aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/ceph-cluster-config.yaml15
-rw-r--r--puppet/ceph-storage.yaml18
-rw-r--r--puppet/cinder-storage.yaml20
-rw-r--r--puppet/compute.yaml33
-rw-r--r--puppet/controller.yaml31
-rw-r--r--puppet/extraconfig/ceph/ceph-external-config.yaml8
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml2
-rw-r--r--puppet/hieradata/common.yaml2
-rw-r--r--puppet/hieradata/compute.yaml1
-rw-r--r--puppet/hieradata/controller.yaml8
-rw-r--r--puppet/hieradata/volume.yaml2
-rw-r--r--puppet/manifests/overcloud_cephstorage.pp8
-rw-r--r--puppet/manifests/overcloud_compute.pp55
-rw-r--r--puppet/manifests/overcloud_controller.pp64
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp59
-rw-r--r--puppet/manifests/overcloud_object.pp2
-rw-r--r--puppet/manifests/overcloud_volume.pp4
-rw-r--r--puppet/swift-storage.yaml18
19 files changed, 318 insertions, 34 deletions
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml
index 96198c3f..dc2f98ed 100644
--- a/puppet/ceph-cluster-config.yaml
+++ b/puppet/ceph-cluster-config.yaml
@@ -39,6 +39,9 @@ parameters:
CephClientUserName:
default: openstack
type: string
+ CephIPv6:
+ default: False
+ type: boolean
resources:
CephClusterConfigImpl:
@@ -50,15 +53,25 @@ resources:
datafiles:
ceph_cluster:
mapped_data:
+ ceph_ipv6: {get_param: CephIPv6}
ceph_storage_count: {get_param: ceph_storage_count}
ceph_mon_initial_members:
list_join:
- ','
- {get_param: ceph_mon_names}
- ceph::profile::params::mon_host:
+ ceph_mon_host:
list_join:
- ','
- {get_param: ceph_mon_ips}
+ ceph_mon_host_v6:
+ str_replace:
+ template: "'[IPS_LIST]'"
+ params:
+ IPS_LIST:
+ list_join:
+ - '],['
+ - {get_param: ceph_mon_ips}
+ ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6}
ceph::profile::params::fsid: {get_param: ceph_fsid}
ceph::profile::params::mon_key: {get_param: ceph_mon_key}
# We should use a separated key for the non-admin clients
diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml
index 88120b9c..d2988926 100644
--- a/puppet/ceph-storage.yaml
+++ b/puppet/ceph-storage.yaml
@@ -62,6 +62,9 @@ parameters:
description: |
Role specific additional hiera configuration to inject into the cluster.
type: json
+ CephStorageIPs:
+ default: {}
+ type: json
NetworkDeploymentActions:
type: comma_delimited_list
description: >
@@ -90,6 +93,9 @@ parameters:
type: json
description: Optional scheduler hints to pass to nova
default: {}
+ NodeIndex:
+ type: number
+ default: 0
resources:
CephStorage:
@@ -135,31 +141,43 @@ resources:
type: OS::TripleO::CephStorage::Ports::ExternalPort
properties:
ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: CephStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
InternalApiPort:
type: OS::TripleO::CephStorage::Ports::InternalApiPort
properties:
ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: CephStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
StoragePort:
type: OS::TripleO::CephStorage::Ports::StoragePort
properties:
ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: CephStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
StorageMgmtPort:
type: OS::TripleO::CephStorage::Ports::StorageMgmtPort
properties:
ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: CephStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
TenantPort:
type: OS::TripleO::CephStorage::Ports::TenantPort
properties:
ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: CephStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
ManagementPort:
type: OS::TripleO::CephStorage::Ports::ManagementPort
properties:
ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: CephStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
NetworkConfig:
type: OS::TripleO::CephStorage::Net::SoftwareConfig
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index 09c4d3e3..888f3cf8 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -9,7 +9,7 @@ parameters:
description: Whether to enable or not the Iscsi backend for Cinder
type: boolean
CinderISCSIHelper:
- default: tgtadm
+ default: lioadm
description: The iSCSI helper to use with cinder.
type: string
CinderLVMLoopDeviceSize:
@@ -38,6 +38,9 @@ parameters:
description: |
Role specific additional hiera configuration to inject into the cluster.
type: json
+ BlockStorageIPs:
+ default: {}
+ type: json
Flavor:
description: Flavor for block storage nodes to request when deploying.
type: string
@@ -141,6 +144,9 @@ parameters:
type: json
description: Optional scheduler hints to pass to nova
default: {}
+ NodeIndex:
+ type: number
+ default: 0
resources:
@@ -187,31 +193,43 @@ resources:
type: OS::TripleO::BlockStorage::Ports::ExternalPort
properties:
ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: BlockStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
InternalApiPort:
type: OS::TripleO::BlockStorage::Ports::InternalApiPort
properties:
ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: BlockStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
StoragePort:
type: OS::TripleO::BlockStorage::Ports::StoragePort
properties:
ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: BlockStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
StorageMgmtPort:
type: OS::TripleO::BlockStorage::Ports::StorageMgmtPort
properties:
ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: BlockStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
TenantPort:
type: OS::TripleO::BlockStorage::Ports::TenantPort
properties:
ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: BlockStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
ManagementPort:
type: OS::TripleO::BlockStorage::Ports::ManagementPort
properties:
ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: BlockStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
NetworkConfig:
type: OS::TripleO::BlockStorage::Net::SoftwareConfig
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index 58ca71e7..ee5bced6 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -195,6 +195,9 @@ parameters:
default: 'dvr_snat'
description: Agent mode for the neutron-l3-agent on the controller hosts
type: string
+ NodeIndex:
+ type: number
+ default: 0
NovaApiHost:
type: string
default: '' # Has to be here because of the ignored empty value bug
@@ -207,6 +210,9 @@ parameters:
NovaCompute specific configuration to inject into the cluster. Same
structure as ExtraConfig.
type: json
+ NovaComputeIPs:
+ default: {}
+ type: json
NovaComputeLibvirtType:
type: string
default: kvm
@@ -218,6 +224,10 @@ parameters:
default: false
description: Whether to enable or not the Rbd backend for Nova
type: boolean
+ NovaIPv6:
+ default: false
+ description: Enable IPv6 features in Nova
+ type: boolean
NovaPassword:
description: The password for the nova service account, used by nova-api.
type: string
@@ -378,31 +388,43 @@ resources:
type: OS::TripleO::Compute::Ports::ExternalPort
properties:
ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
+ IPPool: {get_param: NovaComputeIPs}
+ NodeIndex: {get_param: NodeIndex}
InternalApiPort:
type: OS::TripleO::Compute::Ports::InternalApiPort
properties:
ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
+ IPPool: {get_param: NovaComputeIPs}
+ NodeIndex: {get_param: NodeIndex}
StoragePort:
type: OS::TripleO::Compute::Ports::StoragePort
properties:
ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
+ IPPool: {get_param: NovaComputeIPs}
+ NodeIndex: {get_param: NodeIndex}
StorageMgmtPort:
type: OS::TripleO::Compute::Ports::StorageMgmtPort
properties:
ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
+ IPPool: {get_param: NovaComputeIPs}
+ NodeIndex: {get_param: NodeIndex}
TenantPort:
type: OS::TripleO::Compute::Ports::TenantPort
properties:
ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
+ IPPool: {get_param: NovaComputeIPs}
+ NodeIndex: {get_param: NodeIndex}
ManagementPort:
type: OS::TripleO::Compute::Ports::ManagementPort
properties:
ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
+ IPPool: {get_param: NovaComputeIPs}
+ NodeIndex: {get_param: NodeIndex}
NetIpMap:
type: OS::TripleO::Network::Ports::NetIpMap
@@ -478,6 +500,7 @@ resources:
raw_data: {get_file: hieradata/compute.yaml}
mapped_data:
cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
+ nova::use_ipv6: {get_input: nova_ipv6}
nova::debug: {get_input: debug}
nova::rabbit_userid: {get_input: rabbit_username}
nova::rabbit_password: {get_input: rabbit_password}
@@ -567,10 +590,18 @@ resources:
nova_api_host: {get_param: NovaApiHost}
nova_password: {get_param: NovaPassword}
nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend}
+ nova_ipv6: {get_param: NovaIPv6}
cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]}
nova_vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
- nova_vncproxy_host: {get_param: [EndpointMap, NovaVNCProxyPublic, host]}
+ # Remove brackets that may come if the IP address is IPv6.
+ # For DNS names and IPv4, this will just get the NovaVNCProxyPublic value
+ nova_vncproxy_host:
+ str_replace:
+ template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]}
+ params:
+ '[': ''
+ ']': ''
nova_vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
nova_ovs_bridge: {get_param: NovaOVSBridge}
nova_security_group_api: {get_param: NovaSecurityGroupAPI}
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index 494347ff..a873ce8a 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -32,6 +32,10 @@ parameters:
description: The password for the ceilometer service and db account.
type: string
hidden: true
+ CeilometerStoreEvents:
+ default: false
+ description: Whether to store events in ceilometer.
+ type: boolean
CinderApiVirtualIP:
type: string
default: ''
@@ -57,7 +61,7 @@ parameters:
description: Whether to enable or not the Rbd backend for Cinder
type: boolean
CinderISCSIHelper:
- default: tgtadm
+ default: lioadm
description: The iSCSI helper to use with cinder.
type: string
CinderLVMLoopDeviceSize:
@@ -234,7 +238,7 @@ parameters:
type: string
hidden: true
HeatStackDomainAdminPassword:
- description: Password for heat_domain_admin user.
+ description: Password for heat_stack_domain_admin user.
type: string
hidden: true
HeatAuthEncryptionKey:
@@ -613,6 +617,14 @@ parameters:
default: 16384
description: Configures RabbitMQ FD limit
type: string
+ RabbitIPv6:
+ default: false
+ description: Enable IPv6 in RabbitMQ
+ type: boolean
+ RedisPassword:
+ type: string
+ description: The password to access the Redis service
+ hidden: true
RedisVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
@@ -1135,12 +1147,14 @@ resources:
ceilometer_backend: {get_param: CeilometerBackend}
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
+ ceilometer_store_events: {get_param: CeilometerStoreEvents}
ceilometer_coordination_url:
list_join:
- ''
- - 'redis://'
- {get_param: RedisVirtualIPUri}
- - ':6379'
+ - ':6379/?password='
+ - {get_param: RedisPassword}
ceilometer_dsn:
list_join:
- ''
@@ -1180,6 +1194,7 @@ resources:
rabbit_cookie: {get_param: RabbitCookie}
rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
rabbit_client_port: {get_param: RabbitClientPort}
+ rabbit_ipv6: {get_param: RabbitIPv6}
mongodb_no_journal: {get_param: MongoDbNoJournal}
mongodb_ipv6: {get_param: MongoDbIPv6}
# We need to force this into quotes or hiera will return integer causing
@@ -1232,6 +1247,7 @@ resources:
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
+ redis_password: {get_param: RedisPassword}
redis_vip: {get_param: RedisVirtualIP}
sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
@@ -1285,7 +1301,7 @@ resources:
mapped_data:
ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
ceph::profile::params::public_network: {get_input: ceph_public_network}
- ceph::mon::public_addr: {get_input: ceph_public_ip}
+ ceph::profile::params::public_addr: {get_input: ceph_public_ip}
database:
raw_data: {get_file: hieradata/database.yaml}
object:
@@ -1400,9 +1416,11 @@ resources:
heat::debug: {get_input: debug}
heat::db::mysql::password: {get_input: heat_password}
heat_enable_db_purge: {get_input: heat_enable_db_purge}
+ heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password}
# Keystone
keystone::admin_token: {get_input: admin_token}
+ keystone::roles::admin::password: {get_input: admin_password}
keystone_ca_certificate: {get_input: keystone_ca_certificate}
keystone_signing_key: {get_input: keystone_signing_key}
keystone_signing_certificate: {get_input: keystone_signing_certificate}
@@ -1526,6 +1544,7 @@ resources:
ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
+ ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events}
ceilometer::db::mysql::password: {get_input: ceilometer_password}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
@@ -1597,8 +1616,12 @@ resources:
rabbitmq::file_limit: {get_input: rabbit_fd_limit}
rabbitmq::default_user: {get_input: rabbit_username}
rabbitmq::default_pass: {get_input: rabbit_password}
+ rabbit_ipv6: {get_input: rabbit_ipv6}
# Redis
redis::bind: {get_input: redis_network}
+ redis::requirepass: {get_input: redis_password}
+ redis::masterauth: {get_input: redis_password}
+ redis::sentinel_auth_pass: {get_input: redis_password}
redis_vip: {get_input: redis_vip}
# Firewall
tripleo::firewall::manage_firewall: {get_input: manage_firewall}
diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml
index ebd6c251..312d49a0 100644
--- a/puppet/extraconfig/ceph/ceph-external-config.yaml
+++ b/puppet/extraconfig/ceph/ceph-external-config.yaml
@@ -41,6 +41,9 @@ parameters:
CephClientUserName:
default: openstack
type: string
+ CephIPv6:
+ default: False
+ type: boolean
resources:
CephClusterConfigImpl:
@@ -54,7 +57,9 @@ resources:
mapped_data:
ceph_storage_count: {get_param: ceph_storage_count}
enable_external_ceph: true
- ceph::profile::params::mon_host: {get_param: ceph_external_mon_ips}
+ ceph_ipv6: {get_param: CephIPv6}
+ ceph_mon_host: {get_param: ceph_external_mon_ips}
+ ceph_mon_host_v6: {get_param: ceph_external_mon_ips}
ceph::profile::params::fsid: {get_param: ceph_fsid}
ceph::profile::params::client_keys:
str_replace:
@@ -72,6 +77,7 @@ resources:
NOVA_POOL: {get_param: NovaRbdPoolName}
CINDER_POOL: {get_param: CinderRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
+ ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6}
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
index 905f196d..9b6981bb 100644
--- a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-11-12
+heat_template_version: 2015-10-15
description: Configure hieradata for Cinder Dell Storage Center configuration
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
index c73608f1..36db334e 100644
--- a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-11-06
+heat_template_version: 2015-10-15
description: Configure hieradata for Cinder Eqlx configuration
diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml
index 7a5e54d8..98cec364 100644
--- a/puppet/hieradata/common.yaml
+++ b/puppet/hieradata/common.yaml
@@ -31,6 +31,8 @@ sysctl_settings:
value: 0
net.ipv6.conf.default.autoconf:
value: 0
+ net.core.netdev_max_backlog:
+ value: 10000
nova::rabbit_heartbeat_timeout_threshold: 60
neutron::rabbit_heartbeat_timeout_threshold: 60
diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml
index 572eef9f..865210c9 100644
--- a/puppet/hieradata/compute.yaml
+++ b/puppet/hieradata/compute.yaml
@@ -7,7 +7,6 @@ nova::compute::instance_usage_audit: true
nova::compute::instance_usage_audit_period: 'hour'
nova::compute::vnc_enabled: true
-nova::compute::libvirt::vncserver_listen: '0.0.0.0'
nova::compute::libvirt::migration_support: true
nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}"
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index f97bda11..288d224f 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -1,4 +1,5 @@
# Hiera data here applies to all controller nodes
+
nova::api::enabled: true
nova::conductor::enabled: true
nova::consoleauth::enabled: true
@@ -29,6 +30,9 @@ redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
+# keystone
+keystone::roles::admin::email: 'root@localhost'
+
# service tenant
glance::api::keystone_tenant: 'service'
glance::registry::keystone_tenant: 'service'
@@ -100,6 +104,7 @@ ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
cinder::cron::db_purge::destination: '/dev/null'
cinder::host: hostgroup
+cinder_user_enabled_backends: []
# heat
heat::engine::configure_delegated_roles: false
@@ -109,6 +114,9 @@ heat::cron::purge_deleted::age: 30
heat::cron::purge_deleted::age_type: 'days'
heat::cron::purge_deleted::maxdelay: 3600
heat::cron::purge_deleted::destination: '/dev/null'
+heat::keystone::domain::domain_name: 'heat_stack'
+heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
+heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost'
# pacemaker
pacemaker::corosync::cluster_name: 'tripleo_cluster'
diff --git a/puppet/hieradata/volume.yaml b/puppet/hieradata/volume.yaml
index f4cd78a9..8640c0a7 100644
--- a/puppet/hieradata/volume.yaml
+++ b/puppet/hieradata/volume.yaml
@@ -9,4 +9,6 @@ cinder::config::cinder_config:
DEFAULT/swift_catalog_info:
value: 'object-store:swift:internalURL'
+cinder_user_enabled_backends: []
+
volume_classes: [] \ No newline at end of file
diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp
index 0db5b45a..fd7faff1 100644
--- a/puppet/manifests/overcloud_cephstorage.pp
+++ b/puppet/manifests/overcloud_cephstorage.pp
@@ -40,6 +40,14 @@ if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
} -> Class['ceph::profile::osd']
}
+if str2bool(hiera('ceph_ipv6', false)) {
+ $mon_host = hiera('ceph_mon_host_v6')
+} else {
+ $mon_host = hiera('ceph_mon_host')
+}
+class { '::ceph::profile::params':
+ mon_host => $mon_host,
+}
include ::ceph::conf
include ::ceph::profile::client
include ::ceph::profile::osd
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index 7925f50a..b7f65f53 100644
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -53,14 +53,17 @@ include ::nova
include ::nova::config
include ::nova::compute
-nova_config {
- 'DEFAULT/my_ip': value => $ipaddress;
- 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver';
-}
-
$rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false)
$rbd_persistent_storage = hiera('rbd_persistent_storage', false)
if $rbd_ephemeral_storage or $rbd_persistent_storage {
+ if str2bool(hiera('ceph_ipv6', false)) {
+ $mon_host = hiera('ceph_mon_host_v6')
+ } else {
+ $mon_host = hiera('ceph_mon_host')
+ }
+ class { '::ceph::profile::params':
+ mon_host => $mon_host,
+ }
include ::ceph::conf
include ::ceph::profile::client
@@ -82,7 +85,42 @@ if hiera('cinder_enable_nfs_backend', false) {
package {'nfs-utils': } -> Service['nova-compute']
}
-include ::nova::compute::libvirt
+if str2bool(hiera('nova::use_ipv6', false)) {
+ $vncserver_listen = '::0'
+} else {
+ $vncserver_listen = '0.0.0.0'
+}
+class { '::nova::compute::libvirt' :
+ vncserver_listen => $vncserver_listen,
+}
+
+# TUNNELLED mode provides a security enhancement when using shared storage but is not
+# supported when not using shared storage.
+# See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12
+if $rbd_ephemeral_storage {
+ $block_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED, VIR_MIGRATE_NON_SHARED_INC'
+ $live_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED'
+} else {
+ $block_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_NON_SHARED_INC'
+ $live_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE'
+}
+
+nova_config {
+ 'DEFAULT/my_ip': value => $ipaddress;
+ 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver';
+ 'DEFAULT/host': value => $fqdn;
+ # In future versions of Nova, the live/block migration flags will be deprecated [1].
+ # Tunnelling (encryption) will be handled via a single _new_ Nova
+ # config attribute 'live_migration_tunnelled'[2], thus
+ # avoiding users to have to supply libvirt flags.
+ # In future versions of QEMU (2.6, mostly), Dan's native encryption
+ # work will obsolete the need to use TUNNELLED transport mode.
+ # [1] https://review.openstack.org/#/c/263436/
+ # [2] https://review.openstack.org/#/c/263434/
+ 'libvirt/block_migration_flag': value => $block_migration_flag;
+ 'libvirt/live_migration_flag': value => $live_migration_flag;
+}
+
if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
file {'/etc/libvirt/qemu.conf':
ensure => present,
@@ -146,6 +184,9 @@ else {
}
}
+neutron_config {
+ 'DEFAULT/host': value => $fqdn;
+}
include ::ceilometer
include ::ceilometer::config
@@ -159,7 +200,7 @@ snmp::snmpv3_user { $snmpd_user:
}
class { '::snmp':
agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
+ snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
hiera_include('compute_classes')
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index e9483e6a..9e5c556a 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -48,14 +48,24 @@ if hiera('step') >= 2 {
include ::mongodb::globals
include ::mongodb::server
- $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017')
+ # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and
+ # without the brackets as 'members' argument for the 'mongodb_replset'
+ # resource.
+ if str2bool(hiera('mongodb::server::ipv6', false)) {
+ $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[')
+ $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017')
+ $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017')
+ } else {
+ $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017')
+ $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017')
+ }
$mongo_node_string = join($mongo_node_ips_with_port, ',')
$mongodb_replset = hiera('mongodb::server::replset')
$ceilometer_mongodb_conn_string = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}"
if downcase(hiera('bootstrap_nodeid')) == $::hostname {
mongodb_replset { $mongodb_replset :
- members => $mongo_node_ips_with_port,
+ members => $mongo_node_ips_with_port_nobr,
}
}
}
@@ -117,13 +127,23 @@ if hiera('step') >= 2 {
$rabbit_nodes = hiera('rabbit_node_ips')
if count($rabbit_nodes) > 1 {
+
+ $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false))
+ if $rabbit_ipv6 {
+ $rabbit_env = merge(hiera('rabbitmq_environment'), {
+ 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"'
+ })
+ } else {
+ $rabbit_env = hiera('rabbitmq_environment')
+ }
+
class { '::rabbitmq':
config_cluster => true,
cluster_nodes => $rabbit_nodes,
tcp_keepalive => false,
config_kernel_variables => hiera('rabbitmq_kernel_variables'),
config_variables => hiera('rabbitmq_config_variables'),
- environment_variables => hiera('rabbitmq_environment'),
+ environment_variables => $rabbit_env,
}
rabbitmq_policy { 'ha-all@/':
pattern => '^(?!amq\.).*',
@@ -141,8 +161,15 @@ if hiera('step') >= 2 {
$enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false)
if $enable_ceph {
+ $mon_initial_members = downcase(hiera('ceph_mon_initial_members'))
+ if str2bool(hiera('ceph_ipv6', false)) {
+ $mon_host = hiera('ceph_mon_host_v6')
+ } else {
+ $mon_host = hiera('ceph_mon_host')
+ }
class { '::ceph::profile::params':
- mon_initial_members => downcase(hiera('ceph_mon_initial_members')),
+ mon_initial_members => $mon_initial_members,
+ mon_host => $mon_host,
}
include ::ceph::conf
include ::ceph::profile::mon
@@ -168,6 +195,14 @@ if hiera('step') >= 2 {
}
if str2bool(hiera('enable_external_ceph', false)) {
+ if str2bool(hiera('ceph_ipv6', false)) {
+ $mon_host = hiera('ceph_mon_host_v6')
+ } else {
+ $mon_host = hiera('ceph_mon_host')
+ }
+ class { '::ceph::profile::params':
+ mon_host => $mon_host,
+ }
include ::ceph::conf
include ::ceph::profile::client
}
@@ -509,7 +544,7 @@ if hiera('step') >= 3 {
$cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend])
class { '::cinder::backends' :
- enabled_backends => $cinder_enabled_backends,
+ enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')),
}
# swift proxy
@@ -603,7 +638,7 @@ if hiera('step') >= 3 {
}
class { '::snmp':
agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
+ snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
hiera_include('controller_classes')
@@ -628,6 +663,23 @@ if hiera('step') >= 4 {
if $heat_enable_db_purge {
include ::heat::cron::purge_deleted
}
+
+ if downcase(hiera('bootstrap_nodeid')) == $::hostname {
+ include ::keystone::roles::admin
+ # Class ::heat::keystone::domain has to run on bootstrap node
+ # because it creates DB entities via API calls.
+ include ::heat::keystone::domain
+
+ Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain']
+ } else {
+ # On non-bootstrap node we don't need to create Keystone resources again
+ class { '::heat::keystone::domain':
+ manage_domain => false,
+ manage_user => false,
+ manage_role => false,
+ }
+ }
+
} #END STEP 4
$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')])
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 8980afaf..38639a52 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -100,12 +100,21 @@ if hiera('step') >= 1 {
# avoid races where non-master nodes attempt to start without
# config (eg. binding on 0.0.0.0)
# The module ignores erlang_cookie if cluster_config is false
+ $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false))
+ if $rabbit_ipv6 {
+ $rabbit_env = merge(hiera('rabbitmq_environment'), {
+ 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"'
+ })
+ } else {
+ $rabbit_env = hiera('rabbitmq_environment')
+ }
+
class { '::rabbitmq':
service_manage => false,
tcp_keepalive => false,
config_kernel_variables => hiera('rabbitmq_kernel_variables'),
config_variables => hiera('rabbitmq_config_variables'),
- environment_variables => hiera('rabbitmq_environment'),
+ environment_variables => $rabbit_env,
} ->
file { '/var/lib/rabbitmq/.erlang.cookie':
ensure => file,
@@ -192,8 +201,19 @@ if hiera('step') >= 1 {
if hiera('step') >= 2 {
# NOTE(gfidente): the following vars are needed on all nodes so they
- # need to stay out of pacemaker_master conditional
- $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017')
+ # need to stay out of pacemaker_master conditional.
+ # The addresses mangling will hopefully go away when we'll be able to
+ # configure the connection string via hostnames, until then, we need to pass
+ # the list of IPv6 addresses *with* port and without the brackets as 'members'
+ # argument for the 'mongodb_replset' resource.
+ if str2bool(hiera('mongodb::server::ipv6', false)) {
+ $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[')
+ $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017')
+ $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017')
+ } else {
+ $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017')
+ $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017')
+ }
$mongodb_replset = hiera('mongodb::server::replset')
if $pacemaker_master {
@@ -422,7 +442,7 @@ if hiera('step') >= 2 {
before => Mongodb_replset[$mongodb_replset],
}
mongodb_replset { $mongodb_replset :
- members => $mongo_node_ips_with_port,
+ members => $mongo_node_ips_with_port_nobr,
}
}
@@ -517,8 +537,15 @@ MYSQL_HOST=localhost\n",
$enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false)
if $enable_ceph {
+ $mon_initial_members = downcase(hiera('ceph_mon_initial_members'))
+ if str2bool(hiera('ceph_ipv6', false)) {
+ $mon_host = hiera('ceph_mon_host_v6')
+ } else {
+ $mon_host = hiera('ceph_mon_host')
+ }
class { '::ceph::profile::params':
- mon_initial_members => downcase(hiera('ceph_mon_initial_members')),
+ mon_initial_members => $mon_initial_members,
+ mon_host => $mon_host,
}
include ::ceph::conf
include ::ceph::profile::mon
@@ -544,6 +571,14 @@ MYSQL_HOST=localhost\n",
}
if str2bool(hiera('enable_external_ceph', false)) {
+ if str2bool(hiera('ceph_ipv6', false)) {
+ $mon_host = hiera('ceph_mon_host_v6')
+ } else {
+ $mon_host = hiera('ceph_mon_host')
+ }
+ class { '::ceph::profile::params':
+ mon_host => $mon_host,
+ }
include ::ceph::conf
include ::ceph::profile::client
}
@@ -950,7 +985,7 @@ if hiera('step') >= 3 {
$cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend])
class { '::cinder::backends' :
- enabled_backends => $cinder_enabled_backends,
+ enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')),
}
class { '::sahara':
@@ -1097,7 +1132,7 @@ if hiera('step') >= 3 {
}
class { '::snmp':
agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
+ snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
hiera_include('controller_classes')
@@ -1816,6 +1851,16 @@ if hiera('step') >= 5 {
class {'::keystone::endpoint' :
require => Pacemaker::Resource::Service[$::apache::params::service_name],
}
+ include ::heat::keystone::domain
+ Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain']
+
+ } else {
+ # On non-master controller we don't need to create Keystone resources again
+ class { '::heat::keystone::domain':
+ manage_domain => false,
+ manage_user => false,
+ manage_role => false,
+ }
}
} #END STEP 5
diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp
index 1ac66904..ae074589 100644
--- a/puppet/manifests/overcloud_object.pp
+++ b/puppet/manifests/overcloud_object.pp
@@ -50,7 +50,7 @@ snmp::snmpv3_user { $snmpd_user:
}
class { '::snmp':
agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
+ snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
hiera_include('object_classes')
diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp
index 72cd36c3..134dc43b 100644
--- a/puppet/manifests/overcloud_volume.pp
+++ b/puppet/manifests/overcloud_volume.pp
@@ -44,7 +44,7 @@ if $cinder_enable_iscsi {
$cinder_enabled_backends = any2array($cinder_iscsi_backend)
class { '::cinder::backends' :
- enabled_backends => $cinder_enabled_backends,
+ enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')),
}
$snmpd_user = hiera('snmpd_readonly_user_name')
@@ -54,7 +54,7 @@ snmp::snmpv3_user { $snmpd_user:
}
class { '::snmp':
agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
+ snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
hiera_include('volume_classes')
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index 3b04be83..c26aca77 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -83,6 +83,9 @@ parameters:
description: |
Role specific additional hiera configuration to inject into the cluster.
type: json
+ SwiftStorageIPs:
+ default: {}
+ type: json
NetworkDeploymentActions:
type: comma_delimited_list
description: >
@@ -111,6 +114,9 @@ parameters:
type: json
description: Optional scheduler hints to pass to nova
default: {}
+ NodeIndex:
+ type: number
+ default: 0
resources:
@@ -156,31 +162,43 @@ resources:
type: OS::TripleO::SwiftStorage::Ports::ExternalPort
properties:
ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: SwiftStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
InternalApiPort:
type: OS::TripleO::SwiftStorage::Ports::InternalApiPort
properties:
ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: SwiftStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
StoragePort:
type: OS::TripleO::SwiftStorage::Ports::StoragePort
properties:
ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: SwiftStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
StorageMgmtPort:
type: OS::TripleO::SwiftStorage::Ports::StorageMgmtPort
properties:
ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: SwiftStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
TenantPort:
type: OS::TripleO::SwiftStorage::Ports::TenantPort
properties:
ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: SwiftStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
ManagementPort:
type: OS::TripleO::SwiftStorage::Ports::ManagementPort
properties:
ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: SwiftStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
NetworkConfig:
type: OS::TripleO::ObjectStorage::Net::SoftwareConfig