diff options
Diffstat (limited to 'puppet')
35 files changed, 1288 insertions, 217 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 00766193..2f2a1e9d 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -69,8 +69,8 @@ resources: allNodesConfigImpl: type: OS::Heat::StructuredConfig properties: + group: os-apply-config config: - completion-signal: {get_input: deploy_signal_id} hosts: list_join: - "\n" @@ -139,6 +139,14 @@ resources: list_join: - "','" - {get_param: memcache_node_ips} + memcache_node_ips_v6: + str_replace: + template: "['inet6:[SERVERS_LIST]']" + params: + SERVERS_LIST: + list_join: + - "]','inet6:[" + - {get_param: memcache_node_ips} mysql_node_ips: str_replace: template: "['SERVERS_LIST']" @@ -265,6 +273,7 @@ resources: # hieradata file can't be used as it returns string ceilometer::rabbit_hosts: *rabbit_nodes_array cinder::rabbit_hosts: *rabbit_nodes_array + glance::notify::rabbitmq::rabbit_hosts: *rabbit_nodes_array heat::rabbit_hosts: *rabbit_nodes_array neutron::rabbit_hosts: *rabbit_nodes_array nova::rabbit_hosts: *rabbit_nodes_array diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml index 96198c3f..dc2f98ed 100644 --- a/puppet/ceph-cluster-config.yaml +++ b/puppet/ceph-cluster-config.yaml @@ -39,6 +39,9 @@ parameters: CephClientUserName: default: openstack type: string + CephIPv6: + default: False + type: boolean resources: CephClusterConfigImpl: @@ -50,15 +53,25 @@ resources: datafiles: ceph_cluster: mapped_data: + ceph_ipv6: {get_param: CephIPv6} ceph_storage_count: {get_param: ceph_storage_count} ceph_mon_initial_members: list_join: - ',' - {get_param: ceph_mon_names} - ceph::profile::params::mon_host: + ceph_mon_host: list_join: - ',' - {get_param: ceph_mon_ips} + ceph_mon_host_v6: + str_replace: + template: "'[IPS_LIST]'" + params: + IPS_LIST: + list_join: + - '],[' + - {get_param: ceph_mon_ips} + ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} ceph::profile::params::fsid: {get_param: ceph_fsid} ceph::profile::params::mon_key: {get_param: ceph_mon_key} # We should use a separated key for the non-admin clients diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml index f9c53465..e90710c7 100644 --- a/puppet/ceph-storage-post.yaml +++ b/puppet/ceph-storage-post.yaml @@ -14,8 +14,19 @@ parameters: type: json description: Value which changes if the node configuration may need to be re-applied - resources: + + CephStorageArtifactsConfig: + type: deploy-artifacts.yaml + + CephStorageArtifactsDeploy: + type: OS::Heat::StructuredDeployments + properties: + servers: {get_param: servers} + config: {get_resource: CephStorageArtifactsConfig} + input_values: + update_identifier: {get_param: NodeConfigIdentifiers} + CephStoragePuppetConfig: type: OS::Heat::SoftwareConfig properties: @@ -29,6 +40,7 @@ resources: CephStorageDeployment_Step1: type: OS::Heat::StructuredDeployments + depends_on: CephStorageArtifactsDeploy properties: name: CephStorageDeployment_Step1 servers: {get_param: servers} diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index e310e1f5..d2988926 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -47,6 +47,10 @@ parameters: Hostname: type: string default: '' # Defaults to Heat created hostname + HostnameMap: + type: json + default: {} + description: Optional mapping to override hostnames ExtraConfig: default: {} description: | @@ -58,6 +62,9 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json + CephStorageIPs: + default: {} + type: json NetworkDeploymentActions: type: comma_delimited_list description: > @@ -86,6 +93,9 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + NodeIndex: + type: number + default: 0 resources: CephStorage: @@ -99,7 +109,10 @@ resources: - network: ctlplane user_data_format: SOFTWARE_CONFIG user_data: {get_resource: UserData} - name: {get_param: Hostname} + name: + str_replace: + template: {get_param: Hostname} + params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} scheduler_hints: {get_param: SchedulerHints} @@ -128,31 +141,43 @@ resources: type: OS::TripleO::CephStorage::Ports::ExternalPort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} InternalApiPort: type: OS::TripleO::CephStorage::Ports::InternalApiPort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} StoragePort: type: OS::TripleO::CephStorage::Ports::StoragePort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} StorageMgmtPort: type: OS::TripleO::CephStorage::Ports::StorageMgmtPort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} TenantPort: type: OS::TripleO::CephStorage::Ports::TenantPort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} ManagementPort: type: OS::TripleO::CephStorage::Ports::ManagementPort properties: ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + IPPool: {get_param: CephStorageIPs} + NodeIndex: {get_param: NodeIndex} NetworkConfig: type: OS::TripleO::CephStorage::Net::SoftwareConfig @@ -170,11 +195,17 @@ resources: properties: ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} ExternalIp: {get_attr: [ExternalPort, ip_address]} + ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} StorageIp: {get_attr: [StoragePort, ip_address]} + StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} TenantIp: {get_attr: [TenantPort, ip_address]} + TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} ManagementIp: {get_attr: [ManagementPort, ip_address]} + ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} NetIpSubnetMap: type: OS::TripleO::Network::Ports::NetIpSubnetMap @@ -280,11 +311,54 @@ outputs: hosts_entry: value: str_replace: - template: "IP HOST.DOMAIN HOST" + template: | + PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST + EXTERNALIP EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST + STORAGEIP STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST + TENANTIP TENANTHOST + MANAGEMENTIP MANAGEMENTHOST params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} + PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} - HOST: {get_attr: [CephStorage, name]} + PRIMARYHOST: {get_attr: [CephStorage, name]} + EXTERNALIP: {get_attr: [ExternalPort, ip_address]} + EXTERNALHOST: + list_join: + - '-' + - - {get_attr: [CephStorage, name]} + - external + INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} + INTERNAL_APIHOST: + list_join: + - '-' + - - {get_attr: [CephStorage, name]} + - internalapi + STORAGEIP: {get_attr: [StoragePort, ip_address]} + STORAGEHOST: + list_join: + - '-' + - - {get_attr: [CephStorage, name]} + - storage + STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} + STORAGE_MGMTHOST: + list_join: + - '-' + - - {get_attr: [CephStorage, name]} + - storagemgmt + TENANTIP: {get_attr: [TenantPort, ip_address]} + TENANTHOST: + list_join: + - '-' + - - {get_attr: [CephStorage, name]} + - tenant + MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} + MANAGEMENTHOST: + list_join: + - '-' + - - {get_attr: [CephStorage, name]} + - management nova_server_resource: description: Heat resource handle for the ceph storage server value: diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml index 9b7c752a..f470203f 100644 --- a/puppet/cinder-storage-post.yaml +++ b/puppet/cinder-storage-post.yaml @@ -14,8 +14,20 @@ parameters: resources: + VolumeArtifactsConfig: + type: deploy-artifacts.yaml + + VolumeArtifactsDeploy: + type: OS::Heat::StructuredDeployments + properties: + servers: {get_param: servers} + config: {get_resource: VolumeArtifactsConfig} + input_values: + update_identifier: {get_param: NodeConfigIdentifiers} + VolumePuppetConfig: type: OS::Heat::SoftwareConfig + depends_on: VolumeArtifactsDeploy properties: group: puppet options: diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index f7e8f907..888f3cf8 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -9,11 +9,11 @@ parameters: description: Whether to enable or not the Iscsi backend for Cinder type: boolean CinderISCSIHelper: - default: tgtadm + default: lioadm description: The iSCSI helper to use with cinder. type: string CinderLVMLoopDeviceSize: - default: 5000 + default: 10280 description: The size of the loopback file used by the cinder LVM driver. type: number CinderPassword: @@ -38,6 +38,9 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json + BlockStorageIPs: + default: {} + type: json Flavor: description: Flavor for block storage nodes to request when deploying. type: string @@ -89,6 +92,10 @@ parameters: Hostname: type: string default: '' # Defaults to Heat created hostname + HostnameMap: + type: json + default: {} + description: Optional mapping to override hostnames ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -106,7 +113,7 @@ parameters: GlanceApiVirtualIP: type: string default: '' - MysqlVirtualIP: + MysqlVirtualIPUri: type: string default: '' NetworkDeploymentActions: @@ -137,6 +144,9 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + NodeIndex: + type: number + default: 0 resources: @@ -151,7 +161,10 @@ resources: - network: ctlplane user_data_format: SOFTWARE_CONFIG user_data: {get_resource: UserData} - name: {get_param: Hostname} + name: + str_replace: + template: {get_param: Hostname} + params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} scheduler_hints: {get_param: SchedulerHints} @@ -180,31 +193,43 @@ resources: type: OS::TripleO::BlockStorage::Ports::ExternalPort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} InternalApiPort: type: OS::TripleO::BlockStorage::Ports::InternalApiPort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} StoragePort: type: OS::TripleO::BlockStorage::Ports::StoragePort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} StorageMgmtPort: type: OS::TripleO::BlockStorage::Ports::StorageMgmtPort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} TenantPort: type: OS::TripleO::BlockStorage::Ports::TenantPort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} ManagementPort: type: OS::TripleO::BlockStorage::Ports::ManagementPort properties: ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + IPPool: {get_param: BlockStorageIPs} + NodeIndex: {get_param: NodeIndex} NetworkConfig: type: OS::TripleO::BlockStorage::Net::SoftwareConfig @@ -222,11 +247,17 @@ resources: properties: ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} ExternalIp: {get_attr: [ExternalPort, ip_address]} + ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} StorageIp: {get_attr: [StoragePort, ip_address]} + StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} TenantIp: {get_attr: [TenantPort, ip_address]} + TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} ManagementIp: {get_attr: [ManagementPort, ip_address]} + ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -245,7 +276,7 @@ resources: config: {get_resource: BlockStorageConfig} input_values: debug: {get_param: Debug} - cinder_dsn: {list_join: ['', ['mysql+pymysql://cinder:', {get_param: CinderPassword}, '@', {get_param: MysqlVirtualIP} , '/cinder']]} + cinder_dsn: {list_join: ['', ['mysql+pymysql://cinder:', {get_param: CinderPassword}, '@', {get_param: MysqlVirtualIPUri} , '/cinder']]} snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} cinder_lvm_loop_device_size: @@ -343,11 +374,54 @@ outputs: hosts_entry: value: str_replace: - template: "IP HOST.DOMAIN HOST" + template: | + PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST + EXTERNALIP EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST + STORAGEIP STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST + TENANTIP TENANTHOST + MANAGEMENTIP MANAGEMENTHOST params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]} + PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} - HOST: {get_attr: [BlockStorage, name]} + PRIMARYHOST: {get_attr: [BlockStorage, name]} + EXTERNALIP: {get_attr: [ExternalPort, ip_address]} + EXTERNALHOST: + list_join: + - '-' + - - {get_attr: [BlockStorage, name]} + - external + INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} + INTERNAL_APIHOST: + list_join: + - '-' + - - {get_attr: [BlockStorage, name]} + - internalapi + STORAGEIP: {get_attr: [StoragePort, ip_address]} + STORAGEHOST: + list_join: + - '-' + - - {get_attr: [BlockStorage, name]} + - storage + STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} + STORAGE_MGMTHOST: + list_join: + - '-' + - - {get_attr: [BlockStorage, name]} + - storagemgmt + TENANTIP: {get_attr: [TenantPort, ip_address]} + TENANTHOST: + list_join: + - '-' + - - {get_attr: [BlockStorage, name]} + - tenant + MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} + MANAGEMENTHOST: + list_join: + - '-' + - - {get_attr: [BlockStorage, name]} + - management nova_server_resource: description: Heat resource handle for the block storage server value: diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml index 3861e50c..a122df0e 100644 --- a/puppet/compute-post.yaml +++ b/puppet/compute-post.yaml @@ -17,6 +17,17 @@ parameters: resources: + ComputeArtifactsConfig: + type: deploy-artifacts.yaml + + ComputeArtifactsDeploy: + type: OS::Heat::StructuredDeployments + properties: + servers: {get_param: servers} + config: {get_resource: ComputeArtifactsConfig} + input_values: + update_identifier: {get_param: NodeConfigIdentifiers} + ComputePuppetConfig: type: OS::Heat::SoftwareConfig properties: @@ -30,6 +41,7 @@ resources: ComputePuppetDeployment: type: OS::Heat::StructuredDeployments + depends_on: ComputeArtifactsDeploy properties: name: ComputePuppetDeployment servers: {get_param: servers} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 8b2bcd33..ee5bced6 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -118,6 +118,15 @@ parameters: default: nic1 description: A port to add to the NeutronPhysicalBridge. type: string + NeutronTenantMtu: + description: > + The default MTU for tenant networks. For VXLAN/GRE tunneling, this should + be at least 50 bytes smaller than the MTU on the physical network. This + value will be used to set the MTU on the virtual Ethernet device. + This number is related to the value of NeutronDnsmasqOptions, since that + will determine the MTU that is assigned to the VM host through DHCP. + default: 1400 + type: number NeutronTunnelTypes: type: comma_delimited_list description: | @@ -186,6 +195,9 @@ parameters: default: 'dvr_snat' description: Agent mode for the neutron-l3-agent on the controller hosts type: string + NodeIndex: + type: number + default: 0 NovaApiHost: type: string default: '' # Has to be here because of the ignored empty value bug @@ -198,6 +210,9 @@ parameters: NovaCompute specific configuration to inject into the cluster. Same structure as ExtraConfig. type: json + NovaComputeIPs: + default: {} + type: json NovaComputeLibvirtType: type: string default: kvm @@ -209,6 +224,10 @@ parameters: default: false description: Whether to enable or not the Rbd backend for Nova type: boolean + NovaIPv6: + default: false + description: Enable IPv6 features in Nova + type: boolean NovaPassword: description: The password for the nova service account, used by nova-api. type: string @@ -258,6 +277,10 @@ parameters: description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true + UpgradeLevelNovaCompute: + type: string + description: Nova Compute upgrade level + default: '' EnablePackageInstall: default: 'false' description: Set to true to enable package installation via Puppet @@ -285,6 +308,10 @@ parameters: Hostname: type: string default: '' # Defaults to Heat created hostname + HostnameMap: + type: json + default: {} + description: Optional mapping to override hostnames NetworkDeploymentActions: type: comma_delimited_list description: > @@ -329,7 +356,10 @@ resources: - network: ctlplane user_data_format: SOFTWARE_CONFIG user_data: {get_resource: UserData} - name: {get_param: Hostname} + name: + str_replace: + template: {get_param: Hostname} + params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} scheduler_hints: {get_param: SchedulerHints} @@ -358,42 +388,60 @@ resources: type: OS::TripleO::Compute::Ports::ExternalPort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} InternalApiPort: type: OS::TripleO::Compute::Ports::InternalApiPort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} StoragePort: type: OS::TripleO::Compute::Ports::StoragePort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} StorageMgmtPort: type: OS::TripleO::Compute::Ports::StorageMgmtPort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} TenantPort: type: OS::TripleO::Compute::Ports::TenantPort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} ManagementPort: type: OS::TripleO::Compute::Ports::ManagementPort properties: ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + IPPool: {get_param: NovaComputeIPs} + NodeIndex: {get_param: NodeIndex} NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} ExternalIp: {get_attr: [ExternalPort, ip_address]} + ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} StorageIp: {get_attr: [StoragePort, ip_address]} + StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} TenantIp: {get_attr: [TenantPort, ip_address]} + TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} ManagementIp: {get_attr: [ManagementPort, ip_address]} + ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} NetworkConfig: type: OS::TripleO::Compute::Net::SoftwareConfig @@ -434,9 +482,11 @@ resources: - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - common + - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre - nova_nuage_data # Optionally provided by ComputeExtraConfigPre - midonet_data # Optionally provided by AllNodesExtraConfig + - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre datafiles: compute_extraconfig: mapped_data: {get_param: NovaComputeExtraConfig} @@ -450,11 +500,13 @@ resources: raw_data: {get_file: hieradata/compute.yaml} mapped_data: cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} + nova::use_ipv6: {get_input: nova_ipv6} nova::debug: {get_input: debug} nova::rabbit_userid: {get_input: rabbit_username} nova::rabbit_password: {get_input: rabbit_password} nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} nova::rabbit_port: {get_input: rabbit_client_port} + nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute} nova_compute_driver: {get_input: nova_compute_driver} nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} nova::compute::neutron::libvirt_vif_driver: {get_input: nova_compute_libvirt_vif_driver} @@ -463,7 +515,11 @@ resources: nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend} rbd_persistent_storage: {get_input: cinder_enable_rbd_backend} nova_password: {get_input: nova_password} + nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu} nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address} + nova::vncproxy::common::vncproxy_protocol: {get_input: nova_vncproxy_protocol} + nova::vncproxy::common::vncproxy_host: {get_input: nova_vncproxy_host} + nova::vncproxy::common::vncproxy_port: {get_input: nova_vncproxy_port} nova::network::neutron::neutron_ovs_bridge: {get_input: nova_ovs_bridge} nova::network::neutron::security_group_api: {get_input: nova_security_group_api} ceilometer::debug: {get_input: debug} @@ -487,6 +543,7 @@ resources: neutron_host: {get_input: neutron_host} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} + neutron::network_device_mtu: {get_input: neutron_tenant_mtu} neutron::plugins::ml2::tenant_network_types: {get_input: neutron_tenant_network_types} neutron::agents::ml2::ovs::tunnel_types: {get_input: neutron_tunnel_types} neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions} @@ -498,9 +555,9 @@ resources: neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} neutron_physical_bridge: {get_input: neutron_physical_bridge} neutron_public_interface: {get_input: neutron_public_interface} - nova::network::neutron::neutron_admin_password: {get_input: neutron_password} + nova::network::neutron::neutron_password: {get_input: neutron_password} nova::network::neutron::neutron_url: {get_input: neutron_internal_url} - nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} + nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url} neutron_router_distributed: {get_input: neutron_router_distributed} neutron_agent_mode: {get_input: neutron_agent_mode} neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} @@ -533,10 +590,22 @@ resources: nova_api_host: {get_param: NovaApiHost} nova_password: {get_param: NovaPassword} nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend} + nova_ipv6: {get_param: NovaIPv6} cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]} + nova_vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]} + # Remove brackets that may come if the IP address is IPv6. + # For DNS names and IPv4, this will just get the NovaVNCProxyPublic value + nova_vncproxy_host: + str_replace: + template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]} + params: + '[': '' + ']': '' + nova_vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]} nova_ovs_bridge: {get_param: NovaOVSBridge} nova_security_group_api: {get_param: NovaSecurityGroupAPI} + upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} ceilometer_compute_agent: {get_param: CeilometerComputeAgent} @@ -581,6 +650,7 @@ resources: template: MAPPINGS params: MAPPINGS: {get_param: NeutronBridgeMappings} + neutron_tenant_mtu: {get_param: NeutronTenantMtu} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} neutron_enable_l2pop: {get_param: NeutronEnableL2Pop} neutron_physical_bridge: {get_param: NeutronPhysicalBridge} @@ -612,7 +682,7 @@ resources: AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]} - neutron_admin_auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri]} + neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} keystone_vip: {get_param: KeystonePublicApiVirtualIP} admin_password: {get_param: AdminPassword} rabbit_username: {get_param: RabbitUserName} @@ -689,11 +759,54 @@ outputs: Server's IP address and hostname in the /etc/hosts format value: str_replace: - template: "IP HOST.DOMAIN HOST" + template: | + PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST + EXTERNALIP EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST + STORAGEIP STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST + TENANTIP TENANTHOST + MANAGEMENTIP MANAGEMENTHOST params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]} + PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} - HOST: {get_attr: [NovaCompute, name]} + PRIMARYHOST: {get_attr: [NovaCompute, name]} + EXTERNALIP: {get_attr: [ExternalPort, ip_address]} + EXTERNALHOST: + list_join: + - '-' + - - {get_attr: [NovaCompute, name]} + - external + INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} + INTERNAL_APIHOST: + list_join: + - '-' + - - {get_attr: [NovaCompute, name]} + - internalapi + STORAGEIP: {get_attr: [StoragePort, ip_address]} + STORAGEHOST: + list_join: + - '-' + - - {get_attr: [NovaCompute, name]} + - storage + STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} + STORAGE_MGMTHOST: + list_join: + - '-' + - - {get_attr: [NovaCompute, name]} + - storagemgmt + TENANTIP: {get_attr: [TenantPort, ip_address]} + TENANTHOST: + list_join: + - '-' + - - {get_attr: [NovaCompute, name]} + - tenant + MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} + MANAGEMENTHOST: + list_join: + - '-' + - - {get_attr: [NovaCompute, name]} + - management nova_server_resource: description: Heat resource handle for the Nova compute server value: diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml index d250dd70..713ad706 100644 --- a/puppet/controller-post.yaml +++ b/puppet/controller-post.yaml @@ -17,6 +17,15 @@ parameters: resources: + ControllerArtifactsConfig: + type: deploy-artifacts.yaml + + ControllerArtifactsDeploy: + type: OS::Heat::StructuredDeployments + properties: + servers: {get_param: servers} + config: {get_resource: ControllerArtifactsConfig} + ControllerPrePuppet: type: OS::TripleO::Tasks::ControllerPrePuppet properties: @@ -33,7 +42,7 @@ resources: # e.g all Deployment resources should have a *Deployment_StepN suffix ControllerLoadBalancerDeployment_Step1: type: OS::Heat::StructuredDeployments - depends_on: ControllerPrePuppet + depends_on: [ControllerPrePuppet, ControllerArtifactsDeploy] properties: name: ControllerLoadBalancerDeployment_Step1 servers: {get_param: servers} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index ea19c711..a873ce8a 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -32,6 +32,10 @@ parameters: description: The password for the ceilometer service and db account. type: string hidden: true + CeilometerStoreEvents: + default: false + description: Whether to store events in ceilometer. + type: boolean CinderApiVirtualIP: type: string default: '' @@ -57,11 +61,11 @@ parameters: description: Whether to enable or not the Rbd backend for Cinder type: boolean CinderISCSIHelper: - default: tgtadm + default: lioadm description: The iSCSI helper to use with cinder. type: string CinderLVMLoopDeviceSize: - default: 5000 + default: 10280 description: The size of the loopback file used by the cinder LVM driver. type: number CinderNfsMountOptions: @@ -107,6 +111,10 @@ parameters: default: 'br-ex' description: Interface where virtual ip will be assigned. type: string + CorosyncIPv6: + default: false + description: Enable IPv6 in Corosync + type: boolean Debug: default: '' description: Set to True to enable debugging on all services. @@ -230,7 +238,7 @@ parameters: type: string hidden: true HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. + description: Password for heat_stack_domain_admin user. type: string hidden: true HeatAuthEncryptionKey: @@ -245,6 +253,11 @@ parameters: default: 0 description: Number of workers for Heat service. type: number + HeatEnableDBPurge: + type: boolean + default: true + description: | + Whether to create cron job for purging soft deleted rows in the Heat database. HorizonSecret: description: Secret key for Django type: string @@ -492,6 +505,15 @@ parameters: default: '' description: If set, the public interface is a vlan with this device as the raw device. type: string + NeutronTenantMtu: + description: > + The default MTU for tenant networks. For VXLAN/GRE tunneling, this should + be at least 50 bytes smaller than the MTU on the physical network. This + value will be used to set the MTU on the virtual Ethernet device. + This number is related to the value of NeutronDnsmasqOptions, since that + will determine the MTU that is assigned to the VM host through DHCP. + default: 1400 + type: number NeutronTunnelTypes: default: 'vxlan' description: | @@ -510,7 +532,7 @@ parameters: default: ["1:4094", ] type: comma_delimited_list NeutronPluginExtensions: - default: "qos" + default: "qos,port_security" description: | Comma-separated list of extensions enabled for the Neutron plugin. type: comma_delimited_list @@ -531,6 +553,10 @@ parameters: description: | Whether to create cron job for purging soft deleted rows in Nova database. type: boolean + NovaIPv6: + default: false + description: Enable IPv6 features in Nova + type: boolean NovaPassword: description: The password for the nova service and db account, used by nova-api. type: string @@ -543,6 +569,10 @@ parameters: default: false description: Should MongoDb journaling be disabled type: boolean + MongoDbIPv6: + default: false + description: Enable IPv6 if Mongo DB VIP is IPv6 + type: boolean NtpServer: default: '' description: Comma-separated list of ntp servers @@ -587,9 +617,21 @@ parameters: default: 16384 description: Configures RabbitMQ FD limit type: string + RabbitIPv6: + default: false + description: Enable IPv6 in RabbitMQ + type: boolean + RedisPassword: + type: string + description: The password to access the Redis service + hidden: true RedisVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug + RedisVirtualIPUri: + type: string + default: '' # Has to be here because of the ignored empty value bug + description: An IP address which is wrapped in brackets in case of IPv6 SnmpdReadonlyUserName: default: ro_snmp_user description: The user name for SNMPd with readonly rights running on all Overcloud nodes @@ -635,12 +677,19 @@ parameters: default: 'UTC' description: The timezone to be set on controller nodes. type: string + UpgradeLevelNovaCompute: + type: string + description: Nova Compute upgrade level + default: '' VirtualIP: # DEPRECATED: use per service settings instead type: string default: '' # Has to be here because of the ignored empty value bug HeatApiVirtualIP: type: string default: '' + HeatApiVirtualIPUri: + type: string + default: '' GlanceApiVirtualIP: type: string default: '' @@ -650,6 +699,9 @@ parameters: MysqlVirtualIP: type: string default: '' + MysqlVirtualIPUri: + type: string + default: '' KeystoneAdminApiVirtualIP: type: string default: '' @@ -682,6 +734,10 @@ parameters: Hostname: type: string default: '' # Defaults to Heat created hostname + HostnameMap: + type: json + default: {} + description: Optional mapping to override hostnames NetworkDeploymentActions: type: comma_delimited_list description: > @@ -727,7 +783,10 @@ resources: - network: ctlplane user_data_format: SOFTWARE_CONFIG user_data: {get_resource: UserData} - name: {get_param: Hostname} + name: + str_replace: + template: {get_param: Hostname} + params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} scheduler_hints: {get_param: SchedulerHints} @@ -790,6 +849,8 @@ resources: ManagementPort: type: OS::TripleO::Controller::Ports::ManagementPort properties: + IPPool: {get_param: ControllerIPs} + NodeIndex: {get_param: NodeIndex} ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} NetIpMap: @@ -797,11 +858,17 @@ resources: properties: ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} ExternalIp: {get_attr: [ExternalPort, ip_address]} + ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} StorageIp: {get_attr: [StoragePort, ip_address]} + StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} TenantIp: {get_attr: [TenantPort, ip_address]} + TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} ManagementIp: {get_attr: [ManagementPort, ip_address]} + ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} NetIpSubnetMap: type: OS::TripleO::Network::Ports::NetIpSubnetMap @@ -877,21 +944,22 @@ resources: list_join: - '' - - 'http://' - - {get_param: HeatApiVirtualIP} + - {get_param: HeatApiVirtualIPUri} - ':8003' heat.metadata_server_url: list_join: - '' - - 'http://' - - {get_param: HeatApiVirtualIP} + - {get_param: HeatApiVirtualIPUri} - ':8000' heat.waitcondition_server_url: list_join: - '' - - 'http://' - - {get_param: HeatApiVirtualIP} + - {get_param: HeatApiVirtualIPUri} - ':8000/v1/waitcondition' heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} + heat_enable_db_purge: {get_param: HeatEnableDBPurge} horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} admin_email: {get_param: AdminEmail} @@ -919,7 +987,7 @@ resources: - - 'mysql+pymysql://cinder:' - {get_param: CinderPassword} - '@' - - {get_param: MysqlVirtualIP} + - {get_param: MysqlVirtualIPUri} - '/cinder' glance_port: {get_param: [EndpointMap, GlanceInternal, port]} glance_password: {get_param: GlancePassword} @@ -936,7 +1004,7 @@ resources: - - 'mysql+pymysql://glance:' - {get_param: GlancePassword} - '@' - - {get_param: MysqlVirtualIP} + - {get_param: MysqlVirtualIPUri} - '/glance' heat_password: {get_param: HeatPassword} heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} @@ -946,7 +1014,7 @@ resources: - - 'mysql+pymysql://heat:' - {get_param: HeatPassword} - '@' - - {get_param: MysqlVirtualIP} + - {get_param: MysqlVirtualIPUri} - '/heat' keystone_ca_certificate: {get_param: KeystoneCACertificate} keystone_signing_key: {get_param: KeystoneSigningKey} @@ -962,7 +1030,7 @@ resources: - - 'mysql+pymysql://keystone:' - {get_param: AdminToken} - '@' - - {get_param: MysqlVirtualIP} + - {get_param: MysqlVirtualIPUri} - '/keystone' keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } @@ -1061,6 +1129,7 @@ resources: params: AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} neutron_password: {get_param: NeutronPassword} + neutron_tenant_mtu: {get_param: NeutronTenantMtu} neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions} neutron_dsn: list_join: @@ -1068,33 +1137,37 @@ resources: - - 'mysql+pymysql://neutron:' - {get_param: NeutronPassword} - '@' - - {get_param: MysqlVirtualIP} + - {get_param: MysqlVirtualIPUri} - '/ovs_neutron?charset=utf8' neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] } neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } - neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri_no_suffix ] } + neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] } ceilometer_backend: {get_param: CeilometerBackend} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} + ceilometer_store_events: {get_param: CeilometerStoreEvents} ceilometer_coordination_url: list_join: - '' - - 'redis://' - - {get_param: RedisVirtualIP} - - ':6379' + - {get_param: RedisVirtualIPUri} + - ':6379/?password=' + - {get_param: RedisPassword} ceilometer_dsn: list_join: - '' - - 'mysql+pymysql://ceilometer:' - {get_param: CeilometerPassword} - '@' - - {get_param: MysqlVirtualIP} + - {get_param: MysqlVirtualIPUri} - '/ceilometer' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} nova_enable_db_purge: {get_param: NovaEnableDBPurge} + nova_ipv6: {get_param: NovaIPv6} + corosync_ipv6: {get_param: CorosyncIPv6} nova_password: {get_param: NovaPassword} nova_dsn: list_join: @@ -1102,8 +1175,17 @@ resources: - - 'mysql+pymysql://nova:' - {get_param: NovaPassword} - '@' - - {get_param: MysqlVirtualIP} + - {get_param: MysqlVirtualIPUri} - '/nova' + nova_api_dsn: + list_join: + - '' + - - 'mysql+pymysql://nova_api:' + - {get_param: NovaPassword} + - '@' + - {get_param: MysqlVirtualIPUri} + - '/nova_api' + upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute} instance_name_template: {get_param: InstanceNameTemplate} fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} @@ -1112,7 +1194,9 @@ resources: rabbit_cookie: {get_param: RabbitCookie} rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} + rabbit_ipv6: {get_param: RabbitIPv6} mongodb_no_journal: {get_param: MongoDbNoJournal} + mongodb_ipv6: {get_param: MongoDbIPv6} # We need to force this into quotes or hiera will return integer causing # the puppet module validation regexp to fail. # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401 @@ -1140,7 +1224,7 @@ resources: - - 'mysql://sahara:' - {get_param: SaharaPassword} - '@' - - {get_param: MysqlVirtualIP} + - {get_param: MysqlVirtualIPUri} - '/sahara' swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} @@ -1163,6 +1247,7 @@ resources: horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} + redis_password: {get_param: RedisPassword} redis_vip: {get_param: RedisVirtualIP} sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]} memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} @@ -1203,6 +1288,7 @@ resources: - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre - neutron_nuage_data # Optionally provided by ControllerExtraConfigPre - midonet_data #Optionally provided by AllNodesExtraConfig + - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre datafiles: controller_extraconfig: mapped_data: {get_param: ControllerExtraConfig} @@ -1215,7 +1301,7 @@ resources: mapped_data: ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} ceph::profile::params::public_network: {get_input: ceph_public_network} - ceph::mon::public_addr: {get_input: ceph_public_ip} + ceph::profile::params::public_addr: {get_input: ceph_public_ip} database: raw_data: {get_file: hieradata/database.yaml} object: @@ -1229,6 +1315,7 @@ resources: enable_fencing: {get_input: enable_fencing} enable_load_balancer: {get_input: enable_load_balancer} hacluster_pwd: {get_input: pcsd_password} + corosync_ipv6: {get_input: corosync_ipv6} tripleo::fencing::config: {get_input: fencing_config} # Swift @@ -1301,6 +1388,9 @@ resources: glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype} glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage} glance_file_pcmk_options: {get_input: glance_file_pcmk_options} + glance::notify::rabbitmq::rabbit_userid: {get_input: rabbit_username} + glance::notify::rabbitmq::rabbit_password: {get_input: rabbit_password} + glance::notify::rabbitmq::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} # Heat heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} @@ -1325,17 +1415,22 @@ resources: heat::database_connection: {get_input: heat_dsn} heat::debug: {get_input: debug} heat::db::mysql::password: {get_input: heat_password} + heat_enable_db_purge: {get_input: heat_enable_db_purge} + heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password} # Keystone keystone::admin_token: {get_input: admin_token} + keystone::roles::admin::password: {get_input: admin_password} keystone_ca_certificate: {get_input: keystone_ca_certificate} keystone_signing_key: {get_input: keystone_signing_key} keystone_signing_certificate: {get_input: keystone_signing_certificate} keystone_ssl_certificate: {get_input: keystone_ssl_certificate} keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key} keystone::database_connection: {get_input: keystone_dsn} - keystone::public_bind_host: {get_input: keystone_public_api_network} keystone::admin_bind_host: {get_input: keystone_admin_api_network} + keystone::public_bind_host: {get_input: keystone_public_api_network} + keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network} + keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network} keystone::debug: {get_input: debug} keystone::db::mysql::password: {get_input: admin_token} keystone::rabbit_userid: {get_input: rabbit_username} @@ -1353,10 +1448,11 @@ resources: keystone::admin_workers: {get_input: keystone_workers} keystone::public_workers: {get_input: keystone_workers} keystone_enable_db_purge: {get_input: keystone_enable_db_purge} - + keystone::public_endpoint: {get_input: keystone_public_url} # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} mongodb::server::nojournal: {get_input: mongodb_no_journal} + mongodb::server::ipv6: {get_input: mongodb_ipv6} # MySQL admin_password: {get_input: admin_password} enable_galera: {get_input: enable_galera} @@ -1381,6 +1477,7 @@ resources: neutron::server::database_connection: {get_input: neutron_dsn} neutron::server::api_workers: {get_input: neutron_workers} neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge} + neutron::network_device_mtu: {get_input: neutron_tenant_mtu} neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop} neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata} @@ -1406,7 +1503,7 @@ resources: neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} - neutron::agents::ml2::ovs:bridge_mappings: {get_input: neutron_bridge_mappings} + neutron::agents::ml2::ovs::bridge_mappings: {get_input: neutron_bridge_mappings} neutron_public_interface: {get_input: neutron_public_interface} neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route} @@ -1426,7 +1523,7 @@ resources: neutron::keystone::auth::password: {get_input: neutron_password } neutron::keystone::auth::region: {get_input: keystone_region} neutron::server::notifications::nova_url: {get_input: nova_internal_url} - neutron::server::notifications::auth_url: {get_input: neutron_admin_auth_url} + neutron::server::notifications::auth_url: {get_input: neutron_auth_url} neutron::server::notifications::tenant_name: 'service' neutron::server::notifications::project_name: 'service' neutron::server::notifications::password: {get_input: nova_password} @@ -1447,6 +1544,7 @@ resources: ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri} ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} + ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events} ceilometer::db::mysql::password: {get_input: ceilometer_password} snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} @@ -1456,7 +1554,9 @@ resources: nova::rabbit_password: {get_input: rabbit_password} nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} nova::rabbit_port: {get_input: rabbit_client_port} + nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute} nova::debug: {get_input: debug} + nova::use_ipv6: {get_input: nova_ipv6} nova::api::auth_uri: {get_input: keystone_auth_uri} nova::api::identity_uri: {get_input: keystone_identity_uri} nova::api::api_bind_address: {get_input: nova_api_network} @@ -1465,15 +1565,18 @@ resources: nova::api::osapi_compute_workers: {get_input: nova_workers} nova::api::ec2_workers: {get_input: nova_workers} nova::api::metadata_workers: {get_input: nova_workers} + nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu} nova::database_connection: {get_input: nova_dsn} + nova::api_database_connection: {get_input: nova_api_dsn} nova::glance_api_servers: {get_input: glance_api_servers} nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} nova::api::instance_name_template: {get_input: instance_name_template} - nova::network::neutron::neutron_admin_password: {get_input: neutron_password} + nova::network::neutron::neutron_password: {get_input: neutron_password} nova::network::neutron::neutron_url: {get_input: neutron_internal_url} - nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} + nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url} nova::vncproxy::host: {get_input: nova_api_network} nova::db::mysql::password: {get_input: nova_password} + nova::db::mysql_api::password: {get_input: nova_password} nova_enable_db_purge: {get_input: nova_enable_db_purge} # Horizon @@ -1513,8 +1616,12 @@ resources: rabbitmq::file_limit: {get_input: rabbit_fd_limit} rabbitmq::default_user: {get_input: rabbit_username} rabbitmq::default_pass: {get_input: rabbit_password} + rabbit_ipv6: {get_input: rabbit_ipv6} # Redis redis::bind: {get_input: redis_network} + redis::requirepass: {get_input: redis_password} + redis::masterauth: {get_input: redis_password} + redis::sentinel_auth_pass: {get_input: redis_password} redis_vip: {get_input: redis_vip} # Firewall tripleo::firewall::manage_firewall: {get_input: manage_firewall} @@ -1598,11 +1705,54 @@ outputs: Server's IP address and hostname in the /etc/hosts format value: str_replace: - template: IP HOST.DOMAIN HOST + template: | + PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST + EXTERNALIP EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST + STORAGEIP STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST + TENANTIP TENANTHOST + MANAGEMENTIP MANAGEMENTHOST params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} + PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} - HOST: {get_attr: [Controller, name]} + PRIMARYHOST: {get_attr: [Controller, name]} + EXTERNALIP: {get_attr: [ExternalPort, ip_address]} + EXTERNALHOST: + list_join: + - '-' + - - {get_attr: [Controller, name]} + - external + INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} + INTERNAL_APIHOST: + list_join: + - '-' + - - {get_attr: [Controller, name]} + - internalapi + STORAGEIP: {get_attr: [StoragePort, ip_address]} + STORAGEHOST: + list_join: + - '-' + - - {get_attr: [Controller, name]} + - storage + STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} + STORAGE_MGMTHOST: + list_join: + - '-' + - - {get_attr: [Controller, name]} + - storagemgmt + TENANTIP: {get_attr: [TenantPort, ip_address]} + TENANTHOST: + list_join: + - '-' + - - {get_attr: [Controller, name]} + - tenant + MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} + MANAGEMENTHOST: + list_join: + - '-' + - - {get_attr: [Controller, name]} + - management nova_server_resource: description: Heat resource handle for the Nova compute server value: @@ -1613,14 +1763,14 @@ outputs: str_replace: template: 'r1z1-IP:%PORT%/d1' params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} + IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} swift_proxy_memcache: description: Swift proxy-memcache value value: str_replace: template: "IP:11211" params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} + IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} config_identifier: description: identifier which changes if the controller configuration may need re-applying value: diff --git a/puppet/deploy-artifacts.sh b/puppet/deploy-artifacts.sh new file mode 100644 index 00000000..22fde9a7 --- /dev/null +++ b/puppet/deploy-artifacts.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +TMP_DATA=$(mktemp -d) +function cleanup { + rm -Rf "$TMP_DATA" +} +trap cleanup EXIT + +if [ -n "$artifact_urls" ]; then + for URL in $(echo $artifact_urls | sed -e "s| |\n|g" | sort -u); do + curl -o $TMP_DATA/file_data "$artifact_urls" + if file -b $TMP_DATA/file_data | grep RPM &>/dev/null; then + yum install -y $TMP_DATA/file_data + elif file -b $TMP_DATA/file_data | grep 'gzip compressed data' &>/dev/null; then + pushd / + tar xvzf $TMP_DATA/file_data + popd + else + echo "ERROR: Unsupported file format." + exit 1 + fi + rm $TMP_DATA/file_data + done +else + echo "No artifact_urls was set. Skipping..." +fi diff --git a/puppet/deploy-artifacts.yaml b/puppet/deploy-artifacts.yaml new file mode 100644 index 00000000..17f84163 --- /dev/null +++ b/puppet/deploy-artifacts.yaml @@ -0,0 +1,32 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to install deployment artifacts (tarball's and/or + distribution packages) via HTTP URLs. The contents of the URL's can + be tarballs or distribution packages (RPMs). If a tarball URL is supplied + it is extracted onto the target node during deployment. If a package is + deployed it is installed from the supplied URL. Note, you need the + heat-config-script element built into your images, due to the script group + below. + +parameters: + DeployArtifactURLs: + default: [] + description: A list of HTTP URLs containing deployment artifacts. + Currently supports tarballs and RPM packages. + type: comma_delimited_list + +resources: + DeployArtifacts: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: artifact_urls + default: {list_join: [' ', {get_param: DeployArtifactURLs}]} + config: {get_file: ./deploy-artifacts.sh} + +outputs: + OS::stack_id: + description: The ID of the DeployArtifacts resource. + value: {get_resource: DeployArtifacts} diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml index 655fd0f2..71445800 100644 --- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml @@ -65,11 +65,18 @@ parameters: default: false NetworkNexusSwitchHeartbeatTime: type: number - description: Time interval to check the state of the Nexus device + description: > + Time interval to check the state of the Nexus device. The units of this + object are seconds. Setting this object to a value of 0 disables the + replay feature. default: 0 NetworkNexusSwitchReplayCount: type: number - description: Number of times to attempt config replay + description: > + This configuration item is OBSOLETE. The Nexus driver replay behavior + is to continue to attempt to connect to the down Nexus device with a + period equal to the heartbeat time interval. This was previously the + Number of times to attempt config replay. default: 3 NetworkNexusProviderVlanAutoCreate: type: boolean diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml index 7cefc24b..312d49a0 100644 --- a/puppet/extraconfig/ceph/ceph-external-config.yaml +++ b/puppet/extraconfig/ceph/ceph-external-config.yaml @@ -41,6 +41,9 @@ parameters: CephClientUserName: default: openstack type: string + CephIPv6: + default: False + type: boolean resources: CephClusterConfigImpl: @@ -54,7 +57,9 @@ resources: mapped_data: ceph_storage_count: {get_param: ceph_storage_count} enable_external_ceph: true - ceph::profile::params::mon_host: {get_param: ceph_external_mon_ips} + ceph_ipv6: {get_param: CephIPv6} + ceph_mon_host: {get_param: ceph_external_mon_ips} + ceph_mon_host_v6: {get_param: ceph_external_mon_ips} ceph::profile::params::fsid: {get_param: ceph_fsid} ceph::profile::params::client_keys: str_replace: @@ -72,11 +77,12 @@ resources: NOVA_POOL: {get_param: NovaRbdPoolName} CINDER_POOL: {get_param: CinderRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} + ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} cinder_rbd_pool_name: {get_param: CinderRbdPoolName} glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} - glance::backend::rbd::rbd_store_pool: {get_param: CephClientUserName} + glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName} nova::compute::rbd::rbd_keyring: list_join: - '.' diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml new file mode 100644 index 00000000..49c77190 --- /dev/null +++ b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml @@ -0,0 +1,45 @@ +heat_template_version: 2015-04-30 + +description: Configure hieradata for Big Switch agents on compute node + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + NeutronBigswitchAgentEnabled: + description: The state of the neutron-bsn-agent service. + type: boolean + default: false + NeutronBigswitchLLDPEnabled: + description: The state of the neutron-bsn-lldp service. + type: boolean + default: true + + +resources: + NeutronBigswitchConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + neutron_bigswitch_data: + mapped_data: + neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent} + neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp} + + NeutronBigswitchDeployment: + type: OS::Heat::StructuredDeployment + properties: + name: NeutronBigswitchDeployment + config: {get_resource: NeutronBigswitchConfig} + server: {get_param: server} + input_values: + neutron_enable_bigswitch_agent: {get_param: NeutronBigswitchAgentEnabled} + neutron_enable_bigswitch_lldp: {get_param: NeutronBigswitchLLDPEnabled} + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: {get_attr: [NeutronBigswitchDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml new file mode 100644 index 00000000..e496553a --- /dev/null +++ b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml @@ -0,0 +1,47 @@ +heat_template_version: 2015-04-30 + +description: Compute node hieradata for Neutron OpenContrail configuration + +parameters: + server: + description: ID of the compute node to apply this config to + type: string + ContrailApiServerIp: + description: IP address of the OpenContrail API server + type: string + ContrailApiServerPort: + description: Port of the OpenContrail API + type: string + default: 8082 + +resources: + ComputeContrailConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + neutron_opencontrail_data: + mapped_data: + nova::network::neutron::network_api_class: nova.network.neutronv2.api.API + + contrail::vrouter::provision_vrouter::api_address: {get_input: contrail_api_server_ip} + contrail::vrouter::provision_vrouter::api_port: {get_input: contrail_api_server_port} + contrail::vrouter::provision_vrouter::keystone_admin_user: admin + contrail::vrouter::provision_vrouter::keystone_admin_tenant_name: admin + contrail::vrouter::provision_vrouter::keystone_admin_password: '"%{::admin_password}"' + + ComputeContrailDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: ComputeContrailConfig} + server: {get_param: server} + input_values: + contrail_api_server_ip: {get_param: ContrailApiServerIp} + contrail_api_server_port: {get_param: ContrailApiServerPort} + +outputs: + deploy_stdout: + description: Output of the extra hiera data deployment + value: {get_attr: [ComputeContrailDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml index 905f196d..9b6981bb 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-11-12 +heat_template_version: 2015-10-15 description: Configure hieradata for Cinder Dell Storage Center configuration diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml index c73608f1..36db334e 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-11-06 +heat_template_version: 2015-10-15 description: Configure hieradata for Cinder Eqlx configuration diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml index 1e652960..467f57cc 100644 --- a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml +++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml @@ -44,7 +44,6 @@ resources: datafiles: neutron_bigswitch_data: mapped_data: - neutron_enable_bigswitch_ml2: true neutron::plugins::ml2::bigswitch::restproxy::servers: {get_input: restproxy_servers} neutron::plugins::ml2::bigswitch::restproxy::server_auth: {get_input: restproxy_server_auth} neutron::plugins::ml2::bigswitch::restproxy::auto_sync_on_failure: {get_input: restproxy_auto_sync_on_failure} diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml new file mode 100644 index 00000000..5c686fe7 --- /dev/null +++ b/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml @@ -0,0 +1,62 @@ +heat_template_version: 2015-04-30 + +description: Controller hieradata for Neutron OpenContrail configuration + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + ContrailApiServerIp: + description: IP address of the OpenContrail API server + type: string + ContrailApiServerPort: + description: Port of the OpenContrail API + type: string + default: 8082 + ContrailMultiTenancy: + description: Whether to enable multi tenancy + type: boolean + default: false + ContrailExtensions: + description: List of OpenContrail extensions to be enabled + type: comma_delimited_list + default: '' + +resources: + ControllerContrailConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + neutron_opencontrail_data: + mapped_data: + neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions + + neutron::plugins::opencontrail::api_server_ip: {get_input: contrail_api_server_ip} + neutron::plugins::opencontrail::api_server_port: {get_input: contrail_api_server_port} + neutron::plugins::opencontrail::multi_tenancy: {get_input: contrail_multi_tenancy} + neutron::plugins::opencontrail::contrail_extensions: {get_input: contrail_extensions} + neutron::plugins::opencontrail::keystone_auth_url: '"%{hiera(''keystone_auth_uri'')}"' + neutron::plugins::opencontrail::keystone_admin_user: admin + neutron::plugins::opencontrail::keystone_admin_tenant_name: admin + neutron::plugins::opencontrail::keystone_admin_password: '"%{hiera(''admin_password'')}"' + neutron::plugins::opencontrail::keystone_admin_token: '"%{hiera(''keystone::admin_token'')}"' + + ControllerContrailDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: ControllerContrailConfig} + server: {get_param: server} + input_values: + contrail_api_server_ip: {get_param: ContrailApiServerIp} + contrail_api_server_port: {get_param: ContrailApiServerPort} + contrail_multi_tenancy: {get_param: ContrailMultiTenancy} + contrail_extensions: {get_param: ContrailExtensions} + + +outputs: + deploy_stdout: + description: Output of the extra hiera data deployment + value: {get_attr: [ControllerContrailDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml index 5a36e951..f955034d 100644 --- a/puppet/extraconfig/tls/ca-inject.yaml +++ b/puppet/extraconfig/tls/ca-inject.yaml @@ -4,7 +4,7 @@ description: > This is a template which will inject the trusted anchor. parameters: - # Can be overriden via parameter_defaults in the environment + # Can be overridden via parameter_defaults in the environment SSLRootCertificate: description: > The content of a CA's SSL certificate file in PEM format. @@ -45,7 +45,7 @@ resources: cat > ${cacert_path} << EOF ${cacert_content} EOF - chmod 0440 ${cacert_path} + chmod 0444 ${cacert_path} chown root:root ${cacert_path} ${update_anchor_command} md5sum ${cacert_path} > ${heat_outputs_path}.root_cert_md5sum diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index 20bb3737..77b11378 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -5,7 +5,7 @@ description: > for the load balancer using the given parameters. parameters: - # Can be overriden via parameter_defaults in the environment + # Can be overridden via parameter_defaults in the environment SSLCertificate: description: > The content of the SSL certificate (without Key) in PEM format. @@ -21,7 +21,7 @@ parameters: type: string hidden: true - # Can be overriden by parameter_defaults if the user wants to try deploying + # Can be overridden by parameter_defaults if the user wants to try deploying # this in a distro that doesn't support this path. DeployedSSLCertificatePath: default: '/etc/pki/tls/private/overcloud_endpoint.pem' diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml index b4b51abf..98cec364 100644 --- a/puppet/hieradata/common.yaml +++ b/puppet/hieradata/common.yaml @@ -3,17 +3,18 @@ ssh::server::storeconfigs_enabled: false # ceilometer settings used by compute and controller ceilo auth settings ceilometer::agent::auth::auth_region: 'regionOne' -# FIXME: Might be better to use 'service' tenant here but this requires -# changes in the tripleo-incubator keystone role setup -ceilometer::agent::auth::auth_tenant_name: 'admin' +ceilometer::agent::auth::auth_tenant_name: 'service' nova::api::admin_tenant_name: 'service' -nova::network::neutron::neutron_admin_tenant_name: 'service' -nova::network::neutron::neutron_admin_username: 'neutron' +nova::network::neutron::neutron_project_name: 'service' +nova::network::neutron::neutron_username: 'neutron' nova::network::neutron::dhcp_domain: '' neutron::allow_overlapping_ips: true +kernel_modules: + nf_conntrack: {} + sysctl_settings: net.ipv4.tcp_keepalive_intvl: value: 1 @@ -21,6 +22,17 @@ sysctl_settings: value: 5 net.ipv4.tcp_keepalive_time: value: 5 + net.nf_conntrack_max: + value: 500000 + net.netfilter.nf_conntrack_max: + value: 500000 + # prevent neutron bridges from autoconfiguring ipv6 addresses + net.ipv6.conf.default.accept_ra: + value: 0 + net.ipv6.conf.default.autoconf: + value: 0 + net.core.netdev_max_backlog: + value: 10000 nova::rabbit_heartbeat_timeout_threshold: 60 neutron::rabbit_heartbeat_timeout_threshold: 60 diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index fa8dcc81..865210c9 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -1,13 +1,12 @@ # Hiera data here applies to all compute nodes nova::notify_on_state_change: 'vm_and_task_state' - +nova::notification_driver: messagingv2 nova::compute::enabled: true nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' nova::compute::vnc_enabled: true -nova::compute::libvirt::vncserver_listen: '0.0.0.0' nova::compute::libvirt::migration_support: true nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index 06be40e4..288d224f 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -1,4 +1,5 @@ # Hiera data here applies to all controller nodes + nova::api::enabled: true nova::conductor::enabled: true nova::consoleauth::enabled: true @@ -29,6 +30,9 @@ redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}" redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}" redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' +# keystone +keystone::roles::admin::email: 'root@localhost' + # service tenant glance::api::keystone_tenant: 'service' glance::registry::keystone_tenant: 'service' @@ -52,6 +56,8 @@ keystone::config::keystone_config: value: 'HTTP_X_FORWARDED_PROTO' ec2/driver: value: 'keystone.contrib.ec2.backends.sql.Ec2' +keystone::service_name: 'httpd' +keystone::wsgi::apache::ssl: false #swift swift::proxy::pipeline: @@ -85,9 +91,11 @@ neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf nova::notify_on_state_change: 'vm_and_task_state' nova::api::default_floating_pool: 'public' nova::api::osapi_v3: true +nova::api::sync_db_api: true nova::scheduler::filter::ram_allocation_ratio: '1.0' nova::cron::archive_deleted_rows::hour: '*/12' nova::cron::archive_deleted_rows::destination: '/dev/null' +nova::notification_driver: messaging # ceilometer ceilometer::agent::auth::auth_endpoint_type: 'internalURL' @@ -95,11 +103,20 @@ ceilometer::agent::auth::auth_endpoint_type: 'internalURL' # cinder cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler cinder::cron::db_purge::destination: '/dev/null' +cinder::host: hostgroup +cinder_user_enabled_backends: [] # heat heat::engine::configure_delegated_roles: false heat::engine::trusts_delegated_roles: [] heat::instance_user: '' +heat::cron::purge_deleted::age: 30 +heat::cron::purge_deleted::age_type: 'days' +heat::cron::purge_deleted::maxdelay: 3600 +heat::cron::purge_deleted::destination: '/dev/null' +heat::keystone::domain::domain_name: 'heat_stack' +heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' +heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' # pacemaker pacemaker::corosync::cluster_name: 'tripleo_cluster' diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml index 89577505..61714691 100644 --- a/puppet/hieradata/database.yaml +++ b/puppet/hieradata/database.yaml @@ -6,6 +6,13 @@ nova::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" +nova::db::mysql_api::user: nova_api +nova::db::mysql_api::host: "%{hiera('mysql_virtual_ip')}" +nova::db::mysql_api::dbname: nova_api +nova::db::mysql_api::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + # Glance glance::db::mysql::user: glance glance::db::mysql::host: "%{hiera('mysql_virtual_ip')}" diff --git a/puppet/hieradata/volume.yaml b/puppet/hieradata/volume.yaml index f4cd78a9..8640c0a7 100644 --- a/puppet/hieradata/volume.yaml +++ b/puppet/hieradata/volume.yaml @@ -9,4 +9,6 @@ cinder::config::cinder_config: DEFAULT/swift_catalog_info: value: 'object-store:swift:internalURL' +cinder_user_enabled_backends: [] + volume_classes: []
\ No newline at end of file diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index 1d801adc..fd7faff1 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -16,7 +16,9 @@ include ::tripleo::packages include ::tripleo::firewall +create_resources(kmod::load, hiera('kernel_modules'), {}) create_resources(sysctl::value, hiera('sysctl_settings'), {}) +Exec <| tag == 'kmod::load' |> -> Sysctl <| |> if count(hiera('ntp::servers')) > 0 { include ::ntp @@ -38,6 +40,14 @@ if str2bool(hiera('ceph_osd_selinux_permissive', true)) { } -> Class['ceph::profile::osd'] } +if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') +} else { + $mon_host = hiera('ceph_mon_host') +} +class { '::ceph::profile::params': + mon_host => $mon_host, +} include ::ceph::conf include ::ceph::profile::client include ::ceph::profile::osd diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 4b0f98e4..b7f65f53 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -16,7 +16,9 @@ include ::tripleo::packages include ::tripleo::firewall +create_resources(kmod::load, hiera('kernel_modules'), {}) create_resources(sysctl::value, hiera('sysctl_settings'), {}) +Exec <| tag == 'kmod::load' |> -> Sysctl <| |> if count(hiera('ntp::servers')) > 0 { include ::ntp @@ -51,14 +53,17 @@ include ::nova include ::nova::config include ::nova::compute -nova_config { - 'DEFAULT/my_ip': value => $ipaddress; - 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; -} - $rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) $rbd_persistent_storage = hiera('rbd_persistent_storage', false) if $rbd_ephemeral_storage or $rbd_persistent_storage { + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } + class { '::ceph::profile::params': + mon_host => $mon_host, + } include ::ceph::conf include ::ceph::profile::client @@ -80,7 +85,42 @@ if hiera('cinder_enable_nfs_backend', false) { package {'nfs-utils': } -> Service['nova-compute'] } -include ::nova::compute::libvirt +if str2bool(hiera('nova::use_ipv6', false)) { + $vncserver_listen = '::0' +} else { + $vncserver_listen = '0.0.0.0' +} +class { '::nova::compute::libvirt' : + vncserver_listen => $vncserver_listen, +} + +# TUNNELLED mode provides a security enhancement when using shared storage but is not +# supported when not using shared storage. +# See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 +if $rbd_ephemeral_storage { + $block_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED, VIR_MIGRATE_NON_SHARED_INC' + $live_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED' +} else { + $block_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_NON_SHARED_INC' + $live_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE' +} + +nova_config { + 'DEFAULT/my_ip': value => $ipaddress; + 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; + 'DEFAULT/host': value => $fqdn; + # In future versions of Nova, the live/block migration flags will be deprecated [1]. + # Tunnelling (encryption) will be handled via a single _new_ Nova + # config attribute 'live_migration_tunnelled'[2], thus + # avoiding users to have to supply libvirt flags. + # In future versions of QEMU (2.6, mostly), Dan's native encryption + # work will obsolete the need to use TUNNELLED transport mode. + # [1] https://review.openstack.org/#/c/263436/ + # [2] https://review.openstack.org/#/c/263434/ + 'libvirt/block_migration_flag': value => $block_migration_flag; + 'libvirt/live_migration_flag': value => $live_migration_flag; +} + if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { file {'/etc/libvirt/qemu.conf': ensure => present, @@ -118,6 +158,15 @@ elsif hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV cassandra_seeds => $cassandra_node_ips } } +elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { + + include ::contrail::vrouter + # NOTE: it's not possible to use this class without a functional + # contrail controller up and running + #class {'::contrail::vrouter::provision_vrouter': + # require => Class['contrail::vrouter'], + #} +} else { include ::neutron::plugins::ml2 @@ -129,8 +178,15 @@ else { n1kv_version => hiera('n1kv_vem_version', undef), } } + + if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { + include ::neutron::agents::bigswitch + } } +neutron_config { + 'DEFAULT/host': value => $fqdn; +} include ::ceilometer include ::ceilometer::config @@ -144,7 +200,7 @@ snmp::snmpv3_user { $snmpd_user: } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('compute_classes') diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 38676b9d..5556a40c 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -20,7 +20,9 @@ $enable_load_balancer = hiera('enable_load_balancer', true) if hiera('step') >= 1 { + create_resources(kmod::load, hiera('kernel_modules'), {}) create_resources(sysctl::value, hiera('sysctl_settings'), {}) + Exec <| tag == 'kmod::load' |> -> Sysctl <| |> $controller_node_ips = split(hiera('controller_node_ips'), ',') @@ -46,14 +48,24 @@ if hiera('step') >= 2 { include ::mongodb::globals include ::mongodb::client include ::mongodb::server - $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') + # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and + # without the brackets as 'members' argument for the 'mongodb_replset' + # resource. + if str2bool(hiera('mongodb::server::ipv6', false)) { + $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[') + $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + } else { + $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + } $mongo_node_string = join($mongo_node_ips_with_port, ',') $mongodb_replset = hiera('mongodb::server::replset') $ceilometer_mongodb_conn_string = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" if downcase(hiera('bootstrap_nodeid')) == $::hostname { mongodb_replset { $mongodb_replset : - members => $mongo_node_ips_with_port, + members => $mongo_node_ips_with_port_nobr, } } } @@ -83,11 +95,15 @@ if hiera('step') >= 2 { $mysql_config_file = '/etc/my.cnf.d/server.cnf' } # TODO Galara + # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we + # set bind-address to a hostname instead of an ip address; to move Mysql + # from internal_api on another network we'll have to customize both + # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap class { '::mysql::server': config_file => $mysql_config_file, override_options => { 'mysqld' => { - 'bind-address' => hiera('mysql_bind_host'), + 'bind-address' => $::hostname, 'max_connections' => hiera('mysql_max_connections'), 'open_files_limit' => '-1', }, @@ -100,6 +116,7 @@ if hiera('step') >= 2 { include ::keystone::db::mysql include ::glance::db::mysql include ::nova::db::mysql + include ::nova::db::mysql_api include ::neutron::db::mysql include ::cinder::db::mysql include ::heat::db::mysql @@ -110,13 +127,23 @@ if hiera('step') >= 2 { $rabbit_nodes = hiera('rabbit_node_ips') if count($rabbit_nodes) > 1 { + + $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false)) + if $rabbit_ipv6 { + $rabbit_env = merge(hiera('rabbitmq_environment'), { + 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"' + }) + } else { + $rabbit_env = hiera('rabbitmq_environment') + } + class { '::rabbitmq': config_cluster => true, cluster_nodes => $rabbit_nodes, tcp_keepalive => false, config_kernel_variables => hiera('rabbitmq_kernel_variables'), config_variables => hiera('rabbitmq_config_variables'), - environment_variables => hiera('rabbitmq_environment'), + environment_variables => $rabbit_env, } rabbitmq_policy { 'ha-all@/': pattern => '^(?!amq\.).*', @@ -134,8 +161,15 @@ if hiera('step') >= 2 { $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) if $enable_ceph { + $mon_initial_members = downcase(hiera('ceph_mon_initial_members')) + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } class { '::ceph::profile::params': - mon_initial_members => downcase(hiera('ceph_mon_initial_members')), + mon_initial_members => $mon_initial_members, + mon_host => $mon_host, } include ::ceph::conf include ::ceph::profile::mon @@ -161,6 +195,14 @@ if hiera('step') >= 2 { } if str2bool(hiera('enable_external_ceph', false)) { + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } + class { '::ceph::profile::params': + mon_host => $mon_host, + } include ::ceph::conf include ::ceph::profile::client } @@ -173,6 +215,7 @@ if hiera('step') >= 3 { include ::keystone::config include ::keystone::roles::admin include ::keystone::endpoint + include ::keystone::wsgi::apache #TODO: need a cleanup-keystone-tokens.sh solution here @@ -214,13 +257,14 @@ if hiera('step') >= 3 { $http_store = ['glance.store.http.Store'] $glance_store = concat($http_store, $backend_store) - # TODO: notifications, scrubber, etc. + # TODO: scrubber and other additional optional features include ::glance include ::glance::config class { '::glance::api': known_stores => $glance_store, } include ::glance::registry + include ::glance::notify::rabbitmq include join(['::glance::backend::', $glance_backend]) class { '::nova' : @@ -292,11 +336,13 @@ if hiera('step') >= 3 { include ::neutron::server include ::neutron::server::notifications - # If the value of core plugin is set to 'nuage', - # include nuage core plugin, and it does not + # If the value of core plugin is set to 'nuage' or 'opencontrail', + # include nuage or opencontrail core plugins, and it does not # need the l3, dhcp and metadata agents if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { include ::neutron::plugins::nuage + } elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { + include ::neutron::plugins::opencontrail } else { include ::neutron::agents::l3 include ::neutron::agents::dhcp @@ -347,8 +393,9 @@ if hiera('step') >= 3 { include ::neutron::plugins::ml2::cisco::type_nexus_vxlan } - if hiera('neutron_enable_bigswitch_ml2', false) { + if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { include ::neutron::plugins::ml2::bigswitch::restproxy + include ::neutron::agents::bigswitch } neutron_l3_agent_config { 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); @@ -366,10 +413,12 @@ if hiera('step') >= 3 { include ::cinder include ::cinder::config + include ::tripleo::ssl::cinder_config include ::cinder::api include ::cinder::glance include ::cinder::scheduler include ::cinder::volume + include ::cinder::ceilometer class { '::cinder::setup_test_volume': size => join([hiera('cinder_lvm_loop_device_size'), 'M']), } @@ -413,10 +462,6 @@ if hiera('step') >= 3 { if hiera('cinder_enable_eqlx_backend', false) { $cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name') - cinder_config { - "${cinder_eqlx_backend}/host": value => 'hostgroup'; - } - cinder::backend::eqlx { $cinder_eqlx_backend : volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef), san_ip => hiera('cinder::backend::eqlx::san_ip', undef), @@ -424,7 +469,7 @@ if hiera('step') >= 3 { san_password => hiera('cinder::backend::eqlx::san_password', undef), san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef), eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef), - eqlx_pool => hiera('cinder::backend::eqlx::eqlx_lpool', undef), + eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef), eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef), eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef), eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef), @@ -434,10 +479,6 @@ if hiera('step') >= 3 { if hiera('cinder_enable_dellsc_backend', false) { $cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name') - cinder_config { - "${cinder_dellsc_backend}/host": value => 'hostgroup'; - } - cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend : volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef), san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef), @@ -446,7 +487,7 @@ if hiera('step') >= 3 { dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef), iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef), iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef), - dell_sc_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_port', undef), + dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef), dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef), dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef), } @@ -455,10 +496,6 @@ if hiera('step') >= 3 { if hiera('cinder_enable_netapp_backend', false) { $cinder_netapp_backend = hiera('cinder::backend::netapp::title') - cinder_config { - "${cinder_netapp_backend}/host": value => 'hostgroup'; - } - if hiera('cinder::backend::netapp::nfs_shares', undef) { $cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',') } @@ -507,7 +544,7 @@ if hiera('step') >= 3 { $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend]) class { '::cinder::backends' : - enabled_backends => $cinder_enabled_backends, + enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), } # swift proxy @@ -567,7 +604,9 @@ if hiera('step') >= 3 { Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" } # Heat - include ::heat + class { '::heat' : + notification_driver => 'messaging', + } include ::heat::config include ::heat::api include ::heat::api_cfn @@ -599,7 +638,7 @@ if hiera('step') >= 3 { } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('controller_classes') @@ -610,6 +649,7 @@ if hiera('step') >= 4 { $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true) $nova_enable_db_purge = hiera('nova_enable_db_purge', true) $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) + $heat_enable_db_purge = hiera('heat_enable_db_purge', true) if $keystone_enable_db_purge { include ::keystone::cron::token_flush @@ -620,6 +660,26 @@ if hiera('step') >= 4 { if $cinder_enable_db_purge { include ::cinder::cron::db_purge } + if $heat_enable_db_purge { + include ::heat::cron::purge_deleted + } + + if downcase(hiera('bootstrap_nodeid')) == $::hostname { + include ::keystone::roles::admin + # Class ::heat::keystone::domain has to run on bootstrap node + # because it creates DB entities via API calls. + include ::heat::keystone::domain + + Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain'] + } else { + # On non-bootstrap node we don't need to create Keystone resources again + class { '::heat::keystone::domain': + manage_domain => false, + manage_user => false, + manage_role => false, + } + } + } #END STEP 4 $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 7d5612fe..db3d8652 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -34,12 +34,14 @@ $enable_load_balancer = hiera('enable_load_balancer', true) # When to start and enable services which haven't been Pacemakerized # FIXME: remove when we start all OpenStack services using Pacemaker -# (occurences of this variable will be gradually replaced with false) +# (occurrences of this variable will be gradually replaced with false) $non_pcmk_start = hiera('step') >= 4 if hiera('step') >= 1 { + create_resources(kmod::load, hiera('kernel_modules'), {}) create_resources(sysctl::value, hiera('sysctl_settings'), {}) + Exec <| tag == 'kmod::load' |> -> Sysctl <| |> include ::timezone @@ -60,6 +62,12 @@ if hiera('step') >= 1 { } $pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G')) + $corosync_ipv6 = str2bool(hiera('corosync_ipv6', false)) + if $corosync_ipv6 { + $cluster_setup_extras = { '--ipv6' => '' } + } else { + $cluster_setup_extras = {} + } user { 'hacluster': ensure => present, } -> @@ -67,8 +75,9 @@ if hiera('step') >= 1 { hacluster_pwd => hiera('hacluster_pwd'), } -> class { '::pacemaker::corosync': - cluster_members => $pacemaker_cluster_members, - setup_cluster => $pacemaker_master, + cluster_members => $pacemaker_cluster_members, + setup_cluster => $pacemaker_master, + cluster_setup_extras => $cluster_setup_extras, } class { '::pacemaker::stonith': disable => !$enable_fencing, @@ -91,12 +100,21 @@ if hiera('step') >= 1 { # avoid races where non-master nodes attempt to start without # config (eg. binding on 0.0.0.0) # The module ignores erlang_cookie if cluster_config is false + $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false)) + if $rabbit_ipv6 { + $rabbit_env = merge(hiera('rabbitmq_environment'), { + 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"' + }) + } else { + $rabbit_env = hiera('rabbitmq_environment') + } + class { '::rabbitmq': service_manage => false, tcp_keepalive => false, config_kernel_variables => hiera('rabbitmq_kernel_variables'), config_variables => hiera('rabbitmq_config_variables'), - environment_variables => hiera('rabbitmq_environment'), + environment_variables => $rabbit_env, } -> file { '/var/lib/rabbitmq/.erlang.cookie': ensure => file, @@ -135,6 +153,11 @@ if hiera('step') >= 1 { $galera_nodes = downcase(hiera('galera_node_names', $::hostname)) $galera_nodes_count = count(split($galera_nodes, ',')) + # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we + # set bind-address to a hostname instead of an ip address; to move Mysql + # from internal_api on another network we'll have to customize both + # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap + $mysql_bind_host = hiera('mysql_bind_host') $mysqld_options = { 'mysqld' => { 'skip-name-resolve' => '1', @@ -144,7 +167,7 @@ if hiera('step') >= 1 { 'innodb_locks_unsafe_for_binlog'=> '1', 'query_cache_size' => '0', 'query_cache_type' => '0', - 'bind-address' => hiera('mysql_bind_host'), + 'bind-address' => $::hostname, 'max_connections' => hiera('mysql_max_connections'), 'open_files_limit' => '-1', 'wsrep_provider' => '/usr/lib64/galera/libgalera_smm.so', @@ -160,6 +183,7 @@ if hiera('step') >= 1 { 'wsrep_drupal_282555_workaround'=> '0', 'wsrep_causal_reads' => '0', 'wsrep_sst_method' => 'rsync', + 'wsrep_provider_options' => "gmcast.listen_addr=tcp://[${mysql_bind_host}]:4567;", }, } @@ -178,8 +202,19 @@ if hiera('step') >= 1 { if hiera('step') >= 2 { # NOTE(gfidente): the following vars are needed on all nodes so they - # need to stay out of pacemaker_master conditional - $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') + # need to stay out of pacemaker_master conditional. + # The addresses mangling will hopefully go away when we'll be able to + # configure the connection string via hostnames, until then, we need to pass + # the list of IPv6 addresses *with* port and without the brackets as 'members' + # argument for the 'mongodb_replset' resource. + if str2bool(hiera('mongodb::server::ipv6', false)) { + $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[') + $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + } else { + $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017') + $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017') + } $mongodb_replset = hiera('mongodb::server::replset') if $pacemaker_master { @@ -188,6 +223,11 @@ if hiera('step') >= 2 { include ::pacemaker::resource_defaults + # Create an openstack-core dummy resource. See RHBZ 1290121 + pacemaker::resource::ocf { 'openstack-core': + ocf_agent_name => 'heartbeat:Dummy', + clone_params => true, + } # FIXME: we should not have to access tripleo::loadbalancer class # parameters here to configure pacemaker VIPs. The configuration # of pacemaker VIPs could move into puppet-tripleo or we should @@ -197,8 +237,14 @@ if hiera('step') >= 2 { } $control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip') + if is_ipv6_address($control_vip) { + $control_vip_netmask = '64' + } else { + $control_vip_netmask = '32' + } pacemaker::resource::ip { 'control_vip': - ip_address => $control_vip, + ip_address => $control_vip, + cidr_netmask => $control_vip_netmask, } pacemaker::constraint::base { 'control_vip-then-haproxy': constraint_type => 'order', @@ -219,9 +265,15 @@ if hiera('step') >= 2 { } $public_vip = hiera('tripleo::loadbalancer::public_virtual_ip') + if is_ipv6_address($public_vip) { + $public_vip_netmask = '64' + } else { + $public_vip_netmask = '32' + } if $public_vip and $public_vip != $control_vip { pacemaker::resource::ip { 'public_vip': - ip_address => $public_vip, + ip_address => $public_vip, + cidr_netmask => $public_vip_netmask, } pacemaker::constraint::base { 'public_vip-then-haproxy': constraint_type => 'order', @@ -243,9 +295,15 @@ if hiera('step') >= 2 { } $redis_vip = hiera('redis_vip') + if is_ipv6_address($redis_vip) { + $redis_vip_netmask = '64' + } else { + $redis_vip_netmask = '32' + } if $redis_vip and $redis_vip != $control_vip { pacemaker::resource::ip { 'redis_vip': - ip_address => $redis_vip, + ip_address => $redis_vip, + cidr_netmask => $redis_vip_netmask, } pacemaker::constraint::base { 'redis_vip-then-haproxy': constraint_type => 'order', @@ -267,9 +325,15 @@ if hiera('step') >= 2 { } $internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip') + if is_ipv6_address($internal_api_vip) { + $internal_api_vip_netmask = '64' + } else { + $internal_api_vip_netmask = '32' + } if $internal_api_vip and $internal_api_vip != $control_vip { pacemaker::resource::ip { 'internal_api_vip': - ip_address => $internal_api_vip, + ip_address => $internal_api_vip, + cidr_netmask => $internal_api_vip_netmask, } pacemaker::constraint::base { 'internal_api_vip-then-haproxy': constraint_type => 'order', @@ -291,9 +355,15 @@ if hiera('step') >= 2 { } $storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip') + if is_ipv6_address($storage_vip) { + $storage_vip_netmask = '64' + } else { + $storage_vip_netmask = '32' + } if $storage_vip and $storage_vip != $control_vip { pacemaker::resource::ip { 'storage_vip': - ip_address => $storage_vip, + ip_address => $storage_vip, + cidr_netmask => $storage_vip_netmask, } pacemaker::constraint::base { 'storage_vip-then-haproxy': constraint_type => 'order', @@ -315,9 +385,15 @@ if hiera('step') >= 2 { } $storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip') + if is_ipv6_address($storage_mgmt_vip) { + $storage_mgmt_vip_netmask = '64' + } else { + $storage_mgmt_vip_netmask = '32' + } if $storage_mgmt_vip and $storage_mgmt_vip != $control_vip { pacemaker::resource::ip { 'storage_mgmt_vip': - ip_address => $storage_mgmt_vip, + ip_address => $storage_mgmt_vip, + cidr_netmask => $storage_mgmt_vip_netmask, } pacemaker::constraint::base { 'storage_mgmt_vip-then-haproxy': constraint_type => 'order', @@ -349,6 +425,7 @@ if hiera('step') >= 2 { ocf_agent_name => 'heartbeat:rabbitmq-cluster', resource_params => 'set_policy=\'ha-all ^(?!amq\.).* {"ha-mode":"all"}\'', clone_params => 'ordered=true interleave=true', + meta_params => 'notify=true', require => Class['::rabbitmq'], } @@ -366,7 +443,7 @@ if hiera('step') >= 2 { before => Mongodb_replset[$mongodb_replset], } mongodb_replset { $mongodb_replset : - members => $mongo_node_ips_with_port, + members => $mongo_node_ips_with_port_nobr, } } @@ -430,6 +507,9 @@ MYSQL_HOST=localhost\n", class { '::nova::db::mysql': require => Exec['galera-ready'], } + class { '::nova::db::mysql_api': + require => Exec['galera-ready'], + } class { '::neutron::db::mysql': require => Exec['galera-ready'], } @@ -458,8 +538,15 @@ MYSQL_HOST=localhost\n", $enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false) if $enable_ceph { + $mon_initial_members = downcase(hiera('ceph_mon_initial_members')) + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } class { '::ceph::profile::params': - mon_initial_members => downcase(hiera('ceph_mon_initial_members')), + mon_initial_members => $mon_initial_members, + mon_host => $mon_host, } include ::ceph::conf include ::ceph::profile::mon @@ -485,6 +572,14 @@ MYSQL_HOST=localhost\n", } if str2bool(hiera('enable_external_ceph', false)) { + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } + class { '::ceph::profile::params': + mon_host => $mon_host, + } include ::ceph::conf include ::ceph::profile::client } @@ -495,9 +590,10 @@ MYSQL_HOST=localhost\n", if hiera('step') >= 3 { class { '::keystone': - sync_db => $sync_db, - manage_service => false, - enabled => false, + sync_db => $sync_db, + manage_service => false, + enabled => false, + enable_bootstrap => $pacemaker_master, } include ::keystone::config @@ -565,16 +661,25 @@ if hiera('step') >= 3 { manage_service => false, enabled => false, } + include ::glance::notify::rabbitmq include join(['::glance::backend::', $glance_backend]) + $nova_ipv6 = hiera('nova::use_ipv6', false) + if $nova_ipv6 { + $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211') + } else { + $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211') + } + class { '::nova' : - memcached_servers => suffix(hiera('memcache_node_ips'), ':11211'), + memcached_servers => $memcached_servers } include ::nova::config class { '::nova::api' : sync_db => $sync_db, + sync_db_api => $sync_db, manage_service => false, enabled => false, } @@ -662,6 +767,9 @@ if hiera('step') >= 3 { if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' { include ::neutron::plugins::nuage } + if hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { + include ::neutron::plugins::opencontrail + } if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { class {'::neutron::plugins::midonet': midonet_api_ip => hiera('tripleo::loadbalancer::public_virtual_ip'), @@ -721,8 +829,9 @@ if hiera('step') >= 3 { } } - if hiera('neutron_enable_bigswitch_ml2', false) { + if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { include ::neutron::plugins::ml2::bigswitch::restproxy + include ::neutron::agents::bigswitch } neutron_l3_agent_config { 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); @@ -730,9 +839,13 @@ if hiera('step') >= 3 { neutron_dhcp_agent_config { 'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false); } + neutron_config { + 'DEFAULT/notification_driver': value => 'messaging'; + } include ::cinder include ::cinder::config + include ::tripleo::ssl::cinder_config class { '::cinder::api': sync_db => $sync_db, manage_service => false, @@ -747,6 +860,7 @@ if hiera('step') >= 3 { enabled => false, } include ::cinder::glance + include ::cinder::ceilometer class { '::cinder::setup_test_volume': size => join([hiera('cinder_lvm_loop_device_size'), 'M']), } @@ -790,10 +904,6 @@ if hiera('step') >= 3 { if hiera('cinder_enable_eqlx_backend', false) { $cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name') - cinder_config { - "${cinder_eqlx_backend}/host": value => 'hostgroup'; - } - cinder::backend::eqlx { $cinder_eqlx_backend : volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef), san_ip => hiera('cinder::backend::eqlx::san_ip', undef), @@ -801,7 +911,7 @@ if hiera('step') >= 3 { san_password => hiera('cinder::backend::eqlx::san_password', undef), san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef), eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef), - eqlx_pool => hiera('cinder::backend::eqlx::eqlx_lpool', undef), + eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef), eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef), eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef), eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef), @@ -811,10 +921,6 @@ if hiera('step') >= 3 { if hiera('cinder_enable_dellsc_backend', false) { $cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name') - cinder_config { - "${cinder_dellsc_backend}/host": value => 'hostgroup'; - } - cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend : volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef), san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef), @@ -823,7 +929,7 @@ if hiera('step') >= 3 { dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef), iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef), iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef), - dell_sc_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_port', undef), + dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef), dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef), dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef), } @@ -832,10 +938,6 @@ if hiera('step') >= 3 { if hiera('cinder_enable_netapp_backend', false) { $cinder_netapp_backend = hiera('cinder::backend::netapp::title') - cinder_config { - "${cinder_netapp_backend}/host": value => 'hostgroup'; - } - if hiera('cinder::backend::netapp::nfs_shares', undef) { $cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',') } @@ -884,7 +986,7 @@ if hiera('step') >= 3 { $cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend]) class { '::cinder::backends' : - enabled_backends => $cinder_enabled_backends, + enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), } class { '::sahara': @@ -985,7 +1087,8 @@ if hiera('step') >= 3 { # Heat include ::heat::config class { '::heat' : - sync_db => $sync_db, + sync_db => $sync_db, + notification_driver => 'messaging', } class { '::heat::api' : manage_service => false, @@ -1010,6 +1113,7 @@ if hiera('step') >= 3 { service_enable => false, # service_manage => false, # <-- not supported with horizon&apache mod_wsgi? } + include ::keystone::wsgi::apache include ::apache::mod::status if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { $_profile_support = 'cisco' @@ -1029,7 +1133,7 @@ if hiera('step') >= 3 { } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('controller_classes') @@ -1040,6 +1144,7 @@ if hiera('step') >= 4 { $keystone_enable_db_purge = hiera('keystone_enable_db_purge', true) $nova_enable_db_purge = hiera('nova_enable_db_purge', true) $cinder_enable_db_purge = hiera('cinder_enable_db_purge', true) + $heat_enable_db_purge = hiera('heat_enable_db_purge', true) if $keystone_enable_db_purge { include ::keystone::cron::token_flush @@ -1050,60 +1155,65 @@ if hiera('step') >= 4 { if $cinder_enable_db_purge { include ::cinder::cron::db_purge } + if $heat_enable_db_purge { + include ::heat::cron::purge_deleted + } if $pacemaker_master { - # Keystone - pacemaker::resource::service { $::keystone::params::service_name : - clone_params => 'interleave=true', - verify_on_create => true, - require => [File['/etc/keystone/ssl/certs/ca.pem'], - File['/etc/keystone/ssl/private/signing_key.pem'], - File['/etc/keystone/ssl/certs/signing_cert.pem']], - } if $enable_load_balancer { pacemaker::constraint::base { 'haproxy-then-keystone-constraint': constraint_type => 'order', first_resource => 'haproxy-clone', - second_resource => "${::keystone::params::service_name}-clone", + second_resource => 'openstack-core-clone', first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Service['haproxy'], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Ocf['openstack-core']], } } + + pacemaker::constraint::base { 'openstack-core-then-httpd-constraint': + constraint_type => 'order', + first_resource => 'openstack-core-clone', + second_resource => "${::apache::params::service_name}-clone", + first_action => 'start', + second_action => 'start', + require => [Pacemaker::Resource::Service[$::apache::params::service_name], + Pacemaker::Resource::Ocf['openstack-core']], + } pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint': constraint_type => 'order', first_resource => 'rabbitmq-clone', - second_resource => "${::keystone::params::service_name}-clone", + second_resource => 'openstack-core-clone', first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Ocf['rabbitmq'], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Ocf['openstack-core']], } - pacemaker::constraint::base { 'memcached-then-keystone-constraint': + pacemaker::constraint::base { 'memcached-then-openstack-core-constraint': constraint_type => 'order', first_resource => 'memcached-clone', - second_resource => "${::keystone::params::service_name}-clone", + second_resource => 'openstack-core-clone', first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Service['memcached'], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Ocf['openstack-core']], } - pacemaker::constraint::base { 'galera-then-keystone-constraint': + pacemaker::constraint::base { 'galera-then-openstack-core-constraint': constraint_type => 'order', first_resource => 'galera-master', - second_resource => "${::keystone::params::service_name}-clone", + second_resource => 'openstack-core-clone', first_action => 'promote', second_action => 'start', require => [Pacemaker::Resource::Ocf['galera'], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Ocf['openstack-core']], } # Cinder pacemaker::resource::service { $::cinder::params::api_service : clone_params => 'interleave=true', - require => Pacemaker::Resource::Service[$::keystone::params::service_name], + require => Pacemaker::Resource::Ocf['openstack-core'], } pacemaker::resource::service { $::cinder::params::scheduler_service : clone_params => 'interleave=true', @@ -1112,12 +1222,12 @@ if hiera('step') >= 4 { pacemaker::constraint::base { 'keystone-then-cinder-api-constraint': constraint_type => 'order', - first_resource => "${::keystone::params::service_name}-clone", + first_resource => 'openstack-core-clone', second_resource => "${::cinder::params::api_service}-clone", first_action => 'start', second_action => 'start', - require => [Pacemaker::Resource::Service[$::cinder::params::api_service], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + require => [Pacemaker::Resource::Ocf['openstack-core'], + Pacemaker::Resource::Service[$::cinder::params::api_service]], } pacemaker::constraint::base { 'cinder-api-then-cinder-scheduler-constraint': constraint_type => 'order', @@ -1155,25 +1265,25 @@ if hiera('step') >= 4 { # Sahara pacemaker::resource::service { $::sahara::params::api_service_name : clone_params => 'interleave=true', - require => Pacemaker::Resource::Service[$::keystone::params::service_name], + require => Pacemaker::Resource::Ocf['openstack-core'], } pacemaker::resource::service { $::sahara::params::engine_service_name : clone_params => 'interleave=true', } pacemaker::constraint::base { 'keystone-then-sahara-api-constraint': constraint_type => 'order', - first_resource => "${::keystone::params::service_name}-clone", + first_resource => 'openstack-core-clone', second_resource => "${::sahara::params::api_service_name}-clone", first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Ocf['openstack-core']], } # Glance pacemaker::resource::service { $::glance::params::registry_service_name : clone_params => 'interleave=true', - require => Pacemaker::Resource::Service[$::keystone::params::service_name], + require => Pacemaker::Resource::Ocf['openstack-core'], } pacemaker::resource::service { $::glance::params::api_service_name : clone_params => 'interleave=true', @@ -1181,12 +1291,12 @@ if hiera('step') >= 4 { pacemaker::constraint::base { 'keystone-then-glance-registry-constraint': constraint_type => 'order', - first_resource => "${::keystone::params::service_name}-clone", + first_resource => 'openstack-core-clone', second_resource => "${::glance::params::registry_service_name}-clone", first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Ocf['openstack-core']], } pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint': constraint_type => 'order', @@ -1224,12 +1334,12 @@ if hiera('step') >= 4 { } -> pacemaker::resource::service { $::neutron::params::server_service: clone_params => 'interleave=true', - require => Pacemaker::Resource::Service[$::keystone::params::service_name] + require => Pacemaker::Resource::Ocf['openstack-core'] } } else { pacemaker::resource::service { $::neutron::params::server_service: clone_params => 'interleave=true', - require => Pacemaker::Resource::Service[$::keystone::params::service_name] + require => Pacemaker::Resource::Ocf['openstack-core'] } } if hiera('neutron::enable_l3_agent', true) { @@ -1301,38 +1411,37 @@ if hiera('step') >= 4 { Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], } } - pacemaker::constraint::base { 'keystone-to-neutron-server-constraint': constraint_type => 'order', - first_resource => "${::keystone::params::service_name}-clone", + first_resource => 'openstack-core-clone', second_resource => "${::neutron::params::server_service}-clone", first_action => 'start', second_action => 'start', - require => [Pacemaker::Resource::Service[$::keystone::params::service_name], + require => [Pacemaker::Resource::Ocf['openstack-core'], Pacemaker::Resource::Service[$::neutron::params::server_service]], } if hiera('neutron::enable_ovs_agent',true) { - pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint': + pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint': constraint_type => 'order', - first_resource => "${::neutron::params::server_service}-clone", - second_resource => "${::neutron::params::ovs_agent_service}-clone", + first_resource => "${::neutron::params::ovs_agent_service}-clone", + second_resource => "${::neutron::params::dhcp_agent_service}-clone", first_action => 'start', second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::server_service], - Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], + require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], + Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], } } if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_ovs_agent',true) { - pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint': + pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint': constraint_type => 'order', - first_resource => "${::neutron::params::ovs_agent_service}-clone", - second_resource => "${::neutron::params::dhcp_agent_service}-clone", + first_resource => "${::neutron::params::server_service}-clone", + second_resource => "${::neutron::params::ovs_agent_service}-clone", first_action => 'start', second_action => 'start', - require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service], - Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]], + require => [Pacemaker::Resource::Service[$::neutron::params::server_service], + Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], + } - } pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation': source => "${::neutron::params::dhcp_agent_service}-clone", target => "${::neutron::params::ovs_agent_service}-clone", @@ -1418,34 +1527,29 @@ if hiera('step') >= 4 { # Nova pacemaker::resource::service { $::nova::params::api_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s', } pacemaker::resource::service { $::nova::params::conductor_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s', } pacemaker::resource::service { $::nova::params::consoleauth_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s', - require => Pacemaker::Resource::Service[$::keystone::params::service_name], + require => Pacemaker::Resource::Ocf['openstack-core'], } pacemaker::resource::service { $::nova::params::vncproxy_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s', } pacemaker::resource::service { $::nova::params::scheduler_service_name : clone_params => 'interleave=true', - op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s', } pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint': constraint_type => 'order', - first_resource => "${::keystone::params::service_name}-clone", + first_resource => 'openstack-core-clone', second_resource => "${::nova::params::consoleauth_service_name}-clone", first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Ocf['openstack-core']], } pacemaker::constraint::base { 'nova-consoleauth-then-nova-vncproxy-constraint': constraint_type => 'order', @@ -1515,16 +1619,16 @@ if hiera('step') >= 4 { # Ceilometer case downcase(hiera('ceilometer_backend')) { /mysql/: { - pacemaker::resource::service { $::ceilometer::params::agent_central_service_name : + pacemaker::resource::service { $::ceilometer::params::agent_central_service_name: clone_params => 'interleave=true', - require => Pacemaker::Resource::Service[$::keystone::params::service_name], + require => Pacemaker::Resource::Ocf['openstack-core'], } } default: { - pacemaker::resource::service { $::ceilometer::params::agent_central_service_name : + pacemaker::resource::service { $::ceilometer::params::agent_central_service_name: clone_params => 'interleave=true', - require => [Pacemaker::Resource::Service[$::keystone::params::service_name], - Pacemaker::Resource::Service[$::mongodb::params::service_name]], + require => [Pacemaker::Resource::Ocf['openstack-core'], + Pacemaker::Resource::Service[$::mongodb::params::service_name]], } } } @@ -1560,12 +1664,12 @@ if hiera('step') >= 4 { } pacemaker::constraint::base { 'keystone-then-ceilometer-central-constraint': constraint_type => 'order', - first_resource => "${::keystone::params::service_name}-clone", + first_resource => 'openstack-core-clone', second_resource => "${::ceilometer::params::agent_central_service_name}-clone", first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Ocf['openstack-core']], } pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint': constraint_type => 'order', @@ -1635,12 +1739,12 @@ if hiera('step') >= 4 { } pacemaker::constraint::base { 'keystone-then-heat-api-constraint': constraint_type => 'order', - first_resource => "${::keystone::params::service_name}-clone", + first_resource => 'openstack-core-clone', second_resource => "${::heat::params::api_service_name}-clone", first_action => 'start', second_action => 'start', require => [Pacemaker::Resource::Service[$::heat::params::api_service_name], - Pacemaker::Resource::Service[$::keystone::params::service_name]], + Pacemaker::Resource::Ocf['openstack-core']], } pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint': constraint_type => 'order', @@ -1700,9 +1804,13 @@ if hiera('step') >= 4 { Pacemaker::Resource::Service[$::ceilometer::params::agent_notification_service_name]], } - # Horizon - pacemaker::resource::service { $::horizon::params::http_service: - clone_params => 'interleave=true', + # Horizon and Keystone + pacemaker::resource::service { $::apache::params::service_name: + clone_params => 'interleave=true', + verify_on_create => true, + require => [File['/etc/keystone/ssl/certs/ca.pem'], + File['/etc/keystone/ssl/private/signing_key.pem'], + File['/etc/keystone/ssl/certs/signing_cert.pem']], } #VSM @@ -1739,12 +1847,21 @@ if hiera('step') >= 5 { if $pacemaker_master { class {'::keystone::roles::admin' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], + require => Pacemaker::Resource::Service[$::apache::params::service_name], } -> class {'::keystone::endpoint' : - require => Pacemaker::Resource::Service[$::keystone::params::service_name], + require => Pacemaker::Resource::Service[$::apache::params::service_name], } + include ::heat::keystone::domain + Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain'] + } else { + # On non-master controller we don't need to create Keystone resources again + class { '::heat::keystone::domain': + manage_domain => false, + manage_user => false, + manage_role => false, + } } } #END STEP 5 diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index 63ac396e..ae074589 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -16,7 +16,9 @@ include ::tripleo::packages include ::tripleo::firewall +create_resources(kmod::load, hiera('kernel_modules'), {}) create_resources(sysctl::value, hiera('sysctl_settings'), {}) +Exec <| tag == 'kmod::load' |> -> Sysctl <| |> if count(hiera('ntp::servers')) > 0 { include ::ntp @@ -48,7 +50,7 @@ snmp::snmpv3_user { $snmpd_user: } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('object_classes') diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp index 5a69725a..134dc43b 100644 --- a/puppet/manifests/overcloud_volume.pp +++ b/puppet/manifests/overcloud_volume.pp @@ -16,7 +16,9 @@ include ::tripleo::packages include ::tripleo::firewall +create_resources(kmod::load, hiera('kernel_modules'), {}) create_resources(sysctl::value, hiera('sysctl_settings'), {}) +Exec <| tag == 'kmod::load' |> -> Sysctl <| |> if count(hiera('ntp::servers')) > 0 { include ::ntp @@ -42,7 +44,7 @@ if $cinder_enable_iscsi { $cinder_enabled_backends = any2array($cinder_iscsi_backend) class { '::cinder::backends' : - enabled_backends => $cinder_enabled_backends, + enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')), } $snmpd_user = hiera('snmpd_readonly_user_name') @@ -52,7 +54,7 @@ snmp::snmpv3_user { $snmpd_user: } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('volume_classes') diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml index a55b3959..eb06b241 100644 --- a/puppet/swift-storage-post.yaml +++ b/puppet/swift-storage-post.yaml @@ -12,9 +12,19 @@ parameters: type: json description: Value which changes if the node configuration may need to be re-applied - resources: + StorageArtifactsConfig: + type: deploy-artifacts.yaml + + StorageArtifactsDeploy: + type: OS::Heat::StructuredDeployments + properties: + servers: {get_param: servers} + config: {get_resource: StorageArtifactsConfig} + input_values: + update_identifier: {get_param: NodeConfigIdentifiers} + StoragePuppetConfig: type: OS::Heat::SoftwareConfig properties: @@ -28,6 +38,7 @@ resources: StorageDeployment_Step1: type: OS::Heat::StructuredDeployments + depends_on: StorageArtifactsDeploy properties: name: StorageDeployment_Step1 servers: {get_param: servers} diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index 142e47cc..c26aca77 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -68,6 +68,10 @@ parameters: Hostname: type: string default: '' # Defaults to Heat created hostname + HostnameMap: + type: json + default: {} + description: Optional mapping to override hostnames ExtraConfig: default: {} description: | @@ -79,6 +83,9 @@ parameters: description: | Role specific additional hiera configuration to inject into the cluster. type: json + SwiftStorageIPs: + default: {} + type: json NetworkDeploymentActions: type: comma_delimited_list description: > @@ -107,6 +114,9 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + NodeIndex: + type: number + default: 0 resources: @@ -120,7 +130,10 @@ resources: - network: ctlplane user_data_format: SOFTWARE_CONFIG user_data: {get_resource: UserData} - name: {get_param: Hostname} + name: + str_replace: + template: {get_param: Hostname} + params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} metadata: {get_param: ServerMetadata} scheduler_hints: {get_param: SchedulerHints} @@ -149,31 +162,43 @@ resources: type: OS::TripleO::SwiftStorage::Ports::ExternalPort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} InternalApiPort: type: OS::TripleO::SwiftStorage::Ports::InternalApiPort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} StoragePort: type: OS::TripleO::SwiftStorage::Ports::StoragePort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} StorageMgmtPort: type: OS::TripleO::SwiftStorage::Ports::StorageMgmtPort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} TenantPort: type: OS::TripleO::SwiftStorage::Ports::TenantPort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} ManagementPort: type: OS::TripleO::SwiftStorage::Ports::ManagementPort properties: ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + IPPool: {get_param: SwiftStorageIPs} + NodeIndex: {get_param: NodeIndex} NetworkConfig: type: OS::TripleO::ObjectStorage::Net::SoftwareConfig @@ -191,11 +216,17 @@ resources: properties: ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} ExternalIp: {get_attr: [ExternalPort, ip_address]} + ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} StorageIp: {get_attr: [StoragePort, ip_address]} + StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} TenantIp: {get_attr: [TenantPort, ip_address]} + TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} ManagementIp: {get_attr: [ManagementPort, ip_address]} + ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -302,11 +333,54 @@ outputs: hosts_entry: value: str_replace: - template: "IP HOST.DOMAIN HOST" + template: | + PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST + EXTERNALIP EXTERNALHOST + INTERNAL_APIIP INTERNAL_APIHOST + STORAGEIP STORAGEHOST + STORAGE_MGMTIP STORAGE_MGMTHOST + TENANTIP TENANTHOST + MANAGEMENTIP MANAGEMENTHOST params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]} + PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} - HOST: {get_attr: [SwiftStorage, name]} + PRIMARYHOST: {get_attr: [SwiftStorage, name]} + EXTERNALIP: {get_attr: [ExternalPort, ip_address]} + EXTERNALHOST: + list_join: + - '-' + - - {get_attr: [SwiftStorage, name]} + - external + INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} + INTERNAL_APIHOST: + list_join: + - '-' + - - {get_attr: [SwiftStorage, name]} + - internalapi + STORAGEIP: {get_attr: [StoragePort, ip_address]} + STORAGEHOST: + list_join: + - '-' + - - {get_attr: [SwiftStorage, name]} + - storage + STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} + STORAGE_MGMTHOST: + list_join: + - '-' + - - {get_attr: [SwiftStorage, name]} + - storagemgmt + TENANTIP: {get_attr: [TenantPort, ip_address]} + TENANTHOST: + list_join: + - '-' + - - {get_attr: [SwiftStorage, name]} + - tenant + MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} + MANAGEMENTHOST: + list_join: + - '-' + - - {get_attr: [SwiftStorage, name]} + - management nova_server_resource: description: Heat resource handle for the swift storage server value: @@ -317,7 +391,7 @@ outputs: str_replace: template: 'r1z1-IP:%PORT%/d1' params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} + IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} external_ip_address: description: IP address of the server in the external network value: {get_attr: [ExternalPort, ip_address]} |