aboutsummaryrefslogtreecommitdiffstats
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/all-nodes-config.yaml11
-rw-r--r--puppet/ceph-cluster-config.yaml15
-rw-r--r--puppet/ceph-storage-post.yaml14
-rw-r--r--puppet/ceph-storage.yaml82
-rw-r--r--puppet/cinder-storage-post.yaml12
-rw-r--r--puppet/cinder-storage.yaml90
-rw-r--r--puppet/compute-post.yaml12
-rw-r--r--puppet/compute.yaml127
-rw-r--r--puppet/controller-post.yaml11
-rw-r--r--puppet/controller.yaml212
-rw-r--r--puppet/deploy-artifacts.sh26
-rw-r--r--puppet/deploy-artifacts.yaml32
-rw-r--r--puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml11
-rw-r--r--puppet/extraconfig/ceph/ceph-external-config.yaml10
-rw-r--r--puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml45
-rw-r--r--puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml47
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml2
-rw-r--r--puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml1
-rw-r--r--puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml62
-rw-r--r--puppet/extraconfig/tls/ca-inject.yaml4
-rw-r--r--puppet/extraconfig/tls/tls-cert-inject.yaml4
-rw-r--r--puppet/hieradata/common.yaml22
-rw-r--r--puppet/hieradata/compute.yaml3
-rw-r--r--puppet/hieradata/controller.yaml17
-rw-r--r--puppet/hieradata/database.yaml7
-rw-r--r--puppet/hieradata/volume.yaml2
-rw-r--r--puppet/manifests/overcloud_cephstorage.pp10
-rw-r--r--puppet/manifests/overcloud_compute.pp70
-rw-r--r--puppet/manifests/overcloud_controller.pp112
-rw-r--r--puppet/manifests/overcloud_controller_pacemaker.pp323
-rw-r--r--puppet/manifests/overcloud_object.pp4
-rw-r--r--puppet/manifests/overcloud_volume.pp6
-rw-r--r--puppet/swift-storage-post.yaml13
-rw-r--r--puppet/swift-storage.yaml84
35 files changed, 1288 insertions, 217 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index 00766193..2f2a1e9d 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -69,8 +69,8 @@ resources:
allNodesConfigImpl:
type: OS::Heat::StructuredConfig
properties:
+ group: os-apply-config
config:
- completion-signal: {get_input: deploy_signal_id}
hosts:
list_join:
- "\n"
@@ -139,6 +139,14 @@ resources:
list_join:
- "','"
- {get_param: memcache_node_ips}
+ memcache_node_ips_v6:
+ str_replace:
+ template: "['inet6:[SERVERS_LIST]']"
+ params:
+ SERVERS_LIST:
+ list_join:
+ - "]','inet6:["
+ - {get_param: memcache_node_ips}
mysql_node_ips:
str_replace:
template: "['SERVERS_LIST']"
@@ -265,6 +273,7 @@ resources:
# hieradata file can't be used as it returns string
ceilometer::rabbit_hosts: *rabbit_nodes_array
cinder::rabbit_hosts: *rabbit_nodes_array
+ glance::notify::rabbitmq::rabbit_hosts: *rabbit_nodes_array
heat::rabbit_hosts: *rabbit_nodes_array
neutron::rabbit_hosts: *rabbit_nodes_array
nova::rabbit_hosts: *rabbit_nodes_array
diff --git a/puppet/ceph-cluster-config.yaml b/puppet/ceph-cluster-config.yaml
index 96198c3f..dc2f98ed 100644
--- a/puppet/ceph-cluster-config.yaml
+++ b/puppet/ceph-cluster-config.yaml
@@ -39,6 +39,9 @@ parameters:
CephClientUserName:
default: openstack
type: string
+ CephIPv6:
+ default: False
+ type: boolean
resources:
CephClusterConfigImpl:
@@ -50,15 +53,25 @@ resources:
datafiles:
ceph_cluster:
mapped_data:
+ ceph_ipv6: {get_param: CephIPv6}
ceph_storage_count: {get_param: ceph_storage_count}
ceph_mon_initial_members:
list_join:
- ','
- {get_param: ceph_mon_names}
- ceph::profile::params::mon_host:
+ ceph_mon_host:
list_join:
- ','
- {get_param: ceph_mon_ips}
+ ceph_mon_host_v6:
+ str_replace:
+ template: "'[IPS_LIST]'"
+ params:
+ IPS_LIST:
+ list_join:
+ - '],['
+ - {get_param: ceph_mon_ips}
+ ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6}
ceph::profile::params::fsid: {get_param: ceph_fsid}
ceph::profile::params::mon_key: {get_param: ceph_mon_key}
# We should use a separated key for the non-admin clients
diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml
index f9c53465..e90710c7 100644
--- a/puppet/ceph-storage-post.yaml
+++ b/puppet/ceph-storage-post.yaml
@@ -14,8 +14,19 @@ parameters:
type: json
description: Value which changes if the node configuration may need to be re-applied
-
resources:
+
+ CephStorageArtifactsConfig:
+ type: deploy-artifacts.yaml
+
+ CephStorageArtifactsDeploy:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ servers: {get_param: servers}
+ config: {get_resource: CephStorageArtifactsConfig}
+ input_values:
+ update_identifier: {get_param: NodeConfigIdentifiers}
+
CephStoragePuppetConfig:
type: OS::Heat::SoftwareConfig
properties:
@@ -29,6 +40,7 @@ resources:
CephStorageDeployment_Step1:
type: OS::Heat::StructuredDeployments
+ depends_on: CephStorageArtifactsDeploy
properties:
name: CephStorageDeployment_Step1
servers: {get_param: servers}
diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml
index e310e1f5..d2988926 100644
--- a/puppet/ceph-storage.yaml
+++ b/puppet/ceph-storage.yaml
@@ -47,6 +47,10 @@ parameters:
Hostname:
type: string
default: '' # Defaults to Heat created hostname
+ HostnameMap:
+ type: json
+ default: {}
+ description: Optional mapping to override hostnames
ExtraConfig:
default: {}
description: |
@@ -58,6 +62,9 @@ parameters:
description: |
Role specific additional hiera configuration to inject into the cluster.
type: json
+ CephStorageIPs:
+ default: {}
+ type: json
NetworkDeploymentActions:
type: comma_delimited_list
description: >
@@ -86,6 +93,9 @@ parameters:
type: json
description: Optional scheduler hints to pass to nova
default: {}
+ NodeIndex:
+ type: number
+ default: 0
resources:
CephStorage:
@@ -99,7 +109,10 @@ resources:
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
user_data: {get_resource: UserData}
- name: {get_param: Hostname}
+ name:
+ str_replace:
+ template: {get_param: Hostname}
+ params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
scheduler_hints: {get_param: SchedulerHints}
@@ -128,31 +141,43 @@ resources:
type: OS::TripleO::CephStorage::Ports::ExternalPort
properties:
ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: CephStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
InternalApiPort:
type: OS::TripleO::CephStorage::Ports::InternalApiPort
properties:
ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: CephStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
StoragePort:
type: OS::TripleO::CephStorage::Ports::StoragePort
properties:
ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: CephStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
StorageMgmtPort:
type: OS::TripleO::CephStorage::Ports::StorageMgmtPort
properties:
ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: CephStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
TenantPort:
type: OS::TripleO::CephStorage::Ports::TenantPort
properties:
ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: CephStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
ManagementPort:
type: OS::TripleO::CephStorage::Ports::ManagementPort
properties:
ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: CephStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
NetworkConfig:
type: OS::TripleO::CephStorage::Net::SoftwareConfig
@@ -170,11 +195,17 @@ resources:
properties:
ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]}
ExternalIp: {get_attr: [ExternalPort, ip_address]}
+ ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
+ InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
StorageIp: {get_attr: [StoragePort, ip_address]}
+ StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
+ StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
TenantIp: {get_attr: [TenantPort, ip_address]}
+ TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
ManagementIp: {get_attr: [ManagementPort, ip_address]}
+ ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
NetIpSubnetMap:
type: OS::TripleO::Network::Ports::NetIpSubnetMap
@@ -280,11 +311,54 @@ outputs:
hosts_entry:
value:
str_replace:
- template: "IP HOST.DOMAIN HOST"
+ template: |
+ PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
+ EXTERNALIP EXTERNALHOST
+ INTERNAL_APIIP INTERNAL_APIHOST
+ STORAGEIP STORAGEHOST
+ STORAGE_MGMTIP STORAGE_MGMTHOST
+ TENANTIP TENANTHOST
+ MANAGEMENTIP MANAGEMENTHOST
params:
- IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]}
+ PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
- HOST: {get_attr: [CephStorage, name]}
+ PRIMARYHOST: {get_attr: [CephStorage, name]}
+ EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
+ EXTERNALHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [CephStorage, name]}
+ - external
+ INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
+ INTERNAL_APIHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [CephStorage, name]}
+ - internalapi
+ STORAGEIP: {get_attr: [StoragePort, ip_address]}
+ STORAGEHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [CephStorage, name]}
+ - storage
+ STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
+ STORAGE_MGMTHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [CephStorage, name]}
+ - storagemgmt
+ TENANTIP: {get_attr: [TenantPort, ip_address]}
+ TENANTHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [CephStorage, name]}
+ - tenant
+ MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
+ MANAGEMENTHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [CephStorage, name]}
+ - management
nova_server_resource:
description: Heat resource handle for the ceph storage server
value:
diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml
index 9b7c752a..f470203f 100644
--- a/puppet/cinder-storage-post.yaml
+++ b/puppet/cinder-storage-post.yaml
@@ -14,8 +14,20 @@ parameters:
resources:
+ VolumeArtifactsConfig:
+ type: deploy-artifacts.yaml
+
+ VolumeArtifactsDeploy:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ servers: {get_param: servers}
+ config: {get_resource: VolumeArtifactsConfig}
+ input_values:
+ update_identifier: {get_param: NodeConfigIdentifiers}
+
VolumePuppetConfig:
type: OS::Heat::SoftwareConfig
+ depends_on: VolumeArtifactsDeploy
properties:
group: puppet
options:
diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml
index f7e8f907..888f3cf8 100644
--- a/puppet/cinder-storage.yaml
+++ b/puppet/cinder-storage.yaml
@@ -9,11 +9,11 @@ parameters:
description: Whether to enable or not the Iscsi backend for Cinder
type: boolean
CinderISCSIHelper:
- default: tgtadm
+ default: lioadm
description: The iSCSI helper to use with cinder.
type: string
CinderLVMLoopDeviceSize:
- default: 5000
+ default: 10280
description: The size of the loopback file used by the cinder LVM driver.
type: number
CinderPassword:
@@ -38,6 +38,9 @@ parameters:
description: |
Role specific additional hiera configuration to inject into the cluster.
type: json
+ BlockStorageIPs:
+ default: {}
+ type: json
Flavor:
description: Flavor for block storage nodes to request when deploying.
type: string
@@ -89,6 +92,10 @@ parameters:
Hostname:
type: string
default: '' # Defaults to Heat created hostname
+ HostnameMap:
+ type: json
+ default: {}
+ description: Optional mapping to override hostnames
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -106,7 +113,7 @@ parameters:
GlanceApiVirtualIP:
type: string
default: ''
- MysqlVirtualIP:
+ MysqlVirtualIPUri:
type: string
default: ''
NetworkDeploymentActions:
@@ -137,6 +144,9 @@ parameters:
type: json
description: Optional scheduler hints to pass to nova
default: {}
+ NodeIndex:
+ type: number
+ default: 0
resources:
@@ -151,7 +161,10 @@ resources:
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
user_data: {get_resource: UserData}
- name: {get_param: Hostname}
+ name:
+ str_replace:
+ template: {get_param: Hostname}
+ params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
scheduler_hints: {get_param: SchedulerHints}
@@ -180,31 +193,43 @@ resources:
type: OS::TripleO::BlockStorage::Ports::ExternalPort
properties:
ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: BlockStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
InternalApiPort:
type: OS::TripleO::BlockStorage::Ports::InternalApiPort
properties:
ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: BlockStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
StoragePort:
type: OS::TripleO::BlockStorage::Ports::StoragePort
properties:
ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: BlockStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
StorageMgmtPort:
type: OS::TripleO::BlockStorage::Ports::StorageMgmtPort
properties:
ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: BlockStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
TenantPort:
type: OS::TripleO::BlockStorage::Ports::TenantPort
properties:
ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: BlockStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
ManagementPort:
type: OS::TripleO::BlockStorage::Ports::ManagementPort
properties:
ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: BlockStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
NetworkConfig:
type: OS::TripleO::BlockStorage::Net::SoftwareConfig
@@ -222,11 +247,17 @@ resources:
properties:
ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]}
ExternalIp: {get_attr: [ExternalPort, ip_address]}
+ ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
+ InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
StorageIp: {get_attr: [StoragePort, ip_address]}
+ StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
+ StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
TenantIp: {get_attr: [TenantPort, ip_address]}
+ TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
ManagementIp: {get_attr: [ManagementPort, ip_address]}
+ ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -245,7 +276,7 @@ resources:
config: {get_resource: BlockStorageConfig}
input_values:
debug: {get_param: Debug}
- cinder_dsn: {list_join: ['', ['mysql+pymysql://cinder:', {get_param: CinderPassword}, '@', {get_param: MysqlVirtualIP} , '/cinder']]}
+ cinder_dsn: {list_join: ['', ['mysql+pymysql://cinder:', {get_param: CinderPassword}, '@', {get_param: MysqlVirtualIPUri} , '/cinder']]}
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
cinder_lvm_loop_device_size:
@@ -343,11 +374,54 @@ outputs:
hosts_entry:
value:
str_replace:
- template: "IP HOST.DOMAIN HOST"
+ template: |
+ PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
+ EXTERNALIP EXTERNALHOST
+ INTERNAL_APIIP INTERNAL_APIHOST
+ STORAGEIP STORAGEHOST
+ STORAGE_MGMTIP STORAGE_MGMTHOST
+ TENANTIP TENANTHOST
+ MANAGEMENTIP MANAGEMENTHOST
params:
- IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]}
+ PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
- HOST: {get_attr: [BlockStorage, name]}
+ PRIMARYHOST: {get_attr: [BlockStorage, name]}
+ EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
+ EXTERNALHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [BlockStorage, name]}
+ - external
+ INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
+ INTERNAL_APIHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [BlockStorage, name]}
+ - internalapi
+ STORAGEIP: {get_attr: [StoragePort, ip_address]}
+ STORAGEHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [BlockStorage, name]}
+ - storage
+ STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
+ STORAGE_MGMTHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [BlockStorage, name]}
+ - storagemgmt
+ TENANTIP: {get_attr: [TenantPort, ip_address]}
+ TENANTHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [BlockStorage, name]}
+ - tenant
+ MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
+ MANAGEMENTHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [BlockStorage, name]}
+ - management
nova_server_resource:
description: Heat resource handle for the block storage server
value:
diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml
index 3861e50c..a122df0e 100644
--- a/puppet/compute-post.yaml
+++ b/puppet/compute-post.yaml
@@ -17,6 +17,17 @@ parameters:
resources:
+ ComputeArtifactsConfig:
+ type: deploy-artifacts.yaml
+
+ ComputeArtifactsDeploy:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ servers: {get_param: servers}
+ config: {get_resource: ComputeArtifactsConfig}
+ input_values:
+ update_identifier: {get_param: NodeConfigIdentifiers}
+
ComputePuppetConfig:
type: OS::Heat::SoftwareConfig
properties:
@@ -30,6 +41,7 @@ resources:
ComputePuppetDeployment:
type: OS::Heat::StructuredDeployments
+ depends_on: ComputeArtifactsDeploy
properties:
name: ComputePuppetDeployment
servers: {get_param: servers}
diff --git a/puppet/compute.yaml b/puppet/compute.yaml
index 8b2bcd33..ee5bced6 100644
--- a/puppet/compute.yaml
+++ b/puppet/compute.yaml
@@ -118,6 +118,15 @@ parameters:
default: nic1
description: A port to add to the NeutronPhysicalBridge.
type: string
+ NeutronTenantMtu:
+ description: >
+ The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
+ be at least 50 bytes smaller than the MTU on the physical network. This
+ value will be used to set the MTU on the virtual Ethernet device.
+ This number is related to the value of NeutronDnsmasqOptions, since that
+ will determine the MTU that is assigned to the VM host through DHCP.
+ default: 1400
+ type: number
NeutronTunnelTypes:
type: comma_delimited_list
description: |
@@ -186,6 +195,9 @@ parameters:
default: 'dvr_snat'
description: Agent mode for the neutron-l3-agent on the controller hosts
type: string
+ NodeIndex:
+ type: number
+ default: 0
NovaApiHost:
type: string
default: '' # Has to be here because of the ignored empty value bug
@@ -198,6 +210,9 @@ parameters:
NovaCompute specific configuration to inject into the cluster. Same
structure as ExtraConfig.
type: json
+ NovaComputeIPs:
+ default: {}
+ type: json
NovaComputeLibvirtType:
type: string
default: kvm
@@ -209,6 +224,10 @@ parameters:
default: false
description: Whether to enable or not the Rbd backend for Nova
type: boolean
+ NovaIPv6:
+ default: false
+ description: Enable IPv6 features in Nova
+ type: boolean
NovaPassword:
description: The password for the nova service account, used by nova-api.
type: string
@@ -258,6 +277,10 @@ parameters:
description: The user password for SNMPd with readonly rights running on all Overcloud nodes
type: string
hidden: true
+ UpgradeLevelNovaCompute:
+ type: string
+ description: Nova Compute upgrade level
+ default: ''
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation via Puppet
@@ -285,6 +308,10 @@ parameters:
Hostname:
type: string
default: '' # Defaults to Heat created hostname
+ HostnameMap:
+ type: json
+ default: {}
+ description: Optional mapping to override hostnames
NetworkDeploymentActions:
type: comma_delimited_list
description: >
@@ -329,7 +356,10 @@ resources:
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
user_data: {get_resource: UserData}
- name: {get_param: Hostname}
+ name:
+ str_replace:
+ template: {get_param: Hostname}
+ params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
scheduler_hints: {get_param: SchedulerHints}
@@ -358,42 +388,60 @@ resources:
type: OS::TripleO::Compute::Ports::ExternalPort
properties:
ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
+ IPPool: {get_param: NovaComputeIPs}
+ NodeIndex: {get_param: NodeIndex}
InternalApiPort:
type: OS::TripleO::Compute::Ports::InternalApiPort
properties:
ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
+ IPPool: {get_param: NovaComputeIPs}
+ NodeIndex: {get_param: NodeIndex}
StoragePort:
type: OS::TripleO::Compute::Ports::StoragePort
properties:
ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
+ IPPool: {get_param: NovaComputeIPs}
+ NodeIndex: {get_param: NodeIndex}
StorageMgmtPort:
type: OS::TripleO::Compute::Ports::StorageMgmtPort
properties:
ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
+ IPPool: {get_param: NovaComputeIPs}
+ NodeIndex: {get_param: NodeIndex}
TenantPort:
type: OS::TripleO::Compute::Ports::TenantPort
properties:
ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
+ IPPool: {get_param: NovaComputeIPs}
+ NodeIndex: {get_param: NodeIndex}
ManagementPort:
type: OS::TripleO::Compute::Ports::ManagementPort
properties:
ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]}
+ IPPool: {get_param: NovaComputeIPs}
+ NodeIndex: {get_param: NodeIndex}
NetIpMap:
type: OS::TripleO::Network::Ports::NetIpMap
properties:
ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]}
ExternalIp: {get_attr: [ExternalPort, ip_address]}
+ ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
+ InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
StorageIp: {get_attr: [StoragePort, ip_address]}
+ StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
+ StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
TenantIp: {get_attr: [TenantPort, ip_address]}
+ TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
ManagementIp: {get_attr: [ManagementPort, ip_address]}
+ ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
NetworkConfig:
type: OS::TripleO::Compute::Net::SoftwareConfig
@@ -434,9 +482,11 @@ resources:
- all_nodes # provided by allNodesConfig
- '"%{::osfamily}"'
- common
+ - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre
- cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre
- nova_nuage_data # Optionally provided by ComputeExtraConfigPre
- midonet_data # Optionally provided by AllNodesExtraConfig
+ - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre
datafiles:
compute_extraconfig:
mapped_data: {get_param: NovaComputeExtraConfig}
@@ -450,11 +500,13 @@ resources:
raw_data: {get_file: hieradata/compute.yaml}
mapped_data:
cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend}
+ nova::use_ipv6: {get_input: nova_ipv6}
nova::debug: {get_input: debug}
nova::rabbit_userid: {get_input: rabbit_username}
nova::rabbit_password: {get_input: rabbit_password}
nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
nova::rabbit_port: {get_input: rabbit_client_port}
+ nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
nova_compute_driver: {get_input: nova_compute_driver}
nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type}
nova::compute::neutron::libvirt_vif_driver: {get_input: nova_compute_libvirt_vif_driver}
@@ -463,7 +515,11 @@ resources:
nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend}
rbd_persistent_storage: {get_input: cinder_enable_rbd_backend}
nova_password: {get_input: nova_password}
+ nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address}
+ nova::vncproxy::common::vncproxy_protocol: {get_input: nova_vncproxy_protocol}
+ nova::vncproxy::common::vncproxy_host: {get_input: nova_vncproxy_host}
+ nova::vncproxy::common::vncproxy_port: {get_input: nova_vncproxy_port}
nova::network::neutron::neutron_ovs_bridge: {get_input: nova_ovs_bridge}
nova::network::neutron::security_group_api: {get_input: nova_security_group_api}
ceilometer::debug: {get_input: debug}
@@ -487,6 +543,7 @@ resources:
neutron_host: {get_input: neutron_host}
neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip}
+ neutron::network_device_mtu: {get_input: neutron_tenant_mtu}
neutron::plugins::ml2::tenant_network_types: {get_input: neutron_tenant_network_types}
neutron::agents::ml2::ovs::tunnel_types: {get_input: neutron_tunnel_types}
neutron::agents::ml2::ovs::extensions: {get_input: neutron_agent_extensions}
@@ -498,9 +555,9 @@ resources:
neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop}
neutron_physical_bridge: {get_input: neutron_physical_bridge}
neutron_public_interface: {get_input: neutron_public_interface}
- nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
+ nova::network::neutron::neutron_password: {get_input: neutron_password}
nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
- nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
+ nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
neutron_router_distributed: {get_input: neutron_router_distributed}
neutron_agent_mode: {get_input: neutron_agent_mode}
neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
@@ -533,10 +590,22 @@ resources:
nova_api_host: {get_param: NovaApiHost}
nova_password: {get_param: NovaPassword}
nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend}
+ nova_ipv6: {get_param: NovaIPv6}
cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]}
+ nova_vncproxy_protocol: {get_param: [EndpointMap, NovaVNCProxyPublic, protocol]}
+ # Remove brackets that may come if the IP address is IPv6.
+ # For DNS names and IPv4, this will just get the NovaVNCProxyPublic value
+ nova_vncproxy_host:
+ str_replace:
+ template: {get_param: [EndpointMap, NovaVNCProxyPublic, host]}
+ params:
+ '[': ''
+ ']': ''
+ nova_vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
nova_ovs_bridge: {get_param: NovaOVSBridge}
nova_security_group_api: {get_param: NovaSecurityGroupAPI}
+ upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
ceilometer_compute_agent: {get_param: CeilometerComputeAgent}
@@ -581,6 +650,7 @@ resources:
template: MAPPINGS
params:
MAPPINGS: {get_param: NeutronBridgeMappings}
+ neutron_tenant_mtu: {get_param: NeutronTenantMtu}
neutron_enable_tunneling: {get_param: NeutronEnableTunnelling}
neutron_enable_l2pop: {get_param: NeutronEnableL2Pop}
neutron_physical_bridge: {get_param: NeutronPhysicalBridge}
@@ -612,7 +682,7 @@ resources:
AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions}
neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice}
neutron_internal_url: {get_param: [EndpointMap, NeutronInternal, uri]}
- neutron_admin_auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri]}
+ neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]}
keystone_vip: {get_param: KeystonePublicApiVirtualIP}
admin_password: {get_param: AdminPassword}
rabbit_username: {get_param: RabbitUserName}
@@ -689,11 +759,54 @@ outputs:
Server's IP address and hostname in the /etc/hosts format
value:
str_replace:
- template: "IP HOST.DOMAIN HOST"
+ template: |
+ PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
+ EXTERNALIP EXTERNALHOST
+ INTERNAL_APIIP INTERNAL_APIHOST
+ STORAGEIP STORAGEHOST
+ STORAGE_MGMTIP STORAGE_MGMTHOST
+ TENANTIP TENANTHOST
+ MANAGEMENTIP MANAGEMENTHOST
params:
- IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]}
+ PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
- HOST: {get_attr: [NovaCompute, name]}
+ PRIMARYHOST: {get_attr: [NovaCompute, name]}
+ EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
+ EXTERNALHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [NovaCompute, name]}
+ - external
+ INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
+ INTERNAL_APIHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [NovaCompute, name]}
+ - internalapi
+ STORAGEIP: {get_attr: [StoragePort, ip_address]}
+ STORAGEHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [NovaCompute, name]}
+ - storage
+ STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
+ STORAGE_MGMTHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [NovaCompute, name]}
+ - storagemgmt
+ TENANTIP: {get_attr: [TenantPort, ip_address]}
+ TENANTHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [NovaCompute, name]}
+ - tenant
+ MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
+ MANAGEMENTHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [NovaCompute, name]}
+ - management
nova_server_resource:
description: Heat resource handle for the Nova compute server
value:
diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml
index d250dd70..713ad706 100644
--- a/puppet/controller-post.yaml
+++ b/puppet/controller-post.yaml
@@ -17,6 +17,15 @@ parameters:
resources:
+ ControllerArtifactsConfig:
+ type: deploy-artifacts.yaml
+
+ ControllerArtifactsDeploy:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ servers: {get_param: servers}
+ config: {get_resource: ControllerArtifactsConfig}
+
ControllerPrePuppet:
type: OS::TripleO::Tasks::ControllerPrePuppet
properties:
@@ -33,7 +42,7 @@ resources:
# e.g all Deployment resources should have a *Deployment_StepN suffix
ControllerLoadBalancerDeployment_Step1:
type: OS::Heat::StructuredDeployments
- depends_on: ControllerPrePuppet
+ depends_on: [ControllerPrePuppet, ControllerArtifactsDeploy]
properties:
name: ControllerLoadBalancerDeployment_Step1
servers: {get_param: servers}
diff --git a/puppet/controller.yaml b/puppet/controller.yaml
index ea19c711..a873ce8a 100644
--- a/puppet/controller.yaml
+++ b/puppet/controller.yaml
@@ -32,6 +32,10 @@ parameters:
description: The password for the ceilometer service and db account.
type: string
hidden: true
+ CeilometerStoreEvents:
+ default: false
+ description: Whether to store events in ceilometer.
+ type: boolean
CinderApiVirtualIP:
type: string
default: ''
@@ -57,11 +61,11 @@ parameters:
description: Whether to enable or not the Rbd backend for Cinder
type: boolean
CinderISCSIHelper:
- default: tgtadm
+ default: lioadm
description: The iSCSI helper to use with cinder.
type: string
CinderLVMLoopDeviceSize:
- default: 5000
+ default: 10280
description: The size of the loopback file used by the cinder LVM driver.
type: number
CinderNfsMountOptions:
@@ -107,6 +111,10 @@ parameters:
default: 'br-ex'
description: Interface where virtual ip will be assigned.
type: string
+ CorosyncIPv6:
+ default: false
+ description: Enable IPv6 in Corosync
+ type: boolean
Debug:
default: ''
description: Set to True to enable debugging on all services.
@@ -230,7 +238,7 @@ parameters:
type: string
hidden: true
HeatStackDomainAdminPassword:
- description: Password for heat_domain_admin user.
+ description: Password for heat_stack_domain_admin user.
type: string
hidden: true
HeatAuthEncryptionKey:
@@ -245,6 +253,11 @@ parameters:
default: 0
description: Number of workers for Heat service.
type: number
+ HeatEnableDBPurge:
+ type: boolean
+ default: true
+ description: |
+ Whether to create cron job for purging soft deleted rows in the Heat database.
HorizonSecret:
description: Secret key for Django
type: string
@@ -492,6 +505,15 @@ parameters:
default: ''
description: If set, the public interface is a vlan with this device as the raw device.
type: string
+ NeutronTenantMtu:
+ description: >
+ The default MTU for tenant networks. For VXLAN/GRE tunneling, this should
+ be at least 50 bytes smaller than the MTU on the physical network. This
+ value will be used to set the MTU on the virtual Ethernet device.
+ This number is related to the value of NeutronDnsmasqOptions, since that
+ will determine the MTU that is assigned to the VM host through DHCP.
+ default: 1400
+ type: number
NeutronTunnelTypes:
default: 'vxlan'
description: |
@@ -510,7 +532,7 @@ parameters:
default: ["1:4094", ]
type: comma_delimited_list
NeutronPluginExtensions:
- default: "qos"
+ default: "qos,port_security"
description: |
Comma-separated list of extensions enabled for the Neutron plugin.
type: comma_delimited_list
@@ -531,6 +553,10 @@ parameters:
description: |
Whether to create cron job for purging soft deleted rows in Nova database.
type: boolean
+ NovaIPv6:
+ default: false
+ description: Enable IPv6 features in Nova
+ type: boolean
NovaPassword:
description: The password for the nova service and db account, used by nova-api.
type: string
@@ -543,6 +569,10 @@ parameters:
default: false
description: Should MongoDb journaling be disabled
type: boolean
+ MongoDbIPv6:
+ default: false
+ description: Enable IPv6 if Mongo DB VIP is IPv6
+ type: boolean
NtpServer:
default: ''
description: Comma-separated list of ntp servers
@@ -587,9 +617,21 @@ parameters:
default: 16384
description: Configures RabbitMQ FD limit
type: string
+ RabbitIPv6:
+ default: false
+ description: Enable IPv6 in RabbitMQ
+ type: boolean
+ RedisPassword:
+ type: string
+ description: The password to access the Redis service
+ hidden: true
RedisVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
+ RedisVirtualIPUri:
+ type: string
+ default: '' # Has to be here because of the ignored empty value bug
+ description: An IP address which is wrapped in brackets in case of IPv6
SnmpdReadonlyUserName:
default: ro_snmp_user
description: The user name for SNMPd with readonly rights running on all Overcloud nodes
@@ -635,12 +677,19 @@ parameters:
default: 'UTC'
description: The timezone to be set on controller nodes.
type: string
+ UpgradeLevelNovaCompute:
+ type: string
+ description: Nova Compute upgrade level
+ default: ''
VirtualIP: # DEPRECATED: use per service settings instead
type: string
default: '' # Has to be here because of the ignored empty value bug
HeatApiVirtualIP:
type: string
default: ''
+ HeatApiVirtualIPUri:
+ type: string
+ default: ''
GlanceApiVirtualIP:
type: string
default: ''
@@ -650,6 +699,9 @@ parameters:
MysqlVirtualIP:
type: string
default: ''
+ MysqlVirtualIPUri:
+ type: string
+ default: ''
KeystoneAdminApiVirtualIP:
type: string
default: ''
@@ -682,6 +734,10 @@ parameters:
Hostname:
type: string
default: '' # Defaults to Heat created hostname
+ HostnameMap:
+ type: json
+ default: {}
+ description: Optional mapping to override hostnames
NetworkDeploymentActions:
type: comma_delimited_list
description: >
@@ -727,7 +783,10 @@ resources:
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
user_data: {get_resource: UserData}
- name: {get_param: Hostname}
+ name:
+ str_replace:
+ template: {get_param: Hostname}
+ params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
scheduler_hints: {get_param: SchedulerHints}
@@ -790,6 +849,8 @@ resources:
ManagementPort:
type: OS::TripleO::Controller::Ports::ManagementPort
properties:
+ IPPool: {get_param: ControllerIPs}
+ NodeIndex: {get_param: NodeIndex}
ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]}
NetIpMap:
@@ -797,11 +858,17 @@ resources:
properties:
ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]}
ExternalIp: {get_attr: [ExternalPort, ip_address]}
+ ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
+ InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
StorageIp: {get_attr: [StoragePort, ip_address]}
+ StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
+ StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
TenantIp: {get_attr: [TenantPort, ip_address]}
+ TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
ManagementIp: {get_attr: [ManagementPort, ip_address]}
+ ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
NetIpSubnetMap:
type: OS::TripleO::Network::Ports::NetIpSubnetMap
@@ -877,21 +944,22 @@ resources:
list_join:
- ''
- - 'http://'
- - {get_param: HeatApiVirtualIP}
+ - {get_param: HeatApiVirtualIPUri}
- ':8003'
heat.metadata_server_url:
list_join:
- ''
- - 'http://'
- - {get_param: HeatApiVirtualIP}
+ - {get_param: HeatApiVirtualIPUri}
- ':8000'
heat.waitcondition_server_url:
list_join:
- ''
- - 'http://'
- - {get_param: HeatApiVirtualIP}
+ - {get_param: HeatApiVirtualIPUri}
- ':8000/v1/waitcondition'
heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey}
+ heat_enable_db_purge: {get_param: HeatEnableDBPurge}
horizon_allowed_hosts: {get_param: HorizonAllowedHosts}
horizon_secret: {get_param: HorizonSecret}
admin_email: {get_param: AdminEmail}
@@ -919,7 +987,7 @@ resources:
- - 'mysql+pymysql://cinder:'
- {get_param: CinderPassword}
- '@'
- - {get_param: MysqlVirtualIP}
+ - {get_param: MysqlVirtualIPUri}
- '/cinder'
glance_port: {get_param: [EndpointMap, GlanceInternal, port]}
glance_password: {get_param: GlancePassword}
@@ -936,7 +1004,7 @@ resources:
- - 'mysql+pymysql://glance:'
- {get_param: GlancePassword}
- '@'
- - {get_param: MysqlVirtualIP}
+ - {get_param: MysqlVirtualIPUri}
- '/glance'
heat_password: {get_param: HeatPassword}
heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword}
@@ -946,7 +1014,7 @@ resources:
- - 'mysql+pymysql://heat:'
- {get_param: HeatPassword}
- '@'
- - {get_param: MysqlVirtualIP}
+ - {get_param: MysqlVirtualIPUri}
- '/heat'
keystone_ca_certificate: {get_param: KeystoneCACertificate}
keystone_signing_key: {get_param: KeystoneSigningKey}
@@ -962,7 +1030,7 @@ resources:
- - 'mysql+pymysql://keystone:'
- {get_param: AdminToken}
- '@'
- - {get_param: MysqlVirtualIP}
+ - {get_param: MysqlVirtualIPUri}
- '/keystone'
keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
@@ -1061,6 +1129,7 @@ resources:
params:
AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions}
neutron_password: {get_param: NeutronPassword}
+ neutron_tenant_mtu: {get_param: NeutronTenantMtu}
neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions}
neutron_dsn:
list_join:
@@ -1068,33 +1137,37 @@ resources:
- - 'mysql+pymysql://neutron:'
- {get_param: NeutronPassword}
- '@'
- - {get_param: MysqlVirtualIP}
+ - {get_param: MysqlVirtualIPUri}
- '/ovs_neutron?charset=utf8'
neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] }
neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] }
neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
- neutron_admin_auth_url: { get_param: [ EndpointMap, KeystoneAdmin, uri_no_suffix ] }
+ neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
ceilometer_backend: {get_param: CeilometerBackend}
ceilometer_metering_secret: {get_param: CeilometerMeteringSecret}
ceilometer_password: {get_param: CeilometerPassword}
+ ceilometer_store_events: {get_param: CeilometerStoreEvents}
ceilometer_coordination_url:
list_join:
- ''
- - 'redis://'
- - {get_param: RedisVirtualIP}
- - ':6379'
+ - {get_param: RedisVirtualIPUri}
+ - ':6379/?password='
+ - {get_param: RedisPassword}
ceilometer_dsn:
list_join:
- ''
- - 'mysql+pymysql://ceilometer:'
- {get_param: CeilometerPassword}
- '@'
- - {get_param: MysqlVirtualIP}
+ - {get_param: MysqlVirtualIPUri}
- '/ceilometer'
snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
nova_enable_db_purge: {get_param: NovaEnableDBPurge}
+ nova_ipv6: {get_param: NovaIPv6}
+ corosync_ipv6: {get_param: CorosyncIPv6}
nova_password: {get_param: NovaPassword}
nova_dsn:
list_join:
@@ -1102,8 +1175,17 @@ resources:
- - 'mysql+pymysql://nova:'
- {get_param: NovaPassword}
- '@'
- - {get_param: MysqlVirtualIP}
+ - {get_param: MysqlVirtualIPUri}
- '/nova'
+ nova_api_dsn:
+ list_join:
+ - ''
+ - - 'mysql+pymysql://nova_api:'
+ - {get_param: NovaPassword}
+ - '@'
+ - {get_param: MysqlVirtualIPUri}
+ - '/nova_api'
+ upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
instance_name_template: {get_param: InstanceNameTemplate}
fencing_config: {get_param: FencingConfig}
pcsd_password: {get_param: PcsdPassword}
@@ -1112,7 +1194,9 @@ resources:
rabbit_cookie: {get_param: RabbitCookie}
rabbit_client_use_ssl: {get_param: RabbitClientUseSSL}
rabbit_client_port: {get_param: RabbitClientPort}
+ rabbit_ipv6: {get_param: RabbitIPv6}
mongodb_no_journal: {get_param: MongoDbNoJournal}
+ mongodb_ipv6: {get_param: MongoDbIPv6}
# We need to force this into quotes or hiera will return integer causing
# the puppet module validation regexp to fail.
# Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401
@@ -1140,7 +1224,7 @@ resources:
- - 'mysql://sahara:'
- {get_param: SaharaPassword}
- '@'
- - {get_param: MysqlVirtualIP}
+ - {get_param: MysqlVirtualIPUri}
- '/sahara'
swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]}
swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
@@ -1163,6 +1247,7 @@ resources:
horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]}
redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]}
+ redis_password: {get_param: RedisPassword}
redis_vip: {get_param: RedisVirtualIP}
sahara_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SaharaApiNetwork]}]}
memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
@@ -1203,6 +1288,7 @@ resources:
- cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
- neutron_nuage_data # Optionally provided by ControllerExtraConfigPre
- midonet_data #Optionally provided by AllNodesExtraConfig
+ - neutron_opencontrail_data # Optionally provided by ControllerExtraConfigPre
datafiles:
controller_extraconfig:
mapped_data: {get_param: ControllerExtraConfig}
@@ -1215,7 +1301,7 @@ resources:
mapped_data:
ceph::profile::params::cluster_network: {get_input: ceph_cluster_network}
ceph::profile::params::public_network: {get_input: ceph_public_network}
- ceph::mon::public_addr: {get_input: ceph_public_ip}
+ ceph::profile::params::public_addr: {get_input: ceph_public_ip}
database:
raw_data: {get_file: hieradata/database.yaml}
object:
@@ -1229,6 +1315,7 @@ resources:
enable_fencing: {get_input: enable_fencing}
enable_load_balancer: {get_input: enable_load_balancer}
hacluster_pwd: {get_input: pcsd_password}
+ corosync_ipv6: {get_input: corosync_ipv6}
tripleo::fencing::config: {get_input: fencing_config}
# Swift
@@ -1301,6 +1388,9 @@ resources:
glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype}
glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage}
glance_file_pcmk_options: {get_input: glance_file_pcmk_options}
+ glance::notify::rabbitmq::rabbit_userid: {get_input: rabbit_username}
+ glance::notify::rabbitmq::rabbit_password: {get_input: rabbit_password}
+ glance::notify::rabbitmq::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
# Heat
heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password}
@@ -1325,17 +1415,22 @@ resources:
heat::database_connection: {get_input: heat_dsn}
heat::debug: {get_input: debug}
heat::db::mysql::password: {get_input: heat_password}
+ heat_enable_db_purge: {get_input: heat_enable_db_purge}
+ heat::keystone::domain::domain_password: {get_input: heat_stack_domain_admin_password}
# Keystone
keystone::admin_token: {get_input: admin_token}
+ keystone::roles::admin::password: {get_input: admin_password}
keystone_ca_certificate: {get_input: keystone_ca_certificate}
keystone_signing_key: {get_input: keystone_signing_key}
keystone_signing_certificate: {get_input: keystone_signing_certificate}
keystone_ssl_certificate: {get_input: keystone_ssl_certificate}
keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key}
keystone::database_connection: {get_input: keystone_dsn}
- keystone::public_bind_host: {get_input: keystone_public_api_network}
keystone::admin_bind_host: {get_input: keystone_admin_api_network}
+ keystone::public_bind_host: {get_input: keystone_public_api_network}
+ keystone::wsgi::apache::bind_host: {get_input: keystone_public_api_network}
+ keystone::wsgi::apache::admin_bind_host: {get_input: keystone_admin_api_network}
keystone::debug: {get_input: debug}
keystone::db::mysql::password: {get_input: admin_token}
keystone::rabbit_userid: {get_input: rabbit_username}
@@ -1353,10 +1448,11 @@ resources:
keystone::admin_workers: {get_input: keystone_workers}
keystone::public_workers: {get_input: keystone_workers}
keystone_enable_db_purge: {get_input: keystone_enable_db_purge}
-
+ keystone::public_endpoint: {get_input: keystone_public_url}
# MongoDB
mongodb::server::bind_ip: {get_input: mongo_db_network}
mongodb::server::nojournal: {get_input: mongodb_no_journal}
+ mongodb::server::ipv6: {get_input: mongodb_ipv6}
# MySQL
admin_password: {get_input: admin_password}
enable_galera: {get_input: enable_galera}
@@ -1381,6 +1477,7 @@ resources:
neutron::server::database_connection: {get_input: neutron_dsn}
neutron::server::api_workers: {get_input: neutron_workers}
neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge}
+ neutron::network_device_mtu: {get_input: neutron_tenant_mtu}
neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling}
neutron::agents::ml2::ovs::l2_population: {get_input: neutron_enable_l2pop}
neutron::agents::dhcp::enable_isolated_metadata: {get_input: neutron_enable_isolated_metadata}
@@ -1406,7 +1503,7 @@ resources:
neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges}
neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges}
neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges}
- neutron::agents::ml2::ovs:bridge_mappings: {get_input: neutron_bridge_mappings}
+ neutron::agents::ml2::ovs::bridge_mappings: {get_input: neutron_bridge_mappings}
neutron_public_interface: {get_input: neutron_public_interface}
neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device}
neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route}
@@ -1426,7 +1523,7 @@ resources:
neutron::keystone::auth::password: {get_input: neutron_password }
neutron::keystone::auth::region: {get_input: keystone_region}
neutron::server::notifications::nova_url: {get_input: nova_internal_url}
- neutron::server::notifications::auth_url: {get_input: neutron_admin_auth_url}
+ neutron::server::notifications::auth_url: {get_input: neutron_auth_url}
neutron::server::notifications::tenant_name: 'service'
neutron::server::notifications::project_name: 'service'
neutron::server::notifications::password: {get_input: nova_password}
@@ -1447,6 +1544,7 @@ resources:
ceilometer::agent::auth::auth_password: {get_input: ceilometer_password}
ceilometer::agent::auth::auth_url: {get_input: keystone_auth_uri}
ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url}
+ ceilometer::agent::notification::store_events: {get_input: ceilometer_store_events}
ceilometer::db::mysql::password: {get_input: ceilometer_password}
snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
@@ -1456,7 +1554,9 @@ resources:
nova::rabbit_password: {get_input: rabbit_password}
nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl}
nova::rabbit_port: {get_input: rabbit_client_port}
+ nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
nova::debug: {get_input: debug}
+ nova::use_ipv6: {get_input: nova_ipv6}
nova::api::auth_uri: {get_input: keystone_auth_uri}
nova::api::identity_uri: {get_input: keystone_identity_uri}
nova::api::api_bind_address: {get_input: nova_api_network}
@@ -1465,15 +1565,18 @@ resources:
nova::api::osapi_compute_workers: {get_input: nova_workers}
nova::api::ec2_workers: {get_input: nova_workers}
nova::api::metadata_workers: {get_input: nova_workers}
+ nova::compute::network_device_mtu: {get_input: neutron_tenant_mtu}
nova::database_connection: {get_input: nova_dsn}
+ nova::api_database_connection: {get_input: nova_api_dsn}
nova::glance_api_servers: {get_input: glance_api_servers}
nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
nova::api::instance_name_template: {get_input: instance_name_template}
- nova::network::neutron::neutron_admin_password: {get_input: neutron_password}
+ nova::network::neutron::neutron_password: {get_input: neutron_password}
nova::network::neutron::neutron_url: {get_input: neutron_internal_url}
- nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url}
+ nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url}
nova::vncproxy::host: {get_input: nova_api_network}
nova::db::mysql::password: {get_input: nova_password}
+ nova::db::mysql_api::password: {get_input: nova_password}
nova_enable_db_purge: {get_input: nova_enable_db_purge}
# Horizon
@@ -1513,8 +1616,12 @@ resources:
rabbitmq::file_limit: {get_input: rabbit_fd_limit}
rabbitmq::default_user: {get_input: rabbit_username}
rabbitmq::default_pass: {get_input: rabbit_password}
+ rabbit_ipv6: {get_input: rabbit_ipv6}
# Redis
redis::bind: {get_input: redis_network}
+ redis::requirepass: {get_input: redis_password}
+ redis::masterauth: {get_input: redis_password}
+ redis::sentinel_auth_pass: {get_input: redis_password}
redis_vip: {get_input: redis_vip}
# Firewall
tripleo::firewall::manage_firewall: {get_input: manage_firewall}
@@ -1598,11 +1705,54 @@ outputs:
Server's IP address and hostname in the /etc/hosts format
value:
str_replace:
- template: IP HOST.DOMAIN HOST
+ template: |
+ PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
+ EXTERNALIP EXTERNALHOST
+ INTERNAL_APIIP INTERNAL_APIHOST
+ STORAGEIP STORAGEHOST
+ STORAGE_MGMTIP STORAGE_MGMTHOST
+ TENANTIP TENANTHOST
+ MANAGEMENTIP MANAGEMENTHOST
params:
- IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
+ PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
- HOST: {get_attr: [Controller, name]}
+ PRIMARYHOST: {get_attr: [Controller, name]}
+ EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
+ EXTERNALHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [Controller, name]}
+ - external
+ INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
+ INTERNAL_APIHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [Controller, name]}
+ - internalapi
+ STORAGEIP: {get_attr: [StoragePort, ip_address]}
+ STORAGEHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [Controller, name]}
+ - storage
+ STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
+ STORAGE_MGMTHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [Controller, name]}
+ - storagemgmt
+ TENANTIP: {get_attr: [TenantPort, ip_address]}
+ TENANTHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [Controller, name]}
+ - tenant
+ MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
+ MANAGEMENTHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [Controller, name]}
+ - management
nova_server_resource:
description: Heat resource handle for the Nova compute server
value:
@@ -1613,14 +1763,14 @@ outputs:
str_replace:
template: 'r1z1-IP:%PORT%/d1'
params:
- IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
+ IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
swift_proxy_memcache:
description: Swift proxy-memcache value
value:
str_replace:
template: "IP:11211"
params:
- IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
+ IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]}
config_identifier:
description: identifier which changes if the controller configuration may need re-applying
value:
diff --git a/puppet/deploy-artifacts.sh b/puppet/deploy-artifacts.sh
new file mode 100644
index 00000000..22fde9a7
--- /dev/null
+++ b/puppet/deploy-artifacts.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+TMP_DATA=$(mktemp -d)
+function cleanup {
+ rm -Rf "$TMP_DATA"
+}
+trap cleanup EXIT
+
+if [ -n "$artifact_urls" ]; then
+ for URL in $(echo $artifact_urls | sed -e "s| |\n|g" | sort -u); do
+ curl -o $TMP_DATA/file_data "$artifact_urls"
+ if file -b $TMP_DATA/file_data | grep RPM &>/dev/null; then
+ yum install -y $TMP_DATA/file_data
+ elif file -b $TMP_DATA/file_data | grep 'gzip compressed data' &>/dev/null; then
+ pushd /
+ tar xvzf $TMP_DATA/file_data
+ popd
+ else
+ echo "ERROR: Unsupported file format."
+ exit 1
+ fi
+ rm $TMP_DATA/file_data
+ done
+else
+ echo "No artifact_urls was set. Skipping..."
+fi
diff --git a/puppet/deploy-artifacts.yaml b/puppet/deploy-artifacts.yaml
new file mode 100644
index 00000000..17f84163
--- /dev/null
+++ b/puppet/deploy-artifacts.yaml
@@ -0,0 +1,32 @@
+heat_template_version: 2015-04-30
+
+description: >
+ Software Config to install deployment artifacts (tarball's and/or
+ distribution packages) via HTTP URLs. The contents of the URL's can
+ be tarballs or distribution packages (RPMs). If a tarball URL is supplied
+ it is extracted onto the target node during deployment. If a package is
+ deployed it is installed from the supplied URL. Note, you need the
+ heat-config-script element built into your images, due to the script group
+ below.
+
+parameters:
+ DeployArtifactURLs:
+ default: []
+ description: A list of HTTP URLs containing deployment artifacts.
+ Currently supports tarballs and RPM packages.
+ type: comma_delimited_list
+
+resources:
+ DeployArtifacts:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ inputs:
+ - name: artifact_urls
+ default: {list_join: [' ', {get_param: DeployArtifactURLs}]}
+ config: {get_file: ./deploy-artifacts.sh}
+
+outputs:
+ OS::stack_id:
+ description: The ID of the DeployArtifacts resource.
+ value: {get_resource: DeployArtifacts}
diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
index 655fd0f2..71445800 100644
--- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
+++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml
@@ -65,11 +65,18 @@ parameters:
default: false
NetworkNexusSwitchHeartbeatTime:
type: number
- description: Time interval to check the state of the Nexus device
+ description: >
+ Time interval to check the state of the Nexus device. The units of this
+ object are seconds. Setting this object to a value of 0 disables the
+ replay feature.
default: 0
NetworkNexusSwitchReplayCount:
type: number
- description: Number of times to attempt config replay
+ description: >
+ This configuration item is OBSOLETE. The Nexus driver replay behavior
+ is to continue to attempt to connect to the down Nexus device with a
+ period equal to the heartbeat time interval. This was previously the
+ Number of times to attempt config replay.
default: 3
NetworkNexusProviderVlanAutoCreate:
type: boolean
diff --git a/puppet/extraconfig/ceph/ceph-external-config.yaml b/puppet/extraconfig/ceph/ceph-external-config.yaml
index 7cefc24b..312d49a0 100644
--- a/puppet/extraconfig/ceph/ceph-external-config.yaml
+++ b/puppet/extraconfig/ceph/ceph-external-config.yaml
@@ -41,6 +41,9 @@ parameters:
CephClientUserName:
default: openstack
type: string
+ CephIPv6:
+ default: False
+ type: boolean
resources:
CephClusterConfigImpl:
@@ -54,7 +57,9 @@ resources:
mapped_data:
ceph_storage_count: {get_param: ceph_storage_count}
enable_external_ceph: true
- ceph::profile::params::mon_host: {get_param: ceph_external_mon_ips}
+ ceph_ipv6: {get_param: CephIPv6}
+ ceph_mon_host: {get_param: ceph_external_mon_ips}
+ ceph_mon_host_v6: {get_param: ceph_external_mon_ips}
ceph::profile::params::fsid: {get_param: ceph_fsid}
ceph::profile::params::client_keys:
str_replace:
@@ -72,11 +77,12 @@ resources:
NOVA_POOL: {get_param: NovaRbdPoolName}
CINDER_POOL: {get_param: CinderRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
+ ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6}
nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName}
cinder_rbd_pool_name: {get_param: CinderRbdPoolName}
glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName}
- glance::backend::rbd::rbd_store_pool: {get_param: CephClientUserName}
+ glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
nova::compute::rbd::rbd_keyring:
list_join:
- '.'
diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml
new file mode 100644
index 00000000..49c77190
--- /dev/null
+++ b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml
@@ -0,0 +1,45 @@
+heat_template_version: 2015-04-30
+
+description: Configure hieradata for Big Switch agents on compute node
+
+parameters:
+ server:
+ description: ID of the controller node to apply this config to
+ type: string
+ NeutronBigswitchAgentEnabled:
+ description: The state of the neutron-bsn-agent service.
+ type: boolean
+ default: false
+ NeutronBigswitchLLDPEnabled:
+ description: The state of the neutron-bsn-lldp service.
+ type: boolean
+ default: true
+
+
+resources:
+ NeutronBigswitchConfig:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ hiera:
+ datafiles:
+ neutron_bigswitch_data:
+ mapped_data:
+ neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent}
+ neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp}
+
+ NeutronBigswitchDeployment:
+ type: OS::Heat::StructuredDeployment
+ properties:
+ name: NeutronBigswitchDeployment
+ config: {get_resource: NeutronBigswitchConfig}
+ server: {get_param: server}
+ input_values:
+ neutron_enable_bigswitch_agent: {get_param: NeutronBigswitchAgentEnabled}
+ neutron_enable_bigswitch_lldp: {get_param: NeutronBigswitchLLDPEnabled}
+
+outputs:
+ deploy_stdout:
+ description: Deployment reference, used to trigger puppet apply on changes
+ value: {get_attr: [NeutronBigswitchDeployment, deploy_stdout]}
diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml
new file mode 100644
index 00000000..e496553a
--- /dev/null
+++ b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml
@@ -0,0 +1,47 @@
+heat_template_version: 2015-04-30
+
+description: Compute node hieradata for Neutron OpenContrail configuration
+
+parameters:
+ server:
+ description: ID of the compute node to apply this config to
+ type: string
+ ContrailApiServerIp:
+ description: IP address of the OpenContrail API server
+ type: string
+ ContrailApiServerPort:
+ description: Port of the OpenContrail API
+ type: string
+ default: 8082
+
+resources:
+ ComputeContrailConfig:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ hiera:
+ datafiles:
+ neutron_opencontrail_data:
+ mapped_data:
+ nova::network::neutron::network_api_class: nova.network.neutronv2.api.API
+
+ contrail::vrouter::provision_vrouter::api_address: {get_input: contrail_api_server_ip}
+ contrail::vrouter::provision_vrouter::api_port: {get_input: contrail_api_server_port}
+ contrail::vrouter::provision_vrouter::keystone_admin_user: admin
+ contrail::vrouter::provision_vrouter::keystone_admin_tenant_name: admin
+ contrail::vrouter::provision_vrouter::keystone_admin_password: '"%{::admin_password}"'
+
+ ComputeContrailDeployment:
+ type: OS::Heat::StructuredDeployment
+ properties:
+ config: {get_resource: ComputeContrailConfig}
+ server: {get_param: server}
+ input_values:
+ contrail_api_server_ip: {get_param: ContrailApiServerIp}
+ contrail_api_server_port: {get_param: ContrailApiServerPort}
+
+outputs:
+ deploy_stdout:
+ description: Output of the extra hiera data deployment
+ value: {get_attr: [ComputeContrailDeployment, deploy_stdout]}
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
index 905f196d..9b6981bb 100644
--- a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-11-12
+heat_template_version: 2015-10-15
description: Configure hieradata for Cinder Dell Storage Center configuration
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
index c73608f1..36db334e 100644
--- a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml
@@ -1,4 +1,4 @@
-heat_template_version: 2015-11-06
+heat_template_version: 2015-10-15
description: Configure hieradata for Cinder Eqlx configuration
diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml
index 1e652960..467f57cc 100644
--- a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml
+++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml
@@ -44,7 +44,6 @@ resources:
datafiles:
neutron_bigswitch_data:
mapped_data:
- neutron_enable_bigswitch_ml2: true
neutron::plugins::ml2::bigswitch::restproxy::servers: {get_input: restproxy_servers}
neutron::plugins::ml2::bigswitch::restproxy::server_auth: {get_input: restproxy_server_auth}
neutron::plugins::ml2::bigswitch::restproxy::auto_sync_on_failure: {get_input: restproxy_auto_sync_on_failure}
diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml
new file mode 100644
index 00000000..5c686fe7
--- /dev/null
+++ b/puppet/extraconfig/pre_deploy/controller/neutron-opencontrail.yaml
@@ -0,0 +1,62 @@
+heat_template_version: 2015-04-30
+
+description: Controller hieradata for Neutron OpenContrail configuration
+
+parameters:
+ server:
+ description: ID of the controller node to apply this config to
+ type: string
+ ContrailApiServerIp:
+ description: IP address of the OpenContrail API server
+ type: string
+ ContrailApiServerPort:
+ description: Port of the OpenContrail API
+ type: string
+ default: 8082
+ ContrailMultiTenancy:
+ description: Whether to enable multi tenancy
+ type: boolean
+ default: false
+ ContrailExtensions:
+ description: List of OpenContrail extensions to be enabled
+ type: comma_delimited_list
+ default: ''
+
+resources:
+ ControllerContrailConfig:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ hiera:
+ datafiles:
+ neutron_opencontrail_data:
+ mapped_data:
+ neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions
+
+ neutron::plugins::opencontrail::api_server_ip: {get_input: contrail_api_server_ip}
+ neutron::plugins::opencontrail::api_server_port: {get_input: contrail_api_server_port}
+ neutron::plugins::opencontrail::multi_tenancy: {get_input: contrail_multi_tenancy}
+ neutron::plugins::opencontrail::contrail_extensions: {get_input: contrail_extensions}
+ neutron::plugins::opencontrail::keystone_auth_url: '"%{hiera(''keystone_auth_uri'')}"'
+ neutron::plugins::opencontrail::keystone_admin_user: admin
+ neutron::plugins::opencontrail::keystone_admin_tenant_name: admin
+ neutron::plugins::opencontrail::keystone_admin_password: '"%{hiera(''admin_password'')}"'
+ neutron::plugins::opencontrail::keystone_admin_token: '"%{hiera(''keystone::admin_token'')}"'
+
+ ControllerContrailDeployment:
+ type: OS::Heat::StructuredDeployment
+ properties:
+ config: {get_resource: ControllerContrailConfig}
+ server: {get_param: server}
+ input_values:
+ contrail_api_server_ip: {get_param: ContrailApiServerIp}
+ contrail_api_server_port: {get_param: ContrailApiServerPort}
+ contrail_multi_tenancy: {get_param: ContrailMultiTenancy}
+ contrail_extensions: {get_param: ContrailExtensions}
+
+
+outputs:
+ deploy_stdout:
+ description: Output of the extra hiera data deployment
+ value: {get_attr: [ControllerContrailDeployment, deploy_stdout]}
diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml
index 5a36e951..f955034d 100644
--- a/puppet/extraconfig/tls/ca-inject.yaml
+++ b/puppet/extraconfig/tls/ca-inject.yaml
@@ -4,7 +4,7 @@ description: >
This is a template which will inject the trusted anchor.
parameters:
- # Can be overriden via parameter_defaults in the environment
+ # Can be overridden via parameter_defaults in the environment
SSLRootCertificate:
description: >
The content of a CA's SSL certificate file in PEM format.
@@ -45,7 +45,7 @@ resources:
cat > ${cacert_path} << EOF
${cacert_content}
EOF
- chmod 0440 ${cacert_path}
+ chmod 0444 ${cacert_path}
chown root:root ${cacert_path}
${update_anchor_command}
md5sum ${cacert_path} > ${heat_outputs_path}.root_cert_md5sum
diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml
index 20bb3737..77b11378 100644
--- a/puppet/extraconfig/tls/tls-cert-inject.yaml
+++ b/puppet/extraconfig/tls/tls-cert-inject.yaml
@@ -5,7 +5,7 @@ description: >
for the load balancer using the given parameters.
parameters:
- # Can be overriden via parameter_defaults in the environment
+ # Can be overridden via parameter_defaults in the environment
SSLCertificate:
description: >
The content of the SSL certificate (without Key) in PEM format.
@@ -21,7 +21,7 @@ parameters:
type: string
hidden: true
- # Can be overriden by parameter_defaults if the user wants to try deploying
+ # Can be overridden by parameter_defaults if the user wants to try deploying
# this in a distro that doesn't support this path.
DeployedSSLCertificatePath:
default: '/etc/pki/tls/private/overcloud_endpoint.pem'
diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml
index b4b51abf..98cec364 100644
--- a/puppet/hieradata/common.yaml
+++ b/puppet/hieradata/common.yaml
@@ -3,17 +3,18 @@ ssh::server::storeconfigs_enabled: false
# ceilometer settings used by compute and controller ceilo auth settings
ceilometer::agent::auth::auth_region: 'regionOne'
-# FIXME: Might be better to use 'service' tenant here but this requires
-# changes in the tripleo-incubator keystone role setup
-ceilometer::agent::auth::auth_tenant_name: 'admin'
+ceilometer::agent::auth::auth_tenant_name: 'service'
nova::api::admin_tenant_name: 'service'
-nova::network::neutron::neutron_admin_tenant_name: 'service'
-nova::network::neutron::neutron_admin_username: 'neutron'
+nova::network::neutron::neutron_project_name: 'service'
+nova::network::neutron::neutron_username: 'neutron'
nova::network::neutron::dhcp_domain: ''
neutron::allow_overlapping_ips: true
+kernel_modules:
+ nf_conntrack: {}
+
sysctl_settings:
net.ipv4.tcp_keepalive_intvl:
value: 1
@@ -21,6 +22,17 @@ sysctl_settings:
value: 5
net.ipv4.tcp_keepalive_time:
value: 5
+ net.nf_conntrack_max:
+ value: 500000
+ net.netfilter.nf_conntrack_max:
+ value: 500000
+ # prevent neutron bridges from autoconfiguring ipv6 addresses
+ net.ipv6.conf.default.accept_ra:
+ value: 0
+ net.ipv6.conf.default.autoconf:
+ value: 0
+ net.core.netdev_max_backlog:
+ value: 10000
nova::rabbit_heartbeat_timeout_threshold: 60
neutron::rabbit_heartbeat_timeout_threshold: 60
diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml
index fa8dcc81..865210c9 100644
--- a/puppet/hieradata/compute.yaml
+++ b/puppet/hieradata/compute.yaml
@@ -1,13 +1,12 @@
# Hiera data here applies to all compute nodes
nova::notify_on_state_change: 'vm_and_task_state'
-
+nova::notification_driver: messagingv2
nova::compute::enabled: true
nova::compute::instance_usage_audit: true
nova::compute::instance_usage_audit_period: 'hour'
nova::compute::vnc_enabled: true
-nova::compute::libvirt::vncserver_listen: '0.0.0.0'
nova::compute::libvirt::migration_support: true
nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}"
diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml
index 06be40e4..288d224f 100644
--- a/puppet/hieradata/controller.yaml
+++ b/puppet/hieradata/controller.yaml
@@ -1,4 +1,5 @@
# Hiera data here applies to all controller nodes
+
nova::api::enabled: true
nova::conductor::enabled: true
nova::consoleauth::enabled: true
@@ -29,6 +30,9 @@ redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
+# keystone
+keystone::roles::admin::email: 'root@localhost'
+
# service tenant
glance::api::keystone_tenant: 'service'
glance::registry::keystone_tenant: 'service'
@@ -52,6 +56,8 @@ keystone::config::keystone_config:
value: 'HTTP_X_FORWARDED_PROTO'
ec2/driver:
value: 'keystone.contrib.ec2.backends.sql.Ec2'
+keystone::service_name: 'httpd'
+keystone::wsgi::apache::ssl: false
#swift
swift::proxy::pipeline:
@@ -85,9 +91,11 @@ neutron::agents::dhcp::dnsmasq_config_file: /etc/neutron/dnsmasq-neutron.conf
nova::notify_on_state_change: 'vm_and_task_state'
nova::api::default_floating_pool: 'public'
nova::api::osapi_v3: true
+nova::api::sync_db_api: true
nova::scheduler::filter::ram_allocation_ratio: '1.0'
nova::cron::archive_deleted_rows::hour: '*/12'
nova::cron::archive_deleted_rows::destination: '/dev/null'
+nova::notification_driver: messaging
# ceilometer
ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
@@ -95,11 +103,20 @@ ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
# cinder
cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler
cinder::cron::db_purge::destination: '/dev/null'
+cinder::host: hostgroup
+cinder_user_enabled_backends: []
# heat
heat::engine::configure_delegated_roles: false
heat::engine::trusts_delegated_roles: []
heat::instance_user: ''
+heat::cron::purge_deleted::age: 30
+heat::cron::purge_deleted::age_type: 'days'
+heat::cron::purge_deleted::maxdelay: 3600
+heat::cron::purge_deleted::destination: '/dev/null'
+heat::keystone::domain::domain_name: 'heat_stack'
+heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
+heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost'
# pacemaker
pacemaker::corosync::cluster_name: 'tripleo_cluster'
diff --git a/puppet/hieradata/database.yaml b/puppet/hieradata/database.yaml
index 89577505..61714691 100644
--- a/puppet/hieradata/database.yaml
+++ b/puppet/hieradata/database.yaml
@@ -6,6 +6,13 @@ nova::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
+nova::db::mysql_api::user: nova_api
+nova::db::mysql_api::host: "%{hiera('mysql_virtual_ip')}"
+nova::db::mysql_api::dbname: nova_api
+nova::db::mysql_api::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+
# Glance
glance::db::mysql::user: glance
glance::db::mysql::host: "%{hiera('mysql_virtual_ip')}"
diff --git a/puppet/hieradata/volume.yaml b/puppet/hieradata/volume.yaml
index f4cd78a9..8640c0a7 100644
--- a/puppet/hieradata/volume.yaml
+++ b/puppet/hieradata/volume.yaml
@@ -9,4 +9,6 @@ cinder::config::cinder_config:
DEFAULT/swift_catalog_info:
value: 'object-store:swift:internalURL'
+cinder_user_enabled_backends: []
+
volume_classes: [] \ No newline at end of file
diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp
index 1d801adc..fd7faff1 100644
--- a/puppet/manifests/overcloud_cephstorage.pp
+++ b/puppet/manifests/overcloud_cephstorage.pp
@@ -16,7 +16,9 @@
include ::tripleo::packages
include ::tripleo::firewall
+create_resources(kmod::load, hiera('kernel_modules'), {})
create_resources(sysctl::value, hiera('sysctl_settings'), {})
+Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
if count(hiera('ntp::servers')) > 0 {
include ::ntp
@@ -38,6 +40,14 @@ if str2bool(hiera('ceph_osd_selinux_permissive', true)) {
} -> Class['ceph::profile::osd']
}
+if str2bool(hiera('ceph_ipv6', false)) {
+ $mon_host = hiera('ceph_mon_host_v6')
+} else {
+ $mon_host = hiera('ceph_mon_host')
+}
+class { '::ceph::profile::params':
+ mon_host => $mon_host,
+}
include ::ceph::conf
include ::ceph::profile::client
include ::ceph::profile::osd
diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp
index 4b0f98e4..b7f65f53 100644
--- a/puppet/manifests/overcloud_compute.pp
+++ b/puppet/manifests/overcloud_compute.pp
@@ -16,7 +16,9 @@
include ::tripleo::packages
include ::tripleo::firewall
+create_resources(kmod::load, hiera('kernel_modules'), {})
create_resources(sysctl::value, hiera('sysctl_settings'), {})
+Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
if count(hiera('ntp::servers')) > 0 {
include ::ntp
@@ -51,14 +53,17 @@ include ::nova
include ::nova::config
include ::nova::compute
-nova_config {
- 'DEFAULT/my_ip': value => $ipaddress;
- 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver';
-}
-
$rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false)
$rbd_persistent_storage = hiera('rbd_persistent_storage', false)
if $rbd_ephemeral_storage or $rbd_persistent_storage {
+ if str2bool(hiera('ceph_ipv6', false)) {
+ $mon_host = hiera('ceph_mon_host_v6')
+ } else {
+ $mon_host = hiera('ceph_mon_host')
+ }
+ class { '::ceph::profile::params':
+ mon_host => $mon_host,
+ }
include ::ceph::conf
include ::ceph::profile::client
@@ -80,7 +85,42 @@ if hiera('cinder_enable_nfs_backend', false) {
package {'nfs-utils': } -> Service['nova-compute']
}
-include ::nova::compute::libvirt
+if str2bool(hiera('nova::use_ipv6', false)) {
+ $vncserver_listen = '::0'
+} else {
+ $vncserver_listen = '0.0.0.0'
+}
+class { '::nova::compute::libvirt' :
+ vncserver_listen => $vncserver_listen,
+}
+
+# TUNNELLED mode provides a security enhancement when using shared storage but is not
+# supported when not using shared storage.
+# See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12
+if $rbd_ephemeral_storage {
+ $block_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED, VIR_MIGRATE_NON_SHARED_INC'
+ $live_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED'
+} else {
+ $block_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_NON_SHARED_INC'
+ $live_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE'
+}
+
+nova_config {
+ 'DEFAULT/my_ip': value => $ipaddress;
+ 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver';
+ 'DEFAULT/host': value => $fqdn;
+ # In future versions of Nova, the live/block migration flags will be deprecated [1].
+ # Tunnelling (encryption) will be handled via a single _new_ Nova
+ # config attribute 'live_migration_tunnelled'[2], thus
+ # avoiding users to have to supply libvirt flags.
+ # In future versions of QEMU (2.6, mostly), Dan's native encryption
+ # work will obsolete the need to use TUNNELLED transport mode.
+ # [1] https://review.openstack.org/#/c/263436/
+ # [2] https://review.openstack.org/#/c/263434/
+ 'libvirt/block_migration_flag': value => $block_migration_flag;
+ 'libvirt/live_migration_flag': value => $live_migration_flag;
+}
+
if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
file {'/etc/libvirt/qemu.conf':
ensure => present,
@@ -118,6 +158,15 @@ elsif hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV
cassandra_seeds => $cassandra_node_ips
}
}
+elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' {
+
+ include ::contrail::vrouter
+ # NOTE: it's not possible to use this class without a functional
+ # contrail controller up and running
+ #class {'::contrail::vrouter::provision_vrouter':
+ # require => Class['contrail::vrouter'],
+ #}
+}
else {
include ::neutron::plugins::ml2
@@ -129,8 +178,15 @@ else {
n1kv_version => hiera('n1kv_vem_version', undef),
}
}
+
+ if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') {
+ include ::neutron::agents::bigswitch
+ }
}
+neutron_config {
+ 'DEFAULT/host': value => $fqdn;
+}
include ::ceilometer
include ::ceilometer::config
@@ -144,7 +200,7 @@ snmp::snmpv3_user { $snmpd_user:
}
class { '::snmp':
agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
+ snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
hiera_include('compute_classes')
diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp
index 38676b9d..5556a40c 100644
--- a/puppet/manifests/overcloud_controller.pp
+++ b/puppet/manifests/overcloud_controller.pp
@@ -20,7 +20,9 @@ $enable_load_balancer = hiera('enable_load_balancer', true)
if hiera('step') >= 1 {
+ create_resources(kmod::load, hiera('kernel_modules'), {})
create_resources(sysctl::value, hiera('sysctl_settings'), {})
+ Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
$controller_node_ips = split(hiera('controller_node_ips'), ',')
@@ -46,14 +48,24 @@ if hiera('step') >= 2 {
include ::mongodb::globals
include ::mongodb::client
include ::mongodb::server
- $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017')
+ # NOTE(gfidente): We need to pass the list of IPv6 addresses *with* port and
+ # without the brackets as 'members' argument for the 'mongodb_replset'
+ # resource.
+ if str2bool(hiera('mongodb::server::ipv6', false)) {
+ $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[')
+ $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017')
+ $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017')
+ } else {
+ $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017')
+ $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017')
+ }
$mongo_node_string = join($mongo_node_ips_with_port, ',')
$mongodb_replset = hiera('mongodb::server::replset')
$ceilometer_mongodb_conn_string = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}"
if downcase(hiera('bootstrap_nodeid')) == $::hostname {
mongodb_replset { $mongodb_replset :
- members => $mongo_node_ips_with_port,
+ members => $mongo_node_ips_with_port_nobr,
}
}
}
@@ -83,11 +95,15 @@ if hiera('step') >= 2 {
$mysql_config_file = '/etc/my.cnf.d/server.cnf'
}
# TODO Galara
+ # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we
+ # set bind-address to a hostname instead of an ip address; to move Mysql
+ # from internal_api on another network we'll have to customize both
+ # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap
class { '::mysql::server':
config_file => $mysql_config_file,
override_options => {
'mysqld' => {
- 'bind-address' => hiera('mysql_bind_host'),
+ 'bind-address' => $::hostname,
'max_connections' => hiera('mysql_max_connections'),
'open_files_limit' => '-1',
},
@@ -100,6 +116,7 @@ if hiera('step') >= 2 {
include ::keystone::db::mysql
include ::glance::db::mysql
include ::nova::db::mysql
+ include ::nova::db::mysql_api
include ::neutron::db::mysql
include ::cinder::db::mysql
include ::heat::db::mysql
@@ -110,13 +127,23 @@ if hiera('step') >= 2 {
$rabbit_nodes = hiera('rabbit_node_ips')
if count($rabbit_nodes) > 1 {
+
+ $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false))
+ if $rabbit_ipv6 {
+ $rabbit_env = merge(hiera('rabbitmq_environment'), {
+ 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"'
+ })
+ } else {
+ $rabbit_env = hiera('rabbitmq_environment')
+ }
+
class { '::rabbitmq':
config_cluster => true,
cluster_nodes => $rabbit_nodes,
tcp_keepalive => false,
config_kernel_variables => hiera('rabbitmq_kernel_variables'),
config_variables => hiera('rabbitmq_config_variables'),
- environment_variables => hiera('rabbitmq_environment'),
+ environment_variables => $rabbit_env,
}
rabbitmq_policy { 'ha-all@/':
pattern => '^(?!amq\.).*',
@@ -134,8 +161,15 @@ if hiera('step') >= 2 {
$enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false)
if $enable_ceph {
+ $mon_initial_members = downcase(hiera('ceph_mon_initial_members'))
+ if str2bool(hiera('ceph_ipv6', false)) {
+ $mon_host = hiera('ceph_mon_host_v6')
+ } else {
+ $mon_host = hiera('ceph_mon_host')
+ }
class { '::ceph::profile::params':
- mon_initial_members => downcase(hiera('ceph_mon_initial_members')),
+ mon_initial_members => $mon_initial_members,
+ mon_host => $mon_host,
}
include ::ceph::conf
include ::ceph::profile::mon
@@ -161,6 +195,14 @@ if hiera('step') >= 2 {
}
if str2bool(hiera('enable_external_ceph', false)) {
+ if str2bool(hiera('ceph_ipv6', false)) {
+ $mon_host = hiera('ceph_mon_host_v6')
+ } else {
+ $mon_host = hiera('ceph_mon_host')
+ }
+ class { '::ceph::profile::params':
+ mon_host => $mon_host,
+ }
include ::ceph::conf
include ::ceph::profile::client
}
@@ -173,6 +215,7 @@ if hiera('step') >= 3 {
include ::keystone::config
include ::keystone::roles::admin
include ::keystone::endpoint
+ include ::keystone::wsgi::apache
#TODO: need a cleanup-keystone-tokens.sh solution here
@@ -214,13 +257,14 @@ if hiera('step') >= 3 {
$http_store = ['glance.store.http.Store']
$glance_store = concat($http_store, $backend_store)
- # TODO: notifications, scrubber, etc.
+ # TODO: scrubber and other additional optional features
include ::glance
include ::glance::config
class { '::glance::api':
known_stores => $glance_store,
}
include ::glance::registry
+ include ::glance::notify::rabbitmq
include join(['::glance::backend::', $glance_backend])
class { '::nova' :
@@ -292,11 +336,13 @@ if hiera('step') >= 3 {
include ::neutron::server
include ::neutron::server::notifications
- # If the value of core plugin is set to 'nuage',
- # include nuage core plugin, and it does not
+ # If the value of core plugin is set to 'nuage' or 'opencontrail',
+ # include nuage or opencontrail core plugins, and it does not
# need the l3, dhcp and metadata agents
if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' {
include ::neutron::plugins::nuage
+ } elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' {
+ include ::neutron::plugins::opencontrail
} else {
include ::neutron::agents::l3
include ::neutron::agents::dhcp
@@ -347,8 +393,9 @@ if hiera('step') >= 3 {
include ::neutron::plugins::ml2::cisco::type_nexus_vxlan
}
- if hiera('neutron_enable_bigswitch_ml2', false) {
+ if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') {
include ::neutron::plugins::ml2::bigswitch::restproxy
+ include ::neutron::agents::bigswitch
}
neutron_l3_agent_config {
'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false);
@@ -366,10 +413,12 @@ if hiera('step') >= 3 {
include ::cinder
include ::cinder::config
+ include ::tripleo::ssl::cinder_config
include ::cinder::api
include ::cinder::glance
include ::cinder::scheduler
include ::cinder::volume
+ include ::cinder::ceilometer
class { '::cinder::setup_test_volume':
size => join([hiera('cinder_lvm_loop_device_size'), 'M']),
}
@@ -413,10 +462,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_eqlx_backend', false) {
$cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name')
- cinder_config {
- "${cinder_eqlx_backend}/host": value => 'hostgroup';
- }
-
cinder::backend::eqlx { $cinder_eqlx_backend :
volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef),
san_ip => hiera('cinder::backend::eqlx::san_ip', undef),
@@ -424,7 +469,7 @@ if hiera('step') >= 3 {
san_password => hiera('cinder::backend::eqlx::san_password', undef),
san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef),
eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef),
- eqlx_pool => hiera('cinder::backend::eqlx::eqlx_lpool', undef),
+ eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef),
eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef),
eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef),
eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef),
@@ -434,10 +479,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_dellsc_backend', false) {
$cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name')
- cinder_config {
- "${cinder_dellsc_backend}/host": value => 'hostgroup';
- }
-
cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend :
volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef),
san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef),
@@ -446,7 +487,7 @@ if hiera('step') >= 3 {
dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef),
iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef),
iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef),
- dell_sc_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_port', undef),
+ dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef),
dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef),
dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef),
}
@@ -455,10 +496,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_netapp_backend', false) {
$cinder_netapp_backend = hiera('cinder::backend::netapp::title')
- cinder_config {
- "${cinder_netapp_backend}/host": value => 'hostgroup';
- }
-
if hiera('cinder::backend::netapp::nfs_shares', undef) {
$cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',')
}
@@ -507,7 +544,7 @@ if hiera('step') >= 3 {
$cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend])
class { '::cinder::backends' :
- enabled_backends => $cinder_enabled_backends,
+ enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')),
}
# swift proxy
@@ -567,7 +604,9 @@ if hiera('step') >= 3 {
Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" }
# Heat
- include ::heat
+ class { '::heat' :
+ notification_driver => 'messaging',
+ }
include ::heat::config
include ::heat::api
include ::heat::api_cfn
@@ -599,7 +638,7 @@ if hiera('step') >= 3 {
}
class { '::snmp':
agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
+ snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
hiera_include('controller_classes')
@@ -610,6 +649,7 @@ if hiera('step') >= 4 {
$keystone_enable_db_purge = hiera('keystone_enable_db_purge', true)
$nova_enable_db_purge = hiera('nova_enable_db_purge', true)
$cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
+ $heat_enable_db_purge = hiera('heat_enable_db_purge', true)
if $keystone_enable_db_purge {
include ::keystone::cron::token_flush
@@ -620,6 +660,26 @@ if hiera('step') >= 4 {
if $cinder_enable_db_purge {
include ::cinder::cron::db_purge
}
+ if $heat_enable_db_purge {
+ include ::heat::cron::purge_deleted
+ }
+
+ if downcase(hiera('bootstrap_nodeid')) == $::hostname {
+ include ::keystone::roles::admin
+ # Class ::heat::keystone::domain has to run on bootstrap node
+ # because it creates DB entities via API calls.
+ include ::heat::keystone::domain
+
+ Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain']
+ } else {
+ # On non-bootstrap node we don't need to create Keystone resources again
+ class { '::heat::keystone::domain':
+ manage_domain => false,
+ manage_user => false,
+ manage_role => false,
+ }
+ }
+
} #END STEP 4
$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')])
diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp
index 7d5612fe..db3d8652 100644
--- a/puppet/manifests/overcloud_controller_pacemaker.pp
+++ b/puppet/manifests/overcloud_controller_pacemaker.pp
@@ -34,12 +34,14 @@ $enable_load_balancer = hiera('enable_load_balancer', true)
# When to start and enable services which haven't been Pacemakerized
# FIXME: remove when we start all OpenStack services using Pacemaker
-# (occurences of this variable will be gradually replaced with false)
+# (occurrences of this variable will be gradually replaced with false)
$non_pcmk_start = hiera('step') >= 4
if hiera('step') >= 1 {
+ create_resources(kmod::load, hiera('kernel_modules'), {})
create_resources(sysctl::value, hiera('sysctl_settings'), {})
+ Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
include ::timezone
@@ -60,6 +62,12 @@ if hiera('step') >= 1 {
}
$pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G'))
+ $corosync_ipv6 = str2bool(hiera('corosync_ipv6', false))
+ if $corosync_ipv6 {
+ $cluster_setup_extras = { '--ipv6' => '' }
+ } else {
+ $cluster_setup_extras = {}
+ }
user { 'hacluster':
ensure => present,
} ->
@@ -67,8 +75,9 @@ if hiera('step') >= 1 {
hacluster_pwd => hiera('hacluster_pwd'),
} ->
class { '::pacemaker::corosync':
- cluster_members => $pacemaker_cluster_members,
- setup_cluster => $pacemaker_master,
+ cluster_members => $pacemaker_cluster_members,
+ setup_cluster => $pacemaker_master,
+ cluster_setup_extras => $cluster_setup_extras,
}
class { '::pacemaker::stonith':
disable => !$enable_fencing,
@@ -91,12 +100,21 @@ if hiera('step') >= 1 {
# avoid races where non-master nodes attempt to start without
# config (eg. binding on 0.0.0.0)
# The module ignores erlang_cookie if cluster_config is false
+ $rabbit_ipv6 = str2bool(hiera('rabbit_ipv6', false))
+ if $rabbit_ipv6 {
+ $rabbit_env = merge(hiera('rabbitmq_environment'), {
+ 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"'
+ })
+ } else {
+ $rabbit_env = hiera('rabbitmq_environment')
+ }
+
class { '::rabbitmq':
service_manage => false,
tcp_keepalive => false,
config_kernel_variables => hiera('rabbitmq_kernel_variables'),
config_variables => hiera('rabbitmq_config_variables'),
- environment_variables => hiera('rabbitmq_environment'),
+ environment_variables => $rabbit_env,
} ->
file { '/var/lib/rabbitmq/.erlang.cookie':
ensure => file,
@@ -135,6 +153,11 @@ if hiera('step') >= 1 {
$galera_nodes = downcase(hiera('galera_node_names', $::hostname))
$galera_nodes_count = count(split($galera_nodes, ','))
+ # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we
+ # set bind-address to a hostname instead of an ip address; to move Mysql
+ # from internal_api on another network we'll have to customize both
+ # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap
+ $mysql_bind_host = hiera('mysql_bind_host')
$mysqld_options = {
'mysqld' => {
'skip-name-resolve' => '1',
@@ -144,7 +167,7 @@ if hiera('step') >= 1 {
'innodb_locks_unsafe_for_binlog'=> '1',
'query_cache_size' => '0',
'query_cache_type' => '0',
- 'bind-address' => hiera('mysql_bind_host'),
+ 'bind-address' => $::hostname,
'max_connections' => hiera('mysql_max_connections'),
'open_files_limit' => '-1',
'wsrep_provider' => '/usr/lib64/galera/libgalera_smm.so',
@@ -160,6 +183,7 @@ if hiera('step') >= 1 {
'wsrep_drupal_282555_workaround'=> '0',
'wsrep_causal_reads' => '0',
'wsrep_sst_method' => 'rsync',
+ 'wsrep_provider_options' => "gmcast.listen_addr=tcp://[${mysql_bind_host}]:4567;",
},
}
@@ -178,8 +202,19 @@ if hiera('step') >= 1 {
if hiera('step') >= 2 {
# NOTE(gfidente): the following vars are needed on all nodes so they
- # need to stay out of pacemaker_master conditional
- $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017')
+ # need to stay out of pacemaker_master conditional.
+ # The addresses mangling will hopefully go away when we'll be able to
+ # configure the connection string via hostnames, until then, we need to pass
+ # the list of IPv6 addresses *with* port and without the brackets as 'members'
+ # argument for the 'mongodb_replset' resource.
+ if str2bool(hiera('mongodb::server::ipv6', false)) {
+ $mongo_node_ips_with_port_prefixed = prefix(hiera('mongo_node_ips'), '[')
+ $mongo_node_ips_with_port = suffix($mongo_node_ips_with_port_prefixed, ']:27017')
+ $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017')
+ } else {
+ $mongo_node_ips_with_port = suffix(hiera('mongo_node_ips'), ':27017')
+ $mongo_node_ips_with_port_nobr = suffix(hiera('mongo_node_ips'), ':27017')
+ }
$mongodb_replset = hiera('mongodb::server::replset')
if $pacemaker_master {
@@ -188,6 +223,11 @@ if hiera('step') >= 2 {
include ::pacemaker::resource_defaults
+ # Create an openstack-core dummy resource. See RHBZ 1290121
+ pacemaker::resource::ocf { 'openstack-core':
+ ocf_agent_name => 'heartbeat:Dummy',
+ clone_params => true,
+ }
# FIXME: we should not have to access tripleo::loadbalancer class
# parameters here to configure pacemaker VIPs. The configuration
# of pacemaker VIPs could move into puppet-tripleo or we should
@@ -197,8 +237,14 @@ if hiera('step') >= 2 {
}
$control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip')
+ if is_ipv6_address($control_vip) {
+ $control_vip_netmask = '64'
+ } else {
+ $control_vip_netmask = '32'
+ }
pacemaker::resource::ip { 'control_vip':
- ip_address => $control_vip,
+ ip_address => $control_vip,
+ cidr_netmask => $control_vip_netmask,
}
pacemaker::constraint::base { 'control_vip-then-haproxy':
constraint_type => 'order',
@@ -219,9 +265,15 @@ if hiera('step') >= 2 {
}
$public_vip = hiera('tripleo::loadbalancer::public_virtual_ip')
+ if is_ipv6_address($public_vip) {
+ $public_vip_netmask = '64'
+ } else {
+ $public_vip_netmask = '32'
+ }
if $public_vip and $public_vip != $control_vip {
pacemaker::resource::ip { 'public_vip':
- ip_address => $public_vip,
+ ip_address => $public_vip,
+ cidr_netmask => $public_vip_netmask,
}
pacemaker::constraint::base { 'public_vip-then-haproxy':
constraint_type => 'order',
@@ -243,9 +295,15 @@ if hiera('step') >= 2 {
}
$redis_vip = hiera('redis_vip')
+ if is_ipv6_address($redis_vip) {
+ $redis_vip_netmask = '64'
+ } else {
+ $redis_vip_netmask = '32'
+ }
if $redis_vip and $redis_vip != $control_vip {
pacemaker::resource::ip { 'redis_vip':
- ip_address => $redis_vip,
+ ip_address => $redis_vip,
+ cidr_netmask => $redis_vip_netmask,
}
pacemaker::constraint::base { 'redis_vip-then-haproxy':
constraint_type => 'order',
@@ -267,9 +325,15 @@ if hiera('step') >= 2 {
}
$internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip')
+ if is_ipv6_address($internal_api_vip) {
+ $internal_api_vip_netmask = '64'
+ } else {
+ $internal_api_vip_netmask = '32'
+ }
if $internal_api_vip and $internal_api_vip != $control_vip {
pacemaker::resource::ip { 'internal_api_vip':
- ip_address => $internal_api_vip,
+ ip_address => $internal_api_vip,
+ cidr_netmask => $internal_api_vip_netmask,
}
pacemaker::constraint::base { 'internal_api_vip-then-haproxy':
constraint_type => 'order',
@@ -291,9 +355,15 @@ if hiera('step') >= 2 {
}
$storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip')
+ if is_ipv6_address($storage_vip) {
+ $storage_vip_netmask = '64'
+ } else {
+ $storage_vip_netmask = '32'
+ }
if $storage_vip and $storage_vip != $control_vip {
pacemaker::resource::ip { 'storage_vip':
- ip_address => $storage_vip,
+ ip_address => $storage_vip,
+ cidr_netmask => $storage_vip_netmask,
}
pacemaker::constraint::base { 'storage_vip-then-haproxy':
constraint_type => 'order',
@@ -315,9 +385,15 @@ if hiera('step') >= 2 {
}
$storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip')
+ if is_ipv6_address($storage_mgmt_vip) {
+ $storage_mgmt_vip_netmask = '64'
+ } else {
+ $storage_mgmt_vip_netmask = '32'
+ }
if $storage_mgmt_vip and $storage_mgmt_vip != $control_vip {
pacemaker::resource::ip { 'storage_mgmt_vip':
- ip_address => $storage_mgmt_vip,
+ ip_address => $storage_mgmt_vip,
+ cidr_netmask => $storage_mgmt_vip_netmask,
}
pacemaker::constraint::base { 'storage_mgmt_vip-then-haproxy':
constraint_type => 'order',
@@ -349,6 +425,7 @@ if hiera('step') >= 2 {
ocf_agent_name => 'heartbeat:rabbitmq-cluster',
resource_params => 'set_policy=\'ha-all ^(?!amq\.).* {"ha-mode":"all"}\'',
clone_params => 'ordered=true interleave=true',
+ meta_params => 'notify=true',
require => Class['::rabbitmq'],
}
@@ -366,7 +443,7 @@ if hiera('step') >= 2 {
before => Mongodb_replset[$mongodb_replset],
}
mongodb_replset { $mongodb_replset :
- members => $mongo_node_ips_with_port,
+ members => $mongo_node_ips_with_port_nobr,
}
}
@@ -430,6 +507,9 @@ MYSQL_HOST=localhost\n",
class { '::nova::db::mysql':
require => Exec['galera-ready'],
}
+ class { '::nova::db::mysql_api':
+ require => Exec['galera-ready'],
+ }
class { '::neutron::db::mysql':
require => Exec['galera-ready'],
}
@@ -458,8 +538,15 @@ MYSQL_HOST=localhost\n",
$enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false)
if $enable_ceph {
+ $mon_initial_members = downcase(hiera('ceph_mon_initial_members'))
+ if str2bool(hiera('ceph_ipv6', false)) {
+ $mon_host = hiera('ceph_mon_host_v6')
+ } else {
+ $mon_host = hiera('ceph_mon_host')
+ }
class { '::ceph::profile::params':
- mon_initial_members => downcase(hiera('ceph_mon_initial_members')),
+ mon_initial_members => $mon_initial_members,
+ mon_host => $mon_host,
}
include ::ceph::conf
include ::ceph::profile::mon
@@ -485,6 +572,14 @@ MYSQL_HOST=localhost\n",
}
if str2bool(hiera('enable_external_ceph', false)) {
+ if str2bool(hiera('ceph_ipv6', false)) {
+ $mon_host = hiera('ceph_mon_host_v6')
+ } else {
+ $mon_host = hiera('ceph_mon_host')
+ }
+ class { '::ceph::profile::params':
+ mon_host => $mon_host,
+ }
include ::ceph::conf
include ::ceph::profile::client
}
@@ -495,9 +590,10 @@ MYSQL_HOST=localhost\n",
if hiera('step') >= 3 {
class { '::keystone':
- sync_db => $sync_db,
- manage_service => false,
- enabled => false,
+ sync_db => $sync_db,
+ manage_service => false,
+ enabled => false,
+ enable_bootstrap => $pacemaker_master,
}
include ::keystone::config
@@ -565,16 +661,25 @@ if hiera('step') >= 3 {
manage_service => false,
enabled => false,
}
+ include ::glance::notify::rabbitmq
include join(['::glance::backend::', $glance_backend])
+ $nova_ipv6 = hiera('nova::use_ipv6', false)
+ if $nova_ipv6 {
+ $memcached_servers = suffix(hiera('memcache_node_ips_v6'), ':11211')
+ } else {
+ $memcached_servers = suffix(hiera('memcache_node_ips'), ':11211')
+ }
+
class { '::nova' :
- memcached_servers => suffix(hiera('memcache_node_ips'), ':11211'),
+ memcached_servers => $memcached_servers
}
include ::nova::config
class { '::nova::api' :
sync_db => $sync_db,
+ sync_db_api => $sync_db,
manage_service => false,
enabled => false,
}
@@ -662,6 +767,9 @@ if hiera('step') >= 3 {
if hiera('neutron::core_plugin') == 'neutron.plugins.nuage.plugin.NuagePlugin' {
include ::neutron::plugins::nuage
}
+ if hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' {
+ include ::neutron::plugins::opencontrail
+ }
if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
class {'::neutron::plugins::midonet':
midonet_api_ip => hiera('tripleo::loadbalancer::public_virtual_ip'),
@@ -721,8 +829,9 @@ if hiera('step') >= 3 {
}
}
- if hiera('neutron_enable_bigswitch_ml2', false) {
+ if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') {
include ::neutron::plugins::ml2::bigswitch::restproxy
+ include ::neutron::agents::bigswitch
}
neutron_l3_agent_config {
'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false);
@@ -730,9 +839,13 @@ if hiera('step') >= 3 {
neutron_dhcp_agent_config {
'DEFAULT/ovs_use_veth': value => hiera('neutron_ovs_use_veth', false);
}
+ neutron_config {
+ 'DEFAULT/notification_driver': value => 'messaging';
+ }
include ::cinder
include ::cinder::config
+ include ::tripleo::ssl::cinder_config
class { '::cinder::api':
sync_db => $sync_db,
manage_service => false,
@@ -747,6 +860,7 @@ if hiera('step') >= 3 {
enabled => false,
}
include ::cinder::glance
+ include ::cinder::ceilometer
class { '::cinder::setup_test_volume':
size => join([hiera('cinder_lvm_loop_device_size'), 'M']),
}
@@ -790,10 +904,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_eqlx_backend', false) {
$cinder_eqlx_backend = hiera('cinder::backend::eqlx::volume_backend_name')
- cinder_config {
- "${cinder_eqlx_backend}/host": value => 'hostgroup';
- }
-
cinder::backend::eqlx { $cinder_eqlx_backend :
volume_backend_name => hiera('cinder::backend::eqlx::volume_backend_name', undef),
san_ip => hiera('cinder::backend::eqlx::san_ip', undef),
@@ -801,7 +911,7 @@ if hiera('step') >= 3 {
san_password => hiera('cinder::backend::eqlx::san_password', undef),
san_thin_provision => hiera('cinder::backend::eqlx::san_thin_provision', undef),
eqlx_group_name => hiera('cinder::backend::eqlx::eqlx_group_name', undef),
- eqlx_pool => hiera('cinder::backend::eqlx::eqlx_lpool', undef),
+ eqlx_pool => hiera('cinder::backend::eqlx::eqlx_pool', undef),
eqlx_use_chap => hiera('cinder::backend::eqlx::eqlx_use_chap', undef),
eqlx_chap_login => hiera('cinder::backend::eqlx::eqlx_chap_login', undef),
eqlx_chap_password => hiera('cinder::backend::eqlx::eqlx_san_password', undef),
@@ -811,10 +921,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_dellsc_backend', false) {
$cinder_dellsc_backend = hiera('cinder::backend::dellsc_iscsi::volume_backend_name')
- cinder_config {
- "${cinder_dellsc_backend}/host": value => 'hostgroup';
- }
-
cinder::backend::dellsc_iscsi{ $cinder_dellsc_backend :
volume_backend_name => hiera('cinder::backend::dellsc_iscsi::volume_backend_name', undef),
san_ip => hiera('cinder::backend::dellsc_iscsi::san_ip', undef),
@@ -823,7 +929,7 @@ if hiera('step') >= 3 {
dell_sc_ssn => hiera('cinder::backend::dellsc_iscsi::dell_sc_ssn', undef),
iscsi_ip_address => hiera('cinder::backend::dellsc_iscsi::iscsi_ip_address', undef),
iscsi_port => hiera('cinder::backend::dellsc_iscsi::iscsi_port', undef),
- dell_sc_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_port', undef),
+ dell_sc_api_port => hiera('cinder::backend::dellsc_iscsi::dell_sc_api_port', undef),
dell_sc_server_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_server_folder', undef),
dell_sc_volume_folder => hiera('cinder::backend::dellsc_iscsi::dell_sc_volume_folder', undef),
}
@@ -832,10 +938,6 @@ if hiera('step') >= 3 {
if hiera('cinder_enable_netapp_backend', false) {
$cinder_netapp_backend = hiera('cinder::backend::netapp::title')
- cinder_config {
- "${cinder_netapp_backend}/host": value => 'hostgroup';
- }
-
if hiera('cinder::backend::netapp::nfs_shares', undef) {
$cinder_netapp_nfs_shares = split(hiera('cinder::backend::netapp::nfs_shares', undef), ',')
}
@@ -884,7 +986,7 @@ if hiera('step') >= 3 {
$cinder_enabled_backends = delete_undef_values([$cinder_iscsi_backend, $cinder_rbd_backend, $cinder_eqlx_backend, $cinder_dellsc_backend, $cinder_netapp_backend, $cinder_nfs_backend])
class { '::cinder::backends' :
- enabled_backends => $cinder_enabled_backends,
+ enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')),
}
class { '::sahara':
@@ -985,7 +1087,8 @@ if hiera('step') >= 3 {
# Heat
include ::heat::config
class { '::heat' :
- sync_db => $sync_db,
+ sync_db => $sync_db,
+ notification_driver => 'messaging',
}
class { '::heat::api' :
manage_service => false,
@@ -1010,6 +1113,7 @@ if hiera('step') >= 3 {
service_enable => false,
# service_manage => false, # <-- not supported with horizon&apache mod_wsgi?
}
+ include ::keystone::wsgi::apache
include ::apache::mod::status
if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') {
$_profile_support = 'cisco'
@@ -1029,7 +1133,7 @@ if hiera('step') >= 3 {
}
class { '::snmp':
agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
+ snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
hiera_include('controller_classes')
@@ -1040,6 +1144,7 @@ if hiera('step') >= 4 {
$keystone_enable_db_purge = hiera('keystone_enable_db_purge', true)
$nova_enable_db_purge = hiera('nova_enable_db_purge', true)
$cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
+ $heat_enable_db_purge = hiera('heat_enable_db_purge', true)
if $keystone_enable_db_purge {
include ::keystone::cron::token_flush
@@ -1050,60 +1155,65 @@ if hiera('step') >= 4 {
if $cinder_enable_db_purge {
include ::cinder::cron::db_purge
}
+ if $heat_enable_db_purge {
+ include ::heat::cron::purge_deleted
+ }
if $pacemaker_master {
- # Keystone
- pacemaker::resource::service { $::keystone::params::service_name :
- clone_params => 'interleave=true',
- verify_on_create => true,
- require => [File['/etc/keystone/ssl/certs/ca.pem'],
- File['/etc/keystone/ssl/private/signing_key.pem'],
- File['/etc/keystone/ssl/certs/signing_cert.pem']],
- }
if $enable_load_balancer {
pacemaker::constraint::base { 'haproxy-then-keystone-constraint':
constraint_type => 'order',
first_resource => 'haproxy-clone',
- second_resource => "${::keystone::params::service_name}-clone",
+ second_resource => 'openstack-core-clone',
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service['haproxy'],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
}
+
+ pacemaker::constraint::base { 'openstack-core-then-httpd-constraint':
+ constraint_type => 'order',
+ first_resource => 'openstack-core-clone',
+ second_resource => "${::apache::params::service_name}-clone",
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service[$::apache::params::service_name],
+ Pacemaker::Resource::Ocf['openstack-core']],
+ }
pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint':
constraint_type => 'order',
first_resource => 'rabbitmq-clone',
- second_resource => "${::keystone::params::service_name}-clone",
+ second_resource => 'openstack-core-clone',
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Ocf['rabbitmq'],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
- pacemaker::constraint::base { 'memcached-then-keystone-constraint':
+ pacemaker::constraint::base { 'memcached-then-openstack-core-constraint':
constraint_type => 'order',
first_resource => 'memcached-clone',
- second_resource => "${::keystone::params::service_name}-clone",
+ second_resource => 'openstack-core-clone',
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service['memcached'],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
- pacemaker::constraint::base { 'galera-then-keystone-constraint':
+ pacemaker::constraint::base { 'galera-then-openstack-core-constraint':
constraint_type => 'order',
first_resource => 'galera-master',
- second_resource => "${::keystone::params::service_name}-clone",
+ second_resource => 'openstack-core-clone',
first_action => 'promote',
second_action => 'start',
require => [Pacemaker::Resource::Ocf['galera'],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
# Cinder
pacemaker::resource::service { $::cinder::params::api_service :
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Ocf['openstack-core'],
}
pacemaker::resource::service { $::cinder::params::scheduler_service :
clone_params => 'interleave=true',
@@ -1112,12 +1222,12 @@ if hiera('step') >= 4 {
pacemaker::constraint::base { 'keystone-then-cinder-api-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => 'openstack-core-clone',
second_resource => "${::cinder::params::api_service}-clone",
first_action => 'start',
second_action => 'start',
- require => [Pacemaker::Resource::Service[$::cinder::params::api_service],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ require => [Pacemaker::Resource::Ocf['openstack-core'],
+ Pacemaker::Resource::Service[$::cinder::params::api_service]],
}
pacemaker::constraint::base { 'cinder-api-then-cinder-scheduler-constraint':
constraint_type => 'order',
@@ -1155,25 +1265,25 @@ if hiera('step') >= 4 {
# Sahara
pacemaker::resource::service { $::sahara::params::api_service_name :
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Ocf['openstack-core'],
}
pacemaker::resource::service { $::sahara::params::engine_service_name :
clone_params => 'interleave=true',
}
pacemaker::constraint::base { 'keystone-then-sahara-api-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => 'openstack-core-clone',
second_resource => "${::sahara::params::api_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::sahara::params::api_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
# Glance
pacemaker::resource::service { $::glance::params::registry_service_name :
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Ocf['openstack-core'],
}
pacemaker::resource::service { $::glance::params::api_service_name :
clone_params => 'interleave=true',
@@ -1181,12 +1291,12 @@ if hiera('step') >= 4 {
pacemaker::constraint::base { 'keystone-then-glance-registry-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => 'openstack-core-clone',
second_resource => "${::glance::params::registry_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::glance::params::registry_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
pacemaker::constraint::base { 'glance-registry-then-glance-api-constraint':
constraint_type => 'order',
@@ -1224,12 +1334,12 @@ if hiera('step') >= 4 {
} ->
pacemaker::resource::service { $::neutron::params::server_service:
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name]
+ require => Pacemaker::Resource::Ocf['openstack-core']
}
} else {
pacemaker::resource::service { $::neutron::params::server_service:
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name]
+ require => Pacemaker::Resource::Ocf['openstack-core']
}
}
if hiera('neutron::enable_l3_agent', true) {
@@ -1301,38 +1411,37 @@ if hiera('step') >= 4 {
Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
}
}
-
pacemaker::constraint::base { 'keystone-to-neutron-server-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => 'openstack-core-clone',
second_resource => "${::neutron::params::server_service}-clone",
first_action => 'start',
second_action => 'start',
- require => [Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => [Pacemaker::Resource::Ocf['openstack-core'],
Pacemaker::Resource::Service[$::neutron::params::server_service]],
}
if hiera('neutron::enable_ovs_agent',true) {
- pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint':
+ pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint':
constraint_type => 'order',
- first_resource => "${::neutron::params::server_service}-clone",
- second_resource => "${::neutron::params::ovs_agent_service}-clone",
+ first_resource => "${::neutron::params::ovs_agent_service}-clone",
+ second_resource => "${::neutron::params::dhcp_agent_service}-clone",
first_action => 'start',
second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::server_service],
- Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
+ require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service],
+ Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]],
}
}
if hiera('neutron::enable_dhcp_agent',true) and hiera('neutron::enable_ovs_agent',true) {
- pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint':
+ pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint':
constraint_type => 'order',
- first_resource => "${::neutron::params::ovs_agent_service}-clone",
- second_resource => "${::neutron::params::dhcp_agent_service}-clone",
+ first_resource => "${::neutron::params::server_service}-clone",
+ second_resource => "${::neutron::params::ovs_agent_service}-clone",
first_action => 'start',
second_action => 'start',
- require => [Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service],
- Pacemaker::Resource::Service[$::neutron::params::dhcp_agent_service]],
+ require => [Pacemaker::Resource::Service[$::neutron::params::server_service],
+ Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]],
+ }
- }
pacemaker::constraint::colocation { 'neutron-openvswitch-agent-to-dhcp-agent-colocation':
source => "${::neutron::params::dhcp_agent_service}-clone",
target => "${::neutron::params::ovs_agent_service}-clone",
@@ -1418,34 +1527,29 @@ if hiera('step') >= 4 {
# Nova
pacemaker::resource::service { $::nova::params::api_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s',
}
pacemaker::resource::service { $::nova::params::conductor_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s',
}
pacemaker::resource::service { $::nova::params::consoleauth_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Ocf['openstack-core'],
}
pacemaker::resource::service { $::nova::params::vncproxy_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s',
}
pacemaker::resource::service { $::nova::params::scheduler_service_name :
clone_params => 'interleave=true',
- op_params => 'start timeout=200s stop timeout=200s monitor start-delay=10s',
}
pacemaker::constraint::base { 'keystone-then-nova-consoleauth-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => 'openstack-core-clone',
second_resource => "${::nova::params::consoleauth_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::nova::params::consoleauth_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
pacemaker::constraint::base { 'nova-consoleauth-then-nova-vncproxy-constraint':
constraint_type => 'order',
@@ -1515,16 +1619,16 @@ if hiera('step') >= 4 {
# Ceilometer
case downcase(hiera('ceilometer_backend')) {
/mysql/: {
- pacemaker::resource::service { $::ceilometer::params::agent_central_service_name :
+ pacemaker::resource::service { $::ceilometer::params::agent_central_service_name:
clone_params => 'interleave=true',
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Ocf['openstack-core'],
}
}
default: {
- pacemaker::resource::service { $::ceilometer::params::agent_central_service_name :
+ pacemaker::resource::service { $::ceilometer::params::agent_central_service_name:
clone_params => 'interleave=true',
- require => [Pacemaker::Resource::Service[$::keystone::params::service_name],
- Pacemaker::Resource::Service[$::mongodb::params::service_name]],
+ require => [Pacemaker::Resource::Ocf['openstack-core'],
+ Pacemaker::Resource::Service[$::mongodb::params::service_name]],
}
}
}
@@ -1560,12 +1664,12 @@ if hiera('step') >= 4 {
}
pacemaker::constraint::base { 'keystone-then-ceilometer-central-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => 'openstack-core-clone',
second_resource => "${::ceilometer::params::agent_central_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::ceilometer::params::agent_central_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
pacemaker::constraint::base { 'ceilometer-central-then-ceilometer-collector-constraint':
constraint_type => 'order',
@@ -1635,12 +1739,12 @@ if hiera('step') >= 4 {
}
pacemaker::constraint::base { 'keystone-then-heat-api-constraint':
constraint_type => 'order',
- first_resource => "${::keystone::params::service_name}-clone",
+ first_resource => 'openstack-core-clone',
second_resource => "${::heat::params::api_service_name}-clone",
first_action => 'start',
second_action => 'start',
require => [Pacemaker::Resource::Service[$::heat::params::api_service_name],
- Pacemaker::Resource::Service[$::keystone::params::service_name]],
+ Pacemaker::Resource::Ocf['openstack-core']],
}
pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint':
constraint_type => 'order',
@@ -1700,9 +1804,13 @@ if hiera('step') >= 4 {
Pacemaker::Resource::Service[$::ceilometer::params::agent_notification_service_name]],
}
- # Horizon
- pacemaker::resource::service { $::horizon::params::http_service:
- clone_params => 'interleave=true',
+ # Horizon and Keystone
+ pacemaker::resource::service { $::apache::params::service_name:
+ clone_params => 'interleave=true',
+ verify_on_create => true,
+ require => [File['/etc/keystone/ssl/certs/ca.pem'],
+ File['/etc/keystone/ssl/private/signing_key.pem'],
+ File['/etc/keystone/ssl/certs/signing_cert.pem']],
}
#VSM
@@ -1739,12 +1847,21 @@ if hiera('step') >= 5 {
if $pacemaker_master {
class {'::keystone::roles::admin' :
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
} ->
class {'::keystone::endpoint' :
- require => Pacemaker::Resource::Service[$::keystone::params::service_name],
+ require => Pacemaker::Resource::Service[$::apache::params::service_name],
}
+ include ::heat::keystone::domain
+ Class['::keystone::roles::admin'] -> Class['::heat::keystone::domain']
+ } else {
+ # On non-master controller we don't need to create Keystone resources again
+ class { '::heat::keystone::domain':
+ manage_domain => false,
+ manage_user => false,
+ manage_role => false,
+ }
}
} #END STEP 5
diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp
index 63ac396e..ae074589 100644
--- a/puppet/manifests/overcloud_object.pp
+++ b/puppet/manifests/overcloud_object.pp
@@ -16,7 +16,9 @@
include ::tripleo::packages
include ::tripleo::firewall
+create_resources(kmod::load, hiera('kernel_modules'), {})
create_resources(sysctl::value, hiera('sysctl_settings'), {})
+Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
if count(hiera('ntp::servers')) > 0 {
include ::ntp
@@ -48,7 +50,7 @@ snmp::snmpv3_user { $snmpd_user:
}
class { '::snmp':
agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
+ snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
hiera_include('object_classes')
diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp
index 5a69725a..134dc43b 100644
--- a/puppet/manifests/overcloud_volume.pp
+++ b/puppet/manifests/overcloud_volume.pp
@@ -16,7 +16,9 @@
include ::tripleo::packages
include ::tripleo::firewall
+create_resources(kmod::load, hiera('kernel_modules'), {})
create_resources(sysctl::value, hiera('sysctl_settings'), {})
+Exec <| tag == 'kmod::load' |> -> Sysctl <| |>
if count(hiera('ntp::servers')) > 0 {
include ::ntp
@@ -42,7 +44,7 @@ if $cinder_enable_iscsi {
$cinder_enabled_backends = any2array($cinder_iscsi_backend)
class { '::cinder::backends' :
- enabled_backends => $cinder_enabled_backends,
+ enabled_backends => union($cinder_enabled_backends, hiera('cinder_user_enabled_backends')),
}
$snmpd_user = hiera('snmpd_readonly_user_name')
@@ -52,7 +54,7 @@ snmp::snmpv3_user { $snmpd_user:
}
class { '::snmp':
agentaddress => ['udp:161','udp6:[::1]:161'],
- snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
+ snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
}
hiera_include('volume_classes')
diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml
index a55b3959..eb06b241 100644
--- a/puppet/swift-storage-post.yaml
+++ b/puppet/swift-storage-post.yaml
@@ -12,9 +12,19 @@ parameters:
type: json
description: Value which changes if the node configuration may need to be re-applied
-
resources:
+ StorageArtifactsConfig:
+ type: deploy-artifacts.yaml
+
+ StorageArtifactsDeploy:
+ type: OS::Heat::StructuredDeployments
+ properties:
+ servers: {get_param: servers}
+ config: {get_resource: StorageArtifactsConfig}
+ input_values:
+ update_identifier: {get_param: NodeConfigIdentifiers}
+
StoragePuppetConfig:
type: OS::Heat::SoftwareConfig
properties:
@@ -28,6 +38,7 @@ resources:
StorageDeployment_Step1:
type: OS::Heat::StructuredDeployments
+ depends_on: StorageArtifactsDeploy
properties:
name: StorageDeployment_Step1
servers: {get_param: servers}
diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml
index 142e47cc..c26aca77 100644
--- a/puppet/swift-storage.yaml
+++ b/puppet/swift-storage.yaml
@@ -68,6 +68,10 @@ parameters:
Hostname:
type: string
default: '' # Defaults to Heat created hostname
+ HostnameMap:
+ type: json
+ default: {}
+ description: Optional mapping to override hostnames
ExtraConfig:
default: {}
description: |
@@ -79,6 +83,9 @@ parameters:
description: |
Role specific additional hiera configuration to inject into the cluster.
type: json
+ SwiftStorageIPs:
+ default: {}
+ type: json
NetworkDeploymentActions:
type: comma_delimited_list
description: >
@@ -107,6 +114,9 @@ parameters:
type: json
description: Optional scheduler hints to pass to nova
default: {}
+ NodeIndex:
+ type: number
+ default: 0
resources:
@@ -120,7 +130,10 @@ resources:
- network: ctlplane
user_data_format: SOFTWARE_CONFIG
user_data: {get_resource: UserData}
- name: {get_param: Hostname}
+ name:
+ str_replace:
+ template: {get_param: Hostname}
+ params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
metadata: {get_param: ServerMetadata}
scheduler_hints: {get_param: SchedulerHints}
@@ -149,31 +162,43 @@ resources:
type: OS::TripleO::SwiftStorage::Ports::ExternalPort
properties:
ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: SwiftStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
InternalApiPort:
type: OS::TripleO::SwiftStorage::Ports::InternalApiPort
properties:
ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: SwiftStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
StoragePort:
type: OS::TripleO::SwiftStorage::Ports::StoragePort
properties:
ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: SwiftStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
StorageMgmtPort:
type: OS::TripleO::SwiftStorage::Ports::StorageMgmtPort
properties:
ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: SwiftStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
TenantPort:
type: OS::TripleO::SwiftStorage::Ports::TenantPort
properties:
ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: SwiftStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
ManagementPort:
type: OS::TripleO::SwiftStorage::Ports::ManagementPort
properties:
ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
+ IPPool: {get_param: SwiftStorageIPs}
+ NodeIndex: {get_param: NodeIndex}
NetworkConfig:
type: OS::TripleO::ObjectStorage::Net::SoftwareConfig
@@ -191,11 +216,17 @@ resources:
properties:
ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]}
ExternalIp: {get_attr: [ExternalPort, ip_address]}
+ ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
+ InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
StorageIp: {get_attr: [StoragePort, ip_address]}
+ StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
+ StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
TenantIp: {get_attr: [TenantPort, ip_address]}
+ TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
ManagementIp: {get_attr: [ManagementPort, ip_address]}
+ ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -302,11 +333,54 @@ outputs:
hosts_entry:
value:
str_replace:
- template: "IP HOST.DOMAIN HOST"
+ template: |
+ PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
+ EXTERNALIP EXTERNALHOST
+ INTERNAL_APIIP INTERNAL_APIHOST
+ STORAGEIP STORAGEHOST
+ STORAGE_MGMTIP STORAGE_MGMTHOST
+ TENANTIP TENANTHOST
+ MANAGEMENTIP MANAGEMENTHOST
params:
- IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]}
+ PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]}
DOMAIN: {get_param: CloudDomain}
- HOST: {get_attr: [SwiftStorage, name]}
+ PRIMARYHOST: {get_attr: [SwiftStorage, name]}
+ EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
+ EXTERNALHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [SwiftStorage, name]}
+ - external
+ INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
+ INTERNAL_APIHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [SwiftStorage, name]}
+ - internalapi
+ STORAGEIP: {get_attr: [StoragePort, ip_address]}
+ STORAGEHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [SwiftStorage, name]}
+ - storage
+ STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
+ STORAGE_MGMTHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [SwiftStorage, name]}
+ - storagemgmt
+ TENANTIP: {get_attr: [TenantPort, ip_address]}
+ TENANTHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [SwiftStorage, name]}
+ - tenant
+ MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
+ MANAGEMENTHOST:
+ list_join:
+ - '-'
+ - - {get_attr: [SwiftStorage, name]}
+ - management
nova_server_resource:
description: Heat resource handle for the swift storage server
value:
@@ -317,7 +391,7 @@ outputs:
str_replace:
template: 'r1z1-IP:%PORT%/d1'
params:
- IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
+ IP: {get_attr: [NetIpMap, net_ip_uri_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]}
external_ip_address:
description: IP address of the server in the external network
value: {get_attr: [ExternalPort, ip_address]}