diff options
Diffstat (limited to 'puppet')
36 files changed, 151 insertions, 174 deletions
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 4c9355d5..793b17dd 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -2,18 +2,10 @@ heat_template_version: 2015-04-30 description: 'All Nodes Config for Puppet' parameters: - compute_hosts: - type: comma_delimited_list - controller_hosts: + hosts: type: comma_delimited_list controller_ips: type: comma_delimited_list - block_storage_hosts: - type: comma_delimited_list - object_storage_hosts: - type: comma_delimited_list - ceph_storage_hosts: - type: comma_delimited_list controller_names: type: comma_delimited_list rabbit_node_ips: @@ -91,21 +83,7 @@ resources: hosts: list_join: - "\n" - - - list_join: - - "\n" - - {get_param: compute_hosts} - - list_join: - - "\n" - - {get_param: controller_hosts} - - list_join: - - "\n" - - {get_param: block_storage_hosts} - - list_join: - - "\n" - - {get_param: object_storage_hosts} - - list_join: - - "\n" - - {get_param: ceph_storage_hosts} + - {get_param: hosts} hiera: datafiles: bootstrap_node: diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index 2f007536..cc632610 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -1,8 +1,9 @@ heat_template_version: 2015-04-30 description: 'OpenStack ceph storage node configured by Puppet' parameters: - Flavor: + OvercloudCephStorageFlavor: description: Flavor for the Ceph Storage node. + default: baremetal type: string constraints: - custom_constraint: nova.flavor @@ -108,7 +109,7 @@ resources: properties: image: {get_param: CephStorageImage} image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: Flavor} + flavor: {get_param: OvercloudCephStorageFlavor} key_name: {get_param: KeyName} networks: - network: ctlplane @@ -274,7 +275,6 @@ resources: extraconfig: mapped_data: {get_param: ExtraConfig} ceph: - raw_data: {get_file: hieradata/ceph.yaml} mapped_data: tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index 28f16866..a987b8f8 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -20,9 +20,10 @@ parameters: BlockStorageIPs: default: {} type: json - Flavor: + OvercloudBlockStorageFlavor: description: Flavor for block storage nodes to request when deploying. type: string + default: baremetal constraints: - custom_constraint: nova.flavor KeyName: @@ -281,7 +282,6 @@ resources: extraconfig: mapped_data: {get_param: ExtraConfig} volume: - raw_data: {get_file: hieradata/volume.yaml} mapped_data: # Cinder tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_ip_address: {get_input: cinder_iscsi_ip_address} diff --git a/puppet/compute.yaml b/puppet/compute.yaml index 1ae55cd3..dcb3c39a 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -40,8 +40,9 @@ parameters: Additional hiera configuration to inject into the cluster. Note that NovaComputeExtraConfig takes precedence over ExtraConfig. type: json - Flavor: + OvercloudComputeFlavor: description: Flavor for the nova compute node + default: baremetal type: string constraints: - custom_constraint: nova.flavor @@ -231,7 +232,7 @@ resources: image: {get_param: NovaImage} image_update_policy: get_param: ImageUpdatePolicy - flavor: {get_param: Flavor} + flavor: {get_param: OvercloudComputeFlavor} key_name: {get_param: KeyName} networks: - network: ctlplane @@ -367,7 +368,6 @@ resources: - service_configs - compute - ceph_cluster # provided by CephClusterConfig - - ceph - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - network @@ -392,10 +392,7 @@ resources: net_ip_map: {get_attr: [NetIpMap, net_ip_map]} net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]} net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]} - ceph: - raw_data: {get_file: hieradata/ceph.yaml} compute: - raw_data: {get_file: hieradata/compute.yaml} mapped_data: cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} nova::use_ipv6: {get_input: nova_ipv6} diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 52d80e57..93f0e03e 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -93,8 +93,9 @@ parameters: ] } type: json - Flavor: + OvercloudControlFlavor: description: Flavor for control nodes to request when deploying. + default: baremetal type: string constraints: - custom_constraint: nova.flavor @@ -342,7 +343,7 @@ resources: properties: image: {get_param: controllerImage} image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: Flavor} + flavor: {get_param: OvercloudControlFlavor} key_name: {get_param: KeyName} networks: - network: ctlplane @@ -495,12 +496,6 @@ resources: horizon_secret: {get_param: HorizonSecret} admin_password: {get_param: AdminPassword} debug: {get_param: Debug} - cinder_public_url: {get_param: [EndpointMap, CinderPublic, uri]} - cinder_internal_url: {get_param: [EndpointMap, CinderInternal, uri]} - cinder_admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} - cinder_public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} - cinder_internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} - cinder_admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] } @@ -519,12 +514,6 @@ resources: params: CLUSTER: {get_param: MysqlClusterUniquePart} neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - neutron_password: {get_param: NeutronPassword} - neutron_internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } - neutron_public_url: { get_param: [ EndpointMap, NeutronPublic, uri ] } - neutron_admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } - neutron_auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } - nova_internal_url: { get_param: [ EndpointMap, NovaInternal, uri ] } aodh_internal_url: { get_param: [ EndpointMap, AodhInternal, uri ] } aodh_public_url: { get_param: [ EndpointMap, AodhPublic, uri ] } aodh_admin_url: { get_param: [ EndpointMap, AodhAdmin, uri ] } @@ -546,9 +535,6 @@ resources: nova_password: {get_param: NovaPassword} upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute} instance_name_template: {get_param: InstanceNameTemplate} - nova_public_url: {get_param: [EndpointMap, NovaPublic, uri]} - nova_internal_url: {get_param: [EndpointMap, NovaInternal, uri]} - nova_admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} fencing_config: {get_param: FencingConfig} pcsd_password: {get_param: PcsdPassword} rabbit_username: {get_param: RabbitUserName} @@ -618,7 +604,6 @@ resources: - service_configs - service_names - controller - - object - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - ceph_cluster # provided by CephClusterConfig - ceph @@ -654,15 +639,11 @@ resources: net_ip_subnet_map: {get_attr: [NetIpMap, net_ip_subnet_map]} net_ip_uri_map: {get_attr: [NetIpMap, net_ip_uri_map]} ceph: - raw_data: {get_file: hieradata/ceph.yaml} mapped_data: ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} ceph::profile::params::public_network: {get_input: ceph_public_network} ceph::profile::params::public_addr: {get_input: ceph_public_ip} - object: - raw_data: {get_file: hieradata/object.yaml} controller: - raw_data: {get_file: hieradata/controller.yaml} mapped_data: # data supplied directly to this deployment configuration, etc bootstack_nodeid: {get_input: bootstack_nodeid} @@ -682,19 +663,10 @@ resources: # Cinder tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_input: cinder_iscsi_network} cinder::api::bind_host: {get_input: cinder_api_network} - cinder::keystone::auth::public_url: {get_input: cinder_public_url } - cinder::keystone::auth::internal_url: {get_input: cinder_internal_url } - cinder::keystone::auth::admin_url: {get_input: cinder_admin_url } - cinder::keystone::auth::public_url_v2: {get_input: cinder_public_url_v2 } - cinder::keystone::auth::internal_url_v2: {get_input: cinder_internal_url_v2 } - cinder::keystone::auth::admin_url_v2: {get_input: cinder_admin_url_v2 } - cinder::keystone::auth::password: {get_input: cinder_password } - cinder::keystone::auth::region: {get_input: keystone_region} # Glance glance::api::bind_host: {get_input: glance_api_network} glance::registry::bind_host: {get_input: glance_registry_network} - glance::keystone::auth::region: {get_input: keystone_region} # Heat heat::api::bind_host: {get_input: heat_api_network} @@ -729,11 +701,6 @@ resources: neutron::bind_host: {get_input: neutron_api_network} neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network} - neutron::keystone::auth::public_url: {get_input: neutron_public_url } - neutron::keystone::auth::internal_url: {get_input: neutron_internal_url } - neutron::keystone::auth::admin_url: {get_input: neutron_admin_url } - neutron::keystone::auth::password: {get_input: neutron_password } - neutron::keystone::auth::region: {get_input: keystone_region} # Aodh aodh::api::host: {get_input: aodh_api_network} @@ -766,16 +733,8 @@ resources: nova::glance_api_servers: {get_input: glance_api_servers} nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} nova::api::instance_name_template: {get_input: instance_name_template} - nova::network::neutron::neutron_password: {get_input: neutron_password} - nova::network::neutron::neutron_url: {get_input: neutron_internal_url} - nova::network::neutron::neutron_auth_url: {get_input: neutron_auth_url} nova::vncproxy::host: {get_input: nova_api_network} nova_enable_db_purge: {get_input: nova_enable_db_purge} - nova::keystone::auth::public_url: {get_input: nova_public_url} - nova::keystone::auth::internal_url: {get_input: nova_internal_url} - nova::keystone::auth::admin_url: {get_input: nova_admin_url} - nova::keystone::auth::password: {get_input: nova_password } - nova::keystone::auth::region: {get_input: keystone_region} # Horizon apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet} @@ -785,6 +744,9 @@ resources: horizon::bind_address: {get_input: horizon_network} horizon::keystone_url: {get_input: keystone_auth_uri} + # Sahara + sahara::host: {get_input: sahara_api_network} + # RabbitMQ rabbitmq::node_ip_address: {get_input: rabbitmq_network} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} diff --git a/puppet/hieradata/README.rst b/puppet/hieradata/README.rst deleted file mode 100644 index 64a60229..00000000 --- a/puppet/hieradata/README.rst +++ /dev/null @@ -1 +0,0 @@ -Do not add more hieradata in this directory, and use composable services. diff --git a/puppet/hieradata/ceph.yaml b/puppet/hieradata/ceph.yaml deleted file mode 100644 index c8c5804b..00000000 --- a/puppet/hieradata/ceph.yaml +++ /dev/null @@ -1,2 +0,0 @@ -# Do not add hieradata in this file, and use composable services. -ceph_classes: [] diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml deleted file mode 100644 index 54b3d412..00000000 --- a/puppet/hieradata/compute.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# Do not add hieradata in this file, and use composable services. - -compute_classes: [] diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml deleted file mode 100644 index d18e0bc9..00000000 --- a/puppet/hieradata/controller.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# Do not add hieradata in this file, and use composable services. - -controller_classes: [] diff --git a/puppet/hieradata/object.yaml b/puppet/hieradata/object.yaml deleted file mode 100644 index 5aa0cfb6..00000000 --- a/puppet/hieradata/object.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# Do not add hieradata in this file, and use composable services. - -object_classes: [] diff --git a/puppet/hieradata/volume.yaml b/puppet/hieradata/volume.yaml deleted file mode 100644 index 42b85e1a..00000000 --- a/puppet/hieradata/volume.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# Do not add hieradata in this file, and use composable services. - -volume_classes: [] diff --git a/puppet/manifests/overcloud_cephstorage.pp b/puppet/manifests/overcloud_cephstorage.pp index 152694d9..df83496f 100644 --- a/puppet/manifests/overcloud_cephstorage.pp +++ b/puppet/manifests/overcloud_cephstorage.pp @@ -17,7 +17,7 @@ include ::tripleo::packages include ::tripleo::firewall if hiera('step') >= 4 { - hiera_include('ceph_classes') + hiera_include('ceph_classes', []) } $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_ceph', hiera('step')]) diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index ab7f846f..19ec575a 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -17,7 +17,7 @@ include ::tripleo::packages include ::tripleo::firewall if hiera('step') >= 4 { - hiera_include('compute_classes') + hiera_include('compute_classes', []) } $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_compute', hiera('step')]) diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 69e48e95..30e7c8d9 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -17,8 +17,8 @@ include ::tripleo::packages include ::tripleo::firewall if hiera('step') >= 4 { - hiera_include('controller_classes') -} #END STEP 4 + hiera_include('controller_classes', []) +} $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 0aec972d..a782207e 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -16,17 +16,9 @@ include ::tripleo::packages include ::tripleo::firewall -if $::hostname == downcase(hiera('bootstrap_nodeid')) { - $pacemaker_master = true - $sync_db = true -} else { - $pacemaker_master = false - $sync_db = false +if hiera('step') >= 4 { + hiera_include('controller_classes', []) } -if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) { - hiera_include('controller_classes') -} #END STEP 4 - $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_object.pp b/puppet/manifests/overcloud_object.pp index 1f04c581..18e90d1f 100644 --- a/puppet/manifests/overcloud_object.pp +++ b/puppet/manifests/overcloud_object.pp @@ -17,7 +17,7 @@ include ::tripleo::packages include ::tripleo::firewall if hiera('step') >= 4 { - hiera_include('object_classes') + hiera_include('object_classes', []) } $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_object', hiera('step')]) diff --git a/puppet/manifests/overcloud_volume.pp b/puppet/manifests/overcloud_volume.pp index 7c7da586..f6787719 100644 --- a/puppet/manifests/overcloud_volume.pp +++ b/puppet/manifests/overcloud_volume.pp @@ -17,7 +17,7 @@ include ::tripleo::packages include ::tripleo::firewall if hiera('step') >= 4 { - hiera_include('volume_classes') + hiera_include('volume_classes', []) } $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_volume', hiera('step')]) diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index 80f656d0..a51ec2df 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -13,10 +13,6 @@ parameters: description: The password for the redis service account. type: string hidden: true - RedisVirtualIPUri: - type: string - default: '' - resources: CeilometerServiceBase: @@ -38,7 +34,7 @@ outputs: - - 'redis://:' - {get_param: RedisPassword} - '@' - - {get_param: RedisVirtualIPUri} + - "%{hiera('redis_vip')}" - ':6379/' step_config: | include ::tripleo::profile::base::ceilometer::agent::central diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index bce52f36..47028610 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -58,9 +58,6 @@ outputs: config_settings: tripleo::profile::base::ceph::ceph_ipv6: {get_param: CephIPv6} tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage} - ceph::profile::params::osd_pool_default_pg_num: 32 - ceph::profile::params::osd_pool_default_pgp_num: 32 - ceph::profile::params::osd_pool_default_size: 3 ceph::profile::params::osd_pool_default_min_size: 1 ceph::profile::params::osds: {/srv/data: {}} ceph::profile::params::manage_repo: false diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index f48515e5..074d941d 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -31,6 +31,19 @@ parameters: NovaRbdPoolName: default: vms type: string + CephPools: + description: > + It can be used to override settings for one of the predefined pools, or to create + additional ones. Example: + { + "volumes": { + "size": 5, + "pg_num: 128, + "pgp_num": 128 + } + } + default: {} + type: json resources: CephBase: @@ -46,12 +59,24 @@ outputs: - get_attr: [CephBase, role_data, config_settings] - ceph::profile::params::ms_bind_ipv6: {get_param: CephIPv6} ceph::profile::params::mon_key: {get_param: CephMonKey} + # repeat returns items in a list, so we need to map_merge twice tripleo::profile::base::ceph::mon::ceph_pools: - - {get_param: CinderRbdPoolName} - - {get_param: CinderBackupRbdPoolName} - - {get_param: NovaRbdPoolName} - - {get_param: GlanceRbdPoolName} - - {get_param: GnocchiRbdPoolName} + map_merge: + - map_merge: + repeat: + for_each: + <%pool%>: + - {get_param: CinderRbdPoolName} + - {get_param: CinderBackupRbdPoolName} + - {get_param: NovaRbdPoolName} + - {get_param: GlanceRbdPoolName} + - {get_param: GnocchiRbdPoolName} + template: + <%pool%>: + pg_num: 32 + pgp_num: 32 + size: 3 + - {get_param: CephPools} tripleo.ceph_mon.firewall_rules: '110 ceph_mon': dport: diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 5e58dee9..4f383456 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -18,6 +18,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint resources: @@ -34,10 +38,19 @@ outputs: config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] - - cinder::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - cinder::api::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - cinder::api::keystone_password: {get_param: CinderPassword} - cinder::api::keystone_tenant: 'service' + - cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + cinder::keystone::authtoken::password: {get_param: CinderPassword} + cinder::keystone::authtoken::project_name: 'service' + cinder::keystone::auth::tenant: 'service' + cinder::keystone::auth::public_url: {get_param: [EndpointMap, CinderPublic, uri]} + cinder::keystone::auth::internal_url: {get_param: [EndpointMap, CinderInternal, uri]} + cinder::keystone::auth::admin_url: {get_param: [EndpointMap, CinderAdmin, uri]} + cinder::keystone::auth::public_url_v2: {get_param: [EndpointMap, CinderV2Public, uri]} + cinder::keystone::auth::internal_url_v2: {get_param: [EndpointMap, CinderV2Internal, uri]} + cinder::keystone::auth::admin_url_v2: {get_param: [EndpointMap, CinderV2Admin, uri]} + cinder::keystone::auth::password: {get_param: CinderPassword} + cinder::keystone::auth::region: {get_param: KeystoneRegion} cinder::api::enable_proxy_headers_parsing: true cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' # TODO(emilien) move it to puppet-cinder diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index d923e7c6..f5d98afa 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -64,7 +64,6 @@ outputs: - '%' - "%{hiera('mysql_bind_host')}" cinder::rabbit_heartbeat_timeout_threshold: 60 - cinder::keystone::auth::tenant: 'service' cinder::host: hostgroup cinder::cron::db_purge::destination: '/dev/null' cinder::db::database_db_max_retries: -1 diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 99065789..bb14546f 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -60,6 +60,10 @@ parameters: Rabbit client subscriber parameter to specify an SSL connection to the RabbitMQ host. type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint outputs: role_data: @@ -106,6 +110,7 @@ outputs: glance::keystone::auth::internal_url: {get_param: [EndpointMap, GlanceInternal, uri]} glance::keystone::auth::admin_url: {get_param: [EndpointMap, GlanceAdmin, uri]} glance::keystone::auth::password: {get_param: GlancePassword } + glance::keystone::auth::region: {get_param: KeystoneRegion} glance::registry::db::database_db_max_retries: -1 glance::registry::db::database_max_retries: -1 tripleo.glance_api.firewall_rules: diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index f8832dd8..c3a3b7ae 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -35,6 +35,7 @@ outputs: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api_cfn::workers: {get_param: HeatWorkers} + heat::keystone::auth_cfn::tenant: 'service' heat::keystone::auth_cfn::public_url: {get_param: [EndpointMap, HeatCfnPublic, uri]} heat::keystone::auth_cfn::internal_url: {get_param: [EndpointMap, HeatCfnInternal, uri]} heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index c0e7a690..b4402a17 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -35,6 +35,7 @@ outputs: map_merge: - get_attr: [HeatBase, role_data, config_settings] - heat::api::workers: {get_param: HeatWorkers} + heat::keystone::auth::tenant: 'service' heat::keystone::auth::public_url: {get_param: [EndpointMap, HeatPublic, uri]} heat::keystone::auth::internal_url: {get_param: [EndpointMap, HeatInternal, uri]} heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index 01f2a51b..091a4e9b 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -47,7 +47,6 @@ outputs: value: 'role:admin' heat::rabbit_heartbeat_timeout_threshold: 60 heat::keystone_tenant: 'service' - heat::keystone::auth::tenant: 'service' heat::keystone::domain::domain_name: 'heat_stack' heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 3f8ac7e8..f6339c83 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -64,6 +64,5 @@ outputs: neutron::allow_overlapping_ips: true neutron::rabbit_heartbeat_timeout_threshold: 60 neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed - neutron::keystone::auth::tenant: 'service' neutron::db::database_db_max_retries: -1 neutron::db::database_max_retries: -1 diff --git a/puppet/services/neutron-server.yaml b/puppet/services/neutron-server.yaml index d64fd66d..cd602e6e 100644 --- a/puppet/services/neutron-server.yaml +++ b/puppet/services/neutron-server.yaml @@ -33,6 +33,10 @@ parameters: description: Enable Neutron DVR. default: false type: boolean + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint resources: @@ -56,14 +60,18 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' + neutron::keystone::auth::tenant: 'service' + neutron::keystone::auth::public_url: {get_param: [EndpointMap, NeutronPublic, uri]} + neutron::keystone::auth::internal_url: { get_param: [ EndpointMap, NeutronInternal, uri ] } + neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] } + neutron::keystone::auth::password: {get_param: NeutronPassword} + neutron::keystone::auth::region: {get_param: KeystoneRegion} neutron::server::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::server::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - neutron::server::auth_tenant: 'service' - neutron::server::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } neutron::server::api_workers: {get_param: NeutronWorkers} neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron::server::l3_ha: {get_param: NeutronL3HA} - neutron::server::auth_password: {get_param: NeutronPassword} + neutron::server::password: {get_param: NeutronPassword} neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] } neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 045a8614..d560edb4 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -13,6 +13,14 @@ parameters: default: 0 description: Number of workers for Nova API service. type: number + NovaPassword: + description: The password for the nova service and db account, used by nova-api. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint resources: NovaBase: @@ -47,5 +55,11 @@ outputs: nova::api::default_floating_pool: 'public' nova::api::sync_db_api: true nova::api::enable_proxy_headers_parsing: true + nova::keystone::auth::tenant: 'service' + nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]} + nova::keystone::auth::internal_url: {get_param: [EndpointMap, NovaInternal, uri]} + nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} + nova::keystone::auth::password: {get_param: NovaPassword} + nova::keystone::auth::region: {get_param: KeystoneRegion} step_config: | include tripleo::profile::base::nova::api diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index e3379821..5bc94b2b 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -13,6 +13,10 @@ parameters: description: The password for the nova service and db account, used by nova-api. type: string hidden: true + NeutronPassword: + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true RabbitPassword: description: The password for RabbitMQ type: string @@ -82,13 +86,15 @@ outputs: nova::network::neutron::neutron_project_name: 'service' nova::network::neutron::neutron_username: 'neutron' nova::network::neutron::dhcp_domain: '' + nova::network::neutron::neutron_password: {get_param: NeutronPassword} + nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} + nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} nova::rabbit_heartbeat_timeout_threshold: 60 nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed. nova::notify_on_state_change: 'vm_and_task_state' nova::notification_driver: messagingv2 nova::network::neutron::neutron_auth_type: 'v3password' - nova::keystone::auth::tenant: 'service' nova::db::mysql::user: nova nova::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} nova::db::mysql::dbname: nova diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml index ac05a01a..a06afb2d 100644 --- a/puppet/services/pacemaker/sahara-api.yaml +++ b/puppet/services/pacemaker/sahara-api.yaml @@ -28,4 +28,4 @@ outputs: - sahara::service::api::manage_service: false sahara::service::api::enabled: false step_config: | - include ::tripleo::profile::pacemaker::sahara + include ::tripleo::profile::pacemaker::sahara::api diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml index f6bd8f61..a1191f87 100644 --- a/puppet/services/pacemaker/sahara-engine.yaml +++ b/puppet/services/pacemaker/sahara-engine.yaml @@ -27,7 +27,5 @@ outputs: - get_attr: [SaharaEngineBase, role_data, config_settings] - sahara::service::engine::manage_service: false sahara::service::engine::enabled: false - # No puppet manifests since sahara-engine is included in - # ::tripleo::profile::pacemaker::sahara which is maintained alongside of - # pacemaker/sahara-api.yaml. - step_config: + step_config: | + include ::tripleo::profile::pacemaker::sahara::engine diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 7ca9bbd5..85324312 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -10,7 +10,6 @@ parameters: via parameter_defaults in the resource registry. type: json SaharaPassword: - default: unset description: The password for the sahara service account, used by sahara-api. type: string hidden: true @@ -18,9 +17,6 @@ parameters: default: 0 description: The number of workers for the sahara-api. type: number - SaharaApiVirtualIP: - type: string - default: '' KeystoneRegion: type: string default: 'regionOne' @@ -29,6 +25,8 @@ parameters: resources: SaharaBase: type: ./sahara-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} outputs: role_data: @@ -38,12 +36,8 @@ outputs: config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] - - sahara::host: {get_param: SaharaApiVirtualIP} - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} - sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - sahara::admin_password: {get_param: SaharaPassword} - sahara::service::api::api_workers: {get_param: SaharaApiWorkers} + - sahara::port: {get_param: [EndpointMap, SaharaInternal, port]} + sahara::service::api::api_workers: {get_param: SaharaWorkers} sahara::keystone::auth::public_url: {get_param: [EndpointMap, SaharaPublic, uri]} sahara::keystone::auth::internal_url: {get_param: [EndpointMap, SaharaInternal, uri]} sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]} diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index 2f8cd91b..7ec44a49 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -4,6 +4,11 @@ description: > OpenStack Sahara base service. Shared for all Sahara services. parameters: + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json RabbitPassword: description: The password for RabbitMQ type: string @@ -22,6 +27,10 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + SaharaPassword: + description: The password for the sahara service account, used by sahara-api. + type: string + hidden: true Debug: type: string default: '' @@ -33,11 +42,30 @@ outputs: value: service_name: sahara_base config_settings: + sahara::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://sahara:' + - {get_param: SaharaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/sahara' + sahara::db::mysql::password: {get_param: SaharaPassword} + sahara::db::mysql::user: sahara + sahara::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} + sahara::db::mysql::dbname: sahara + sahara::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} sahara::rabbit_port: {get_param: RabbitClientPort} sahara::debug: {get_param: Debug} + sahara::admin_password: {get_param: SaharaPassword} + sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } sahara::use_neutron: true sahara::plugins: - cdh diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index 074f83c7..de2ac7ef 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -9,15 +9,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - SaharaPassword: - default: unset - description: The password for the sahara service account, used by sahara-api. - type: string - hidden: true resources: SaharaBase: type: ./sahara-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} outputs: role_data: @@ -27,22 +24,5 @@ outputs: config_settings: map_merge: - get_attr: [SaharaBase, role_data, config_settings] - - sahara_dsn: &sahara_dsn - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://sahara:' - - {get_param: SaharaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/sahara' - sahara::database_connection: *sahara_dsn - sahara::db::mysql::password: {get_param: SaharaPassword} - sahara::db::mysql::user: sahara - sahara::db::mysql::host: {get_param: [EndpointMap, MysqlNoBracketsInternal, host]} - sahara::db::mysql::dbname: sahara - sahara::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" step_config: | include ::tripleo::profile::base::sahara::engine diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index 5e331f44..298b5bd2 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -1,8 +1,9 @@ heat_template_version: 2015-04-30 description: 'OpenStack swift storage node configured by Puppet' parameters: - Flavor: + OvercloudSwiftStorageFlavor: description: Flavor for Swift storage nodes to request when deploying. + default: baremetal type: string constraints: - custom_constraint: nova.flavor @@ -115,7 +116,7 @@ resources: command: {get_param: ConfigCommand} properties: image: {get_param: SwiftStorageImage} - flavor: {get_param: Flavor} + flavor: {get_param: OvercloudSwiftStorageFlavor} key_name: {get_param: KeyName} networks: - network: ctlplane @@ -268,7 +269,6 @@ resources: extraconfig: mapped_data: {get_param: ExtraConfig} object: - raw_data: {get_file: hieradata/object.yaml} mapped_data: # data supplied directly to this deployment configuration, etc swift::swift_hash_path_suffix: { get_input: swift_hash_suffix } swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} |