aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/cinder-storage.yaml
AgeCommit message (Collapse)AuthorFilesLines
2015-12-23Merge "Add Management Network For System Administration."Jenkins1-0/+10
2015-12-23Merge "Remove unsafe "unset" defaults"Jenkins1-2/+0
2015-12-21Merge "Add SoftwareConfigTransport for switching transports"Jenkins1-0/+8
2015-12-18Add all isolated networks to all nodes.Dan Sneddon1-0/+20
This change allows every overcloud node to optionally participate in any of the isolated networks. The optional networks are not enabled by default, but allow additional flexibility. Since the new networks are not enabled by default, the standared deployment is unchanged. This change was originally requested for OpenDaylight support. There are several use cases for using non-standard networks. For instance, one example might be adding the Internal API network to the Ceph nodes, in order to use that network for administrative functions. Another example would be adding the Storage Management network to the compute nodes, in order to use it for backup. Without this change, any deviation from the standard set of roles that use a network is a custom change to the Heat templates, which makes upgrades much more difficult. Change-Id: Ia386c964aa0ef79e457821d8d96ebb8ac2847231
2015-12-18Add Management Network For System Administration.Dan Sneddon1-0/+10
This change adds a system management network to all overcloud nodes. The purpose of this network is for system administration, for access to infrastructure services like DNS or NTP, or for monitoring. This allows the management network to be placed on a bond for redundancy, or for the system management network to be an out-of-band network with no routing in or out. The management network might also be configured as a default route instead of the provisioning 'ctlplane' network. This change does not enable the management network by default. An environment file named network-management.yaml may be included to enable the network and ports for each role. The included NIC config templates have been updated with a block that may be uncommented when the management network is enabled. This change also contains some minor cleanup to the NIC templates, particularly the multiple nic templates. Change-Id: I0813a13f60a4f797be04b34258a2cffa9ea7e84f
2015-12-14Merge "Fix wrong keypair parameter description"Jenkins1-1/+1
2015-12-12Add SoftwareConfigTransport for switching transportsSteve Baker1-0/+8
This change adds a SoftwareConfigTransport parameter to role templates so that the transport can be changed via a parameter_defaults entry. This change will have no effect on an existing overcloud as the current default POLL_SERVER_CFN is now explicit in the parameter default. Change-Id: I5c2a2d2170714093c5757282cba12ac65f8738a4
2015-12-10Fix wrong keypair parameter descriptionSteven Hardy1-1/+1
The parameters have nothing to do with EC2 keypairs, they are used to specify Nova SSH key pairs. Change-Id: Ia8d37cb5c443812d02133747cb54fcaf0110d091
2015-12-10Set the name property for all deployment resourcesSteve Baker1-0/+3
There are two reasons the name property should always be set for deployment resources: - The name often shows up in logs, files and API calls, the default derived name is long and unhelpful - Sorting by name determines the merge order of os-apply-config, and the execution order of puppet/shell scripts (note this is different to resource dependency order) so leaving the default name results in an undetermined order which could lead to unpredictable deployment of configs This change simply sets the name to the resource name, but a future change should prepend each name with a run-parts style 2 digit prefix so that the order is explicitly stated. Documentation for extraconfig needs to clearly state what prefix is needed to override which merge/execution order. For existing overcloud stacks, heat currently replaces deployment resources when the name changes, so this change Depends-On: I95037191915ccd32b2efb72203b146897a4edbc9 Change-Id: Ic4bcd56aa65b981275c3d4214588bfc4de63b3b0
2015-12-09Remove unsafe "unset" defaultsSteven Hardy1-2/+0
All of our sensitive parameters are defaulted to easily predictable values, which is very bad from a security perspective because we don't force clients to make sane choices thus risk deploying with the predictable default values. tripleoclient supports generating random values for all of these, so remove the defaults, for non-tripleoclient usage we can create a developer-only environment with defaults. Related-Bug: #1516027 Change-Id: Ia0cf3b7e2de1aa42cf179cba195fb7770a1fc21c Depends-On: Ifb34b43fdedc55ad220df358c3ccc31e3c2e7c14
2015-12-08Enable per-role SchedulerHintsSteven Hardy1-0/+5
This adds a parameter for each role, where optional scheduler hints may be passed to nova. One potential use-case for this is using the ComputeCapabilities to pin deployment to a specific node (not just a specific role/profile mapping to a pool of nodes like we have currently documented in the ahc-match docs). This could work as follows: 1. Tag a specific node as "node:controller-0" in Ironic: ironic node-update <id> replace properties/capabilities='node:controller-0,boot_option:local' 2. Create a heat environment file which uses %index% parameters: ControllerSchedulerHints: 'capabilities:node': 'controller-%index%' Change-Id: I79251dde719b4bb5c3b0cce90d0c9d1581ae66f2
2015-12-04Add option to add metadata for the overcloud nodesJuan Antonio Osorio Robles1-0/+7
Some Nova hooks might require custom properties/metadata set for the servers deployed in the overcloud, and this would enable us to inject such information. For FreeIPA (IdM) integration, there is effectively a Nova hook that requires such data. Currently this inserts metadata for all servers, but a subsequent CR will introduce per-role metadata. However, that was not added to this because it will require the usage of map_merge. which will block those changes to be backported. However, this one is not a problem in that sense. Change-Id: I98b15406525eda8dff704360d443590260430ff0
2015-12-02Introduce domain configuration through parameterJuan Antonio Osorio Robles1-1/+9
Introduce configuration of the nodes' domains through a parameter. Change-Id: Ie012f9f2a402b0333bebecb5b59565c26a654297
2015-11-25Enable trust anchor injectionJuan Antonio Osorio Robles1-1/+9
This commit enables the injection of a trust anchor or root certificate into every node in the overcloud. This is in case that the TLS certificates for the controllers are signed with a self-signed CA or if the deployer would like to inject a relevant root certificate for other purposes. In this case the other nodes might need to have the root certificate in their trust chain in order to do proper validation Change-Id: Ia45180fe0bb979cf12d19f039dbfd22e26fb4856
2015-11-20Allows for customization of NetworkDeployment actionsGiulio Fidente1-0/+6
We don't necessarily want the network configuration to be reapplied with every template update so we add a param to configure on which action the NetworkDeployment resource should be executed. Change-Id: I0e86318eb5521e540cc567ce9d77e1060086d48b Co-Authored-By: Dan Sneddon <dsneddon@redhat.com> Co-Authored-By: James Slagle <jslagle@redhat.com> Co-Authored-By: Jiri Stransky <jstransk@redhat.com> Co-Authored-By: Steven Hardy <shardy@redhat.com>
2015-11-13Merge "Refacter Endpoints into EndpointMap"Jenkins1-16/+6
2015-11-11Refacter Endpoints into EndpointMapMark Chappell1-16/+6
Because many of the service endpoints URLs use the same patterns for generating the URLs it makes sense to use the same templates to reduce the copy and paste. In the process also adds support for explicitly specifying hostnames for use in the endpoints. Note: DNS must be pre-configured. The Heat templates do not directly configure DNS. Change-Id: Ie3270909beca3d63f2d7e4bcb04c559380ddc54d Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
2015-10-15Allow a user to specify a comma separated list of ntp serversYanis Guenane1-6/+3
This commits aims to allow a user to specify several ntp servers and not just one. Example: openstack overcloud deploy --templates --ntp-server 0.centos.pool.org,1.centos.pool.org Change-Id: I4925ef1cf1e565d789981e609c88a07b6e9b28de
2015-10-12Set shared secrets, keys and passwords as hiddenJuan Antonio Osorio Robles1-0/+1
Change-Id: Ieb27729c6b33ffc849d07200ec0d42508214956e Closes-Bug: #1399793
2015-10-09Merge "Wire in NodeExtraConfig interface"Jenkins1-0/+8
2015-10-01Wire in NodeExtraConfig interfaceSteven Hardy1-0/+8
It's become apparent that some actions are required in the pre-deploy phase for all nodes, for example applying common hieradata overrides, or also as a place to hook in logic which must happen for all nodes prior to their removal on scale down (such as unregistration from a satellite server, which currently doesn't work via the *NodesPostDeployment for scale-down usage). So, add a new interface that enables ExtraConfig per-node (inside the scaled unit, vs AllNodes which is used for the cluster-wide config outside of the ResourceGroup) Change-Id: Ic865908e97483753e58bc18e360ebe50557ab93c
2015-10-01Ensure present/latest for puppet driven package updatesSteve Baker1-1/+7
This change updates yum_update.sh so that we set set a boolean output when "managed" packages should get updated. The output is named 'update_managed_packages' and for the puppet implementation it is wired up so that it directly sets tripleo::packages::enable_upgrade to control whether packages are updated. It also modifies yum_update.sh to build a yum update excludes list for packages managed by puppet. The exclude lists are being generated via puppet-tripleo as well via the new 'write_package_names' function that is now wired into all the role manifests. This change does not actually trigger the puppet apply. The fix for Related-Bug: #1463092 will be used to trigger the puppet run when the hiera changes. As a minor tweak to this logic we append the UpdateIdentifier to the config_identifier so that we ensure puppet gets executed on an update where other (non-related) hiera changes also occur. Co-Authored-By: Dan Prince <dprince@redhat.com> Change-Id: I343c3959517eae38bbcd43648ed56f610272864d
2015-09-25Allow a user to set specific setting per hostYanis Guenane1-0/+1
It is currently not possible to specify settings per host and not per type of host. One of the example of the problematic that could cause is : What if node0 have devices /dev/sdb and /dev/sdc while node1 have devices /dev/sda and /dev/sdd, they is currently no way to specify that simply. The idea here is to add a top priority file in the hiera lookup that will match the UUID of the System Information section in the output of the dmidecode command. The file could be provided with the firstboot/rsync stack for example. Change-Id: I3ab082c8ebd2567bd1d914fc0b924e19b1eff7d0
2015-09-22Rename -puppet.yaml templates.Dan Prince1-0/+298
Updates the /puppet directory templates so that we drop the '-puppet' from the filenames. This is redundant because we already have puppet in the directory name and fixes inconsistencies where we aren't using -puppet in all the files within the puppet directory. Depends-On: I71cb07b2f5305aaf9c43ab175cca976e844b8175 Change-Id: I70d6e048a566666f5d6e5c2407f8a6b4fd9f6f87