From 5a353c916cf4ed305c3ece8307fd1289630d17c3 Mon Sep 17 00:00:00 2001 From: Dan Prince Date: Sun, 19 Jul 2015 17:47:53 -0400 Subject: Rename -puppet.yaml templates. Updates the /puppet directory templates so that we drop the '-puppet' from the filenames. This is redundant because we already have puppet in the directory name and fixes inconsistencies where we aren't using -puppet in all the files within the puppet directory. Depends-On: I71cb07b2f5305aaf9c43ab175cca976e844b8175 Change-Id: I70d6e048a566666f5d6e5c2407f8a6b4fd9f6f87 --- puppet/ceph-storage-post-puppet.yaml | 39 -- puppet/ceph-storage-post.yaml | 39 ++ puppet/ceph-storage-puppet.yaml | 206 ------ puppet/ceph-storage.yaml | 206 ++++++ puppet/cinder-storage-puppet.yaml | 298 -------- puppet/cinder-storage.yaml | 298 ++++++++ puppet/compute-post-puppet.yaml | 40 -- puppet/compute-post.yaml | 40 ++ puppet/compute-puppet.yaml | 564 --------------- puppet/compute.yaml | 564 +++++++++++++++ puppet/controller-post-puppet.yaml | 102 --- puppet/controller-post.yaml | 102 +++ puppet/controller-puppet.yaml | 1244 ---------------------------------- puppet/controller.yaml | 1244 ++++++++++++++++++++++++++++++++++ puppet/swift-storage-puppet.yaml | 258 ------- puppet/swift-storage.yaml | 258 +++++++ 16 files changed, 2751 insertions(+), 2751 deletions(-) delete mode 100644 puppet/ceph-storage-post-puppet.yaml create mode 100644 puppet/ceph-storage-post.yaml delete mode 100644 puppet/ceph-storage-puppet.yaml create mode 100644 puppet/ceph-storage.yaml delete mode 100644 puppet/cinder-storage-puppet.yaml create mode 100644 puppet/cinder-storage.yaml delete mode 100644 puppet/compute-post-puppet.yaml create mode 100644 puppet/compute-post.yaml delete mode 100644 puppet/compute-puppet.yaml create mode 100644 puppet/compute.yaml delete mode 100644 puppet/controller-post-puppet.yaml create mode 100644 puppet/controller-post.yaml delete mode 100644 puppet/controller-puppet.yaml create mode 100644 puppet/controller.yaml delete mode 100644 puppet/swift-storage-puppet.yaml create mode 100644 puppet/swift-storage.yaml (limited to 'puppet') diff --git a/puppet/ceph-storage-post-puppet.yaml b/puppet/ceph-storage-post-puppet.yaml deleted file mode 100644 index 1b5b944d..00000000 --- a/puppet/ceph-storage-post-puppet.yaml +++ /dev/null @@ -1,39 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - OpenStack ceph storage node post deployment for Puppet - -parameters: - servers: - type: json - NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - - -resources: - CephStoragePuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - outputs: - - name: result - config: - get_file: manifests/overcloud_cephstorage.pp - - CephStorageDeployment_Step1: - type: OS::Heat::StructuredDeployments - properties: - servers: {get_param: servers} - config: {get_resource: CephStoragePuppetConfig} - input_values: - update_identifier: {get_param: NodeConfigIdentifiers} - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - ExtraConfig: - depends_on: CephStorageDeployment_Step1 - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: servers} - diff --git a/puppet/ceph-storage-post.yaml b/puppet/ceph-storage-post.yaml new file mode 100644 index 00000000..1b5b944d --- /dev/null +++ b/puppet/ceph-storage-post.yaml @@ -0,0 +1,39 @@ +heat_template_version: 2015-04-30 + +description: > + OpenStack ceph storage node post deployment for Puppet + +parameters: + servers: + type: json + NodeConfigIdentifiers: + type: json + description: Value which changes if the node configuration may need to be re-applied + + +resources: + CephStoragePuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + outputs: + - name: result + config: + get_file: manifests/overcloud_cephstorage.pp + + CephStorageDeployment_Step1: + type: OS::Heat::StructuredDeployments + properties: + servers: {get_param: servers} + config: {get_resource: CephStoragePuppetConfig} + input_values: + update_identifier: {get_param: NodeConfigIdentifiers} + + # Note, this should come last, so use depends_on to ensure + # this is created after any other resources. + ExtraConfig: + depends_on: CephStorageDeployment_Step1 + type: OS::TripleO::NodeExtraConfigPost + properties: + servers: {get_param: servers} + diff --git a/puppet/ceph-storage-puppet.yaml b/puppet/ceph-storage-puppet.yaml deleted file mode 100644 index 4b4c76fc..00000000 --- a/puppet/ceph-storage-puppet.yaml +++ /dev/null @@ -1,206 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'OpenStack ceph storage node configured by Puppet' -parameters: - Flavor: - description: Flavor for the Ceph Storage node. - type: string - constraints: - - custom_constraint: nova.flavor - Image: - type: string - default: overcloud-ceph-storage - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - default: default - constraints: - - custom_constraint: nova.keypair - NtpServer: - type: string - default: '' - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that CephStorageExtraConfig takes precedence over ExtraConfig. - type: json - CephStorageExtraConfig: - default: {} - description: | - Role specific additional hiera configuration to inject into the cluster. - type: json - - -resources: - CephStorage: - type: OS::Nova::Server - properties: - image: {get_param: Image} - image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: Flavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: {get_param: Hostname} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - StoragePort: - type: OS::TripleO::CephStorage::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - - StorageMgmtPort: - type: OS::TripleO::CephStorage::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - - NetworkConfig: - type: OS::TripleO::CephStorage::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - - NetIpSubnetMap: - type: OS::TripleO::Network::Ports::NetIpSubnetMap - properties: - ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - properties: - config: {get_resource: NetworkConfig} - server: {get_resource: CephStorage} - - CephStorageDeployment: - type: OS::Heat::StructuredDeployment - depends_on: NetworkDeployment - properties: - config: {get_resource: CephStorageConfig} - server: {get_resource: CephStorage} - input_values: - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} - enable_package_install: {get_param: EnablePackageInstall} - ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} - ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} - - CephStorageConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - hierarchy: - - heat_config_%{::deploy_config_name} - - ceph_extraconfig - - extraconfig - - ceph_cluster # provided by CephClusterConfig - - ceph - - '"%{::osfamily}"' - - common - datafiles: - common: - raw_data: {get_file: hieradata/common.yaml} - ceph_extraconfig: - mapped_data: {get_param: CephStorageExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - ceph: - raw_data: {get_file: hieradata/ceph.yaml} - mapped_data: - ntp::servers: {get_input: ntp_servers} - tripleo::packages::enable_install: {get_input: enable_package_install} - ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} - ceph::profile::params::public_network: {get_input: ceph_public_network} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - properties: - config: {get_resource: UpdateConfig} - server: {get_resource: CephStorage} - input_values: - update_identifier: - get_param: UpdateIdentifier - -outputs: - hosts_entry: - value: - str_replace: - template: "IP HOST.localdomain HOST" - params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} - HOST: {get_attr: [CephStorage, name]} - nova_server_resource: - description: Heat resource handle for the ceph storage server - value: - {get_resource: CephStorage} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: {get_attr: [CephStorageDeployment, deploy_stdout]} diff --git a/puppet/ceph-storage.yaml b/puppet/ceph-storage.yaml new file mode 100644 index 00000000..4b4c76fc --- /dev/null +++ b/puppet/ceph-storage.yaml @@ -0,0 +1,206 @@ +heat_template_version: 2015-04-30 +description: 'OpenStack ceph storage node configured by Puppet' +parameters: + Flavor: + description: Flavor for the Ceph Storage node. + type: string + constraints: + - custom_constraint: nova.flavor + Image: + type: string + default: overcloud-ceph-storage + constraints: + - custom_constraint: glance.image + ImageUpdatePolicy: + default: 'REBUILD_PRESERVE_EPHEMERAL' + description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. + type: string + KeyName: + description: Name of an existing EC2 KeyPair to enable SSH access to the instances + type: string + default: default + constraints: + - custom_constraint: nova.keypair + NtpServer: + type: string + default: '' + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation via Puppet + type: boolean + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. + type: json + UpdateIdentifier: + default: '' + type: string + description: > + Setting to a previously unused value during stack-update will trigger + package update on all nodes + Hostname: + type: string + default: '' # Defaults to Heat created hostname + ExtraConfig: + default: {} + description: | + Additional hiera configuration to inject into the cluster. Note + that CephStorageExtraConfig takes precedence over ExtraConfig. + type: json + CephStorageExtraConfig: + default: {} + description: | + Role specific additional hiera configuration to inject into the cluster. + type: json + + +resources: + CephStorage: + type: OS::Nova::Server + properties: + image: {get_param: Image} + image_update_policy: {get_param: ImageUpdatePolicy} + flavor: {get_param: Flavor} + key_name: {get_param: KeyName} + networks: + - network: ctlplane + user_data_format: SOFTWARE_CONFIG + user_data: {get_resource: UserData} + name: {get_param: Hostname} + + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeUserData: + type: OS::TripleO::NodeUserData + + StoragePort: + type: OS::TripleO::CephStorage::Ports::StoragePort + properties: + ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + + StorageMgmtPort: + type: OS::TripleO::CephStorage::Ports::StorageMgmtPort + properties: + ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]} + + NetworkConfig: + type: OS::TripleO::CephStorage::Net::SoftwareConfig + properties: + ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} + + NetIpMap: + type: OS::TripleO::Network::Ports::NetIpMap + properties: + ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} + StorageIp: {get_attr: [StoragePort, ip_address]} + StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + + NetIpSubnetMap: + type: OS::TripleO::Network::Ports::NetIpSubnetMap + properties: + ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} + + NetworkDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + config: {get_resource: NetworkConfig} + server: {get_resource: CephStorage} + + CephStorageDeployment: + type: OS::Heat::StructuredDeployment + depends_on: NetworkDeployment + properties: + config: {get_resource: CephStorageConfig} + server: {get_resource: CephStorage} + input_values: + ntp_servers: + str_replace: + template: '["server"]' + params: + server: {get_param: NtpServer} + enable_package_install: {get_param: EnablePackageInstall} + ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} + ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} + + CephStorageConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + hierarchy: + - heat_config_%{::deploy_config_name} + - ceph_extraconfig + - extraconfig + - ceph_cluster # provided by CephClusterConfig + - ceph + - '"%{::osfamily}"' + - common + datafiles: + common: + raw_data: {get_file: hieradata/common.yaml} + ceph_extraconfig: + mapped_data: {get_param: CephStorageExtraConfig} + extraconfig: + mapped_data: {get_param: ExtraConfig} + ceph: + raw_data: {get_file: hieradata/ceph.yaml} + mapped_data: + ntp::servers: {get_input: ntp_servers} + tripleo::packages::enable_install: {get_input: enable_package_install} + ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} + ceph::profile::params::public_network: {get_input: ceph_public_network} + + UpdateConfig: + type: OS::TripleO::Tasks::PackageUpdate + + UpdateDeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: UpdateConfig} + server: {get_resource: CephStorage} + input_values: + update_identifier: + get_param: UpdateIdentifier + +outputs: + hosts_entry: + value: + str_replace: + template: "IP HOST.localdomain HOST" + params: + IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]} + HOST: {get_attr: [CephStorage, name]} + nova_server_resource: + description: Heat resource handle for the ceph storage server + value: + {get_resource: CephStorage} + storage_ip_address: + description: IP address of the server in the storage network + value: {get_attr: [StoragePort, ip_address]} + storage_mgmt_ip_address: + description: IP address of the server in the storage_mgmt network + value: {get_attr: [StorageMgmtPort, ip_address]} + config_identifier: + description: identifier which changes if the node configuration may need re-applying + value: {get_attr: [CephStorageDeployment, deploy_stdout]} diff --git a/puppet/cinder-storage-puppet.yaml b/puppet/cinder-storage-puppet.yaml deleted file mode 100644 index f597512a..00000000 --- a/puppet/cinder-storage-puppet.yaml +++ /dev/null @@ -1,298 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'OpenStack cinder storage configured by Puppet' -parameters: - Image: - default: overcloud-cinder-volume - type: string - CinderEnableIscsiBackend: - default: true - description: Whether to enable or not the Iscsi backend for Cinder - type: boolean - CinderISCSIHelper: - default: tgtadm - description: The iSCSI helper to use with cinder. - type: string - CinderLVMLoopDeviceSize: - default: 5000 - description: The size of the loopback file used by the cinder LVM driver. - type: number - CinderPassword: - default: unset - description: The password for the cinder service and db account, used by cinder-api. - type: string - hidden: true - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - VirtualIP: # deprecated. Use per service VIPs instead. - default: '' - type: string - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that BlockStorageExtraConfig takes precedence over ExtraConfig. - type: json - BlockStorageExtraConfig: - default: {} - description: | - Role specific additional hiera configuration to inject into the cluster. - type: json - Flavor: - description: Flavor for block storage nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string - KeyName: - default: default - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - RabbitPassword: - default: 'guest' - type: string - RabbitUserName: - default: 'guest' - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - NtpServer: - type: string - default: '' - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - GlanceApiVirtualIP: - type: string - default: '' - MysqlVirtualIP: - type: string - default: '' - -resources: - BlockStorage: - type: OS::Nova::Server - properties: - image: - {get_param: Image} - flavor: {get_param: Flavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: {get_param: Hostname} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - InternalApiPort: - type: OS::TripleO::BlockStorage::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - - StoragePort: - type: OS::TripleO::BlockStorage::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - - StorageMgmtPort: - type: OS::TripleO::BlockStorage::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - - NetworkConfig: - type: OS::TripleO::BlockStorage::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - properties: - config: {get_resource: NetworkConfig} - server: {get_resource: BlockStorage} - - BlockStorageDeployment: - type: OS::Heat::StructuredDeployment - depends_on: NetworkDeployment - properties: - server: {get_resource: BlockStorage} - config: {get_resource: BlockStorageConfig} - input_values: - debug: {get_param: Debug} - cinder_dsn: {list_join: ['', ['mysql://cinder:', {get_param: CinderPassword}, '@', {get_param: MysqlVirtualIP} , '/cinder']]} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - cinder_lvm_loop_device_size: - str_replace: - template: sizeM - params: - size: {get_param: CinderLVMLoopDeviceSize} - cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} - cinder_iscsi_helper: {get_param: CinderISCSIHelper} - cinder_iscsi_ip_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} - glance_api_servers: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceApiVirtualIP} - - ':' - - {get_param: GlancePort} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} - enable_package_install: {get_param: EnablePackageInstall} - - # Map heat metadata into hiera datafiles - BlockStorageConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - hierarchy: - - heat_config_%{::deploy_config_name} - - volume_extraconfig - - extraconfig - - volume - - all_nodes # provided by allNodesConfig - - '"%{::osfamily}"' - - common - datafiles: - common: - raw_data: {get_file: hieradata/common.yaml} - volume_extraconfig: - mapped_data: {get_param: BlockStorageExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - volume: - raw_data: {get_file: hieradata/volume.yaml} - mapped_data: - # Cinder - cinder::debug: {get_input: debug} - cinder::setup_test_volume::size: {get_input: cinder_lvm_loop_device_size} - cinder_iscsi_helper: {get_input: cinder_iscsi_helper} - cinder::database_connection: {get_input: cinder_dsn} - cinder::rabbit_userid: {get_input: rabbit_username} - cinder::rabbit_password: {get_input: rabbit_password} - cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - cinder::rabbit_port: {get_input: rabbit_client_port} - cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend} - cinder_iscsi_ip_address: {get_input: cinder_iscsi_ip_address} - cinder::glance::glance_api_servers: {get_input: glance_api_servers} - ntp::servers: {get_input: ntp_servers} - tripleo::packages::enable_install: {get_input: enable_package_install} - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - properties: - config: {get_resource: UpdateConfig} - server: {get_resource: BlockStorage} - input_values: - update_identifier: - get_param: UpdateIdentifier - -outputs: - hosts_entry: - value: - str_replace: - template: "IP HOST.localdomain HOST" - params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]} - HOST: {get_attr: [BlockStorage, name]} - nova_server_resource: - description: Heat resource handle for the block storage server - value: - {get_resource: BlockStorage} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: {get_attr: [BlockStorageDeployment, deploy_stdout]} diff --git a/puppet/cinder-storage.yaml b/puppet/cinder-storage.yaml new file mode 100644 index 00000000..f597512a --- /dev/null +++ b/puppet/cinder-storage.yaml @@ -0,0 +1,298 @@ +heat_template_version: 2015-04-30 +description: 'OpenStack cinder storage configured by Puppet' +parameters: + Image: + default: overcloud-cinder-volume + type: string + CinderEnableIscsiBackend: + default: true + description: Whether to enable or not the Iscsi backend for Cinder + type: boolean + CinderISCSIHelper: + default: tgtadm + description: The iSCSI helper to use with cinder. + type: string + CinderLVMLoopDeviceSize: + default: 5000 + description: The size of the loopback file used by the cinder LVM driver. + type: number + CinderPassword: + default: unset + description: The password for the cinder service and db account, used by cinder-api. + type: string + hidden: true + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + VirtualIP: # deprecated. Use per service VIPs instead. + default: '' + type: string + ExtraConfig: + default: {} + description: | + Additional hiera configuration to inject into the cluster. Note + that BlockStorageExtraConfig takes precedence over ExtraConfig. + type: json + BlockStorageExtraConfig: + default: {} + description: | + Role specific additional hiera configuration to inject into the cluster. + type: json + Flavor: + description: Flavor for block storage nodes to request when deploying. + type: string + constraints: + - custom_constraint: nova.flavor + GlancePort: + default: "9292" + description: Glance port. + type: string + GlanceProtocol: + default: http + description: Protocol to use when connecting to glance, set to https for SSL. + type: string + KeyName: + default: default + description: Name of an existing EC2 KeyPair to enable SSH access to the instances + type: string + RabbitPassword: + default: 'guest' + type: string + RabbitUserName: + default: 'guest' + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + NtpServer: + type: string + default: '' + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation via Puppet + type: boolean + UpdateIdentifier: + default: '' + type: string + description: > + Setting to a previously unused value during stack-update will trigger + package update on all nodes + Hostname: + type: string + default: '' # Defaults to Heat created hostname + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. + type: json + GlanceApiVirtualIP: + type: string + default: '' + MysqlVirtualIP: + type: string + default: '' + +resources: + BlockStorage: + type: OS::Nova::Server + properties: + image: + {get_param: Image} + flavor: {get_param: Flavor} + key_name: {get_param: KeyName} + networks: + - network: ctlplane + user_data_format: SOFTWARE_CONFIG + user_data: {get_resource: UserData} + name: {get_param: Hostname} + + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeUserData: + type: OS::TripleO::NodeUserData + + InternalApiPort: + type: OS::TripleO::BlockStorage::Ports::InternalApiPort + properties: + ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + + StoragePort: + type: OS::TripleO::BlockStorage::Ports::StoragePort + properties: + ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + + StorageMgmtPort: + type: OS::TripleO::BlockStorage::Ports::StorageMgmtPort + properties: + ControlPlaneIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} + + NetworkConfig: + type: OS::TripleO::BlockStorage::Net::SoftwareConfig + properties: + ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} + + NetIpMap: + type: OS::TripleO::Network::Ports::NetIpMap + properties: + ControlPlaneIp: {get_attr: [BlockStorage, networks, ctlplane, 0]} + InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + StorageIp: {get_attr: [StoragePort, ip_address]} + StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + + NetworkDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + config: {get_resource: NetworkConfig} + server: {get_resource: BlockStorage} + + BlockStorageDeployment: + type: OS::Heat::StructuredDeployment + depends_on: NetworkDeployment + properties: + server: {get_resource: BlockStorage} + config: {get_resource: BlockStorageConfig} + input_values: + debug: {get_param: Debug} + cinder_dsn: {list_join: ['', ['mysql://cinder:', {get_param: CinderPassword}, '@', {get_param: MysqlVirtualIP} , '/cinder']]} + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + cinder_lvm_loop_device_size: + str_replace: + template: sizeM + params: + size: {get_param: CinderLVMLoopDeviceSize} + cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} + cinder_iscsi_helper: {get_param: CinderISCSIHelper} + cinder_iscsi_ip_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} + glance_api_servers: + list_join: + - '' + - - {get_param: GlanceProtocol} + - '://' + - {get_param: GlanceApiVirtualIP} + - ':' + - {get_param: GlancePort} + rabbit_username: {get_param: RabbitUserName} + rabbit_password: {get_param: RabbitPassword} + rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} + rabbit_client_port: {get_param: RabbitClientPort} + ntp_servers: + str_replace: + template: '["server"]' + params: + server: {get_param: NtpServer} + enable_package_install: {get_param: EnablePackageInstall} + + # Map heat metadata into hiera datafiles + BlockStorageConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + hierarchy: + - heat_config_%{::deploy_config_name} + - volume_extraconfig + - extraconfig + - volume + - all_nodes # provided by allNodesConfig + - '"%{::osfamily}"' + - common + datafiles: + common: + raw_data: {get_file: hieradata/common.yaml} + volume_extraconfig: + mapped_data: {get_param: BlockStorageExtraConfig} + extraconfig: + mapped_data: {get_param: ExtraConfig} + volume: + raw_data: {get_file: hieradata/volume.yaml} + mapped_data: + # Cinder + cinder::debug: {get_input: debug} + cinder::setup_test_volume::size: {get_input: cinder_lvm_loop_device_size} + cinder_iscsi_helper: {get_input: cinder_iscsi_helper} + cinder::database_connection: {get_input: cinder_dsn} + cinder::rabbit_userid: {get_input: rabbit_username} + cinder::rabbit_password: {get_input: rabbit_password} + cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + cinder::rabbit_port: {get_input: rabbit_client_port} + cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend} + cinder_iscsi_ip_address: {get_input: cinder_iscsi_ip_address} + cinder::glance::glance_api_servers: {get_input: glance_api_servers} + ntp::servers: {get_input: ntp_servers} + tripleo::packages::enable_install: {get_input: enable_package_install} + snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} + snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} + + UpdateConfig: + type: OS::TripleO::Tasks::PackageUpdate + + UpdateDeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: UpdateConfig} + server: {get_resource: BlockStorage} + input_values: + update_identifier: + get_param: UpdateIdentifier + +outputs: + hosts_entry: + value: + str_replace: + template: "IP HOST.localdomain HOST" + params: + IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, BlockStorageHostnameResolveNetwork]}]} + HOST: {get_attr: [BlockStorage, name]} + nova_server_resource: + description: Heat resource handle for the block storage server + value: + {get_resource: BlockStorage} + internal_api_ip_address: + description: IP address of the server in the internal_api network + value: {get_attr: [InternalApiPort, ip_address]} + storage_ip_address: + description: IP address of the server in the storage network + value: {get_attr: [StoragePort, ip_address]} + storage_mgmt_ip_address: + description: IP address of the server in the storage_mgmt network + value: {get_attr: [StorageMgmtPort, ip_address]} + config_identifier: + description: identifier which changes if the node configuration may need re-applying + value: {get_attr: [BlockStorageDeployment, deploy_stdout]} diff --git a/puppet/compute-post-puppet.yaml b/puppet/compute-post-puppet.yaml deleted file mode 100644 index b4a6126b..00000000 --- a/puppet/compute-post-puppet.yaml +++ /dev/null @@ -1,40 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - OpenStack compute node post deployment for Puppet. - -parameters: - servers: - type: json - NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - - -resources: - - ComputePuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - outputs: - - name: result - config: - get_file: manifests/overcloud_compute.pp - - ComputePuppetDeployment: - type: OS::Heat::StructuredDeployments - properties: - servers: {get_param: servers} - config: {get_resource: ComputePuppetConfig} - input_values: - update_identifier: {get_param: NodeConfigIdentifiers} - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - ExtraConfig: - depends_on: ComputePuppetDeployment - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: servers} - diff --git a/puppet/compute-post.yaml b/puppet/compute-post.yaml new file mode 100644 index 00000000..b4a6126b --- /dev/null +++ b/puppet/compute-post.yaml @@ -0,0 +1,40 @@ +heat_template_version: 2015-04-30 + +description: > + OpenStack compute node post deployment for Puppet. + +parameters: + servers: + type: json + NodeConfigIdentifiers: + type: json + description: Value which changes if the node configuration may need to be re-applied + + +resources: + + ComputePuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + outputs: + - name: result + config: + get_file: manifests/overcloud_compute.pp + + ComputePuppetDeployment: + type: OS::Heat::StructuredDeployments + properties: + servers: {get_param: servers} + config: {get_resource: ComputePuppetConfig} + input_values: + update_identifier: {get_param: NodeConfigIdentifiers} + + # Note, this should come last, so use depends_on to ensure + # this is created after any other resources. + ExtraConfig: + depends_on: ComputePuppetDeployment + type: OS::TripleO::NodeExtraConfigPost + properties: + servers: {get_param: servers} + diff --git a/puppet/compute-puppet.yaml b/puppet/compute-puppet.yaml deleted file mode 100644 index 3f730994..00000000 --- a/puppet/compute-puppet.yaml +++ /dev/null @@ -1,564 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - OpenStack hypervisor node configured via Puppet. - -parameters: - AdminPassword: - default: unset - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - CeilometerComputeAgent: - description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly - type: string - default: '' - constraints: - - allowed_values: ['', Present] - CeilometerMeteringSecret: - default: unset - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - default: unset - description: The password for the ceilometer service account. - type: string - hidden: true - CinderEnableNfsBackend: - default: false - description: Whether to enable or not the NFS backend for Cinder - type: boolean - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that NovaComputeExtraConfig takes precedence over ExtraConfig. - type: json - Flavor: - description: Flavor for the nova compute node - type: string - constraints: - - custom_constraint: nova.flavor - GlanceHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string - Image: - type: string - default: overcloud-compute - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - default: default - constraints: - - custom_constraint: nova.keypair - KeystoneAdminApiVirtualIP: - type: string - default: '' - KeystonePublicApiVirtualIP: - type: string - default: '' - NeutronBridgeMappings: - description: > - The OVS logical->physical bridge mappings to use. See the Neutron - documentation for details. Defaults to mapping br-ex - the external - bridge on hosts - to a physical name 'datacentre' which can be used - to create provider networks (and we use this for the default floating - network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name. - type: string - default: "datacentre:br-ex" - NeutronEnableTunnelling: - type: string - default: "True" - NeutronFlatNetworks: - type: string - default: 'datacentre' - description: > - If set, flat networks to configure in neutron plugins. - NeutronHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - NeutronNetworkType: - type: string - description: The tenant network type for Neutron, either gre or vxlan. - default: 'vxlan' - NeutronNetworkVLANRanges: - default: 'datacentre' - description: > - The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). - type: comma_delimited_list - NeutronPassword: - default: unset - description: The password for the neutron service account, used by neutron agents. - type: string - hidden: true - NeutronPhysicalBridge: - default: 'br-ex' - description: An OVS bridge to create for accessing external networks. - type: string - NeutronPublicInterface: - default: nic1 - description: A port to add to the NeutronPhysicalBridge. - type: string - NeutronTunnelTypes: - type: string - description: | - The tunnel types for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'gre,vxlan' - default: 'vxlan' - NeutronTunnelIdRanges: - description: | - Comma-separated list of : tuples enumerating ranges - of GRE tunnel IDs that are available for tenant network allocation - default: ["1:1000", ] - type: comma_delimited_list - NeutronVniRanges: - description: | - Comma-separated list of : tuples enumerating ranges - of VXLAN VNI IDs that are available for tenant network allocation - default: ["1:1000", ] - type: comma_delimited_list - NeutronPublicInterfaceRawDevice: - default: '' - type: string - NeutronDVR: - default: 'False' - type: string - NeutronMetadataProxySharedSecret: - default: 'unset' - description: Shared secret to prevent spoofing - type: string - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'openvswitch,l2_population' - type: string - # Not relevant for Computes, should be removed - NeutronAllowL3AgentFailover: - default: 'True' - description: Allow automatic l3-agent failover - type: string - # Not relevant for Computes, should be removed - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string - NeutronAgentMode: - default: 'dvr_snat' - description: Agent mode for the neutron-l3-agent on the controller hosts - type: string - NovaApiHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - NovaComputeDriver: - type: string - default: libvirt.LibvirtDriver - NovaComputeExtraConfig: - default: {} - description: | - NovaCompute specific configuration to inject into the cluster. Same - structure as ExtraConfig. - type: json - NovaComputeLibvirtType: - type: string - default: '' - NovaEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Nova - type: boolean - NovaPassword: - default: unset - description: The password for the nova service account, used by nova-api. - type: string - hidden: true - NovaPublicIP: - type: string - default: '' # Has to be here because of the ignored empty value bug - NtpServer: - type: string - default: '' - RabbitHost: - type: string - default: '' # Has to be here because of the ignored empty value bug - RabbitPassword: - default: guest - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - -resources: - - NovaCompute: - type: OS::Nova::Server - properties: - image: - {get_param: Image} - image_update_policy: - get_param: ImageUpdatePolicy - flavor: {get_param: Flavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: {get_param: Hostname} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - InternalApiPort: - type: OS::TripleO::Compute::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - - StoragePort: - type: OS::TripleO::Compute::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - - TenantPort: - type: OS::TripleO::Compute::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - StorageIp: {get_attr: [StoragePort, ip_address]} - TenantIp: {get_attr: [TenantPort, ip_address]} - - NetworkConfig: - type: OS::TripleO::Compute::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - properties: - config: {get_resource: NetworkConfig} - server: {get_resource: NovaCompute} - input_values: - bridge_name: {get_param: NeutronPhysicalBridge} - interface_name: {get_param: NeutronPublicInterface} - - NovaComputeConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - hierarchy: - - heat_config_%{::deploy_config_name} - - compute_extraconfig - - extraconfig - - compute - - ceph_cluster # provided by CephClusterConfig - - ceph - - all_nodes # provided by allNodesConfig - - '"%{::osfamily}"' - - common - datafiles: - compute_extraconfig: - mapped_data: {get_param: NovaComputeExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - common: - raw_data: {get_file: hieradata/common.yaml} - ceph: - raw_data: {get_file: hieradata/ceph.yaml} - compute: - raw_data: {get_file: hieradata/compute.yaml} - mapped_data: - cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} - nova::debug: {get_input: debug} - nova::rabbit_userid: {get_input: rabbit_username} - nova::rabbit_password: {get_input: rabbit_password} - nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - nova::rabbit_port: {get_input: rabbit_client_port} - nova_compute_driver: {get_input: nova_compute_driver} - nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} - nova_api_host: {get_input: nova_api_host} - nova::compute::vncproxy_host: {get_input: nova_public_ip} - nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend} - nova_password: {get_input: nova_password} - nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address} - ceilometer::debug: {get_input: debug} - ceilometer::rabbit_userid: {get_input: rabbit_username} - ceilometer::rabbit_password: {get_input: rabbit_password} - ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - ceilometer::rabbit_port: {get_input: rabbit_client_port} - ceilometer::metering_secret: {get_input: ceilometer_metering_secret} - ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} - ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url} - ceilometer_compute_agent: {get_input: ceilometer_compute_agent} - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - nova::glance_api_servers: {get_input: glance_api_servers} - neutron::debug: {get_input: debug} - neutron::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_user: {get_input: rabbit_user} - neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - neutron::rabbit_port: {get_input: rabbit_client_port} - neutron_flat_networks: {get_input: neutron_flat_networks} - neutron_host: {get_input: neutron_host} - neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} - - neutron_tenant_network_type: {get_input: neutron_tenant_network_type} - neutron_tunnel_types: {get_input: neutron_tunnel_types} - neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} - neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} - neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} - neutron_bridge_mappings: {get_input: neutron_bridge_mappings} - neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} - neutron_physical_bridge: {get_input: neutron_physical_bridge} - neutron_public_interface: {get_input: neutron_public_interface} - nova::network::neutron::neutron_admin_password: {get_input: neutron_password} - nova::network::neutron::neutron_url: {get_input: neutron_url} - nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} - neutron_router_distributed: {get_input: neutron_router_distributed} - neutron_agent_mode: {get_input: neutron_agent_mode} - neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} - neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers} - neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} - admin_password: {get_input: admin_password} - ntp::servers: {get_input: ntp_servers} - tripleo::packages::enable_install: {get_input: enable_package_install} - - NovaComputeDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: NetworkDeployment - properties: - config: {get_resource: NovaComputeConfig} - server: {get_resource: NovaCompute} - input_values: - cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} - debug: {get_param: Debug} - nova_compute_driver: {get_param: NovaComputeDriver} - nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType} - nova_public_ip: {get_param: NovaPublicIP} - nova_api_host: {get_param: NovaApiHost} - nova_password: {get_param: NovaPassword} - nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend} - nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]} - ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} - ceilometer_password: {get_param: CeilometerPassword} - ceilometer_compute_agent: {get_param: CeilometerComputeAgent} - ceilometer_agent_auth_url: - list_join: - - '' - - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} - - ':5000/v2.0' - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - glance_api_servers: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceHost} - - ':' - - {get_param: GlancePort} - neutron_flat_networks: {get_param: NeutronFlatNetworks} - neutron_host: {get_param: NeutronHost} - neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} - neutron_tenant_network_type: {get_param: NeutronNetworkType} - neutron_tunnel_types: {get_param: NeutronTunnelTypes} - neutron_tunnel_id_ranges: - str_replace: - template: "['RANGES']" - params: - RANGES: - list_join: - - "','" - - {get_param: NeutronTunnelIdRanges} - neutron_vni_ranges: - str_replace: - template: "['RANGES']" - params: - RANGES: - list_join: - - "','" - - {get_param: NeutronVniRanges} - neutron_network_vlan_ranges: - str_replace: - template: "['RANGES']" - params: - RANGES: - list_join: - - "','" - - {get_param: NeutronNetworkVLANRanges} - neutron_bridge_mappings: {get_param: NeutronBridgeMappings} - neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} - neutron_physical_bridge: {get_param: NeutronPhysicalBridge} - neutron_public_interface: {get_param: NeutronPublicInterface} - neutron_password: {get_param: NeutronPassword} - neutron_agent_mode: {get_param: NeutronAgentMode} - neutron_router_distributed: {get_param: NeutronDVR} - neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} - neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} - neutron_url: - list_join: - - '' - - - 'http://' - - {get_param: NeutronHost} - - ':9696' - neutron_admin_auth_url: - list_join: - - '' - - - 'http://' - - {get_param: KeystoneAdminApiVirtualIP} - - ':35357/v2.0' - admin_password: {get_param: AdminPassword} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_client_port: {get_param: RabbitClientPort} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} - enable_package_install: {get_param: EnablePackageInstall} - - # Hook for site-specific additional pre-deployment config, e.g extra hieradata - ComputeExtraConfigPre: - depends_on: NovaComputeDeployment - type: OS::TripleO::ComputeExtraConfigPre - properties: - server: {get_resource: NovaCompute} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - properties: - config: {get_resource: UpdateConfig} - server: {get_resource: NovaCompute} - input_values: - update_identifier: - get_param: UpdateIdentifier - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [NovaCompute, networks, ctlplane, 0]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - hostname: - description: Hostname of the server - value: {get_attr: [NovaCompute, name]} - hosts_entry: - description: > - Server's IP address and hostname in the /etc/hosts format - value: - str_replace: - template: "IP HOST.localdomain HOST" - params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]} - HOST: {get_attr: [NovaCompute, name]} - nova_server_resource: - description: Heat resource handle for the Nova compute server - value: - {get_resource: NovaCompute} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: - list_join: - - ',' - - - {get_attr: [NovaComputeDeployment, deploy_stdout]} - - {get_attr: [ComputeExtraConfigPre, deploy_stdout]} diff --git a/puppet/compute.yaml b/puppet/compute.yaml new file mode 100644 index 00000000..3f730994 --- /dev/null +++ b/puppet/compute.yaml @@ -0,0 +1,564 @@ +heat_template_version: 2015-04-30 + +description: > + OpenStack hypervisor node configured via Puppet. + +parameters: + AdminPassword: + default: unset + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + CeilometerComputeAgent: + description: Indicates whether the Compute agent is present and expects nova-compute to be configured accordingly + type: string + default: '' + constraints: + - allowed_values: ['', Present] + CeilometerMeteringSecret: + default: unset + description: Secret shared by the ceilometer services. + type: string + hidden: true + CeilometerPassword: + default: unset + description: The password for the ceilometer service account. + type: string + hidden: true + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + ExtraConfig: + default: {} + description: | + Additional hiera configuration to inject into the cluster. Note + that NovaComputeExtraConfig takes precedence over ExtraConfig. + type: json + Flavor: + description: Flavor for the nova compute node + type: string + constraints: + - custom_constraint: nova.flavor + GlanceHost: + type: string + default: '' # Has to be here because of the ignored empty value bug + GlancePort: + default: "9292" + description: Glance port. + type: string + GlanceProtocol: + default: http + description: Protocol to use when connecting to glance, set to https for SSL. + type: string + Image: + type: string + default: overcloud-compute + constraints: + - custom_constraint: glance.image + ImageUpdatePolicy: + default: 'REBUILD_PRESERVE_EPHEMERAL' + description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. + type: string + KeyName: + description: Name of an existing EC2 KeyPair to enable SSH access to the instances + type: string + default: default + constraints: + - custom_constraint: nova.keypair + KeystoneAdminApiVirtualIP: + type: string + default: '' + KeystonePublicApiVirtualIP: + type: string + default: '' + NeutronBridgeMappings: + description: > + The OVS logical->physical bridge mappings to use. See the Neutron + documentation for details. Defaults to mapping br-ex - the external + bridge on hosts - to a physical name 'datacentre' which can be used + to create provider networks (and we use this for the default floating + network) - if changing this either use different post-install network + scripts or be sure to keep 'datacentre' as a mapping network name. + type: string + default: "datacentre:br-ex" + NeutronEnableTunnelling: + type: string + default: "True" + NeutronFlatNetworks: + type: string + default: 'datacentre' + description: > + If set, flat networks to configure in neutron plugins. + NeutronHost: + type: string + default: '' # Has to be here because of the ignored empty value bug + NeutronNetworkType: + type: string + description: The tenant network type for Neutron, either gre or vxlan. + default: 'vxlan' + NeutronNetworkVLANRanges: + default: 'datacentre' + description: > + The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the + Neutron documentation for permitted values. Defaults to permitting any + VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). + type: comma_delimited_list + NeutronPassword: + default: unset + description: The password for the neutron service account, used by neutron agents. + type: string + hidden: true + NeutronPhysicalBridge: + default: 'br-ex' + description: An OVS bridge to create for accessing external networks. + type: string + NeutronPublicInterface: + default: nic1 + description: A port to add to the NeutronPhysicalBridge. + type: string + NeutronTunnelTypes: + type: string + description: | + The tunnel types for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'gre,vxlan' + default: 'vxlan' + NeutronTunnelIdRanges: + description: | + Comma-separated list of : tuples enumerating ranges + of GRE tunnel IDs that are available for tenant network allocation + default: ["1:1000", ] + type: comma_delimited_list + NeutronVniRanges: + description: | + Comma-separated list of : tuples enumerating ranges + of VXLAN VNI IDs that are available for tenant network allocation + default: ["1:1000", ] + type: comma_delimited_list + NeutronPublicInterfaceRawDevice: + default: '' + type: string + NeutronDVR: + default: 'False' + type: string + NeutronMetadataProxySharedSecret: + default: 'unset' + description: Shared secret to prevent spoofing + type: string + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'openvswitch,l2_population' + type: string + # Not relevant for Computes, should be removed + NeutronAllowL3AgentFailover: + default: 'True' + description: Allow automatic l3-agent failover + type: string + # Not relevant for Computes, should be removed + NeutronL3HA: + default: 'False' + description: Whether to enable l3-agent HA + type: string + NeutronAgentMode: + default: 'dvr_snat' + description: Agent mode for the neutron-l3-agent on the controller hosts + type: string + NovaApiHost: + type: string + default: '' # Has to be here because of the ignored empty value bug + NovaComputeDriver: + type: string + default: libvirt.LibvirtDriver + NovaComputeExtraConfig: + default: {} + description: | + NovaCompute specific configuration to inject into the cluster. Same + structure as ExtraConfig. + type: json + NovaComputeLibvirtType: + type: string + default: '' + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean + NovaPassword: + default: unset + description: The password for the nova service account, used by nova-api. + type: string + hidden: true + NovaPublicIP: + type: string + default: '' # Has to be here because of the ignored empty value bug + NtpServer: + type: string + default: '' + RabbitHost: + type: string + default: '' # Has to be here because of the ignored empty value bug + RabbitPassword: + default: guest + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation via Puppet + type: boolean + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. + type: json + UpdateIdentifier: + default: '' + type: string + description: > + Setting to a previously unused value during stack-update will trigger + package update on all nodes + Hostname: + type: string + default: '' # Defaults to Heat created hostname + +resources: + + NovaCompute: + type: OS::Nova::Server + properties: + image: + {get_param: Image} + image_update_policy: + get_param: ImageUpdatePolicy + flavor: {get_param: Flavor} + key_name: {get_param: KeyName} + networks: + - network: ctlplane + user_data_format: SOFTWARE_CONFIG + user_data: {get_resource: UserData} + name: {get_param: Hostname} + + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeUserData: + type: OS::TripleO::NodeUserData + + InternalApiPort: + type: OS::TripleO::Compute::Ports::InternalApiPort + properties: + ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + + StoragePort: + type: OS::TripleO::Compute::Ports::StoragePort + properties: + ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + + TenantPort: + type: OS::TripleO::Compute::Ports::TenantPort + properties: + ControlPlaneIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} + + NetIpMap: + type: OS::TripleO::Network::Ports::NetIpMap + properties: + ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} + InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + StorageIp: {get_attr: [StoragePort, ip_address]} + TenantIp: {get_attr: [TenantPort, ip_address]} + + NetworkConfig: + type: OS::TripleO::Compute::Net::SoftwareConfig + properties: + ControlPlaneIp: {get_attr: [NovaCompute, networks, ctlplane, 0]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} + + NetworkDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + config: {get_resource: NetworkConfig} + server: {get_resource: NovaCompute} + input_values: + bridge_name: {get_param: NeutronPhysicalBridge} + interface_name: {get_param: NeutronPublicInterface} + + NovaComputeConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + hierarchy: + - heat_config_%{::deploy_config_name} + - compute_extraconfig + - extraconfig + - compute + - ceph_cluster # provided by CephClusterConfig + - ceph + - all_nodes # provided by allNodesConfig + - '"%{::osfamily}"' + - common + datafiles: + compute_extraconfig: + mapped_data: {get_param: NovaComputeExtraConfig} + extraconfig: + mapped_data: {get_param: ExtraConfig} + common: + raw_data: {get_file: hieradata/common.yaml} + ceph: + raw_data: {get_file: hieradata/ceph.yaml} + compute: + raw_data: {get_file: hieradata/compute.yaml} + mapped_data: + cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} + nova::debug: {get_input: debug} + nova::rabbit_userid: {get_input: rabbit_username} + nova::rabbit_password: {get_input: rabbit_password} + nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + nova::rabbit_port: {get_input: rabbit_client_port} + nova_compute_driver: {get_input: nova_compute_driver} + nova::compute::libvirt::libvirt_virt_type: {get_input: nova_compute_libvirt_type} + nova_api_host: {get_input: nova_api_host} + nova::compute::vncproxy_host: {get_input: nova_public_ip} + nova::compute::rbd::ephemeral_storage: {get_input: nova_enable_rbd_backend} + nova_password: {get_input: nova_password} + nova::compute::vncserver_proxyclient_address: {get_input: nova_vnc_proxyclient_address} + ceilometer::debug: {get_input: debug} + ceilometer::rabbit_userid: {get_input: rabbit_username} + ceilometer::rabbit_password: {get_input: rabbit_password} + ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + ceilometer::rabbit_port: {get_input: rabbit_client_port} + ceilometer::metering_secret: {get_input: ceilometer_metering_secret} + ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} + ceilometer::agent::auth::auth_url: {get_input: ceilometer_agent_auth_url} + ceilometer_compute_agent: {get_input: ceilometer_compute_agent} + snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} + snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} + nova::glance_api_servers: {get_input: glance_api_servers} + neutron::debug: {get_input: debug} + neutron::rabbit_password: {get_input: rabbit_password} + neutron::rabbit_user: {get_input: rabbit_user} + neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + neutron::rabbit_port: {get_input: rabbit_client_port} + neutron_flat_networks: {get_input: neutron_flat_networks} + neutron_host: {get_input: neutron_host} + neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} + + neutron_tenant_network_type: {get_input: neutron_tenant_network_type} + neutron_tunnel_types: {get_input: neutron_tunnel_types} + neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} + neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} + neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} + neutron_bridge_mappings: {get_input: neutron_bridge_mappings} + neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} + neutron_physical_bridge: {get_input: neutron_physical_bridge} + neutron_public_interface: {get_input: neutron_public_interface} + nova::network::neutron::neutron_admin_password: {get_input: neutron_password} + nova::network::neutron::neutron_url: {get_input: neutron_url} + nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} + neutron_router_distributed: {get_input: neutron_router_distributed} + neutron_agent_mode: {get_input: neutron_agent_mode} + neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} + neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers} + neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} + admin_password: {get_input: admin_password} + ntp::servers: {get_input: ntp_servers} + tripleo::packages::enable_install: {get_input: enable_package_install} + + NovaComputeDeployment: + type: OS::TripleO::SoftwareDeployment + depends_on: NetworkDeployment + properties: + config: {get_resource: NovaComputeConfig} + server: {get_resource: NovaCompute} + input_values: + cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} + debug: {get_param: Debug} + nova_compute_driver: {get_param: NovaComputeDriver} + nova_compute_libvirt_type: {get_param: NovaComputeLibvirtType} + nova_public_ip: {get_param: NovaPublicIP} + nova_api_host: {get_param: NovaApiHost} + nova_password: {get_param: NovaPassword} + nova_enable_rbd_backend: {get_param: NovaEnableRbdBackend} + nova_vnc_proxyclient_address: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaVncProxyNetwork]}]} + ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} + ceilometer_password: {get_param: CeilometerPassword} + ceilometer_compute_agent: {get_param: CeilometerComputeAgent} + ceilometer_agent_auth_url: + list_join: + - '' + - - 'http://' + - {get_param: KeystonePublicApiVirtualIP} + - ':5000/v2.0' + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + glance_api_servers: + list_join: + - '' + - - {get_param: GlanceProtocol} + - '://' + - {get_param: GlanceHost} + - ':' + - {get_param: GlancePort} + neutron_flat_networks: {get_param: NeutronFlatNetworks} + neutron_host: {get_param: NeutronHost} + neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} + neutron_tenant_network_type: {get_param: NeutronNetworkType} + neutron_tunnel_types: {get_param: NeutronTunnelTypes} + neutron_tunnel_id_ranges: + str_replace: + template: "['RANGES']" + params: + RANGES: + list_join: + - "','" + - {get_param: NeutronTunnelIdRanges} + neutron_vni_ranges: + str_replace: + template: "['RANGES']" + params: + RANGES: + list_join: + - "','" + - {get_param: NeutronVniRanges} + neutron_network_vlan_ranges: + str_replace: + template: "['RANGES']" + params: + RANGES: + list_join: + - "','" + - {get_param: NeutronNetworkVLANRanges} + neutron_bridge_mappings: {get_param: NeutronBridgeMappings} + neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + neutron_physical_bridge: {get_param: NeutronPhysicalBridge} + neutron_public_interface: {get_param: NeutronPublicInterface} + neutron_password: {get_param: NeutronPassword} + neutron_agent_mode: {get_param: NeutronAgentMode} + neutron_router_distributed: {get_param: NeutronDVR} + neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} + neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} + neutron_url: + list_join: + - '' + - - 'http://' + - {get_param: NeutronHost} + - ':9696' + neutron_admin_auth_url: + list_join: + - '' + - - 'http://' + - {get_param: KeystoneAdminApiVirtualIP} + - ':35357/v2.0' + admin_password: {get_param: AdminPassword} + rabbit_username: {get_param: RabbitUserName} + rabbit_password: {get_param: RabbitPassword} + rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} + rabbit_client_port: {get_param: RabbitClientPort} + ntp_servers: + str_replace: + template: '["server"]' + params: + server: {get_param: NtpServer} + enable_package_install: {get_param: EnablePackageInstall} + + # Hook for site-specific additional pre-deployment config, e.g extra hieradata + ComputeExtraConfigPre: + depends_on: NovaComputeDeployment + type: OS::TripleO::ComputeExtraConfigPre + properties: + server: {get_resource: NovaCompute} + + UpdateConfig: + type: OS::TripleO::Tasks::PackageUpdate + + UpdateDeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: UpdateConfig} + server: {get_resource: NovaCompute} + input_values: + update_identifier: + get_param: UpdateIdentifier + +outputs: + ip_address: + description: IP address of the server in the ctlplane network + value: {get_attr: [NovaCompute, networks, ctlplane, 0]} + internal_api_ip_address: + description: IP address of the server in the internal_api network + value: {get_attr: [InternalApiPort, ip_address]} + storage_ip_address: + description: IP address of the server in the storage network + value: {get_attr: [StoragePort, ip_address]} + tenant_ip_address: + description: IP address of the server in the tenant network + value: {get_attr: [TenantPort, ip_address]} + hostname: + description: Hostname of the server + value: {get_attr: [NovaCompute, name]} + hosts_entry: + description: > + Server's IP address and hostname in the /etc/hosts format + value: + str_replace: + template: "IP HOST.localdomain HOST" + params: + IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ComputeHostnameResolveNetwork]}]} + HOST: {get_attr: [NovaCompute, name]} + nova_server_resource: + description: Heat resource handle for the Nova compute server + value: + {get_resource: NovaCompute} + config_identifier: + description: identifier which changes if the node configuration may need re-applying + value: + list_join: + - ',' + - - {get_attr: [NovaComputeDeployment, deploy_stdout]} + - {get_attr: [ComputeExtraConfigPre, deploy_stdout]} diff --git a/puppet/controller-post-puppet.yaml b/puppet/controller-post-puppet.yaml deleted file mode 100644 index 49cbe1e2..00000000 --- a/puppet/controller-post-puppet.yaml +++ /dev/null @@ -1,102 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - OpenStack controller node post deployment for Puppet. - -parameters: - servers: - type: json - NodeConfigIdentifiers: - type: json - description: Value which changes if the node configuration may need to be re-applied - - -resources: - - ControllerPuppetConfig: - type: OS::TripleO::ControllerConfig - - # Step through a series of Puppet runs using the same manifest. - # NOTE: To enable stepping through the deployments via heat hooks, - # you must observe the glob naming defined in overcloud-steps.yaml - # e.g all Deployment resources should have a *Deployment_StepN suffix - ControllerLoadBalancerDeployment_Step1: - type: OS::Heat::StructuredDeployments - properties: - servers: {get_param: servers} - config: {get_resource: ControllerPuppetConfig} - input_values: - step: 1 - update_identifier: {get_param: NodeConfigIdentifiers} - actions: ['CREATE'] # no need for two passes on an UPDATE - - ControllerServicesBaseDeployment_Step2: - type: OS::Heat::StructuredDeployments - depends_on: ControllerLoadBalancerDeployment_Step1 - properties: - servers: {get_param: servers} - config: {get_resource: ControllerPuppetConfig} - input_values: - step: 2 - update_identifier: {get_param: NodeConfigIdentifiers} - actions: ['CREATE'] # no need for two passes on an UPDATE - - ControllerRingbuilderPuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_hiera: True - enable_facter: False - inputs: - outputs: - - name: result - config: - get_file: manifests/ringbuilder.pp - - ControllerRingbuilderDeployment_Step3: - type: OS::Heat::StructuredDeployments - depends_on: ControllerServicesBaseDeployment_Step2 - properties: - servers: {get_param: servers} - config: {get_resource: ControllerRingbuilderPuppetConfig} - input_values: - update_identifier: {get_param: NodeConfigIdentifiers} - - ControllerOvercloudServicesDeployment_Step4: - type: OS::Heat::StructuredDeployments - depends_on: ControllerRingbuilderDeployment_Step3 - properties: - servers: {get_param: servers} - config: {get_resource: ControllerPuppetConfig} - input_values: - step: 3 - update_identifier: {get_param: NodeConfigIdentifiers} - - ControllerOvercloudServicesDeployment_Step5: - type: OS::Heat::StructuredDeployments - depends_on: ControllerOvercloudServicesDeployment_Step4 - properties: - servers: {get_param: servers} - config: {get_resource: ControllerPuppetConfig} - input_values: - step: 4 - update_identifier: {get_param: NodeConfigIdentifiers} - - ControllerOvercloudServicesDeployment_Step6: - type: OS::Heat::StructuredDeployments - depends_on: ControllerOvercloudServicesDeployment_Step5 - properties: - servers: {get_param: servers} - config: {get_resource: ControllerPuppetConfig} - input_values: - step: 5 - update_identifier: {get_param: NodeConfigIdentifiers} - - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - ExtraConfig: - depends_on: ControllerOvercloudServicesDeployment_Step5 - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: servers} diff --git a/puppet/controller-post.yaml b/puppet/controller-post.yaml new file mode 100644 index 00000000..49cbe1e2 --- /dev/null +++ b/puppet/controller-post.yaml @@ -0,0 +1,102 @@ +heat_template_version: 2015-04-30 + +description: > + OpenStack controller node post deployment for Puppet. + +parameters: + servers: + type: json + NodeConfigIdentifiers: + type: json + description: Value which changes if the node configuration may need to be re-applied + + +resources: + + ControllerPuppetConfig: + type: OS::TripleO::ControllerConfig + + # Step through a series of Puppet runs using the same manifest. + # NOTE: To enable stepping through the deployments via heat hooks, + # you must observe the glob naming defined in overcloud-steps.yaml + # e.g all Deployment resources should have a *Deployment_StepN suffix + ControllerLoadBalancerDeployment_Step1: + type: OS::Heat::StructuredDeployments + properties: + servers: {get_param: servers} + config: {get_resource: ControllerPuppetConfig} + input_values: + step: 1 + update_identifier: {get_param: NodeConfigIdentifiers} + actions: ['CREATE'] # no need for two passes on an UPDATE + + ControllerServicesBaseDeployment_Step2: + type: OS::Heat::StructuredDeployments + depends_on: ControllerLoadBalancerDeployment_Step1 + properties: + servers: {get_param: servers} + config: {get_resource: ControllerPuppetConfig} + input_values: + step: 2 + update_identifier: {get_param: NodeConfigIdentifiers} + actions: ['CREATE'] # no need for two passes on an UPDATE + + ControllerRingbuilderPuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: puppet + options: + enable_hiera: True + enable_facter: False + inputs: + outputs: + - name: result + config: + get_file: manifests/ringbuilder.pp + + ControllerRingbuilderDeployment_Step3: + type: OS::Heat::StructuredDeployments + depends_on: ControllerServicesBaseDeployment_Step2 + properties: + servers: {get_param: servers} + config: {get_resource: ControllerRingbuilderPuppetConfig} + input_values: + update_identifier: {get_param: NodeConfigIdentifiers} + + ControllerOvercloudServicesDeployment_Step4: + type: OS::Heat::StructuredDeployments + depends_on: ControllerRingbuilderDeployment_Step3 + properties: + servers: {get_param: servers} + config: {get_resource: ControllerPuppetConfig} + input_values: + step: 3 + update_identifier: {get_param: NodeConfigIdentifiers} + + ControllerOvercloudServicesDeployment_Step5: + type: OS::Heat::StructuredDeployments + depends_on: ControllerOvercloudServicesDeployment_Step4 + properties: + servers: {get_param: servers} + config: {get_resource: ControllerPuppetConfig} + input_values: + step: 4 + update_identifier: {get_param: NodeConfigIdentifiers} + + ControllerOvercloudServicesDeployment_Step6: + type: OS::Heat::StructuredDeployments + depends_on: ControllerOvercloudServicesDeployment_Step5 + properties: + servers: {get_param: servers} + config: {get_resource: ControllerPuppetConfig} + input_values: + step: 5 + update_identifier: {get_param: NodeConfigIdentifiers} + + # Note, this should come last, so use depends_on to ensure + # this is created after any other resources. + ExtraConfig: + depends_on: ControllerOvercloudServicesDeployment_Step5 + type: OS::TripleO::NodeExtraConfigPost + properties: + servers: {get_param: servers} diff --git a/puppet/controller-puppet.yaml b/puppet/controller-puppet.yaml deleted file mode 100644 index 084fe3d1..00000000 --- a/puppet/controller-puppet.yaml +++ /dev/null @@ -1,1244 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - OpenStack controller node configured by Puppet. - -parameters: - AdminPassword: - default: unset - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - AdminToken: - default: unset - description: The keystone auth secret and db password. - type: string - hidden: true - CeilometerBackend: - default: 'mongodb' - description: The ceilometer backend type. - type: string - CeilometerMeteringSecret: - default: unset - description: Secret shared by the ceilometer services. - type: string - hidden: true - CeilometerPassword: - default: unset - description: The password for the ceilometer service and db account. - type: string - hidden: true - CinderEnableNfsBackend: - default: false - description: Whether to enable or not the NFS backend for Cinder - type: boolean - CinderEnableIscsiBackend: - default: true - description: Whether to enable or not the Iscsi backend for Cinder - type: boolean - CinderEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Cinder - type: boolean - CinderISCSIHelper: - default: tgtadm - description: The iSCSI helper to use with cinder. - type: string - CinderLVMLoopDeviceSize: - default: 5000 - description: The size of the loopback file used by the cinder LVM driver. - type: number - CinderNfsMountOptions: - default: '' - description: > - Mount options for NFS mounts used by Cinder NFS backend. Effective - when CinderEnableNfsBackend is true. - type: string - CinderNfsServers: - default: '' - description: > - NFS servers used by Cinder NFS backend. Effective when - CinderEnableNfsBackend is true. - type: comma_delimited_list - CinderPassword: - default: unset - description: The password for the cinder service and db account, used by cinder-api. - type: string - hidden: true - CinderBackendConfig: - default: {} - description: Contains parameters to configure Cinder backends. Typically - set via parameter_defaults in the resource registry. - type: json - CloudName: - default: '' - description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org - type: string - ControllerExtraConfig: - default: {} - description: | - Controller specific hiera configuration data to inject into the cluster. - type: json - ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. - type: string - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - EnableFencing: - default: false - description: Whether to enable fencing in Pacemaker or not. - type: boolean - EnableGalera: - default: true - description: Whether to use Galera instead of regular MariaDB. - type: boolean - EnableCephStorage: - default: false - description: Whether to deploy Ceph Storage (OSD) on the Controller - type: boolean - EnableSwiftStorage: - default: true - description: Whether to enable Swift Storage on the Controller - type: boolean - ExtraConfig: - default: {} - description: | - Additional hieradata to inject into the cluster, note that - ControllerExtraConfig takes precedence over ExtraConfig. - type: json - FencingConfig: - default: {} - description: | - Pacemaker fencing configuration. The JSON should have - the following structure: - { - "devices": [ - { - "agent": "AGENT_NAME", - "host_mac": "HOST_MAC_ADDRESS", - "params": {"PARAM_NAME": "PARAM_VALUE"} - } - ] - } - For instance: - { - "devices": [ - { - "agent": "fence_xvm", - "host_mac": "52:54:00:aa:bb:cc", - "params": { - "multicast_address": "225.0.0.12", - "port": "baremetal_0", - "manage_fw": true, - "manage_key_file": true, - "key_file": "/etc/fence_xvm.key", - "key_file_password": "abcdef" - } - } - ] - } - type: json - Flavor: - description: Flavor for control nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - GlanceNotifierStrategy: - description: Strategy to use for Glance notification queue - type: string - default: noop - GlanceLogFile: - description: The filepath of the file to use for logging messages from Glance. - type: string - default: '' - GlancePassword: - default: unset - description: The password for the glance service and db account, used by the glance services. - type: string - hidden: true - GlancePort: - default: "9292" - description: Glance port. - type: string - GlanceProtocol: - default: http - description: Protocol to use when connecting to glance, set to https for SSL. - type: string - GlanceBackend: - default: swift - description: The short name of the Glance backend to use. Should be one - of swift, rbd, or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] - HeatPassword: - default: unset - description: The password for the Heat service and db account, used by the Heat services. - type: string - hidden: true - HeatStackDomainAdminPassword: - description: Password for heat_domain_admin user. - type: string - default: '' - hidden: true - HeatAuthEncryptionKey: - description: Auth encryption key for heat-engine - type: string - HorizonSecret: - description: Secret key for Django - type: string - Image: - type: string - default: overcloud-control - constraints: - - custom_constraint: glance.image - ImageUpdatePolicy: - default: 'REBUILD_PRESERVE_EPHEMERAL' - description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. - type: string - KeyName: - default: default - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - constraints: - - custom_constraint: nova.keypair - KeystoneCACertificate: - default: '' - description: Keystone self-signed certificate authority certificate. - type: string - KeystoneSigningCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSigningKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneSSLCertificate: - default: '' - description: Keystone certificate for verifying token validity. - type: string - KeystoneSSLCertificateKey: - default: '' - description: Keystone key for signing tokens. - type: string - hidden: true - KeystoneNotificationDriver: - description: Comma-separated list of Oslo notification drivers used by Keystone - default: ['messaging'] - type: comma_delimited_list - KeystoneNotificationFormat: - description: The Keystone notification format - default: 'basic' - type: string - constraints: - - allowed_values: [ 'basic', 'cadf' ] - MysqlClusterUniquePart: - description: A unique identifier of the MySQL cluster the controller is in. - type: string - default: 'unset' # Has to be here because of the ignored empty value bug - # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446 - # constraints: - # - length: {min: 4, max: 10} - MysqlInnodbBufferPoolSize: - description: > - Specifies the size of the buffer pool in megabytes. Setting to - zero should be interpreted as "no value" and will defer to the - lower level default. - type: number - default: 0 - MysqlMaxConnections: - description: Configures MySQL max_connections config setting - type: number - default: 4096 - MysqlRootPassword: - type: string - hidden: true - default: '' # Has to be here because of the ignored empty value bug - NeutronExternalNetworkBridge: - description: Name of bridge used for external network traffic. - type: string - default: 'br-ex' - NeutronBridgeMappings: - description: > - The OVS logical->physical bridge mappings to use. See the Neutron - documentation for details. Defaults to mapping br-ex - the external - bridge on hosts - to a physical name 'datacentre' which can be used - to create provider networks (and we use this for the default floating - network) - if changing this either use different post-install network - scripts or be sure to keep 'datacentre' as a mapping network name. - type: string - default: "datacentre:br-ex" - NeutronDnsmasqOptions: - default: 'dhcp-option-force=26,1400' - description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. - type: string - NeutronAgentMode: - default: 'dvr_snat' - description: Agent mode for the neutron-l3-agent on the controller hosts - type: string - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string - NeutronDhcpAgentsPerNetwork: - type: number - default: 3 - description: The number of neutron dhcp agents to schedule per network - NeutronDVR: - default: 'False' - description: Whether to configure Neutron Distributed Virtual Routers - type: string - NeutronMetadataProxySharedSecret: - default: 'unset' - description: Shared secret to prevent spoofing - type: string - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'openvswitch,l2_population' - type: string - NeutronAllowL3AgentFailover: - default: 'True' - description: Allow automatic l3-agent failover - type: string - NeutronEnableTunnelling: - type: string - default: "True" - NeutronFlatNetworks: - type: string - default: 'datacentre' - description: If set, flat networks to configure in neutron plugins. - NeutronL3HA: - default: 'False' - description: Whether to enable l3-agent HA - type: string - NeutronNetworkType: - default: 'vxlan' - description: The tenant network type for Neutron, either gre or vxlan. - type: string - NeutronNetworkVLANRanges: - default: 'datacentre' - description: > - The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). - type: comma_delimited_list - NeutronPassword: - default: unset - description: The password for the neutron service and db account, used by neutron agents. - type: string - hidden: true - NeutronPublicInterface: - default: nic1 - description: What interface to bridge onto br-ex for network nodes. - type: string - NeutronPublicInterfaceTag: - default: '' - description: > - VLAN tag for creating a public VLAN. The tag will be used to - create an access port on the exterior bridge for each control plane node, - and that port will be given the IP address returned by neutron from the - public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling - overcloud.yaml to include the deployment of VLAN ports to the control - plane. - type: string - NeutronPublicInterfaceDefaultRoute: - default: '' - description: A custom default route for the NeutronPublicInterface. - type: string - NeutronPublicInterfaceIP: - default: '' - description: A custom IP address to put onto the NeutronPublicInterface. - type: string - NeutronPublicInterfaceRawDevice: - default: '' - description: If set, the public interface is a vlan with this device as the raw device. - type: string - NeutronTunnelTypes: - default: 'vxlan' - description: | - The tunnel types for the Neutron tenant network. To specify multiple - values, use a comma separated string, like so: 'gre,vxlan' - type: string - NeutronTunnelIdRanges: - description: | - Comma-separated list of : tuples enumerating ranges - of GRE tunnel IDs that are available for tenant network allocation - default: ["1:1000", ] - type: comma_delimited_list - NeutronVniRanges: - description: | - Comma-separated list of : tuples enumerating ranges - of VXLAN VNI IDs that are available for tenant network allocation - default: ["1:1000", ] - type: comma_delimited_list - NovaPassword: - default: unset - description: The password for the nova service and db account, used by nova-api. - type: string - hidden: true - MongoDbNoJournal: - default: false - description: Should MongoDb journaling be disabled - type: boolean - NtpServer: - type: string - default: '' - PcsdPassword: - type: string - description: The password for the 'pcsd' user. - PublicVirtualInterface: - default: 'br-ex' - description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. - type: string - PublicVirtualIP: # DEPRECATED: use per service settings instead - type: string - default: '' # Has to be here because of the ignored empty value bug - RabbitCookie: - type: string - default: '' # Has to be here because of the ignored empty value bug - hidden: true - RabbitPassword: - default: guest - description: The password for RabbitMQ - type: string - hidden: true - RabbitUserName: - default: guest - description: The username for RabbitMQ - type: string - RabbitClientUseSSL: - default: false - description: > - Rabbit client subscriber parameter to specify - an SSL connection to the RabbitMQ host. - type: string - RabbitClientPort: - default: 5672 - description: Set rabbit subscriber port, change this if using SSL - type: number - RedisVirtualIP: - type: string - default: '' # Has to be here because of the ignored empty value bug - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - SSLCACertificate: - default: '' - description: If set, the contents of an SSL certificate authority file. - type: string - SSLCertificate: - default: '' - description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints. - type: string - hidden: true - SSLKey: - default: '' - description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. - type: string - hidden: true - SwiftHashSuffix: - default: unset - description: A random string to be used as a salt when hashing to determine mappings - in the ring. - hidden: true - type: string - SwiftMountCheck: - default: 'false' - description: Value of mount_check in Swift account/container/object -server.conf - type: boolean - SwiftMinPartHours: - type: number - default: 1 - description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. - SwiftPartPower: - default: 10 - description: Partition Power to use when building Swift rings - type: number - SwiftPassword: - default: unset - description: The password for the swift service account, used by the swift proxy - services. - hidden: true - type: string - SwiftReplicas: - type: number - default: 3 - description: How many replicas to use in the swift rings. - VirtualIP: # DEPRECATED: use per service settings instead - type: string - default: '' # Has to be here because of the ignored empty value bug - HeatApiVirtualIP: - type: string - default: '' - GlanceApiVirtualIP: - type: string - default: '' - MysqlVirtualIP: - type: string - default: '' - KeystoneAdminApiVirtualIP: - type: string - default: '' - KeystonePublicApiVirtualIP: - type: string - default: '' - NeutronApiVirtualIP: - type: string - default: '' - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - Hostname: - type: string - default: '' # Defaults to Heat created hostname - -resources: - - Controller: - type: OS::Nova::Server - properties: - image: {get_param: Image} - image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: Flavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: {get_param: Hostname} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - ExternalPort: - type: OS::TripleO::Controller::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - InternalApiPort: - type: OS::TripleO::Controller::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - StoragePort: - type: OS::TripleO::Controller::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - StorageMgmtPort: - type: OS::TripleO::Controller::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - TenantPort: - type: OS::TripleO::Controller::Ports::TenantPort - properties: - ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - TenantIp: {get_attr: [TenantPort, ip_address]} - - NetIpSubnetMap: - type: OS::TripleO::Network::Ports::NetIpSubnetMap - properties: - ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - - NetworkConfig: - type: OS::TripleO::Controller::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - properties: - config: {get_resource: NetworkConfig} - server: {get_resource: Controller} - input_values: - bridge_name: br-ex - interface_name: {get_param: NeutronPublicInterface} - - ControllerDeployment: - type: OS::TripleO::SoftwareDeployment - depends_on: NetworkDeployment - properties: - config: {get_resource: ControllerConfig} - server: {get_resource: Controller} - input_values: - bootstack_nodeid: {get_attr: [Controller, name]} - neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} - heat.watch_server_url: - list_join: - - '' - - - 'http://' - - {get_param: HeatApiVirtualIP} - - ':8003' - heat.metadata_server_url: - list_join: - - '' - - - 'http://' - - {get_param: HeatApiVirtualIP} - - ':8000' - heat.waitcondition_server_url: - list_join: - - '' - - - 'http://' - - {get_param: HeatApiVirtualIP} - - ':8000/v1/waitcondition' - heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} - horizon_secret: {get_param: HorizonSecret} - admin_password: {get_param: AdminPassword} - admin_token: {get_param: AdminToken} - neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} - debug: {get_param: Debug} - cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} - cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} - cinder_nfs_mount_options: {get_param: CinderNfsMountOptions} - cinder_nfs_servers: - str_replace: - template: "['SERVERS']" - params: - SERVERS: - list_join: - - "','" - - {get_param: CinderNfsServers} - cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} - cinder_password: {get_param: CinderPassword} - cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} - cinder_iscsi_helper: {get_param: CinderISCSIHelper} - cinder_backend_config: {get_param: CinderBackendConfig} - cinder_dsn: - list_join: - - '' - - - 'mysql://cinder:' - - {get_param: CinderPassword} - - '@' - - {get_param: MysqlVirtualIP} - - '/cinder' - glance_port: {get_param: GlancePort} - glance_password: {get_param: GlancePassword} - glance_backend: {get_param: GlanceBackend} - glance_notifier_strategy: {get_param: GlanceNotifierStrategy} - glance_log_file: {get_param: GlanceLogFile} - glance_dsn: - list_join: - - '' - - - 'mysql://glance:' - - {get_param: GlancePassword} - - '@' - - {get_param: MysqlVirtualIP} - - '/glance' - heat_password: {get_param: HeatPassword} - heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} - heat_dsn: - list_join: - - '' - - - 'mysql://heat:' - - {get_param: HeatPassword} - - '@' - - {get_param: MysqlVirtualIP} - - '/heat' - keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]} - keystone_ca_certificate: {get_param: KeystoneCACertificate} - keystone_signing_key: {get_param: KeystoneSigningKey} - keystone_signing_certificate: {get_param: KeystoneSigningCertificate} - keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} - keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} - keystone_notification_driver: {get_param: KeystoneNotificationDriver} - keystone_notification_format: {get_param: KeystoneNotificationFormat} - keystone_dsn: - list_join: - - '' - - - 'mysql://keystone:' - - {get_param: AdminToken} - - '@' - - {get_param: MysqlVirtualIP} - - '/keystone' - keystone_identity_uri: - list_join: - - '' - - - 'http://' - - {get_param: KeystoneAdminApiVirtualIP} - - ':35357/' - keystone_auth_uri: - list_join: - - '' - - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} - - ':5000/v2.0/' - keystone_ec2_uri: - list_join: - - '' - - - 'http://' - - {get_param: KeystonePublicApiVirtualIP} - - ':5000/v2.0/ec2tokens' - enable_fencing: {get_param: EnableFencing} - enable_galera: {get_param: EnableGalera} - enable_ceph_storage: {get_param: EnableCephStorage} - enable_swift_storage: {get_param: EnableSwiftStorage} - mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} - mysql_max_connections: {get_param: MysqlMaxConnections} - mysql_root_password: {get_param: MysqlRootPassword} - mysql_cluster_name: - str_replace: - template: tripleo-CLUSTER - params: - CLUSTER: {get_param: MysqlClusterUniquePart} - neutron_flat_networks: {get_param: NeutronFlatNetworks} - neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - neutron_agent_mode: {get_param: NeutronAgentMode} - neutron_router_distributed: {get_param: NeutronDVR} - neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} - neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - neutron_l3_ha: {get_param: NeutronL3HA} - neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} - neutron_network_vlan_ranges: - str_replace: - template: "['RANGES']" - params: - RANGES: - list_join: - - "','" - - {get_param: NeutronNetworkVLANRanges} - neutron_bridge_mappings: {get_param: NeutronBridgeMappings} - neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge} - neutron_public_interface: {get_param: NeutronPublicInterface} - neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} - neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute} - neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag} - neutron_tenant_network_type: {get_param: NeutronNetworkType} - neutron_tunnel_types: {get_param: NeutronTunnelTypes} - neutron_tunnel_id_ranges: - str_replace: - template: "['RANGES']" - params: - RANGES: - list_join: - - "','" - - {get_param: NeutronTunnelIdRanges} - neutron_vni_ranges: - str_replace: - template: "['RANGES']" - params: - RANGES: - list_join: - - "','" - - {get_param: NeutronVniRanges} - neutron_password: {get_param: NeutronPassword} - neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions} - neutron_dsn: - list_join: - - '' - - - 'mysql://neutron:' - - {get_param: NeutronPassword} - - '@' - - {get_param: MysqlVirtualIP} - - '/ovs_neutron?charset=utf8' - neutron_url: - list_join: - - '' - - - 'http://' - - {get_param: NeutronApiVirtualIP} - - ':9696' - neutron_admin_auth_url: - list_join: - - '' - - - 'http://' - - {get_param: KeystoneAdminApiVirtualIP} - - ':35357/v2.0' - ceilometer_backend: {get_param: CeilometerBackend} - ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} - ceilometer_password: {get_param: CeilometerPassword} - ceilometer_coordination_url: - list_join: - - '' - - - 'redis://' - - {get_param: RedisVirtualIP} - - ':6379' - ceilometer_dsn: - list_join: - - '' - - - 'mysql://ceilometer:unset@' - - {get_param: MysqlVirtualIP} - - '/ceilometer' - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - nova_password: {get_param: NovaPassword} - nova_dsn: - list_join: - - '' - - - 'mysql://nova:' - - {get_param: NovaPassword} - - '@' - - {get_param: MysqlVirtualIP} - - '/nova' - fencing_config: {get_param: FencingConfig} - pcsd_password: {get_param: PcsdPassword} - rabbit_username: {get_param: RabbitUserName} - rabbit_password: {get_param: RabbitPassword} - rabbit_cookie: {get_param: RabbitCookie} - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_client_port: {get_param: RabbitClientPort} - mongodb_no_journal: {get_param: MongoDbNoJournal} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} - control_virtual_interface: {get_param: ControlVirtualInterface} - public_virtual_interface: {get_param: PublicVirtualInterface} - swift_hash_suffix: {get_param: SwiftHashSuffix} - swift_password: {get_param: SwiftPassword} - swift_part_power: {get_param: SwiftPartPower} - swift_replicas: {get_param: SwiftReplicas} - swift_min_part_hours: {get_param: SwiftMinPartHours} - swift_mount_check: {get_param: SwiftMountCheck} - enable_package_install: {get_param: EnablePackageInstall} - swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} - swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} - cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} - cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} - glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} - glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} - glance_api_servers: - list_join: - - '' - - - {get_param: GlanceProtocol} - - '://' - - {get_param: GlanceApiVirtualIP} - - ':' - - {get_param: GlancePort} - heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} - keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} - keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} - mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} - neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} - neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} - ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} - nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} - nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} - horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} - rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} - redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} - redis_vip: {get_param: RedisVirtualIP} - memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} - mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} - mysql_virtual_ip: {get_param: MysqlVirtualIP} - ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} - ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} - ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} - - # Map heat metadata into hiera datafiles - ControllerConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - hierarchy: - - heat_config_%{::deploy_config_name} - - controller_extraconfig - - extraconfig - - controller - - database - - object - - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - - ceph_cluster # provided by CephClusterConfig - - ceph - - bootstrap_node # provided by BootstrapNodeConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by vip-config - - '"%{::osfamily}"' - - common - - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre - - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - datafiles: - controller_extraconfig: - mapped_data: {get_param: ControllerExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - common: - raw_data: {get_file: hieradata/common.yaml} - ceph: - raw_data: {get_file: hieradata/ceph.yaml} - mapped_data: - ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} - ceph::profile::params::public_network: {get_input: ceph_public_network} - ceph::mon::public_addr: {get_input: ceph_public_ip} - database: - raw_data: {get_file: hieradata/database.yaml} - object: - raw_data: {get_file: hieradata/object.yaml} - controller: - raw_data: {get_file: hieradata/controller.yaml} - mapped_data: # data supplied directly to this deployment configuration, etc - bootstack_nodeid: {get_input: bootstack_nodeid} - - # Pacemaker - enable_fencing: {get_input: enable_fencing} - hacluster_pwd: {get_input: pcsd_password} - tripleo::fencing::config: {get_input: fencing_config} - - # Swift - swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network} - swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri} - swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri} - swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} - swift::swift_hash_suffix: {get_input: swift_hash_suffix} - swift::proxy::authtoken::admin_password: {get_input: swift_password} - tripleo::ringbuilder::part_power: {get_input: swift_part_power} - tripleo::ringbuilder::replicas: {get_input: swift_replicas} - tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} - swift_mount_check: {get_input: swift_mount_check} - - # NOTE(dprince): build_ring support is currently not wired in. - # See: https://review.openstack.org/#/c/109225/ - tripleo::ringbuilder::build_ring: True - - # Cinder - cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} - cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend} - cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options} - cinder_nfs_servers: {get_input: cinder_nfs_servers} - cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size} - cinder_iscsi_helper: {get_input: cinder_iscsi_helper} - cinder_iscsi_ip_address: {get_input: cinder_iscsi_network} - cinder::database_connection: {get_input: cinder_dsn} - cinder::api::keystone_password: {get_input: cinder_password} - cinder::api::auth_uri: {get_input: keystone_auth_uri} - cinder::api::identity_uri: {get_input: keystone_identity_uri} - cinder::api::bind_host: {get_input: cinder_api_network} - cinder::rabbit_userid: {get_input: rabbit_username} - cinder::rabbit_password: {get_input: rabbit_password} - cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - cinder::rabbit_port: {get_input: rabbit_client_port} - cinder::debug: {get_input: debug} - cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend} - cinder::glance::glance_api_servers: {get_input: glance_api_servers} - cinder_backend_config: {get_input: CinderBackendConfig} - cinder::db::mysql::password: {get_input: cinder_password} - - # Glance - glance::api::bind_port: {get_input: glance_port} - glance::api::bind_host: {get_input: glance_api_network} - glance::api::auth_uri: {get_input: keystone_auth_uri} - glance::api::identity_uri: {get_input: keystone_identity_uri} - glance::api::registry_host: {get_input: glance_registry_network} - glance::api::keystone_password: {get_input: glance_password} - glance::api::debug: {get_input: debug} - glance_notifier_strategy: {get_input: glance_notifier_strategy} - glance_log_file: {get_input: glance_log_file} - glance_log_file: {get_input: glance_log_file} - glance::api::database_connection: {get_input: glance_dsn} - glance::registry::keystone_password: {get_input: glance_password} - glance::registry::database_connection: {get_input: glance_dsn} - glance::registry::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} - glance::registry::auth_uri: {get_input: keystone_auth_uri} - glance::registry::identity_uri: {get_input: keystone_identity_uri} - glance::registry::debug: {get_input: debug} - glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address} - glance::backend::swift::swift_store_user: service:glance - glance::backend::swift::swift_store_key: {get_input: glance_password} - glance_backend: {get_input: glance_backend} - glance::db::mysql::password: {get_input: glance_password} - - # Heat - heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} - heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url} - heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url} - heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url} - heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key} - heat::rabbit_userid: {get_input: rabbit_username} - heat::rabbit_password: {get_input: rabbit_password} - heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - heat::rabbit_port: {get_input: rabbit_client_port} - heat::auth_uri: {get_input: keystone_auth_uri} - heat::keystone_ec2_uri: {get_input: keystone_ec2_uri} - heat::identity_uri: {get_input: keystone_identity_uri} - heat::keystone_password: {get_input: heat_password} - heat::api::bind_host: {get_input: heat_api_network} - heat::api_cloudwatch::bind_host: {get_input: heat_api_network} - heat::api_cfn::bind_host: {get_input: heat_api_network} - heat::database_connection: {get_input: heat_dsn} - heat::debug: {get_input: debug} - heat::db::mysql::password: {get_input: heat_password} - - # Keystone - keystone::admin_token: {get_input: admin_token} - keystone_ca_certificate: {get_input: keystone_ca_certificate} - keystone_signing_key: {get_input: keystone_signing_key} - keystone_signing_certificate: {get_input: keystone_signing_certificate} - keystone_ssl_certificate: {get_input: keystone_ssl_certificate} - keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key} - keystone::database_connection: {get_input: keystone_dsn} - keystone::public_bind_host: {get_input: keystone_public_api_network} - keystone::admin_bind_host: {get_input: keystone_admin_api_network} - keystone::debug: {get_input: debug} - keystone::db::mysql::password: {get_input: admin_token} - keystone::rabbit_userid: {get_input: rabbit_username} - keystone::rabbit_password: {get_input: rabbit_password} - keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - keystone::rabbit_port: {get_input: rabbit_client_port} - keystone::notification_driver: {get_input: keystone_notification_driver} - keystone::notification_format: {get_input: keystone_notification_format} - # MongoDB - mongodb::server::bind_ip: {get_input: mongo_db_network} - mongodb::server::nojournal: {get_input: mongodb_no_journal} - # MySQL - admin_password: {get_input: admin_password} - enable_galera: {get_input: enable_galera} - enable_ceph_storage: {get_input: enable_ceph_storage} - enable_swift_storage: {get_input: enable_swift_storage} - mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} - mysql_max_connections: {get_input: mysql_max_connections} - mysql::server::root_password: {get_input: mysql_root_password} - mysql_cluster_name: {get_input: mysql_cluster_name} - mysql_bind_host: {get_input: mysql_network} - mysql_virtual_ip: {get_input: mysql_virtual_ip} - - # Neutron - neutron::bind_host: {get_input: neutron_api_network} - neutron::rabbit_password: {get_input: rabbit_password} - neutron::rabbit_user: {get_input: rabbit_user} - neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - neutron::rabbit_port: {get_input: rabbit_client_port} - neutron::debug: {get_input: debug} - neutron::server::auth_uri: {get_input: keystone_auth_uri} - neutron::server::identity_uri: {get_input: keystone_identity_uri} - neutron::server::database_connection: {get_input: neutron_dsn} - neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge} - neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} - neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} - neutron_flat_networks: {get_input: neutron_flat_networks} - neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret} - neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network} - neutron_agent_mode: {get_input: neutron_agent_mode} - neutron_router_distributed: {get_input: neutron_router_distributed} - neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers} - neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} - neutron::server::l3_ha: {get_input: neutron_l3_ha} - neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network} - neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} - neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} - neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} - neutron_bridge_mappings: {get_input: neutron_bridge_mappings} - neutron_public_interface: {get_input: neutron_public_interface} - neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} - neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route} - neutron_public_interface_tag: {get_input: neutron_public_interface_tag} - neutron_tenant_network_type: {get_input: neutron_tenant_network_type} - neutron_tunnel_types: {get_input: neutron_tunnel_types} - neutron::server::auth_password: {get_input: neutron_password} - neutron::agents::metadata::auth_password: {get_input: neutron_password} - neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options} - neutron_dsn: {get_input: neutron_dsn} - neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri} - neutron::db::mysql::password: {get_input: neutron_password} - - # Ceilometer - ceilometer_backend: {get_input: ceilometer_backend} - ceilometer_mysql_conn_string: {get_input: ceilometer_dsn} - ceilometer::metering_secret: {get_input: ceilometer_metering_secret} - ceilometer::rabbit_userid: {get_input: rabbit_username} - ceilometer::rabbit_password: {get_input: rabbit_password} - ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - ceilometer::rabbit_port: {get_input: rabbit_client_port} - ceilometer::debug: {get_input: debug} - ceilometer::api::host: {get_input: ceilometer_api_network} - ceilometer::api::keystone_password: {get_input: ceilometer_password} - ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri} - ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri} - ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} - ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address} - ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} - ceilometer::db::mysql::password: {get_input: ceilometer_password} - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - - # Nova - nova::rabbit_userid: {get_input: rabbit_username} - nova::rabbit_password: {get_input: rabbit_password} - nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} - nova::rabbit_port: {get_input: rabbit_client_port} - nova::debug: {get_input: debug} - nova::api::auth_uri: {get_input: keystone_auth_uri} - nova::api::identity_uri: {get_input: keystone_identity_uri} - nova::api::api_bind_address: {get_input: nova_api_network} - nova::api::metadata_listen: {get_input: nova_metadata_network} - nova::api::admin_password: {get_input: nova_password} - nova::database_connection: {get_input: nova_dsn} - nova::glance_api_servers: {get_input: glance_api_servers} - nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} - nova::network::neutron::neutron_admin_password: {get_input: neutron_password} - nova::network::neutron::neutron_url: {get_input: neutron_url} - nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} - nova::vncproxy::host: {get_input: nova_api_network} - nova::db::mysql::password: {get_input: nova_password} - - # Horizon - apache::ip: {get_input: horizon_network} - horizon::django_debug: {get_input: debug} - horizon::secret_key: {get_input: horizon_secret} - horizon::bind_address: {get_input: horizon_network} - horizon::keystone_url: {get_input: keystone_auth_uri} - - # Rabbit - rabbitmq::node_ip_address: {get_input: rabbitmq_network} - rabbitmq::erlang_cookie: {get_input: rabbit_cookie} - # Redis - redis::bind: {get_input: redis_network} - redis_vip: {get_input: redis_vip} - # Misc - memcached::listen_ip: {get_input: memcached_network} - neutron_public_interface_ip: {get_input: neutron_public_interface_ip} - ntp::servers: {get_input: ntp_servers} - control_virtual_interface: {get_input: control_virtual_interface} - public_virtual_interface: {get_input: public_virtual_interface} - tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface} - tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} - tripleo::packages::enable_install: {get_input: enable_package_install} - - # Hook for site-specific additional pre-deployment config, e.g extra hieradata - ControllerExtraConfigPre: - depends_on: ControllerDeployment - type: OS::TripleO::ControllerExtraConfigPre - properties: - server: {get_resource: Controller} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - properties: - config: {get_resource: UpdateConfig} - server: {get_resource: Controller} - input_values: - update_identifier: - get_param: UpdateIdentifier - -outputs: - ip_address: - description: IP address of the server in the ctlplane network - value: {get_attr: [Controller, networks, ctlplane, 0]} - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - hostname: - description: Hostname of the server - value: {get_attr: [Controller, name]} - corosync_node: - description: > - Node object in the format {ip: ..., name: ...} format that the corosync - element expects - value: - ip: {get_attr: [Controller, networks, ctlplane, 0]} - name: {get_attr: [Controller, name]} - hosts_entry: - description: > - Server's IP address and hostname in the /etc/hosts format - value: - str_replace: - template: IP HOST.localdomain HOST CLOUDNAME - params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} - HOST: {get_attr: [Controller, name]} - CLOUDNAME: {get_param: CloudName} - nova_server_resource: - description: Heat resource handle for the Nova compute server - value: - {get_resource: Controller} - swift_device: - description: Swift device formatted for swift-ring-builder - value: - str_replace: - template: 'r1z1-IP:%PORT%/d1' - params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} - swift_proxy_memcache: - description: Swift proxy-memcache value - value: - str_replace: - template: "IP:11211" - params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} - config_identifier: - description: identifier which changes if the controller configuration may need re-applying - value: - list_join: - - ',' - - - {get_attr: [ControllerDeployment, deploy_stdout]} - - {get_attr: [ControllerExtraConfigPre, deploy_stdout]} diff --git a/puppet/controller.yaml b/puppet/controller.yaml new file mode 100644 index 00000000..084fe3d1 --- /dev/null +++ b/puppet/controller.yaml @@ -0,0 +1,1244 @@ +heat_template_version: 2015-04-30 + +description: > + OpenStack controller node configured by Puppet. + +parameters: + AdminPassword: + default: unset + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + type: string + hidden: true + AdminToken: + default: unset + description: The keystone auth secret and db password. + type: string + hidden: true + CeilometerBackend: + default: 'mongodb' + description: The ceilometer backend type. + type: string + CeilometerMeteringSecret: + default: unset + description: Secret shared by the ceilometer services. + type: string + hidden: true + CeilometerPassword: + default: unset + description: The password for the ceilometer service and db account. + type: string + hidden: true + CinderEnableNfsBackend: + default: false + description: Whether to enable or not the NFS backend for Cinder + type: boolean + CinderEnableIscsiBackend: + default: true + description: Whether to enable or not the Iscsi backend for Cinder + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean + CinderISCSIHelper: + default: tgtadm + description: The iSCSI helper to use with cinder. + type: string + CinderLVMLoopDeviceSize: + default: 5000 + description: The size of the loopback file used by the cinder LVM driver. + type: number + CinderNfsMountOptions: + default: '' + description: > + Mount options for NFS mounts used by Cinder NFS backend. Effective + when CinderEnableNfsBackend is true. + type: string + CinderNfsServers: + default: '' + description: > + NFS servers used by Cinder NFS backend. Effective when + CinderEnableNfsBackend is true. + type: comma_delimited_list + CinderPassword: + default: unset + description: The password for the cinder service and db account, used by cinder-api. + type: string + hidden: true + CinderBackendConfig: + default: {} + description: Contains parameters to configure Cinder backends. Typically + set via parameter_defaults in the resource registry. + type: json + CloudName: + default: '' + description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org + type: string + ControllerExtraConfig: + default: {} + description: | + Controller specific hiera configuration data to inject into the cluster. + type: json + ControlVirtualInterface: + default: 'br-ex' + description: Interface where virtual ip will be assigned. + type: string + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + EnableFencing: + default: false + description: Whether to enable fencing in Pacemaker or not. + type: boolean + EnableGalera: + default: true + description: Whether to use Galera instead of regular MariaDB. + type: boolean + EnableCephStorage: + default: false + description: Whether to deploy Ceph Storage (OSD) on the Controller + type: boolean + EnableSwiftStorage: + default: true + description: Whether to enable Swift Storage on the Controller + type: boolean + ExtraConfig: + default: {} + description: | + Additional hieradata to inject into the cluster, note that + ControllerExtraConfig takes precedence over ExtraConfig. + type: json + FencingConfig: + default: {} + description: | + Pacemaker fencing configuration. The JSON should have + the following structure: + { + "devices": [ + { + "agent": "AGENT_NAME", + "host_mac": "HOST_MAC_ADDRESS", + "params": {"PARAM_NAME": "PARAM_VALUE"} + } + ] + } + For instance: + { + "devices": [ + { + "agent": "fence_xvm", + "host_mac": "52:54:00:aa:bb:cc", + "params": { + "multicast_address": "225.0.0.12", + "port": "baremetal_0", + "manage_fw": true, + "manage_key_file": true, + "key_file": "/etc/fence_xvm.key", + "key_file_password": "abcdef" + } + } + ] + } + type: json + Flavor: + description: Flavor for control nodes to request when deploying. + type: string + constraints: + - custom_constraint: nova.flavor + GlanceNotifierStrategy: + description: Strategy to use for Glance notification queue + type: string + default: noop + GlanceLogFile: + description: The filepath of the file to use for logging messages from Glance. + type: string + default: '' + GlancePassword: + default: unset + description: The password for the glance service and db account, used by the glance services. + type: string + hidden: true + GlancePort: + default: "9292" + description: Glance port. + type: string + GlanceProtocol: + default: http + description: Protocol to use when connecting to glance, set to https for SSL. + type: string + GlanceBackend: + default: swift + description: The short name of the Glance backend to use. Should be one + of swift, rbd, or file + type: string + constraints: + - allowed_values: ['swift', 'file', 'rbd'] + HeatPassword: + default: unset + description: The password for the Heat service and db account, used by the Heat services. + type: string + hidden: true + HeatStackDomainAdminPassword: + description: Password for heat_domain_admin user. + type: string + default: '' + hidden: true + HeatAuthEncryptionKey: + description: Auth encryption key for heat-engine + type: string + HorizonSecret: + description: Secret key for Django + type: string + Image: + type: string + default: overcloud-control + constraints: + - custom_constraint: glance.image + ImageUpdatePolicy: + default: 'REBUILD_PRESERVE_EPHEMERAL' + description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. + type: string + KeyName: + default: default + description: Name of an existing EC2 KeyPair to enable SSH access to the instances + type: string + constraints: + - custom_constraint: nova.keypair + KeystoneCACertificate: + default: '' + description: Keystone self-signed certificate authority certificate. + type: string + KeystoneSigningCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSigningKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true + KeystoneSSLCertificate: + default: '' + description: Keystone certificate for verifying token validity. + type: string + KeystoneSSLCertificateKey: + default: '' + description: Keystone key for signing tokens. + type: string + hidden: true + KeystoneNotificationDriver: + description: Comma-separated list of Oslo notification drivers used by Keystone + default: ['messaging'] + type: comma_delimited_list + KeystoneNotificationFormat: + description: The Keystone notification format + default: 'basic' + type: string + constraints: + - allowed_values: [ 'basic', 'cadf' ] + MysqlClusterUniquePart: + description: A unique identifier of the MySQL cluster the controller is in. + type: string + default: 'unset' # Has to be here because of the ignored empty value bug + # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446 + # constraints: + # - length: {min: 4, max: 10} + MysqlInnodbBufferPoolSize: + description: > + Specifies the size of the buffer pool in megabytes. Setting to + zero should be interpreted as "no value" and will defer to the + lower level default. + type: number + default: 0 + MysqlMaxConnections: + description: Configures MySQL max_connections config setting + type: number + default: 4096 + MysqlRootPassword: + type: string + hidden: true + default: '' # Has to be here because of the ignored empty value bug + NeutronExternalNetworkBridge: + description: Name of bridge used for external network traffic. + type: string + default: 'br-ex' + NeutronBridgeMappings: + description: > + The OVS logical->physical bridge mappings to use. See the Neutron + documentation for details. Defaults to mapping br-ex - the external + bridge on hosts - to a physical name 'datacentre' which can be used + to create provider networks (and we use this for the default floating + network) - if changing this either use different post-install network + scripts or be sure to keep 'datacentre' as a mapping network name. + type: string + default: "datacentre:br-ex" + NeutronDnsmasqOptions: + default: 'dhcp-option-force=26,1400' + description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. + type: string + NeutronAgentMode: + default: 'dvr_snat' + description: Agent mode for the neutron-l3-agent on the controller hosts + type: string + NeutronL3HA: + default: 'False' + description: Whether to enable l3-agent HA + type: string + NeutronDhcpAgentsPerNetwork: + type: number + default: 3 + description: The number of neutron dhcp agents to schedule per network + NeutronDVR: + default: 'False' + description: Whether to configure Neutron Distributed Virtual Routers + type: string + NeutronMetadataProxySharedSecret: + default: 'unset' + description: Shared secret to prevent spoofing + type: string + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'openvswitch,l2_population' + type: string + NeutronAllowL3AgentFailover: + default: 'True' + description: Allow automatic l3-agent failover + type: string + NeutronEnableTunnelling: + type: string + default: "True" + NeutronFlatNetworks: + type: string + default: 'datacentre' + description: If set, flat networks to configure in neutron plugins. + NeutronL3HA: + default: 'False' + description: Whether to enable l3-agent HA + type: string + NeutronNetworkType: + default: 'vxlan' + description: The tenant network type for Neutron, either gre or vxlan. + type: string + NeutronNetworkVLANRanges: + default: 'datacentre' + description: > + The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the + Neutron documentation for permitted values. Defaults to permitting any + VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). + type: comma_delimited_list + NeutronPassword: + default: unset + description: The password for the neutron service and db account, used by neutron agents. + type: string + hidden: true + NeutronPublicInterface: + default: nic1 + description: What interface to bridge onto br-ex for network nodes. + type: string + NeutronPublicInterfaceTag: + default: '' + description: > + VLAN tag for creating a public VLAN. The tag will be used to + create an access port on the exterior bridge for each control plane node, + and that port will be given the IP address returned by neutron from the + public network. Set CONTROLEXTRA=overcloud-vlan-port.yaml when compiling + overcloud.yaml to include the deployment of VLAN ports to the control + plane. + type: string + NeutronPublicInterfaceDefaultRoute: + default: '' + description: A custom default route for the NeutronPublicInterface. + type: string + NeutronPublicInterfaceIP: + default: '' + description: A custom IP address to put onto the NeutronPublicInterface. + type: string + NeutronPublicInterfaceRawDevice: + default: '' + description: If set, the public interface is a vlan with this device as the raw device. + type: string + NeutronTunnelTypes: + default: 'vxlan' + description: | + The tunnel types for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'gre,vxlan' + type: string + NeutronTunnelIdRanges: + description: | + Comma-separated list of : tuples enumerating ranges + of GRE tunnel IDs that are available for tenant network allocation + default: ["1:1000", ] + type: comma_delimited_list + NeutronVniRanges: + description: | + Comma-separated list of : tuples enumerating ranges + of VXLAN VNI IDs that are available for tenant network allocation + default: ["1:1000", ] + type: comma_delimited_list + NovaPassword: + default: unset + description: The password for the nova service and db account, used by nova-api. + type: string + hidden: true + MongoDbNoJournal: + default: false + description: Should MongoDb journaling be disabled + type: boolean + NtpServer: + type: string + default: '' + PcsdPassword: + type: string + description: The password for the 'pcsd' user. + PublicVirtualInterface: + default: 'br-ex' + description: > + Specifies the interface where the public-facing virtual ip will be assigned. + This should be int_public when a VLAN is being used. + type: string + PublicVirtualIP: # DEPRECATED: use per service settings instead + type: string + default: '' # Has to be here because of the ignored empty value bug + RabbitCookie: + type: string + default: '' # Has to be here because of the ignored empty value bug + hidden: true + RabbitPassword: + default: guest + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + RedisVirtualIP: + type: string + default: '' # Has to be here because of the ignored empty value bug + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + SSLCACertificate: + default: '' + description: If set, the contents of an SSL certificate authority file. + type: string + SSLCertificate: + default: '' + description: If set, the contents of an SSL certificate .crt file for encrypting SSL endpoints. + type: string + hidden: true + SSLKey: + default: '' + description: If set, the contents of an SSL certificate .key file for encrypting SSL endpoints. + type: string + hidden: true + SwiftHashSuffix: + default: unset + description: A random string to be used as a salt when hashing to determine mappings + in the ring. + hidden: true + type: string + SwiftMountCheck: + default: 'false' + description: Value of mount_check in Swift account/container/object -server.conf + type: boolean + SwiftMinPartHours: + type: number + default: 1 + description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. + SwiftPartPower: + default: 10 + description: Partition Power to use when building Swift rings + type: number + SwiftPassword: + default: unset + description: The password for the swift service account, used by the swift proxy + services. + hidden: true + type: string + SwiftReplicas: + type: number + default: 3 + description: How many replicas to use in the swift rings. + VirtualIP: # DEPRECATED: use per service settings instead + type: string + default: '' # Has to be here because of the ignored empty value bug + HeatApiVirtualIP: + type: string + default: '' + GlanceApiVirtualIP: + type: string + default: '' + MysqlVirtualIP: + type: string + default: '' + KeystoneAdminApiVirtualIP: + type: string + default: '' + KeystonePublicApiVirtualIP: + type: string + default: '' + NeutronApiVirtualIP: + type: string + default: '' + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation via Puppet + type: boolean + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. + type: json + UpdateIdentifier: + default: '' + type: string + description: > + Setting to a previously unused value during stack-update will trigger + package update on all nodes + Hostname: + type: string + default: '' # Defaults to Heat created hostname + +resources: + + Controller: + type: OS::Nova::Server + properties: + image: {get_param: Image} + image_update_policy: {get_param: ImageUpdatePolicy} + flavor: {get_param: Flavor} + key_name: {get_param: KeyName} + networks: + - network: ctlplane + user_data_format: SOFTWARE_CONFIG + user_data: {get_resource: UserData} + name: {get_param: Hostname} + + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeUserData: + type: OS::TripleO::NodeUserData + + ExternalPort: + type: OS::TripleO::Controller::Ports::ExternalPort + properties: + ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} + + InternalApiPort: + type: OS::TripleO::Controller::Ports::InternalApiPort + properties: + ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} + + StoragePort: + type: OS::TripleO::Controller::Ports::StoragePort + properties: + ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} + + StorageMgmtPort: + type: OS::TripleO::Controller::Ports::StorageMgmtPort + properties: + ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} + + TenantPort: + type: OS::TripleO::Controller::Ports::TenantPort + properties: + ControlPlaneIP: {get_attr: [Controller, networks, ctlplane, 0]} + + NetIpMap: + type: OS::TripleO::Network::Ports::NetIpMap + properties: + ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} + ExternalIp: {get_attr: [ExternalPort, ip_address]} + InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + StorageIp: {get_attr: [StoragePort, ip_address]} + StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + TenantIp: {get_attr: [TenantPort, ip_address]} + + NetIpSubnetMap: + type: OS::TripleO::Network::Ports::NetIpSubnetMap + properties: + ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} + ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} + + NetworkConfig: + type: OS::TripleO::Controller::Net::SoftwareConfig + properties: + ControlPlaneIp: {get_attr: [Controller, networks, ctlplane, 0]} + ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} + TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} + + NetworkDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + config: {get_resource: NetworkConfig} + server: {get_resource: Controller} + input_values: + bridge_name: br-ex + interface_name: {get_param: NeutronPublicInterface} + + ControllerDeployment: + type: OS::TripleO::SoftwareDeployment + depends_on: NetworkDeployment + properties: + config: {get_resource: ControllerConfig} + server: {get_resource: Controller} + input_values: + bootstack_nodeid: {get_attr: [Controller, name]} + neutron_enable_tunneling: {get_param: NeutronEnableTunnelling} + heat.watch_server_url: + list_join: + - '' + - - 'http://' + - {get_param: HeatApiVirtualIP} + - ':8003' + heat.metadata_server_url: + list_join: + - '' + - - 'http://' + - {get_param: HeatApiVirtualIP} + - ':8000' + heat.waitcondition_server_url: + list_join: + - '' + - - 'http://' + - {get_param: HeatApiVirtualIP} + - ':8000/v1/waitcondition' + heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} + horizon_secret: {get_param: HorizonSecret} + admin_password: {get_param: AdminPassword} + admin_token: {get_param: AdminToken} + neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} + debug: {get_param: Debug} + cinder_enable_nfs_backend: {get_param: CinderEnableNfsBackend} + cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} + cinder_nfs_mount_options: {get_param: CinderNfsMountOptions} + cinder_nfs_servers: + str_replace: + template: "['SERVERS']" + params: + SERVERS: + list_join: + - "','" + - {get_param: CinderNfsServers} + cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} + cinder_password: {get_param: CinderPassword} + cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend} + cinder_iscsi_helper: {get_param: CinderISCSIHelper} + cinder_backend_config: {get_param: CinderBackendConfig} + cinder_dsn: + list_join: + - '' + - - 'mysql://cinder:' + - {get_param: CinderPassword} + - '@' + - {get_param: MysqlVirtualIP} + - '/cinder' + glance_port: {get_param: GlancePort} + glance_password: {get_param: GlancePassword} + glance_backend: {get_param: GlanceBackend} + glance_notifier_strategy: {get_param: GlanceNotifierStrategy} + glance_log_file: {get_param: GlanceLogFile} + glance_dsn: + list_join: + - '' + - - 'mysql://glance:' + - {get_param: GlancePassword} + - '@' + - {get_param: MysqlVirtualIP} + - '/glance' + heat_password: {get_param: HeatPassword} + heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} + heat_dsn: + list_join: + - '' + - - 'mysql://heat:' + - {get_param: HeatPassword} + - '@' + - {get_param: MysqlVirtualIP} + - '/heat' + keystone_auth_address: {list_join: ['', ['http://', {get_param: KeystonePublicApiVirtualIP} , ':5000/v2.0']]} + keystone_ca_certificate: {get_param: KeystoneCACertificate} + keystone_signing_key: {get_param: KeystoneSigningKey} + keystone_signing_certificate: {get_param: KeystoneSigningCertificate} + keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} + keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone_notification_driver: {get_param: KeystoneNotificationDriver} + keystone_notification_format: {get_param: KeystoneNotificationFormat} + keystone_dsn: + list_join: + - '' + - - 'mysql://keystone:' + - {get_param: AdminToken} + - '@' + - {get_param: MysqlVirtualIP} + - '/keystone' + keystone_identity_uri: + list_join: + - '' + - - 'http://' + - {get_param: KeystoneAdminApiVirtualIP} + - ':35357/' + keystone_auth_uri: + list_join: + - '' + - - 'http://' + - {get_param: KeystonePublicApiVirtualIP} + - ':5000/v2.0/' + keystone_ec2_uri: + list_join: + - '' + - - 'http://' + - {get_param: KeystonePublicApiVirtualIP} + - ':5000/v2.0/ec2tokens' + enable_fencing: {get_param: EnableFencing} + enable_galera: {get_param: EnableGalera} + enable_ceph_storage: {get_param: EnableCephStorage} + enable_swift_storage: {get_param: EnableSwiftStorage} + mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} + mysql_max_connections: {get_param: MysqlMaxConnections} + mysql_root_password: {get_param: MysqlRootPassword} + mysql_cluster_name: + str_replace: + template: tripleo-CLUSTER + params: + CLUSTER: {get_param: MysqlClusterUniquePart} + neutron_flat_networks: {get_param: NeutronFlatNetworks} + neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + neutron_agent_mode: {get_param: NeutronAgentMode} + neutron_router_distributed: {get_param: NeutronDVR} + neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} + neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} + neutron_l3_ha: {get_param: NeutronL3HA} + neutron_dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} + neutron_network_vlan_ranges: + str_replace: + template: "['RANGES']" + params: + RANGES: + list_join: + - "','" + - {get_param: NeutronNetworkVLANRanges} + neutron_bridge_mappings: {get_param: NeutronBridgeMappings} + neutron_external_network_bridge: {get_param: NeutronExternalNetworkBridge} + neutron_public_interface: {get_param: NeutronPublicInterface} + neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} + neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute} + neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag} + neutron_tenant_network_type: {get_param: NeutronNetworkType} + neutron_tunnel_types: {get_param: NeutronTunnelTypes} + neutron_tunnel_id_ranges: + str_replace: + template: "['RANGES']" + params: + RANGES: + list_join: + - "','" + - {get_param: NeutronTunnelIdRanges} + neutron_vni_ranges: + str_replace: + template: "['RANGES']" + params: + RANGES: + list_join: + - "','" + - {get_param: NeutronVniRanges} + neutron_password: {get_param: NeutronPassword} + neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions} + neutron_dsn: + list_join: + - '' + - - 'mysql://neutron:' + - {get_param: NeutronPassword} + - '@' + - {get_param: MysqlVirtualIP} + - '/ovs_neutron?charset=utf8' + neutron_url: + list_join: + - '' + - - 'http://' + - {get_param: NeutronApiVirtualIP} + - ':9696' + neutron_admin_auth_url: + list_join: + - '' + - - 'http://' + - {get_param: KeystoneAdminApiVirtualIP} + - ':35357/v2.0' + ceilometer_backend: {get_param: CeilometerBackend} + ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} + ceilometer_password: {get_param: CeilometerPassword} + ceilometer_coordination_url: + list_join: + - '' + - - 'redis://' + - {get_param: RedisVirtualIP} + - ':6379' + ceilometer_dsn: + list_join: + - '' + - - 'mysql://ceilometer:unset@' + - {get_param: MysqlVirtualIP} + - '/ceilometer' + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + nova_password: {get_param: NovaPassword} + nova_dsn: + list_join: + - '' + - - 'mysql://nova:' + - {get_param: NovaPassword} + - '@' + - {get_param: MysqlVirtualIP} + - '/nova' + fencing_config: {get_param: FencingConfig} + pcsd_password: {get_param: PcsdPassword} + rabbit_username: {get_param: RabbitUserName} + rabbit_password: {get_param: RabbitPassword} + rabbit_cookie: {get_param: RabbitCookie} + rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} + rabbit_client_port: {get_param: RabbitClientPort} + mongodb_no_journal: {get_param: MongoDbNoJournal} + ntp_servers: + str_replace: + template: '["server"]' + params: + server: {get_param: NtpServer} + control_virtual_interface: {get_param: ControlVirtualInterface} + public_virtual_interface: {get_param: PublicVirtualInterface} + swift_hash_suffix: {get_param: SwiftHashSuffix} + swift_password: {get_param: SwiftPassword} + swift_part_power: {get_param: SwiftPartPower} + swift_replicas: {get_param: SwiftReplicas} + swift_min_part_hours: {get_param: SwiftMinPartHours} + swift_mount_check: {get_param: SwiftMountCheck} + enable_package_install: {get_param: EnablePackageInstall} + swift_proxy_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftProxyNetwork]}]} + swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} + cinder_iscsi_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderIscsiNetwork]}]} + cinder_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CinderApiNetwork]}]} + glance_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceApiNetwork]}]} + glance_registry_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} + glance_api_servers: + list_join: + - '' + - - {get_param: GlanceProtocol} + - '://' + - {get_param: GlanceApiVirtualIP} + - ':' + - {get_param: GlancePort} + heat_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HeatApiNetwork]}]} + keystone_public_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}]} + keystone_admin_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}]} + mongo_db_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MongoDbNetwork]}]} + neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]} + neutron_local_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronTenantNetwork]}]} + ceilometer_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CeilometerApiNetwork]}]} + nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]} + nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]} + horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]} + rabbitmq_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RabbitMqNetwork]}]} + redis_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, RedisNetwork]}]} + redis_vip: {get_param: RedisVirtualIP} + memcached_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} + mysql_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MysqlNetwork]}]} + mysql_virtual_ip: {get_param: MysqlVirtualIP} + ceph_cluster_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} + ceph_public_network: {get_attr: [NetIpSubnetMap, net_ip_subnet_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} + ceph_public_ip: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephPublicNetwork]}]} + + # Map heat metadata into hiera datafiles + ControllerConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + hierarchy: + - heat_config_%{::deploy_config_name} + - controller_extraconfig + - extraconfig + - controller + - database + - object + - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig + - ceph_cluster # provided by CephClusterConfig + - ceph + - bootstrap_node # provided by BootstrapNodeConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by vip-config + - '"%{::osfamily}"' + - common + - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre + - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre + - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre + datafiles: + controller_extraconfig: + mapped_data: {get_param: ControllerExtraConfig} + extraconfig: + mapped_data: {get_param: ExtraConfig} + common: + raw_data: {get_file: hieradata/common.yaml} + ceph: + raw_data: {get_file: hieradata/ceph.yaml} + mapped_data: + ceph::profile::params::cluster_network: {get_input: ceph_cluster_network} + ceph::profile::params::public_network: {get_input: ceph_public_network} + ceph::mon::public_addr: {get_input: ceph_public_ip} + database: + raw_data: {get_file: hieradata/database.yaml} + object: + raw_data: {get_file: hieradata/object.yaml} + controller: + raw_data: {get_file: hieradata/controller.yaml} + mapped_data: # data supplied directly to this deployment configuration, etc + bootstack_nodeid: {get_input: bootstack_nodeid} + + # Pacemaker + enable_fencing: {get_input: enable_fencing} + hacluster_pwd: {get_input: pcsd_password} + tripleo::fencing::config: {get_input: fencing_config} + + # Swift + swift::proxy::proxy_local_net_ip: {get_input: swift_proxy_network} + swift::proxy::authtoken::auth_uri: {get_input: keystone_auth_uri} + swift::proxy::authtoken::identity_uri: {get_input: keystone_identity_uri} + swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} + swift::swift_hash_suffix: {get_input: swift_hash_suffix} + swift::proxy::authtoken::admin_password: {get_input: swift_password} + tripleo::ringbuilder::part_power: {get_input: swift_part_power} + tripleo::ringbuilder::replicas: {get_input: swift_replicas} + tripleo::ringbuilder::min_part_hours: {get_input: swift_min_part_hours} + swift_mount_check: {get_input: swift_mount_check} + + # NOTE(dprince): build_ring support is currently not wired in. + # See: https://review.openstack.org/#/c/109225/ + tripleo::ringbuilder::build_ring: True + + # Cinder + cinder_enable_nfs_backend: {get_input: cinder_enable_nfs_backend} + cinder_enable_rbd_backend: {get_input: cinder_enable_rbd_backend} + cinder_nfs_mount_options: {get_input: cinder_nfs_mount_options} + cinder_nfs_servers: {get_input: cinder_nfs_servers} + cinder_lvm_loop_device_size: {get_input: cinder_lvm_loop_device_size} + cinder_iscsi_helper: {get_input: cinder_iscsi_helper} + cinder_iscsi_ip_address: {get_input: cinder_iscsi_network} + cinder::database_connection: {get_input: cinder_dsn} + cinder::api::keystone_password: {get_input: cinder_password} + cinder::api::auth_uri: {get_input: keystone_auth_uri} + cinder::api::identity_uri: {get_input: keystone_identity_uri} + cinder::api::bind_host: {get_input: cinder_api_network} + cinder::rabbit_userid: {get_input: rabbit_username} + cinder::rabbit_password: {get_input: rabbit_password} + cinder::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + cinder::rabbit_port: {get_input: rabbit_client_port} + cinder::debug: {get_input: debug} + cinder_enable_iscsi_backend: {get_input: cinder_enable_iscsi_backend} + cinder::glance::glance_api_servers: {get_input: glance_api_servers} + cinder_backend_config: {get_input: CinderBackendConfig} + cinder::db::mysql::password: {get_input: cinder_password} + + # Glance + glance::api::bind_port: {get_input: glance_port} + glance::api::bind_host: {get_input: glance_api_network} + glance::api::auth_uri: {get_input: keystone_auth_uri} + glance::api::identity_uri: {get_input: keystone_identity_uri} + glance::api::registry_host: {get_input: glance_registry_network} + glance::api::keystone_password: {get_input: glance_password} + glance::api::debug: {get_input: debug} + glance_notifier_strategy: {get_input: glance_notifier_strategy} + glance_log_file: {get_input: glance_log_file} + glance_log_file: {get_input: glance_log_file} + glance::api::database_connection: {get_input: glance_dsn} + glance::registry::keystone_password: {get_input: glance_password} + glance::registry::database_connection: {get_input: glance_dsn} + glance::registry::bind_host: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, GlanceRegistryNetwork]}]} + glance::registry::auth_uri: {get_input: keystone_auth_uri} + glance::registry::identity_uri: {get_input: keystone_identity_uri} + glance::registry::debug: {get_input: debug} + glance::backend::swift::swift_store_auth_address: {get_input: keystone_auth_address} + glance::backend::swift::swift_store_user: service:glance + glance::backend::swift::swift_store_key: {get_input: glance_password} + glance_backend: {get_input: glance_backend} + glance::db::mysql::password: {get_input: glance_password} + + # Heat + heat_stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} + heat::engine::heat_watch_server_url: {get_input: heat.watch_server_url} + heat::engine::heat_metadata_server_url: {get_input: heat.metadata_server_url} + heat::engine::heat_waitcondition_server_url: {get_input: heat.waitcondition_server_url} + heat::engine::auth_encryption_key: {get_input: heat_auth_encryption_key} + heat::rabbit_userid: {get_input: rabbit_username} + heat::rabbit_password: {get_input: rabbit_password} + heat::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + heat::rabbit_port: {get_input: rabbit_client_port} + heat::auth_uri: {get_input: keystone_auth_uri} + heat::keystone_ec2_uri: {get_input: keystone_ec2_uri} + heat::identity_uri: {get_input: keystone_identity_uri} + heat::keystone_password: {get_input: heat_password} + heat::api::bind_host: {get_input: heat_api_network} + heat::api_cloudwatch::bind_host: {get_input: heat_api_network} + heat::api_cfn::bind_host: {get_input: heat_api_network} + heat::database_connection: {get_input: heat_dsn} + heat::debug: {get_input: debug} + heat::db::mysql::password: {get_input: heat_password} + + # Keystone + keystone::admin_token: {get_input: admin_token} + keystone_ca_certificate: {get_input: keystone_ca_certificate} + keystone_signing_key: {get_input: keystone_signing_key} + keystone_signing_certificate: {get_input: keystone_signing_certificate} + keystone_ssl_certificate: {get_input: keystone_ssl_certificate} + keystone_ssl_certificate_key: {get_input: keystone_ssl_certificate_key} + keystone::database_connection: {get_input: keystone_dsn} + keystone::public_bind_host: {get_input: keystone_public_api_network} + keystone::admin_bind_host: {get_input: keystone_admin_api_network} + keystone::debug: {get_input: debug} + keystone::db::mysql::password: {get_input: admin_token} + keystone::rabbit_userid: {get_input: rabbit_username} + keystone::rabbit_password: {get_input: rabbit_password} + keystone::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + keystone::rabbit_port: {get_input: rabbit_client_port} + keystone::notification_driver: {get_input: keystone_notification_driver} + keystone::notification_format: {get_input: keystone_notification_format} + # MongoDB + mongodb::server::bind_ip: {get_input: mongo_db_network} + mongodb::server::nojournal: {get_input: mongodb_no_journal} + # MySQL + admin_password: {get_input: admin_password} + enable_galera: {get_input: enable_galera} + enable_ceph_storage: {get_input: enable_ceph_storage} + enable_swift_storage: {get_input: enable_swift_storage} + mysql_innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} + mysql_max_connections: {get_input: mysql_max_connections} + mysql::server::root_password: {get_input: mysql_root_password} + mysql_cluster_name: {get_input: mysql_cluster_name} + mysql_bind_host: {get_input: mysql_network} + mysql_virtual_ip: {get_input: mysql_virtual_ip} + + # Neutron + neutron::bind_host: {get_input: neutron_api_network} + neutron::rabbit_password: {get_input: rabbit_password} + neutron::rabbit_user: {get_input: rabbit_user} + neutron::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + neutron::rabbit_port: {get_input: rabbit_client_port} + neutron::debug: {get_input: debug} + neutron::server::auth_uri: {get_input: keystone_auth_uri} + neutron::server::identity_uri: {get_input: keystone_identity_uri} + neutron::server::database_connection: {get_input: neutron_dsn} + neutron::agents::l3::external_network_bridge: {get_input: neutron_external_network_bridge} + neutron::agents::ml2::ovs::enable_tunneling: {get_input: neutron_enable_tunneling} + neutron::agents::ml2::ovs::local_ip: {get_input: neutron_local_ip} + neutron_flat_networks: {get_input: neutron_flat_networks} + neutron::agents::metadata::shared_secret: {get_input: neutron_metadata_proxy_shared_secret} + neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network} + neutron_agent_mode: {get_input: neutron_agent_mode} + neutron_router_distributed: {get_input: neutron_router_distributed} + neutron_mechanism_drivers: {get_input: neutron_mechanism_drivers} + neutron::server::allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} + neutron::server::l3_ha: {get_input: neutron_l3_ha} + neutron::dhcp_agents_per_network: {get_input: neutron_dhcp_agents_per_network} + neutron::plugins::ml2::network_vlan_ranges: {get_input: neutron_network_vlan_ranges} + neutron::plugins::ml2::tunnel_id_ranges: {get_input: neutron_tunnel_id_ranges} + neutron::plugins::ml2::vni_ranges: {get_input: neutron_vni_ranges} + neutron_bridge_mappings: {get_input: neutron_bridge_mappings} + neutron_public_interface: {get_input: neutron_public_interface} + neutron_public_interface_raw_device: {get_input: neutron_public_interface_raw_device} + neutron_public_interface_default_route: {get_input: neutron_public_interface_default_route} + neutron_public_interface_tag: {get_input: neutron_public_interface_tag} + neutron_tenant_network_type: {get_input: neutron_tenant_network_type} + neutron_tunnel_types: {get_input: neutron_tunnel_types} + neutron::server::auth_password: {get_input: neutron_password} + neutron::agents::metadata::auth_password: {get_input: neutron_password} + neutron_dnsmasq_options: {get_input: neutron_dnsmasq_options} + neutron_dsn: {get_input: neutron_dsn} + neutron::agents::metadata::auth_url: {get_input: keystone_identity_uri} + neutron::db::mysql::password: {get_input: neutron_password} + + # Ceilometer + ceilometer_backend: {get_input: ceilometer_backend} + ceilometer_mysql_conn_string: {get_input: ceilometer_dsn} + ceilometer::metering_secret: {get_input: ceilometer_metering_secret} + ceilometer::rabbit_userid: {get_input: rabbit_username} + ceilometer::rabbit_password: {get_input: rabbit_password} + ceilometer::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + ceilometer::rabbit_port: {get_input: rabbit_client_port} + ceilometer::debug: {get_input: debug} + ceilometer::api::host: {get_input: ceilometer_api_network} + ceilometer::api::keystone_password: {get_input: ceilometer_password} + ceilometer::api::keystone_auth_uri: {get_input: keystone_auth_uri} + ceilometer::api::keystone_identity_uri: {get_input: keystone_identity_uri} + ceilometer::agent::auth::auth_password: {get_input: ceilometer_password} + ceilometer::agent::auth::auth_url: {get_input: keystone_auth_address} + ceilometer::agent::central::coordination_url: {get_input: ceilometer_coordination_url} + ceilometer::db::mysql::password: {get_input: ceilometer_password} + snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} + snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} + + # Nova + nova::rabbit_userid: {get_input: rabbit_username} + nova::rabbit_password: {get_input: rabbit_password} + nova::rabbit_use_ssl: {get_input: rabbit_client_use_ssl} + nova::rabbit_port: {get_input: rabbit_client_port} + nova::debug: {get_input: debug} + nova::api::auth_uri: {get_input: keystone_auth_uri} + nova::api::identity_uri: {get_input: keystone_identity_uri} + nova::api::api_bind_address: {get_input: nova_api_network} + nova::api::metadata_listen: {get_input: nova_metadata_network} + nova::api::admin_password: {get_input: nova_password} + nova::database_connection: {get_input: nova_dsn} + nova::glance_api_servers: {get_input: glance_api_servers} + nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} + nova::network::neutron::neutron_admin_password: {get_input: neutron_password} + nova::network::neutron::neutron_url: {get_input: neutron_url} + nova::network::neutron::neutron_admin_auth_url: {get_input: neutron_admin_auth_url} + nova::vncproxy::host: {get_input: nova_api_network} + nova::db::mysql::password: {get_input: nova_password} + + # Horizon + apache::ip: {get_input: horizon_network} + horizon::django_debug: {get_input: debug} + horizon::secret_key: {get_input: horizon_secret} + horizon::bind_address: {get_input: horizon_network} + horizon::keystone_url: {get_input: keystone_auth_uri} + + # Rabbit + rabbitmq::node_ip_address: {get_input: rabbitmq_network} + rabbitmq::erlang_cookie: {get_input: rabbit_cookie} + # Redis + redis::bind: {get_input: redis_network} + redis_vip: {get_input: redis_vip} + # Misc + memcached::listen_ip: {get_input: memcached_network} + neutron_public_interface_ip: {get_input: neutron_public_interface_ip} + ntp::servers: {get_input: ntp_servers} + control_virtual_interface: {get_input: control_virtual_interface} + public_virtual_interface: {get_input: public_virtual_interface} + tripleo::loadbalancer::control_virtual_interface: {get_input: control_virtual_interface} + tripleo::loadbalancer::public_virtual_interface: {get_input: public_virtual_interface} + tripleo::packages::enable_install: {get_input: enable_package_install} + + # Hook for site-specific additional pre-deployment config, e.g extra hieradata + ControllerExtraConfigPre: + depends_on: ControllerDeployment + type: OS::TripleO::ControllerExtraConfigPre + properties: + server: {get_resource: Controller} + + UpdateConfig: + type: OS::TripleO::Tasks::PackageUpdate + + UpdateDeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: UpdateConfig} + server: {get_resource: Controller} + input_values: + update_identifier: + get_param: UpdateIdentifier + +outputs: + ip_address: + description: IP address of the server in the ctlplane network + value: {get_attr: [Controller, networks, ctlplane, 0]} + external_ip_address: + description: IP address of the server in the external network + value: {get_attr: [ExternalPort, ip_address]} + internal_api_ip_address: + description: IP address of the server in the internal_api network + value: {get_attr: [InternalApiPort, ip_address]} + storage_ip_address: + description: IP address of the server in the storage network + value: {get_attr: [StoragePort, ip_address]} + storage_mgmt_ip_address: + description: IP address of the server in the storage_mgmt network + value: {get_attr: [StorageMgmtPort, ip_address]} + tenant_ip_address: + description: IP address of the server in the tenant network + value: {get_attr: [TenantPort, ip_address]} + hostname: + description: Hostname of the server + value: {get_attr: [Controller, name]} + corosync_node: + description: > + Node object in the format {ip: ..., name: ...} format that the corosync + element expects + value: + ip: {get_attr: [Controller, networks, ctlplane, 0]} + name: {get_attr: [Controller, name]} + hosts_entry: + description: > + Server's IP address and hostname in the /etc/hosts format + value: + str_replace: + template: IP HOST.localdomain HOST CLOUDNAME + params: + IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ControllerHostnameResolveNetwork]}]} + HOST: {get_attr: [Controller, name]} + CLOUDNAME: {get_param: CloudName} + nova_server_resource: + description: Heat resource handle for the Nova compute server + value: + {get_resource: Controller} + swift_device: + description: Swift device formatted for swift-ring-builder + value: + str_replace: + template: 'r1z1-IP:%PORT%/d1' + params: + IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} + swift_proxy_memcache: + description: Swift proxy-memcache value + value: + str_replace: + template: "IP:11211" + params: + IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, MemcachedNetwork]}]} + config_identifier: + description: identifier which changes if the controller configuration may need re-applying + value: + list_join: + - ',' + - - {get_attr: [ControllerDeployment, deploy_stdout]} + - {get_attr: [ControllerExtraConfigPre, deploy_stdout]} diff --git a/puppet/swift-storage-puppet.yaml b/puppet/swift-storage-puppet.yaml deleted file mode 100644 index 67617771..00000000 --- a/puppet/swift-storage-puppet.yaml +++ /dev/null @@ -1,258 +0,0 @@ -heat_template_version: 2015-04-30 -description: 'OpenStack swift storage node configured by Puppet' -parameters: - Flavor: - description: Flavor for Swift storage nodes to request when deploying. - type: string - constraints: - - custom_constraint: nova.flavor - HashSuffix: - default: unset - description: A random string to be used as a salt when hashing to determine mappings - in the ring. - hidden: true - type: string - Image: - default: overcloud-swift-storage - type: string - KeyName: - default: default - description: Name of an existing EC2 KeyPair to enable SSH access to the instances - type: string - MountCheck: - default: 'false' - description: Value of mount_check in Swift account/container/object -server.conf - type: boolean - MinPartHours: - type: number - default: 1 - description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. - PartPower: - default: 10 - description: Partition Power to use when building Swift rings - type: number - Replicas: - type: number - default: 3 - description: How many replicas to use in the swift rings. - SnmpdReadonlyUserName: - default: ro_snmp_user - description: The user name for SNMPd with readonly rights running on all Overcloud nodes - type: string - SnmpdReadonlyUserPassword: - default: unset - description: The user password for SNMPd with readonly rights running on all Overcloud nodes - type: string - hidden: true - NtpServer: - type: string - default: '' - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation via Puppet - type: boolean - UpdateIdentifier: - default: '' - type: string - description: > - Setting to a previously unused value during stack-update will trigger - package update on all nodes - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. - type: json - Hostname: - type: string - default: '' # Defaults to Heat created hostname - ExtraConfig: - default: {} - description: | - Additional hiera configuration to inject into the cluster. Note - that ObjectStorageExtraConfig takes precedence over ExtraConfig. - type: json - ObjectStorageExtraConfig: - default: {} - description: | - Role specific additional hiera configuration to inject into the cluster. - type: json - - -resources: - - SwiftStorage: - type: OS::Nova::Server - properties: - image: {get_param: Image} - flavor: {get_param: Flavor} - key_name: {get_param: KeyName} - networks: - - network: ctlplane - user_data_format: SOFTWARE_CONFIG - user_data: {get_resource: UserData} - name: {get_param: Hostname} - - # Combine the NodeAdminUserData and NodeUserData mime archives - UserData: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: NodeAdminUserData} - type: multipart - - config: {get_resource: NodeUserData} - type: multipart - - # Creates the "heat-admin" user if configured via the environment - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeAdminUserData: - type: OS::TripleO::NodeAdminUserData - - # For optional operator additional userdata - # Should return a OS::Heat::MultipartMime reference via OS::stack_id - NodeUserData: - type: OS::TripleO::NodeUserData - - InternalApiPort: - type: OS::TripleO::SwiftStorage::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - - StoragePort: - type: OS::TripleO::SwiftStorage::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - - StorageMgmtPort: - type: OS::TripleO::SwiftStorage::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - - NetworkConfig: - type: OS::TripleO::ObjectStorage::Net::SoftwareConfig - properties: - ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - - NetIpMap: - type: OS::TripleO::Network::Ports::NetIpMap - properties: - ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - - NetworkDeployment: - type: OS::TripleO::SoftwareDeployment - properties: - config: {get_resource: NetworkConfig} - server: {get_resource: SwiftStorage} - - SwiftStorageHieraConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - hierarchy: - - heat_config_%{::deploy_config_name} - - object_extraconfig - - extraconfig - - object - - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig - - all_nodes # provided by allNodesConfig - - '"%{::osfamily}"' - - common - datafiles: - common: - raw_data: {get_file: hieradata/common.yaml} - object_extraconfig: - mapped_data: {get_param: ObjectStorageExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - object: - raw_data: {get_file: hieradata/object.yaml} - mapped_data: # data supplied directly to this deployment configuration, etc - swift::swift_hash_suffix: { get_input: swift_hash_suffix } - tripleo::ringbuilder::part_power: { get_input: swift_part_power } - tripleo::ringbuilder::replicas: {get_input: swift_replicas } - # Swift - swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} - swift_mount_check: {get_input: swift_mount_check } - tripleo::ringbuilder::min_part_hours: { get_input: swift_min_part_hours } - ntp::servers: {get_input: ntp_servers} - # NOTE(dprince): build_ring support is currently not wired in. - # See: https://review.openstack.org/#/c/109225/ - tripleo::ringbuilder::build_ring: True - snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} - snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} - tripleo::packages::enable_install: {get_input: enable_package_install} - - - SwiftStorageHieraDeploy: - type: OS::Heat::StructuredDeployment - depends_on: NetworkDeployment - properties: - server: {get_resource: SwiftStorage} - config: {get_resource: SwiftStorageHieraConfig} - input_values: - local_ip: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} - snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} - swift_hash_suffix: {get_param: HashSuffix} - swift_mount_check: {get_param: MountCheck} - swift_min_part_hours: {get_param: MinPartHours} - swift_part_power: {get_param: PartPower} - swift_replicas: { get_param: Replicas} - ntp_servers: - str_replace: - template: '["server"]' - params: - server: {get_param: NtpServer} - enable_package_install: {get_param: EnablePackageInstall} - swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} - - UpdateConfig: - type: OS::TripleO::Tasks::PackageUpdate - - UpdateDeployment: - type: OS::Heat::SoftwareDeployment - properties: - config: {get_resource: UpdateConfig} - server: {get_resource: SwiftStorage} - input_values: - update_identifier: - get_param: UpdateIdentifier - -outputs: - hosts_entry: - value: - str_replace: - template: "IP HOST.localdomain HOST" - params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]} - HOST: {get_attr: [SwiftStorage, name]} - nova_server_resource: - description: Heat resource handle for the swift storage server - value: - {get_resource: SwiftStorage} - swift_device: - description: Swift device formatted for swift-ring-builder - value: - str_replace: - template: 'r1z1-IP:%PORT%/d1' - params: - IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - config_identifier: - description: identifier which changes if the node configuration may need re-applying - value: {get_attr: [SwiftStorageHieraDeploy, deploy_stdout]} diff --git a/puppet/swift-storage.yaml b/puppet/swift-storage.yaml new file mode 100644 index 00000000..67617771 --- /dev/null +++ b/puppet/swift-storage.yaml @@ -0,0 +1,258 @@ +heat_template_version: 2015-04-30 +description: 'OpenStack swift storage node configured by Puppet' +parameters: + Flavor: + description: Flavor for Swift storage nodes to request when deploying. + type: string + constraints: + - custom_constraint: nova.flavor + HashSuffix: + default: unset + description: A random string to be used as a salt when hashing to determine mappings + in the ring. + hidden: true + type: string + Image: + default: overcloud-swift-storage + type: string + KeyName: + default: default + description: Name of an existing EC2 KeyPair to enable SSH access to the instances + type: string + MountCheck: + default: 'false' + description: Value of mount_check in Swift account/container/object -server.conf + type: boolean + MinPartHours: + type: number + default: 1 + description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. + PartPower: + default: 10 + description: Partition Power to use when building Swift rings + type: number + Replicas: + type: number + default: 3 + description: How many replicas to use in the swift rings. + SnmpdReadonlyUserName: + default: ro_snmp_user + description: The user name for SNMPd with readonly rights running on all Overcloud nodes + type: string + SnmpdReadonlyUserPassword: + default: unset + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + NtpServer: + type: string + default: '' + EnablePackageInstall: + default: 'false' + description: Set to true to enable package installation via Puppet + type: boolean + UpdateIdentifier: + default: '' + type: string + description: > + Setting to a previously unused value during stack-update will trigger + package update on all nodes + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. + type: json + Hostname: + type: string + default: '' # Defaults to Heat created hostname + ExtraConfig: + default: {} + description: | + Additional hiera configuration to inject into the cluster. Note + that ObjectStorageExtraConfig takes precedence over ExtraConfig. + type: json + ObjectStorageExtraConfig: + default: {} + description: | + Role specific additional hiera configuration to inject into the cluster. + type: json + + +resources: + + SwiftStorage: + type: OS::Nova::Server + properties: + image: {get_param: Image} + flavor: {get_param: Flavor} + key_name: {get_param: KeyName} + networks: + - network: ctlplane + user_data_format: SOFTWARE_CONFIG + user_data: {get_resource: UserData} + name: {get_param: Hostname} + + # Combine the NodeAdminUserData and NodeUserData mime archives + UserData: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: NodeAdminUserData} + type: multipart + - config: {get_resource: NodeUserData} + type: multipart + + # Creates the "heat-admin" user if configured via the environment + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeAdminUserData: + type: OS::TripleO::NodeAdminUserData + + # For optional operator additional userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + NodeUserData: + type: OS::TripleO::NodeUserData + + InternalApiPort: + type: OS::TripleO::SwiftStorage::Ports::InternalApiPort + properties: + ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + + StoragePort: + type: OS::TripleO::SwiftStorage::Ports::StoragePort + properties: + ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + + StorageMgmtPort: + type: OS::TripleO::SwiftStorage::Ports::StorageMgmtPort + properties: + ControlPlaneIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + + NetworkConfig: + type: OS::TripleO::ObjectStorage::Net::SoftwareConfig + properties: + ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} + StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} + StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} + + NetIpMap: + type: OS::TripleO::Network::Ports::NetIpMap + properties: + ControlPlaneIp: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + InternalApiIp: {get_attr: [InternalApiPort, ip_address]} + StorageIp: {get_attr: [StoragePort, ip_address]} + StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} + + NetworkDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + config: {get_resource: NetworkConfig} + server: {get_resource: SwiftStorage} + + SwiftStorageHieraConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: + hiera: + hierarchy: + - heat_config_%{::deploy_config_name} + - object_extraconfig + - extraconfig + - object + - swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig + - all_nodes # provided by allNodesConfig + - '"%{::osfamily}"' + - common + datafiles: + common: + raw_data: {get_file: hieradata/common.yaml} + object_extraconfig: + mapped_data: {get_param: ObjectStorageExtraConfig} + extraconfig: + mapped_data: {get_param: ExtraConfig} + object: + raw_data: {get_file: hieradata/object.yaml} + mapped_data: # data supplied directly to this deployment configuration, etc + swift::swift_hash_suffix: { get_input: swift_hash_suffix } + tripleo::ringbuilder::part_power: { get_input: swift_part_power } + tripleo::ringbuilder::replicas: {get_input: swift_replicas } + # Swift + swift::storage::all::storage_local_net_ip: {get_input: swift_management_network} + swift_mount_check: {get_input: swift_mount_check } + tripleo::ringbuilder::min_part_hours: { get_input: swift_min_part_hours } + ntp::servers: {get_input: ntp_servers} + # NOTE(dprince): build_ring support is currently not wired in. + # See: https://review.openstack.org/#/c/109225/ + tripleo::ringbuilder::build_ring: True + snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name} + snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password} + tripleo::packages::enable_install: {get_input: enable_package_install} + + + SwiftStorageHieraDeploy: + type: OS::Heat::StructuredDeployment + depends_on: NetworkDeployment + properties: + server: {get_resource: SwiftStorage} + config: {get_resource: SwiftStorageHieraConfig} + input_values: + local_ip: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + swift_hash_suffix: {get_param: HashSuffix} + swift_mount_check: {get_param: MountCheck} + swift_min_part_hours: {get_param: MinPartHours} + swift_part_power: {get_param: PartPower} + swift_replicas: { get_param: Replicas} + ntp_servers: + str_replace: + template: '["server"]' + params: + server: {get_param: NtpServer} + enable_package_install: {get_param: EnablePackageInstall} + swift_management_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} + + UpdateConfig: + type: OS::TripleO::Tasks::PackageUpdate + + UpdateDeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: UpdateConfig} + server: {get_resource: SwiftStorage} + input_values: + update_identifier: + get_param: UpdateIdentifier + +outputs: + hosts_entry: + value: + str_replace: + template: "IP HOST.localdomain HOST" + params: + IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, ObjectStorageHostnameResolveNetwork]}]} + HOST: {get_attr: [SwiftStorage, name]} + nova_server_resource: + description: Heat resource handle for the swift storage server + value: + {get_resource: SwiftStorage} + swift_device: + description: Swift device formatted for swift-ring-builder + value: + str_replace: + template: 'r1z1-IP:%PORT%/d1' + params: + IP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, SwiftMgmtNetwork]}]} + internal_api_ip_address: + description: IP address of the server in the internal_api network + value: {get_attr: [InternalApiPort, ip_address]} + storage_ip_address: + description: IP address of the server in the storage network + value: {get_attr: [StoragePort, ip_address]} + storage_mgmt_ip_address: + description: IP address of the server in the storage_mgmt network + value: {get_attr: [StorageMgmtPort, ip_address]} + config_identifier: + description: identifier which changes if the node configuration may need re-applying + value: {get_attr: [SwiftStorageHieraDeploy, deploy_stdout]} -- cgit 1.2.3-korg