X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=controller.yaml;h=33286d1962eb9a4fd37e4555b4b23048a2efa062;hb=bac7f95043b85deabba27833b489a0162703c9b5;hp=dddc82ce72c163d998a98003b592dffc67143331;hpb=9f7ccef25e7f8dde0b630a817d6acf780bc07a0a;p=apex-tripleo-heat-templates.git diff --git a/controller.yaml b/controller.yaml index dddc82ce..33286d19 100644 --- a/controller.yaml +++ b/controller.yaml @@ -24,6 +24,14 @@ parameters: description: The password for the ceilometer service account. type: string hidden: true + CinderEnableIscsiBackend: + default: true + description: Whether to enable or not the Iscsi backend for Cinder + type: boolean + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean CinderISCSIHelper: default: tgtadm description: The iSCSI helper to use with cinder. @@ -94,7 +102,6 @@ parameters: } type: json Flavor: - default: baremetal description: Flavor for control nodes to request when deploying. type: string constraints: @@ -130,6 +137,9 @@ parameters: type: string default: '' hidden: true + HeatAuthEncryptionKey: + description: Auth encryption key for heat-engine + type: string Image: type: string default: overcloud-control @@ -171,8 +181,9 @@ parameters: description: A unique identifier of the MySQL cluster the controller is in. type: string default: 'unset' # Has to be here because of the ignored empty value bug - constraints: - - length: {min: 4, max: 10} + # Drop the validation: https://bugs.launchpad.net/tripleo/+bug/1405446 + # constraints: + # - length: {min: 4, max: 10} MysqlInnodbBufferPoolSize: description: > Specifies the size of the buffer pool in megabytes. Setting to @@ -198,6 +209,32 @@ parameters: default: 'dhcp-option-force=26,1400' description: Dnsmasq options for neutron-dhcp-agent. The default value here forces MTU to be set to 1400 to account for the gre tunnel overhead. type: string + NeutronAgentMode: + default: 'dvr_snat' + description: Agent mode for the neutron-l3-agent on the controller hosts + type: string + NeutronDVR: + default: 'False' + description: Whether to configure Neutron Distributed Virtual Routers + type: string + NeutronMetadataProxySharedSecret: + default: 'unset' + description: Shared secret to prevent spoofing + type: string + NeutronMechanismDrivers: + default: 'openvswitch' + description: | + The mechanism drivers for the Neutron tenant network. To specify multiple + values, use a comma separated string, like so: 'openvswitch,l2_population' + type: string + NeutronAllowL3AgentFailover: + default: 'True' + description: Allow automatic l3-agent failover + type: string + NeutronL3HA: + default: 'False' + description: Whether to enable l3-agent HA + type: string NeutronEnableTunnelling: type: string default: "True" @@ -222,7 +259,7 @@ parameters: type: string hidden: true NeutronPublicInterface: - default: eth0 + default: nic1 description: What interface to bridge onto br-ex for network nodes. type: string NeutronPublicInterfaceTag: @@ -322,6 +359,14 @@ parameters: in the ring. hidden: true type: string + SwiftMountCheck: + default: 'false' + description: Value of mount_check in Swift account/container/object -server.conf + type: boolean + SwiftMinPartHours: + type: number + default: 1 + description: The minimum time (in hours) before a partition in a ring can be moved following a rebalance. SwiftPartPower: default: 10 description: Partition Power to use when building Swift rings @@ -334,7 +379,7 @@ parameters: type: string SwiftReplicas: type: number - default: 1 + default: 3 description: How many replicas to use in the swift rings. VirtualIP: type: string @@ -354,31 +399,48 @@ resources: - network: ctlplane user_data_format: SOFTWARE_CONFIG + NetworkConfig: + type: OS::TripleO::Net::SoftwareConfig + + NetworkDeployment: + type: OS::TripleO::SoftwareDeployment + properties: + signal_transport: NO_SIGNAL + config: {get_attr: [NetworkConfig, config_id]} + server: {get_resource: Controller} + input_values: + bridge_name: br-ex + interface_name: {get_param: NeutronPublicInterface} + + ControllerPassthroughConfig: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: {get_input: passthrough_config} + + ControllerPassthroughConfigSpecific: + type: OS::Heat::StructuredConfig + properties: + group: os-apply-config + config: {get_input: passthrough_config_specific} + ControllerConfig: type: OS::Heat::StructuredConfig properties: group: os-apply-config config: - admin-password: {get_param: AdminPassword} - admin-token: {get_param: AdminToken} + admin-password: {get_input: admin_password} + admin-token: {get_input: admin_token} bootstack: - public_interface_ip: {get_param: NeutronPublicInterfaceIP} + public_interface_ip: {get_input: neutron_public_interface_ip} bootstrap_host: nodeid: {get_input: bootstack_nodeid} - database: - host: &database_host - {get_param: VirtualIP} cinder: - db: - list_join: - - '' - - - mysql://cinder:unset@ - - *database_host - - /cinder - debug: {get_param: Debug} - volume_size_mb: {get_param: CinderLVMLoopDeviceSize} - service-password: {get_param: CinderPassword} - iscsi-helper: {get_param: CinderISCSIHelper} + db: {get_input: cinder_dsn} + debug: {get_input: debug} + volume_size_mb: {get_input: cinder_lvm_loop_device_size} + service-password: {get_input: cinder_password} + iscsi-helper: {get_input: CinderISCSIHelper} controller-address: {get_input: controller_host} corosync: bindnetaddr: {get_input: controller_host} @@ -392,163 +454,136 @@ resources: registry: host: {get_input: controller_virtual_ip} backend: swift - db: - list_join: - - '' - - - mysql://glance:unset@ - - *database_host - - /glance - debug: {get_param: Debug} + db: {get_input: glance_dsn} + debug: {get_input: debug} host: {get_input: controller_virtual_ip} - port: {get_param: GlancePort} - protocol: {get_param: GlanceProtocol} - service-password: {get_param: GlancePassword} + port: {get_input: glance_port} + protocol: {get_input: glance_protocol} + service-password: {get_input: glance_password} swift-store-user: service:glance - swift-store-key: {get_param: GlancePassword} - notifier-strategy: {get_param: GlanceNotifierStrategy} - log-file: {get_param: GlanceLogFile} + swift-store-key: {get_input: glance_password} + notifier-strategy: {get_input: glance_notifier_strategy} + log-file: {get_input: glance_log_file} heat: - admin_password: {get_param: HeatPassword} + admin_password: {get_input: heat_password} admin_tenant_name: service admin_user: heat - auth_encryption_key: unset___________ - db: - list_join: - - '' - - - mysql://heat:unset@ - - *database_host - - /heat - debug: {get_param: Debug} - stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} + auth_encryption_key: {get_input: heat_auth_encryption_key} + db: {get_input: heat_dsn} + debug: {get_input: debug} + stack_domain_admin_password: {get_input: heat_stack_domain_admin_password} watch_server_url: {get_input: heat.watch_server_url} metadata_server_url: {get_input: heat.metadata_server_url} waitcondition_server_url: {get_input: heat.waitcondition_server_url} keystone: - db: - list_join: - - '' - - - mysql://keystone:unset@ - - *database_host - - /keystone - debug: {get_param: Debug} + db: {get_input: keystone_dsn} + debug: {get_input: debug} host: {get_input: controller_virtual_ip} - ca_certificate: {get_param: KeystoneCACertificate} - signing_key: {get_param: KeystoneSigningKey} - signing_certificate: {get_param: KeystoneSigningCertificate} + ca_certificate: {get_input: keystone_ca_certificate} + signing_key: {get_input: keystone_signing_key} + signing_certificate: {get_input: keystone_signing_certificate} ssl: - certificate: {get_param: KeystoneSSLCertificate} - certificate_key: {get_param: KeystoneSSLCertificateKey} + certificate: {get_input: keystone_ssl_certificate} + certificate_key: {get_input: keystone_ssl_certificate_key} mysql: - innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} + innodb_buffer_pool_size: {get_input: mysql_innodb_buffer_pool_size} local_bind: true - root-password: {get_param: MysqlRootPassword} - cluster_name: - str_replace: - template: tripleo-CLUSTER - params: - CLUSTER: {get_param: MysqlClusterUniquePart} + root-password: {get_input: mysql_root_password} + cluster_name: {get_input: mysql_cluster_name} neutron: - debug: {get_param: Debug} - flat-networks: {get_param: NeutronFlatNetworks} + debug: {get_input: debug} + flat-networks: {get_input: neutron_flat_networks} host: {get_input: controller_virtual_ip} - metadata_proxy_shared_secret: unset + metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret} + agent_mode: {get_input: neutron_agent_mode} + router_distributed: {get_input: neutron_router_distributed} + mechanism_drivers: {get_input: neutron_mechanism_drivers} + allow_automatic_l3agent_failover: {get_input: neutron_allow_l3agent_failover} + l3_ha: {get_input: neutron_l3_ha} ovs: enable_tunneling: {get_input: neutron_enable_tunneling} local_ip: {get_input: controller_host} - network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} - bridge_mappings: {get_param: NeutronBridgeMappings} - public_interface: {get_param: NeutronPublicInterface} - public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} - public_interface_route: {get_param: NeutronPublicInterfaceDefaultRoute} - public_interface_tag: {get_param: NeutronPublicInterfaceTag} + network_vlan_ranges: {get_input: neutron_network_vlan_ranges} + bridge_mappings: {get_input: neutron_bridge_mappings} + public_interface: {get_input: neutron_public_interface} + public_interface_raw_device: {get_input: neutron_public_interface_raw_device} + public_interface_route: {get_input: neutron_public_interface_default_route} + public_interface_tag: {get_input: neutron_public_interface_tag} physical_bridge: br-ex - tenant_network_type: {get_param: NeutronNetworkType} - tunnel_types: {get_param: NeutronTunnelTypes} - ovs_db: - list_join: - - '' - - - mysql://neutron:unset@ - - *database_host - - /ovs_neutron?charset=utf8 - service-password: {get_param: NeutronPassword} - dnsmasq-options: {get_param: NeutronDnsmasqOptions} + tenant_network_type: {get_input: neutron_tenant_network_type} + tunnel_types: {get_input: neutron_tunnel_types} + ovs_db: {get_input: neutron_dsn} + service-password: {get_input: neutron_password} + dnsmasq-options: {get_input: neutron_dnsmasq_options} ceilometer: - db: - list_join: - - '' - - - mysql://ceilometer:unset@ - - *database_host - - /ceilometer - debug: {get_param: Debug} - metering_secret: {get_param: CeilometerMeteringSecret} - service-password: {get_param: CeilometerPassword} + db: {get_input: ceilometer_dsn} + debug: {get_input: debug} + metering_secret: {get_input: ceilometer_metering_secret} + service-password: {get_input: ceilometer_password} snmpd: export_MIB: UCD-SNMP-MIB - readonly_user_name: {get_param: SnmpdReadonlyUserName} - readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + readonly_user_name: {get_input: snmpd_readonly_user_name} + readonly_user_password: {get_input: snmpd_readonly_user_password} nova: compute_driver: libvirt.LibvirtDriver - db: - list_join: - - '' - - - mysql://nova:unset@ - - *database_host - - /nova + db: {get_input: nova_dsn} default_floating_pool: ext-net host: {get_input: controller_virtual_ip} metadata-proxy: true - service-password: {get_param: NovaPassword} + service-password: {get_input: nova_password} rabbit: host: {get_input: controller_virtual_ip} - username: {get_param: RabbitUserName} - password: {get_param: RabbitPassword} - cookie: {get_param: RabbitCookie} - rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} - rabbit_port: {get_param: RabbitClientPort} + username: {get_input: rabbit_username} + password: {get_input: rabbit_password} + cookie: {get_input: rabbit_cookie} + rabbit_client_use_ssl: {get_input: rabbit_client_use_ssl} + rabbit_port: {get_input: rabbit_client_port} ntp: servers: - - {server: {get_param: NtpServer}, fudge: "stratum 0"} + - {server: {get_input: ntp_server}} virtual_interfaces: instances: - vrrp_instance_name: VI_CONTROL virtual_router_id: 51 - keepalive_interface: {get_param: ControlVirtualInterface} + keepalive_interface: {get_input: control_virtual_interface} priority: 101 virtual_ips: - - ip: {get_param: VirtualIP} - interface: {get_param: ControlVirtualInterface} + - ip: {get_input: controller_virtual_ip} + interface: {get_input: control_virtual_interface} - vrrp_instance_name: VI_PUBLIC virtual_router_id: 52 - keepalive_interface: {get_param: PublicVirtualInterface} + keepalive_interface: {get_input: public_virtual_interface} priority: 101 virtual_ips: - - ip: {get_param: PublicVirtualIP} - interface: {get_param: PublicVirtualInterface} + - ip: {get_input: public_virtual_ip} + interface: {get_input: public_virtual_interface} vrrp_sync_groups: - name: VG1 members: - VI_CONTROL - VI_PUBLIC keepalived: - keepalive_interface: {get_param: PublicVirtualInterface} + keepalive_interface: {get_input: public_virtual_interface} priority: 101 virtual_ips: - - ip: {get_param: VirtualIP} - interface: {get_param: ControlVirtualInterface} + ip: {get_input: controller_virtual_ip} + interface: {get_input: control_virtual_interface} - - ip: {get_param: PublicVirtualIP} - interface: {get_param: PublicVirtualInterface} + ip: {get_input: public_virtual_ip} + interface: {get_input: public_virtual_interface} haproxy: net_binds: - - ip: {get_param: VirtualIP} + - ip: {get_input: controller_virtual_ip} + options: + - option httpchk GET / services: - name: keystone_admin port: 35357 net_binds: &public_binds - - ip: {get_param: VirtualIP} - - ip: {get_param: PublicVirtualIP} + - ip: {get_input: controller_virtual_ip} + - ip: {get_input: public_virtual_ip} - name: keystone_public port: 5000 net_binds: *public_binds @@ -567,6 +602,7 @@ resources: - name: glance_registry port: 9191 net_binds: *public_binds + options: # overwrite options as glace_reg needs auth for http req - name: heat_api port: 8004 net_binds: *public_binds @@ -591,32 +627,27 @@ resources: - name: nova_metadata port: 8775 net_binds: *public_binds + - name: nova_novncproxy + port: 6080 + net_binds: *public_binds - name: ceilometer port: 8777 net_binds: *public_binds + options: # overwrite options as ceil needs auth for http req - name: swift_proxy_server port: 8080 net_binds: *public_binds + options: + - option httpchk GET /info - name: rabbitmq port: 5672 options: - timeout client 0 - timeout server 0 - - ControllerPassthroughConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config} - - ControllerPassthroughConfigSpecific: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: {get_input: passthrough_config_specific} + - maxconn 1500 ControllerDeployment: - type: OS::Heat::StructuredDeployment + type: OS::TripleO::SoftwareDeployment properties: signal_transport: NO_SIGNAL config: {get_resource: ControllerConfig} @@ -644,6 +675,106 @@ resources: - - 'http://' - {get_param: VirtualIP} - ':8000/v1/waitcondition' + admin_password: {get_param: AdminPassword} + admin_token: {get_param: AdminToken} + neutron_public_interface_ip: {get_param: NeutronPublicInterfaceIP} + debug: {get_param: Debug} + cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} + cinder_password: {get_param: CinderPassword} + cinder_iscsi_helper: {get_param: CinderISCSIHelper} + cinder_dsn: + list_join: + - '' + - - 'mysql://cinder:unset@' + - {get_param: VirtualIP} + - '/cinder' + glance_port: {get_param: GlancePort} + glance_protocol: {get_param: GlanceProtocol} + glance_password: {get_param: GlancePassword} + glance_notifier_strategy: {get_param: GlanceNotifierStrategy} + glance_log_file: {get_param: GlanceLogFile} + glance_dsn: + list_join: + - '' + - - 'mysql://glance:unset@' + - {get_param: VirtualIP} + - '/glance' + heat_password: {get_param: HeatPassword} + heat_stack_domain_admin_password: {get_param: HeatStackDomainAdminPassword} + heat_auth_encryption_key: {get_param: HeatAuthEncryptionKey} + heat_dsn: + list_join: + - '' + - - 'mysql://heat:unset@' + - {get_param: VirtualIP} + - '/heat' + keystone_ca_certificate: {get_param: KeystoneCACertificate} + keystone_signing_key: {get_param: KeystoneSigningKey} + keystone_signing_certificate: {get_param: KeystoneSigningCertificate} + keystone_ssl_certificate: {get_param: KeystoneSSLCertificate} + keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey} + keystone_dsn: + list_join: + - '' + - - 'mysql://keystone:unset@' + - {get_param: VirtualIP} + - '/keystone' + mysql_innodb_buffer_pool_size: {get_param: MysqlInnodbBufferPoolSize} + mysql_root_password: {get_param: MysqlRootPassword} + mysql_cluster_name: + str_replace: + template: tripleo-CLUSTER + params: + CLUSTER: {get_param: MysqlClusterUniquePart} + neutron_flat_networks: {get_param: NeutronFlatNetworks} + neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + neutron_agent_mode: {get_param: NeutronAgentMode} + neutron_router_distributed: {get_param: NeutronDVR} + neutron_mechanism_drivers: {get_param: NeutronMechanismDrivers} + neutron_allow_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} + neutron_l3_ha: {get_param: NeutronL3HA} + neutron_network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} + neutron_bridge_mappings: {get_param: NeutronBridgeMappings} + neutron_public_interface: {get_param: NeutronPublicInterface} + neutron_public_interface_raw_device: {get_param: NeutronPublicInterfaceRawDevice} + neutron_public_interface_default_route: {get_param: NeutronPublicInterfaceDefaultRoute} + neutron_public_interface_tag: {get_param: NeutronPublicInterfaceTag} + neutron_tenant_network_type: {get_param: NeutronNetworkType} + neutron_tunnel_types: {get_param: NeutronTunnelTypes} + neutron_password: {get_param: NeutronPassword} + neutron_dnsmasq_options: {get_param: NeutronDnsmasqOptions} + neutron_dsn: + list_join: + - '' + - - 'mysql://neutron:unset@' + - {get_param: VirtualIP} + - '/ovs_neutron?charset=utf8' + ceilometer_metering_secret: {get_param: CeilometerMeteringSecret} + ceilometer_password: {get_param: CeilometerPassword} + ceilometer_dsn: + list_join: + - '' + - - 'mysql://ceilometer:unset@' + - {get_param: VirtualIP} + - '/ceilometer' + snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName} + snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + nova_password: {get_param: NovaPassword} + nova_dsn: + list_join: + - '' + - - 'mysql://nova:unset@' + - {get_param: VirtualIP} + - '/nova' + rabbit_username: {get_param: RabbitUserName} + rabbit_password: {get_param: RabbitPassword} + rabbit_cookie: {get_param: RabbitCookie} + rabbit_client_use_ssl: {get_param: RabbitClientUseSSL} + rabbit_client_port: {get_param: RabbitClientPort} + ntp_server: {get_param: NtpServer} + control_virtual_interface: {get_param: ControlVirtualInterface} + public_virtual_interface: {get_param: PublicVirtualInterface} + public_virtual_ip: {get_param: PublicVirtualIP} SSLConfig: type: OS::Heat::StructuredConfig @@ -729,6 +860,8 @@ resources: swift: hash: { get_input: swift_hash_suffix } part-power: { get_input: swift_part_power } + mount-check: { get_input: swift_mount_check } + min-part-hours: { get_input: swift_min_part_hours } replicas: {get_input: swift_replicas } service-password: { get_input: swift_password } @@ -740,7 +873,9 @@ resources: signal_transport: NO_SIGNAL input_values: swift_hash_suffix: {get_param: SwiftHashSuffix} + swift_mount_check: {get_param: SwiftMountCheck} swift_password: {get_param: SwiftPassword} + swift_min_part_hours: {get_param: SwiftMinPartHours} swift_part_power: {get_param: SwiftPartPower} swift_replicas: { get_param: SwiftReplicas}