diff options
Diffstat (limited to 'puppet')
| -rw-r--r-- | puppet/ceph-storage-post.yaml | 6 | ||||
| -rw-r--r-- | puppet/ceph-storage.yaml | 8 | ||||
| -rw-r--r-- | puppet/cinder-storage-post.yaml | 6 | ||||
| -rw-r--r-- | puppet/cinder-storage.yaml | 9 | ||||
| -rw-r--r-- | puppet/compute-post.yaml | 6 | ||||
| -rw-r--r-- | puppet/compute.yaml | 16 | ||||
| -rw-r--r-- | puppet/controller-config-pacemaker.yaml | 7 | ||||
| -rw-r--r-- | puppet/controller-config.yaml | 7 | ||||
| -rw-r--r-- | puppet/controller-post.yaml | 5 | ||||
| -rw-r--r-- | puppet/controller.yaml | 127 | ||||
| -rw-r--r-- | puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml | 2 | ||||
| -rw-r--r-- | puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml | 174 | ||||
| -rw-r--r-- | puppet/hieradata/common.yaml | 2 | ||||
| -rw-r--r-- | puppet/hieradata/compute.yaml | 4 | ||||
| -rw-r--r-- | puppet/hieradata/controller.yaml | 12 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_compute.pp | 14 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller.pp | 29 | ||||
| -rw-r--r-- | puppet/manifests/overcloud_controller_pacemaker.pp | 140 | ||||
| -rw-r--r-- | puppet/swift-storage-post.yaml | 8 | ||||
| -rw-r--r-- | puppet/swift-storage.yaml | 8 |
20 files changed, 542 insertions, 48 deletions
diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml index 1b5b944d..0f7dd36f 100644 --- a/puppet/ceph-storage-post.yaml +++ b/puppet/ceph-storage-post.yaml @@ -4,6 +4,10 @@ description: > OpenStack ceph storage node post deployment for Puppet parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean servers: type: json NodeConfigIdentifiers: @@ -16,6 +20,8 @@ resources: type: OS::Heat::SoftwareConfig properties: group: puppet + options: + enable_debug: {get_param: ConfigDebug} outputs: - name: result config: diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml index 1213d3df..75294599 100644 --- a/puppet/ceph-storage.yaml +++ b/puppet/ceph-storage.yaml @@ -181,6 +181,14 @@ resources: properties: server: {get_resource: CephStorage} + # Hook for site-specific additional pre-deployment config, + # applying to all nodes, e.g node registration/unregistration + NodeExtraConfig: + depends_on: CephStorageExtraConfigPre + type: OS::TripleO::NodeExtraConfig + properties: + server: {get_resource: CephStorage} + UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate diff --git a/puppet/cinder-storage-post.yaml b/puppet/cinder-storage-post.yaml index 24d2b8a3..c97cfcf9 100644 --- a/puppet/cinder-storage-post.yaml +++ b/puppet/cinder-storage-post.yaml @@ -2,6 +2,10 @@ heat_template_version: 2015-04-30 description: 'OpenStack cinder storage post deployment for Puppet' parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean servers: type: json NodeConfigIdentifiers: @@ -14,6 +18,8 @@ resources: type: OS::Heat::SoftwareConfig properties: group: puppet + options: + enable_debug: {get_param: ConfigDebug} outputs: - name: result config: diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml index 5779c097..6a869219 100644 --- a/puppet/cinder-storage.yaml +++ b/puppet/cinder-storage.yaml @@ -59,6 +59,7 @@ parameters: RabbitPassword: default: 'guest' type: string + hidden: true RabbitUserName: default: 'guest' type: string @@ -263,6 +264,14 @@ resources: snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} + # Hook for site-specific additional pre-deployment config, + # applying to all nodes, e.g node registration/unregistration + NodeExtraConfig: + depends_on: BlockStorageDeployment + type: OS::TripleO::NodeExtraConfig + properties: + server: {get_resource: BlockStorage} + UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml index b4a6126b..b63b06b4 100644 --- a/puppet/compute-post.yaml +++ b/puppet/compute-post.yaml @@ -4,6 +4,10 @@ description: > OpenStack compute node post deployment for Puppet. parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean servers: type: json NodeConfigIdentifiers: @@ -17,6 +21,8 @@ resources: type: OS::Heat::SoftwareConfig properties: group: puppet + options: + enable_debug: {get_param: ConfigDebug} outputs: - name: result config: diff --git a/puppet/compute.yaml b/puppet/compute.yaml index e1e84f04..2b635357 100644 --- a/puppet/compute.yaml +++ b/puppet/compute.yaml @@ -29,6 +29,10 @@ parameters: default: false description: Whether to enable or not the NFS backend for Cinder type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean Debug: default: '' description: Set to True to enable debugging on all services. @@ -149,6 +153,7 @@ parameters: default: 'unset' description: Shared secret to prevent spoofing type: string + hidden: true NeutronCorePlugin: default: 'ml2' description: | @@ -360,6 +365,7 @@ resources: - all_nodes # provided by allNodesConfig - '"%{::osfamily}"' - common + - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre datafiles: compute_extraconfig: mapped_data: {get_param: NovaComputeExtraConfig} @@ -383,6 +389,7 @@ resources: nova_api_host: {get_input: nova_api_host} nova::compute::vncproxy_host: {get_input: nova_public_ip} nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend} + rbd_persistent_storage: {get_input: cinder_enable_rbd_backend} nova_password: {get_input: nova_password} nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address} ceilometer::debug: {get_input: debug} @@ -446,6 +453,7 @@ resources: nova_api_host: {get_param: NovaApiHost} nova_password: {get_param: NovaPassword} nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend} + cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]} ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} ceilometer_password: {get_param: CeilometerPassword} @@ -554,6 +562,14 @@ resources: properties: server: {get_resource: NovaCompute} + # Hook for site-specific additional pre-deployment config, + # applying to all nodes, e.g node registration/unregistration + NodeExtraConfig: + depends_on: ComputeExtraConfigPre + type: OS::TripleO::NodeExtraConfig + properties: + server: {get_resource: NovaCompute} + UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate diff --git a/puppet/controller-config-pacemaker.yaml b/puppet/controller-config-pacemaker.yaml index 38161cd7..dc81498a 100644 --- a/puppet/controller-config-pacemaker.yaml +++ b/puppet/controller-config-pacemaker.yaml @@ -3,6 +3,12 @@ heat_template_version: 2015-04-30 description: > A software config which runs manifests/overcloud_controller_pacemaker.pp +parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean + resources: ControllerPuppetConfigImpl: @@ -10,6 +16,7 @@ resources: properties: group: puppet options: + enable_debug: {get_param: ConfigDebug} enable_hiera: True enable_facter: False outputs: diff --git a/puppet/controller-config.yaml b/puppet/controller-config.yaml index 4135ffac..f85e1a9e 100644 --- a/puppet/controller-config.yaml +++ b/puppet/controller-config.yaml @@ -3,6 +3,12 @@ heat_template_version: 2015-04-30 description: > A software config which runs manifests/overcloud_controller.pp +parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean + resources: ControllerPuppetConfigImpl: @@ -10,6 +16,7 @@ resources: properties: group: puppet options: + enable_debug: {get_param: ConfigDebug} enable_hiera: True enable_facter: False outputs: diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml index 49cbe1e2..941e1ac5 100644 --- a/puppet/controller-post.yaml +++ b/puppet/controller-post.yaml @@ -4,6 +4,10 @@ description: > OpenStack controller node post deployment for Puppet. parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean servers: type: json NodeConfigIdentifiers: @@ -46,6 +50,7 @@ resources: properties: group: puppet options: + enable_debug: {get_param: ConfigDebug} enable_hiera: True enable_facter: False inputs: diff --git a/puppet/controller.yaml b/puppet/controller.yaml index 8d10482c..4504428d 100644 --- a/puppet/controller.yaml +++ b/puppet/controller.yaml @@ -4,6 +4,11 @@ description: > OpenStack controller node configured by Puppet. parameters: + AdminEmail: + default: 'admin@example.com' + description: The email for the keystone admin account. + type: string + hidden: true AdminPassword: default: unset description: The password for the keystone admin account, used for monitoring, querying neutron etc. @@ -14,6 +19,9 @@ parameters: description: The keystone auth secret and db password. type: string hidden: true + CeilometerApiVirtualIP: + type: string + default: '' CeilometerBackend: default: 'mongodb' description: The ceilometer backend type. @@ -28,6 +36,9 @@ parameters: description: The password for the ceilometer service and db account. type: string hidden: true + CinderApiVirtualIP: + type: string + default: '' CinderEnableNfsBackend: default: false description: Whether to enable or not the NFS backend for Cinder @@ -174,6 +185,34 @@ parameters: type: string constraints: - allowed_values: ['swift', 'file', 'rbd'] + GlanceFilePcmkDevice: + default: '' + description: > + An exported storage device that should be mounted by Pacemaker + as Glance storage. Effective when GlanceFilePcmkManage is true. + type: string + GlanceFilePcmkFstype: + default: 'nfs' + description: > + Filesystem type for Pacemaker mount used as Glance storage. + Effective when GlanceFilePcmkManage is true. + type: string + GlanceFilePcmkManage: + default: false + description: > + Whether to make Glance file backend a mount managed by Pacemaker. + Effective when GlanceBackend is 'file'. + type: boolean + GlanceFilePcmkOptions: + default: '' + description: > + Mount options for Pacemaker mount used as Glance storage. + Effective when GlanceFilePcmkManage is true. + type: string + HAProxySyslogAddress: + default: /dev/log + description: Syslog address where HAproxy will send its log + type: string HeatPassword: default: unset description: The password for the Heat service and db account, used by the Heat services. @@ -187,9 +226,15 @@ parameters: HeatAuthEncryptionKey: description: Auth encryption key for heat-engine type: string + hidden: true + HorizonAllowedHosts: + default: '*' + description: A list of IP/Hostname allowed to connect to horizon + type: comma_delimited_list HorizonSecret: description: Secret key for Django type: string + hidden: true Image: type: string default: overcloud-control @@ -237,6 +282,10 @@ parameters: type: string constraints: - allowed_values: [ 'basic', 'cadf' ] + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint MysqlClusterUniquePart: description: A unique identifier of the MySQL cluster the controller is in. type: string @@ -297,6 +346,7 @@ parameters: default: 'unset' description: Shared secret to prevent spoofing type: string + hidden: true NeutronCorePlugin: default: 'ml2' description: | @@ -395,6 +445,9 @@ parameters: of VXLAN VNI IDs that are available for tenant network allocation default: ["1:1000", ] type: comma_delimited_list + NovaApiVirtualIP: + type: string + default: '' NovaPassword: default: unset description: The password for the nova service and db account, used by nova-api. @@ -410,13 +463,14 @@ parameters: PcsdPassword: type: string description: The password for the 'pcsd' user. + hidden: true PublicVirtualInterface: default: 'br-ex' description: > Specifies the interface where the public-facing virtual ip will be assigned. This should be int_public when a VLAN is being used. type: string - PublicVirtualIP: # DEPRECATED: use per service settings instead + PublicVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug RabbitCookie: @@ -442,6 +496,10 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + RabbitFDLimit: + default: 16384 + description: Configures RabbitMQ FD limit + type: string RedisVirtualIP: type: string default: '' # Has to be here because of the ignored empty value bug @@ -492,6 +550,9 @@ parameters: services. hidden: true type: string + SwiftProxyVirtualIP: + type: string + default: '' SwiftReplicas: type: number default: 3 @@ -505,6 +566,9 @@ parameters: GlanceApiVirtualIP: type: string default: '' + GlanceRegistryVirtualIP: + type: string + default: '' MysqlVirtualIP: type: string default: '' @@ -644,6 +708,7 @@ resources: input_values: bootstack_nodeid: {get_attr: [Controller, name]} neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + haproxy_log_address: {get_param: HAProxySyslogAddress} heat.watch_server_url: list_join: - '' @@ -663,7 +728,9 @@ resources: - {get_param: HeatApiVirtualIP} - ':8000/v1/waitcondition' heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} + horizon_allowed_hosts: {get_param: HorizonAllowedHosts} horizon_secret: {get_param: HorizonSecret} + admin_email: {get_param: AdminEmail} admin_password: {get_param: AdminPassword} admin_token: {get_param: AdminToken} neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} @@ -695,6 +762,10 @@ resources: glance_port: {get_param: GlancePort} glance_password: {get_param: GlancePassword} glance_backend: {get_param: GlanceBackend} + glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice} + glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} + glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} + glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} glance_notifier_strategy: {get_param: GlanceNotifierStrategy} glance_log_file: {get_param: GlanceLogFile} glance_dsn: @@ -736,13 +807,25 @@ resources: - '' - - 'http://' - {get_param: KeystoneAdminApiVirtualIP} - - ':35357/' + - ':35357' keystone_auth_uri: list_join: - '' - - 'http://' - {get_param: KeystonePublicApiVirtualIP} - ':5000/v2.0/' + keystone_public_url: + list_join: + - '' + - - 'http://' + - {get_param: PublicVirtualIP} + - ':5000' + keystone_internal_url: + list_join: + - '' + - - 'http://' + - {get_param: KeystonePublicApiVirtualIP} + - ':5000' keystone_ec2_uri: list_join: - '' @@ -852,7 +935,9 @@ resources: ceilometer_dsn: list_join: - '' - - - 'mysql://ceilometer:unset@' + - - 'mysql://ceilometer:' + - {get_param: CeilometerPassword} + - '@' - {get_param: MysqlVirtualIP} - '/ceilometer' snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} @@ -874,6 +959,14 @@ resources: rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} rabbit_client_port: {get_param: RabbitClientPort} mongodb_no_journal: {get_param: MongoDbNoJournal} + # We need to force this into quotes or hiera will return integer causing + # the puppet module validation regexp to fail. + # Remove when: https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/401 + rabbit_fd_limit: + str_replace: + template: "'LIMIT'" + params: + LIMIT: {get_param: RabbitFDLimit} ntp_servers: str_replace: template: '["server"]' @@ -903,9 +996,11 @@ resources: - {get_param: GlanceApiVirtualIP} - ':' - {get_param: GlancePort} + glance_registry_host: {get_param: GlanceRegistryVirtualIP} heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} + keystone_region: {get_param: KeystoneRegion} mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} @@ -949,6 +1044,7 @@ resources: - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre + - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre datafiles: controller_extraconfig: mapped_data: {get_param: ControllerExtraConfig} @@ -1020,7 +1116,7 @@ resources: glance::api::bind_host: {get_input: glance_api_network} glance::api::auth_uri: {get_input: keystone_auth_uri} glance::api::identity_uri: {get_input: keystone_identity_uri} - glance::api::registry_host: {get_input: glance_registry_network} + glance::api::registry_host: {get_input: glance_registry_host} glance::api::keystone_password: {get_input: glance_password} glance::api::debug: {get_input: debug} glance_notifier_strategy: {get_input: glance_notifier_strategy} @@ -1029,7 +1125,7 @@ resources: glance::api::database_connection: {get_input: glance_dsn} glance::registry::keystone_password: {get_input: glance_password} glance::registry::database_connection: {get_input: glance_dsn} - glance::registry::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} + glance::registry::bind_host: {get_input: glance_registry_network} glance::registry::auth_uri: {get_input: keystone_auth_uri} glance::registry::identity_uri: {get_input: keystone_identity_uri} glance::registry::debug: {get_input: debug} @@ -1038,6 +1134,10 @@ resources: glance::backend::swift::swift_store_key: {get_input: glance_password} glance_backend: {get_input: glance_backend} glance::db::mysql::password: {get_input: glance_password} + glance_file_pcmk_device: {get_input: glance_file_pcmk_device} + glance_file_pcmk_fstype: {get_input: glance_file_pcmk_fstype} + glance_file_pcmk_manage: {get_input: glance_file_pcmk_manage} + glance_file_pcmk_options: {get_input: glance_file_pcmk_options} # Heat heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} @@ -1078,6 +1178,12 @@ resources: keystone::rabbit_port: {get_input: rabbit_client_port} keystone::notification_driver: {get_input: keystone_notification_driver} keystone::notification_format: {get_input: keystone_notification_format} + keystone::roles::admin::email: {get_input: admin_email} + keystone::roles::admin::password: {get_input: admin_password} + keystone::endpoint::public_url: {get_input: keystone_public_url} + keystone::endpoint::internal_url: {get_input: keystone_internal_url} + keystone::endpoint::admin_url: {get_input: keystone_identity_uri} + keystone::endpoint::region: {get_input: keystone_region} # MongoDB mongodb::server::bind_ip: {get_input: mongo_db_network} mongodb::server::nojournal: {get_input: mongodb_no_journal} @@ -1177,6 +1283,7 @@ resources: # Horizon apache::ip: {get_input: horizon_network} + horizon::allowed_hosts: {get_input: horizon_allowed_hosts} horizon::django_debug: {get_input: debug} horizon::secret_key: {get_input: horizon_secret} horizon::bind_address: {get_input: horizon_network} @@ -1185,6 +1292,7 @@ resources: # Rabbit rabbitmq::node_ip_address: {get_input: rabbitmq_network} rabbitmq::erlang_cookie: {get_input: rabbit_cookie} + rabbitmq::file_limit: {get_input: rabbit_fd_limit} # Redis redis::bind: {get_input: redis_network} redis_vip: {get_input: redis_vip} @@ -1196,6 +1304,7 @@ resources: public_virtual_interface: {get_input: public_virtual_interface} tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface} tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} + tripleo::loadbalancer::haproxy_log_address: {get_input: haproxy_log_address} tripleo::packages::enable_install: {get_input: enable_package_install} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -1206,6 +1315,14 @@ resources: properties: server: {get_resource: Controller} + # Hook for site-specific additional pre-deployment config, + # applying to all nodes, e.g node registration/unregistration + NodeExtraConfig: + depends_on: ControllerExtraConfigPre + type: OS::TripleO::NodeExtraConfig + properties: + server: {get_resource: Controller} + UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml index 18295a2f..7ec2190f 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml @@ -18,6 +18,7 @@ parameters: type: string CinderNetappPassword: type: string + hidden: true CinderNetappServerHostname: type: string CinderNetappServerPort: @@ -65,6 +66,7 @@ parameters: CinderNetappSaPassword: type: string default: '' + hidden: true CinderNetappStoragePools: type: string default: '' diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml new file mode 100644 index 00000000..5985116b --- /dev/null +++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml @@ -0,0 +1,174 @@ +heat_template_version: 2015-04-30 + +description: Configure hieradata for Cisco N1KV configuration + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + + # Config specific parameters, to be provided via parameter_defaults + N1000vVSMIP: + type: string + default: '192.0.2.50' + N1000vVSMDomainID: + type: number + default: 100 + N1000vVSMIPV6: + type: string + default: '::1' + N1000vVEMHostMgmtIntf: + type: string + default: 'br-ex' + N1000vUplinkProfile: + type: string + default: '{eth1: system-uplink,}' + N1000vVtepConfig: + type: string + default: '{}' + N1000vVEMSource: + type: string + default: '' + N1000vVEMVersion: + type: string + default: '' + N1000vPortDB: + type: string + default: 'ovs' + N1000vVtepsInSameSub: + type: boolean + default: false + N1000vVEMFastpathFlood: + type: string + default: 'enable' +#VSM Puppet Parameter + N1000vVSMSource: + type: string + default: '' + N1000vVSMVersion: + type: string + default: 'latest' + N1000vVSMHostMgmtIntf: + type: string + default: 'br-ex' + N1000vVSMRole: + type: string + default: 'primary' + N1000vVSMPassword: + type: string + default: 'Password' + N1000vMgmtNetmask: + type: string + default: '255.255.255.0' + N1000vMgmtGatewayIP: + type: string + default: '192.0.2.1' + N1000vPacemakerControl: + type: boolean + default: true + N1000vExistingBridge: + type: boolean + default: true +#Plugin Parameters + N1000vVSMUser: + type: string + default: 'admin' + N1000vPollDuration: + type: number + default: 60 + N1000vHttpPoolSize: + type: number + default: 5 + N1000vHttpTimeout: + type: number + default: 15 + N1000vSyncInterval: + type: number + default: 300 + N1000vMaxVSMRetries: + type: number + default: 2 + +resources: + CiscoN1kvConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + datafiles: + cisco_n1kv_data: + mapped_data: + #enable_cisco_n1kv: {get_input: EnableCiscoN1kv} + # VEM Parameters + n1kv_vem_source: {get_input: n1kv_vem_source} + n1kv_vem_version: {get_input: n1kv_vem_version} + neutron::agents::n1kv_vem::n1kv_vsm_ip: {get_input: n1kv_vsm_ip} + neutron::agents::n1kv_vem::n1kv_vsm_domain_id: {get_input: n1kv_vsm_domain_id} + neutron::agents::n1kv_vem::n1kv_vsm_ip_v6: {get_input: n1kv_vsm_ip_v6} + neutron::agents::n1kv_vem::host_mgmt_intf: {get_input: n1kv_vem_host_mgmt_intf} + neutron::agents::n1kv_vem::uplink_profile: {get_input: n1kv_vem_uplink_profile} + neutron::agents::n1kv_vem::vtep_config: {get_input: n1kv_vem_vtep_config} + neutron::agents::n1kv_vem::portdb: {get_input: n1kv_vem_portdb} + neutron::agents::n1kv_vem::vteps_in_same_subnet: {get_input: n1kv_vem_vteps_in_same_subnet} + neutron::agents::n1kv_vem::fastpath_flood: {get_input: n1kv_vem_fastpath_flood} + #VSM Parameter + n1kv_vsm_source: {get_input: n1kv_vsm_source} + n1kv_vsm_version: {get_input: n1kv_vsm_version} + n1k_vsm::phy_if_bridge: {get_input: n1kv_vsm_host_mgmt_intf} + n1k_vsm::vsm_role: {get_input: n1kv_vsm_role} + n1k_vsm::pacemaker_control: {get_input: n1kv_vsm_pacemaker_ctrl} + n1k_vsm::existing_bridge: {get_input: n1kv_vsm_existing_br} + n1k_vsm::vsm_admin_passwd: {get_input: n1kv_vsm_password} + n1k_vsm::vsm_domain_id: {get_input: n1kv_vsm_domain_id} + n1k_vsm::vsm_mgmt_ip: {get_input: n1kv_vsm_ip} + n1k_vsm::vsm_mgmt_netmask: {get_input: n1kv_vsm_mgmt_netmask} + n1k_vsm::vsm_mgmt_gateway: {get_input: n1kv_vsm_gateway_ip} + n1k_vsm::phy_gateway: {get_input: n1kv_vsm_gateway_ip} + # Cisco N1KV driver Parameters + neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_ip: {get_input: n1kv_vsm_ip} + neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_username: {get_input: n1kv_vsm_username} + neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_password: {get_input: n1kv_vsm_password} + neutron::plugins::ml2::cisco::nexus1000v::poll_duration: {get_input: n1kv_vsm_poll_duration} + neutron::plugins::ml2::cisco::nexus1000v::http_pool_size: {get_input: n1kv_vsm_http_pool_size} + neutron::plugins::ml2::cisco::nexus1000v::http_timeout: {get_input: n1kv_vsm_http_timeout} + neutron::plugins::ml2::cisco::nexus1000v::n1kv_vsm_sync_interval: {get_input: n1kv_vsm_sync_interval} + neutron::plugins::ml2::cisco::nexus1000v::max_vsm_retries: {get_input: n1kv_max_vsm_retries} + + CiscoN1kvDeployment: + type: OS::Heat::StructuredDeployment + properties: + config: {get_resource: CiscoN1kvConfig} + server: {get_param: server} + input_values: + n1kv_vsm_ip: {get_param: N1000vVSMIP} + n1kv_vsm_domain_id: {get_param: N1000vVSMDomainID} + n1kv_vsm_ip_v6: {get_param: N1000vVSMIPV6} + n1kv_vem_host_mgmt_intf: {get_param: N1000vVEMHostMgmtIntf} + n1kv_vem_uplink_profile: {get_param: N1000vUplinkProfile} + n1kv_vem_vtep_config: {get_param: N1000vVtepConfig} + n1kv_vem_source: {get_param: N1000vVEMSource} + n1kv_vem_version: {get_param: N1000vVEMVersion} + n1kv_vem_portdb: {get_param: N1000vPortDB} + n1kv_vem_vteps_in_same_subnet: {get_param: N1000vVtepsInSameSub} + n1kv_vem_fastpath_flood: {get_param: N1000vVEMFastpathFlood} + n1kv_vsm_source: {get_param: N1000vVSMSource} + n1kv_vsm_version: {get_param: N1000vVSMVersion} + n1kv_vsm_host_mgmt_intf: {get_param: N1000vVSMHostMgmtIntf} + n1kv_vsm_role: {get_param: N1000vVSMRole} + n1kv_vsm_password: {get_param: N1000vVSMPassword} + n1kv_vsm_mgmt_netmask: {get_param: N1000vMgmtNetmask} + n1kv_vsm_gateway_ip: {get_param: N1000vMgmtGatewayIP} + n1kv_vsm_pacemaker_ctrl: {get_param: N1000vPacemakerControl} + n1kv_vsm_existing_br: {get_param: N1000vExistingBridge} + n1kv_vsm_username: {get_param: N1000vVSMUser} + n1kv_vsm_poll_duration: {get_param: N1000vPollDuration} + n1kv_vsm_http_pool_size: {get_param: N1000vHttpPoolSize} + n1kv_vsm_http_timeout: {get_param: N1000vHttpTimeout} + n1kv_vsm_sync_interval: {get_param: N1000vSyncInterval} + n1kv_max_vsm_retries: {get_param: N1000vMaxVSMRetries} + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger puppet apply on changes + value: {get_attr: [CiscoN1kvDeployment, deploy_stdout]} diff --git a/puppet/hieradata/common.yaml b/puppet/hieradata/common.yaml index 4a872d57..030f661d 100644 --- a/puppet/hieradata/common.yaml +++ b/puppet/hieradata/common.yaml @@ -29,3 +29,5 @@ cinder::rabbit_heartbeat_timeout_threshold: 60 ceilometer::rabbit_heartbeat_timeout_threshold: 60 heat::rabbit_heartbeat_timeout_threshold: 60 keystone::rabbit_heartbeat_timeout_threshold: 60 + +nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' diff --git a/puppet/hieradata/compute.yaml b/puppet/hieradata/compute.yaml index d7c1f879..4a94c237 100644 --- a/puppet/hieradata/compute.yaml +++ b/puppet/hieradata/compute.yaml @@ -15,10 +15,6 @@ nova::compute::rbd::rbd_keyring: 'client.openstack' nova::compute::rbd::libvirt_images_rbd_pool: 'vms' nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" -nova::config::nova_config: - cinder/catalog_info: - value: 'volumev2:cinderv2:internalURL' - ceilometer::agent::auth::auth_tenant_name: 'service' compute_classes: [] diff --git a/puppet/hieradata/controller.yaml b/puppet/hieradata/controller.yaml index a66c1eaa..81ee7cfb 100644 --- a/puppet/hieradata/controller.yaml +++ b/puppet/hieradata/controller.yaml @@ -42,6 +42,8 @@ heat::keystone_tenant: 'service' # keystone keystone::cron::token_flush::maxdelay: 3600 +keystone::roles::admin::service_tenant: 'service' +keystone::roles::admin::admin_tenant: 'admin' #swift swift::proxy::pipeline: @@ -64,6 +66,7 @@ glance::api::pipeline: 'keystone' glance::registry::pipeline: 'keystone' glance::backend::swift::swift_store_create_container_on_put: true glance::backend::rbd::rbd_store_user: 'openstack' +glance_file_pcmk_directory: '/var/lib/glance/images' # neutron neutron::server::sync_db: true @@ -75,6 +78,9 @@ nova::api::default_floating_pool: 'public' nova::api::osapi_v3: true nova::scheduler::filter::ram_allocation_ratio: '1.0' +# ceilometer +ceilometer::agent::auth::auth_endpoint_type: 'internalURL' + # cinder cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler @@ -90,12 +96,14 @@ pacemaker::resource_defaults::defaults: resource-stickiness: { value: INFINITY } # horizon -horizon::allowed_hosts: '*' +horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache horizon::django_session_engine: 'django.contrib.sessions.backends.cache' +horizon::vhost_extra_params: + add_listen: false + priority: 10 # mysql mysql::server::manage_config_file: true -mysql::server::remove_default_accounts: true tripleo::loadbalancer::keystone_admin: true diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index fb5a3520..2150bab8 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -43,8 +43,9 @@ nova_config { 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; } -$nova_enable_rbd_backend = hiera('nova::compute::rbd::ephemeral_storage', false) -if $nova_enable_rbd_backend { +$rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) +$rbd_persistent_storage = hiera('rbd_persistent_storage', false) +if $rbd_ephemeral_storage or $rbd_persistent_storage { include ::ceph::profile::client $client_keys = hiera('ceph::profile::params::client_keys') @@ -78,7 +79,16 @@ class { 'neutron::agents::ml2::ovs': tunnel_types => split(hiera('neutron_tunnel_types'), ','), } +if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { + class { 'neutron::agents::n1kv_vem': + n1kv_source => hiera('n1kv_vem_source', undef), + n1kv_version => hiera('n1kv_vem_version', undef), + } +} + + include ::ceilometer +include ::ceilometer::config include ::ceilometer::agent::compute include ::ceilometer::agent::auth diff --git a/puppet/manifests/overcloud_controller.pp b/puppet/manifests/overcloud_controller.pp index 36b91a7b..813309e4 100644 --- a/puppet/manifests/overcloud_controller.pp +++ b/puppet/manifests/overcloud_controller.pp @@ -84,7 +84,8 @@ if hiera('step') >= 2 { 'max_connections' => hiera('mysql_max_connections'), 'open_files_limit' => '-1', }, - } + }, + remove_default_accounts => true, } # FIXME: this should only occur on the bootstrap host (ditto for db syncs) @@ -158,6 +159,8 @@ if hiera('step') >= 2 { if hiera('step') >= 3 { include ::keystone + include ::keystone::roles::admin + include ::keystone::endpoint #TODO: need a cleanup-keystone-tokens.sh solution here keystone_config { @@ -245,6 +248,20 @@ if hiera('step') >= 3 { bridge_mappings => split(hiera('neutron_bridge_mappings'), ','), tunnel_types => split(hiera('neutron_tunnel_types'), ','), } + if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { + include neutron::plugins::ml2::cisco::nexus1000v + + class { 'neutron::agents::n1kv_vem': + n1kv_source => hiera('n1kv_vem_source', undef), + n1kv_version => hiera('n1kv_vem_version', undef), + } + + class { 'n1k_vsm': + n1kv_source => hiera('n1kv_vsm_source', undef), + n1kv_version => hiera('n1kv_vsm_version', undef), + pacemaker_control => false, + } + } if 'cisco_ucsm' in hiera('neutron_mechanism_drivers') { include ::neutron::plugins::ml2::cisco::ucsm @@ -417,6 +434,7 @@ if hiera('step') >= 3 { } } include ::ceilometer + include ::ceilometer::config include ::ceilometer::api include ::ceilometer::agent::notification include ::ceilometer::agent::central @@ -439,10 +457,15 @@ if hiera('step') >= 3 { include ::heat::engine # Horizon - $vhost_params = { add_listen => false } + if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { + $_profile_support = 'cisco' + } else { + $_profile_support = 'None' + } + $neutron_options = {'profile_support' => $_profile_support } class { 'horizon': cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'), - vhost_extra_params => $vhost_params, + neutron_options => $neutron_options, } $snmpd_user = hiera('snmpd_readonly_user_name') diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp index 0a0ce781..71811563 100644 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ b/puppet/manifests/overcloud_controller_pacemaker.pp @@ -158,12 +158,13 @@ if hiera('step') >= 1 { } class { '::mysql::server': - create_root_user => false, - create_root_my_cnf => false, - config_file => $mysql_config_file, - override_options => $mysqld_options, - service_manage => false, - service_enabled => false, + create_root_user => false, + create_root_my_cnf => false, + config_file => $mysql_config_file, + override_options => $mysqld_options, + remove_default_accounts => $pacemaker_master, + service_manage => false, + service_enabled => false, } } @@ -330,7 +331,7 @@ if hiera('step') >= 2 { } pacemaker::resource::service { $::memcached::params::service_name : - clone_params => true, + clone_params => "interleave=true", require => Class['::memcached'], } @@ -524,6 +525,16 @@ if hiera('step') >= 3 { $http_store = ['glance.store.http.Store'] $glance_store = concat($http_store, $backend_store) + if $glance_backend == 'file' and hiera('glance_file_pcmk_manage', false) { + pacemaker::resource::filesystem { "glance-fs": + device => hiera('glance_file_pcmk_device'), + directory => hiera('glance_file_pcmk_directory'), + fstype => hiera('glance_file_pcmk_fstype'), + fsoptions => hiera('glance_file_pcmk_options', ''), + clone_params => '', + } + } + # TODO: notifications, scrubber, etc. include ::glance class { 'glance::api': @@ -617,6 +628,19 @@ if hiera('step') >= 3 { include ::neutron::plugins::ml2::cisco::nexus include ::neutron::plugins::ml2::cisco::type_nexus_vxlan } + if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { + include neutron::plugins::ml2::cisco::nexus1000v + + class { 'neutron::agents::n1kv_vem': + n1kv_source => hiera('n1kv_vem_source', undef), + n1kv_version => hiera('n1kv_vem_version', undef), + } + + class { 'n1k_vsm': + n1kv_source => hiera('n1kv_vsm_source', undef), + n1kv_version => hiera('n1kv_vsm_version', undef), + } + } if hiera('neutron_enable_bigswitch_ml2', false) { include neutron::plugins::ml2::bigswitch::restproxy @@ -801,6 +825,7 @@ if hiera('step') >= 3 { } } include ::ceilometer + include ::ceilometer::config class { '::ceilometer::api' : manage_service => false, enabled => false, @@ -857,16 +882,20 @@ if hiera('step') >= 3 { # httpd/apache and horizon # NOTE(gfidente): server-status can be consumed by the pacemaker resource agent - include ::apache + class { '::apache' : + service_enable => false, + # service_manage => false, # <-- not supported with horizon&apache mod_wsgi? + } include ::apache::mod::status - $vhost_params = { - add_listen => false, - priority => 10, + if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { + $_profile_support = 'cisco' + } else { + $_profile_support = 'None' } + $neutron_options = {'profile_support' => $_profile_support } class { 'horizon': cache_server_ip => hiera('memcache_node_ips', '127.0.0.1'), - vhost_extra_params => $vhost_params, - server_aliases => $::hostname, + neutron_options => $neutron_options, } $snmpd_user = hiera('snmpd_readonly_user_name') @@ -890,7 +919,11 @@ if hiera('step') >= 4 { # Keystone pacemaker::resource::service { $::keystone::params::service_name : - clone_params => "interleave=true", + clone_params => "interleave=true", + verify_on_create => true, + require => [File['/etc/keystone/ssl/certs/ca.pem'], + File['/etc/keystone/ssl/private/signing_key.pem'], + File['/etc/keystone/ssl/certs/signing_cert.pem']], } pacemaker::constraint::base { 'haproxy-then-keystone-constraint': @@ -1048,24 +1081,8 @@ if hiera('step') >= 4 { ocf_agent_name => "neutron:NetnsCleanup", clone_params => "interleave=true", } - pacemaker::constraint::base { 'keystone-to-neutron-server-constraint': - constraint_type => "order", - first_resource => "${::keystone::params::service_name}-clone", - second_resource => "${::neutron::params::server_service}-clone", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Service[$::keystone::params::service_name], - Pacemaker::Resource::Service[$::neutron::params::server_service]], - } - pacemaker::constraint::base { 'neutron-server-to-neutron-ovs-cleanup-constraint': - constraint_type => "order", - first_resource => "${::neutron::params::server_service}-clone", - second_resource => "${::neutron::params::ovs_cleanup_service}-clone", - first_action => "start", - second_action => "start", - require => [Pacemaker::Resource::Service[$::neutron::params::server_service], - Pacemaker::Resource::Ocf["${::neutron::params::ovs_cleanup_service}"]], - } + + # neutron - one chain ovs-cleanup-->netns-cleanup-->ovs-agent pacemaker::constraint::base { 'neutron-ovs-cleanup-to-netns-cleanup-constraint': constraint_type => "order", first_resource => "${::neutron::params::ovs_cleanup_service}-clone", @@ -1098,6 +1115,26 @@ if hiera('step') >= 4 { require => [Pacemaker::Resource::Ocf["neutron-netns-cleanup"], Pacemaker::Resource::Service["${::neutron::params::ovs_agent_service}"]], } + + #another chain keystone-->neutron-server-->ovs-agent-->dhcp-->l3 + pacemaker::constraint::base { 'keystone-to-neutron-server-constraint': + constraint_type => "order", + first_resource => "${::keystone::params::service_name}-clone", + second_resource => "${::neutron::params::server_service}-clone", + first_action => "start", + second_action => "start", + require => [Pacemaker::Resource::Service[$::keystone::params::service_name], + Pacemaker::Resource::Service[$::neutron::params::server_service]], + } + pacemaker::constraint::base { 'neutron-server-to-openvswitch-agent-constraint': + constraint_type => "order", + first_resource => "${::neutron::params::server_service}-clone", + second_resource => "${::neutron::params::ovs_agent_service}-clone", + first_action => "start", + second_action => "start", + require => [Pacemaker::Resource::Service[$::neutron::params::server_service], + Pacemaker::Resource::Service[$::neutron::params::ovs_agent_service]], + } pacemaker::constraint::base { 'neutron-openvswitch-agent-to-dhcp-agent-constraint': constraint_type => "order", first_resource => "${::neutron::params::ovs_agent_service}-clone", @@ -1482,10 +1519,49 @@ if hiera('step') >= 4 { clone_params => "interleave=true", } + #VSM + if 'cisco_n1kv' in hiera('neutron_mechanism_drivers') { + pacemaker::resource::ocf { 'vsm-p' : + ocf_agent_name => 'heartbeat:VirtualDomain', + resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_primary_deploy.xml', + require => Class['n1k_vsm'], + meta_params => 'resource-stickiness=INFINITY', + } + if str2bool(hiera('n1k_vsm::pacemaker_control', 'true')) { + pacemaker::resource::ocf { 'vsm-s' : + ocf_agent_name => 'heartbeat:VirtualDomain', + resource_params => 'force_stop=true config=/var/spool/cisco/vsm/vsm_secondary_deploy.xml', + require => Class['n1k_vsm'], + meta_params => 'resource-stickiness=INFINITY', + } + pacemaker::constraint::colocation { 'vsm-colocation-contraint': + source => "vsm-p", + target => "vsm-s", + score => "-INFINITY", + require => [Pacemaker::Resource::Ocf['vsm-p'], + Pacemaker::Resource::Ocf['vsm-s']], + } + } + } } } #END STEP 4 +if hiera('step') >= 5 { + + if $pacemaker_master { + + class {'::keystone::roles::admin' : + require => Pacemaker::Resource::Service[$::keystone::params::service_name], + } -> + class {'::keystone::endpoint' : + require => Pacemaker::Resource::Service[$::keystone::params::service_name], + } + + } + +} #END STEP 5 + $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/swift-storage-post.yaml b/puppet/swift-storage-post.yaml index ee50c86a..d22f5386 100644 --- a/puppet/swift-storage-post.yaml +++ b/puppet/swift-storage-post.yaml @@ -2,6 +2,10 @@ heat_template_version: 2015-04-30 description: 'OpenStack swift storage node post deployment for Puppet' parameters: + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean servers: type: json NodeConfigIdentifiers: @@ -15,6 +19,8 @@ resources: type: OS::Heat::SoftwareConfig properties: group: puppet + options: + enable_debug: {get_param: ConfigDebug} outputs: - name: result config: @@ -32,6 +38,8 @@ resources: type: OS::Heat::SoftwareConfig properties: group: puppet + options: + enable_debug: {get_param: ConfigDebug} outputs: - name: result config: diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml index f6623be6..22ec6096 100644 --- a/puppet/swift-storage.yaml +++ b/puppet/swift-storage.yaml @@ -216,6 +216,14 @@ resources: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} + # Hook for site-specific additional pre-deployment config, + # applying to all nodes, e.g node registration/unregistration + NodeExtraConfig: + depends_on: SwiftStorageHieraDeploy + type: OS::TripleO::NodeExtraConfig + properties: + server: {get_resource: SwiftStorage} + UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate |