_Step1: type: OS::Heat::StructuredDeployments properties: - name: puppet_1 servers: {get_param: servers} config: {get_resource: VolumePuppetConfig} diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml index 6ad4d348..2f7a04c8 100644 --- a/puppet/cinder-storage-puppet.yaml +++ b/puppet/cinder-storage-puppet.yaml @@ -4,6 +4,10 @@ parameters: Image: default: overcloud-cinder-volume type: string + CinderEnableIscsiBackend: + default: true + description: Whether to enable or not the Iscsi backend for Cinder + type: boolean CinderISCSIHelper: default: tgtadm description: The iSCSI helper to use with cinder. @@ -115,6 +119,7 @@ resources: template: sizeM params: size: {get_param: CinderLVMLoopDeviceSize} + cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} cinder_iscsi_helper: {get_param: CinderISCSIHelper} rabbit_hosts: str_replace: @@ -148,17 +153,20 @@ resources: volume: raw_data: {get_file: hieradata/volume.yaml} oac_data: - cinder::volume::iscsi::iscsi_ip_address: local-ipv4 + cinder_iscsi_ip_address: local-ipv4 mapped_data: # Cinder cinder::setup_test_volume::size: {get_input: cinder_lvm_loop_device_size} - cinder::volume::iscsi::iscsi_helper: {get_input: cinder_iscsi_helper} + cinder_iscsi_helper: {get_input: cinder_iscsi_helper} cinder::database_connection: {get_input: cinder_dsn} cinder::rabbit_hosts: {get_input: rabbit_hosts} cinder::rabbit_userid: {get_input: rabbit_username} cinder::rabbit_password: {get_input: rabbit_password} + cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend} ntp::servers: {get_input: ntp_servers} enable_package_install: {get_input: enable_package_install} + snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} + snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} outputs: hosts_entry: @@ -168,3 +176,7 @@ outputs: params: IP: {get_attr: [BlockStorage, networks, ctlplane, 0]} HOST: {get_attr: [BlockStorage, name]} + nova_server_resource: + description: Heat resource handle for the block storage server + value: + {get_resource: BlockStorage} diff --git a/puppet/compute-puppet.yaml b/puppet/compute-puppet.yaml index f7347094..909fdf5c 100644 --- a/puppet/compute-puppet.yaml +++ b/puppet/compute-puppet.yaml @@ -195,6 +195,10 @@ parameters: NovaComputeLibvirtType: type: string default: '' + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean NovaPassword: default: unset description: The password for the nova service account, used by nova-api. @@ -269,10 +273,14 @@ resources: hierarchy: - heat_config_%{::deploy_config_name} - compute + - ceph_cluster # provided by CephClusterConfig + - ceph - common datafiles: common: raw_data: {get_file: hieradata/common.yaml} + ceph: + raw_data: {get_file: hieradata/ceph.yaml} compute: raw_data: {get_file: hieradata/compute.yaml} oac_data: @@ -283,6 +291,7 @@ resources: nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} nova_api_host: {get_input: nova_api_host} nova::compute::vncproxy_host: {get_input: nova_public_ip} + nova_enable_rbd_backend: {get_input: nova_enable_rbd_backend} nova_password: {get_input: nova_password} #ceilometer::debug: {get_input: debug} ceilometer::metering_secret: {get_input: ceilometer_metering_secret} @@ -339,6 +348,7 @@ resources: nova_public_ip: {get_param: NovaPublicIP} nova_api_host: {get_param: NovaApiHost} nova_password: {get_param: NovaPassword} + nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} ceilometer_compute_agent: {get_param: CeilometerComputeAgent} diff --git a/puppet/controller-post-puppet.yaml b/puppet/controller-post-puppet.yaml index 72b35793..009a10ae 100644 --- a/puppet/controller-post-puppet.yaml +++ b/puppet/controller-post-puppet.yaml @@ -9,64 +9,6 @@ parameters: resources: - # NOTE(dprince): this example uses a composition class - # on the puppet side (loadbalancer.pp). This seemed like the - # cleanest way to encapulate the puppet resources definitions - # for HAProxy and Keepalived. - ControllerLoadbalancerPuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_hiera: True - enable_facter: False - inputs: - - name: tripleo::loadbalancer::keystone_admin - default: true - - name: tripleo::loadbalancer::keystone_public - default: true - - name: tripleo::loadbalancer::neutron - default: true - - name: tripleo::loadbalancer::cinder - default: true - - name: tripleo::loadbalancer::glance_api - default: true - - name: tripleo::loadbalancer::glance_registry - default: true - - name: tripleo::loadbalancer::nova_ec2 - default: true - - name: tripleo::loadbalancer::nova_osapi - default: true - - name: tripleo::loadbalancer::nova_metadata - default: true - - name: tripleo::loadbalancer::nova_novncproxy - default: true - - name: tripleo::loadbalancer::mysql - default: true - - name: tripleo::loadbalancer::rabbitmq - default: true - - name: tripleo::loadbalancer::swift_proxy_server - default: true - - name: tripleo::loadbalancer::ceilometer - default: true - - name: tripleo::loadbalancer::heat_api - default: true - - name: tripleo::loadbalancer::heat_cloudwatch - default: true - - name: tripleo::loadbalancer::heat_cfn - default: true - outputs: - - name: result - config: - get_file: manifests/loadbalancer.pp - - ControllerLoadbalancerPuppetDeployment: - type: OS::Heat::SoftwareDeployments - properties: - name: puppet_1 - servers: {get_param: servers} - config: {get_resource: ControllerLoadbalancerPuppetConfig} - ControllerPuppetConfig: type: OS::Heat::SoftwareConfig properties: @@ -74,8 +16,6 @@ resources: options: enable_hiera: True enable_facter: False - inputs: - - name: step outputs: - name: result config: @@ -84,16 +24,25 @@ resources: # Step through a series of Puppet runs using the same manifest. # NOTE(dprince): Heat breakpoints would make for a really cool way to step # through breakpoints in a controlled manner across the entire cluster - ControllerPuppetDeploymentServicesBase: + ControllerDeploymentLoadBalancer_Step1: type: OS::Heat::StructuredDeployments properties: - name: puppet_2 servers: {get_param: servers} config: {get_resource: ControllerPuppetConfig} input_values: step: 1 actions: ['CREATE'] # no need for two passes on an UPDATE + ControllerDeploymentServicesBase_Step2: + type: OS::Heat::StructuredDeployments + depends_on: ControllerDeploymentLoadBalancer_Step1 + properties: + servers: {get_param: servers} + config: {get_resource: ControllerPuppetConfig} + input_values: + step: 2 + actions: ['CREATE'] # no need for two passes on an UPDATE + ControllerRingbuilderPuppetConfig: type: OS::Heat::SoftwareConfig properties: @@ -107,18 +56,18 @@ resources: config: get_file: manifests/ringbuilder.pp - ControllerRingbuilderPuppetDeployment: + ControllerRingbuilderDeployment_Step3: type: OS::Heat::StructuredDeployments + depends_on: ControllerDeploymentServicesBase_Step2 properties: - name: puppet_3 servers: {get_param: servers} config: {get_resource: ControllerRingbuilderPuppetConfig} - ControllerPuppetDeploymentOvercloudServices: + ControllerDeploymentOvercloudServices_Step4: type: OS::Heat::StructuredDeployments + depends_on: ControllerRingbuilderDeployment_Step3 properties: - name: puppet_4 servers: {get_param: servers} config: {get_resource: ControllerPuppetConfig} input_values: - step: 2 + step: 3 diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml index 3e2957f9..0c623aaf 100644 --- a/puppet/controller-puppet.yaml +++ b/puppet/controller-puppet.yaml @@ -24,6 +24,14 @@ parameters: description: The password for the ceilometer service account. type: string hidden: true + CinderEnableIscsiBackend: + default: true + description: Whether to enable or not the Iscsi backend for Cinder + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean CinderISCSIHelper: default: tgtadm description: The iSCSI helper to use with cinder. @@ -129,6 +137,9 @@ parameters: type: string default: '' hidden: true + HeatAuthEncryptionKey: + description: Auth encryption key for heat-engine + type: string Image: type: string default: overcloud-control @@ -433,12 +444,15 @@ resources: - - 'http://' - {get_param: VirtualIP} - ':8000/v1/waitcondition' + heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} admin_password: {get_param: AdminPassword} admin_token: {get_param: AdminToken} neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} debug: {get_param: Debug} + cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} cinder_password: {get_param: CinderPassword} + cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} cinder_iscsi_helper: {get_param: CinderISCSIHelper} cinder_dsn: list_join: @@ -477,6 +491,18 @@ resources: - - 'mysql://keystone:unset@' - {get_param: VirtualIP} - '/keystone' + keystone_identity_uri: + list_join: + - '' + - - 'http://' + - {get_param: VirtualIP} + - ':35357/' + keystone_auth_uri: + list_join: + - '' + - - 'http://' + - {get_param: VirtualIP} + - ':5000/v2.0/' mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} mysql_root_password: {get_param: MysqlRootPassword} mysql_cluster_name: @@ -588,7 +614,8 @@ resources: controller_host: {get_input: controller_host} #local-ipv4 # Swift swift::proxy::proxy_local_net_ip: {get_input: controller_host} - swift::proxy::authtoken::auth_host: {get_input: controller_virtual_ip} + swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri} + swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri} swift::storage::all::storage_local_net_ip: {get_input: controller_host} swift::swift_hash_suffix: {get_input: swift_hash_suffix} swift::proxy::authtoken::admin_password: {get_input: swift_password} @@ -601,20 +628,24 @@ resources: # See: https://review.openstack.org/#/c/109225/ tripleo::ringbuilder::build_ring: True # Cinder + cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend} cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size} - cinder::volume::iscsi::iscsi_helper: {get_input: cinder_iscsi_helper} - cinder::volume::iscsi::iscsi_ip_address: {get_input: controller_host} + cinder_iscsi_helper: {get_input: cinder_iscsi_helper} + cinder_iscsi_ip_address: {get_input: controller_host} cinder::database_connection: {get_input: cinder_dsn} cinder::api::keystone_password: {get_input: cinder_password} - cinder::api::keystone_auth_host: {get_input: controller_virtual_ip} + cinder::api::auth_uri: {get_input: keystone_auth_uri} + cinder::api::identity_uri: {get_input: keystone_identity_uri} cinder::api::bind_host: {get_input: controller_host} cinder::rabbit_userid: {get_input: rabbit_username} cinder::rabbit_password: {get_input: rabbit_password} + cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend} #cinder::debug: {get_input: debug} # Glance glance::api::bind_port: {get_input: glance_port} glance::api::bind_host: {get_input: controller_host} - glance::api::auth_host: {get_input: controller_virtual_ip} + glance::api::auth_uri: {get_input: keystone_auth_uri} + glance::api::identity_uri: {get_input: keystone_identity_uri} glance::api::registry_host: {get_input: controller_host} glance::api::keystone_password: {get_input: glance_password} # used to construct glance_api_servers @@ -627,7 +658,8 @@ resources: glance::registry::keystone_password: {get_input: glance_password} glance::registry::database_connection: {get_input: glance_dsn} glance::registry::bind_host: {get_input: controller_host} - glance::registry::auth_host: {get_input: controller_virtual_ip} + glance::registry::auth_uri: {get_input: keystone_auth_uri} + glance::registry::identity_uri: {get_input: keystone_identity_uri} glance::backend::swift::swift_store_auth_address: {get_input: glance_swift_store_auth_address} glance::backend::swift::swift_store_user: service:glance glance::backend::swift::swift_store_key: {get_input: glance_password} @@ -636,11 +668,12 @@ resources: heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url} heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url} heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url} - heat::engine::auth_encryption_key: unset___________ + heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key} heat::rabbit_userid: {get_input: rabbit_username} heat::rabbit_password: {get_input: rabbit_password} heat::rabbit_host: {get_input: controller_virtual_ip} - heat::keystone_host: {get_input: controller_virtual_ip} + heat::auth_uri: {get_input: keystone_auth_uri} + heat::identity_uri: {get_input: keystone_identity_uri} heat::keystone_password: {get_input: heat_password} heat::api::bind_host: {get_input: controller_host} heat::api_cloudwatch::bind_host: {get_input: controller_host} @@ -669,7 +702,8 @@ resources: neutron::rabbit_password: {get_input: rabbit_password} neutron::rabbit_user: {get_input: rabbit_user} #neutron::debug: {get_input: debug} - neutron::server::auth_host: {get_input: controller_virtual_ip} + neutron::server::auth_uri: {get_input: keystone_auth_uri} + neutron::server::identity_uri: {get_input: keystone_identity_uri} neutron::server::database_connection: {get_input: neutron_dsn} neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} neutron::agents::ml2::ovs::local_ip: {get_input: controller_host} @@ -699,7 +733,8 @@ resources: ceilometer::rabbit_host: {get_input: controller_virtual_ip} ceilometer::api::host: {get_input: controller_host} ceilometer::api::keystone_password: {get_input: ceilometer_password} - ceilometer::api::keystone_host: {get_input: controller_virtual_ip} + ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri} + ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri} ceilometer::db::database_connection: {get_input: ceilometer_dsn} ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} @@ -707,7 +742,8 @@ resources: # Nova nova::rabbit_userid: {get_input: rabbit_username} nova::rabbit_password: {get_input: rabbit_password} - nova::api::auth_host: {get_input: controller_virtual_ip} + nova::api::auth_uri: {get_input: keystone_auth_uri} + nova::api::identity_uri: {get_input: keystone_identity_uri} nova::api::api_bind_address: {get_input: controller_host} nova::api::metadata_listen: {get_input: controller_host} nova::api::admin_password: {get_input: nova_password} @@ -730,6 +766,11 @@ resources: controller_virtual_ip: {get_input: controller_virtual_ip} public_virtual_interface: {get_input: public_virtual_interface} public_virtual_ip: {get_input: public_virtual_ip} + tripleo::loadbalancer::controller_host: {get_input: controller_host} + tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface} + tripleo::loadbalancer::controller_virtual_ip: {get_input: controller_virtual_ip} + tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} + tripleo::loadbalancer::public_virtual_ip: {get_input: public_virtual_ip} enable_package_install: {get_input: enable_package_install} outputs: diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml index 995de2cf..a908b43b 100644 --- a/puppet/hieradata/ceph.yaml +++ b/puppet/hieradata/ceph.yaml @@ -5,3 +5,9 @@ ceph::profile::params::osd_pool_default_size: 3 ceph::profile::params::osd_pool_default_min_size: 1 ceph::profile::params::manage_repo: false ceph::profile::params::authentication_type: cephx + +ceph_openstack_default_cap_mon: 'allow r' +ceph_openstack_default_cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms' +ceph_pools: + - volumes + - vms diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index 8d5c88fd..a72c4850 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -10,6 +10,11 @@ nova::compute::vnc_enabled: true nova::compute::libvirt::vncserver_listen: '0.0.0.0' nova::compute::libvirt::migration_support: true +nova::compute::rbd::libvirt_rbd_user: 'openstack' +nova::compute::rbd::rbd_keyring: 'client.openstack' +nova::compute::rbd::libvirt_images_rbd_pool: 'vms' +nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" + neutron::plugins::ml2::tunnel_id_ranges: ['1:1000'] ceilometer::agent::auth::auth_tenant_name: 'service' diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 39d2a487..47f358a9 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -71,3 +71,21 @@ heat::engine::configure_delegated_roles: false heat::engine::trusts_delegated_roles: [] mysql::server::manage_config_file: true + +tripleo::loadbalancer::keystone_admin: true +tripleo::loadbalancer::keystone_public: true +tripleo::loadbalancer::neutron: true +tripleo::loadbalancer::cinder: true +tripleo::loadbalancer::glance_api: true +tripleo::loadbalancer::glance_registry: true +tripleo::loadbalancer::nova_ec2: true +tripleo::loadbalancer::nova_osapi: true +tripleo::loadbalancer::nova_metadata: true +tripleo::loadbalancer::nova_novncproxy: true +tripleo::loadbalancer::mysql: true +tripleo::loadbalancer::rabbitmq: true +tripleo::loadbalancer::swift_proxy_server: true +tripleo::loadbalancer::ceilometer: true +tripleo::loadbalancer::heat_api: true +tripleo::loadbalancer::heat_cloudwatch: true +tripleo::loadbalancer::heat_cfn: true diff --git a/puppet/manifests/loadbalancer.pp b/puppet/manifests/loadbalancer.pp deleted file mode 100644 index 88e6bdd4..00000000 --- a/puppet/manifests/loadbalancer.pp +++ /dev/null @@ -1,386 +0,0 @@ -# Copyright 2014 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if !str2bool(hiera('enable_package_install', 'false')) { - case $::osfamily { - 'RedHat': { - Package { provider => 'norpm' } # provided by tripleo-puppet - } - default: { - warning('enable_package_install option not supported.') - } - } -} - -class tripleo::loadbalancer ( - $keystone_admin = false, - $keystone_public = false, - $neutron = false, - $cinder = false, - $glance_api = false, - $glance_registry = false, - $nova_ec2 = false, - $nova_osapi = false, - $nova_metadata = false, - $nova_novncproxy = false, - $ceilometer = false, - $swift_proxy_server = false, - $heat_api = false, - $heat_cloudwatch = false, - $heat_cfn = false, - $horizon = false, - $mysql = false, - $rabbitmq = false, -) { - - case $::osfamily { - 'RedHat': { - $keepalived_name_is_process = false - $keepalived_vrrp_script = 'systemctl status haproxy.service' - } # RedHat - 'Debian': { - $keepalived_name_is_process = true - $keepalived_vrrp_script = undef - } - } - - class { 'keepalived': } - keepalived::vrrp_script { 'haproxy': - name_is_process => $keepalived_name_is_process, - script => $keepalived_vrrp_script, - } - - # KEEPALIVE INSTANCE CONTROL - keepalived::instance { '51': - interface => hiera('control_virtual_interface'), - virtual_ips => [join([hiera('controller_virtual_ip'), ' dev ', hiera('control_virtual_interface')])], - state => 'MASTER', - track_script => ['haproxy'], - priority => 101, - } - - # KEEPALIVE INSTANCE PUBLIC - keepalived::instance { '52': - interface => hiera('public_virtual_interface'), - virtual_ips => [join([hiera('public_virtual_ip'), ' dev ', hiera('public_virtual_interface')])], - state => 'MASTER', - track_script => ['haproxy'], - priority => 101, - } - - sysctl::value { 'net.ipv4.ip_nonlocal_bind': value => '1' } - - class { 'haproxy': - global_options => { - 'log' => '/dev/log local0', - 'pidfile' => '/var/run/haproxy.pid', - 'user' => 'haproxy', - 'group' => 'haproxy', - 'daemon' => '', - 'maxconn' => '4000', - }, - defaults_options => { - 'mode' => 'tcp', - 'log' => 'global', - 'retries' => '3', - 'maxconn' => '150', - 'option' => [ 'tcpka', 'tcplog' ], - 'timeout' => [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], - }, - } - - haproxy::listen { 'haproxy.stats': - ipaddress => '*', - ports => '1993', - mode => 'http', - options => { - 'stats' => 'enable', - }, - collect_exported => false, - } - - if $keystone_admin { - haproxy::listen { 'keystone_admin': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 35357, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'keystone_admin': - listening_service => 'keystone_admin', - ports => '35357', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $keystone_public { - haproxy::listen { 'keystone_public': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 5000, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'keystone_public': - listening_service => 'keystone_public', - ports => '5000', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $neutron { - haproxy::listen { 'neutron': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 9696, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'neutron': - listening_service => 'neutron', - ports => '9696', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $cinder { - haproxy::listen { 'cinder': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8776, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'cinder': - listening_service => 'cinder', - ports => '8776', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $glance_api { - haproxy::listen { 'glance_api': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 9292, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'glance_api': - listening_service => 'glance_api', - ports => '9292', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - - if $glance_registry { - haproxy::listen { 'glance_registry': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 9191, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'glance_registry': - listening_service => 'glance_registry', - ports => '9191', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $nova_ec2 { - haproxy::listen { 'nova_ec2': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8773, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'nova_ec2': - listening_service => 'nova_ec2', - ports => '8773', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $nova_osapi { - haproxy::listen { 'nova_osapi': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8774, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'nova_osapi': - listening_service => 'nova_osapi', - ports => '8774', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $nova_metadata { - haproxy::listen { 'nova_metadata': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8775, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'nova_metadata': - listening_service => 'nova_metadata', - ports => '8775', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $nova_novncproxy { - haproxy::listen { 'nova_novncproxy': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 6080, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'nova_novncproxy': - listening_service => 'nova_novncproxy', - ports => '6080', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $ceilometer { - haproxy::listen { 'ceilometer': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8777, - collect_exported => false, - } - haproxy::balancermember { 'ceilometer': - listening_service => 'ceilometer', - ports => '8777', - ipaddresses => hiera('controller_host'), - options => [], - } - } - - if $swift_proxy_server { - haproxy::listen { 'swift_proxy_server': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8080, - options => { 'option' => [ 'httpchk GET /info' ] }, - collect_exported => false, - } - haproxy::balancermember { 'swift_proxy_server': - listening_service => 'swift_proxy_server', - ports => '8080', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $heat_api { - haproxy::listen { 'heat_api': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8004, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'heat_api': - listening_service => 'heat_api', - ports => '8004', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $heat_cloudwatch { - haproxy::listen { 'heat_cloudwatch': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8003, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'heat_cloudwatch': - listening_service => 'heat_cloudwatch', - ports => '8003', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $heat_cfn { - haproxy::listen { 'heat_cfn': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 8000, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'heat_cfn': - listening_service => 'heat_cfn', - ports => '8000', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $horizon { - haproxy::listen { 'horizon': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 80, - options => { 'option' => [ 'httpchk GET /' ] }, - collect_exported => false, - } - haproxy::balancermember { 'horizon': - listening_service => 'horizon', - ports => '80', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $mysql { - haproxy::listen { 'mysql': - ipaddress => [hiera('controller_virtual_ip')], - ports => 3306, - options => { 'timeout' => [ 'client 0', 'server 0' ] }, - collect_exported => false, - } - haproxy::balancermember { 'mysql': - listening_service => 'mysql', - ports => '3306', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - - if $rabbitmq { - haproxy::listen { 'rabbitmq': - ipaddress => [hiera('controller_virtual_ip'), hiera('public_virtual_ip')], - ports => 5672, - options => { 'timeout' => [ 'client 0', 'server 0' ] }, - collect_exported => false, - } - haproxy::balancermember { 'rabbitmq': - listening_service => 'rabbitmq', - ports => '5672', - ipaddresses => hiera('controller_host'), - options => ['check', 'inter 2000', 'rise 2', 'fall 5'], - } - } - -} - -include ::tripleo::loadbalancer diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index cff0548f..63ead74f 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -42,6 +42,18 @@ nova_config { 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; } +$nova_enable_rbd_backend = hiera('nova_enable_rbd_backend', false) +if $nova_enable_rbd_backend { + include ::ceph::profile::client + include ::nova::compute::rbd + ceph::key { 'client.openstack' : + secret => hiera('ceph::profile::params::mon_key'), + cap_mon => hiera('ceph_openstack_default_cap_mon'), + cap_osd => hiera('ceph_openstack_default_cap_osd'), + user => 'nova', + } +} + include ::nova::compute::libvirt include ::nova::network::neutron include ::neutron diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index fef749c5..41363039 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -26,6 +26,12 @@ if !str2bool(hiera('enable_package_install', 'false')) { if hiera('step') >= 1 { + include ::tripleo::loadbalancer + +} + +if hiera('step') >= 2 { + if count(hiera('ntp::servers')) > 0 { include ::ntp } @@ -150,17 +156,29 @@ if hiera('step') >= 1 { # pre-install swift here so we can build rings include ::swift - # don't install Ceph if FSID is not provided - if hiera('ceph::profile::params::fsid', false) { + $cinder_enable_rbd_backend = hiera('cinder_enable_rbd_backend', false) + $enable_ceph = $cinder_enable_rbd_backend + + if $enable_ceph { class { 'ceph::profile::params': mon_initial_members => downcase(hiera('ceph_mon_initial_members')) } include ::ceph::profile::mon } -} #END STEP 1 + if $cinder_enable_rbd_backend { + ceph::key { 'client.openstack' : + secret => hiera('ceph::profile::params::mon_key'), + cap_mon => hiera('ceph_openstack_default_cap_mon'), + cap_osd => hiera('ceph_openstack_default_cap_osd'), + user => 'cinder', + inject => 'true', + } + } -if hiera('step') >= 2 { +} #END STEP 2 + +if hiera('step') >= 3 { include ::keystone @@ -258,11 +276,52 @@ if hiera('step') >= 2 { include ::cinder::glance include ::cinder::scheduler include ::cinder::volume - include ::cinder::volume::iscsi class {'cinder::setup_test_volume': size => join([hiera('cinder_lvm_loop_device_size'), 'M']), } + $cinder_enable_iscsi = hiera('cinder_enable_iscsi_backend', true) + if $cinder_enable_iscsi { + $cinder_iscsi_backend = 'tripleo_iscsi' + + cinder::backend::iscsi { $cinder_iscsi_backend : + iscsi_ip_address => hiera('cinder_iscsi_ip_address'), + iscsi_helper => hiera('cinder_iscsi_helper'), + } + } + + if $enable_ceph { + + Ceph_pool { + pg_num => hiera('ceph::profile::params::osd_pool_default_pg_num'), + pgp_num => hiera('ceph::profile::params::osd_pool_default_pgp_num'), + size => hiera('ceph::profile::params::osd_pool_default_size'), + } + + $ceph_pools = hiera('ceph_pools') + ceph::pool { $ceph_pools : } + } + + if $cinder_enable_rbd_backend { + $cinder_rbd_backend = 'tripleo_ceph' + + cinder_config { + "${cinder_rbd_backend}/host": value => 'hostgroup'; + } + + cinder::backend::rbd { $cinder_rbd_backend : + rbd_pool => 'volumes', + rbd_user => 'openstack', + rbd_secret_uuid => hiera('ceph::profile::params::fsid'), + require => Ceph::Pool['volumes'], + } + } + + $cinder_enabled_backends = concat(any2array($cinder_iscsi_backend), $cinder_rbd_backend) + class { '::cinder::backends' : + enabled_backends => $cinder_enabled_backends, + } + # swift proxy include ::memcached include ::swift::proxy @@ -327,4 +386,4 @@ if hiera('step') >= 2 { snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } -} #END STEP 2 +} #END STEP 3 diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp index b433321a..3d7cb490 100644 --- a/puppet/manifests/overcloud_volume.pp +++ b/puppet/manifests/overcloud_volume.pp @@ -30,9 +30,23 @@ if count(hiera('ntp::servers')) > 0 { include ::cinder include ::cinder::volume -include ::cinder::volume::iscsi include ::cinder::setup_test_volume +$cinder_enable_iscsi = hiera('cinder_enable_iscsi_backend', true) +if $cinder_enable_iscsi { + $cinder_iscsi_backend = 'tripleo_iscsi' + + cinder::backend::iscsi { $cinder_iscsi_backend : + iscsi_ip_address => hiera('cinder_iscsi_ip_address'), + iscsi_helper => hiera('cinder_iscsi_helper'), + } +} + +$cinder_enabled_backends = any2array($cinder_iscsi_backend) +class { '::cinder::backends' : + enabled_backends => $cinder_enabled_backends, +} + $snmpd_user = hiera('snmpd_readonly_user_name') snmp::snmpv3_user { $snmpd_user: authtype => 'MD5', diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml index 89cf9733..3f069319 100644 --- a/puppet/swift-storage-post.yaml +++ b/puppet/swift-storage-post.yaml @@ -18,10 +18,9 @@ resources: config: get_file: manifests/overcloud_object.pp - StoragePuppetDeployment: + StorageDeployment_Step1: type: OS::Heat::StructuredDeployments properties: - name: puppet_1 servers: {get_param: servers} config: {get_resource: StoragePuppetConfig} @@ -34,9 +33,9 @@ resources: config: get_file: manifests/ringbuilder.pp - StorageRingbuilderPuppetDeployment: + StorageRingbuilderDeployment_Step2: type: OS::Heat::StructuredDeployments + depends_on: StorageDeployment_Step1 properties: - name: puppet_2 servers: {get_param: servers} config: {get_resource: StorageRingbuilderPuppetConfig} |