diff options
Diffstat (limited to 'puppet')
120 files changed, 922 insertions, 475 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 644c1938..69bb1935 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -2,6 +2,16 @@ heat_template_version: 2016-10-14 description: 'All Nodes Config for Puppet' parameters: + cloud_name_external: + type: string + cloud_name_internal_api: + type: string + cloud_name_storage: + type: string + cloud_name_storage_mgmt: + type: string + cloud_name_management: + type: string hosts: type: comma_delimited_list # FIXME(shardy) this can be comma_delimited_list when @@ -12,22 +22,26 @@ parameters: type: comma_delimited_list service_ips: type: json + service_node_names: + type: json controller_names: type: comma_delimited_list - rabbit_node_ips: - type: comma_delimited_list memcache_node_ips: type: comma_delimited_list keystone_public_api_node_ips: type: comma_delimited_list keystone_admin_api_node_ips: type: comma_delimited_list - ceph_mon_node_ips: - type: comma_delimited_list - ceph_mon_node_names: - type: comma_delimited_list + NetVipMap: + type: json + RedisVirtualIP: + type: string + default: '' + ServiceNetMap: + type: json DeployIdentifier: type: string + default: '' description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. @@ -78,6 +92,7 @@ resources: str_split: [',', {get_param: enabled_services}] # provides a mapping of service_name_ips to a list of IPs - {get_param: service_ips} + - {get_param: service_node_names} - controller_node_ips: list_join: - ',' @@ -86,18 +101,6 @@ resources: list_join: - ',' - {get_param: controller_names} - galera_node_names: - list_join: - - ',' - - {get_param: controller_names} - rabbitmq_node_ips: &rabbit_nodes_array - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: rabbit_node_ips} memcached_node_ips_v6: str_replace: template: "['inet6:[SERVERS_LIST]']" @@ -122,39 +125,64 @@ resources: list_join: - "','" - {get_param: keystone_admin_api_node_ips} - tripleo::profile::base::ceph::ceph_mon_initial_members: - list_join: - - ',' - - {get_param: ceph_mon_node_names} - tripleo::profile::base::ceph::ceph_mon_host: - list_join: - - ',' - - {get_param: ceph_mon_node_ips} - tripleo::profile::base::ceph::ceph_mon_host_v6: - str_replace: - template: "'[IPS_LIST]'" - params: - IPS_LIST: - list_join: - - '],[' - - {get_param: ceph_mon_node_ips} - # NOTE(gfidente): interpolation with %{} in the - # hieradata file can't be used as it returns string - ceilometer::rabbit_hosts: *rabbit_nodes_array - aodh::rabbit_hosts: *rabbit_nodes_array - cinder::rabbit_hosts: *rabbit_nodes_array - glance::notify::rabbitmq::rabbit_hosts: *rabbit_nodes_array - manila::rabbit_hosts: *rabbit_nodes_array - heat::rabbit_hosts: *rabbit_nodes_array - neutron::rabbit_hosts: *rabbit_nodes_array - nova::rabbit_hosts: *rabbit_nodes_array - keystone::rabbit_hosts: *rabbit_nodes_array - sahara::rabbit_hosts: *rabbit_nodes_array - ironic::rabbit_hosts: *rabbit_nodes_array deploy_identifier: {get_param: DeployIdentifier} update_identifier: {get_param: UpdateIdentifier} stack_action: {get_param: StackAction} + vip_data: + mapped_data: + map_merge: + # Dynamically generate per-service VIP data based on enabled_services + # This works as follows (outer->inner functions) + # yaql - filters services where no mapping exists in ServiceNetMap + # map_replace: substitute e.g internal_api with the IP from NetVipMap + # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap + # map_merge/repeat: generate a per-service mapping + - yaql: + # This filters any entries where the value hasn't been substituted for + # a list, e.g it's still $service_network. This happens when there is + # no network defined for the service in the ServiceNetMap, which is OK + # as not all services have to be bound to a network, so we filter them + expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) + data: + map: + map_replace: + - map_replace: + - map_merge: + repeat: + template: + SERVICE_vip: SERVICE_network + for_each: + SERVICE: + str_split: [',', {get_param: enabled_services}] + - values: {get_param: ServiceNetMap} + - values: {get_param: NetVipMap} + - keystone_admin_api_vip: + get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}] + keystone_public_api_vip: + get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}] + public_virtual_ip: {get_param: [NetVipMap, external]} + controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} + internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} + storage_virtual_ip: {get_param: [NetVipMap, storage]} + storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} + redis_vip: {get_param: RedisVirtualIP} + # public_virtual_ip and controller_virtual_ip are needed in + # both HAproxy & keepalived. + tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]} + tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} + tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]} + tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} + tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} + tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]} + tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} + tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP} + tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]} + cloud_name_external: {get_param: cloud_name_external} + cloud_name_internal_api: {get_param: cloud_name_internal_api} + cloud_name_storage: {get_param: cloud_name_storage} + cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt} + cloud_name_management: {get_param: cloud_name_management} outputs: config_id: diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml index a83e0cfe..df6b7249 100644 --- a/puppet/ceph-storage-post.yaml +++ b/puppet/ceph-storage-post.yaml @@ -15,6 +15,7 @@ parameters: default: {} DeployIdentifier: type: string + default: '' description: Value which changes if the node configuration may need to be re-applied resources: diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index 829456b5..5ba2c298 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -90,6 +90,9 @@ parameters: ServiceNames: type: comma_delimited_list default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -245,13 +248,16 @@ resources: - extraconfig - service_names - service_configs + - bootstrap_node # provided by allNodesConfig - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig - '"%{::osfamily}"' merge_behavior: deeper datafiles: service_names: mapped_data: service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} service_configs: mapped_data: map_replace: diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml index 6416c43e..0620bc6c 100644 --- a/puppet/cinder-storage-post.yaml +++ b/puppet/cinder-storage-post.yaml @@ -10,6 +10,7 @@ parameters: type: json DeployIdentifier: type: string + default: '' description: Value which changes if the node configuration may need to be re-applied RoleData: type: json diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index ef3f08ff..699a0969 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -30,14 +30,6 @@ parameters: default: default description: Name of an existing Nova key pair to enable SSH access to the instances type: string - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true UpdateIdentifier: default: '' type: string @@ -92,6 +84,9 @@ parameters: ServiceNames: type: comma_delimited_list default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -232,8 +227,6 @@ resources: server: {get_resource: BlockStorage} config: {get_resource: BlockStorageConfig} input_values: - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} # Map heat metadata into hiera datafiles @@ -251,13 +244,16 @@ resources: - service_names - service_configs - volume + - bootstrap_node # provided by allNodesConfig - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig - '"%{::osfamily}"' merge_behavior: deeper datafiles: service_names: mapped_data: service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} service_configs: mapped_data: map_replace: @@ -270,8 +266,6 @@ resources: volume: mapped_data: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} # Resource for site-specific injection of root certificate NodeTLSCAData: diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml index d0c6082c..358ec5a8 100644 --- a/puppet/compute-post.yaml +++ b/puppet/compute-post.yaml @@ -15,6 +15,7 @@ parameters: default: {} DeployIdentifier: type: string + default: '' description: Value which changes if the node configuration may need to be re-applied resources: diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 1790aa0d..e74d1a54 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -107,6 +107,9 @@ parameters: ServiceNames: type: comma_delimited_list default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -258,7 +261,9 @@ resources: - service_names - service_configs - compute + - bootstrap_node # provided by allNodesConfig - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig - '"%{::osfamily}"' - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre @@ -271,6 +276,7 @@ resources: service_names: mapped_data: service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} service_configs: mapped_data: map_replace: diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml index 4af6cb46..c97c3bc8 100644 --- a/puppet/controller-post.yaml +++ b/puppet/controller-post.yaml @@ -15,6 +15,7 @@ parameters: default: {} DeployIdentifier: type: string + default: '' description: Value which changes if the node configuration may need to be re-applied resources: diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 28fd08da..1656aea7 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -23,18 +23,10 @@ parameters: ... } type: json - CorosyncIPv6: - default: false - description: Enable IPv6 in Corosync - type: boolean Debug: default: '' description: Set to True to enable debugging on all services. type: string - EnableFencing: - default: false - description: Whether to enable fencing in Pacemaker or not. - type: boolean EnableLoadBalancer: default: true description: Whether to deploy a LoadBalancer on the Controller @@ -45,48 +37,12 @@ parameters: Additional hieradata to inject into the cluster, note that ControllerExtraConfig takes precedence over ExtraConfig. type: json - FencingConfig: - default: {} - description: | - Pacemaker fencing configuration. The JSON should have - the following structure: - { - "devices": [ - { - "agent": "AGENT_NAME", - "host_mac": "HOST_MAC_ADDRESS", - "params": {"PARAM_NAME": "PARAM_VALUE"} - } - ] - } - For instance: - { - "devices": [ - { - "agent": "fence_xvm", - "host_mac": "52:54:00:aa:bb:cc", - "params": { - "multicast_address": "225.0.0.12", - "port": "baremetal_0", - "manage_fw": true, - "manage_key_file": true, - "key_file": "/etc/fence_xvm.key", - "key_file_password": "abcdef" - } - } - ] - } - type: json OvercloudControlFlavor: description: Flavor for control nodes to request when deploying. default: baremetal type: string constraints: - custom_constraint: nova.flavor - HorizonSecret: - description: Secret key for Django - type: string - hidden: true controllerImage: type: string default: overcloud-full @@ -96,76 +52,20 @@ parameters: default: 'REBUILD_PRESERVE_EPHEMERAL' description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. type: string - InstanceNameTemplate: - default: 'instance-%08x' - description: Template string to be used to generate instance names - type: string KeyName: default: default description: Name of an existing Nova key pair to enable SSH access to the instances type: string constraints: - custom_constraint: nova.keypair - ManageFirewall: - default: false - description: Whether to manage IPtables rules. - type: boolean - MemcachedIPv6: - default: false - description: Enable IPv6 features in Memcached. - type: boolean - PurgeFirewallRules: - default: false - description: Whether IPtables rules should be purged before setting up the new ones. - type: boolean - NeutronMetadataProxySharedSecret: - description: Shared secret to prevent spoofing - type: string - hidden: true - NeutronPassword: - description: The password for the neutron service and db account, used by neutron agents. - type: string - hidden: true NeutronPublicInterface: default: nic1 description: What interface to bridge onto br-ex for network nodes. type: string - NovaEnableDBPurge: - default: true - description: | - Whether to create cron job for purging soft deleted rows in Nova database. - type: boolean - NovaIPv6: - default: false - description: Enable IPv6 features in Nova - type: boolean - NovaPassword: - description: The password for the nova service and db account, used by nova-api. - type: string - hidden: true - PcsdPassword: - type: string - description: The password for the 'pcsd' user. - hidden: true - RedisPassword: - description: The password for Redis - type: string - hidden: true - RedisVirtualIP: - type: string - default: '' # Has to be here because of the ignored empty value bug - RedisVirtualIPUri: - type: string - default: '' # Has to be here because of the ignored empty value bug - description: An IP address which is wrapped in brackets in case of IPv6 SwiftRawDisks: default: {} description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' type: json - UpgradeLevelNovaCompute: - type: string - description: Nova Compute upgrade level - default: '' ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -225,6 +125,9 @@ parameters: ServiceNames: type: comma_delimited_list default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -392,45 +295,8 @@ resources: server: {get_resource: Controller} input_values: bootstack_nodeid: {get_attr: [Controller, name]} - horizon_secret: {get_param: HorizonSecret} - debug: {get_param: Debug} - keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } - enable_fencing: {get_param: EnableFencing} enable_load_balancer: {get_param: EnableLoadBalancer} - manage_firewall: {get_param: ManageFirewall} - purge_firewall_rules: {get_param: PurgeFirewallRules} - neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - nova_enable_db_purge: {get_param: NovaEnableDBPurge} - nova_ipv6: {get_param: NovaIPv6} - corosync_ipv6: {get_param: CorosyncIPv6} - memcached_ipv6: {get_param: MemcachedIPv6} - nova_password: {get_param: NovaPassword} - upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute} - instance_name_template: {get_param: InstanceNameTemplate} - fencing_config: {get_param: FencingConfig} - pcsd_password: {get_param: PcsdPassword} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} - glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]} - neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} - nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} - horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} - horizon_subnet: - str_replace: - template: "['SUBNET']" - params: - SUBNET: - get_attr: - - NetIpMap - - net_ip_map - - str_replace: - template: "NETWORK_subnet" - params: - NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} - redis_vip: {get_param: RedisVirtualIP} - ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]} # Map heat metadata into hiera datafiles ControllerConfig: @@ -448,9 +314,9 @@ resources: - service_names - controller - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - - bootstrap_node # provided by BootstrapNodeConfig + - bootstrap_node # provided by allNodesConfig - all_nodes # provided by allNodesConfig - - vip_data # provided by vip-config + - vip_data # provided by allNodesConfig - '"%{::osfamily}"' - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre @@ -465,6 +331,7 @@ resources: service_names: mapped_data: service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} service_configs: mapped_data: map_replace: @@ -482,44 +349,9 @@ resources: bootstack_nodeid: {get_input: bootstack_nodeid} # Pacemaker - enable_fencing: {get_input: enable_fencing} enable_load_balancer: {get_input: enable_load_balancer} - hacluster_pwd: {get_input: pcsd_password} - corosync_ipv6: {get_input: corosync_ipv6} - tripleo::fencing::config: {get_input: fencing_config} - - # Neutron - neutron::bind_host: {get_input: neutron_api_network} - neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network} - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - - # Nova - nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute} - nova::use_ipv6: {get_input: nova_ipv6} - nova::api::api_bind_address: {get_input: nova_api_network} - nova::api::metadata_listen: {get_input: nova_metadata_network} - nova::glance_api_servers: {get_input: glance_api_servers} - nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} - nova::api::instance_name_template: {get_input: instance_name_template} - nova::vncproxy::host: {get_input: nova_api_network} - nova_enable_db_purge: {get_input: nova_enable_db_purge} - # Horizon - apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet} - apache::ip: {get_input: horizon_network} - horizon::django_debug: {get_input: debug} - horizon::secret_key: {get_input: horizon_secret} - horizon::bind_address: {get_input: horizon_network} - horizon::keystone_url: {get_input: keystone_auth_uri} - - # Redis - redis_vip: {get_input: redis_vip} - # Firewall - tripleo::firewall::manage_firewall: {get_input: manage_firewall} - tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules} # Misc - memcached_ipv6: {get_input: memcached_ipv6} tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -654,20 +486,6 @@ outputs: template: "NETWORK_uri" params: NETWORK: {get_param: [ServiceNetMap, SwiftMgmtNetwork]} - swift_proxy_memcache: - description: Swift proxy-memcache value - value: - str_replace: - template: "IP:11211" - params: - IP: - get_attr: - - NetIpMap - - net_ip_map - - str_replace: - template: "NETWORK_uri" - params: - NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]} tls_key_modulus_md5: description: MD5 checksum of the TLS Key Modulus value: {get_attr: [NodeTLSData, key_modulus_md5]} diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 4308052b..65afffad 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionAodhApi: + default: 'overcloud-ceilometer-aodh-api' + type: string resources: AodhBase: @@ -27,14 +30,23 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + outputs: role_data: description: Role data for the Aodh API service. value: service_name: aodh_api + monitoring_subscription: {get_param: MonitoringSubscriptionAodhApi} config_settings: map_merge: - get_attr: [AodhBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] - aodh::wsgi::apache::ssl: false aodh::api::service_name: 'httpd' tripleo.aodh_api.firewall_rules: diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 15f81953..187345ad 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -77,7 +77,7 @@ outputs: - {get_param: [EndpointMap, MysqlInternal, host]} - '/aodh' aodh::debug: {get_param: Debug} - aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri] } + aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::rabbit_userid: {get_param: RabbitUserName} aodh::rabbit_password: {get_param: RabbitPassword} aodh::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml index 3988c940..405c500e 100644 --- a/puppet/services/aodh-evaluator.yaml +++ b/puppet/services/aodh-evaluator.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionAodhEvaluator: + default: 'overcloud-ceilometer-aodh-evaluator' + type: string resources: AodhBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Aodh Evaluator service. value: service_name: aodh_evaluator + monitoring_subscription: {get_param: MonitoringSubscriptionAodhEvaluator} config_settings: get_attr: [AodhBase, role_data, config_settings] step_config: | diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml index bc1ccde7..fc4e8b39 100644 --- a/puppet/services/aodh-listener.yaml +++ b/puppet/services/aodh-listener.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionAodhListener: + default: 'overcloud-ceilometer-aodh-listener' + type: string resources: AodhBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Aodh Listener service. value: service_name: aodh_listener + monitoring_subscription: {get_param: MonitoringSubscriptionAodhListener} config_settings: get_attr: [AodhBase, role_data, config_settings] step_config: | diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml index 66e9f3e9..2e51c639 100644 --- a/puppet/services/aodh-notifier.yaml +++ b/puppet/services/aodh-notifier.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionAodhNotifier: + default: 'overcloud-ceilometer-aodh-notifier' + type: string resources: AodhBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Aodh Notifier service. value: service_name: aodh_notifier + monitoring_subscription: {get_param: MonitoringSubscriptionAodhNotifier} config_settings: get_attr: [AodhBase, role_data, config_settings] step_config: | diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml new file mode 100644 index 00000000..7595e4c3 --- /dev/null +++ b/puppet/services/apache.yaml @@ -0,0 +1,42 @@ +heat_template_version: 2016-10-14 + +description: > + Apache service configured with Puppet. Note this is typically included + automatically via other services which run via Apache. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the Apache role. + value: + service_name: apache + config_settings: + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]} + apache::server_signature: 'Off' + apache::server_tokens: 'Prod' + apache_remote_proxy_ips_network: + str_replace: + template: "NETWORK_subnet" + params: + NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]} + apache::mod::remoteip::proxy_ips: + - "%{hiera('apache_remote_proxy_ips_network')}" diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index 72bad632..5d980d79 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -22,6 +22,9 @@ parameters: description: The password for the redis service account. type: string hidden: true + MonitoringSubscriptionCeilometerCentral: + default: 'overcloud-ceilometer-agent-central' + type: string resources: CeilometerServiceBase: @@ -36,6 +39,7 @@ outputs: description: Role data for the Ceilometer Central Agent role. value: service_name: ceilometer_agent_central + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral} config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml index 5bfecfed..5457539c 100644 --- a/puppet/services/ceilometer-agent-compute.yaml +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCeilometerCompute: + default: 'overcloud-ceilometer-agent-compute' + type: string resources: CeilometerServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Ceilometer Compute Agent role. value: service_name: ceilometer_agent_compute + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCompute} config_settings: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml index 7873706d..bedb8b04 100644 --- a/puppet/services/ceilometer-agent-notification.yaml +++ b/puppet/services/ceilometer-agent-notification.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCeilometerNotification: + default: 'overcloud-ceilometer-agent-notification' + type: string resources: @@ -33,6 +36,7 @@ outputs: description: Role data for the Ceilometer Notification Agent role. value: service_name: ceilometer_agent_notification + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerNotification} config_settings: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index 201a2b7b..5df9f2b3 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCeilometerApi: + default: 'overcloud-ceilometer-api' + type: string resources: @@ -28,13 +31,22 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + outputs: role_data: description: Role data for the Ceilometer API role. value: service_name: ceilometer_api + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerApi} config_settings: map_merge: + - get_attr: [ApacheServiceBase, role_data, config_settings] - get_attr: [CeilometerServiceBase, role_data, config_settings] - tripleo.ceilometer_api.firewall_rules: '124 ceilometer': diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml index ef7ffbd6..9dbb2759 100644 --- a/puppet/services/ceilometer-collector.yaml +++ b/puppet/services/ceilometer-collector.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCeilometerCollector: + default: 'overcloud-ceilometer-collector' + type: string resources: CeilometerServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Ceilometer Collector role. value: service_name: ceilometer_collector + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCollector} config_settings: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml index 63a6d41d..3b811c4d 100644 --- a/puppet/services/ceilometer-expirer.yaml +++ b/puppet/services/ceilometer-expirer.yaml @@ -18,7 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - + MonitoringSubscriptionCeilometerExpirer: + default: 'overcloud-ceilometer-expirer' + type: string resources: CeilometerServiceBase: @@ -33,6 +35,7 @@ outputs: description: Role data for the Ceilometer Expirer role. value: service_name: ceilometer_expirer + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerExpirer} config_settings: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index 4d98546d..ce8d9158 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -20,9 +20,6 @@ parameters: CephClusterFSID: type: string description: The Ceph cluster FSID. Must be a UUID. - CephIPv6: - default: False - type: boolean CinderRbdPoolName: default: volumes type: string @@ -72,7 +69,6 @@ outputs: value: service_name: ceph_base config_settings: - tripleo::profile::base::ceph::ceph_ipv6: {get_param: CephIPv6} tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage} ceph::profile::params::osd_pool_default_min_size: 1 ceph::profile::params::osds: {/srv/data: {}} @@ -93,8 +89,8 @@ outputs: str_replace: template: "NETWORK_subnet" params: - NETWORK: {get_param: [ServiceNetMap, CephPublicNetwork]} - ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephPublicNetwork]} + NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]} + ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]} ceph::profile::params::client_keys: str_replace: template: "{ diff --git a/puppet/services/ceph-client.yaml b/puppet/services/ceph-client.yaml index a9e4621a..b482dd2e 100644 --- a/puppet/services/ceph-client.yaml +++ b/puppet/services/ceph-client.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCephClient: + default: 'overcloud-ceph-client' + type: string resources: CephBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Cinder OSD service. value: service_name: ceph_client + monitoring_subscription: {get_param: MonitoringSubscriptionCephClient} config_settings: get_attr: [CephBase, role_data, config_settings] step_config: | diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index 959cee26..52c4824f 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -47,12 +47,16 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCephExternal: + default: 'overcloud-ceph-external' + type: string outputs: role_data: description: Role data for the Ceph External service. value: service_name: ceph_external + monitoring_subscription: {get_param: MonitoringSubscriptionCephExternal} config_settings: tripleo::profile::base::ceph::ceph_mon_host: {get_param: CephExternalMonHost} ceph::profile::params::fsid: {get_param: CephClusterFSID} diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index f634ce8a..a2b3f13e 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -53,6 +53,9 @@ parameters: } default: {} type: json + MonitoringSubscriptionCephMon: + default: 'overcloud-ceph-mon' + type: string resources: CephBase: @@ -67,6 +70,7 @@ outputs: description: Role data for the Ceph Monitor service. value: service_name: ceph_mon + monitoring_subscription: {get_param: MonitoringSubscriptionCephMon} config_settings: map_merge: - get_attr: [CephBase, role_data, config_settings] diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml index d18ccabf..f6378720 100644 --- a/puppet/services/ceph-osd.yaml +++ b/puppet/services/ceph-osd.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCephOsd: + default: 'overcloud-ceph-osd' + type: string resources: CephBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Cinder OSD service. value: service_name: ceph_osd + monitoring_subscription: {get_param: MonitoringSubscriptionCephOsd} config_settings: map_merge: - get_attr: [CephBase, role_data, config_settings] diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 5df0739f..94c94a65 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -31,6 +31,9 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionCinderApi: + default: 'overcloud-cinder-api' + type: string resources: @@ -46,6 +49,7 @@ outputs: description: Role data for the Cinder API role. value: service_name: cinder_api + monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi} config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] diff --git a/puppet/services/cinder-backup.yaml b/puppet/services/cinder-backup.yaml index f92fdfdb..80795457 100644 --- a/puppet/services/cinder-backup.yaml +++ b/puppet/services/cinder-backup.yaml @@ -30,6 +30,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCinderBackup: + default: 'overcloud-cinder-backup' + type: string resources: @@ -45,6 +48,7 @@ outputs: description: Role data for the Cinder Backup role. value: service_name: cinder_backup + monitoring_subscription: {get_param: MonitoringSubscriptionCinderBackup} config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml index 129706b1..1326e267 100644 --- a/puppet/services/cinder-scheduler.yaml +++ b/puppet/services/cinder-scheduler.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCinderScheduler: + default: 'overcloud-cinder-scheduler' + type: string resources: @@ -33,6 +36,7 @@ outputs: description: Role data for the Cinder Scheduler role. value: service_name: cinder_scheduler + monitoring_subscription: {get_param: MonitoringSubscriptionCinderScheduler} config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index de7e6bab..c84c784e 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -56,6 +56,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCinderVolume: + default: 'overcloud-cinder-volume' + type: string resources: @@ -71,6 +74,7 @@ outputs: description: Role data for the Cinder Volume role. value: service_name: cinder_volume + monitoring_subscription: {get_param: MonitoringSubscriptionCinderVolume} config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] @@ -95,10 +99,6 @@ outputs: # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: - str_replace: - template: "NETWORK_uri" - params: - NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]} + tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]} step_config: | include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index d2376af3..adc1b4cb 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -73,12 +73,16 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionGlanceApi: + default: 'overcloud-glance-api' + type: string outputs: role_data: description: Role data for the Glance API role. value: service_name: glance_api + monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi} config_settings: glance::api::database_connection: list_join: @@ -90,14 +94,14 @@ outputs: - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} - glance::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - glance::api::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } glance::api::registry_host: str_replace: template: "'REGISTRY_HOST'" params: REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]} - glance::api::keystone_password: {get_param: GlancePassword} + glance::api::authtoken::password: {get_param: GlancePassword} glance::api::enable_proxy_headers_parsing: true glance::api::debug: {get_param: Debug} glance::api::workers: {get_param: GlanceWorkers} @@ -128,7 +132,7 @@ outputs: - 9292 - 13292 glance::keystone::auth::tenant: 'service' - glance::api::keystone_tenant: 'service' + glance::api::authtoken::project_name: 'service' glance::api::pipeline: 'keystone' glance::api::show_image_direct_url: true # NOTE: bind IP is found in Heat replacing the network name with the diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml index 06ef9379..d5f01d46 100644 --- a/puppet/services/glance-registry.yaml +++ b/puppet/services/glance-registry.yaml @@ -30,12 +30,16 @@ parameters: default: 0 description: Number of workers for Glance service. type: number + MonitoringSubscriptionGlanceRegistry: + default: 'overcloud-glance-registry' + type: string outputs: role_data: description: Role data for the Glance Registry role. value: service_name: glance_registry + monitoring_subscription: {get_param: MonitoringSubscriptionGlanceRegistry} config_settings: glance::registry::database_connection: list_join: @@ -46,11 +50,11 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' - glance::registry::keystone_password: {get_param: GlancePassword} - glance::registry::keystone_tenant: 'service' + glance::registry::authtoken::password: {get_param: GlancePassword} + glance::registry::authtoken::project_name: 'service' glance::registry::pipeline: 'keystone' - glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } glance::registry::debug: {get_param: Debug} glance::registry::workers: {get_param: GlanceWorkers} glance::db::mysql::user: glance @@ -61,7 +65,6 @@ outputs: - "%{hiera('mysql_bind_host')}" glance::registry::db::database_db_max_retries: -1 glance::registry::db::database_max_retries: -1 - tripleo.glance_registry.firewall_rules: '112 glance_registry': dport: diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index ec42f3f5..650865e2 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -33,8 +33,12 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionGnocchiApi: + default: 'overcloud-gnocchi-api' + type: string resources: + GnocchiServiceBase: type: ./gnocchi-base.yaml properties: @@ -42,13 +46,22 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + outputs: role_data: description: Role data for the Gnocchi role. value: service_name: gnocchi_api + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi} config_settings: map_merge: + - get_attr: [ApacheServiceBase, role_data, config_settings] - get_attr: [GnocchiServiceBase, role_data, config_settings] - tripleo.gnocchi_api.firewall_rules: '129 gnocchi-api': diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml index 205d0552..ebdebd1e 100644 --- a/puppet/services/gnocchi-metricd.yaml +++ b/puppet/services/gnocchi-metricd.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionGnocchiMetricd: + default: 'overcloud-gnocchi-metricd' + type: string resources: GnocchiServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Gnocchi role. value: service_name: gnocchi_metricd + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiMetricd} config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml index 018ad2b1..04339f46 100644 --- a/puppet/services/gnocchi-statsd.yaml +++ b/puppet/services/gnocchi-statsd.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionGnocchiStatsd: + default: 'overcloud-gnocchi-statsd' + type: string resources: GnocchiServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Gnocchi role. value: service_name: gnocchi_statsd + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiStatsd} config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index c0e1c113..974928c5 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -44,38 +44,20 @@ parameters: Specifies the interface where the public-facing virtual ip will be assigned. This should be int_public when a VLAN is being used. type: string + MonitoringSubscriptionHaproxy: + default: 'overcloud-haproxy' + type: string outputs: role_data: description: Role data for the HAproxy role. value: service_name: haproxy + monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy} config_settings: tripleo.haproxy.firewall_rules: '107 haproxy stats': dport: 1993 - # TODO(emilien) make it composable to find which services are actually running - tripleo::haproxy::keystone_admin: true - tripleo::haproxy::keystone_public: true - tripleo::haproxy::neutron: true - tripleo::haproxy::cinder: true - tripleo::haproxy::glance_api: true - tripleo::haproxy::glance_registry: true - tripleo::haproxy::nova_osapi: true - tripleo::haproxy::nova_metadata: true - tripleo::haproxy::nova_novncproxy: true - tripleo::haproxy::mysql: true - tripleo::haproxy::redis: true - tripleo::haproxy::sahara: true - tripleo::haproxy::swift_proxy_server: true - tripleo::haproxy::ceilometer: true - tripleo::haproxy::aodh: true - tripleo::haproxy::gnocchi: true - tripleo::haproxy::heat_api: true - tripleo::haproxy::heat_cloudwatch: true - tripleo::haproxy::heat_cfn: true - tripleo::haproxy::horizon: true - tripleo::haproxy::ironic: true tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress} tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser} tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index a15ea32d..61a69078 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -30,6 +30,9 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionHeatApiCnf: + default: 'overcloud-heat-api-cfn' + type: string resources: HeatBase: @@ -44,6 +47,7 @@ outputs: description: Role data for the Heat CloudFormation API role. value: service_name: heat_api_cfn + monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf} config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index 6d645ee7..c12e56ef 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -22,6 +22,9 @@ parameters: default: 0 description: Number of workers for Heat service. type: number + MonitoringSubscriptionHeatApiCloudwatch: + default: 'overcloud-heat-api-cloudwatch' + type: string resources: HeatBase: @@ -36,6 +39,7 @@ outputs: description: Role data for the Heat Cloudwatch API role. value: service_name: heat_api_cloudwatch + monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCloudwatch} config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index ec3b0e37..64b0c53b 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -30,6 +30,9 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionHeatApi: + default: 'overcloud-heat-api' + type: string resources: HeatBase: @@ -44,6 +47,7 @@ outputs: description: Role data for the Heat API role. value: service_name: heat_api + monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi} config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index 226d2a51..7eb58f56 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -32,6 +32,10 @@ parameters: via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json + HeatPassword: + description: The password for the Heat service and db account, used by the Heat services. + type: string + hidden: true DefaultPasswords: default: {} type: json @@ -60,11 +64,13 @@ outputs: key: 'context_is_admin' value: 'role:admin' heat::rabbit_heartbeat_timeout_threshold: 60 - heat::keystone_tenant: 'service' + heat::keystone::authtoken::project_name: 'service' + heat::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + heat::keystone::authtoken::password: {get_param: HeatPassword} heat::keystone::domain::domain_name: 'heat_stack' heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' - heat::auth_plugin: 'password' heat::cron::purge_deleted::age: 30 heat::cron::purge_deleted::age_type: 'days' heat::cron::purge_deleted::maxdelay: 3600 diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index b230ec1d..089bf531 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -40,6 +40,9 @@ parameters: type: string hidden: true default: '' + MonitoringSubscriptionHeatEngine: + default: 'overcloud-heat-engine' + type: string resources: HeatBase: @@ -54,6 +57,7 @@ outputs: description: Role data for the Heat Engine role. value: service_name: heat_engine + monitoring_subscription: {get_param: MonitoringSubscriptionHeatEngine} config_settings: map_merge: - get_attr: [HeatBase, role_data, config_settings] @@ -71,8 +75,6 @@ outputs: - {get_param: [EndpointMap, MysqlInternal, host]} - '/heat' heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} - heat::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - heat::keystone_password: {get_param: HeatPassword} heat::db::mysql::password: {get_param: HeatPassword} heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} heat::db::mysql::user: heat diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index c5d96819..6ea5ec4e 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > Horizon service configured with Puppet @@ -10,6 +10,10 @@ parameters: via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string DefaultPasswords: default: {} type: json @@ -22,17 +26,30 @@ parameters: default: '*' description: A list of IP/Hostname allowed to connect to horizon type: comma_delimited_list + HorizonSecret: + description: Secret key for Django + type: string + hidden: true + default: '' NeutronMechanismDrivers: default: 'openvswitch' description: | The mechanism drivers for the Neutron tenant network. type: comma_delimited_list + MemcachedIPv6: + default: false + description: Enable IPv6 features in Memcached. + type: boolean + MonitoringSubscriptionHorizon: + default: 'overcloud-horizon' + type: string outputs: role_data: description: Role data for the Horizon role. value: service_name: horizon + monitoring_subscription: {get_param: MonitoringSubscriptionHorizon} config_settings: horizon::allowed_hosts: {get_param: HorizonAllowedHosts} neutron::plugins::ml2::mechanism_drivers: @@ -51,5 +68,16 @@ outputs: add_listen: false priority: 10 access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' + horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]} + horizon::django_debug: {get_param: Debug} + horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]} + horizon::secret_key: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: HorizonSecret} + - {get_param: [DefaultPasswords, horizon_secret]} + memcached_ipv6: {get_param: MemcachedIPv6} step_config: | include ::tripleo::profile::base::horizon diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index d0516e1b..5c3f370e 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -22,6 +22,9 @@ parameters: description: The password for the Ironic service and db account, used by the Ironic services type: string hidden: true + MonitoringSubscriptionIronicApi: + default: 'overcloud-ironic-api' + type: string resources: IronicBase: @@ -36,27 +39,28 @@ outputs: description: Role data for the Ironic API role. value: service_name: ironic_api + monitoring_subscription: {get_param: MonitoringSubscriptionIronicApi} config_settings: map_merge: - get_attr: [IronicBase, role_data, config_settings] - # NOTE(dtantsur): the my_ip parameter is heavily overloaded in - # ironic. It's used as a default value for e.g. TFTP server IP, - # glance and neutron endpoints, virtual console IP. We override - # the TFTP server IP in ironic-conductor.yaml as it should not be - # the VIP, but rather a real IP of the controller. - - ironic::my_ip: {get_param: [EndpointMap, MysqlInternal, host]} - ironic::api::authtoken::password: {get_param: IronicPassword} + - ironic::api::authtoken::password: {get_param: IronicPassword} ironic::api::authtoken::project_name: 'service' ironic::api::authtoken::username: 'ironic' ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - ironic::api::host_ip: {get_input: ironic_api_network} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + ironic::api::host_ip: {get_param: [ServiceNetMap, IronicApiNetwork]} ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]} # This is used to build links in responses ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} - ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri]} - ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri]} - ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri]} + ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]} + ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} + ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]} ironic::keystone::auth::auth_name: 'ironic' ironic::keystone::auth::password: {get_param: IronicPassword } ironic::keystone::auth::tenant: 'service' diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 27479f79..4ac9fc30 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -18,10 +18,27 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + IronicCleaningDiskErase: + default: 'full' + description: Type of disk cleaning before and between deployments, + "full" for full cleaning, "metadata" to clean only disk + metadata (partition table). + type: string IronicEnabledDrivers: - default: ['pxe_ipmitool', 'agent_ipmitool'] + default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo'] description: Enabled Ironic drivers type: comma_delimited_list + IronicIPXEEnabled: + default: true + description: Whether to use iPXE instead of PXE for deployment. + type: boolean + IronicIPXEPort: + default: 8088 + description: Port to use for serving images when iPXE is used. + type: string + MonitoringSubscriptionIronicConductor: + default: 'overcloud-ironic-conductor' + type: string resources: IronicBase: @@ -36,20 +53,48 @@ outputs: description: Role data for the Ironic conductor role. value: service_name: ironic_conductor + monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor} config_settings: map_merge: - get_attr: [IronicBase, role_data, config_settings] # FIXME: I have no idea why neutron_url is in "api" manifest - ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} + ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase} + ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers} + # We need an endpoint containing a real IP, not a VIP here + ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]} + ironic::conductor::http_url: + list_join: + - '' + - - 'http://' + - '%{hiera("ironic_conductor_http_host")}:' + - {get_param: IronicIPXEPort} + ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled} ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} - ironic::enabled_drivers: {get_param: IronicEnabledDrivers} - # Prevent tftp_server from defaulting to my_ip setting, which is - # controller VIP, not a real IP. - ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]} + # NOTE(dtantsur): UEFI only works with iPXE currently for us + ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template' + ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi' tripleo.ironic_conductor.firewall_rules: '134 ironic conductor TFTP': dport: 69 proto: udp + '135 ironic conductor HTTP': + dport: {get_param: IronicIPXEPort} + # NOTE(dtantsur): the my_ip parameter is heavily overloaded in + # ironic. It's used as a default value for e.g. TFTP server IP, + # glance and neutron endpoints, virtual console IP. We override + # the TFTP server IP in ironic-conductor.yaml as it should not be + # the VIP, but rather a real IP of the host. + ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]} + ironic::pxe::common::http_port: {get_param: IronicIPXEPort} + step_config: | include ::tripleo::profile::base::ironic::conductor diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index b783345b..2b069d67 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -28,12 +28,16 @@ parameters: Specifies the interface where the public-facing virtual ip will be assigned. This should be int_public when a VLAN is being used. type: string + MonitoringSubscriptionKeepalived: + default: 'overcloud-keepalived' + type: string outputs: role_data: description: Role data for the Keepalived role. value: service_name: keepalived + monitoring_subscription: {get_param: MonitoringSubscriptionKeepalived} config_settings: tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface} tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface} diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index c763c391..79033047 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -84,81 +84,98 @@ parameters: type: string description: Set the number of workers for keystone::wsgi::apache default: '"%{::processorcount}"' + MonitoringSubscriptionKeystone: + default: 'overcloud-kestone' + type: string + +resources: + + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + outputs: role_data: description: Role data for the Keystone role. value: service_name: keystone + monitoring_subscription: {get_param: MonitoringSubscriptionKeystone} config_settings: - keystone::database_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://keystone:' - - {get_param: AdminToken} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/keystone' - keystone::admin_token: {get_param: AdminToken} - keystone::roles::admin::password: {get_param: AdminPassword} - keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} - keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} - keystone::enable_proxy_headers_parsing: true - keystone::debug: {get_param: Debug} - keystone::db::mysql::password: {get_param: AdminToken} - keystone::rabbit_userid: {get_param: RabbitUserName} - keystone::rabbit_password: {get_param: RabbitPassword} - keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - keystone::rabbit_port: {get_param: RabbitClientPort} - keystone::notification_driver: {get_param: KeystoneNotificationDriver} - keystone::notification_format: {get_param: KeystoneNotificationFormat} - keystone::roles::admin::email: {get_param: AdminEmail} - keystone::roles::admin::password: {get_param: AdminPassword} - keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} - keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - keystone::endpoint::region: {get_param: KeystoneRegion} - keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} - keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} - keystone::db::mysql::user: keystone - keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - keystone::db::mysql::dbname: keystone - keystone::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - keystone::rabbit_heartbeat_timeout_threshold: 60 - keystone::cron::token_flush::maxdelay: 3600 - keystone::roles::admin::service_tenant: 'service' - keystone::roles::admin::admin_tenant: 'admin' - keystone::cron::token_flush::destination: '/dev/null' - keystone::config::keystone_config: - ec2/driver: - value: 'keystone.contrib.ec2.backends.sql.Ec2' - keystone::service_name: 'httpd' - keystone::wsgi::apache::ssl: false - - keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} - # override via extraconfig: - keystone::wsgi::apache::threads: 1 - keystone::db::database_db_max_retries: -1 - keystone::db::database_max_retries: -1 - tripleo.keystone.firewall_rules: - '111 keystone': - dport: - - 5000 - - 13000 - - 35357 - - 13357 - # NOTE: bind IP is found in Heat replacing the network name with the - # local node IP for the given network; replacement examples - # (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - # NOTE: this applies to all 4 bind IP settings below... - keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} - keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} - keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} - keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} + config_settings: + map_merge: + - get_attr: [ApacheServiceBase, role_data, config_settings] + - keystone::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://keystone:' + - {get_param: AdminToken} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/keystone' + keystone::admin_token: {get_param: AdminToken} + keystone::roles::admin::password: {get_param: AdminPassword} + keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} + keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone::enable_proxy_headers_parsing: true + keystone::debug: {get_param: Debug} + keystone::db::mysql::password: {get_param: AdminToken} + keystone::rabbit_userid: {get_param: RabbitUserName} + keystone::rabbit_password: {get_param: RabbitPassword} + keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + keystone::rabbit_port: {get_param: RabbitClientPort} + keystone::notification_driver: {get_param: KeystoneNotificationDriver} + keystone::notification_format: {get_param: KeystoneNotificationFormat} + keystone::roles::admin::email: {get_param: AdminEmail} + keystone::roles::admin::password: {get_param: AdminPassword} + keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} + keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + keystone::endpoint::region: {get_param: KeystoneRegion} + keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge} + keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]} + keystone::db::mysql::user: keystone + keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + keystone::db::mysql::dbname: keystone + keystone::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + keystone::rabbit_heartbeat_timeout_threshold: 60 + keystone::cron::token_flush::maxdelay: 3600 + keystone::roles::admin::service_tenant: 'service' + keystone::roles::admin::admin_tenant: 'admin' + keystone::cron::token_flush::destination: '/dev/null' + keystone::config::keystone_config: + ec2/driver: + value: 'keystone.contrib.ec2.backends.sql.Ec2' + keystone::service_name: 'httpd' + keystone::wsgi::apache::ssl: false + + keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} + # override via extraconfig: + keystone::wsgi::apache::threads: 1 + keystone::db::database_db_max_retries: -1 + keystone::db::database_max_retries: -1 + tripleo.keystone.firewall_rules: + '111 keystone': + dport: + - 5000 + - 13000 + - 35357 + - 13357 + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + # NOTE: this applies to all 4 bind IP settings below... + keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} + keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} + keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} + keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} step_config: | include ::tripleo::profile::base::keystone diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index b3987747..2e43730d 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -26,6 +26,9 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionManilaApi: + default: 'overcloud-manila-api' + type: string resources: ManilaBase: @@ -40,6 +43,7 @@ outputs: description: Role data for the Manila-api role. value: service_name: manila_api + monitoring_subscription: {get_param: MonitoringSubscriptionManilaApi} config_settings: map_merge: - get_attr: [ManilaBase, role_data, config_settings] diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml index a5122ba0..28addd68 100644 --- a/puppet/services/manila-scheduler.yaml +++ b/puppet/services/manila-scheduler.yaml @@ -30,6 +30,9 @@ parameters: description: The password for the manila service account. type: string hidden: true + MonitoringSubscriptionManilaScheduler: + default: 'overcloud-manila-scheduler' + type: string resources: ManilaBase: @@ -44,6 +47,7 @@ outputs: description: Role data for the Manila-scheduler role. value: service_name: manila_scheduler + monitoring_subscription: {get_param: MonitoringSubscriptionManilaScheduler} config_settings: map_merge: - get_attr: [ManilaBase, role_data, config_settings] @@ -65,4 +69,3 @@ outputs: - '/manila' step_config: | include ::tripleo::profile::base::manila::scheduler - diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml index 184f3694..e42d2fae 100644 --- a/puppet/services/manila-share.yaml +++ b/puppet/services/manila-share.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionManilaShare: + default: 'overcloud-manila-share' + type: string resources: ManilaBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Manila-share role. value: service_name: manila_share + monitoring_subscription: {get_param: MonitoringSubscriptionManilaShare} config_settings: map_merge: - get_attr: [ManilaBase, role_data, config_settings] diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml index 3b47261e..9e3f6375 100644 --- a/puppet/services/memcached.yaml +++ b/puppet/services/memcached.yaml @@ -18,12 +18,16 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionMemcached: + default: 'overcloud-memcached' + type: string outputs: role_data: description: Role data for the Memcached role. value: service_name: memcached + monitoring_subscription: {get_param: MonitoringSubscriptionMemcached} config_settings: # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml new file mode 100644 index 00000000..d7350d07 --- /dev/null +++ b/puppet/services/monitoring/sensu-base.yaml @@ -0,0 +1,68 @@ +heat_template_version: 2016-04-08 + +description: Sensu base service + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + type: json + MonitoringRabbitHost: + description: RabbitMQ host Sensu has to connect to. + type: string + default: '' + MonitoringRabbitPort: + default: 5672 + description: Set RabbitMQ subscriber port, change this if using SSL. + type: number + MonitoringRabbitUseSSL: + default: false + description: > + RabbitMQ client subscriber parameter to specify an SSL connection + to the RabbitMQ host. + type: string + MonitoringRabbitPassword: + description: The RabbitMQ password used for monitoring purposes. + type: string + hidden: true + MonitoringRabbitUserName: + description: The RabbitMQ username used for monitoring purposes. + type: string + default: sensu + MonitoringRabbitVhost: + description: The RabbitMQ vhost used for monitoring purposes. + type: string + default: '/sensu' + + +outputs: + role_data: + description: Role data for the Sensu role. + value: + service_name: sensu_base + config_settings: + sensu::enterprise: false + sensu::enterprise_dashboard: false + sensu::install_repo: false + sensu::manage_user: false + sensu::rabbitmq_host: {get_param: MonitoringRabbitHost} + sensu::rabbitmq_password: {get_param: MonitoringRabbitPassword} + sensu::rabbitmq_port: {get_param: MonitoringRabbitPort} + sensu::rabbitmq_ssl: {get_param: MonitoringRabbitUseSSL} + sensu::rabbitmq_user: {get_param: MonitoringRabbitUserName} + sensu::rabbitmq_vhost: {get_param: MonitoringRabbitVhost} + #sensu::redis_host: {get_param: MonitoringRedisHost} + #sensu::redis_password: {get_param: MonitoringRedisPassword} + sensu::sensu_plugin_provider: 'yum' + sensu::sensu_plugin_name: 'rubygem-sensu-plugin' + sensu::version: 'present' diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml new file mode 100644 index 00000000..3f37e750 --- /dev/null +++ b/puppet/services/monitoring/sensu-client.yaml @@ -0,0 +1,49 @@ +heat_template_version: 2016-04-08 + +description: Sensu client configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: > + Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + SensuClientCustomConfig: + default: {} + description: Hash containing custom sensu-client variables. + type: json + label: Custom configuration for Sensu Client variables + +resources: + SensuBase: + type: ./sensu-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Sensu client role. + value: + service_name: sensu_client + monitoring_subscription: all + config_settings: + map_merge: + - get_attr: [SensuBase, role_data, config_settings] + - sensu::api: false + sensu::client: true + sensu::server: false + sensu::client_custom: {get_param: SensuClientCustomConfig} + step_config: | + include ::tripleo::profile::base::monitoring::sensu diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 35ac32db..72ae7d9c 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -19,9 +19,16 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronWorkers: - default: 0 - description: Number of workers for Neutron service. - type: number + default: '' + description: | + Sets the number of API and RPC workers for the Neutron service. The + default value results in the configuration being left unset and a + system-dependent default will be chosen (usually the number of + processors). Please note that this can result in a large number of + processes and memory consumption on systems with a large core count. On + such systems it is recommended that a non-default value be selected that + matches the load requirements. + type: string NeutronPassword: description: The password for the neutron service and db account, used by neutron agents. type: string @@ -46,6 +53,9 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionNeutronServer: + default: 'overcloud-neutron-server' + type: string resources: @@ -61,6 +71,7 @@ outputs: description: Role data for the Neutron Server agent service. value: service_name: neutron_api + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer} config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] @@ -79,19 +90,20 @@ outputs: neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } neutron::keystone::auth::password: {get_param: NeutronPassword} neutron::keystone::auth::region: {get_param: KeystoneRegion} - neutron::server::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - neutron::server::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} neutron::server::api_workers: {get_param: NeutronWorkers} + neutron::server::rpc_workers: {get_param: NeutronWorkers} neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron::server::l3_ha: {get_param: NeutronL3HA} - neutron::server::password: {get_param: NeutronPassword} + neutron::keystone::authtoken::password: {get_param: NeutronPassword} neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] } neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } neutron::server::notifications::tenant_name: 'service' neutron::server::notifications::project_name: 'service' neutron::server::notifications::password: {get_param: NovaPassword} - neutron::server::project_name: 'service' + neutron::keystone::authtoken::project_name: 'service' neutron::server::sync_db: true neutron::db::mysql::password: {get_param: NeutronPassword} neutron::db::mysql::user: neutron @@ -111,5 +123,11 @@ outputs: '106 vrrp': proto: vrrp neutron::server::router_distributed: {get_param: NeutronEnableDVR} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]} step_config: | include tripleo::profile::base::neutron::server diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 39ffea24..4eb417c0 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -48,6 +48,15 @@ parameters: description: > Remove configuration that is not generated by TripleO. Setting to false may result in configuration remnants after updates/upgrades. + NeutronGlobalPhysnetMtu: + type: number + default: 1500 + description: | + MTU of the underlying physical network. Neutron uses this value to + calculate MTU for all virtual network components. For flat and VLAN + networks, neutron uses this value without modification. For overlay + networks such as VXLAN, neutron automatically subtracts the overlay + protocol overhead from this value. ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -87,3 +96,4 @@ outputs: neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed neutron::db::database_db_max_retries: -1 neutron::db::database_max_retries: -1 + neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu} diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index 513cb2d4..b2ad5dab 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -31,6 +31,9 @@ parameters: default: false description: If True, DHCP always provides metadata route to VM. type: boolean + MonitoringSubscriptionNeutronDhcp: + default: 'overcloud-neutron-dhcp' + type: string resources: @@ -46,6 +49,7 @@ outputs: description: Role data for the Neutron DHCP agent service. value: service_name: neutron_dhcp + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronDhcp} config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml index 0f3c2a70..5eb3e252 100644 --- a/puppet/services/neutron-l3-compute-dvr.yaml +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -26,6 +26,9 @@ parameters: description: Name of bridge used for external network traffic. type: string default: 'br-ex' + MonitoringSubscriptionNeutronL3Dvr: + default: 'overcloud-neutron-l3-dvr' + type: string resources: @@ -41,6 +44,7 @@ outputs: description: Role data for DVR L3 Agent on Compute Nodes value: service_name: neutron_l3_compute_dvr + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3Dvr} config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 54beee6b..de62a507 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -34,6 +34,9 @@ parameters: - allowed_values: - legacy - dvr_snat + MonitoringSubscriptionNeutronL3: + default: 'overcloud-neutron-l3-agent' + type: string resources: @@ -49,6 +52,7 @@ outputs: description: Role data for the Neutron L3 agent service. value: service_name: neutron_l3 + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3} config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index b9ec277a..320ae0ce 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -30,6 +30,9 @@ parameters: description: The password for the neutron service and db account, used by neutron agents. type: string hidden: true + MonitoringSubscriptionNeutronMetadata: + default: 'overcloud-neutron-metadata' + type: string resources: @@ -45,6 +48,7 @@ outputs: description: Role data for the Neutron Metadata agent service. value: service_name: neutron_metadata + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMetadata} config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] @@ -53,5 +57,11 @@ outputs: neutron::agents::metadata::auth_password: {get_param: NeutronPassword} neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } neutron::agents::metadata::auth_tenant: 'service' + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + neutron::agents::metadata::metadata_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]} step_config: | include tripleo::profile::base::neutron::metadata diff --git a/puppet/services/neutron-midonet.yaml b/puppet/services/neutron-midonet.yaml index 48830d81..0de256c0 100644 --- a/puppet/services/neutron-midonet.yaml +++ b/puppet/services/neutron-midonet.yaml @@ -40,12 +40,16 @@ parameters: description: 'Whether enable Cassandra cluster on Controller' type: boolean default: false + MonitoringSubscriptionNeutronMidonet: + default: 'overcloud-neutron-midonet' + type: string outputs: role_data: description: Role data for the Neutron Midonet plugin and services value: service_name: neutron_midonet + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMidonet} config_settings: tripleo::profile::base::neutron::midonet::admin_password: {get_param: AdminPassword} tripleo::profile::base::neutron::midonet::keystone_admin_token: {get_param: AdminToken} diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 1b19f90f..36b609fc 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -53,6 +53,9 @@ parameters: description: | Enable ARP responder feature in the OVS Agent. type: boolean + MonitoringSubscriptionNeutronOvs: + default: 'overcloud-neutron-ovs-agent' + type: string resources: @@ -68,6 +71,7 @@ outputs: description: Role data for the Neutron OVS agent service. value: service_name: neutron_ovs_agent + monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs} config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index 1f1e14ab..8ee98a3d 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -19,13 +19,15 @@ parameters: via parameter_defaults in the resource registry. type: json NeutronDpdkCoreList: - default: "" description: List of cores to be used for DPDK Poll Mode Driver type: string + constraints: + - allowed_pattern: "[0-9,-]+" NeutronDpdkMemoryChannels: - default: "" description: Number of memory channels to be used for DPDK type: string + constraints: + - allowed_pattern: "[0-9]+" NeutronDpdkSocketMemory: default: "" description: Memory allocated for each socket diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml index 559500df..b9a93394 100644 --- a/puppet/services/neutron-sriov-agent.yaml +++ b/puppet/services/neutron-sriov-agent.yaml @@ -53,6 +53,6 @@ outputs: config_settings: neutron::agents::ml2::sriov::physical_device_mappings: {get_param: NeutronPhysicalDevMappings} neutron::agents::ml2::sriov::exclude_devices: {get_param: NeutronExcludeDevices} - neutron::agents::ml2::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs} + tripleo::host::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs} step_config: | include ::tripleo::profile::base::neutron::sriov diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index c2bd395e..e1dbd8e1 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -30,6 +30,22 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + NeutronMetadataProxySharedSecret: + description: Shared secret to prevent spoofing + type: string + hidden: true + InstanceNameTemplate: + default: 'instance-%08x' + description: Template string to be used to generate instance names + type: string + NovaEnableDBPurge: + default: true + description: | + Whether to create cron job for purging soft deleted rows in Nova database. + type: boolean + MonitoringSubscriptionNovaApi: + default: 'overcloud-nova-api' + type: string resources: NovaBase: @@ -44,6 +60,7 @@ outputs: description: Role data for the Nova API service. value: service_name: nova_api + monitoring_subscription: {get_param: MonitoringSubscriptionNovaApi} config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] @@ -75,5 +92,16 @@ outputs: nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} nova::keystone::auth::password: {get_param: NovaPassword} nova::keystone::auth::region: {get_param: KeystoneRegion} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + nova::api::api_bind_address: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + nova::api::instance_name_template: {get_param: InstanceNameTemplate} + nova_enable_db_purge: {get_param: NovaEnableDBPurge} + step_config: | include tripleo::profile::base::nova::api diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 471ece34..24a63bb4 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -95,14 +95,14 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_api' - nova::db::mysql::password: {get_input: nova_password} + nova::db::mysql::password: {get_param: NovaPassword} nova::db::mysql::user: nova nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} nova::db::mysql::dbname: nova nova::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" - nova::db::mysql_api::password: {get_input: nova_password} + nova::db::mysql_api::password: {get_param: NovaPassword} nova::db::mysql_api::user: nova_api nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} nova::db::mysql_api::dbname: nova_api diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 6bc1c187..ccdcb52f 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -60,6 +60,16 @@ parameters: Ex. NovaVcpuPinSet: ['4-12','^8'] will reserve cores from 4-12 excluding 8 type: comma_delimited_list default: [] + NovaReservedHostMemory: + description: > + Reserved RAM for host processes. + type: number + default: 2048 + constraints: + - range: { min: 512 } + MonitoringSubscriptionNovaCompute: + default: 'overcloud-nova-compute' + type: string resources: NovaBase: @@ -74,6 +84,7 @@ outputs: description: Role data for the Nova Compute service. value: service_name: nova_compute + monitoring_subscription: {get_param: MonitoringSubscriptionNovaCompute} config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] @@ -84,6 +95,7 @@ outputs: params: JSON_PARAM: {get_param: NovaPCIPassthrough} nova::compute::vcpu_pin_set: {get_param: NovaVcpuPinSet} + nova::compute::reserved_host_memory: {get_param: NovaReservedHostMemory} # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false tripleo::profile::base::nova::manage_migration: true @@ -108,11 +120,6 @@ outputs: # encryption work will obsolete the need to use TUNNELLED transport # mode. nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend} - # Changing the default from 512MB. The current templates can not deploy - # overclouds with swap. On an idle compute node, we see ~1024MB of RAM - # used. 2048 is suggested to account for other possible operations for - # example openvswitch. - nova::compute::reserved_host_memory: 2048 nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver} # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index 0b6169da..5dbc7cac 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -22,6 +22,9 @@ parameters: default: 0 description: Number of workers for Nova Conductor service. type: number + MonitoringSubscriptionNovaConductor: + default: 'overcloud-nova-conductor' + type: string resources: NovaBase: @@ -36,6 +39,7 @@ outputs: description: Role data for the Nova Conductor service. value: service_name: nova_conductor + monitoring_subscription: {get_param: MonitoringSubscriptionNovaConductor} config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml index 67ff2ec3..13e3a26a 100644 --- a/puppet/services/nova-consoleauth.yaml +++ b/puppet/services/nova-consoleauth.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionNovaConsoleauth: + default: 'overcloud-nova-consoleauth' + type: string resources: NovaBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Nova Consoleauth service. value: service_name: nova_consoleauth + monitoring_subscription: {get_param: MonitoringSubscriptionNovaConsoleauth} config_settings: get_attr: [NovaBase, role_data, config_settings] step_config: | diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 1ebec974..b5ca2437 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -21,6 +21,9 @@ parameters: NovaComputeLibvirtType: type: string default: kvm + MonitoringSubscriptionNovaLibvirt: + default: 'overcloud-nova-libvirt' + type: string resources: NovaBase: @@ -35,6 +38,7 @@ outputs: description: Role data for the Libvirt service. value: service_name: nova_libvirt + monitoring_subscription: {get_param: MonitoringSubscriptionNovaLibvirt} config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index c8f2591d..3ffc9c5a 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -29,6 +29,9 @@ parameters: An array of filters used by Nova to filter a node.These filters will be applied in the order they are listed, so place your most restrictive filters first to make the filtering process more efficient. + MonitoringSubscriptionNovaScheduler: + default: 'overcloud-nova-scheduler' + type: string resources: NovaBase: @@ -43,6 +46,7 @@ outputs: description: Role data for the Nova Scheduler service. value: service_name: nova_scheduler + monitoring_subscription: {get_param: MonitoringSubscriptionNovaScheduler} config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] diff --git a/puppet/services/nova-vncproxy.yaml b/puppet/services/nova-vncproxy.yaml index 0a1785d8..ce15fccc 100644 --- a/puppet/services/nova-vncproxy.yaml +++ b/puppet/services/nova-vncproxy.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionNovaVNCProxy: + default: 'overcloud-nova-vncproxy' + type: string resources: NovaBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Nova Vncproxy service. value: service_name: nova_vncproxy + monitoring_subscription: {get_param: MonitoringSubscriptionNovaVNCProxy} config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] @@ -46,5 +50,11 @@ outputs: '[': '' ']': '' nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]} step_config: | include tripleo::profile::base::nova::vncproxy diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index 64dd7663..d2ee036e 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -75,7 +75,6 @@ outputs: opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpenDaylightApiNetwork]} - tripleo::haproxy::opendaylight: true step_config: | include tripleo::profile::base::neutron::opendaylight include tripleo::profile::base::neutron::plugins::ovs::opendaylight diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index ac5b85c8..5d1d666a 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > Pacemaker service configured with Puppet @@ -18,12 +18,61 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionPacemaker: + default: 'overcloud-pacemaker' + type: string + CorosyncIPv6: + default: false + description: Enable IPv6 in Corosync + type: boolean + EnableFencing: + default: false + description: Whether to enable fencing in Pacemaker or not. + type: boolean + PcsdPassword: + type: string + description: The password for the 'pcsd' user for pacemaker. + hidden: true + default: '' + FencingConfig: + default: {} + description: | + Pacemaker fencing configuration. The JSON should have + the following structure: + { + "devices": [ + { + "agent": "AGENT_NAME", + "host_mac": "HOST_MAC_ADDRESS", + "params": {"PARAM_NAME": "PARAM_VALUE"} + } + ] + } + For instance: + { + "devices": [ + { + "agent": "fence_xvm", + "host_mac": "52:54:00:aa:bb:cc", + "params": { + "multicast_address": "225.0.0.12", + "port": "baremetal_0", + "manage_fw": true, + "manage_key_file": true, + "key_file": "/etc/fence_xvm.key", + "key_file_password": "abcdef" + } + } + ] + } + type: json outputs: role_data: description: Role data for the Pacemaker role. value: service_name: pacemaker + monitoring_subscription: {get_param: MonitoringSubscriptionPacemaker} config_settings: pacemaker::corosync::cluster_name: 'tripleo_cluster' pacemaker::corosync::manage_fw: false @@ -40,5 +89,15 @@ outputs: '131 pacemaker udp': proto: 'udp' dport: 5405 + corosync_ipv6: {get_param: CorosyncIPv6} + tripleo::fencing::config: {get_param: FencingConfig} + enable_fencing: {get_param: EnableFencing} + hacluster_pwd: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: PcsdPassword} + - {get_param: [DefaultPasswords, pcsd_password]} step_config: | include ::tripleo::profile::base::pacemaker diff --git a/puppet/services/pacemaker/ceilometer-agent-central.yaml b/puppet/services/pacemaker/ceilometer-agent-central.yaml index 78714878..5dcb62ca 100644 --- a/puppet/services/pacemaker/ceilometer-agent-central.yaml +++ b/puppet/services/pacemaker/ceilometer-agent-central.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCeilometerCentral: + default: 'overcloud-ceilometer-agent-central' + type: string resources: CeilometerServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Ceilometer Central Agent pacemaker role. value: service_name: ceilometer_agent_central + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral} config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/ceilometer-agent-notification.yaml b/puppet/services/pacemaker/ceilometer-agent-notification.yaml index 6290203a..dbe14499 100644 --- a/puppet/services/pacemaker/ceilometer-agent-notification.yaml +++ b/puppet/services/pacemaker/ceilometer-agent-notification.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCeilometerNotification: + default: 'overcloud-ceilometer-agent-notification' + type: string resources: CeilometerServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Ceilometer Notification Agent pacemaker role. value: service_name: ceilometer_agent_notification + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerNotification} config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/ceilometer-api.yaml b/puppet/services/pacemaker/ceilometer-api.yaml index d130a4bb..4b6c18f6 100644 --- a/puppet/services/pacemaker/ceilometer-api.yaml +++ b/puppet/services/pacemaker/ceilometer-api.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCeilometerApi: + default: 'overcloud-ceilometer-api' + type: string resources: CeilometerServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Ceilometer API pacemaker role. value: service_name: ceilometer_api + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerApi} config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/ceilometer-collector.yaml b/puppet/services/pacemaker/ceilometer-collector.yaml index 97da92e8..4c919515 100644 --- a/puppet/services/pacemaker/ceilometer-collector.yaml +++ b/puppet/services/pacemaker/ceilometer-collector.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionCeilometerCollector: + default: 'overcloud-ceilometer-collector' + type: string resources: CeilometerServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Ceilometer Collector pacemaker role. value: service_name: ceilometer_collector + monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCollector} config_settings: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-api.yaml b/puppet/services/pacemaker/cinder-api.yaml index 7c83037d..e4bcfc3e 100644 --- a/puppet/services/pacemaker/cinder-api.yaml +++ b/puppet/services/pacemaker/cinder-api.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Cinder API role. value: service_name: cinder_api + monitoring_subscription: {get_attr: [CinderApiBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [CinderApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-backup.yaml b/puppet/services/pacemaker/cinder-backup.yaml index 7e940c7e..2ebc7680 100644 --- a/puppet/services/pacemaker/cinder-backup.yaml +++ b/puppet/services/pacemaker/cinder-backup.yaml @@ -48,6 +48,7 @@ outputs: description: Role data for the Cinder Backup role. value: service_name: cinder_backup + monitoring_subscription: {get_attr: [CinderBackupBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [CinderBackupBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-scheduler.yaml b/puppet/services/pacemaker/cinder-scheduler.yaml index 6f26b412..eb578e5c 100644 --- a/puppet/services/pacemaker/cinder-scheduler.yaml +++ b/puppet/services/pacemaker/cinder-scheduler.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Cinder Scheduler role. value: service_name: cinder_scheduler + monitoring_subscription: {get_attr: [CinderSchedulerBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [CinderSchedulerBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index ffcdb529..d5dedf34 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Cinder Volume role. value: service_name: cinder_volume + monitoring_subscription: {get_attr: [CinderVolumeBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [CinderVolumeBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml index ef4ba79a..684785af 100644 --- a/puppet/services/pacemaker/glance-api.yaml +++ b/puppet/services/pacemaker/glance-api.yaml @@ -57,6 +57,7 @@ outputs: description: Role data for the Glance role. value: service_name: glance_api + monitoring_subscription: {get_attr: [GlanceApiBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [GlanceApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml index e417f09f..5bcabcab 100644 --- a/puppet/services/pacemaker/glance-registry.yaml +++ b/puppet/services/pacemaker/glance-registry.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Glance role. value: service_name: glance_registry + monitoring_subscription: {get_attr: [GlanceRegistryBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [GlanceRegistryBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/gnocchi-api.yaml b/puppet/services/pacemaker/gnocchi-api.yaml index 42c7131d..6a9161fa 100644 --- a/puppet/services/pacemaker/gnocchi-api.yaml +++ b/puppet/services/pacemaker/gnocchi-api.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionGnocchiApi: + default: 'overcloud-gnocchi-api' + type: string resources: GnocchiServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Gnocchi role. value: service_name: gnocchi_api + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi} config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/gnocchi-metricd.yaml b/puppet/services/pacemaker/gnocchi-metricd.yaml index 177d7744..0f36b5d5 100644 --- a/puppet/services/pacemaker/gnocchi-metricd.yaml +++ b/puppet/services/pacemaker/gnocchi-metricd.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionGnocchiMetricd: + default: 'overcloud-gnocchi-metricd' + type: string resources: GnocchiServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Gnocchi role. value: service_name: gnocchi_metricd + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiMetricd} config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/gnocchi-statsd.yaml b/puppet/services/pacemaker/gnocchi-statsd.yaml index a247a514..b9afc590 100644 --- a/puppet/services/pacemaker/gnocchi-statsd.yaml +++ b/puppet/services/pacemaker/gnocchi-statsd.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionGnocchiStatsd: + default: 'overcloud-gnocchi-statsd' + type: string resources: GnocchiServiceBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Gnocchi role. value: service_name: gnocchi_statsd + monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiStatsd} config_settings: map_merge: - get_attr: [GnocchiServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml index de028339..52104a71 100644 --- a/puppet/services/pacemaker/haproxy.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -32,6 +32,7 @@ outputs: description: Role data for the HAproxy with pacemaker role. value: service_name: haproxy + monitoring_subscription: {get_attr: [LoadbalancerServiceBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [LoadbalancerServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-api-cfn.yaml b/puppet/services/pacemaker/heat-api-cfn.yaml index 155a35ec..eae01b58 100644 --- a/puppet/services/pacemaker/heat-api-cfn.yaml +++ b/puppet/services/pacemaker/heat-api-cfn.yaml @@ -32,6 +32,7 @@ outputs: description: Role data for the Heat CloudFormation API role. value: service_name: heat_api_cfn + monitoring_subscription: {get_attr: [HeatApiCfnBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [HeatApiCfnBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-api-cloudwatch.yaml b/puppet/services/pacemaker/heat-api-cloudwatch.yaml index 85927650..5608ae91 100644 --- a/puppet/services/pacemaker/heat-api-cloudwatch.yaml +++ b/puppet/services/pacemaker/heat-api-cloudwatch.yaml @@ -32,6 +32,7 @@ outputs: description: Role data for the Heat Cloudwatch API role. value: service_name: heat_api_cloudwatch + monitoring_subscription: {get_attr: [HeatApiCloudwatchBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [HeatApiCloudwatchBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-api.yaml b/puppet/services/pacemaker/heat-api.yaml index d7220619..6fd790c4 100644 --- a/puppet/services/pacemaker/heat-api.yaml +++ b/puppet/services/pacemaker/heat-api.yaml @@ -32,6 +32,7 @@ outputs: description: Role data for the Heat API role. value: service_name: heat_api + monitoring_subscription: {get_attr: [HeatApiBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [HeatApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/heat-engine.yaml b/puppet/services/pacemaker/heat-engine.yaml index 579f5f10..b8c962a8 100644 --- a/puppet/services/pacemaker/heat-engine.yaml +++ b/puppet/services/pacemaker/heat-engine.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Heat engine role. value: service_name: heat_engine + monitoring_subscription: {get_attr: [HeatEngineBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [HeatEngineBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/horizon.yaml b/puppet/services/pacemaker/horizon.yaml index bd1ff046..18de23ae 100644 --- a/puppet/services/pacemaker/horizon.yaml +++ b/puppet/services/pacemaker/horizon.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Horizon role. value: service_name: horizon + monitoring_subscription: {get_attr: [HorizonBase, role_data, monitoring_subscription]} config_settings: get_attr: [HorizonBase, role_data, config_settings] step_config: | diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml index 701f01f1..0a479c9a 100644 --- a/puppet/services/pacemaker/keystone.yaml +++ b/puppet/services/pacemaker/keystone.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Keystone pacemaker role. value: service_name: keystone + monitoring_subscription: {get_attr: [KeystoneServiceBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [KeystoneServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/manila-share.yaml b/puppet/services/pacemaker/manila-share.yaml index 7479eb08..cabc31a0 100644 --- a/puppet/services/pacemaker/manila-share.yaml +++ b/puppet/services/pacemaker/manila-share.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the manila-share pacemaker role. value: service_name: manila_share + monitoring_subscription: {get_attr: [ManilaShareBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [ManilaShareBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/memcached.yaml b/puppet/services/pacemaker/memcached.yaml index e612d775..04b895b6 100644 --- a/puppet/services/pacemaker/memcached.yaml +++ b/puppet/services/pacemaker/memcached.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Memcached pacemaker role. value: service_name: memcached + monitoring_subscription: {get_attr: [MemcachedServiceBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [MemcachedServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml index f5f785e3..9b9e5849 100644 --- a/puppet/services/pacemaker/neutron-dhcp.yaml +++ b/puppet/services/pacemaker/neutron-dhcp.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Neutron DHCP role. value: service_name: neutron_dhcp + monitoring_subscription: {get_attr: [NeutronDhcpBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NeutronDhcpBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml index 87176632..21ac02d4 100644 --- a/puppet/services/pacemaker/neutron-l3.yaml +++ b/puppet/services/pacemaker/neutron-l3.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Neutron L3 role. value: service_name: neutron_l3 + monitoring_subscription: {get_attr: [NeutronL3Base, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NeutronL3Base, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml index e00c2424..8c22d42d 100644 --- a/puppet/services/pacemaker/neutron-metadata.yaml +++ b/puppet/services/pacemaker/neutron-metadata.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Neutron Metadata role. value: service_name: neutron_metadata + monitoring_subscription: {get_attr: [NeutronMetadataBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NeutronMetadataBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-midonet.yaml b/puppet/services/pacemaker/neutron-midonet.yaml index fb39ea44..fdd5dafb 100644 --- a/puppet/services/pacemaker/neutron-midonet.yaml +++ b/puppet/services/pacemaker/neutron-midonet.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Neutron Midonet plugin. value: service_name: neutron_midonet + monitoring_subscription: {get_attr: [NeutronMidonetBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NeutronMidonetBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/neutron-ovs-agent.yaml b/puppet/services/pacemaker/neutron-ovs-agent.yaml index 353c2958..18d60735 100644 --- a/puppet/services/pacemaker/neutron-ovs-agent.yaml +++ b/puppet/services/pacemaker/neutron-ovs-agent.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Neutron OVS agent service. value: service_name: neutron_ovs_agent + monitoring_subscription: {get_attr: [NeutronOvsBase, role_data, monitoring_subscription]} config_settings: get_attr: [NeutronOvsBase, role_data, config_settings] step_config: | diff --git a/puppet/services/pacemaker/neutron-server.yaml b/puppet/services/pacemaker/neutron-server.yaml index fc04e5ee..33bc2d99 100644 --- a/puppet/services/pacemaker/neutron-server.yaml +++ b/puppet/services/pacemaker/neutron-server.yaml @@ -37,6 +37,7 @@ outputs: description: Role data for the Neutron Server. value: service_name: neutron_server + monitoring_subscription: {get_attr: [NeutronServerBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NeutronServerBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-api.yaml b/puppet/services/pacemaker/nova-api.yaml index 709761e7..3d565348 100644 --- a/puppet/services/pacemaker/nova-api.yaml +++ b/puppet/services/pacemaker/nova-api.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Nova API role. value: service_name: nova_api + monitoring_subscription: {get_attr: [NovaApiBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NovaApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-conductor.yaml b/puppet/services/pacemaker/nova-conductor.yaml index 7a2313c7..9d55a48a 100644 --- a/puppet/services/pacemaker/nova-conductor.yaml +++ b/puppet/services/pacemaker/nova-conductor.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Nova Conductor role. value: service_name: nova_conductor + monitoring_subscription: {get_attr: [NovaConductorBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NovaConductorBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-consoleauth.yaml b/puppet/services/pacemaker/nova-consoleauth.yaml index 77550c80..814505fb 100644 --- a/puppet/services/pacemaker/nova-consoleauth.yaml +++ b/puppet/services/pacemaker/nova-consoleauth.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Nova Consoleauth role. value: service_name: nova_consoleauth + monitoring_subscription: {get_attr: [NovaConsoleauthBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NovaConsoleauthBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-scheduler.yaml b/puppet/services/pacemaker/nova-scheduler.yaml index 2571ec43..27692268 100644 --- a/puppet/services/pacemaker/nova-scheduler.yaml +++ b/puppet/services/pacemaker/nova-scheduler.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Nova Scheduler role. value: service_name: nova_scheduler + monitoring_subscription: {get_attr: [NovaSchedulerBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NovaSchedulerBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/nova-vncproxy.yaml b/puppet/services/pacemaker/nova-vncproxy.yaml index e536826e..0ec5de68 100644 --- a/puppet/services/pacemaker/nova-vncproxy.yaml +++ b/puppet/services/pacemaker/nova-vncproxy.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Nova Vncproxy role. value: service_name: nova_vncproxy + monitoring_subscription: {get_attr: [NovaVncproxyBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [NovaVncproxyBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml index 3eb01398..f3fa2d28 100644 --- a/puppet/services/pacemaker/rabbitmq.yaml +++ b/puppet/services/pacemaker/rabbitmq.yaml @@ -32,6 +32,7 @@ outputs: description: Role data for the RabbitMQ pacemaker role. value: service_name: rabbitmq + monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [RabbitMQServiceBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml index e20b7a08..214e8dbb 100644 --- a/puppet/services/pacemaker/sahara-api.yaml +++ b/puppet/services/pacemaker/sahara-api.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Sahara API role. value: service_name: sahara_api + monitoring_subscription: {get_attr: [SaharaApiBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [SaharaApiBase, role_data, config_settings] diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml index 07de74ca..aa85115d 100644 --- a/puppet/services/pacemaker/sahara-engine.yaml +++ b/puppet/services/pacemaker/sahara-engine.yaml @@ -33,6 +33,7 @@ outputs: description: Role data for the Sahara Engine role. value: service_name: sahara_engine + monitoring_subscription: {get_attr: [SaharaEngineBase, role_data, monitoring_subscription]} config_settings: map_merge: - get_attr: [SaharaEngineBase, role_data, config_settings] diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 06595b07..a0669dcd 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -38,12 +38,16 @@ parameters: type: string default: '' hidden: true + MonitoringSubscriptionRabbitmq: + default: 'overcloud-rabbitmq' + type: string outputs: role_data: description: Role data for the RabbitMQ role. value: service_name: rabbitmq + monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq} config_settings: rabbitmq::file_limit: {get_param: RabbitFDLimit} rabbitmq::default_user: {get_param: RabbitUserName} diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index fae9c434..7f15ca72 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -30,6 +30,9 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionSaharaApi: + default: 'overcloud-sahara-api' + type: string resources: SaharaBase: @@ -44,6 +47,7 @@ outputs: description: Role data for the Sahara API role. value: service_name: sahara_api + monitoring_subscription: {get_param: MonitoringSubscriptionSaharaApi} config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index fcf4d485..9224fd5f 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -18,6 +18,9 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MonitoringSubscriptionSaharaEngine: + default: 'overcloud-sahara-engine' + type: string resources: SaharaBase: @@ -32,6 +35,7 @@ outputs: description: Role data for the Sahara Engine role. value: service_name: sahara_engine + monitoring_subscription: {get_param: MonitoringSubscriptionSaharaEngine} config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index bb40001a..669e2872 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -49,5 +49,9 @@ outputs: yaql: expression: list($.data.s_names.where($ != null)) data: {s_names: {get_attr: [ServiceChain, role_data, service_name]}} + monitoring_subscriptions: + yaql: + expression: list($.data.subscriptions.where($ != null)) + data: {subscriptions: {get_attr: [ServiceChain, role_data, monitoring_subscription]}} config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml index e38ccf42..4d01632d 100644 --- a/puppet/services/snmp.yaml +++ b/puppet/services/snmp.yaml @@ -35,8 +35,8 @@ outputs: value: service_name: snmp config_settings: - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName} + tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword} tripleo.snmp.firewall_rules: '127 snmp': dport: 161 diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index cba08090..d7b0cd7c 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -38,6 +38,9 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + MonitoringSubscriptionSwiftProxy: + default: 'overcloud-swift-proxy' + type: string resources: SwiftBase: @@ -52,14 +55,15 @@ outputs: description: Role data for the Swift proxy service. value: service_name: swift_proxy + monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy} config_settings: map_merge: - get_attr: [SwiftBase, role_data, config_settings] - swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - swift::proxy::authtoken::admin_password: {get_param: SwiftPassword} - swift::proxy::authtoken::admin_tenant_name: 'service' + swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + swift::proxy::authtoken::password: {get_param: SwiftPassword} + swift::proxy::authtoken::project_name: 'service' swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} swift::proxy::workers: {get_param: SwiftWorkers} swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]} diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index 6c7c3c7a..91d52569 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -30,6 +30,9 @@ parameters: default: {} description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' type: json + MonitoringSubscriptionSwiftStorage: + default: 'overcloud-swift-storage' + type: string # DEPRECATED options for compatibility with overcloud.yaml # This should be removed and manipulation of the ControllerServices list @@ -58,6 +61,7 @@ outputs: description: Role data for the Swift Proxy role. value: service_name: swift_storage + monitoring_subscription: {get_param: MonitoringSubscriptionSwiftStorage} config_settings: map_merge: - get_attr: [SwiftBase, role_data, config_settings] diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml index 14965b4f..f6ec458f 100644 --- a/puppet/services/tripleo-firewall.yaml +++ b/puppet/services/tripleo-firewall.yaml @@ -18,11 +18,22 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ManageFirewall: + default: false + description: Whether to manage IPtables rules. + type: boolean + PurgeFirewallRules: + default: false + description: Whether IPtables rules should be purged before setting up the new ones. + type: boolean outputs: role_data: description: Role data for the TripleO firewall settings value: service_name: tripleo_firewall + config_settings: + tripleo::firewall::manage_firewall: {get_param: ManageFirewall} + tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules} step_config: | include ::tripleo::firewall diff --git a/puppet/swift-devices-and-proxy-config.yaml b/puppet/swift-devices-and-proxy-config.yaml index 14df831f..afee4dac 100644 --- a/puppet/swift-devices-and-proxy-config.yaml +++ b/puppet/swift-devices-and-proxy-config.yaml @@ -6,8 +6,6 @@ parameters: type: comma_delimited_list object_store_swift_devices: type: comma_delimited_list - controller_swift_proxy_memcaches: - type: comma_delimited_list resources: @@ -29,14 +27,6 @@ resources: - list_join: - ", " - {get_param: object_store_swift_devices} - swift::proxy::cache::memcache_servers: - str_replace: - template: "['SERVERS_LIST']" - params: - SERVERS_LIST: - list_join: - - "','" - - {get_param: controller_swift_proxy_memcaches} outputs: config_id: diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml index 859fad2c..ebc54ab0 100644 --- a/puppet/swift-storage-post.yaml +++ b/puppet/swift-storage-post.yaml @@ -13,6 +13,7 @@ parameters: default: {} DeployIdentifier: type: string + default: '' description: Value which changes if the node configuration may need to be re-applied resources: diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index b933c542..d8e49cac 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -84,6 +84,9 @@ parameters: ServiceNames: type: comma_delimited_list default: [] + MonitoringSubscriptions: + type: comma_delimited_list + default: [] ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -235,13 +238,16 @@ resources: - service_configs - object - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig + - bootstrap_node # provided by allNodesConfig - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig - '"%{::osfamily}"' merge_behavior: deeper datafiles: service_names: mapped_data: service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} service_configs: mapped_data: map_replace: diff --git a/puppet/vip-config.yaml b/puppet/vip-config.yaml deleted file mode 100644 index cbd7ea09..00000000 --- a/puppet/vip-config.yaml +++ /dev/null @@ -1,58 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - Configure hieradata for service -> virtual IP mappings. - -resources: - VipConfigImpl: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - vip_data: - mapped_data: - keystone_admin_api_vip: {get_input: keystone_admin_api_vip} - keystone_public_api_vip: {get_input: keystone_public_api_vip} - neutron_api_vip: {get_input: neutron_api_vip} - # TODO: pass a `midonet_api_vip` var - midonet_api_vip: {get_input: neutron_api_vip} - cinder_api_vip: {get_input: cinder_api_vip} - glance_api_vip: {get_input: glance_api_vip} - glance_registry_vip: {get_input: glance_registry_vip} - sahara_api_vip: {get_input: sahara_api_vip} - swift_proxy_vip: {get_input: swift_proxy_vip} - manila_api_vip: {get_input: manila_api_vip} - nova_api_vip: {get_input: nova_api_vip} - nova_metadata_vip: {get_input: nova_metadata_vip} - ceilometer_api_vip: {get_input: ceilometer_api_vip} - aodh_api_vip: {get_input: aodh_api_vip} - gnocchi_api_vip: {get_input: gnocchi_api_vip} - heat_api_vip: {get_input: heat_api_vip} - horizon_vip: {get_input: horizon_vip} - redis_vip: {get_input: redis_vip} - mysql_vip: {get_input: mysql_vip} - public_virtual_ip: {get_input: public_virtual_ip} - controller_virtual_ip: {get_input: control_virtual_ip} - internal_api_virtual_ip: {get_input: internal_api_virtual_ip} - storage_virtual_ip: {get_input: storage_virtual_ip} - storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} - ironic_api_vip: {get_input: ironic_api_vip} - opendaylight_api_vip: {get_input: opendaylight_api_vip} - # public_virtual_ip and controller_virtual_ip are needed in - # both HAproxy & keepalived. - tripleo::haproxy::public_virtual_ip: {get_input: public_virtual_ip} - tripleo::haproxy::controller_virtual_ip: {get_input: control_virtual_ip} - tripleo::keepalived::public_virtual_ip: {get_input: public_virtual_ip} - tripleo::keepalived::controller_virtual_ip: {get_input: control_virtual_ip} - tripleo::keepalived::internal_api_virtual_ip: {get_input: internal_api_virtual_ip} - tripleo::keepalived::storage_virtual_ip: {get_input: storage_virtual_ip} - tripleo::keepalived::storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip} - tripleo::redis_notification::haproxy_monitor_ip: {get_input: control_virtual_ip} - - -outputs: - OS::stack_id: - description: The VipConfigImpl resource. - value: {get_resource: VipConfigImpl} |