aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/cinder-storage-puppet.yaml7
-rw-r--r--puppet/controller-puppet.yaml80
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp23
3 files changed, 74 insertions, 36 deletions
diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml
index c69a0f3c..007a489c 100644
--- a/puppet/cinder-storage-puppet.yaml
+++ b/puppet/cinder-storage-puppet.yaml
@@ -16,6 +16,11 @@ parameters:
default: 5000
description: The size of the loopback file used by the cinder LVM driver.
type: number
+ CinderPassword:
+ default: unset
+ description: The password for the cinder service and db account, used by cinder-api.
+ type: string
+ hidden: true
Debug:
default: ''
description: Set to True to enable debugging on all services.
@@ -158,7 +163,7 @@ resources:
config: {get_resource: BlockStorageConfig}
input_values:
debug: {get_param: Debug}
- cinder_dsn: {list_join: ['', ['mysql://cinder:unset@', {get_param: VirtualIP} , '/cinder']]}
+ cinder_dsn: {list_join: ['', ['mysql://cinder:', {get_param: CinderPassword}, '@', {get_param: VirtualIP} , '/cinder']]}
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
cinder_lvm_loop_device_size:
diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml
index 3e522df9..c7cc4b66 100644
--- a/puppet/controller-puppet.yaml
+++ b/puppet/controller-puppet.yaml
@@ -11,7 +11,7 @@ parameters:
hidden: true
AdminToken:
default: unset
- description: The keystone auth secret.
+ description: The keystone auth secret and db password.
type: string
hidden: true
CeilometerBackend:
@@ -25,7 +25,7 @@ parameters:
hidden: true
CeilometerPassword:
default: unset
- description: The password for the ceilometer service account.
+ description: The password for the ceilometer service and db account.
type: string
hidden: true
CinderEnableIscsiBackend:
@@ -46,7 +46,7 @@ parameters:
type: number
CinderPassword:
default: unset
- description: The password for the cinder service account, used by cinder-api.
+ description: The password for the cinder service and db account, used by cinder-api.
type: string
hidden: true
CloudName:
@@ -137,7 +137,7 @@ parameters:
default: ''
GlancePassword:
default: unset
- description: The password for the glance service account, used by the glance services.
+ description: The password for the glance service and db account, used by the glance services.
type: string
hidden: true
GlancePort:
@@ -157,7 +157,7 @@ parameters:
- allowed_values: ['swift', 'file', 'rbd']
HeatPassword:
default: unset
- description: The password for the Heat service account, used by the Heat services.
+ description: The password for the Heat service and db account, used by the Heat services.
type: string
hidden: true
HeatStackDomainAdminPassword:
@@ -290,7 +290,7 @@ parameters:
type: string
NeutronPassword:
default: unset
- description: The password for the neutron service account, used by neutron agents.
+ description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
NeutronPublicInterface:
@@ -327,7 +327,7 @@ parameters:
type: string
NovaPassword:
default: unset
- description: The password for the nova service account, used by nova-api.
+ description: The password for the nova service and db account, used by nova-api.
type: string
hidden: true
NtpServer:
@@ -545,7 +545,9 @@ resources:
cinder_dsn:
list_join:
- ''
- - - 'mysql://cinder:unset@'
+ - - 'mysql://cinder:'
+ - {get_param: CinderPassword}
+ - '@'
- {get_param: VirtualIP}
- '/cinder'
glance_port: {get_param: GlancePort}
@@ -558,7 +560,9 @@ resources:
glance_dsn:
list_join:
- ''
- - - 'mysql://glance:unset@'
+ - - 'mysql://glance:'
+ - {get_param: GlancePassword}
+ - '@'
- {get_param: VirtualIP}
- '/glance'
heat_password: {get_param: HeatPassword}
@@ -566,7 +570,9 @@ resources:
heat_dsn:
list_join:
- ''
- - - 'mysql://heat:unset@'
+ - - 'mysql://heat:'
+ - {get_param: HeatPassword}
+ - '@'
- {get_param: VirtualIP}
- '/heat'
keystone_ca_certificate: {get_param: KeystoneCACertificate}
@@ -577,7 +583,9 @@ resources:
keystone_dsn:
list_join:
- ''
- - - 'mysql://keystone:unset@'
+ - - 'mysql://keystone:'
+ - {get_param: AdminToken}
+ - '@'
- {get_param: VirtualIP}
- '/keystone'
keystone_identity_uri:
@@ -622,7 +630,9 @@ resources:
neutron_dsn:
list_join:
- ''
- - - 'mysql://neutron:unset@'
+ - - 'mysql://neutron:'
+ - {get_param: NeutronPassword}
+ - '@'
- {get_param: VirtualIP}
- '/ovs_neutron?charset=utf8'
neutron_url:
@@ -652,7 +662,9 @@ resources:
nova_dsn:
list_join:
- ''
- - - 'mysql://nova:unset@'
+ - - 'mysql://nova:'
+ - {get_param: NovaPassword}
+ - '@'
- {get_param: VirtualIP}
- '/nova'
pcsd_password: {get_param: PcsdPassword}
@@ -712,10 +724,10 @@ resources:
hacluster_pwd: {get_input: pcsd_password}
# Swift
- swift::proxy::proxy_local_net_ip: {get_input: controller_host}
+ swift::proxy::proxy_local_net_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri}
swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri}
- swift::storage::all::storage_local_net_ip: {get_input: controller_host}
+ swift::storage::all::storage_local_net_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
swift::swift_hash_suffix: {get_input: swift_hash_suffix}
swift::proxy::authtoken::admin_password: {get_input: swift_password}
tripleo::ringbuilder::part_power: {get_input: swift_part_power}
@@ -731,12 +743,12 @@ resources:
cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend}
cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size}
cinder_iscsi_helper: {get_input: cinder_iscsi_helper}
- cinder_iscsi_ip_address: {get_input: controller_host}
+ cinder_iscsi_ip_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]}
cinder::database_connection: {get_input: cinder_dsn}
cinder::api::keystone_password: {get_input: cinder_password}
cinder::api::auth_uri: {get_input: keystone_auth_uri}
cinder::api::identity_uri: {get_input: keystone_identity_uri}
- cinder::api::bind_host: {get_input: controller_host}
+ cinder::api::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]}
cinder::rabbit_userid: {get_input: rabbit_username}
cinder::rabbit_password: {get_input: rabbit_password}
cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
@@ -746,10 +758,10 @@ resources:
# Glance
glance::api::bind_port: {get_input: glance_port}
- glance::api::bind_host: {get_input: controller_host}
+ glance::api::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]}
glance::api::auth_uri: {get_input: keystone_auth_uri}
glance::api::identity_uri: {get_input: keystone_identity_uri}
- glance::api::registry_host: {get_input: controller_host}
+ glance::api::registry_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
glance::api::keystone_password: {get_input: glance_password}
glance::api::debug: {get_input: debug}
# used to construct glance_api_servers
@@ -761,7 +773,7 @@ resources:
glance::api::database_connection: {get_input: glance_dsn}
glance::registry::keystone_password: {get_input: glance_password}
glance::registry::database_connection: {get_input: glance_dsn}
- glance::registry::bind_host: {get_input: controller_host}
+ glance::registry::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]}
glance::registry::auth_uri: {get_input: keystone_auth_uri}
glance::registry::identity_uri: {get_input: keystone_identity_uri}
glance::registry::debug: {get_input: debug}
@@ -783,9 +795,9 @@ resources:
heat::auth_uri: {get_input: keystone_auth_uri}
heat::identity_uri: {get_input: keystone_identity_uri}
heat::keystone_password: {get_input: heat_password}
- heat::api::bind_host: {get_input: controller_host}
- heat::api_cloudwatch::bind_host: {get_input: controller_host}
- heat::api_cfn::bind_host: {get_input: controller_host}
+ heat::api::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]}
+ heat::api_cloudwatch::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiCloudwatchNetwork]}]}
+ heat::api_cfn::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiCfnNetwork]}]}
heat::database_connection: {get_input: heat_dsn}
heat::instance_user: heat-admin
heat::debug: {get_input: debug}
@@ -798,11 +810,11 @@ resources:
keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
keystone::database_connection: {get_input: keystone_dsn}
- keystone::public_bind_host: {get_input: controller_host}
- keystone::admin_bind_host: {get_input: controller_host}
+ keystone::public_bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]}
+ keystone::admin_bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]}
keystone::debug: {get_input: debug}
# MongoDB
- mongodb::server::bind_ip: {get_input: controller_host}
+ mongodb::server::bind_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]}
# MySQL
admin_password: {get_input: admin_password}
enable_galera: {get_input: enable_galera}
@@ -813,7 +825,7 @@ resources:
mysql_cluster_name: {get_input: mysql_cluster_name}
# Neutron
- neutron::bind_host: {get_input: controller_host}
+ neutron::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
neutron::rabbit_password: {get_input: rabbit_password}
neutron::rabbit_user: {get_input: rabbit_user}
neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
@@ -854,7 +866,7 @@ resources:
ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
ceilometer::rabbit_port: {get_input: rabbit_client_port}
ceilometer::debug: {get_input: debug}
- ceilometer::api::host: {get_input: controller_host}
+ ceilometer::api::host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]}
ceilometer::api::keystone_password: {get_input: ceilometer_password}
ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri}
ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri}
@@ -870,8 +882,8 @@ resources:
nova::debug: {get_input: debug}
nova::api::auth_uri: {get_input: keystone_auth_uri}
nova::api::identity_uri: {get_input: keystone_identity_uri}
- nova::api::api_bind_address: {get_input: controller_host}
- nova::api::metadata_listen: {get_input: controller_host}
+ nova::api::api_bind_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
+ nova::api::metadata_listen: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
nova::api::admin_password: {get_input: nova_password}
nova::database_connection: {get_input: nova_dsn}
nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
@@ -882,16 +894,16 @@ resources:
# Horizon
horizon::django_debug: {get_input: debug}
horizon::secret_key: {get_input: horizon_secret}
- horizon::bind_address: {get_input: controller_host}
+ horizon::bind_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
horizon::keystone_url: {get_input: keystone_auth_uri}
# Rabbit
- rabbitmq::node_ip_address: {get_input: controller_host}
+ rabbitmq::node_ip_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
rabbitmq::erlang_cookie: {get_input: rabbit_cookie}
# Redis
- redis::bind: {get_input: controller_host}
+ redis::bind: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
# Misc
- memcached::listen_ip: {get_input: controller_host}
+ memcached::listen_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
neutron_public_interface_ip: {get_input: neutron_public_interface_ip}
ntp::servers: {get_input: ntp_servers}
control_virtual_interface: {get_input: control_virtual_interface}
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index ea4e7c3e..5b5854da 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -211,7 +211,8 @@ if hiera('step') >= 2 {
pacemaker::resource::ocf { 'galera' :
ocf_agent_name => 'heartbeat:galera',
- op_params => 'promote timeout=300s on-fail=block --master',
+ op_params => 'promote timeout=300s on-fail=block',
+ master_params => '',
meta_params => "master-max=${galera_nodes_count} ordered=true",
resource_params => "additional_parameters='--open-files-limit=16384' enable_creation=true wsrep_cluster_address='gcomm://${galera_nodes}'",
require => Class['::mysql::server'],
@@ -707,12 +708,22 @@ if hiera('step') >= 4 {
# Cinder
pacemaker::resource::service { $::cinder::params::api_service :
clone_params => "interleave=true",
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
}
pacemaker::resource::service { $::cinder::params::scheduler_service :
clone_params => "interleave=true",
}
pacemaker::resource::service { $::cinder::params::volume_service : }
+ pacemaker::constraint::base { 'keystone-then-cinder-api-constraint':
+ constraint_type => 'order',
+ first_resource => "${::keystone::params::service_name}-clone",
+ second_resource => "${::cinder::params::api_service}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::cinder::params::api_service],
+ Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ }
pacemaker::constraint::base { 'cinder-api-then-cinder-scheduler-constraint':
constraint_type => "order",
first_resource => "${::cinder::params::api_service}-clone",
@@ -749,11 +760,21 @@ if hiera('step') >= 4 {
# Glance
pacemaker::resource::service { $::glance::params::registry_service_name :
clone_params => "interleave=true",
+ require => Pacemaker::Resource::Service[$::keystone::params::service_name],
}
pacemaker::resource::service { $::glance::params::api_service_name :
clone_params => "interleave=true",
}
+ pacemaker::constraint::base { 'keystone-then-glance-registry-constraint':
+ constraint_type => 'order',
+ first_resource => "${::keystone::params::service_name}-clone",
+ second_resource => "${::glance::params::registry_service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
+ Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ }
pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint':
constraint_type => "order",
first_resource => "${::glance::params::registry_service_name}-clone",