X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=puppet%2Fmanifests%2Fovercloud_compute.pp;h=b7f65f53b84e97386fdc2393feefde97841cba57;hb=27f1bbd41447bb7aceed991f28d565b4ace95bdf;hp=79a6abbbd68040afedafc49cae91a14d1db2b353;hpb=d85635ba68e201c3ec5e42b4828e2f4291b8f080;p=apex-tripleo-heat-templates.git diff --git a/puppet/manifests/overcloud_compute.pp b/puppet/manifests/overcloud_compute.pp index 79a6abbb..b7f65f53 100644 --- a/puppet/manifests/overcloud_compute.pp +++ b/puppet/manifests/overcloud_compute.pp @@ -16,12 +16,16 @@ include ::tripleo::packages include ::tripleo::firewall +create_resources(kmod::load, hiera('kernel_modules'), {}) create_resources(sysctl::value, hiera('sysctl_settings'), {}) +Exec <| tag == 'kmod::load' |> -> Sysctl <| |> if count(hiera('ntp::servers')) > 0 { include ::ntp } +include ::timezone + file { ['/etc/libvirt/qemu/networks/autostart/default.xml', '/etc/libvirt/qemu/networks/default.xml']: ensure => absent, @@ -35,18 +39,32 @@ exec { 'libvirt-default-net-destroy': before => Service['libvirt'], } +# When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique +exec { 'reset-iscsi-initiator-name': + command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi', + onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset', +}-> + +file { '/etc/iscsi/.initiator_reset': + ensure => present, +} + include ::nova include ::nova::config include ::nova::compute -nova_config { - 'DEFAULT/my_ip': value => $ipaddress; - 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; -} - $rbd_ephemeral_storage = hiera('nova::compute::rbd::ephemeral_storage', false) $rbd_persistent_storage = hiera('rbd_persistent_storage', false) if $rbd_ephemeral_storage or $rbd_persistent_storage { + if str2bool(hiera('ceph_ipv6', false)) { + $mon_host = hiera('ceph_mon_host_v6') + } else { + $mon_host = hiera('ceph_mon_host') + } + class { '::ceph::profile::params': + mon_host => $mon_host, + } + include ::ceph::conf include ::ceph::profile::client $client_keys = hiera('ceph::profile::params::client_keys') @@ -67,7 +85,42 @@ if hiera('cinder_enable_nfs_backend', false) { package {'nfs-utils': } -> Service['nova-compute'] } -include ::nova::compute::libvirt +if str2bool(hiera('nova::use_ipv6', false)) { + $vncserver_listen = '::0' +} else { + $vncserver_listen = '0.0.0.0' +} +class { '::nova::compute::libvirt' : + vncserver_listen => $vncserver_listen, +} + +# TUNNELLED mode provides a security enhancement when using shared storage but is not +# supported when not using shared storage. +# See https://bugzilla.redhat.com/show_bug.cgi?id=1301986#c12 +if $rbd_ephemeral_storage { + $block_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED, VIR_MIGRATE_NON_SHARED_INC' + $live_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_TUNNELLED' +} else { + $block_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE, VIR_MIGRATE_NON_SHARED_INC' + $live_migration_flag = 'VIR_MIGRATE_UNDEFINE_SOURCE, VIR_MIGRATE_PEER2PEER, VIR_MIGRATE_LIVE' +} + +nova_config { + 'DEFAULT/my_ip': value => $ipaddress; + 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; + 'DEFAULT/host': value => $fqdn; + # In future versions of Nova, the live/block migration flags will be deprecated [1]. + # Tunnelling (encryption) will be handled via a single _new_ Nova + # config attribute 'live_migration_tunnelled'[2], thus + # avoiding users to have to supply libvirt flags. + # In future versions of QEMU (2.6, mostly), Dan's native encryption + # work will obsolete the need to use TUNNELLED transport mode. + # [1] https://review.openstack.org/#/c/263436/ + # [2] https://review.openstack.org/#/c/263434/ + 'libvirt/block_migration_flag': value => $block_migration_flag; + 'libvirt/live_migration_flag': value => $live_migration_flag; +} + if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' { file {'/etc/libvirt/qemu.conf': ensure => present, @@ -76,6 +129,7 @@ if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' } include ::nova::network::neutron include ::neutron +include ::neutron::config # If the value of core plugin is set to 'nuage', # include nuage agent, @@ -104,6 +158,15 @@ elsif hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV cassandra_seeds => $cassandra_node_ips } } +elsif hiera('neutron::core_plugin') == 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' { + + include ::contrail::vrouter + # NOTE: it's not possible to use this class without a functional + # contrail controller up and running + #class {'::contrail::vrouter::provision_vrouter': + # require => Class['contrail::vrouter'], + #} +} else { include ::neutron::plugins::ml2 @@ -115,8 +178,15 @@ else { n1kv_version => hiera('n1kv_vem_version', undef), } } + + if 'bsn_ml2' in hiera('neutron::plugins::ml2::mechanism_drivers') { + include ::neutron::agents::bigswitch + } } +neutron_config { + 'DEFAULT/host': value => $fqdn; +} include ::ceilometer include ::ceilometer::config @@ -130,7 +200,7 @@ snmp::snmpv3_user { $snmpd_user: } class { '::snmp': agentaddress => ['udp:161','udp6:[::1]:161'], - snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], + snmpd_config => [ join(['createUser ', hiera('snmpd_readonly_user_name'), ' MD5 "', hiera('snmpd_readonly_user_password'), '"']), join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ], } hiera_include('compute_classes')