summaryrefslogtreecommitdiffstats
path: root/puppet/compute.yaml
AgeCommit message (Collapse)AuthorFilesLines
2016-02-22Update nova::network::neutron variables to drop deprecated parametersDavid Moreau Simard1-3/+3
This commit ensures we are not using any deprecated parameters for nova::network::neutron and are using the right variable names. Change-Id: Ic1b41e2cdbb6b180496822cc363c433e9388aa02
2016-02-17Add TripleO Heat Template Parameters for Neutron Tenant MTUDan Sneddon1-0/+12
This change adds the TripleO Heat Parameters and Puppet hieradata to support setting the MTU for Neutron tenant networks. A new parameter, NeutronTenantMtu is introduced, and this gets used for the NeutronDnsmasqOptions and in Puppet hieradata. NeutronTenantMtu is also used in the Puppet hieradata for both the compute and control nodes. Two values are set: nova::compute::network_device_mtu which sets /etc/nova/nova.conf: network_device_mtu = <NeutronTenantMtu> neutron::network_device_mtu which sets in /etc/neutron/neutron.conf: network_device_mtu = <NeutronTenantMtu> finally, the NeutronDnsmasqOptions parameter becomes a str_format that maps the NeutronTenantMtu onto the DHCP options, so a default of 'dhcp-option-force=26,%MTU%' would be formatted to 'dhcp-option-force=26,1300' if NeutronTenantMtu were 1300. This will set dnsmasq to serve an MTU via DHCP that matches the NeutronTenantMtu: /etc/neutron/dnsmasq-neutron.conf:dhcp-option-force=26,1300 Typically, you would change all three of these settings to use small or jumbo frames in VMs. When using tunneling, NeutronTenantMtu should be set at least 50 bytes smaller than the physical network MTU in order to make room for tunneling overhead. Note that this change does not support setting the MTU on veth interfaces if veth patches are used to br-int instead of OVS patches. Change-Id: I38840e082ee01dc3b6fc78e1dd97f53fa4e63039
2016-01-22Merge "Update VNI and TunnelID ranges."Jenkins1-2/+2
2016-01-19Merge "Fix tunnel_types hieradata on compute nodes"Jenkins1-1/+1
2016-01-18Fix tunnel_types hieradata on compute nodesBen Nemec1-1/+1
There was a missing : in the hieradata for the compute nodes that caused tunnel_types to not be configured. This also made it impossible to boot instances on tunneled networks because the port binding always failed. Change-Id: Icc2a45aa9514ce62497f91e6abe9261d1c1374ed Partial-Bug: 1534349
2016-01-18Merge "Set the name property for all deployment resources"Jenkins1-0/+3
2016-01-07Merge "Add TimeZone parameter for all node types"Jenkins1-0/+6
2016-01-06Enable configuration of Neutron QoSBrent Eagles1-1/+12
This change adds support for setting the configuration options required to enable the quality of service feature in Neutron. The default values will enable the feature. Closes-Bug: #1524052 Depends-On: Iefc289a6eee13b9c66f8131c258af982f232df4b Change-Id: I1abf7d37d39e6927e482b56de4ee3d3d7c313a1c
2016-01-06Merge "Align template defaults with the client"Jenkins1-2/+2
2016-01-05Add TimeZone parameter for all node typesNico Auv1-0/+6
Adds a TimeZone parameter for node types and the top level stack. Defaults to UTC. Change-Id: I98123d894ce429c34744233fe3e631cbdd7c12b5 Depends-On: Icf7c681f359e3e48b653ea4648db6a73b532d45e
2015-12-23Merge "Add all isolated networks to all nodes."Jenkins1-0/+20
2015-12-23Merge "Add Management Network For System Administration."Jenkins1-0/+10
2015-12-23Merge "Remove unsafe "unset" defaults"Jenkins1-7/+0
2015-12-22Merge "MidoNet heat templates"Jenkins1-0/+1
2015-12-21Merge "Add SoftwareConfigTransport for switching transports"Jenkins1-0/+8
2015-12-21MidoNet heat templatesJaume Devesa1-0/+1
Deploy a TripleO overcloud with networking midonet. MidoNet is a monolithic plugin and quite changes on the puppet manifest must be done. Depends-On: I72f21036fda795b54312a7d39f04c30bbf16c41b Depends-On: I6f1ac659297b8cf6671e11ad23284f8f543568b0 Depends-On: Icea9bd96e4c80a26b9e813d383f84099c736d7bf Change-Id: I9692e2ef566ea37e0235a6059b1ae1ceeb9725ba
2015-12-18Add all isolated networks to all nodes.Dan Sneddon1-0/+20
This change allows every overcloud node to optionally participate in any of the isolated networks. The optional networks are not enabled by default, but allow additional flexibility. Since the new networks are not enabled by default, the standared deployment is unchanged. This change was originally requested for OpenDaylight support. There are several use cases for using non-standard networks. For instance, one example might be adding the Internal API network to the Ceph nodes, in order to use that network for administrative functions. Another example would be adding the Storage Management network to the compute nodes, in order to use it for backup. Without this change, any deviation from the standard set of roles that use a network is a custom change to the Heat templates, which makes upgrades much more difficult. Change-Id: Ia386c964aa0ef79e457821d8d96ebb8ac2847231
2015-12-18Add Management Network For System Administration.Dan Sneddon1-0/+10
This change adds a system management network to all overcloud nodes. The purpose of this network is for system administration, for access to infrastructure services like DNS or NTP, or for monitoring. This allows the management network to be placed on a bond for redundancy, or for the system management network to be an out-of-band network with no routing in or out. The management network might also be configured as a default route instead of the provisioning 'ctlplane' network. This change does not enable the management network by default. An environment file named network-management.yaml may be included to enable the network and ports for each role. The included NIC config templates have been updated with a block that may be uncommented when the management network is enabled. This change also contains some minor cleanup to the NIC templates, particularly the multiple nic templates. Change-Id: I0813a13f60a4f797be04b34258a2cffa9ea7e84f
2015-12-18Align template defaults with the clientGiulio Fidente1-2/+2
This aligns the parameter default values from python-tripleoclient with tripleo-heat-templates. This is in preparation for removing all the defaults from the client, and maintaining them only in the templates. Change-Id: I7b635a250f1ecc170e18d8e434f0118c6fcbb942 Co-Authored-By: James Slagle <jslagle@redhat.com>
2015-12-16Update VNI and TunnelID ranges.Joe Talerico1-2/+2
Without modification we cannot scale to more than 1000 networks. Neutron will send this message to the user: "Unable to create the network. No tenant network is available for allocation." Change-Id: I5ecbc66a0b6aaa5edbe2669eed9caadfb0691511
2015-12-15Wire Neutron ML2 plugin and OVS agent settings as arraysGiulio Fidente1-46/+49
Wires the following as arrays to the neutron module: - mechanism_drivers - flat_networks - tenant_network_types - tunnel_types - bridge_mappings Also updates the template version to use a Liberty feature which allows serialization of comma_delimited_list into JSON. Tidies up the manifests by removing the class declarations since config is passed by the puppet/controller+compute hiera mapped_data. Change-Id: Ie9f85fb827099f897ef750e267bc3ed3a864fe59 Co-Authored-By: Steven Hardy <shardy@redhat.com>
2015-12-14Merge "Fix wrong keypair parameter description"Jenkins1-1/+1
2015-12-12Add SoftwareConfigTransport for switching transportsSteve Baker1-0/+8
This change adds a SoftwareConfigTransport parameter to role templates so that the transport can be changed via a parameter_defaults entry. This change will have no effect on an existing overcloud as the current default POLL_SERVER_CFN is now explicit in the parameter default. Change-Id: I5c2a2d2170714093c5757282cba12ac65f8738a4
2015-12-10Fix wrong keypair parameter descriptionSteven Hardy1-1/+1
The parameters have nothing to do with EC2 keypairs, they are used to specify Nova SSH key pairs. Change-Id: Ia8d37cb5c443812d02133747cb54fcaf0110d091
2015-12-10Set the name property for all deployment resourcesSteve Baker1-0/+3
There are two reasons the name property should always be set for deployment resources: - The name often shows up in logs, files and API calls, the default derived name is long and unhelpful - Sorting by name determines the merge order of os-apply-config, and the execution order of puppet/shell scripts (note this is different to resource dependency order) so leaving the default name results in an undetermined order which could lead to unpredictable deployment of configs This change simply sets the name to the resource name, but a future change should prepend each name with a run-parts style 2 digit prefix so that the order is explicitly stated. Documentation for extraconfig needs to clearly state what prefix is needed to override which merge/execution order. For existing overcloud stacks, heat currently replaces deployment resources when the name changes, so this change Depends-On: I95037191915ccd32b2efb72203b146897a4edbc9 Change-Id: Ic4bcd56aa65b981275c3d4214588bfc4de63b3b0
2015-12-09Remove unsafe "unset" defaultsSteven Hardy1-7/+0
All of our sensitive parameters are defaulted to easily predictable values, which is very bad from a security perspective because we don't force clients to make sane choices thus risk deploying with the predictable default values. tripleoclient supports generating random values for all of these, so remove the defaults, for non-tripleoclient usage we can create a developer-only environment with defaults. Related-Bug: #1516027 Change-Id: Ia0cf3b7e2de1aa42cf179cba195fb7770a1fc21c Depends-On: Ifb34b43fdedc55ad220df358c3ccc31e3c2e7c14
2015-12-08Enable per-role SchedulerHintsSteven Hardy1-1/+5
This adds a parameter for each role, where optional scheduler hints may be passed to nova. One potential use-case for this is using the ComputeCapabilities to pin deployment to a specific node (not just a specific role/profile mapping to a pool of nodes like we have currently documented in the ahc-match docs). This could work as follows: 1. Tag a specific node as "node:controller-0" in Ironic: ironic node-update <id> replace properties/capabilities='node:controller-0,boot_option:local' 2. Create a heat environment file which uses %index% parameters: ControllerSchedulerHints: 'capabilities:node': 'controller-%index%' Change-Id: I79251dde719b4bb5c3b0cce90d0c9d1581ae66f2
2015-12-07Merge "Making nova parameters configurable for nuage-metadata-agent"Jenkins1-0/+2
2015-12-04Making nova parameters configurable for nuage-metadata-agentRohit Pagedar1-0/+2
Exposing 'instance_name_template' to be set via extra config for nuage-metadata-agent to function Making nova::api::admin_tenant_name available on the compute node which is required by nuage-metadata-agent service Making KeystonePublicApiVirtualIP available on the compute node, which is used by the nuage-metadata-agent to build the auth-url Change-Id: I9736015e18cebf32b07940bf559063b60085f2fb
2015-12-04Add option to add metadata for the overcloud nodesJuan Antonio Osorio Robles1-0/+7
Some Nova hooks might require custom properties/metadata set for the servers deployed in the overcloud, and this would enable us to inject such information. For FreeIPA (IdM) integration, there is effectively a Nova hook that requires such data. Currently this inserts metadata for all servers, but a subsequent CR will introduce per-role metadata. However, that was not added to this because it will require the usage of map_merge. which will block those changes to be backported. However, this one is not a problem in that sense. Change-Id: I98b15406525eda8dff704360d443590260430ff0
2015-12-03Merge "Introduce domain configuration through parameter"Jenkins1-1/+9
2015-12-02Merge "Added libvirt_vif_driver, ovs_bridge and security_group_api parameters"Jenkins1-0/+18
2015-12-02Introduce domain configuration through parameterJuan Antonio Osorio Robles1-1/+9
Introduce configuration of the nodes' domains through a parameter. Change-Id: Ie012f9f2a402b0333bebecb5b59565c26a654297
2015-11-30Changes for configuring NuageLokesh Jain1-0/+1
Added ExtraConfig templates and environment files for Nuage specific parameters. Modified overcloud_compute.pp and overcloud_controller.pp to conditionally include Nuage plugin and agents. Change-Id: I95510c753b0a262c73566481f9e94279970f4a4f
2015-11-25Enable trust anchor injectionJuan Antonio Osorio Robles1-1/+9
This commit enables the injection of a trust anchor or root certificate into every node in the overcloud. This is in case that the TLS certificates for the controllers are signed with a self-signed CA or if the deployer would like to inject a relevant root certificate for other purposes. In this case the other nodes might need to have the root certificate in their trust chain in order to do proper validation Change-Id: Ia45180fe0bb979cf12d19f039dbfd22e26fb4856
2015-11-20Allows for customization of NetworkDeployment actionsGiulio Fidente1-0/+6
We don't necessarily want the network configuration to be reapplied with every template update so we add a param to configure on which action the NetworkDeployment resource should be executed. Change-Id: I0e86318eb5521e540cc567ce9d77e1060086d48b Co-Authored-By: Dan Sneddon <dsneddon@redhat.com> Co-Authored-By: James Slagle <jslagle@redhat.com> Co-Authored-By: Jiri Stransky <jstransk@redhat.com> Co-Authored-By: Steven Hardy <shardy@redhat.com>
2015-11-17Added libvirt_vif_driver, ovs_bridge and security_group_api parametersLokesh Jain1-0/+18
Made libvirt_vif_driver, ovs_bridge and security_group_api parameters in nova as configurable parameters through heat templates Change-Id: I3f355c31a64912baa1a159d59f0fa9089f77b8f4
2015-11-17Merge "Add support for enabling L2 population in Neutron"Jenkins1-0/+7
2015-11-16Add support for enabling L2 population in NeutronBrent Eagles1-0/+7
This change adds support for enabling/disabling L2 population in Neutron agents. It currently defaults to false. Change-Id: I3dd19feb4acb1046bc560b35e5a7a111364ea0d7
2015-11-13Merge "honor the rabbit user and password provided"Jenkins1-1/+1
2015-11-13Merge "Refacter Endpoints into EndpointMap"Jenkins1-35/+10
2015-11-11Merge "Allow a user to specify a comma separated list of ntp servers"Jenkins1-6/+3
2015-11-11Refacter Endpoints into EndpointMapMark Chappell1-35/+10
Because many of the service endpoints URLs use the same patterns for generating the URLs it makes sense to use the same templates to reduce the copy and paste. In the process also adds support for explicitly specifying hostnames for use in the endpoints. Note: DNS must be pre-configured. The Heat templates do not directly configure DNS. Change-Id: Ie3270909beca3d63f2d7e4bcb04c559380ddc54d Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
2015-11-10honor the rabbit user and password providedMike Burns1-1/+1
Currently rabbit username and password are defaulted and attempting to use anything else would result in a failure during deployment. Change-Id: I8a2e240a19f915309eee45ea3c3368d131af6c1b Related: rhbz#1261303
2015-10-16Merge "Puppet / Compute: allow to run Ephemeral only storage with RBD"Jenkins1-0/+6
2015-10-15Allow a user to specify a comma separated list of ntp serversYanis Guenane1-6/+3
This commits aims to allow a user to specify several ntp servers and not just one. Example: openstack overcloud deploy --templates --ntp-server 0.centos.pool.org,1.centos.pool.org Change-Id: I4925ef1cf1e565d789981e609c88a07b6e9b28de
2015-10-12Puppet / Compute: allow to run Ephemeral only storage with RBDEmilien Macchi1-0/+6
This patch allows the case where we're not running Ceph to host Persistent storage (volumes) but just to host Ephemeral storage (VMs). Before we were only allowing Ephemeral storage on Ceph when also Persistent storage was using Ceph. Change-Id: I03b775326e4424de413452f4453d4d88de0083bc
2015-10-12Set shared secrets, keys and passwords as hiddenJuan Antonio Osorio Robles1-0/+1
Change-Id: Ieb27729c6b33ffc849d07200ec0d42508214956e Closes-Bug: #1399793
2015-10-09Merge "Wire in NodeExtraConfig interface"Jenkins1-0/+8
2015-10-07Merge "Enable Cisco N1KV driver"Jenkins1-0/+1