description:
requires:
- overcloud-resource-registry-puppet.yaml
+
+ - title: Operational Tools
+ description:
+ environment_groups:
+ - title: Monitoring agents
+ description: Enable monitoring agents
+ environments:
+ - file: environments/monitoring-environment.yaml
+ title: enable monitoring agents
+ description:
+ requires:
+ - overcloud-resource-registry-puppet.yaml
--- /dev/null
+## A Heat environment file which can be used to set up monitoring
+## and logging agents
+
+resource_registry:
+ OS::TripleO::Services::SensuClient: ../puppet/services/monitoring/sensu-client.yaml
+
+parameter_defaults:
+ #### Sensu settings ####
+ ##MonitoringRabbitHost: 10.10.10.10
+ ##MonitoringRabbitPort: 5672
+ ##MonitoringRabbitUserName: sensu
+ ##MonitoringRabbitPassword: sensu
+ ##MonitoringRabbitUseSSL: false
+ ##MonitoringRabbitVhost: "/sensu"
+ ##SensuClientCustomConfig:
+ ## - api:
+ ## - warning: 10
+ ## critical: 20
+ ## openstack:
+ ## - username: admin
+ ## password: changeme
+ ## project_name: admin
+ ## auth_url: http://controller:5000/v2.0
+ ## region_name: RegionOne
+
+ #### EFK settings ####
+ ## TBD
+
+ #### Grafana/Graphite settings ####
+ ## TBD
--- /dev/null
+# A Heat environment that can be used to deploy OpenDaylight with L3 DVR
+resource_registry:
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::OpenDaylight: puppet/services/opendaylight-api.yaml
+ OS::TripleO::Services::OpenDaylightOvs: puppet/services/opendaylight-ovs.yaml
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+
+parameter_defaults:
+ EnableOpenDaylightOnController: true
+ NeutronEnableForceMetadata: true
+ NeutronMechanismDrivers: 'opendaylight'
+ NeutronServicePlugins: "networking_odl.l3.l3_odl.OpenDaylightL3RouterPlugin"
+ OpenDaylightEnableL3: "'yes'"
--- /dev/null
+# A Heat environment that can be used to deploy OpenDaylight
+resource_registry:
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::OpenDaylight: puppet/services/opendaylight-api.yaml
+ OS::TripleO::Services::OpenDaylightOvs: puppet/services/opendaylight-ovs.yaml
+
+parameter_defaults:
+ EnableOpenDaylightOnController: true
+ NeutronEnableForceMetadata: true
+ NeutronMechanismDrivers: 'opendaylight'
--- /dev/null
+## A Heat environment that can be used to deploy DPDK with OVS
+resource_registry:
+ OS::TripleO::Services::ComputeNeutronOvsAgent: ../puppet/services/neutron-ovs-dpdk-agent.yaml
+
+parameter_defaults:
+ ## NeutronDpdkCoreList and NeutronDpdkMemoryChannels are REQUIRED settings.
+ ## Attempting to deploy DPDK without appropriate values will cause deployment to fail or lead to unstable deployments.
+ #NeutronDpdkCoreList: ""
+ #NeutronDpdkMemoryChannels: ""
+
+ NeutronDatapathType: "netdev"
+ NeutronVhostuserSocketDir: "/var/run/openvswitch"
+
+ #NeutronDpdkSocketMemory: ""
+ #NeutronDpdkDriverType: "vfio-pci"
+ #NovaReservedHostMemory: 4096
+ #NovaVcpuPinSet: ""
+
# We also need to set the proper agent mode for the L3 agent. This will only
# affect the agent on the controller node.
NeutronL3AgentMode: 'dvr_snat'
+
+ # L3 HA isn't supported for DVR enabled routers. If upgrading from a system
+ # where L3 HA is enabled and has neutron routers configured, it is
+ # recommended setting this value to true until such time all routers can be
+ # migrated to DVR routers. Once migration of the routers is complete,
+ # NeutronL3HA can be returned to false. All new systems should be deployed
+ # with NeutronL3HA set to false.
+ NeutronL3HA: false
--- /dev/null
+#!/bin/bash
+set -eu
+set -o pipefail
+
+echo INFO: starting $(basename "$0")
+
+# Exit if not running
+if ! pidof ceph-mon; then
+ echo INFO: ceph-mon is not running, skipping
+ exit 0
+fi
+
+# Exit if not Hammer
+INSTALLED_VERSION=$(ceph --version | awk '{print $3}')
+if ! [[ "$INSTALLED_VERSION" =~ ^0\.94.* ]]; then
+ echo INFO: version of Ceph installed is not 0.94, skipping
+ exit 0
+fi
+
+MON_PID=$(pidof ceph-mon)
+MON_ID=$(hostname -s)
+
+# Stop daemon using Hammer sysvinit script
+service ceph stop mon.${MON_ID}
+
+# Ensure it's stopped
+timeout 60 bash -c "while kill -0 ${MON_PID} 2> /dev/null; do
+ sleep 2;
+done"
+
+# Update to Jewel
+yum -y -q update ceph-mon
+
+# Restart/Exit if not on Jewel, only in that case we need the changes
+UPDATED_VERSION=$(ceph --version | awk '{print $3}')
+if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then
+ echo WARNING: Ceph was not upgraded, restarting daemons
+ service ceph start mon.${MON_ID}
+elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then
+ echo INFO: Ceph was upgraded to Jewel
+
+ # RPM could own some of these but we can't take risks on the pre-existing files
+ for d in /var/lib/ceph/mon /var/log/ceph /var/run/ceph /etc/ceph; do
+ chown -R ceph:ceph $d
+ done
+
+ # Replay udev events with newer rules
+ udevadm trigger
+
+ # Enable systemd unit
+ systemctl enable ceph-mon.target
+ systemctl enable ceph-mon@${MON_ID}
+ systemctl start ceph-mon@${MON_ID}
+
+ # Wait for daemon to be back in the quorum
+ timeout 300 bash -c "until (ceph quorum_status | jq .quorum_names | grep -sq ${MON_ID}); do
+ echo Waiting for mon.${MON_ID} to re-join quorum;
+ sleep 10;
+ done"
+else
+ echo ERROR: Ceph was upgraded to an unknown release, daemon is stopped, need manual intervention
+ exit 1
+fi
# major upgrade workflow.
#
set -eu
+set -o pipefail
UPGRADE_SCRIPT=/root/tripleo_upgrade_node.sh
-cat > $UPGRADE_SCRIPT << ENDOFCAT
+cat > $UPGRADE_SCRIPT << 'ENDOFCAT'
+#!/bin/bash
### DO NOT MODIFY THIS FILE
### This file is automatically delivered to the ceph-storage nodes as part of the
### tripleo upgrades workflow
+set -eu
+
+echo INFO: starting $(basename "$0")
+# Exit if not running
+if ! pidof ceph-osd; then
+ echo INFO: ceph-osd is not running, skipping
+ exit 0
+fi
-function systemctl_ceph {
- action=\$1
- systemctl \$action ceph
-}
+# Exit if not Hammer
+INSTALLED_VERSION=$(ceph --version | awk '{print $3}')
+if ! [[ "$INSTALLED_VERSION" =~ ^0\.94.* ]]; then
+ echo INFO: version of Ceph installed is not 0.94, skipping
+ exit 0
+fi
-# "so that mirrors aren't rebalanced as if the OSD died" - gfidente
+OSD_PIDS=$(pidof ceph-osd)
+OSD_IDS=$(ls /var/lib/ceph/osd | awk 'BEGIN { FS = "-" } ; { print $2 }')
+
+# "so that mirrors aren't rebalanced as if the OSD died" - gfidente / leseb
ceph osd set noout
+ceph osd set norebalance
+ceph osd set nodeep-scrub
+ceph osd set noscrub
+
+# Stop daemon using Hammer sysvinit script
+for OSD_ID in $OSD_IDS; do
+ service ceph stop osd.${OSD_ID}
+done
+
+# Nice guy will return non-0 only when all failed
+timeout 60 bash -c "while kill -0 ${OSD_PIDS} 2> /dev/null; do
+ sleep 2;
+done"
-systemctl_ceph stop
+# Update (Ceph to Jewel)
yum -y install python-zaqarclient # needed for os-collect-config
yum -y update
-systemctl_ceph start
-ceph osd unset noout
+# Restart/Exit if not on Jewel, only in that case we need the changes
+UPDATED_VERSION=$(ceph --version | awk '{print $3}')
+if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then
+ echo WARNING: Ceph was not upgraded, restarting daemon
+ for OSD_ID in $OSD_IDS; do
+ service ceph start osd.${OSD_ID}
+ done
+elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then
+ # RPM could own some of these but we can't take risks on the pre-existing files
+ for d in /var/lib/ceph/osd /var/log/ceph /var/run/ceph /etc/ceph; do
+ chown -R ceph:ceph $d
+ done
+
+ # Replay udev events with newer rules
+ udevadm trigger && udevadm settle
+
+ # Enable systemd unit
+ systemctl enable ceph-osd.target
+ for OSD_ID in $OSD_IDS; do
+ systemctl enable ceph-osd@${OSD_ID}
+ systemctl start ceph-osd@${OSD_ID}
+ done
+ echo INFO: Ceph was upgraded to Jewel
+else
+ echo ERROR: Ceph was upgraded to an unknown release, daemon is stopped, need manual intervention
+ exit 1
+fi
+
+ceph osd unset noout
+ceph osd unset norebalance
+ceph osd unset nodeep-scrub
+ceph osd unset noscrub
ENDOFCAT
# ensure the permissions are OK
chmod 0755 $UPGRADE_SCRIPT
-
pcs property set stonith-enabled=false
# If for some reason rpm-python are missing we want to error out early enough
-if [ ! rpm -q rpm-python &> /dev/null ]; then
+if ! rpm -q rpm-python &> /dev/null; then
echo_error "ERROR: upgrade cannot start without rpm-python installed"
exit 1
fi
wsrep_cluster_address = gcomm://localhost
EOF
-if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then
- if [ $DO_MYSQL_UPGRADE -eq 1 ]; then
- # Scripts run via heat have no HOME variable set and this confuses
- # mysqladmin
- export HOME=/root
- mkdir /var/lib/mysql || /bin/true
- chown mysql:mysql /var/lib/mysql
- chmod 0755 /var/lib/mysql
- restorecon -R /var/lib/mysql/
- mysql_install_db --datadir=/var/lib/mysql --user=mysql
- chown -R mysql:mysql /var/lib/mysql/
+if [ $DO_MYSQL_UPGRADE -eq 1 ]; then
+ # Scripts run via heat have no HOME variable set and this confuses
+ # mysqladmin
+ export HOME=/root
+
+ mkdir /var/lib/mysql || /bin/true
+ chown mysql:mysql /var/lib/mysql
+ chmod 0755 /var/lib/mysql
+ restorecon -R /var/lib/mysql/
+ mysql_install_db --datadir=/var/lib/mysql --user=mysql
+ chown -R mysql:mysql /var/lib/mysql/
+
+ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then
mysqld_safe --wsrep-new-cluster &
# We have a populated /root/.my.cnf with root/password here so
# we need to temporarily rename it because the newly created
# If we reached here without error we can safely blow away the origin
# mysql dir from every controller
+
+# TODO: What if the upgrade fails on the bootstrap node, but not on
+# this controller. Data may be lost.
if [ $DO_MYSQL_UPGRADE -eq 1 ]; then
rm -r $MYSQL_TEMP_UPGRADE_BACKUP_DIR
fi
# https://bugzilla.redhat.com/show_bug.cgi?id=1284058
# Ifd1861e3df46fad0e44ff9b5cbd58711bbc87c97 Swift Ceilometer middleware no longer exists
crudini --set /etc/swift/proxy-server.conf pipeline:main pipeline "catch_errors healthcheck cache ratelimit tempurl formpost authtoken keystone staticweb proxy-logging proxy-server"
+# LP: 1615035, required only for M/N upgrade.
+crudini --set /etc/nova/nova.conf DEFAULT scheduler_host_manager host_manager
keystone-manage db_sync
neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head
nova-manage db sync
+ nova-manage api_db sync
pcs resource enable memcached
check_resource memcached started 600
# map_merge with input_values instead of feeding params into scripts
# via str_replace on bash snippets
+ CephMonUpgradeConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config: {get_file: major_upgrade_ceph_mon.sh}
+
+ CephMonUpgradeDeployment:
+ type: OS::Heat::SoftwareDeploymentGroup
+ properties:
+ servers: {get_param: controller_servers}
+ config: {get_resource: CephMonUpgradeConfig}
+ input_values: {get_param: input_values}
+ batch_create:
+ max_batch_size: 1
+ rolling_update:
+ max_batch_size: 1
+
ControllerPacemakerUpgradeConfig_Step1:
type: OS::Heat::SoftwareConfig
properties:
ControllerPacemakerUpgradeDeployment_Step1:
type: OS::Heat::SoftwareDeploymentGroup
+ depends_on: CephMonUpgradeDeployment
properties:
servers: {get_param: controller_servers}
config: {get_resource: ControllerPacemakerUpgradeConfig_Step1}
# Run if pacemaker is running, we're the bootstrap node,
# and we're updating the deployment (not creating).
if [ "$pacemaker_status" = "active" -a \
- "$(hiera bootstrap_nodeid)" = "$(facter hostname)" -a \
- "$(hiera stack_action)" = "UPDATE" ]; then
+ "$(hiera bootstrap_nodeid)" = "$(facter hostname)" ]; then
- PCMK_RESOURCES="haproxy-clone redis-master rabbitmq-clone galera-master openstack-cinder-volume openstack-cinder-backup"
- # Ten minutes of timeout to restart each resource, given there are no constraints should be enough
TIMEOUT=600
- for resource in $PCMK_RESOURCES; do
- if pcs status | grep $resource; then
- pcs resource restart --wait=$TIMEOUT $resource
- fi
+ SERVICES_TO_RESTART="$(ls /var/lib/tripleo/pacemaker-restarts)"
+ PCS_STATUS_OUTPUT="$(pcs status)"
+
+ for service in $SERVICES_TO_RESTART; do
+ if ! echo "$PCS_STATUS_OUTPUT" | grep $service; then
+ echo "Service $service not found as a pacemaker resource, cannot restart it."
+ exit 1
+ fi
+ done
+
+ for service in $SERVICES_TO_RESTART; do
+ echo "Restarting $service..."
+ pcs resource restart --wait=$TIMEOUT $service
+ rm -f /var/lib/tripleo/pacemaker-restarts/$service
done
+
fi
--- /dev/null
+heat_template_version: 2015-04-30
+
+description: >
+ Software Config to drive os-net-config with 2 bonded nics on a bridge
+ with VLANs attached for the compute role.
+
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ BondInterfaceOvsOptions:
+ default: ''
+ description: The ovs_options string for the bond interface. Set things like
+ lacp=active and/or bond_mode=balance-slb using this option.
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: '10.0.0.1'
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: comma_delimited_list
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::StructuredConfig
+ properties:
+ group: os-apply-config
+ config:
+ os_net_config:
+ network_config:
+ -
+ type: interface
+ name: nic1
+ use_dhcp: false
+ dns_servers: {get_param: DnsServers}
+ addresses:
+ -
+ ip_netmask:
+ list_join:
+ - '/'
+ - - {get_param: ControlPlaneIp}
+ - {get_param: ControlPlaneSubnetCidr}
+ routes:
+ -
+ ip_netmask: 169.254.169.254/32
+ next_hop: {get_param: EC2MetadataIp}
+ -
+ default: true
+ next_hop: {get_param: ControlPlaneDefaultRoute}
+ -
+ type: ovs_bridge
+ name: {get_input: bridge_name}
+ members:
+ -
+ type: ovs_bond
+ name: bond1
+ ovs_options: {get_param: BondInterfaceOvsOptions}
+ members:
+ -
+ type: interface
+ name: nic2
+ primary: true
+ -
+ type: interface
+ name: nic3
+ -
+ type: vlan
+ device: bond1
+ vlan_id: {get_param: InternalApiNetworkVlanID}
+ addresses:
+ -
+ ip_netmask: {get_param: InternalApiIpSubnet}
+ -
+ type: vlan
+ device: bond1
+ vlan_id: {get_param: StorageNetworkVlanID}
+ addresses:
+ -
+ ip_netmask: {get_param: StorageIpSubnet}
+ -
+ type: vlan
+ device: bond1
+ vlan_id: {get_param: TenantNetworkVlanID}
+ addresses:
+ -
+ ip_netmask: {get_param: TenantIpSubnet}
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
+ #-
+ # type: vlan
+ # device: bond1
+ # vlan_id: {get_param: ManagementNetworkVlanID}
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
+ -
+ type: ovs_user_bridge
+ name: br-link
+ members:
+ -
+ type: ovs_dpdk_bond
+ name: dpdkbond0
+ members:
+ -
+ type: ovs_dpdk_port
+ name: dpdk0
+ members:
+ -
+ type: interface
+ name: nic4
+ -
+ type: ovs_dpdk_port
+ name: dpdk1
+ members:
+ -
+ type: interface
+ name: nic5
+
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value: {get_resource: OsNetConfigImpl}
-heat_template_version: 2015-04-30
+heat_template_version: 2016-10-14
parameters:
ControlPlaneIpList:
ManagementIpList:
default: []
type: comma_delimited_list
+ EnabledServices:
+ default: []
+ type: comma_delimited_list
+ ServiceNetMap:
+ default: {}
+ type: json
+ ServiceHostnameList:
+ default: []
+ type: comma_delimited_list
outputs:
net_ip_map:
storage_mgmt: {get_param: StorageMgmtIpList}
tenant: {get_param: TenantIpList}
management: {get_param: ManagementIpList}
+ service_ips:
+ description: >
+ Map of enabled services to a list of their IP addresses
+ value:
+ yaql:
+ # This filters any entries where the value hasn't been substituted for
+ # a list, e.g it's still $service_network. This happens when there is
+ # no network defined for the service in the ServiceNetMap, which is OK
+ # as not all services have to be bound to a network, so we filter them
+ expression: dict($.data.map.items().where(not isString($[1])))
+ data:
+ map:
+ map_replace:
+ - map_replace:
+ - map_merge:
+ repeat:
+ template:
+ SERVICE_node_ips: SERVICE_network
+ for_each:
+ SERVICE: {get_param: EnabledServices}
+ - values: {get_param: ServiceNetMap}
+ - values:
+ ctlplane: {get_param: ControlPlaneIpList}
+ external: {get_param: ExternalIpList}
+ internal_api: {get_param: InternalApiIpList}
+ storage: {get_param: StorageIpList}
+ storage_mgmt: {get_param: StorageMgmtIpList}
+ tenant: {get_param: TenantIpList}
+ management: {get_param: ManagementIpList}
+ service_hostnames:
+ description: >
+ Map of enabled services to a list of hostnames where they're running
+ value:
+ yaql:
+ # If ServiceHostnameList is empty the role is deployed with zero nodes
+ # therefore we don't want to add any *_node_names to the map
+ expression: dict($.data.map.items().where(len($[1]) > 0))
+ data:
+ map:
+ map_merge:
+ repeat:
+ template:
+ SERVICE_node_names: {get_param: ServiceHostnameList}
+ for_each:
+ SERVICE: {get_param: EnabledServices}
ServiceNetMapDefaults:
default:
+ ApacheNetwork: internal_api
NeutronTenantNetwork: tenant
CeilometerApiNetwork: internal_api
AodhApiNetwork: internal_api
CinderIscsiNetwork: storage
GlanceApiNetwork: storage
GlanceRegistryNetwork: internal_api
- IronicApiNetwork: internal_api
+ IronicApiNetwork: ctlplane
+ IronicNetwork: ctlplane
KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints
KeystonePublicApiNetwork: internal_api
ManilaApiNetwork: internal_api
RedisNetwork: internal_api
MysqlNetwork: internal_api
CephClusterNetwork: storage_mgmt
- CephPublicNetwork: storage
+ CephMonNetwork: storage
ControllerHostnameResolveNetwork: internal_api
ComputeHostnameResolveNetwork: internal_api
BlockStorageHostnameResolveNetwork: internal_api
ObjectStorageHostnameResolveNetwork: internal_api
CephStorageHostnameResolveNetwork: storage
PublicNetwork: external
+ OpenDaylightApiNetwork: internal_api
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
default:
MongoDbNetwork: MongodbNetwork
RabbitMqNetwork: RabbitmqNetwork
+ CephPublicNetwork: CephMonNetwork
description: Mapping older deprecated service names, intended for
internal use only, this will be removed in future.
type: json
# TripleO overcloud networks
OS::TripleO::Network: network/networks.yaml
- OS::TripleO::VipConfig: puppet/vip-config.yaml
OS::TripleO::Network::External: OS::Heat::None
OS::TripleO::Network::InternalApi: OS::Heat::None
# services
OS::TripleO::Services: puppet/services/services.yaml
+ OS::TripleO::Services::Apache: puppet/services/apache.yaml
OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml
OS::TripleO::Services::CephMon: OS::Heat::None
OS::TripleO::Services::CephOSD: OS::Heat::None
OS::TripleO::Services::NeutronCorePluginOpencontrail: puppet/services/neutron-plugin-opencontrail.yaml
OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml
OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
- # ComputeNeutronOvsAgent can be overriden to puppet/services/neutron-ovs-dpdk-agent.yaml also to enable DPDK
OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml
OS::TripleO::Services::Pacemaker: OS::Heat::None
OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None
OS::TripleO::Services::NovaIronic: OS::Heat::None
OS::TripleO::Services::TripleoPackages: puppet/services/tripleo-packages.yaml
OS::TripleO::Services::TripleoFirewall: puppet/services/tripleo-firewall.yaml
+ OS::TripleO::Services::OpenDaylight: OS::Heat::None
+ OS::TripleO::Services::OpenDaylightOvs: OS::Heat::None
+ OS::TripleO::Services::SensuClient: OS::Heat::None
parameter_defaults:
EnablePackageInstall: false
+++ /dev/null
-overcloud.yaml
\ No newline at end of file
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
Deploy an OpenStack environment, consisting of several node types (roles),
- Controller, Compute, BlockStorage, SwiftStorage and CephStorage. The Storage
+ Controller, Compute, BlockStorage, SwiftStorage and CephStorage. The Storage
roles enable independent scaling of the storage components, but the minimal
deployment is one Controller and one Compute node.
# Common parameters (not specific to a role)
CloudName:
- default: overcloud
+ default: overcloud.localdomain
description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
type: string
CloudNameInternal:
- OS::TripleO::Services::NovaIronic
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::OpenDaylight
+ - OS::TripleO::Services::SensuClient
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the Controllers.
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::NeutronSriovAgent
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::SensuClient
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the Compute Nodes.
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::SensuClient
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the BlockStorage nodes.
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::SensuClient
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the ObjectStorage nodes.
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::SensuClient
description: A list of service resources (configured in the Heat
resource_registry) which represent nested stacks
for each service that should get installed on the CephStorage nodes.
properties:
CloudDomain: {get_param: CloudDomain}
controllerExtraConfig: {get_param: controllerExtraConfig}
- HorizonSecret: {get_resource: HorizonSecret}
- PcsdPassword: {get_resource: PcsdPassword}
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
- RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
Hostname:
NodeIndex: '%index%'
ServiceConfigSettings: {get_attr: [ControllerServiceChain, role_data, config_settings]}
ServiceNames: {get_attr: [ControllerServiceChain, role_data, service_names]}
+ MonitoringSubscriptions: {get_attr: [ControllerServiceChain, role_data, monitoring_subscriptions]}
ComputeServiceChain:
type: OS::TripleO::Services
NodeIndex: '%index%'
ServiceConfigSettings: {get_attr: [ComputeServiceChain, role_data, config_settings]}
ServiceNames: {get_attr: [ComputeServiceChain, role_data, service_names]}
+ MonitoringSubscriptions: {get_attr: [ComputeServiceChain, role_data, monitoring_subscriptions]}
BlockStorageServiceChain:
type: OS::TripleO::Services
NodeIndex: '%index%'
ServiceConfigSettings: {get_attr: [BlockStorageServiceChain, role_data, config_settings]}
ServiceNames: {get_attr: [BlockStorageServiceChain, role_data, service_names]}
+ MonitoringSubscriptions: {get_attr: [BlockStorageServiceChain, role_data, monitoring_subscriptions]}
ObjectStorageServiceChain:
type: OS::TripleO::Services
NodeIndex: '%index%'
ServiceConfigSettings: {get_attr: [ObjectStorageServiceChain, role_data, config_settings]}
ServiceNames: {get_attr: [ObjectStorageServiceChain, role_data, service_names]}
+ MonitoringSubscriptions: {get_attr: [ObjectStorageServiceChain, role_data, monitoring_subscriptions]}
CephStorageServiceChain:
type: OS::TripleO::Services
NodeIndex: '%index%'
ServiceConfigSettings: {get_attr: [CephStorageServiceChain, role_data, config_settings]}
ServiceNames: {get_attr: [CephStorageServiceChain, role_data, service_names]}
+ MonitoringSubscriptions: {get_attr: [CephStorageServiceChain, role_data, monitoring_subscriptions]}
ControllerIpListMap:
type: OS::TripleO::Network::Ports::NetIpListMap
StorageMgmtIpList: {get_attr: [Controller, storage_mgmt_ip_address]}
TenantIpList: {get_attr: [Controller, tenant_ip_address]}
ManagementIpList: {get_attr: [Controller, management_ip_address]}
+ EnabledServices: {get_attr: [ControllerServiceChain, role_data, service_names]}
+ ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
+ ServiceHostnameList: {get_attr: [Controller, hostname]}
+
+ ComputeIpListMap:
+ type: OS::TripleO::Network::Ports::NetIpListMap
+ properties:
+ ControlPlaneIpList: {get_attr: [Compute, ip_address]}
+ ExternalIpList: {get_attr: [Compute, external_ip_address]}
+ InternalApiIpList: {get_attr: [Compute, internal_api_ip_address]}
+ StorageIpList: {get_attr: [Compute, storage_ip_address]}
+ StorageMgmtIpList: {get_attr: [Compute, storage_mgmt_ip_address]}
+ TenantIpList: {get_attr: [Compute, tenant_ip_address]}
+ ManagementIpList: {get_attr: [Compute, management_ip_address]}
+ EnabledServices: {get_attr: [ComputeServiceChain, role_data, service_names]}
+ ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
+ ServiceHostnameList: {get_attr: [Compute, hostname]}
+
+ BlockStorageIpListMap:
+ type: OS::TripleO::Network::Ports::NetIpListMap
+ properties:
+ ControlPlaneIpList: {get_attr: [BlockStorage, ip_address]}
+ ExternalIpList: {get_attr: [BlockStorage, external_ip_address]}
+ InternalApiIpList: {get_attr: [BlockStorage, internal_api_ip_address]}
+ StorageIpList: {get_attr: [BlockStorage, storage_ip_address]}
+ StorageMgmtIpList: {get_attr: [BlockStorage, storage_mgmt_ip_address]}
+ TenantIpList: {get_attr: [BlockStorage, tenant_ip_address]}
+ ManagementIpList: {get_attr: [BlockStorage, management_ip_address]}
+ EnabledServices: {get_attr: [BlockStorageServiceChain, role_data, service_names]}
+ ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
+ ServiceHostnameList: {get_attr: [BlockStorage, hostname]}
+
+ ObjectStorageIpListMap:
+ type: OS::TripleO::Network::Ports::NetIpListMap
+ properties:
+ ControlPlaneIpList: {get_attr: [ObjectStorage, ip_address]}
+ ExternalIpList: {get_attr: [ObjectStorage, external_ip_address]}
+ InternalApiIpList: {get_attr: [ObjectStorage, internal_api_ip_address]}
+ StorageIpList: {get_attr: [ObjectStorage, storage_ip_address]}
+ StorageMgmtIpList: {get_attr: [ObjectStorage, storage_mgmt_ip_address]}
+ TenantIpList: {get_attr: [ObjectStorage, tenant_ip_address]}
+ ManagementIpList: {get_attr: [ObjectStorage, management_ip_address]}
+ EnabledServices: {get_attr: [ObjectStorageServiceChain, role_data, service_names]}
+ ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
+ ServiceHostnameList: {get_attr: [ObjectStorage, hostname]}
+
+ CephStorageIpListMap:
+ type: OS::TripleO::Network::Ports::NetIpListMap
+ properties:
+ ControlPlaneIpList: {get_attr: [CephStorage, ip_address]}
+ ExternalIpList: {get_attr: [CephStorage, external_ip_address]}
+ InternalApiIpList: {get_attr: [CephStorage, internal_api_ip_address]}
+ StorageIpList: {get_attr: [CephStorage, storage_ip_address]}
+ StorageMgmtIpList: {get_attr: [CephStorage, storage_mgmt_ip_address]}
+ TenantIpList: {get_attr: [CephStorage, tenant_ip_address]}
+ ManagementIpList: {get_attr: [CephStorage, management_ip_address]}
+ EnabledServices: {get_attr: [CephStorageServiceChain, role_data, service_names]}
+ ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
+ ServiceHostnameList: {get_attr: [CephStorage, hostname]}
allNodesConfig:
type: OS::TripleO::AllNodes::SoftwareConfig
- list_join:
- '\n'
- {get_attr: [CephStorage, hosts_entry]}
+ enabled_services:
+ list_join:
+ - ','
+ - {get_attr: [ControllerServiceChain, role_data, service_names]}
+ - {get_attr: [ComputeServiceChain, role_data, service_names]}
+ - {get_attr: [BlockStorageServiceChain, role_data, service_names]}
+ - {get_attr: [ObjectStorageServiceChain, role_data, service_names]}
+ - {get_attr: [CephStorageServiceChain, role_data, service_names]}
controller_ips: {get_attr: [Controller, ip_address]}
controller_names: {get_attr: [Controller, hostname]}
- rabbit_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, RabbitmqNetwork]}]}
- mongo_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MongodbNetwork]}]}
- redis_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, RedisNetwork]}]}
+ service_ips:
+ # Note (shardy) this somewhat complex yaql may be replaced
+ # with a map_deep_merge function in ocata. It merges the
+ # list of maps, but appends to colliding lists when a service
+ # is deployed on more than one role
+ yaql:
+ expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()]))
+ data:
+ l:
+ - {get_attr: [ControllerIpListMap, service_ips]}
+ - {get_attr: [ComputeIpListMap, service_ips]}
+ - {get_attr: [BlockStorageIpListMap, service_ips]}
+ - {get_attr: [ObjectStorageIpListMap, service_ips]}
+ - {get_attr: [CephStorageIpListMap, service_ips]}
+ service_node_names:
+ yaql:
+ expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()]))
+ data:
+ l:
+ - {get_attr: [ControllerIpListMap, service_hostnames]}
+ - {get_attr: [ComputeIpListMap, service_hostnames]}
+ - {get_attr: [BlockStorageIpListMap, service_hostnames]}
+ - {get_attr: [ObjectStorageIpListMap, service_hostnames]}
+ - {get_attr: [CephStorageIpListMap, service_hostnames]}
+ # FIXME(shardy): These require further work to move into service_ips
memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]}
- mysql_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MysqlNetwork]}]}
- horizon_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, HorizonNetwork]}]}
- heat_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, HeatApiNetwork]}]}
- swift_proxy_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SwiftProxyNetwork]}]}
- ceilometer_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CeilometerApiNetwork]}]}
- aodh_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, AodhApiNetwork]}]}
- gnocchi_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GnocchiApiNetwork]}]}
- nova_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaApiNetwork]}]}
- nova_metadata_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaMetadataNetwork]}]}
- glance_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceApiNetwork]}]}
- glance_registry_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceRegistryNetwork]}]}
- cinder_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CinderApiNetwork]}]}
- manila_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, ManilaApiNetwork]}]}
- neutron_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NeutronApiNetwork]}]}
keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]}
keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]}
- sahara_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SaharaApiNetwork]}]}
- ironic_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, IronicApiNetwork]}]}
- ceph_mon_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CephPublicNetwork]}]}
- ceph_mon_node_names: {get_attr: [Controller, hostname]}
+ NetVipMap: {get_attr: [VipMap, net_ip_map]}
+ ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
DeployIdentifier: {get_param: DeployIdentifier}
UpdateIdentifier: {get_param: UpdateIdentifier}
StorageMgmtIpUri: {get_attr: [StorageMgmtVirtualIP, ip_address_uri]}
# No tenant or management VIP required
- VipConfig:
- type: OS::TripleO::VipConfig
-
- VipDeployment:
- type: OS::Heat::StructuredDeployments
- properties:
- name: VipDeployment
- config: {get_resource: VipConfig}
- servers: {get_attr: [Controller, attributes, nova_server_resource]}
- input_values:
- # service VIP mappings
- keystone_admin_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]}
- keystone_public_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]}
- neutron_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NeutronApiNetwork]}]}
- cinder_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CinderApiNetwork]}]}
- glance_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceApiNetwork]}]}
- glance_registry_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GlanceRegistryNetwork]}]}
- swift_proxy_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SwiftProxyNetwork]}]}
- nova_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaApiNetwork]}]}
- nova_metadata_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaMetadataNetwork]}]}
- ceilometer_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, CeilometerApiNetwork]}]}
- aodh_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, AodhApiNetwork]}]}
- gnocchi_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, GnocchiApiNetwork]}]}
- heat_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, HeatApiNetwork]}]}
- horizon_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, HorizonNetwork]}]}
- redis_vip: {get_attr: [RedisVirtualIP, ip_address]}
- manila_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, ManilaApiNetwork]}]}
- mysql_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MysqlNetwork]}]}
- rabbit_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, RabbitMqNetwork]}]}
- # direct configuration of Virtual IPs for each network
- control_virtual_ip: {get_attr: [VipMap, net_ip_map, ctlplane]}
- public_virtual_ip: {get_attr: [VipMap, net_ip_map, external]}
- internal_api_virtual_ip: {get_attr: [VipMap, net_ip_map, internal_api]}
- sahara_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SaharaApiNetwork]}]}
- ironic_api_vip: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, IronicApiNetwork]}]}
- storage_virtual_ip: {get_attr: [VipMap, net_ip_map, storage]}
- storage_mgmt_virtual_ip: {get_attr: [VipMap, net_ip_map, storage_mgmt]}
-
ControllerSwiftDeployment:
type: OS::Heat::StructuredDeployments
properties:
properties:
controller_swift_devices: {get_attr: [Controller, swift_device]}
object_store_swift_devices: {get_attr: [ObjectStorage, swift_device]}
- controller_swift_proxy_memcaches: {get_attr: [Controller, swift_proxy_memcache]}
ControllerAllNodesDeployment:
type: OS::Heat::StructuredDeployments
servers: {get_attr: [CephStorage, attributes, nova_server_resource]}
RoleData: {get_attr: [CephStorageServiceChain, role_data]}
+
outputs:
+ ManagedEndpoints:
+ description: Asserts that the keystone endpoints have been provisioned.
+ value: true
KeystoneURL:
description: URL for the Overcloud Keystone service
value: {get_attr: [EndpointMap, endpoint_map, KeystonePublic, uri]}
NovaInternalVip:
description: VIP for Nova API internal endpoint
value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, NovaApiNetwork]}]}
+ OpenDaylightInternalVip:
+ description: VIP for OpenDaylight API internal endpoint
+ value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, OpenDaylightApiNetwork]}]}
SaharaInternalVip:
description: VIP for Sahara API internal endpoint
value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, SaharaApiNetwork]}]}
-heat_template_version: 2015-04-30
+heat_template_version: 2016-10-14
description: 'All Nodes Config for Puppet'
parameters:
hosts:
type: comma_delimited_list
+ # FIXME(shardy) this can be comma_delimited_list when
+ # https://bugs.launchpad.net/heat/+bug/1617019 is fixed
+ enabled_services:
+ type: string
controller_ips:
type: comma_delimited_list
+ service_ips:
+ type: json
+ service_node_names:
+ type: json
controller_names:
type: comma_delimited_list
- rabbit_node_ips:
- type: comma_delimited_list
- mongo_node_ips:
- type: comma_delimited_list
- redis_node_ips:
- type: comma_delimited_list
memcache_node_ips:
type: comma_delimited_list
- mysql_node_ips:
- type: comma_delimited_list
- horizon_node_ips:
- type: comma_delimited_list
- heat_api_node_ips:
- type: comma_delimited_list
- swift_proxy_node_ips:
- type: comma_delimited_list
- ceilometer_api_node_ips:
- type: comma_delimited_list
- aodh_api_node_ips:
- type: comma_delimited_list
- nova_api_node_ips:
- type: comma_delimited_list
- nova_metadata_node_ips:
- type: comma_delimited_list
- glance_api_node_ips:
- type: comma_delimited_list
- glance_registry_node_ips:
- type: comma_delimited_list
- gnocchi_api_node_ips:
- type: comma_delimited_list
- cinder_api_node_ips:
- type: comma_delimited_list
- manila_api_node_ips:
- type: comma_delimited_list
- neutron_api_node_ips:
- type: comma_delimited_list
keystone_public_api_node_ips:
type: comma_delimited_list
keystone_admin_api_node_ips:
type: comma_delimited_list
- sahara_api_node_ips:
- type: comma_delimited_list
- ironic_api_node_ips:
- type: comma_delimited_list
- ceph_mon_node_ips:
- type: comma_delimited_list
- ceph_mon_node_names:
- type: comma_delimited_list
+ NetVipMap:
+ type: json
+ ServiceNetMap:
+ type: json
DeployIdentifier:
type: string
+ default: ''
description: >
Setting this to a unique value will re-run any deployment tasks which
perform configuration on a Heat stack-update.
bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip}
all_nodes:
mapped_data:
- controller_node_ips:
- list_join:
- - ','
- - {get_param: controller_ips}
- controller_node_names:
- list_join:
- - ','
- - {get_param: controller_names}
- galera_node_names:
- list_join:
- - ','
- - {get_param: controller_names}
- rabbitmq_node_ips: &rabbit_nodes_array
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: rabbit_node_ips}
- mongodb_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: mongo_node_ips}
- redis_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: redis_node_ips}
- memcached_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: memcache_node_ips}
- memcached_node_ips_v6:
- str_replace:
- template: "['inet6:[SERVERS_LIST]']"
- params:
- SERVERS_LIST:
- list_join:
- - "]','inet6:["
- - {get_param: memcache_node_ips}
- mysql_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: mysql_node_ips}
- horizon_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: horizon_node_ips}
- heat_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: heat_api_node_ips}
- swift_proxy_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: swift_proxy_node_ips}
- ceilometer_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: ceilometer_api_node_ips}
- aodh_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: aodh_api_node_ips}
- gnocchi_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: gnocchi_api_node_ips}
- nova_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: nova_api_node_ips}
- nova_metadata_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: nova_metadata_node_ips}
- glance_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: glance_api_node_ips}
- glance_registry_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: glance_registry_node_ips}
- cinder_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: cinder_api_node_ips}
- manila_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: manila_api_node_ips}
- neutron_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: neutron_api_node_ips}
- # TODO: pass a `midonet_api_node_ips` var
- midonet_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: neutron_api_node_ips}
- keystone_public_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: keystone_public_api_node_ips}
- keystone_admin_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: keystone_admin_api_node_ips}
- sahara_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: sahara_api_node_ips}
- ironic_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: ironic_api_node_ips}
-
- tripleo::profile::base::ceph::ceph_mon_initial_members:
- list_join:
- - ','
- - {get_param: ceph_mon_node_names}
- tripleo::profile::base::ceph::ceph_mon_host:
- list_join:
- - ','
- - {get_param: ceph_mon_node_ips}
- tripleo::profile::base::ceph::ceph_mon_host_v6:
- str_replace:
- template: "'[IPS_LIST]'"
- params:
- IPS_LIST:
- list_join:
- - '],['
- - {get_param: ceph_mon_node_ips}
- # NOTE(gfidente): interpolation with %{} in the
- # hieradata file can't be used as it returns string
- ceilometer::rabbit_hosts: *rabbit_nodes_array
- aodh::rabbit_hosts: *rabbit_nodes_array
- cinder::rabbit_hosts: *rabbit_nodes_array
- glance::notify::rabbitmq::rabbit_hosts: *rabbit_nodes_array
- manila::rabbit_hosts: *rabbit_nodes_array
- heat::rabbit_hosts: *rabbit_nodes_array
- neutron::rabbit_hosts: *rabbit_nodes_array
- nova::rabbit_hosts: *rabbit_nodes_array
- keystone::rabbit_hosts: *rabbit_nodes_array
- sahara::rabbit_hosts: *rabbit_nodes_array
- ironic::rabbit_hosts: *rabbit_nodes_array
+ map_merge:
+ - enabled_services: {get_param: enabled_services}
+ # This writes out a mapping of service_name_enabled: 'true'
+ # For any services not enabled, hiera foo_enabled will
+ # return nil, as it's undefined
+ - map_merge:
+ repeat:
+ template:
+ # Note this must be string 'true' due to
+ # https://bugs.launchpad.net/heat/+bug/1617203
+ SERVICE_enabled: 'true'
+ for_each:
+ SERVICE:
+ str_split: [',', {get_param: enabled_services}]
+ # provides a mapping of service_name_ips to a list of IPs
+ - {get_param: service_ips}
+ - {get_param: service_node_names}
+ - controller_node_ips:
+ list_join:
+ - ','
+ - {get_param: controller_ips}
+ controller_node_names:
+ list_join:
+ - ','
+ - {get_param: controller_names}
+ memcached_node_ips_v6:
+ str_replace:
+ template: "['inet6:[SERVERS_LIST]']"
+ params:
+ SERVERS_LIST:
+ list_join:
+ - "]','inet6:["
+ - {get_param: memcache_node_ips}
+ keystone_public_api_node_ips:
+ str_replace:
+ template: "['SERVERS_LIST']"
+ params:
+ SERVERS_LIST:
+ list_join:
+ - "','"
+ - {get_param: keystone_public_api_node_ips}
+ keystone_admin_api_node_ips:
+ str_replace:
+ template: "['SERVERS_LIST']"
+ params:
+ SERVERS_LIST:
+ list_join:
+ - "','"
+ - {get_param: keystone_admin_api_node_ips}
- deploy_identifier: {get_param: DeployIdentifier}
- update_identifier: {get_param: UpdateIdentifier}
- stack_action: {get_param: StackAction}
+ deploy_identifier: {get_param: DeployIdentifier}
+ update_identifier: {get_param: UpdateIdentifier}
+ stack_action: {get_param: StackAction}
+ vip_data:
+ mapped_data:
+ map_merge:
+ # Dynamically generate per-service VIP data based on enabled_services
+ # This works as follows (outer->inner functions)
+ # yaql - filters services where no mapping exists in ServiceNetMap
+ # map_replace: substitute e.g internal_api with the IP from NetVipMap
+ # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
+ # map_merge/repeat: generate a per-service mapping
+ - yaql:
+ # This filters any entries where the value hasn't been substituted for
+ # a list, e.g it's still $service_network. This happens when there is
+ # no network defined for the service in the ServiceNetMap, which is OK
+ # as not all services have to be bound to a network, so we filter them
+ expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
+ data:
+ map:
+ map_replace:
+ - map_replace:
+ - map_merge:
+ repeat:
+ template:
+ SERVICE_vip: SERVICE_network
+ for_each:
+ SERVICE:
+ str_split: [',', {get_param: enabled_services}]
+ - values: {get_param: ServiceNetMap}
+ - values: {get_param: NetVipMap}
+ - keystone_admin_api_vip:
+ get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}]
+ keystone_public_api_vip:
+ get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}]
+ public_virtual_ip: {get_param: [NetVipMap, external]}
+ controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
+ internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
+ storage_virtual_ip: {get_param: [NetVipMap, storage]}
+ storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
+ # public_virtual_ip and controller_virtual_ip are needed in
+ # both HAproxy & keepalived.
+ tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]}
+ tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
+ tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]}
+ tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
+ tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
+ tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]}
+ tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
+ tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]}
outputs:
config_id:
default: {}
DeployIdentifier:
type: string
+ default: ''
description: Value which changes if the node configuration may need to be re-applied
resources:
ServiceNames:
type: comma_delimited_list
default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
ConfigCommand:
type: string
description: Command which will be run whenever configuration data changes
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
type: json
DeployIdentifier:
type: string
+ default: ''
description: Value which changes if the node configuration may need to be re-applied
RoleData:
type: json
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
- SnmpdReadonlyUserName:
- default: ro_snmp_user
- description: The user name for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- SnmpdReadonlyUserPassword:
- description: The user password for SNMPd with readonly rights running on all Overcloud nodes
- type: string
- hidden: true
UpdateIdentifier:
default: ''
type: string
ServiceNames:
type: comma_delimited_list
default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
ConfigCommand:
type: string
description: Command which will be run whenever configuration data changes
server: {get_resource: BlockStorage}
config: {get_resource: BlockStorageConfig}
input_values:
- snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
- snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
# Map heat metadata into hiera datafiles
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
volume:
mapped_data:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
- snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
default: {}
DeployIdentifier:
type: string
+ default: ''
description: Value which changes if the node configuration may need to be re-applied
resources:
ServiceNames:
type: comma_delimited_list
default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
ConfigCommand:
type: string
description: Command which will be run whenever configuration data changes
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
default: {}
DeployIdentifier:
type: string
+ default: ''
description: Value which changes if the node configuration may need to be re-applied
resources:
...
}
type: json
- CorosyncIPv6:
- default: false
- description: Enable IPv6 in Corosync
- type: boolean
Debug:
default: ''
description: Set to True to enable debugging on all services.
type: string
- EnableFencing:
- default: false
- description: Whether to enable fencing in Pacemaker or not.
- type: boolean
EnableLoadBalancer:
default: true
description: Whether to deploy a LoadBalancer on the Controller
Additional hieradata to inject into the cluster, note that
ControllerExtraConfig takes precedence over ExtraConfig.
type: json
- FencingConfig:
- default: {}
- description: |
- Pacemaker fencing configuration. The JSON should have
- the following structure:
- {
- "devices": [
- {
- "agent": "AGENT_NAME",
- "host_mac": "HOST_MAC_ADDRESS",
- "params": {"PARAM_NAME": "PARAM_VALUE"}
- }
- ]
- }
- For instance:
- {
- "devices": [
- {
- "agent": "fence_xvm",
- "host_mac": "52:54:00:aa:bb:cc",
- "params": {
- "multicast_address": "225.0.0.12",
- "port": "baremetal_0",
- "manage_fw": true,
- "manage_key_file": true,
- "key_file": "/etc/fence_xvm.key",
- "key_file_password": "abcdef"
- }
- }
- ]
- }
- type: json
OvercloudControlFlavor:
description: Flavor for control nodes to request when deploying.
default: baremetal
type: string
constraints:
- custom_constraint: nova.flavor
- HorizonSecret:
- description: Secret key for Django
- type: string
- hidden: true
controllerImage:
type: string
default: overcloud-full
default: 'REBUILD_PRESERVE_EPHEMERAL'
description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
type: string
- InstanceNameTemplate:
- default: 'instance-%08x'
- description: Template string to be used to generate instance names
- type: string
KeyName:
default: default
description: Name of an existing Nova key pair to enable SSH access to the instances
type: string
constraints:
- custom_constraint: nova.keypair
- ManageFirewall:
- default: false
- description: Whether to manage IPtables rules.
- type: boolean
- MemcachedIPv6:
- default: false
- description: Enable IPv6 features in Memcached.
- type: boolean
- PurgeFirewallRules:
- default: false
- description: Whether IPtables rules should be purged before setting up the new ones.
- type: boolean
- NeutronMetadataProxySharedSecret:
- description: Shared secret to prevent spoofing
- type: string
- hidden: true
- NeutronPassword:
- description: The password for the neutron service and db account, used by neutron agents.
- type: string
- hidden: true
NeutronPublicInterface:
default: nic1
description: What interface to bridge onto br-ex for network nodes.
type: string
- NovaEnableDBPurge:
- default: true
- description: |
- Whether to create cron job for purging soft deleted rows in Nova database.
- type: boolean
- NovaIPv6:
- default: false
- description: Enable IPv6 features in Nova
- type: boolean
- NovaPassword:
- description: The password for the nova service and db account, used by nova-api.
- type: string
- hidden: true
- PcsdPassword:
- type: string
- description: The password for the 'pcsd' user.
- hidden: true
- RedisPassword:
- description: The password for Redis
- type: string
- hidden: true
RedisVirtualIP:
type: string
default: '' # Has to be here because of the ignored empty value bug
- RedisVirtualIPUri:
- type: string
- default: '' # Has to be here because of the ignored empty value bug
- description: An IP address which is wrapped in brackets in case of IPv6
SwiftRawDisks:
default: {}
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
type: json
- UpgradeLevelNovaCompute:
- type: string
- description: Nova Compute upgrade level
- default: ''
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
ServiceNames:
type: comma_delimited_list
default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
ConfigCommand:
type: string
description: Command which will be run whenever configuration data changes
server: {get_resource: Controller}
input_values:
bootstack_nodeid: {get_attr: [Controller, name]}
- horizon_secret: {get_param: HorizonSecret}
- debug: {get_param: Debug}
- keystone_identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
- keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- keystone_ec2_uri: { get_param: [EndpointMap, KeystoneEC2, uri] }
- enable_fencing: {get_param: EnableFencing}
enable_load_balancer: {get_param: EnableLoadBalancer}
- manage_firewall: {get_param: ManageFirewall}
- purge_firewall_rules: {get_param: PurgeFirewallRules}
- neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
- nova_enable_db_purge: {get_param: NovaEnableDBPurge}
- nova_ipv6: {get_param: NovaIPv6}
- corosync_ipv6: {get_param: CorosyncIPv6}
- memcached_ipv6: {get_param: MemcachedIPv6}
- nova_password: {get_param: NovaPassword}
- upgrade_level_nova_compute: {get_param: UpgradeLevelNovaCompute}
- instance_name_template: {get_param: InstanceNameTemplate}
- fencing_config: {get_param: FencingConfig}
- pcsd_password: {get_param: PcsdPassword}
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- glance_api_servers: { get_param: [EndpointMap, GlanceInternal, uri]}
- neutron_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NeutronApiNetwork]}]}
- nova_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaApiNetwork]}]}
- nova_metadata_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, NovaMetadataNetwork]}]}
- horizon_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, HorizonNetwork]}]}
- horizon_subnet:
- str_replace:
- template: "['SUBNET']"
- params:
- SUBNET:
- get_attr:
- - NetIpMap
- - net_ip_map
- - str_replace:
- template: "NETWORK_subnet"
- params:
- NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
redis_vip: {get_param: RedisVirtualIP}
- ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
# Map heat metadata into hiera datafiles
ControllerConfig:
- swift_devices_and_proxy # provided by SwiftDevicesAndProxyConfig
- bootstrap_node # provided by BootstrapNodeConfig
- all_nodes # provided by allNodesConfig
- - vip_data # provided by vip-config
+ - vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
- cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
- cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
bootstack_nodeid: {get_input: bootstack_nodeid}
# Pacemaker
- enable_fencing: {get_input: enable_fencing}
enable_load_balancer: {get_input: enable_load_balancer}
- hacluster_pwd: {get_input: pcsd_password}
- corosync_ipv6: {get_input: corosync_ipv6}
- tripleo::fencing::config: {get_input: fencing_config}
-
- # Neutron
- neutron::bind_host: {get_input: neutron_api_network}
- neutron::agents::metadata::metadata_ip: {get_input: neutron_api_network}
- snmpd_readonly_user_name: {get_input: snmpd_readonly_user_name}
- snmpd_readonly_user_password: {get_input: snmpd_readonly_user_password}
-
- # Nova
- nova::upgrade_level_compute: {get_input: upgrade_level_nova_compute}
- nova::use_ipv6: {get_input: nova_ipv6}
- nova::api::api_bind_address: {get_input: nova_api_network}
- nova::api::metadata_listen: {get_input: nova_metadata_network}
- nova::glance_api_servers: {get_input: glance_api_servers}
- nova::api::neutron_metadata_proxy_shared_secret: {get_input: neutron_metadata_proxy_shared_secret}
- nova::api::instance_name_template: {get_input: instance_name_template}
- nova::vncproxy::host: {get_input: nova_api_network}
- nova_enable_db_purge: {get_input: nova_enable_db_purge}
-
- # Horizon
- apache::mod::remoteip::proxy_ips: {get_input: horizon_subnet}
- apache::ip: {get_input: horizon_network}
- horizon::django_debug: {get_input: debug}
- horizon::secret_key: {get_input: horizon_secret}
- horizon::bind_address: {get_input: horizon_network}
- horizon::keystone_url: {get_input: keystone_auth_uri}
# Redis
redis_vip: {get_input: redis_vip}
- # Firewall
- tripleo::firewall::manage_firewall: {get_input: manage_firewall}
- tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
# Misc
- memcached_ipv6: {get_input: memcached_ipv6}
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
template: "NETWORK_uri"
params:
NETWORK: {get_param: [ServiceNetMap, SwiftMgmtNetwork]}
- swift_proxy_memcache:
- description: Swift proxy-memcache value
- value:
- str_replace:
- template: "IP:11211"
- params:
- IP:
- get_attr:
- - NetIpMap
- - net_ip_map
- - str_replace:
- template: "NETWORK_uri"
- params:
- NETWORK: {get_param: [ServiceNetMap, MemcachedNetwork]}
tls_key_modulus_md5:
description: MD5 checksum of the TLS Key Modulus
value: {get_attr: [NodeTLSData, key_modulus_md5]}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionAodhApi:
+ default: 'overcloud-ceilometer-aodh-api'
+ type: string
resources:
AodhBase:
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Aodh API service.
value:
service_name: aodh_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionAodhApi}
config_settings:
map_merge:
- get_attr: [AodhBase, role_data, config_settings]
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
- aodh::wsgi::apache::ssl: false
aodh::api::service_name: 'httpd'
tripleo.aodh_api.firewall_rules:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionAodhEvaluator:
+ default: 'overcloud-ceilometer-aodh-evaluator'
+ type: string
resources:
AodhBase:
description: Role data for the Aodh Evaluator service.
value:
service_name: aodh_evaluator
+ monitoring_subscription: {get_param: MonitoringSubscriptionAodhEvaluator}
config_settings:
get_attr: [AodhBase, role_data, config_settings]
step_config: |
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionAodhListener:
+ default: 'overcloud-ceilometer-aodh-listener'
+ type: string
resources:
AodhBase:
description: Role data for the Aodh Listener service.
value:
service_name: aodh_listener
+ monitoring_subscription: {get_param: MonitoringSubscriptionAodhListener}
config_settings:
get_attr: [AodhBase, role_data, config_settings]
step_config: |
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionAodhNotifier:
+ default: 'overcloud-ceilometer-aodh-notifier'
+ type: string
resources:
AodhBase:
description: Role data for the Aodh Notifier service.
value:
service_name: aodh_notifier
+ monitoring_subscription: {get_param: MonitoringSubscriptionAodhNotifier}
config_settings:
get_attr: [AodhBase, role_data, config_settings]
step_config: |
--- /dev/null
+heat_template_version: 2016-10-14
+
+description: >
+ Apache service configured with Puppet. Note this is typically included
+ automatically via other services which run via Apache.
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the Apache role.
+ value:
+ service_name: apache
+ config_settings:
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ apache::ip: {get_param: [ServiceNetMap, ApacheNetwork]}
+ apache::server_signature: 'Off'
+ apache::server_tokens: 'Prod'
+ apache_remote_proxy_ips_network:
+ str_replace:
+ template: "NETWORK_subnet"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, ApacheNetwork]}
+ apache::mod::remoteip::proxy_ips:
+ - "%{hiera('apache_remote_proxy_ips_network')}"
description: The password for the redis service account.
type: string
hidden: true
+ MonitoringSubscriptionCeilometerCentral:
+ default: 'overcloud-ceilometer-agent-central'
+ type: string
resources:
CeilometerServiceBase:
description: Role data for the Ceilometer Central Agent role.
value:
service_name: ceilometer_agent_central
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral}
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCeilometerCompute:
+ default: 'overcloud-ceilometer-agent-compute'
+ type: string
resources:
CeilometerServiceBase:
description: Role data for the Ceilometer Compute Agent role.
value:
service_name: ceilometer_agent_compute
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCompute}
config_settings:
get_attr: [CeilometerServiceBase, role_data, config_settings]
step_config: |
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCeilometerNotification:
+ default: 'overcloud-ceilometer-agent-notification'
+ type: string
resources:
description: Role data for the Ceilometer Notification Agent role.
value:
service_name: ceilometer_agent_notification
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerNotification}
config_settings:
get_attr: [CeilometerServiceBase, role_data, config_settings]
step_config: |
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCeilometerApi:
+ default: 'overcloud-ceilometer-api'
+ type: string
resources:
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Ceilometer API role.
value:
service_name: ceilometer_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerApi}
config_settings:
map_merge:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
- get_attr: [CeilometerServiceBase, role_data, config_settings]
- tripleo.ceilometer_api.firewall_rules:
'124 ceilometer':
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
+ - ceilometer::api::service_name: 'httpd'
ceilometer::api::host: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
+ ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
+ ceilometer::wsgi::apache::ssl: false
step_config: |
include ::tripleo::profile::base::ceilometer::api
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCeilometerCollector:
+ default: 'overcloud-ceilometer-collector'
+ type: string
resources:
CeilometerServiceBase:
description: Role data for the Ceilometer Collector role.
value:
service_name: ceilometer_collector
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCollector}
config_settings:
get_attr: [CeilometerServiceBase, role_data, config_settings]
step_config: |
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
-
+ MonitoringSubscriptionCeilometerExpirer:
+ default: 'overcloud-ceilometer-expirer'
+ type: string
resources:
CeilometerServiceBase:
description: Role data for the Ceilometer Expirer role.
value:
service_name: ceilometer_expirer
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerExpirer}
config_settings:
get_attr: [CeilometerServiceBase, role_data, config_settings]
step_config: |
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.
- CephIPv6:
- default: False
- type: boolean
CinderRbdPoolName:
default: volumes
type: string
value:
service_name: ceph_base
config_settings:
- tripleo::profile::base::ceph::ceph_ipv6: {get_param: CephIPv6}
tripleo::profile::base::ceph::enable_ceph_storage: {get_param: ControllerEnableCephStorage}
ceph::profile::params::osd_pool_default_min_size: 1
ceph::profile::params::osds: {/srv/data: {}}
str_replace:
template: "NETWORK_subnet"
params:
- NETWORK: {get_param: [ServiceNetMap, CephPublicNetwork]}
- ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephPublicNetwork]}
+ NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
+ ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]}
ceph::profile::params::client_keys:
str_replace:
template: "{
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCephClient:
+ default: 'overcloud-ceph-client'
+ type: string
resources:
CephBase:
description: Role data for the Cinder OSD service.
value:
service_name: ceph_client
+ monitoring_subscription: {get_param: MonitoringSubscriptionCephClient}
config_settings:
get_attr: [CephBase, role_data, config_settings]
step_config: |
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCephExternal:
+ default: 'overcloud-ceph-external'
+ type: string
outputs:
role_data:
description: Role data for the Ceph External service.
value:
service_name: ceph_external
+ monitoring_subscription: {get_param: MonitoringSubscriptionCephExternal}
config_settings:
tripleo::profile::base::ceph::ceph_mon_host: {get_param: CephExternalMonHost}
ceph::profile::params::fsid: {get_param: CephClusterFSID}
}
default: {}
type: json
+ MonitoringSubscriptionCephMon:
+ default: 'overcloud-ceph-mon'
+ type: string
resources:
CephBase:
description: Role data for the Ceph Monitor service.
value:
service_name: ceph_mon
+ monitoring_subscription: {get_param: MonitoringSubscriptionCephMon}
config_settings:
map_merge:
- get_attr: [CephBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCephOsd:
+ default: 'overcloud-ceph-osd'
+ type: string
resources:
CephBase:
description: Role data for the Cinder OSD service.
value:
service_name: ceph_osd
+ monitoring_subscription: {get_param: MonitoringSubscriptionCephOsd}
config_settings:
map_merge:
- get_attr: [CephBase, role_data, config_settings]
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionCinderApi:
+ default: 'overcloud-cinder-api'
+ type: string
resources:
description: Role data for the Cinder API role.
value:
service_name: cinder_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionCinderApi}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCinderBackup:
+ default: 'overcloud-cinder-backup'
+ type: string
resources:
description: Role data for the Cinder Backup role.
value:
service_name: cinder_backup
+ monitoring_subscription: {get_param: MonitoringSubscriptionCinderBackup}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCinderScheduler:
+ default: 'overcloud-cinder-scheduler'
+ type: string
resources:
description: Role data for the Cinder Scheduler role.
value:
service_name: cinder_scheduler
+ monitoring_subscription: {get_param: MonitoringSubscriptionCinderScheduler}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCinderVolume:
+ default: 'overcloud-cinder-volume'
+ type: string
resources:
description: Role data for the Cinder Volume role.
value:
service_name: cinder_volume
+ monitoring_subscription: {get_param: MonitoringSubscriptionCinderVolume}
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address:
- str_replace:
- template: "NETWORK_uri"
- params:
- NETWORK: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
+ tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]}
step_config: |
include ::tripleo::profile::base::cinder::volume
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionGlanceApi:
+ default: 'overcloud-glance-api'
+ type: string
outputs:
role_data:
description: Role data for the Glance API role.
value:
service_name: glance_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionGlanceApi}
config_settings:
glance::api::database_connection:
list_join:
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/glance'
glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]}
- glance::api::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::api::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
glance::api::registry_host:
str_replace:
template: "'REGISTRY_HOST'"
params:
REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]}
- glance::api::keystone_password: {get_param: GlancePassword}
+ glance::api::authtoken::password: {get_param: GlancePassword}
glance::api::enable_proxy_headers_parsing: true
glance::api::debug: {get_param: Debug}
glance::api::workers: {get_param: GlanceWorkers}
- 9292
- 13292
glance::keystone::auth::tenant: 'service'
- glance::api::keystone_tenant: 'service'
+ glance::api::authtoken::project_name: 'service'
glance::api::pipeline: 'keystone'
glance::api::show_image_direct_url: true
# NOTE: bind IP is found in Heat replacing the network name with the
default: 0
description: Number of workers for Glance service.
type: number
+ MonitoringSubscriptionGlanceRegistry:
+ default: 'overcloud-glance-registry'
+ type: string
outputs:
role_data:
description: Role data for the Glance Registry role.
value:
service_name: glance_registry
+ monitoring_subscription: {get_param: MonitoringSubscriptionGlanceRegistry}
config_settings:
glance::registry::database_connection:
list_join:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/glance'
- glance::registry::keystone_password: {get_param: GlancePassword}
- glance::registry::keystone_tenant: 'service'
+ glance::registry::authtoken::password: {get_param: GlancePassword}
+ glance::registry::authtoken::project_name: 'service'
glance::registry::pipeline: 'keystone'
- glance::registry::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- glance::registry::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
glance::registry::debug: {get_param: Debug}
glance::registry::workers: {get_param: GlanceWorkers}
glance::db::mysql::user: glance
- "%{hiera('mysql_bind_host')}"
glance::registry::db::database_db_max_retries: -1
glance::registry::db::database_max_retries: -1
-
tripleo.glance_registry.firewall_rules:
'112 glance_registry':
dport:
type: string
hidden: true
GnocchiBackend:
- default: file
+ default: swift
description: The short name of the Gnocchi backend to use. Should be one
of swift, rbd, or file
type: string
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionGnocchiApi:
+ default: 'overcloud-gnocchi-api'
+ type: string
resources:
+
GnocchiServiceBase:
type: ./gnocchi-base.yaml
properties:
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Gnocchi role.
value:
service_name: gnocchi_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi}
config_settings:
map_merge:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
- get_attr: [GnocchiServiceBase, role_data, config_settings]
- tripleo.gnocchi_api.firewall_rules:
'129 gnocchi-api':
description: The password for the redis service account.
type: string
hidden: true
+ Debug:
+ type: string
+ default: ''
+ description: Set to True to enable debugging on all services.
outputs:
aux_parameters:
service_name: gnocchi_base
config_settings:
#Gnocchi engine
- gnocchi::debug: {get_input: debug}
+ gnocchi::debug: {get_param: Debug}
gnocchi::db::database_connection:
list_join:
- ''
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionGnocchiMetricd:
+ default: 'overcloud-gnocchi-metricd'
+ type: string
resources:
GnocchiServiceBase:
description: Role data for the Gnocchi role.
value:
service_name: gnocchi_metricd
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiMetricd}
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionGnocchiStatsd:
+ default: 'overcloud-gnocchi-statsd'
+ type: string
resources:
GnocchiServiceBase:
description: Role data for the Gnocchi role.
value:
service_name: gnocchi_statsd
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiStatsd}
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
Specifies the interface where the public-facing virtual ip will be assigned.
This should be int_public when a VLAN is being used.
type: string
+ MonitoringSubscriptionHaproxy:
+ default: 'overcloud-haproxy'
+ type: string
outputs:
role_data:
description: Role data for the HAproxy role.
value:
service_name: haproxy
+ monitoring_subscription: {get_param: MonitoringSubscriptionHaproxy}
config_settings:
tripleo.haproxy.firewall_rules:
'107 haproxy stats':
dport: 1993
# TODO(emilien) make it composable to find which services are actually running
- tripleo::haproxy::keystone_admin: true
- tripleo::haproxy::keystone_public: true
- tripleo::haproxy::neutron: true
- tripleo::haproxy::cinder: true
- tripleo::haproxy::glance_api: true
- tripleo::haproxy::glance_registry: true
- tripleo::haproxy::nova_osapi: true
- tripleo::haproxy::nova_metadata: true
- tripleo::haproxy::nova_novncproxy: true
+ tripleo::haproxy::keystone_admin: '"%{hiera(\"keystone_enabled\")}"'
+ tripleo::haproxy::keystone_public: '"%{hiera(\"keystone_enabled\")}"'
+ tripleo::haproxy::neutron: '"%{hiera(\"neutron_api_enabled\")}"'
+ tripleo::haproxy::cinder: '"%{hiera(\"cinder_api_enabled\")}"'
+ tripleo::haproxy::glance_api: '"%{hiera(\"glance_api_enabled\")}"'
+ tripleo::haproxy::glance_registry: '"%{hiera(\"glance_registry_enabled\")}"'
+ tripleo::haproxy::nova_osapi: '"%{hiera(\"nova_api_enabled\")}"'
+ tripleo::haproxy::nova_metadata: '"%{hiera(\"nova_api_enabled\")}"'
+ tripleo::haproxy::nova_novncproxy: '"%{hiera(\"nova_vncproxy_enabled\")}"'
tripleo::haproxy::mysql: true
- tripleo::haproxy::redis: true
- tripleo::haproxy::sahara: true
- tripleo::haproxy::swift_proxy_server: true
- tripleo::haproxy::ceilometer: true
- tripleo::haproxy::aodh: true
- tripleo::haproxy::gnocchi: true
- tripleo::haproxy::heat_api: true
- tripleo::haproxy::heat_cloudwatch: true
- tripleo::haproxy::heat_cfn: true
- tripleo::haproxy::horizon: true
- tripleo::haproxy::ironic: true
+ tripleo::haproxy::redis: '"%{hiera(\"redis_enabled\")}"'
+ tripleo::haproxy::sahara: '"%{hiera(\"sahara_api_enabled\")}"'
+ tripleo::haproxy::swift_proxy_server: '"%{hiera(\"swift_proxy_enabled\")}"'
+ tripleo::haproxy::ceilometer: '"%{hiera(\"ceilometer_api_enabled\")}"'
+ tripleo::haproxy::aodh: '"%{hiera(\"aodh_api_enabled\")}"'
+ tripleo::haproxy::gnocchi: '"%{hiera(\"gnocchi_api_enabled\")}"'
+ tripleo::haproxy::heat_api: '"%{hiera(\"heat_api_enabled\")}"'
+ tripleo::haproxy::heat_cloudwatch: '"%{hiera(\"heat_api_cloudwatch_enabled\")}"'
+ tripleo::haproxy::heat_cfn: '"%{hiera(\"heat_api_cfn_enabled\")}"'
+ tripleo::haproxy::horizon: '"%{hiera(\"horizon_enabled\")}"'
+ tripleo::haproxy::ironic: '"%{hiera(\"ironic_api_enabled\")}"'
tripleo::haproxy::haproxy_log_address: {get_param: HAProxySyslogAddress}
tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser}
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionHeatApiCnf:
+ default: 'overcloud-heat-api-cfn'
+ type: string
resources:
HeatBase:
description: Role data for the Heat CloudFormation API role.
value:
service_name: heat_api_cfn
+ monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCnf}
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
default: 0
description: Number of workers for Heat service.
type: number
+ MonitoringSubscriptionHeatApiCloudwatch:
+ default: 'overcloud-heat-api-cloudwatch'
+ type: string
resources:
HeatBase:
description: Role data for the Heat Cloudwatch API role.
value:
service_name: heat_api_cloudwatch
+ monitoring_subscription: {get_param: MonitoringSubscriptionHeatApiCloudwatch}
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionHeatApi:
+ default: 'overcloud-heat-api'
+ type: string
resources:
HeatBase:
description: Role data for the Heat API role.
value:
service_name: heat_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionHeatApi}
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
+ HeatPassword:
+ description: The password for the Heat service and db account, used by the Heat services.
+ type: string
+ hidden: true
DefaultPasswords:
default: {}
type: json
key: 'context_is_admin'
value: 'role:admin'
heat::rabbit_heartbeat_timeout_threshold: 60
- heat::keystone_tenant: 'service'
+ heat::keystone::authtoken::project_name: 'service'
+ heat::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
+ heat::keystone::authtoken::password: {get_param: HeatPassword}
heat::keystone::domain::domain_name: 'heat_stack'
heat::keystone::domain::domain_admin: 'heat_stack_domain_admin'
heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost'
- heat::auth_plugin: 'password'
heat::cron::purge_deleted::age: 30
heat::cron::purge_deleted::age_type: 'days'
heat::cron::purge_deleted::maxdelay: 3600
type: string
hidden: true
default: ''
+ MonitoringSubscriptionHeatEngine:
+ default: 'overcloud-heat-engine'
+ type: string
resources:
HeatBase:
description: Role data for the Heat Engine role.
value:
service_name: heat_engine
+ monitoring_subscription: {get_param: MonitoringSubscriptionHeatEngine}
config_settings:
map_merge:
- get_attr: [HeatBase, role_data, config_settings]
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/heat'
heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]}
- heat::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- heat::keystone_password: {get_param: HeatPassword}
heat::db::mysql::password: {get_param: HeatPassword}
heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword}
heat::db::mysql::user: heat
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
Horizon service configured with Puppet
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
DefaultPasswords:
default: {}
type: json
default: '*'
description: A list of IP/Hostname allowed to connect to horizon
type: comma_delimited_list
+ HorizonSecret:
+ description: Secret key for Django
+ type: string
+ hidden: true
+ default: ''
NeutronMechanismDrivers:
default: 'openvswitch'
description: |
The mechanism drivers for the Neutron tenant network.
type: comma_delimited_list
+ MemcachedIPv6:
+ default: false
+ description: Enable IPv6 features in Memcached.
+ type: boolean
+ MonitoringSubscriptionHorizon:
+ default: 'overcloud-horizon'
+ type: string
outputs:
role_data:
description: Role data for the Horizon role.
value:
service_name: horizon
+ monitoring_subscription: {get_param: MonitoringSubscriptionHorizon}
config_settings:
horizon::allowed_hosts: {get_param: HorizonAllowedHosts}
neutron::plugins::ml2::mechanism_drivers:
add_listen: false
priority: 10
access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
+ horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]}
+ horizon::django_debug: {get_param: Debug}
+ horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
+ horizon::secret_key:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: HorizonSecret}
+ - {get_param: [DefaultPasswords, horizon_secret]}
+ memcached_ipv6: {get_param: MemcachedIPv6}
step_config: |
include ::tripleo::profile::base::horizon
description: The password for the Ironic service and db account, used by the Ironic services
type: string
hidden: true
+ MonitoringSubscriptionIronicApi:
+ default: 'overcloud-ironic-api'
+ type: string
resources:
IronicBase:
description: Role data for the Ironic API role.
value:
service_name: ironic_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionIronicApi}
config_settings:
map_merge:
- get_attr: [IronicBase, role_data, config_settings]
- # NOTE(dtantsur): the my_ip parameter is heavily overloaded in
- # ironic. It's used as a default value for e.g. TFTP server IP,
- # glance and neutron endpoints, virtual console IP. We override
- # the TFTP server IP in ironic-conductor.yaml as it should not be
- # the VIP, but rather a real IP of the controller.
- - ironic::my_ip: {get_param: [EndpointMap, MysqlInternal, host]}
- ironic::api::authtoken::password: {get_param: IronicPassword}
+ - ironic::api::authtoken::password: {get_param: IronicPassword}
ironic::api::authtoken::project_name: 'service'
ironic::api::authtoken::username: 'ironic'
ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- ironic::api::host_ip: {get_input: ironic_api_network}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ ironic::api::host_ip: {get_param: [ServiceNetMap, IronicApiNetwork]}
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
# This is used to build links in responses
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
- ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri]}
- ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri]}
- ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri]}
+ ironic::keystone::auth::admin_url: {get_param: [EndpointMap, IronicAdmin, uri_no_suffix]}
+ ironic::keystone::auth::internal_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
+ ironic::keystone::auth::public_url: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
ironic::keystone::auth::auth_name: 'ironic'
ironic::keystone::auth::password: {get_param: IronicPassword }
ironic::keystone::auth::tenant: 'service'
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ IronicCleaningDiskErase:
+ default: 'full'
+ description: Type of disk cleaning before and between deployments,
+ "full" for full cleaning, "metadata" to clean only disk
+ metadata (partition table).
+ type: string
IronicEnabledDrivers:
- default: ['pxe_ipmitool', 'agent_ipmitool']
+ default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo']
description: Enabled Ironic drivers
type: comma_delimited_list
+ IronicIPXEEnabled:
+ default: true
+ description: Whether to use iPXE instead of PXE for deployment.
+ type: boolean
+ IronicIPXEPort:
+ default: 8088
+ description: Port to use for serving images when iPXE is used.
+ type: string
+ MonitoringSubscriptionIronicConductor:
+ default: 'overcloud-ironic-conductor'
+ type: string
resources:
IronicBase:
description: Role data for the Ironic conductor role.
value:
service_name: ironic_conductor
+ monitoring_subscription: {get_param: MonitoringSubscriptionIronicConductor}
config_settings:
map_merge:
- get_attr: [IronicBase, role_data, config_settings]
# FIXME: I have no idea why neutron_url is in "api" manifest
- ironic::api::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]}
+ ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase}
+ ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers}
+ # We need an endpoint containing a real IP, not a VIP here
+ ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]}
+ ironic::conductor::http_url:
+ list_join:
+ - ''
+ - - 'http://'
+ - '%{hiera("ironic_conductor_http_host")}:'
+ - {get_param: IronicIPXEPort}
+ ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
- ironic::enabled_drivers: {get_param: IronicEnabledDrivers}
- # Prevent tftp_server from defaulting to my_ip setting, which is
- # controller VIP, not a real IP.
- ironic::drivers::pxe::tftp_server: {get_input: ironic_api_network}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ ironic::drivers::pxe::tftp_server: {get_param: [ServiceNetMap, IronicNetwork]}
+ # NOTE(dtantsur): UEFI only works with iPXE currently for us
+ ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template'
+ ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi'
tripleo.ironic_conductor.firewall_rules:
'134 ironic conductor TFTP':
dport: 69
proto: udp
+ '135 ironic conductor HTTP':
+ dport: {get_param: IronicIPXEPort}
+ # NOTE(dtantsur): the my_ip parameter is heavily overloaded in
+ # ironic. It's used as a default value for e.g. TFTP server IP,
+ # glance and neutron endpoints, virtual console IP. We override
+ # the TFTP server IP in ironic-conductor.yaml as it should not be
+ # the VIP, but rather a real IP of the host.
+ ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
+ ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
+
step_config: |
include ::tripleo::profile::base::ironic::conductor
Specifies the interface where the public-facing virtual ip will be assigned.
This should be int_public when a VLAN is being used.
type: string
+ MonitoringSubscriptionKeepalived:
+ default: 'overcloud-keepalived'
+ type: string
outputs:
role_data:
description: Role data for the Keepalived role.
value:
service_name: keepalived
+ monitoring_subscription: {get_param: MonitoringSubscriptionKeepalived}
config_settings:
tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface}
tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface}
type: string
description: Set the number of workers for keystone::wsgi::apache
default: '"%{::processorcount}"'
+ MonitoringSubscriptionKeystone:
+ default: 'overcloud-kestone'
+ type: string
+
+resources:
+
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
outputs:
role_data:
description: Role data for the Keystone role.
value:
service_name: keystone
+ monitoring_subscription: {get_param: MonitoringSubscriptionKeystone}
config_settings:
- keystone::database_connection:
- list_join:
- - ''
- - - {get_param: [EndpointMap, MysqlInternal, protocol]}
- - '://keystone:'
- - {get_param: AdminToken}
- - '@'
- - {get_param: [EndpointMap, MysqlInternal, host]}
- - '/keystone'
- keystone::admin_token: {get_param: AdminToken}
- keystone::roles::admin::password: {get_param: AdminPassword}
- keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
- keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
- keystone::enable_proxy_headers_parsing: true
- keystone::debug: {get_param: Debug}
- keystone::db::mysql::password: {get_param: AdminToken}
- keystone::rabbit_userid: {get_param: RabbitUserName}
- keystone::rabbit_password: {get_param: RabbitPassword}
- keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
- keystone::rabbit_port: {get_param: RabbitClientPort}
- keystone::notification_driver: {get_param: KeystoneNotificationDriver}
- keystone::notification_format: {get_param: KeystoneNotificationFormat}
- keystone::roles::admin::email: {get_param: AdminEmail}
- keystone::roles::admin::password: {get_param: AdminPassword}
- keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
- keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
- keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- keystone::endpoint::region: {get_param: KeystoneRegion}
- keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
- keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
- keystone::db::mysql::user: keystone
- keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- keystone::db::mysql::dbname: keystone
- keystone::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
- keystone::rabbit_heartbeat_timeout_threshold: 60
- keystone::cron::token_flush::maxdelay: 3600
- keystone::roles::admin::service_tenant: 'service'
- keystone::roles::admin::admin_tenant: 'admin'
- keystone::cron::token_flush::destination: '/dev/null'
- keystone::config::keystone_config:
- ec2/driver:
- value: 'keystone.contrib.ec2.backends.sql.Ec2'
- keystone::service_name: 'httpd'
- keystone::wsgi::apache::ssl: false
-
- keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
- # override via extraconfig:
- keystone::wsgi::apache::threads: 1
- keystone::db::database_db_max_retries: -1
- keystone::db::database_max_retries: -1
- tripleo.keystone.firewall_rules:
- '111 keystone':
- dport:
- - 5000
- - 13000
- - 35357
- - 13357
- # NOTE: bind IP is found in Heat replacing the network name with the
- # local node IP for the given network; replacement examples
- # (eg. for internal_api):
- # internal_api -> IP
- # internal_api_uri -> [IP]
- # internal_api_subnet - > IP/CIDR
- # NOTE: this applies to all 4 bind IP settings below...
- keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
- keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
- keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
- keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
+ config_settings:
+ map_merge:
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
+ - keystone::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://keystone:'
+ - {get_param: AdminToken}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/keystone'
+ keystone::admin_token: {get_param: AdminToken}
+ keystone::roles::admin::password: {get_param: AdminPassword}
+ keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
+ keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
+ keystone::enable_proxy_headers_parsing: true
+ keystone::debug: {get_param: Debug}
+ keystone::db::mysql::password: {get_param: AdminToken}
+ keystone::rabbit_userid: {get_param: RabbitUserName}
+ keystone::rabbit_password: {get_param: RabbitPassword}
+ keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
+ keystone::rabbit_port: {get_param: RabbitClientPort}
+ keystone::notification_driver: {get_param: KeystoneNotificationDriver}
+ keystone::notification_format: {get_param: KeystoneNotificationFormat}
+ keystone::roles::admin::email: {get_param: AdminEmail}
+ keystone::roles::admin::password: {get_param: AdminPassword}
+ keystone::endpoint::public_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
+ keystone::endpoint::internal_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ keystone::endpoint::region: {get_param: KeystoneRegion}
+ keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
+ keystone::public_endpoint: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
+ keystone::db::mysql::user: keystone
+ keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ keystone::db::mysql::dbname: keystone
+ keystone::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+ keystone::rabbit_heartbeat_timeout_threshold: 60
+ keystone::cron::token_flush::maxdelay: 3600
+ keystone::roles::admin::service_tenant: 'service'
+ keystone::roles::admin::admin_tenant: 'admin'
+ keystone::cron::token_flush::destination: '/dev/null'
+ keystone::config::keystone_config:
+ ec2/driver:
+ value: 'keystone.contrib.ec2.backends.sql.Ec2'
+ keystone::service_name: 'httpd'
+ keystone::wsgi::apache::ssl: false
+
+ keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
+ # override via extraconfig:
+ keystone::wsgi::apache::threads: 1
+ keystone::db::database_db_max_retries: -1
+ keystone::db::database_max_retries: -1
+ tripleo.keystone.firewall_rules:
+ '111 keystone':
+ dport:
+ - 5000
+ - 13000
+ - 35357
+ - 13357
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ # NOTE: this applies to all 4 bind IP settings below...
+ keystone::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
+ keystone::public_bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
+ keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
+ keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
step_config: |
include ::tripleo::profile::base::keystone
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionManilaApi:
+ default: 'overcloud-manila-api'
+ type: string
resources:
ManilaBase:
description: Role data for the Manila-api role.
value:
service_name: manila_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionManilaApi}
config_settings:
map_merge:
- get_attr: [ManilaBase, role_data, config_settings]
description: The password for the manila service account.
type: string
hidden: true
+ MonitoringSubscriptionManilaScheduler:
+ default: 'overcloud-manila-scheduler'
+ type: string
resources:
ManilaBase:
description: Role data for the Manila-scheduler role.
value:
service_name: manila_scheduler
+ monitoring_subscription: {get_param: MonitoringSubscriptionManilaScheduler}
config_settings:
map_merge:
- get_attr: [ManilaBase, role_data, config_settings]
- '/manila'
step_config: |
include ::tripleo::profile::base::manila::scheduler
-
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionManilaShare:
+ default: 'overcloud-manila-share'
+ type: string
resources:
ManilaBase:
description: Role data for the Manila-share role.
value:
service_name: manila_share
+ monitoring_subscription: {get_param: MonitoringSubscriptionManilaShare}
config_settings:
map_merge:
- get_attr: [ManilaBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionMemcached:
+ default: 'overcloud-memcached'
+ type: string
outputs:
role_data:
description: Role data for the Memcached role.
value:
service_name: memcached
+ monitoring_subscription: {get_param: MonitoringSubscriptionMemcached}
config_settings:
# NOTE: bind IP is found in Heat replacing the network name with the local node IP
# for the given network; replacement examples (eg. for internal_api):
--- /dev/null
+heat_template_version: 2016-04-08
+
+description: Sensu base service
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ MonitoringRabbitHost:
+ description: RabbitMQ host Sensu has to connect to.
+ type: string
+ default: ''
+ MonitoringRabbitPort:
+ default: 5672
+ description: Set RabbitMQ subscriber port, change this if using SSL.
+ type: number
+ MonitoringRabbitUseSSL:
+ default: false
+ description: >
+ RabbitMQ client subscriber parameter to specify an SSL connection
+ to the RabbitMQ host.
+ type: string
+ MonitoringRabbitPassword:
+ description: The RabbitMQ password used for monitoring purposes.
+ type: string
+ hidden: true
+ MonitoringRabbitUserName:
+ description: The RabbitMQ username used for monitoring purposes.
+ type: string
+ default: sensu
+ MonitoringRabbitVhost:
+ description: The RabbitMQ vhost used for monitoring purposes.
+ type: string
+ default: '/sensu'
+
+
+outputs:
+ role_data:
+ description: Role data for the Sensu role.
+ value:
+ service_name: sensu_base
+ config_settings:
+ sensu::enterprise: false
+ sensu::enterprise_dashboard: false
+ sensu::install_repo: false
+ sensu::manage_user: false
+ sensu::rabbitmq_host: {get_param: MonitoringRabbitHost}
+ sensu::rabbitmq_password: {get_param: MonitoringRabbitPassword}
+ sensu::rabbitmq_port: {get_param: MonitoringRabbitPort}
+ sensu::rabbitmq_ssl: {get_param: MonitoringRabbitUseSSL}
+ sensu::rabbitmq_user: {get_param: MonitoringRabbitUserName}
+ sensu::rabbitmq_vhost: {get_param: MonitoringRabbitVhost}
+ #sensu::redis_host: {get_param: MonitoringRedisHost}
+ #sensu::redis_password: {get_param: MonitoringRedisPassword}
+ sensu::sensu_plugin_provider: 'yum'
+ sensu::sensu_plugin_name: 'rubygem-sensu-plugin'
+ sensu::version: 'present'
--- /dev/null
+heat_template_version: 2016-04-08
+
+description: Sensu client configured with Puppet
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: >
+ Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ SensuClientCustomConfig:
+ default: {}
+ description: Hash containing custom sensu-client variables.
+ type: json
+ label: Custom configuration for Sensu Client variables
+
+resources:
+ SensuBase:
+ type: ./sensu-base.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+
+outputs:
+ role_data:
+ description: Role data for the Sensu client role.
+ value:
+ service_name: sensu_client
+ monitoring_subscription: all
+ config_settings:
+ map_merge:
+ - get_attr: [SensuBase, role_data, config_settings]
+ - sensu::api: false
+ sensu::client: true
+ sensu::server: false
+ sensu::client_custom: {get_param: SensuClientCustomConfig}
+ step_config: |
+ include ::tripleo::profile::base::monitoring::sensu
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionNeutronServer:
+ default: 'overcloud-neutron-server'
+ type: string
resources:
description: Role data for the Neutron Server agent service.
value:
service_name: neutron_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronServer}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
neutron::keystone::auth::password: {get_param: NeutronPassword}
neutron::keystone::auth::region: {get_param: KeystoneRegion}
- neutron::server::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
- neutron::server::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
neutron::server::api_workers: {get_param: NeutronWorkers}
neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover}
neutron::server::l3_ha: {get_param: NeutronL3HA}
- neutron::server::password: {get_param: NeutronPassword}
+ neutron::keystone::authtoken::password: {get_param: NeutronPassword}
neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] }
neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] }
neutron::server::notifications::tenant_name: 'service'
neutron::server::notifications::project_name: 'service'
neutron::server::notifications::password: {get_param: NovaPassword}
- neutron::server::project_name: 'service'
+ neutron::keystone::authtoken::project_name: 'service'
neutron::server::sync_db: true
neutron::db::mysql::password: {get_param: NeutronPassword}
neutron::db::mysql::user: neutron
'106 vrrp':
proto: vrrp
neutron::server::router_distributed: {get_param: NeutronEnableDVR}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]}
step_config: |
include tripleo::profile::base::neutron::server
description: >
Remove configuration that is not generated by TripleO. Setting
to false may result in configuration remnants after updates/upgrades.
+ NeutronGlobalPhysnetMtu:
+ type: number
+ default: 1500
+ description: |
+ MTU of the underlying physical network. Neutron uses this value to
+ calculate MTU for all virtual network components. For flat and VLAN
+ networks, neutron uses this value without modification. For overlay
+ networks such as VXLAN, neutron automatically subtracts the overlay
+ protocol overhead from this value.
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed
neutron::db::database_db_max_retries: -1
neutron::db::database_max_retries: -1
+ neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu}
default: false
description: If True, DHCP always provides metadata route to VM.
type: boolean
+ MonitoringSubscriptionNeutronDhcp:
+ default: 'overcloud-neutron-dhcp'
+ type: string
resources:
description: Role data for the Neutron DHCP agent service.
value:
service_name: neutron_dhcp
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronDhcp}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
description: Name of bridge used for external network traffic.
type: string
default: 'br-ex'
+ MonitoringSubscriptionNeutronL3Dvr:
+ default: 'overcloud-neutron-l3-dvr'
+ type: string
resources:
description: Role data for DVR L3 Agent on Compute Nodes
value:
service_name: neutron_l3_compute_dvr
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3Dvr}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- allowed_values:
- legacy
- dvr_snat
+ MonitoringSubscriptionNeutronL3:
+ default: 'overcloud-neutron-l3-agent'
+ type: string
resources:
description: Role data for the Neutron L3 agent service.
value:
service_name: neutron_l3
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronL3}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
description: The password for the neutron service and db account, used by neutron agents.
type: string
hidden: true
+ MonitoringSubscriptionNeutronMetadata:
+ default: 'overcloud-neutron-metadata'
+ type: string
resources:
description: Role data for the Neutron Metadata agent service.
value:
service_name: neutron_metadata
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMetadata}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
neutron::agents::metadata::auth_tenant: 'service'
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ neutron::agents::metadata::metadata_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]}
step_config: |
include tripleo::profile::base::neutron::metadata
description: 'Whether enable Cassandra cluster on Controller'
type: boolean
default: false
+ MonitoringSubscriptionNeutronMidonet:
+ default: 'overcloud-neutron-midonet'
+ type: string
outputs:
role_data:
description: Role data for the Neutron Midonet plugin and services
value:
service_name: neutron_midonet
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronMidonet}
config_settings:
tripleo::profile::base::neutron::midonet::admin_password: {get_param: AdminPassword}
tripleo::profile::base::neutron::midonet::keystone_admin_token: {get_param: AdminToken}
description: |
Enable ARP responder feature in the OVS Agent.
type: boolean
+ MonitoringSubscriptionNeutronOvs:
+ default: 'overcloud-neutron-ovs-agent'
+ type: string
resources:
description: Role data for the Neutron OVS agent service.
value:
service_name: neutron_ovs_agent
+ monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs}
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
via parameter_defaults in the resource registry.
type: json
NeutronDpdkCoreList:
- default: ""
description: List of cores to be used for DPDK Poll Mode Driver
type: string
+ constraints:
+ - allowed_pattern: "[0-9,-]+"
NeutronDpdkMemoryChannels:
- default: ""
description: Number of memory channels to be used for DPDK
type: string
+ constraints:
+ - allowed_pattern: "[0-9]+"
NeutronDpdkSocketMemory:
default: ""
description: Memory allocated for each socket
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ NeutronMetadataProxySharedSecret:
+ description: Shared secret to prevent spoofing
+ type: string
+ hidden: true
+ InstanceNameTemplate:
+ default: 'instance-%08x'
+ description: Template string to be used to generate instance names
+ type: string
+ NovaEnableDBPurge:
+ default: true
+ description: |
+ Whether to create cron job for purging soft deleted rows in Nova database.
+ type: boolean
+ MonitoringSubscriptionNovaApi:
+ default: 'overcloud-nova-api'
+ type: string
resources:
NovaBase:
description: Role data for the Nova API service.
value:
service_name: nova_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaApi}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
nova::keystone::auth::password: {get_param: NovaPassword}
nova::keystone::auth::region: {get_param: KeystoneRegion}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ nova::api::api_bind_address: {get_param: [ServiceNetMap, NovaApiNetwork]}
+ nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
+ nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}
+ nova::api::instance_name_template: {get_param: InstanceNameTemplate}
+ nova_enable_db_purge: {get_param: NovaEnableDBPurge}
+
step_config: |
include tripleo::profile::base::nova::api
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova_api'
- nova::db::mysql::password: {get_input: nova_password}
+ nova::db::mysql::password: {get_param: NovaPassword}
nova::db::mysql::user: nova
nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql::dbname: nova
nova::db::mysql::allowed_hosts:
- '%'
- "%{hiera('mysql_bind_host')}"
- nova::db::mysql_api::password: {get_input: nova_password}
+ nova::db::mysql_api::password: {get_param: NovaPassword}
nova::db::mysql_api::user: nova_api
nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
nova::db::mysql_api::dbname: nova_api
default: ''
description: Libvirt VIF driver configuration for the network
type: string
+ NovaPCIPassthrough:
+ description: >
+ List of PCI Passthrough whitelist parameters.
+ Example -
+ NovaPCIPassthrough:
+ - vendor_id: "8086"
+ product_id: "154c"
+ address: "0000:05:00.0"
+ physical_network: "datacentre"
+ For different formats, refer to the nova.conf documentation for
+ pci_passthrough_whitelist configuration
+ type: json
+ default: ''
+ NovaVcpuPinSet:
+ description: >
+ A list or range of physical CPU cores to reserve for virtual machine
+ processes.
+ Ex. NovaVcpuPinSet: ['4-12','^8'] will reserve cores from 4-12 excluding 8
+ type: comma_delimited_list
+ default: []
+ NovaReservedHostMemory:
+ description: >
+ Reserved RAM for host processes.
+ type: number
+ default: 2048
+ constraints:
+ - range: { min: 512 }
+ MonitoringSubscriptionNovaCompute:
+ default: 'overcloud-nova-compute'
+ type: string
resources:
NovaBase:
description: Role data for the Nova Compute service.
value:
service_name: nova_compute
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaCompute}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- nova::compute::libvirt::manage_libvirt_services: false
+ nova::compute::pci_passthrough:
+ str_replace:
+ template: "'JSON_PARAM'"
+ params:
+ JSON_PARAM: {get_param: NovaPCIPassthrough}
+ nova::compute::vcpu_pin_set: {get_param: NovaVcpuPinSet}
+ nova::compute::reserved_host_memory: {get_param: NovaReservedHostMemory}
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
tripleo::profile::base::nova::manage_migration: true
# encryption work will obsolete the need to use TUNNELLED transport
# mode.
nova::migration::live_migration_tunnelled: {get_param: NovaEnableRbdBackend}
- # Changing the default from 512MB. The current templates can not deploy
- # overclouds with swap. On an idle compute node, we see ~1024MB of RAM
- # used. 2048 is suggested to account for other possible operations for
- # example openvswitch.
- nova::compute::reserved_host_memory: 2048
nova::compute::neutron::libvirt_vif_driver: {get_param: NovaComputeLibvirtVifDriver}
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
default: 0
description: Number of workers for Nova Conductor service.
type: number
+ MonitoringSubscriptionNovaConductor:
+ default: 'overcloud-nova-conductor'
+ type: string
resources:
NovaBase:
description: Role data for the Nova Conductor service.
value:
service_name: nova_conductor
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaConductor}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionNovaConsoleauth:
+ default: 'overcloud-nova-consoleauth'
+ type: string
resources:
NovaBase:
description: Role data for the Nova Consoleauth service.
value:
service_name: nova_consoleauth
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaConsoleauth}
config_settings:
get_attr: [NovaBase, role_data, config_settings]
step_config: |
NovaComputeLibvirtType:
type: string
default: kvm
+ MonitoringSubscriptionNovaLibvirt:
+ default: 'overcloud-nova-libvirt'
+ type: string
resources:
NovaBase:
description: Role data for the Libvirt service.
value:
service_name: nova_libvirt
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaLibvirt}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
An array of filters used by Nova to filter a node.These filters will be
applied in the order they are listed, so place your most restrictive
filters first to make the filtering process more efficient.
+ MonitoringSubscriptionNovaScheduler:
+ default: 'overcloud-nova-scheduler'
+ type: string
resources:
NovaBase:
description: Role data for the Nova Scheduler service.
value:
service_name: nova_scheduler
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaScheduler}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionNovaVNCProxy:
+ default: 'overcloud-nova-vncproxy'
+ type: string
resources:
NovaBase:
description: Role data for the Nova Vncproxy service.
value:
service_name: nova_vncproxy
+ monitoring_subscription: {get_param: MonitoringSubscriptionNovaVNCProxy}
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
'[': ''
']': ''
nova::vncproxy::common::vncproxy_port: {get_param: [EndpointMap, NovaVNCProxyPublic, port]}
+ # NOTE: bind IP is found in Heat replacing the network name with the local node IP
+ # for the given network; replacement examples (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ nova::vncproxy::host: {get_param: [ServiceNetMap, NovaApiNetwork]}
step_config: |
include tripleo::profile::base::nova::vncproxy
--- /dev/null
+heat_template_version: 2016-04-08
+
+description: >
+ OpenDaylight SDN Controller.
+
+parameters:
+ OpenDaylightPort:
+ default: 8081
+ description: Set opendaylight service port
+ type: number
+ EnableOpenDaylightOnController:
+ default: false
+ description: Whether to install OpenDaylight on control nodes.
+ type: boolean
+ OpenDaylightUsername:
+ default: 'admin'
+ description: The username for the opendaylight server.
+ type: string
+ OpenDaylightPassword:
+ default: 'admin'
+ type: string
+ description: The password for the opendaylight server.
+ hidden: true
+ OpenDaylightEnableL3:
+ description: Knob to enable/disable ODL L3
+ type: string
+ default: 'no'
+ OpenDaylightEnableDHCP:
+ description: Knob to enable/disable ODL DHCP Server
+ type: boolean
+ default: false
+ OpenDaylightFeatures:
+ description: List of features to install with ODL
+ type: comma_delimited_list
+ default: ["odl-netvirt-openstack","odl-netvirt-ui"]
+ OpenDaylightConnectionProtocol:
+ description: L7 protocol used for REST access
+ type: string
+ default: 'http'
+ OpenDaylightCheckURL:
+ description: URL postfix to verify ODL has finished starting up
+ type: string
+ default: 'restconf/operational/network-topology:network-topology/topology/netvirt:1'
+ OpenDaylightApiVirtualIP:
+ type: string
+ default: ''
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the OpenDaylight service.
+ value:
+ service_name: opendaylight_api
+ config_settings:
+ opendaylight::odl_rest_port: {get_param: OpenDaylightPort}
+ odl_on_controller: {get_param: EnableOpenDaylightOnController}
+ opendaylight_check_url: {get_param: OpenDaylightCheckURL}
+ opendaylight::username: {get_param: OpenDaylightUsername}
+ opendaylight::password: {get_param: OpenDaylightPassword}
+ opendaylight::enable_l3: {get_param: OpenDaylightEnableL3}
+ opendaylight::extra_features: {get_param: OpenDaylightFeatures}
+ opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP}
+ opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
+ opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpenDaylightApiNetwork]}
+ tripleo::haproxy::opendaylight: true
+ step_config: |
+ include tripleo::profile::base::neutron::opendaylight
+ include tripleo::profile::base::neutron::plugins::ovs::opendaylight
--- /dev/null
+heat_template_version: 2016-04-08
+
+description: >
+ OpenDaylight OVS Configuration.
+
+parameters:
+ OpenDaylightPort:
+ default: 8081
+ description: Set opendaylight service port
+ type: number
+ OpenDaylightConnectionProtocol:
+ description: L7 protocol used for REST access
+ type: string
+ default: 'http'
+ OpenDaylightCheckURL:
+ description: URL postfix to verify ODL has finished starting up
+ type: string
+ default: 'restconf/operational/network-topology:network-topology/topology/netvirt:1'
+ OpenDaylightApiVirtualIP:
+ type: string
+ default: ''
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the OpenDaylight service.
+ value:
+ service_name: opendaylight_ovs
+ config_settings:
+ opendaylight::odl_rest_port: {get_param: OpenDaylightPort}
+ opendaylight_check_url: {get_param: OpenDaylightCheckURL}
+ opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol}
+ step_config: |
+ include tripleo::profile::base::neutron::plugins::ovs::opendaylight
-heat_template_version: 2016-04-08
+heat_template_version: 2016-10-14
description: >
Pacemaker service configured with Puppet
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionPacemaker:
+ default: 'overcloud-pacemaker'
+ type: string
+ CorosyncIPv6:
+ default: false
+ description: Enable IPv6 in Corosync
+ type: boolean
+ EnableFencing:
+ default: false
+ description: Whether to enable fencing in Pacemaker or not.
+ type: boolean
+ PcsdPassword:
+ type: string
+ description: The password for the 'pcsd' user for pacemaker.
+ hidden: true
+ default: ''
+ FencingConfig:
+ default: {}
+ description: |
+ Pacemaker fencing configuration. The JSON should have
+ the following structure:
+ {
+ "devices": [
+ {
+ "agent": "AGENT_NAME",
+ "host_mac": "HOST_MAC_ADDRESS",
+ "params": {"PARAM_NAME": "PARAM_VALUE"}
+ }
+ ]
+ }
+ For instance:
+ {
+ "devices": [
+ {
+ "agent": "fence_xvm",
+ "host_mac": "52:54:00:aa:bb:cc",
+ "params": {
+ "multicast_address": "225.0.0.12",
+ "port": "baremetal_0",
+ "manage_fw": true,
+ "manage_key_file": true,
+ "key_file": "/etc/fence_xvm.key",
+ "key_file_password": "abcdef"
+ }
+ }
+ ]
+ }
+ type: json
outputs:
role_data:
description: Role data for the Pacemaker role.
value:
service_name: pacemaker
+ monitoring_subscription: {get_param: MonitoringSubscriptionPacemaker}
config_settings:
pacemaker::corosync::cluster_name: 'tripleo_cluster'
pacemaker::corosync::manage_fw: false
'131 pacemaker udp':
proto: 'udp'
dport: 5405
+ corosync_ipv6: {get_param: CorosyncIPv6}
+ tripleo::fencing::config: {get_param: FencingConfig}
+ enable_fencing: {get_param: EnableFencing}
+ hacluster_pwd:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: PcsdPassword}
+ - {get_param: [DefaultPasswords, pcsd_password]}
step_config: |
include ::tripleo::profile::base::pacemaker
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCeilometerCentral:
+ default: 'overcloud-ceilometer-agent-central'
+ type: string
resources:
CeilometerServiceBase:
description: Role data for the Ceilometer Central Agent pacemaker role.
value:
service_name: ceilometer_agent_central
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral}
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCeilometerNotification:
+ default: 'overcloud-ceilometer-agent-notification'
+ type: string
resources:
CeilometerServiceBase:
description: Role data for the Ceilometer Notification Agent pacemaker role.
value:
service_name: ceilometer_agent_notification
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerNotification}
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCeilometerApi:
+ default: 'overcloud-ceilometer-api'
+ type: string
resources:
CeilometerServiceBase:
description: Role data for the Ceilometer API pacemaker role.
value:
service_name: ceilometer_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerApi}
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionCeilometerCollector:
+ default: 'overcloud-ceilometer-collector'
+ type: string
resources:
CeilometerServiceBase:
description: Role data for the Ceilometer Collector pacemaker role.
value:
service_name: ceilometer_collector
+ monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCollector}
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
description: Role data for the Cinder API role.
value:
service_name: cinder_api
+ monitoring_subscription: {get_attr: [CinderApiBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [CinderApiBase, role_data, config_settings]
description: Role data for the Cinder Backup role.
value:
service_name: cinder_backup
+ monitoring_subscription: {get_attr: [CinderBackupBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [CinderBackupBase, role_data, config_settings]
description: Role data for the Cinder Scheduler role.
value:
service_name: cinder_scheduler
+ monitoring_subscription: {get_attr: [CinderSchedulerBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [CinderSchedulerBase, role_data, config_settings]
description: Role data for the Cinder Volume role.
value:
service_name: cinder_volume
+ monitoring_subscription: {get_attr: [CinderVolumeBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [CinderVolumeBase, role_data, config_settings]
description: Role data for the Glance role.
value:
service_name: glance_api
+ monitoring_subscription: {get_attr: [GlanceApiBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [GlanceApiBase, role_data, config_settings]
description: Role data for the Glance role.
value:
service_name: glance_registry
+ monitoring_subscription: {get_attr: [GlanceRegistryBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [GlanceRegistryBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionGnocchiApi:
+ default: 'overcloud-gnocchi-api'
+ type: string
resources:
GnocchiServiceBase:
description: Role data for the Gnocchi role.
value:
service_name: gnocchi_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi}
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionGnocchiMetricd:
+ default: 'overcloud-gnocchi-metricd'
+ type: string
resources:
GnocchiServiceBase:
description: Role data for the Gnocchi role.
value:
service_name: gnocchi_metricd
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiMetricd}
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionGnocchiStatsd:
+ default: 'overcloud-gnocchi-statsd'
+ type: string
resources:
GnocchiServiceBase:
description: Role data for the Gnocchi role.
value:
service_name: gnocchi_statsd
+ monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiStatsd}
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
description: Role data for the HAproxy with pacemaker role.
value:
service_name: haproxy
+ monitoring_subscription: {get_attr: [LoadbalancerServiceBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [LoadbalancerServiceBase, role_data, config_settings]
description: Role data for the Heat CloudFormation API role.
value:
service_name: heat_api_cfn
+ monitoring_subscription: {get_attr: [HeatApiCfnBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [HeatApiCfnBase, role_data, config_settings]
description: Role data for the Heat Cloudwatch API role.
value:
service_name: heat_api_cloudwatch
+ monitoring_subscription: {get_attr: [HeatApiCloudwatchBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [HeatApiCloudwatchBase, role_data, config_settings]
description: Role data for the Heat API role.
value:
service_name: heat_api
+ monitoring_subscription: {get_attr: [HeatApiBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [HeatApiBase, role_data, config_settings]
description: Role data for the Heat engine role.
value:
service_name: heat_engine
+ monitoring_subscription: {get_attr: [HeatEngineBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [HeatEngineBase, role_data, config_settings]
description: Role data for the Horizon role.
value:
service_name: horizon
+ monitoring_subscription: {get_attr: [HorizonBase, role_data, monitoring_subscription]}
config_settings:
get_attr: [HorizonBase, role_data, config_settings]
step_config: |
description: Role data for the Keystone pacemaker role.
value:
service_name: keystone
+ monitoring_subscription: {get_attr: [KeystoneServiceBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [KeystoneServiceBase, role_data, config_settings]
description: Role data for the manila-share pacemaker role.
value:
service_name: manila_share
+ monitoring_subscription: {get_attr: [ManilaShareBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [ManilaShareBase, role_data, config_settings]
description: Role data for the Memcached pacemaker role.
value:
service_name: memcached
+ monitoring_subscription: {get_attr: [MemcachedServiceBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [MemcachedServiceBase, role_data, config_settings]
description: Role data for the Neutron DHCP role.
value:
service_name: neutron_dhcp
+ monitoring_subscription: {get_attr: [NeutronDhcpBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NeutronDhcpBase, role_data, config_settings]
description: Role data for the Neutron L3 role.
value:
service_name: neutron_l3
+ monitoring_subscription: {get_attr: [NeutronL3Base, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NeutronL3Base, role_data, config_settings]
description: Role data for the Neutron Metadata role.
value:
service_name: neutron_metadata
+ monitoring_subscription: {get_attr: [NeutronMetadataBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NeutronMetadataBase, role_data, config_settings]
description: Role data for the Neutron Midonet plugin.
value:
service_name: neutron_midonet
+ monitoring_subscription: {get_attr: [NeutronMidonetBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NeutronMidonetBase, role_data, config_settings]
description: Role data for the Neutron OVS agent service.
value:
service_name: neutron_ovs_agent
+ monitoring_subscription: {get_attr: [NeutronOvsBase, role_data, monitoring_subscription]}
config_settings:
get_attr: [NeutronOvsBase, role_data, config_settings]
step_config: |
description: Role data for the Neutron Server.
value:
service_name: neutron_server
+ monitoring_subscription: {get_attr: [NeutronServerBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NeutronServerBase, role_data, config_settings]
description: Role data for the Nova API role.
value:
service_name: nova_api
+ monitoring_subscription: {get_attr: [NovaApiBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NovaApiBase, role_data, config_settings]
description: Role data for the Nova Conductor role.
value:
service_name: nova_conductor
+ monitoring_subscription: {get_attr: [NovaConductorBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NovaConductorBase, role_data, config_settings]
description: Role data for the Nova Consoleauth role.
value:
service_name: nova_consoleauth
+ monitoring_subscription: {get_attr: [NovaConsoleauthBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NovaConsoleauthBase, role_data, config_settings]
description: Role data for the Nova Scheduler role.
value:
service_name: nova_scheduler
+ monitoring_subscription: {get_attr: [NovaSchedulerBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NovaSchedulerBase, role_data, config_settings]
description: Role data for the Nova Vncproxy role.
value:
service_name: nova_vncproxy
+ monitoring_subscription: {get_attr: [NovaVncproxyBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [NovaVncproxyBase, role_data, config_settings]
description: Role data for the RabbitMQ pacemaker role.
value:
service_name: rabbitmq
+ monitoring_subscription: {get_attr: [RabbitMQServiceBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [RabbitMQServiceBase, role_data, config_settings]
description: Role data for the Sahara API role.
value:
service_name: sahara_api
+ monitoring_subscription: {get_attr: [SaharaApiBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [SaharaApiBase, role_data, config_settings]
description: Role data for the Sahara Engine role.
value:
service_name: sahara_engine
+ monitoring_subscription: {get_attr: [SaharaEngineBase, role_data, monitoring_subscription]}
config_settings:
map_merge:
- get_attr: [SaharaEngineBase, role_data, config_settings]
type: string
default: ''
hidden: true
+ MonitoringSubscriptionRabbitmq:
+ default: 'overcloud-rabbitmq'
+ type: string
outputs:
role_data:
description: Role data for the RabbitMQ role.
value:
service_name: rabbitmq
+ monitoring_subscription: {get_param: MonitoringSubscriptionRabbitmq}
config_settings:
rabbitmq::file_limit: {get_param: RabbitFDLimit}
rabbitmq::default_user: {get_param: RabbitUserName}
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionSaharaApi:
+ default: 'overcloud-sahara-api'
+ type: string
resources:
SaharaBase:
description: Role data for the Sahara API role.
value:
service_name: sahara_api
+ monitoring_subscription: {get_param: MonitoringSubscriptionSaharaApi}
config_settings:
map_merge:
- get_attr: [SaharaBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ MonitoringSubscriptionSaharaEngine:
+ default: 'overcloud-sahara-engine'
+ type: string
resources:
SaharaBase:
description: Role data for the Sahara Engine role.
value:
service_name: sahara_engine
+ monitoring_subscription: {get_param: MonitoringSubscriptionSaharaEngine}
config_settings:
map_merge:
- get_attr: [SaharaBase, role_data, config_settings]
yaql:
expression: list($.data.s_names.where($ != null))
data: {s_names: {get_attr: [ServiceChain, role_data, service_name]}}
+ monitoring_subscriptions:
+ yaql:
+ expression: list($.data.subscriptions.where($ != null))
+ data: {subscriptions: {get_attr: [ServiceChain, role_data, monitoring_subscription]}}
config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}}
step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]}
value:
service_name: snmp
config_settings:
- snmpd_readonly_user_name: {get_param: SnmpdReadonlyUserName}
- snmpd_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
+ tripleo::profile::base::snmp::snmpd_user: {get_param: SnmpdReadonlyUserName}
+ tripleo::profile::base::snmp::snmpd_password: {get_param: SnmpdReadonlyUserPassword}
tripleo.snmp.firewall_rules:
'127 snmp':
dport: 161
type: string
default: 'regionOne'
description: Keystone region for endpoint
+ MonitoringSubscriptionSwiftProxy:
+ default: 'overcloud-swift-proxy'
+ type: string
resources:
SwiftBase:
description: Role data for the Swift proxy service.
value:
service_name: swift_proxy
+ monitoring_subscription: {get_param: MonitoringSubscriptionSwiftProxy}
config_settings:
map_merge:
- get_attr: [SwiftBase, role_data, config_settings]
- swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]}
- swift::proxy::authtoken::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
- swift::proxy::authtoken::admin_password: {get_param: SwiftPassword}
- swift::proxy::authtoken::admin_tenant_name: 'service'
+ swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
+ swift::proxy::authtoken::password: {get_param: SwiftPassword}
+ swift::proxy::authtoken::project_name: 'service'
swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout}
swift::proxy::workers: {get_param: SwiftWorkers}
swift::keystone::auth::public_url: {get_param: [EndpointMap, SwiftPublic, uri]}
default: {}
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
type: json
+ MonitoringSubscriptionSwiftStorage:
+ default: 'overcloud-swift-storage'
+ type: string
# DEPRECATED options for compatibility with overcloud.yaml
# This should be removed and manipulation of the ControllerServices list
description: Role data for the Swift Proxy role.
value:
service_name: swift_storage
+ monitoring_subscription: {get_param: MonitoringSubscriptionSwiftStorage}
config_settings:
map_merge:
- get_attr: [SwiftBase, role_data, config_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ManageFirewall:
+ default: false
+ description: Whether to manage IPtables rules.
+ type: boolean
+ PurgeFirewallRules:
+ default: false
+ description: Whether IPtables rules should be purged before setting up the new ones.
+ type: boolean
outputs:
role_data:
description: Role data for the TripleO firewall settings
value:
service_name: tripleo_firewall
+ config_settings:
+ tripleo::firewall::manage_firewall: {get_param: ManageFirewall}
+ tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
step_config: |
include ::tripleo::firewall
type: comma_delimited_list
object_store_swift_devices:
type: comma_delimited_list
- controller_swift_proxy_memcaches:
- type: comma_delimited_list
resources:
- list_join:
- ", "
- {get_param: object_store_swift_devices}
- swift::proxy::cache::memcache_servers:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: controller_swift_proxy_memcaches}
outputs:
config_id:
default: {}
DeployIdentifier:
type: string
+ default: ''
description: Value which changes if the node configuration may need to be re-applied
resources:
ServiceNames:
type: comma_delimited_list
default: []
+ MonitoringSubscriptions:
+ type: comma_delimited_list
+ default: []
ConfigCommand:
type: string
description: Command which will be run whenever configuration data changes
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
+ sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
+++ /dev/null
-heat_template_version: 2015-04-30
-
-description: >
- Configure hieradata for service -> virtual IP mappings.
-
-resources:
- VipConfigImpl:
- type: OS::Heat::StructuredConfig
- properties:
- group: os-apply-config
- config:
- hiera:
- datafiles:
- vip_data:
- mapped_data:
- keystone_admin_api_vip: {get_input: keystone_admin_api_vip}
- keystone_public_api_vip: {get_input: keystone_public_api_vip}
- neutron_api_vip: {get_input: neutron_api_vip}
- # TODO: pass a `midonet_api_vip` var
- midonet_api_vip: {get_input: neutron_api_vip}
- cinder_api_vip: {get_input: cinder_api_vip}
- glance_api_vip: {get_input: glance_api_vip}
- glance_registry_vip: {get_input: glance_registry_vip}
- sahara_api_vip: {get_input: sahara_api_vip}
- swift_proxy_vip: {get_input: swift_proxy_vip}
- manila_api_vip: {get_input: manila_api_vip}
- nova_api_vip: {get_input: nova_api_vip}
- nova_metadata_vip: {get_input: nova_metadata_vip}
- ceilometer_api_vip: {get_input: ceilometer_api_vip}
- aodh_api_vip: {get_input: aodh_api_vip}
- gnocchi_api_vip: {get_input: gnocchi_api_vip}
- heat_api_vip: {get_input: heat_api_vip}
- horizon_vip: {get_input: horizon_vip}
- redis_vip: {get_input: redis_vip}
- mysql_vip: {get_input: mysql_vip}
- public_virtual_ip: {get_input: public_virtual_ip}
- controller_virtual_ip: {get_input: control_virtual_ip}
- internal_api_virtual_ip: {get_input: internal_api_virtual_ip}
- storage_virtual_ip: {get_input: storage_virtual_ip}
- storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip}
- ironic_api_vip: {get_input: ironic_api_vip}
- # public_virtual_ip and controller_virtual_ip are needed in
- # both HAproxy & keepalived.
- tripleo::haproxy::public_virtual_ip: {get_input: public_virtual_ip}
- tripleo::haproxy::controller_virtual_ip: {get_input: control_virtual_ip}
- tripleo::keepalived::public_virtual_ip: {get_input: public_virtual_ip}
- tripleo::keepalived::controller_virtual_ip: {get_input: control_virtual_ip}
- tripleo::keepalived::internal_api_virtual_ip: {get_input: internal_api_virtual_ip}
- tripleo::keepalived::storage_virtual_ip: {get_input: storage_virtual_ip}
- tripleo::keepalived::storage_mgmt_virtual_ip: {get_input: storage_mgmt_virtual_ip}
- tripleo::redis_notification::haproxy_monitor_ip: {get_input: control_virtual_ip}
-
-
-outputs:
- OS::stack_id:
- description: The VipConfigImpl resource.
- value: {get_resource: VipConfigImpl}
import yaml
+required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords']
+
def exit_usage():
print('Usage %s <yaml file or directory>' % sys.argv[0])
sys.exit(1)
% filename)
return 1
if 'parameters' in tpl:
- required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords']
for param in required_params:
if param not in tpl['parameters']:
print('ERROR: parameter %s is required for %s.'
return 1
# yaml is OK, now walk the parameters and output a warning for unused ones
for p in tpl.get('parameters', {}):
+ if p in required_params:
+ continue
str_p = '\'%s\'' % p
in_resources = str_p in str(tpl.get('resources', {}))
in_outputs = str_p in str(tpl.get('outputs', {}))