aboutsummaryrefslogtreecommitdiffstats
path: root/overcloud-source.yaml
AgeCommit message (Collapse)AuthorFilesLines
2014-08-18Make signal_transport a parameterClint Byrum1-0/+9
There may be times where an update needs to change this without changing the template, such as when updates will be done by something other than Heat (i.e. Ansible). Change-Id: I89d1153acab697b64468f841b3f2d17c169da649
2014-08-18Merge "Rename NovaCompute resources suffix to be consistent with controller"Jenkins1-5/+5
2014-08-14Replace occurrences of list_join with Fn::JoinGiulio Fidente1-6/+6
When change I6730ffe1e27d952d563c16a9480298fbef9f61fe got merged we introduced some occurrences of list_join which should have been migrated to Fn::Join (change I039f57ab39c1fcfc319a7a34265ba4fabf4ccd08) This caused overcloud CI jobs to fail with: Property error : allNodesConfig: config Items to join must be strings This change fixes this by replacing newly introduced occurrences of list_join with Fn::Join Change-Id: Ibac193781d31d6f81e955e7b9381e13cfdd0ab1d
2014-08-14Merge "Add BlockStorage and SwiftStorage nodes into hosts"Jenkins1-0/+24
2014-08-14Set the MySQL root passwordTherese McHale1-0/+5
Set the MySQL root password to a random string for the undercloud and overcloud Change-Id: I6d38ca82c77a4aa8f58089c50aa5bf320ec0ecc6
2014-08-14Permit specifying VLAN mappings to overclouds.Robert Collins1-1/+10
To use a VLAN based public network we need the ext-net network to be a VLAN with a segmentation id - but we can't do this unless we also have the datacentre physical network marked as allowing vlans. We could make this strictly opt-in, but as this doesn't affect the switch configuration (and thus actual machine capabilities) having it on by default seems reasonable. OTOH we can't force it on, because high security environments may well want a defense in depth setup where neutron admins cannot configure VLANs that they are not meant to have access too (consider that the cloud machine admins may be separate to the folk running the services on top of them...) Change-Id: I9687751753f810896c6d065750910da40132c9fa
2014-08-14Fixup network configuration for ext-netRobert Collins1-8/+19
We currently make the external network a single-node gre network but this is not at all correct for HA environments - we need a provider network, which means having a bridge mapping, a flat network specified, and then because we run the same ovs config everywhere we need br-ex on the hypervisors too. This is entirely reasonable since DVR will require this as well (and solve lots of scaling issues...). Change-Id: I8b63ab51e7e20b235430fad8d786d8da005d84a1
2014-08-13Switch to heat_template_version: 2013-05-23Steve Baker1-24/+24
To support underclouds and seeds running older than the very latest heat. 2013-05-23 lacks function list_join, so this change reverts to using the equivalent function Fn::Join. Change-Id: I039f57ab39c1fcfc319a7a34265ba4fabf4ccd08 Closes-Bug: #1354305
2014-08-13Change overcloud to use VIP for MySQLJulia Kreger1-10/+68
This change sets applications to utilize the VIP address for database connectivity and sets HAProxy in between the applications and MySQL. Depends upon tripleo-image-elements changes: Ia6f26305f8e744e4ff938dff85de1193183ecd8f Iac1274cc52014f25887d696261b32146afc926dd I5af70abb96021146c098f788db349808d806a348 Related to blueprint tripleo-icehouse-ha-production-configuration Change-Id: Ia9d6ed2771f756d2a97ae5df7ed737a062a59cf2
2014-08-12Merge "Restore rabbit.host and add an haproxy rabbit listener"Jenkins1-0/+7
2014-08-08Restore rabbit.host and add an haproxy rabbit listenerGiulio Fidente1-0/+7
To balance load over the rabbit cluster we want to route access to it via haproxy. This also helps workaround bug #856764 as an additional benefit. This change sets rabbit.host to the ControlVirtualIP (to be used by the elements) and adds an haproxy listener for the rabbit nodes. Related to blueprint tripleo-icehouse-ha-production-configuration Depends on I3ff37ec18b9191ca8e861519bed142cbdbd5faa2 Change-Id: I49b622a604542f456bd9a37da8dae3353218e640 Related-Bug: 856764
2014-08-07Fix overcloud controller scalingTomas Sedovic1-5/+12
Controller scaling was broken by the commit 02772ba2877b9f6d427c6fd760bf19d6334c68a8. Merge.py raises an exception when it tries to scale the default value "controller0" of the `BootstrapNodeResource` parameter. This reverts back to using Fn::Select for specifying the bootstrap host, the rest of the Fn::Select -> get_attr changes are kept. Change-Id: I0cdebf75d4752a35f547d4fbb81545ece3172405
2014-08-06Rename NovaCompute resources suffix to be consistent with controllerGiulio Fidente1-5/+5
This change renames a few NovaCompute resources so that the naming is consistent with the controller resources naming choice. Change-Id: I8c22867b208c5e16fd52bb3157f838f762b71470
2014-08-05Add BlockStorage and SwiftStorage nodes into hostsGiulio Fidente1-0/+24
With this we populate the hosts key (needed for /etc/hosts editing) with the BlockStorage and SwiftStorage nodes too. Change-Id: I6730ffe1e27d952d563c16a9480298fbef9f61fe
2014-08-04Convert Fn::Select to extended get_attrSteve Baker1-99/+39
Overcloud bootstrap_nodeid is now specified by parameter BootStrapNodeResource with default value controller0. This avoids the need to use Fn::Select on the mergy.py built list of controllers to specify the first controller. Change-Id: Id9cfeab50b90ceeeae51ea0e35997b7495b28cc4 Partial-Blueprint: tripleo-juno-remove-mergepy
2014-08-04Port all templates to HOTSteve Baker1-342/+343
This change was generated and validated by running the following: make hot clean all validate-all This converts all templates to be valid HOT. Fn::Select is not converted in this change but this will actually work with heat_template_version 2013-05-23. Fn::Select is converted manually in the next change in this series. This change also sets the heat_template_version to 2014-10-16 which includes the list_join intrinsic functions used throughout these templates. Partial-Blueprint: tripleo-juno-remove-mergepy Change-Id: Ib3cbb83f6ae94adb7b793ab1b662bd5c55cbb5b3
2014-07-31Add strict dependencies to the overcloud templateNicholas Randon1-0/+1
Currently there is very weak (no) ordering of StructuredDeployments during heat stack creation (and, importantly, update) on the overcloud. This can cause the deployment which sends the completion signal back to Heat to happen before all others have completed, which in turn leads Heat to state the stack is ready while ORC is still configuring services The only workaround to this is to wait an unknown amount of time after the heat stack completes before the system is usable. This patch prevents the completion signal from being returned early, by ensuring these are strictly ordered: controller0Deploy controller0Passthrough controller0AllNodesDeploy NovaCompute0Deploy NovaCompute0Passthrough NovaCompute0AllNodesDeploy Change-Id: I0a549370b7aca55b1145de521ad51218428deaf5
2014-07-31Correct overcloud template to inherit passthroughNicholas Randon1-6/+4
Inherit passthrough from nova-compute-instance.yaml, rather than having an exact copy in overcloud-source.yaml. Change-Id: I4f5a4a7be5835cb68755734aa72f8d9670cba0d4
2014-07-31Rename NovaCompute0Config to NovaCompute0DeployNicholas Randon1-1/+1
Rename NovaCompute0Config to NovaCompute0Deploy as this makes the structured deployment name match the one in nova-compute-instance.yaml. Change-Id: I79f66c09006aa7f7118af1f48e1f6f10b87daec6
2014-07-31controller0AllNodesConfig to controller0AllNodes.Nicholas Randon1-1/+1
Rename all occurrences of controller0AllNodesConfig to controller0AllNodes as this is in line with compute node deployments. Also the current naming is confusing as this is a deployment step not a configuration step. Change-Id: I8efa3b6a64a099e1e8ee43009472152aed5f8ad8
2014-07-25Merge "Fix SSL with HAProxy."Jenkins1-0/+8
2014-07-22Define and bind a public virtual IPJames Polley1-1/+70
Prior to this change our heat templates define one virtual IP, which all the services are bound to. We wish to be able to segregate these endpoints: some need to be accessible to "the public"; some are only intended to be accessed within the cloud; some are only for admin use. This change adds a second VIP which we can use for binding only the endpoints that are intended to be publicly accessible, leaving the older VIP to be used for internal end points. Haproxy is told to also listen on that new VIP so that we can expose selected services via the new VIP, and keepalived is in charge of assigning the VIP to control plane nodes. This change has a proposed split of services between control-only and control+public interfaces. Assuming our yaml parsers (in merge.py and Heat) understand YAML anchors/aliases, and assuming I've got the syntax right, this should get expanded so that all the control+public services get their config defined from the same block without needing to repeat it for each service. (AFAICT both merge.py and heat use pyyaml, which does support aliases/anchors) The default is left at binding to only the controlplane interface, so that new services added to this map will default to being internal-only This patchset partially completes a spec which will one day live at https://blueprints.launchpad.net/tripleo/+specs/tripleo-juno-virtual-public-ips but for now can bee seen in Id9addc65f0d2ed519ce4b3edbd561ed660a2786e Implements: blueprint tripleo-juno-virtual-public-ips Change-Id: I9649ee74ebaf62b6b929b28243a07c789a08867c Co-Authored-By: Robert Collins <rbtcollins@hp.com> Partial-Bug #1325114
2014-07-19Fix SSL with HAProxy.Robert Collins1-0/+8
The current configuration of services is that if SSL is in use (signaled by stunnel.connect_ip) we bind to 127.0.0.1 - which is great, but it breaks simultaneous non-SSL due to there being no pass-through stunnel equivalent on all the nodes. As an interim measure, teach stunnel to connect to the ctlplane address instead. We will need this flexability in future anyway to deal with mixed-mode configurations, but we don't yet have an SSL only configuration. The change will permit SSL only by altering the Deployment object only - the SSL config object should now be flexible enough to run in either mode (but as yet on an all-one-way-or-the-other basis). Change-Id: Ibac3dec1fe7b573029482fdd9ad2d2f6223fbce0
2014-07-18Merge "make keystone.host point to controller_virtual_ip"Jenkins1-1/+1
2014-07-18Merge "Add corosync and pacemaker properties into overcloud template"Jenkins1-0/+11
2014-07-17Merge "make glance.host point to controller_virtual_ip"Jenkins1-1/+1
2014-07-17Merge "use ControlVirtualInterface for keepalived VRRP"Jenkins1-1/+1
2014-07-17Merge "add Horizon caches backend definition (memcached)"Jenkins1-0/+7
2014-07-11Merge "Use the right DSN for neutron agents."Jenkins1-1/+1
2014-07-10add Horizon caches backend definition (memcached)Giulio Fidente1-0/+7
This change adds into the overcloud-source template a structure name horizon.caches meant to define the Horizon caches backend. It defaults to using memcached and provides a list of the memcached nodes in horizon.caches.memcached.nodes Related to blueprint tripleo-icehouse-ha-production-configuration Change-Id: I728e05926f2de0e867fb8e8c74c63947da7d987a
2014-07-10make glance.host point to controller_virtual_ipGiulio Fidente1-1/+1
Previously glance.host was pointing to the local controller_host which would have requests to glance from other services to fail if the local glance daemon was unavailable. Change-Id: Ifd4f4b12cd51e23313826288797cc00ba3cd1754
2014-07-10make keystone.host point to controller_virtual_ipGiulio Fidente1-1/+1
Previously keystone.host was pointing to the local controller_host which would have caused all local services to become unavailable if keystone was to go down. Closes-Bug: #1339986 Change-Id: I9b73595d3e0ae6e872aa6b7e0f93354ff04f2956
2014-07-10use ControlVirtualInterface for keepalived VRRPGiulio Fidente1-1/+1
Change keepalived.keepalive_interface so that it uses the actual ControlVirtualInterface (bridge) for VRRP rather than the bridged interface (NeutronPublicInterface). Fixes the issue which caused keepalived to bring up the VIP on all control nodes. Change-Id: Ifc484d6a6086d9872210aa576f21d326f60b7d35
2014-07-08Add corosync and pacemaker properties into overcloud templateJan Provaznik1-0/+11
Pacemaker will be used for managing ceilometer central agent, we need basic metadata to setup corosync and pacemaker. Related to: Ifa83d62c2132bcdcb40d0b7c80ce3adadc0b5587 Change-Id: I44909005d9bc653c3e7c2de1c12fe4ffecf6bede
2014-07-07Specify the network for nodesRobert Collins1-0/+2
Without this, when there are multiple admin networks (e.g. a VLAN) Nova will refuse to guess and we'll fail to deploy. Change-Id: Id1dca43ef287fda2adcfdf5b5d30145b055dbe76
2014-07-03Make stack complete depend on all nodesClint Byrum1-2/+2
Previously the completion signal was just based on the first run of os-refresh-config. But in this case, we actually need to wait until it runs successfully with all hosts computed. That way we can know that services aren't in an unstable state while that configuration rolls out. Change-Id: I3b965c19c92b366df3069cb8e1daffa18252c884 Closes-Bug: #1337230
2014-07-02Merge "Enable multi-node rabbitmq cluster"Jenkins1-9/+13
2014-07-02Merge "Compute all hosts matrix once"Jenkins1-59/+18
2014-07-01Enable multi-node rabbitmq clusterJan Provaznik1-9/+13
This causes that: * rabbit.nodes is list of all control nodes * rabbit_hosts in OS config files points to all nodes in rabbitmq cluster * overcloud control nodes are joined into cluster This works both for single or multiple control nodes and it's needed for scaling out control nodes. rabbit.nodes property is very similar to generating list of all hosts, so it uses same StructuredConfig block. This block (and couple of references) is renamed to allNodesConfig to make it more general. Related to blueprint tripleo-icehouse-ha-production-configuration Change-Id: Ice1a34ba7a52c41c1bb0c63350438971c651e7b6
2014-06-30Merge "Add galera clustering properties"Jenkins1-0/+13
2014-06-30Compute all hosts matrix onceClint Byrum1-59/+18
Then feed in through separate deployments. This reduces the exponential growth of calculating the entire list for every server. Change-Id: Ib1187eabeb91b46e29ddcf5065056e43a69bb2a0
2014-06-30Merge "Haproxy configuration"Jenkins1-0/+39
2014-06-30Add galera clustering propertiesGregory Haynes1-0/+13
Adding nodes and cluster_name properties for mysql in order to enable galera clustering. Change-Id: I522b7324460469c59f49983ca3becd9ea914cdc0
2014-06-29Haproxy configurationDima Shulyak1-0/+39
Added several sections that are required for HAproxy configuration 1. haproxy.services - standard openstack services ports 2. haproxy.nodes - openstack controllers 3. haproxy.net_binds - virtual ips, that will also act as public endpoint input controller_nodes scales with OVERCLOUD_CONTROLSCALE > 1 Related change t-i-e I641fa90c4a34c26e5699cf7f5a6f9643792c7b16 Implements blueprint tripleo-haproxy-configuration Related to blueprint tripleo-icehouse-ha-production-configuration Change-Id: I9c70812ee1b3e8c8c072705fc5123da88ecc8f9f
2014-06-30Use the right DSN for neutron agents.Robert Collins1-1/+1
Since the wrong one is a bad idea :) Change-Id: I7ed40078f487459dee9055ef41f10a9b60a0e674
2014-06-27Merge "Set glance protocol and port as Heat configurable"Jenkins1-0/+12
2014-06-25Add parameters for setting up keystone keys/certs in undercloudJan Provaznik1-8/+0
This will allow us distribute identical keys/certs to all control nodes in HA mode. CAKey was removed because it's not required by keystone. Change-Id: I187492d5fac448e57f8cd687f9cb751520df5921
2014-06-16Set glance protocol and port as Heat configurableRyan Moore1-0/+12
This change is to set the glance protocol and port as configurable via the Heat template. Presently the port is hard-coded in the elements nova.conf file, and the protocol is assumed as being the default (http). This change will allow the glance_api_servers to be set (in nova.conf) using the constituent parts: glance_protocol://glance_host:glance_port Change to nova.conf to read this value is: Idccc0d60c9f6b17a853c6de1bbea64bfc7e028b2 Default port value is set to the nova default(9292) which is currently hard-coded in the elements nova.conf file. Default protocol value is set to the nova default(http). Change-Id: I3c7218292797c62c36e2aaab4f325bf053ef140b
2014-06-16Merge "Use virtual ip for OS services"Jenkins1-4/+6
2014-06-11Merge "Add parameters for setting up keystone keys/certs"Jenkins1-0/+24