CinderNetappControllerIps: ''
CinderNetappSaPassword: ''
CinderNetappStoragePools: ''
- CinderNetappEseriesHostType: 'linux_dm_mp'
+ CinderNetappHostType: ''
CinderNetappWebservicePath: '/devmgr/v2'
-# If using an isolated StorageMgmt network, this will have to be uncommented to
-# plug the network on the compute nodes as well.
-#resource_registry:
-# OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
+# If not using an isolated StorageMgmt network, the following regitry mapping
+# should be commented.
+resource_registry:
+ OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
-# Should match the default list of services for the compute node plus CephOSD
parameter_defaults:
ComputeServices:
- OS::TripleO::Services::CephOSD
resource_registry:
OS::TripleO::Services::FluentdClient: ../puppet/services/logging/fluentd-client.yaml
-parameter_defaults:
+#parameter_defaults:
## Simple configuration
#
NovaWorkers: 1
SaharaWorkers: 1
SwiftWorkers: 1
+ GnocchiMetricdWorkers: 1
ApacheMaxRequestWorkers: 32
ApacheServerLimit: 32
--- /dev/null
+# A Heat environment file which can be used to enable a
+# a Manila CephFS Native driver backend.
+resource_registry:
+ OS::Tripleo::Services::ManilaApi: ../puppet/services/manila-api.yaml
+ OS::Tripleo::Services::ManilaScheduler: ../puppet/services/manila-scheduler.yaml
+ # Only manila-share is pacemaker managed:
+ OS::Tripleo::Services::ManilaShare: ../puppet/services/pacemaker/manila-share.yaml
+ OS::Tripleo::Services::ManilaBackendCephFs: ../puppet/services/manila-backend-cephfs.yaml
+
+
+parameter_defaults:
+ ManilaCephFSNativeEnableBackend: true
+ ManilaCephFSNativeBackendName: cephfsnative
+ ManilaCephFSNativeDriverHandlesShareServers: false
+ ManilaCephFSNativeCephFSConfPath: '/etc/ceph/cephfs.conf'
+ ManilaCephFSNativeCephFSAuthId: 'manila'
+ ManilaCephFSNativeCephFSClusterName: 'ceph'
+ ManilaCephFSNativeCephFSEnableSnapshots: true
resource_registry:
OS::TripleO::Services::SensuClient: ../puppet/services/monitoring/sensu-client.yaml
-parameter_defaults:
+#parameter_defaults:
#### Sensu settings ####
##MonitoringRabbitHost: 10.10.10.10
##MonitoringRabbitPort: 5672
type: OS::Heat::SoftwareDeployments
properties:
name: CollectMacDeploymentsController
- servers: {get_param: servers, {{role.name}}}
+ servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: CollectMacConfig}
actions: ['CREATE'] # Only do this on CREATE
{% endfor %}
type: OS::Heat::SoftwareDeployments
properties:
name: DistributeMacDeploymentsController
- servers: {get_param: servers, Controller}
+ servers: {get_param: [servers, Controller]}
config: {get_resource: DistributeMacConfig}
input_values:
# FIXME(shardy): It'd be more convenient if we could join these
type: OS::Heat::SoftwareDeployments
properties:
name: RandomDeploymentsController
- servers: {get_param: servers, Controller}
+ servers: {get_param: [servers, Controller]}
config: {get_resource: RandomConfig}
actions: ['CREATE'] # Only do this on CREATE
input_values:
type: OS::Heat::SoftwareDeployments
properties:
name: RandomDeploymentsCompute
- servers: {get_param: servers, Compute}
+ servers: {get_param: [servers, Compute]}
config: {get_resource: RandomConfig}
actions: ['CREATE'] # Only do this on CREATE
input_values:
type: OS::Heat::SoftwareDeploymentGroup
properties:
config: {get_resource: SwapConfig}
- servers: {get_param: servers, {{role.name}}}
+ servers: {get_param: [servers, {{role.name}}]}
input_values:
swap_partition_label: {get_param: swap_partition_label}
actions: ["CREATE"]
type: OS::Heat::SoftwareDeploymentGroup
properties:
config: {get_resource: SwapConfig}
- servers: {get_param: servers, {{role.name}}}
+ servers: {get_param: [servers, {{role.name}}]}
input_values:
swap_size_megabytes: {get_param: swap_size_megabytes}
swap_path: {get_param: swap_path}
echo INFO: starting $(basename "$0")
# Exit if not running
-if ! pidof ceph-mon; then
+if ! pidof ceph-mon &> /dev/null; then
echo INFO: ceph-mon is not running, skipping
exit 0
fi
fi
# Useful when upgrading with OSDs num < replica size
-if [ ${ignore_ceph_upgrade_warnings:-false} != "true" ]; then
+if [[ ${ignore_ceph_upgrade_warnings:-False} != [Tt]rue ]]; then
timeout 300 bash -c "while [ ${CEPH_STATUS} != HEALTH_OK ]; do
echo WARNING: Waiting for Ceph cluster status to go HEALTH_OK;
sleep 30;
elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then
# RPM could own some of these but we can't take risks on the pre-existing files
for d in /var/lib/ceph/mon /var/log/ceph /var/run/ceph /etc/ceph; do
- chown -R ceph:ceph $d || echo WARNING: chown of $d failed
+ chown -L -R ceph:ceph $d || echo WARNING: chown of $d failed
done
# Replay udev events with newer rules
sleep 10;
done"
+ # if tunables become legacy, cluster status will be HEALTH_WARN causing
+ # upgrade to fail on following node
+ ceph osd crush tunables default
+
echo INFO: Ceph was upgraded to Jewel
else
echo ERROR: Ceph was upgraded to an unknown release, daemon is stopped, need manual intervention
echo INFO: starting $(basename "$0")
# Exit if not running
-if ! pidof ceph-osd; then
+if ! pidof ceph-osd &> /dev/null; then
echo INFO: ceph-osd is not running, skipping
exit 0
fi
elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then
# RPM could own some of these but we can't take risks on the pre-existing files
for d in /var/lib/ceph/osd /var/log/ceph /var/run/ceph /etc/ceph; do
- chown -R ceph:ceph $d || echo WARNING: chown of $d failed
+ chown -L -R ceph:ceph $d || echo WARNING: chown of $d failed
done
# Replay udev events with newer rules
udevadm trigger && udevadm settle
+ # If on ext4, we need to enforce lower values for name and namespace len
+ # or ceph-osd will refuse to start, see: http://tracker.ceph.com/issues/16187
+ for OSD_ID in $OSD_IDS; do
+ OSD_FS=$(findmnt -n -o FSTYPE -T /var/lib/ceph/osd/ceph-${OSD_ID})
+ if [ ${OSD_FS} = ext4 ]; then
+ crudini --set /etc/ceph/ceph.conf global osd_max_object_name_len 256
+ crudini --set /etc/ceph/ceph.conf global osd_max_object_namespace_len 64
+ fi
+ done
+
# Enable systemd unit
systemctl enable ceph-osd.target
for OSD_ID in $OSD_IDS; do
check_clean_cluster()
{
- if crm_mon -1 | grep -A3 Failed; then
- echo_error "ERROR: upgrade cannot start with failed resources on the cluster. Clean them up before starting: pcs resource cleanup."
+ if pcs status | grep -q Stopped:; then
+ echo_error "ERROR: upgrade cannot start with stopped resources on the cluster. Make sure that all the resources are up and running."
exit 1
fi
}
check_cluster
check_pcsd
-check_clean_cluster
+if [[ -n $(is_bootstrap_node) ]]; then
+ check_clean_cluster
+fi
check_python_rpm
check_galera_root_password
check_disk_for_mysql_dump
STONITH_STATE=$(pcs property show stonith-enabled | grep "stonith-enabled" | awk '{ print $2 }')
pcs property set stonith-enabled=false
-# Migrate to HA NG
-if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then
+# Migrate to HA NG and fix up rabbitmq queues
+# We fix up the rabbitmq ha queues after the migration because it will
+# restart the rabbitmq resource. Doing it after the migration means no other
+# services will be restart as there are no other constraints
+if [[ -n $(is_bootstrap_node) ]]; then
migrate_full_to_ng_ha
+ rabbitmq_mitaka_newton_upgrade
fi
# After migrating the cluster to HA-NG the services not under pacemaker's control
# is going to take a long time because rabbit is down. By having the service stopped
# systemctl try-restart is a noop
-for $service in $(services_to_migrate); do
+for service in $(services_to_migrate); do
manage_systemd_service stop "${service%%-clone}"
- check_resource_systemd "${service%%-clone}" stopped 600
+ # So the reason for not reusing check_resource_systemd is that
+ # I have observed systemctl is-active returning unknown with at least
+ # one service that was stopped (See LP 1627254)
+ timeout=600
+ tstart=$(date +%s)
+ tend=$(( $tstart + $timeout ))
+ check_interval=3
+ while (( $(date +%s) < $tend )); do
+ if [[ "$(systemctl is-active ${service%%-clone})" = "active" ]]; then
+ echo "$service still active, sleeping $check_interval seconds."
+ sleep $check_interval
+ else
+ # we do not care if it is inactive, unknown or failed as long as it is
+ # not running
+ break
+ fi
+
+ done
done
# In case the mysql package is updated, the database on disk must be
# on mysql package versionning, but this can be overriden manually
# to support specific upgrade scenario
-if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then
+if [[ -n $(is_bootstrap_node) ]]; then
if [ $DO_MYSQL_UPGRADE -eq 1 ]; then
mysqldump $backup_flags > "$MYSQL_BACKUP_DIR/openstack_database.sql"
cp -rdp /etc/my.cnf* "$MYSQL_BACKUP_DIR"
check_resource rabbitmq stopped 600
pcs resource disable galera
check_resource galera stopped 600
+ pcs resource disable openstack-cinder-volume
+ check_resource openstack-cinder-volume stopped 600
# Disable all VIPs before stopping the cluster, so that pcs doesn't use one as a source address:
# https://bugzilla.redhat.com/show_bug.cgi?id=1330688
for vip in $(pcs resource show | grep ocf::heartbeat:IPaddr2 | grep Started | awk '{ print $1 }'); do
fi
-# Swift isn't controled by pacemaker
+# Swift isn't controlled by pacemaker
systemctl_swift stop
tstart=$(date +%s)
# Pin messages sent to compute nodes to kilo, these will be upgraded later
crudini --set /etc/nova/nova.conf upgrade_levels compute "$upgrade_level_nova_compute"
+# https://bugzilla.redhat.com/show_bug.cgi?id=1284047
+# Change-Id: Ib3f6c12ff5471e1f017f28b16b1e6496a4a4b435
+crudini --set /etc/ceilometer/ceilometer.conf DEFAULT rpc_backend rabbit
+# https://bugzilla.redhat.com/show_bug.cgi?id=1284058
+# Ifd1861e3df46fad0e44ff9b5cbd58711bbc87c97 Swift Ceilometer middleware no longer exists
+crudini --set /etc/swift/proxy-server.conf pipeline:main pipeline "catch_errors healthcheck cache ratelimit tempurl formpost authtoken keystone staticweb proxy-logging proxy-server"
+# LP: 1615035, required only for M/N upgrade.
+crudini --set /etc/nova/nova.conf DEFAULT scheduler_host_manager host_manager
+# LP: 1627450, required only for M/N upgrade
+crudini --set /etc/nova/nova.conf DEFAULT scheduler_driver filter_scheduler
crudini --set /etc/sahara/sahara.conf DEFAULT plugins ambari,cdh,mapr,vanilla,spark,storm
start_or_enable_service galera
check_resource galera started 600
+start_or_enable_service redis
+check_resource redis started 600
+# We need mongod which is now a systemd service up and running before calling
+# ceilometer-dbsync. There is still a race here: mongod might not be up on all nodes
+# so ceilometer-dbsync will fail a couple of times before that. As it retries indefinitely
+# we should be good.
+# Due to LP Bug https://bugs.launchpad.net/tripleo/+bug/1627254 am using systemctl directly atm
+systemctl start mongod
+check_resource mongod started 600
if [[ -n $(is_bootstrap_node) ]]; then
tstart=$(date +%s)
keystone-manage db_sync
neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head
nova-manage db sync
+ nova-manage api_db sync
+ nova-manage db online_data_migrations
+ gnocchi-upgrade
#TODO(marios):someone from sahara needs to check this:
# sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head
fi
-
-start_or_enable_service rabbitmq
-check_resource rabbitmq started 600
-start_or_enable_service redis
-check_resource redis started 600
-
-# Swift isn't controled by pacemaker
-systemctl_swift start
-
-# We need to start the systemd services we explicitely stopped at step _1.sh
-# FIXME: Should we let puppet during the convergence step do the service enabling or
-# should we add it here?
-for $service in $(services_to_migrate); do
- manage_systemd_service stop "${service%%-clone}"
- check_resource_systemd "${service%%-clone}" started 600
-done
--- /dev/null
+#!/bin/bash
+
+set -eu
+
+start_or_enable_service rabbitmq
+check_resource rabbitmq started 600
+start_or_enable_service redis
+check_resource redis started 600
+start_or_enable_service openstack-cinder-volume
+check_resource openstack-cinder-volume started 600
+
+
+# Swift isn't controled by pacemaker
+systemctl_swift start
+
+# We need to start the systemd services we explicitely stopped at step _1.sh
+# FIXME: Should we let puppet during the convergence step do the service enabling or
+# should we add it here?
+for service in $(services_to_migrate); do
+ manage_systemd_service start "${service%%-clone}"
+ check_resource_systemd "${service%%-clone}" started 600
+done
CephMonUpgradeDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
- servers: {get_param: servers, Controller}
+ servers: {get_param: [servers, Controller]}
config: {get_resource: CephMonUpgradeConfig}
input_values: {get_param: input_values}
update_policy:
type: OS::Heat::SoftwareDeploymentGroup
depends_on: CephMonUpgradeDeployment
properties:
- servers: {get_param: servers, Controller}
+ servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerPacemakerUpgradeConfig_Step1}
input_values: {get_param: input_values}
BlockStorageUpgradeDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
- servers: {get_param: servers, BlockStorage}
+ servers: {get_param: [servers, BlockStorage]}
config: {get_resource: BlockStorageUpgradeConfig}
input_values: {get_param: input_values}
type: OS::Heat::SoftwareDeploymentGroup
depends_on: BlockStorageUpgradeDeployment
properties:
- servers: {get_param: servers, Controller}
+ servers: {get_param: [servers, Controller]}
config: {get_resource: ControllerPacemakerUpgradeConfig_Step2}
input_values: {get_param: input_values}
+ ControllerPacemakerUpgradeConfig_Step3:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - get_file: pacemaker_common_functions.sh
+ - get_file: major_upgrade_pacemaker_migrations.sh
+ - get_file: major_upgrade_controller_pacemaker_3.sh
+
+ ControllerPacemakerUpgradeDeployment_Step3:
+ type: OS::Heat::SoftwareDeploymentGroup
+ depends_on: ControllerPacemakerUpgradeDeployment_Step2
+ properties:
+ servers: {get_param: [servers, Controller]}
+ config: {get_resource: ControllerPacemakerUpgradeConfig_Step3}
+ input_values: {get_param: input_values}
+
# during the conversion
# 2. Remove all the colocation constraints and then the ordering constraints, except the
# ones related to haproxy/VIPs which exist in Newton as well
-# 3. Remove all the resources that won't be managed by pacemaker in newton. Note that they
-# will show up as ORPHANED but they will keep running normally via systemd. They will be
-# enabled to start at boot by puppet during the converge step
-# 4. Take the cluster out of maintenance-mode and do a resource cleanup
+# 3. Take the cluster out of maintenance-mode
+# 4. Remove all the resources that won't be managed by pacemaker in newton. The
+# outcome will be
+# that they are stopped and removed from pacemakers control
+# 5. Do a resource cleanup to make sure the cluster is in a clean state
function migrate_full_to_ng_ha {
if [[ -n $(pcmk_running) ]]; then
pcs property set maintenance-mode=true
- # We are making sure here that the property has propagated everywhere
- if ! timeout -k 10 300 crm_resource --wait; then
- echo_error "ERROR: cluster remained unstable after setting maintenance-mode for more than 300 seconds, exiting."
- exit 1
- fi
- # First we go through all the colocation constraints (except the ones we want to keep, i.e. the haproxy/ip ones)
- # and we remove those
+
+ # First we go through all the colocation constraints (except the ones
+ # we want to keep, i.e. the haproxy/ip ones) and we remove those
COL_CONSTRAINTS=$(pcs config show | sed -n '/^Colocation Constraints:$/,/^$/p' | grep -v "Colocation Constraints:" | egrep -v "ip-.*haproxy" | awk '{print $NF}' | cut -f2 -d: |cut -f1 -d\))
for constraint in $COL_CONSTRAINTS; do
log_debug "Deleting colocation constraint $constraint from CIB"
log_debug "Deleting ordering constraint $constraint from CIB"
pcs constraint remove "$constraint"
done
+ # At this stage all the pacemaker resources are removed from the CIB.
+ # Once we remove the maintenance-mode those systemd resources will keep
+ # on running. They shall be systemd enabled via the puppet converge
+ # step later on
+ pcs property set maintenance-mode=false
# At this stage there are no constraints whatsoever except the haproxy/ip ones
- # which we want to keep. We now delete each resource that will move to systemd
- # Note that the corresponding systemd resource will stay running, which means that
- # later when we do the "yum update", things will be a bit slower because each
- # "systemctl try-restart <service>" is not a no-op any longer because the service is up
- # and running and it will be restarted with rabbitmq being down.
+ # which we want to keep. We now disable and then delete each resource
+ # that will move to systemd.
+ # We want the systemd resources be stopped before doing "yum update",
+ # that way "systemctl try-restart <service>" is no-op because the
+ # service was down already
PCS_STATUS_OUTPUT="$(pcs status)"
for resource in $(services_to_migrate) "delay-clone" "openstack-core-clone"; do
if echo "$PCS_STATUS_OUTPUT" | grep "$resource"; then
log_debug "Deleting $resource from the CIB"
-
- # We need to add --force because the cluster is in maintenance mode and the resource
- # is unmanaged. The if serves to make this idempotent
+ if ! pcs resource disable "$resource" --wait=600; then
+ echo_error "ERROR: resource $resource failed to be disabled"
+ exit 1
+ fi
pcs resource delete --force "$resource"
else
- log_debug "Service $service not found as a pacemaker resource, not trying to delete."
+ log_debug "Service $resource not found as a pacemaker resource, not trying to delete."
fi
done
- # At this stage all the pacemaker resources are removed from the CIB. Once we remove the
- # maintenance-mode those systemd resources will keep on running. They shall be systemd enabled
- # via the puppet converge step later on
- pcs property set maintenance-mode=false
- # We need to do a pcs resource cleanup here + crm_resource --wait to make sure the
- # cluster is in a clean state before we stop everything, upgrade and restart everything
+ # We need to do a pcs resource cleanup here + crm_resource --wait to
+ # make sure the cluster is in a clean state before we stop everything,
+ # upgrade and restart everything
pcs resource cleanup
# We are making sure here that the cluster is stable before proceeding
if ! timeout -k 10 600 crm_resource --wait; then
fi
fi
}
+
+# This function will make sure that the rabbitmq ha policies are converted from mitaka to newton
+# In mitaka we had: Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"all"}"
+# In newton we want: Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"exactly","ha-params":2}"
+# The nr "2" should be CEIL(N/2) where N is the number of Controllers (i.e. rabbit instances)
+# Note that changing an attribute like this makes the rabbitmq resource restart
+function rabbitmq_mitaka_newton_upgrade {
+ if pcs resource show rabbitmq-clone | grep -q -E "Attributes:.*\"ha-mode\":\"all\""; then
+ # Number of controller is obtained by counting how many hostnames we
+ # have in controller_node_names hiera key
+ nr_controllers=$(($(hiera controller_node_names | grep -o "," |wc -l) + 1))
+ nr_queues=$(($nr_controllers / 2 + ($nr_controllers % 2)))
+ if ! [ $nr_queues -gt 0 -a $nr_queues -le $nr_controllers ]; then
+ echo_error "ERROR: The nr. of HA queues during the M/N upgrade is out of range $nr_queues"
+ exit 1
+ fi
+ pcs resource update rabbitmq set_policy='ha-all ^(?!amq\\.).* {"ha-mode":"exactly","ha-params":'"$nr_queues}" --wait=600
+ fi
+}
AodhMysqlMigrationScriptDeployment:
type: OS::Heat::SoftwareDeploymentGroup
properties:
- servers: {get_param: servers, Controller}
+ servers: {get_param: [servers, Controller]}
config: {get_resource: AodhMysqlMigrationScriptConfig}
input_values: {get_param: input_values}
default: [{'start': '10.0.0.4', 'end': '10.0.0.250'}]
description: Ip allocation pool range for the external network.
type: json
+ ExternalInterfaceDefaultRoute:
+ default: '10.0.0.1'
+ description: default route for the external network
+ type: string
resources:
ExternalNetwork:
name: {get_param: ExternalSubnetName}
network: {get_resource: ExternalNetwork}
allocation_pools: {get_param: ExternalAllocationPools}
+ gateway_ip: {get_param: ExternalInterfaceDefaultRoute}
outputs:
OS::stack_id:
default: dhcpv6-stateful
description: Neutron subnet IPv6 router advertisement mode
type: string
+ ExternalInterfaceDefaultRoute:
+ default: '2001:db8:fd00:1000::1'
+ description: default route for the external network
+ type: string
resources:
ExternalNetwork:
name: {get_param: ExternalSubnetName}
network: {get_resource: ExternalNetwork}
allocation_pools: {get_param: ExternalAllocationPools}
+ gateway_ip: {get_param: ExternalInterfaceDefaultRoute}
outputs:
OS::stack_id:
name: {get_param: InternalApiSubnetName}
network: {get_resource: InternalApiNetwork}
allocation_pools: {get_param: InternalApiAllocationPools}
+ gateway_ip: null
outputs:
OS::stack_id:
name: {get_param: InternalApiSubnetName}
network: {get_resource: InternalApiNetwork}
allocation_pools: {get_param: InternalApiAllocationPools}
+ gateway_ip: null
outputs:
OS::stack_id:
ManagementNetValueSpecs:
default: {'provider:physical_network': 'management', 'provider:network_type': 'flat'}
description: Value specs for the management network.
- type: json
+ type: json
ManagementNetAdminStateUp:
default: false
description: The admin state of the network.
default: [{'start': '10.0.1.4', 'end': '10.0.1.250'}]
description: Ip allocation pool range for the management network.
type: json
+ ManagementInterfaceDefaultRoute:
+ default: null
+ description: The default route of the management network.
+ type: string
resources:
ManagementNetwork:
name: {get_param: ManagementSubnetName}
network: {get_resource: ManagementNetwork}
allocation_pools: {get_param: ManagementAllocationPools}
+ gateway_ip: {get_param: ManagementInterfaceDefaultRoute}
outputs:
OS::stack_id:
description: The name of the undercloud Neutron control plane
default: ctlplane
type: string
+ FixedIPs: # Here for compatibility with ctlplane_vip.yaml
+ description: >
+ Control the IP allocation for the VIP port. E.g.
+ [{'ip_address':'1.2.3.4'}]
+ default: []
+ type: json
ServiceVips:
default: {}
type: json
description: The name of the undercloud Neutron control plane
default: ctlplane
type: string
+ FixedIPs: # Here for compatibility with ctlplane_vip.yaml
+ description: >
+ Control the IP allocation for the VIP port. E.g.
+ [{'ip_address':'1.2.3.4'}]
+ default: []
+ type: json
ServiceVips:
default: {}
type: json
default: []
type: comma_delimited_list
+resources:
+ # This adds the extra "services" on for keystone
+ # so that keystone_admin_api_network and
+ # keystone_public_api_network point to the correct
+ # network on the nodes running the "keystone" service
+ EnabledServicesValue:
+ type: OS::Heat::Value
+ properties:
+ type: comma_delimited_list
+ value:
+ yaql:
+ expression: let(root => $) -> $.data.extra_services.items().where($[0] in $root.data.enabled_services).select($[1]).flatten() + $root.data.enabled_services
+ data:
+ enabled_services: {get_param: EnabledServices}
+ extra_services:
+ # If anything other than keystone needs this
+ # then we should add an extra_networks interface
+ # to the service templates role_data but for
+ # now we hard-code the keystone special case
+ keystone:
+ - keystone_admin_api
+ - keystone_public_api
+
outputs:
net_ip_map:
description: >
template:
SERVICE_node_ips: SERVICE_network
for_each:
- SERVICE: {get_param: EnabledServices}
+ SERVICE: {get_attr: [EnabledServicesValue, value]}
- values: {get_param: ServiceNetMap}
- values:
ctlplane: {get_param: ControlPlaneIpList}
template:
SERVICE_node_names: {get_param: ServiceHostnameList}
for_each:
- SERVICE: {get_param: EnabledServices}
+ SERVICE: {get_attr: [EnabledServicesValue, value]}
CephClusterNetwork: storage_mgmt
CephMonNetwork: storage
CephRgwNetwork: storage
- ControllerHostnameResolveNetwork: internal_api
- ComputeHostnameResolveNetwork: internal_api
- BlockStorageHostnameResolveNetwork: internal_api
- ObjectStorageHostnameResolveNetwork: internal_api
- CephStorageHostnameResolveNetwork: storage
PublicNetwork: external
OpenDaylightApiNetwork: internal_api
+ # We special-case the default ResolveNetwork for the CephStorage role
+ # for backwards compatibility, all other roles default to internal_api
+ CephStorageHostnameResolveNetwork: storage
+{% for role in roles if role.name != 'CephStorage' %}
+ {{role.name}}HostnameResolveNetwork: internal_api
+{% endfor %}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry.
type: json
name: {get_param: StorageSubnetName}
network: {get_resource: StorageNetwork}
allocation_pools: {get_param: StorageAllocationPools}
+ gateway_ip: null
outputs:
OS::stack_id:
name: {get_param: StorageMgmtSubnetName}
network: {get_resource: StorageMgmtNetwork}
allocation_pools: {get_param: StorageMgmtAllocationPools}
+ gateway_ip: null
outputs:
OS::stack_id:
name: {get_param: StorageMgmtSubnetName}
network: {get_resource: StorageMgmtNetwork}
allocation_pools: {get_param: StorageMgmtAllocationPools}
+ gateway_ip: null
outputs:
OS::stack_id:
name: {get_param: StorageSubnetName}
network: {get_resource: StorageNetwork}
allocation_pools: {get_param: StorageAllocationPools}
+ gateway_ip: null
outputs:
OS::stack_id:
name: {get_param: TenantSubnetName}
network: {get_resource: TenantNetwork}
allocation_pools: {get_param: TenantAllocationPools}
+ gateway_ip: null
outputs:
OS::stack_id:
name: {get_param: TenantSubnetName}
network: {get_resource: TenantNetwork}
allocation_pools: {get_param: TenantAllocationPools}
+ gateway_ip: null
outputs:
OS::stack_id:
resource_registry:
- OS::TripleO::BlockStorage: puppet/cinder-storage.yaml
- OS::TripleO::BlockStorage::Net::SoftwareConfig: net-config-noop.yaml
- OS::TripleO::Compute: puppet/compute.yaml
- OS::TripleO::Compute::Net::SoftwareConfig: net-config-noop.yaml
+
OS::TripleO::SoftwareDeployment: OS::Heat::StructuredDeployment
- OS::TripleO::Controller: puppet/controller.yaml
- OS::TripleO::Controller::Net::SoftwareConfig: net-config-bridge.yaml
- OS::TripleO::ObjectStorage: puppet/swift-storage.yaml
- OS::TripleO::ObjectStorage::Net::SoftwareConfig: net-config-noop.yaml
- OS::TripleO::CephStorage: puppet/ceph-storage.yaml
- OS::TripleO::CephStorage::Net::SoftwareConfig: net-config-noop.yaml
- # set to controller-config-pacemaker.yaml to enable pacemaker
- OS::TripleO::ControllerConfig: puppet/controller-config.yaml
OS::TripleO::PostDeploySteps: puppet/post.yaml
- OS::TripleO::ComputeConfig: puppet/compute-config.yaml
- OS::TripleO::BlockStorageConfig: puppet/blockstorage-config.yaml
- OS::TripleO::ObjectStorageConfig: puppet/objectstorage-config.yaml
- OS::TripleO::CephStorageConfig: puppet/cephstorage-config.yaml
OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml
OS::TripleO::DefaultPasswords: default_passwords.yaml
# Tasks (for internal TripleO usage)
OS::TripleO::Tasks::UpdateWorkflow: OS::Heat::None
OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml
- OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None
- OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None
- OS::TripleO::Tasks::ComputePreConfig: OS::Heat::None
- OS::TripleO::Tasks::ComputePostConfig: OS::Heat::None
- OS::TripleO::Tasks::BlockStoragePreConfig: OS::Heat::None
- OS::TripleO::Tasks::BlockStoragePostConfig: OS::Heat::None
- OS::TripleO::Tasks::ObjectStoragePreConfig: OS::Heat::None
- OS::TripleO::Tasks::ObjectStoragePostConfig: OS::Heat::None
- OS::TripleO::Tasks::CephStoragePreConfig: OS::Heat::None
- OS::TripleO::Tasks::CephStoragePostConfig: OS::Heat::None
+{% for role in roles %}
+ OS::TripleO::{{role.name}}: puppet/{{role.name.lower()}}-role.yaml
+ OS::TripleO::{{role.name}}Config: puppet/{{role.name.lower()}}-config.yaml
+ OS::TripleO::Tasks::{{role.name}}PreConfig: OS::Heat::None
+ OS::TripleO::Tasks::{{role.name}}PostConfig: OS::Heat::None
+ OS::TripleO::{{role.name}}ExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml
+ # Port assignments for the {{role.name}} role
+ OS::TripleO::{{role.name}}::Ports::ExternalPort: network/ports/noop.yaml
+ OS::TripleO::{{role.name}}::Ports::InternalApiPort: network/ports/noop.yaml
+ OS::TripleO::{{role.name}}::Ports::StoragePort: network/ports/noop.yaml
+ OS::TripleO::{{role.name}}::Ports::StorageMgmtPort: network/ports/noop.yaml
+ OS::TripleO::{{role.name}}::Ports::TenantPort: network/ports/noop.yaml
+ OS::TripleO::{{role.name}}::Ports::ManagementPort: network/ports/noop.yaml
+ OS::TripleO::{{role.name}}::Net::SoftwareConfig: net-config-noop.yaml
+
+{% endfor %}
+
+ # This resource registry entry will override the one generated by default
+ # in the jinja loop
+ OS::TripleO::Controller::Net::SoftwareConfig: net-config-bridge.yaml
OS::TripleO::Server: OS::Nova::Server
OS::TripleO::NodeUserData: firstboot/userdata_default.yaml
OS::TripleO::NodeTLSCAData: OS::Heat::None
OS::TripleO::NodeTLSData: OS::Heat::None
- OS::TripleO::ControllerExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml
- OS::TripleO::ComputeExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml
- OS::TripleO::CephStorageExtraConfigPre: puppet/extraconfig/pre_deploy/default.yaml
OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml
OS::TripleO::NodeExtraConfigPost: extraconfig/post_deploy/default.yaml
OS::TripleO::Network::Ports::StorageMgmtVipPort: network/ports/noop.yaml
OS::TripleO::Network::Ports::RedisVipPort: network/ports/ctlplane_vip.yaml
- # Port assignments for the controller role
- OS::TripleO::Controller::Ports::ExternalPort: network/ports/noop.yaml
- OS::TripleO::Controller::Ports::InternalApiPort: network/ports/noop.yaml
- OS::TripleO::Controller::Ports::StoragePort: network/ports/noop.yaml
- OS::TripleO::Controller::Ports::StorageMgmtPort: network/ports/noop.yaml
- OS::TripleO::Controller::Ports::TenantPort: network/ports/noop.yaml
- OS::TripleO::Controller::Ports::ManagementPort: network/ports/noop.yaml
-
- # Port assignments for the compute role
- OS::TripleO::Compute::Ports::ExternalPort: network/ports/noop.yaml
- OS::TripleO::Compute::Ports::InternalApiPort: network/ports/noop.yaml
- OS::TripleO::Compute::Ports::StoragePort: network/ports/noop.yaml
- OS::TripleO::Compute::Ports::StorageMgmtPort: network/ports/noop.yaml
- OS::TripleO::Compute::Ports::TenantPort: network/ports/noop.yaml
- OS::TripleO::Compute::Ports::ManagementPort: network/ports/noop.yaml
-
- # Port assignments for the ceph storage role
- OS::TripleO::CephStorage::Ports::ExternalPort: network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::InternalApiPort: network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::StoragePort: network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::StorageMgmtPort: network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::TenantPort: network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::ManagementPort: network/ports/noop.yaml
-
- # Port assignments for the swift storage role
- OS::TripleO::SwiftStorage::Ports::ExternalPort: network/ports/noop.yaml
- OS::TripleO::SwiftStorage::Ports::InternalApiPort: network/ports/noop.yaml
- OS::TripleO::SwiftStorage::Ports::StoragePort: network/ports/noop.yaml
- OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: network/ports/noop.yaml
- OS::TripleO::SwiftStorage::Ports::TenantPort: network/ports/noop.yaml
- OS::TripleO::SwiftStorage::Ports::ManagementPort: network/ports/noop.yaml
-
- # Port assignments for the block storage role
- OS::TripleO::BlockStorage::Ports::ExternalPort: network/ports/noop.yaml
- OS::TripleO::BlockStorage::Ports::InternalApiPort: network/ports/noop.yaml
- OS::TripleO::BlockStorage::Ports::StoragePort: network/ports/noop.yaml
- OS::TripleO::BlockStorage::Ports::StorageMgmtPort: network/ports/noop.yaml
- OS::TripleO::BlockStorage::Ports::TenantPort: network/ports/noop.yaml
- OS::TripleO::BlockStorage::Ports::ManagementPort: network/ports/noop.yaml
-
# Service to network Mappings
OS::TripleO::ServiceNetMap: network/service_net_map.yaml
OS::TripleO::Services::CinderBackup: OS::Heat::None
OS::TripleO::Services::CinderScheduler: puppet/services/cinder-scheduler.yaml
OS::TripleO::Services::CinderVolume: puppet/services/cinder-volume.yaml
+ OS::TripleO::Services::BlockStorageCinderVolume: puppet/services/cinder-volume.yaml
OS::TripleO::Services::Core: OS::Heat::None
OS::TripleO::Services::Keystone: puppet/services/keystone.yaml
OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml
OS::Tripleo::Services::ManilaShare: OS::Heat::None
OS::Tripleo::Services::ManilaBackendGeneric: OS::Heat::None
OS::Tripleo::Services::ManilaBackendNetapp: OS::Heat::None
+ OS::Tripleo::Services::ManilaBackendCephFs: OS::Heat::None
OS::TripleO::Services::ComputeNeutronL3Agent: OS::Heat::None
OS::TripleO::Services::ComputeNeutronMetadataAgent: OS::Heat::None
OS::TripleO::Services::AodhApi: puppet/services/aodh-api.yaml
List of resources to be removed from {{role.name}} ResourceGroup when
doing an update which requires removal of specific resources.
Example format ComputeRemovalPolicies: [{'resource_list': ['0']}]
+
+{% if role.name != 'Compute' %}
+ {{role.name}}SchedulerHints:
+{% else %}
+ NovaComputeSchedulerHints:
+{% endif %}
+ type: json
+ description: Optional scheduler hints to pass to nova
+ default: {}
{% endfor %}
# Identifiers to trigger tasks on nodes
params:
'%stackname%': {get_param: 'OS::stack_name'}
NodeIndex: '%index%'
+ {% if role.name != 'Compute' %}
+ {{role.name}}SchedulerHints: {get_param: {{role.name}}SchedulerHints}
+ {% else %}
+ NovaComputeSchedulerHints: {get_param: NovaComputeSchedulerHints}
+ {% endif %}
ServiceConfigSettings:
map_merge:
- get_attr: [{{role.name}}ServiceChain, role_data, config_settings]
{% endfor %}
# FIXME(shardy): These require further work to move into service_ips
memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]}
- keystone_public_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystonePublicApiNetwork]}]}
- keystone_admin_api_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]}
NetVipMap: {get_attr: [VipMap, net_ip_map]}
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
type: comma_delimited_list
memcache_node_ips:
type: comma_delimited_list
- keystone_public_api_node_ips:
- type: comma_delimited_list
- keystone_admin_api_node_ips:
- type: comma_delimited_list
NetVipMap:
type: json
RedisVirtualIP:
Heat action on performed top-level stack.
constraints:
- allowed_values: ['CREATE', 'UPDATE']
+ # NOTE(jaosorior): This is being set as IPA as it's the first
+ # CA we'll actually be testing out. But we can change this if
+ # people request it.
+ CertmongerCA:
+ type: string
+ default: 'IPA'
resources:
list_join:
- "]','inet6:["
- {get_param: memcache_node_ips}
- keystone_public_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: keystone_public_api_node_ips}
- keystone_admin_api_node_ips:
- str_replace:
- template: "['SERVERS_LIST']"
- params:
- SERVERS_LIST:
- list_join:
- - "','"
- - {get_param: keystone_admin_api_node_ips}
deploy_identifier: {get_param: DeployIdentifier}
update_identifier: {get_param: UpdateIdentifier}
cloud_name_storage: {get_param: cloud_name_storage}
cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt}
cloud_name_ctlplane: {get_param: cloud_name_ctlplane}
+ # TLS parameters
+ certmonger_ca: {get_param: CertmongerCA}
outputs:
config_id:
+++ /dev/null
-heat_template_version: 2015-04-30
-
-description: >
- A software config which runs manifests/overcloud_volume.pp
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- StepConfig:
- type: string
- description: Config manifests that will be used to step through the deployment.
- default: ''
-
-resources:
-
- BlockStoragePuppetConfigImpl:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
- inputs:
- - name: step
- type: Number
- outputs:
- - name: result
- config:
- list_join:
- - ''
- - - get_file: manifests/overcloud_volume.pp
- - {get_param: StepConfig}
-
-outputs:
- OS::stack_id:
- description: The software config which runs overcloud_controller.pp
- value: {get_resource: BlockStoragePuppetConfigImpl}
+++ /dev/null
-heat_template_version: 2015-04-30
-
-description: >
- A software config which runs manifests/overcloud_compute.pp
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- StepConfig:
- type: string
- description: Config manifests that will be used to step through the deployment.
- default: ''
-
-resources:
-
- ComputePuppetConfigImpl:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
- inputs:
- - name: step
- type: Number
- outputs:
- - name: result
- config:
- list_join:
- - ''
- - - get_file: manifests/overcloud_compute.pp
- - {get_param: StepConfig}
-
-outputs:
- OS::stack_id:
- description: The software config which runs overcloud_controller.pp
- value: {get_resource: ComputePuppetConfigImpl}
heat_template_version: 2015-04-30
description: >
- A software config which runs manifests/overcloud_cephstorage.pp
+ A software config which runs puppet on the {{role}} role
parameters:
ConfigDebug:
resources:
- CephStoragePuppetConfigImpl:
+ {{role}}PuppetConfigImpl:
type: OS::Heat::SoftwareConfig
properties:
group: puppet
enable_hiera: True
enable_facter: False
modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
+ outputs:
+ - name: result
inputs:
- name: step
type: Number
- outputs:
- - name: result
config:
list_join:
- ''
- - - get_file: manifests/overcloud_cephstorage.pp
+ - - str_replace:
+ template: {get_file: manifests/overcloud_role.pp}
+ params:
+ __ROLE__: {{role.lower()}}
- {get_param: StepConfig}
outputs:
OS::stack_id:
- description: The software config which runs overcloud_controller.pp
- value: {get_resource: CephStoragePuppetConfigImpl}
+ description: The software config which runs puppet on the {{role}} role
+ value: {get_resource: {{role}}PuppetConfigImpl}
+++ /dev/null
-heat_template_version: 2015-04-30
-
-description: >
- A software config which runs manifests/overcloud_controller.pp
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- StepConfig:
- type: string
- description: Config manifests that will be used to step through the deployment.
- default: ''
-
-resources:
-
- ControllerPuppetConfigImpl:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
- outputs:
- - name: result
- inputs:
- - name: step
- type: Number
- config:
- list_join:
- - ''
- - - get_file: manifests/overcloud_controller.pp
- - {get_param: StepConfig}
-
-outputs:
- OS::stack_id:
- description: The software config which runs overcloud_controller.pp
- value: {get_resource: ControllerPuppetConfigImpl}
type: OS::Heat::StructuredDeploymentGroup
properties:
config: {get_resource: NetworkMidoNetConfig}
- servers: {get_param: servers, Controller}
+ servers: {get_param: [servers, Controller]}
NetworkMidonetDeploymentComputes:
type: OS::Heat::StructuredDeploymentGroup
properties:
config: {get_resource: NetworkMidoNetConfig}
- servers: {get_param: servers, Compute}
+ servers: {get_param: [servers, Compute]}
properties:
name: NetworkCiscoDeployment
config: {get_resource: NetworkCiscoConfig}
- servers: {get_param: servers, Controller}
+ servers: {get_param: [servers, Controller]}
input_values:
UCSM_ip: {get_param: NetworkUCSMIp}
UCSM_username: {get_param: NetworkUCSMUsername}
type: OS::Heat::SoftwareDeployments
properties:
name: CollectMacDeploymentsController
- servers: {get_param: servers, Controller}
+ servers: {get_param: [servers, Controller]}
config: {get_resource: CollectMacConfig}
actions: ['CREATE'] # Only do this on CREATE
type: OS::Heat::SoftwareDeployments
properties:
name: CollectMacDeploymentsCompute
- servers: {get_param: servers, Compute}
+ servers: {get_param: [servers, Compute]}
config: {get_resource: CollectMacConfig}
actions: ['CREATE'] # Only do this on CREATE
type: OS::Heat::SoftwareDeployments
properties:
name: CollectMacDeploymentsBlockStorage
- servers: {get_param: servers, BlockStorage}
+ servers: {get_param: [servers, BlockStorage]}
config: {get_resource: CollectMacConfig}
actions: ['CREATE'] # Only do this on CREATE
type: OS::Heat::SoftwareDeployments
properties:
name: CollectMacDeploymentsObjectStorage
- servers: {get_param: servers, ObjectStorage}
+ servers: {get_param: [servers, ObjectStorage]}
config: {get_resource: CollectMacConfig}
actions: ['CREATE'] # Only do this on CREATE
type: OS::Heat::SoftwareDeployments
properties:
name: CollectMacDeploymentsCephStorage
- servers: {get_param: servers, CephStorage}
+ servers: {get_param: [servers, CephStorage]}
config: {get_resource: CollectMacConfig}
actions: ['CREATE'] # Only do this on CREATE
CinderNetappStoragePools:
type: string
default: ''
- CinderNetappEseriesHostType:
+ CinderNetappHostType:
type: string
- default: 'linux_dm_mp'
+ default: ''
CinderNetappWebservicePath:
type: string
default: '/devmgr/v2'
+ # DEPRECATED options for compatibility with older versions
+ CinderNetappEseriesHostType:
+ type: string
+ default: 'linux_dm_mp'
+
+parameter_groups:
+- label: deprecated
+ description: Do not use deprecated params, they will be removed.
+ parameters:
+ - CinderNetappEseriesHostType
resources:
CinderNetappConfig:
cinder::backend::netapp::netapp_controller_ips: {get_input: NetappControllerIps}
cinder::backend::netapp::netapp_sa_password: {get_input: NetappSaPassword}
cinder::backend::netapp::netapp_storage_pools: {get_input: NetappStoragePools}
- cinder::backend::netapp::netapp_eseries_host_type: {get_input: NetappEseriesHostType}
+ cinder::backend::netapp::netapp_host_type: {get_input: NetappHostType}
cinder::backend::netapp::netapp_webservice_path: {get_input: NetappWebservicePath}
CinderNetappDeployment:
NetappControllerIps: {get_param: CinderNetappControllerIps}
NetappSaPassword: {get_param: CinderNetappSaPassword}
NetappStoragePools: {get_param: CinderNetappStoragePools}
- NetappEseriesHostType: {get_param: CinderNetappEseriesHostType}
+ NetappHostType: {get_param: CinderNetappHostType}
NetappWebservicePath: {get_param: CinderNetappWebservicePath}
outputs:
| openssl md5 | cut -c 10- \
> ${heat_outputs_path}.key_modulus
# We need to reload haproxy in case the certificate changed because
- # puppet doesn't know the contents of the cert file. The pacemaker
- # case is handled separately in a pacemaker-specific resource.
- pacemaker_status=$(systemctl is-active pacemaker)
+ # puppet doesn't know the contents of the cert file.
haproxy_status=$(systemctl is-active haproxy)
- if [ "$pacemaker_status" != "active" -a "$haproxy_status" = "active"]; then
+ if [ "$haproxy_status" = "active" ]; then
systemctl reload haproxy
fi
+++ /dev/null
-# Copyright 2015 Red Hat, Inc.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-if hiera('step') >= 4 {
- hiera_include('ceph_classes', [])
-}
-
-$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_ceph', hiera('step')])
-package_manifest{$package_manifest_name: ensure => present}
+++ /dev/null
-# Copyright 2014 Red Hat, Inc.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-if hiera('step') >= 4 {
- hiera_include('compute_classes', [])
-}
-
-$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_compute', hiera('step')])
-package_manifest{$package_manifest_name: ensure => present}
+++ /dev/null
-# Copyright 2015 Red Hat, Inc.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-if hiera('step') >= 4 {
- hiera_include('object_classes', [])
-}
-
-$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_object', hiera('step')])
-package_manifest{$package_manifest_name: ensure => present}
# License for the specific language governing permissions and limitations
# under the License.
+# The content of this file will be used to generate
+# the puppet manifests for all roles, the placeholder
+# __ROLE__ will be replaced by 'controller', 'blockstorage',
+# 'cephstorage' and all the deployed roles.
+
if hiera('step') >= 4 {
- hiera_include('controller_classes', [])
+ hiera_include('__ROLE___classes', [])
}
-$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller', hiera('step')])
+$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud___ROLE__', hiera('step')])
package_manifest{$package_manifest_name: ensure => present}
+++ /dev/null
-# Copyright 2015 Red Hat, Inc.
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-if hiera('step') >= 4 {
- hiera_include('volume_classes', [])
-}
-
-$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_volume', hiera('step')])
-package_manifest{$package_manifest_name: ensure => present}
+++ /dev/null
-heat_template_version: 2015-04-30
-
-description: >
- A software config which runs manifests/overcloud_object.pp
-
-parameters:
- ConfigDebug:
- default: false
- description: Whether to run config management (e.g. Puppet) in debug mode.
- type: boolean
- StepConfig:
- type: string
- description: Config manifests that will be used to step through the deployment.
- default: ''
-
-resources:
-
- ObjectStoragePuppetConfigImpl:
- type: OS::Heat::SoftwareConfig
- properties:
- group: puppet
- options:
- enable_debug: {get_param: ConfigDebug}
- enable_hiera: True
- enable_facter: False
- modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
- inputs:
- - name: step
- type: Number
- outputs:
- - name: result
- config:
- list_join:
- - ''
- - - get_file: manifests/overcloud_object.pp
- - {get_param: StepConfig}
-
-outputs:
- OS::stack_id:
- description: The software config which runs overcloud_controller.pp
- value: {get_resource: ObjectStoragePuppetConfigImpl}
aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]}
tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms}
service_config_settings:
- get_attr: [AodhBase, role_data, service_config_settings]
+ get_attr: [AodhBase, role_data, service_config_settings]
step_config: |
include tripleo::profile::base::aodh::api
value:
service_name: aodh_base
config_settings:
- aodh::evaluator::coordination_url:
- list_join:
- - ''
- - - 'redis://:'
- - {get_param: RedisPassword}
- - '@'
- - "%{hiera('redis_vip')}"
- - ':6379/'
+ aodh_redis_password: {get_param: RedisPassword}
aodh::db::database_connection:
list_join:
- ''
aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
aodh::auth::auth_password: {get_param: AodhPassword}
- aodh::db::mysql::user: aodh
- aodh::db::mysql::password: {get_param: AodhPassword}
- aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- aodh::db::mysql::dbname: aodh
- aodh::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
aodh::auth::auth_region: 'regionOne'
aodh::auth::auth_tenant_name: 'service'
service_config_settings:
aodh::keystone::auth::password: {get_param: AodhPassword}
aodh::keystone::auth::region: {get_param: KeystoneRegion}
aodh::keystone::auth::tenant: 'service'
+ mysql:
+ aodh::db::mysql::user: aodh
+ aodh::db::mysql::password: {get_param: AodhPassword}
+ aodh::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ aodh::db::mysql::dbname: aodh
+ aodh::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
config_settings:
map_merge:
- get_attr: [CeilometerServiceBase, role_data, config_settings]
- - ceilometer::agent::central::coordination_url:
- list_join:
- - ''
- - - 'redis://:'
- - {get_param: RedisPassword}
- - '@'
- - "%{hiera('redis_vip')}"
- - ':6379/'
+ - ceilometer_redis_password: {get_param: RedisPassword}
step_config: |
include ::tripleo::profile::base::ceilometer::agent::central
params:
$NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
service_config_settings:
- get_attr: [CeilometerServiceBase, role_data, service_config_settings]
+ get_attr: [CeilometerServiceBase, role_data, service_config_settings]
step_config: |
include ::tripleo::profile::base::ceilometer::api
ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion}
ceilometer::agent::auth::auth_tenant_name: 'service'
ceilometer::agent::auth::auth_endpoint_type: 'internalURL'
- ceilometer::db::mysql::password: {get_param: CeilometerPassword}
ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher}
ceilometer::dispatcher::gnocchi::url: {get_param: [EndpointMap, GnocchiInternal, uri]}
ceilometer::dispatcher::gnocchi::filter_project: 'service'
ceilometer::rabbit_password: {get_param: RabbitPassword}
ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
ceilometer::rabbit_port: {get_param: RabbitClientPort}
- ceilometer::db::mysql::user: ceilometer
- ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- ceilometer::db::mysql::dbname: ceilometer
- ceilometer::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
ceilometer::rabbit_heartbeat_timeout_threshold: 60
ceilometer::db::database_db_max_retries: -1
ceilometer::db::database_max_retries: -1
ceilometer::keystone::auth::password: {get_param: CeilometerPassword}
ceilometer::keystone::auth::region: {get_param: KeystoneRegion}
ceilometer::keystone::auth::tenant: 'service'
+ mysql:
+ ceilometer::db::mysql::password: {get_param: CeilometerPassword}
+ ceilometer::db::mysql::user: ceilometer
+ ceilometer::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ ceilometer::db::mysql::dbname: ceilometer
+ ceilometer::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
map_merge:
- get_attr: [MongoDbBase, role_data, config_settings]
- get_attr: [CeilometerServiceBase, role_data, config_settings]
+ service_config_settings:
+ get_attr: [CeilometerServiceBase, role_data, service_config_settings]
step_config: |
include ::tripleo::profile::base::ceilometer::collector
cinder::keystone::auth::admin_url_v3: {get_param: [EndpointMap, CinderV3Admin, uri]}
cinder::keystone::auth::password: {get_param: CinderPassword}
cinder::keystone::auth::region: {get_param: KeystoneRegion}
+ mysql:
+ cinder::db::mysql::password: {get_param: CinderPassword}
+ cinder::db::mysql::user: cinder
+ cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ cinder::db::mysql::dbname: cinder
+ cinder::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/cinder'
- cinder::db::mysql::password: {get_param: CinderPassword}
cinder::debug: {get_param: Debug}
cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
cinder::rabbit_userid: {get_param: RabbitUserName}
cinder::rabbit_password: {get_param: RabbitPassword}
cinder::rabbit_port: {get_param: RabbitClientPort}
- cinder::db::mysql::user: cinder
- cinder::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- cinder::db::mysql::dbname: cinder
- cinder::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
cinder::rabbit_heartbeat_timeout_threshold: 60
- cinder::host: hostgroup
cinder::cron::db_purge::destination: '/dev/null'
cinder::db::database_db_max_retries: -1
cinder::db::database_max_retries: -1
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]}
+ tripleo::profile::base::database::mysql::bind_address:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
step_config: |
include ::tripleo::profile::base::database::mysql
glance::backend::rbd::rbd_store_pool: {get_param: GlanceRbdPoolName}
glance::backend::rbd::rbd_store_user: {get_param: CephClientUserName}
glance_backend: {get_param: GlanceBackend}
- glance::db::mysql::password: {get_param: GlancePassword}
glance::notify::rabbitmq::rabbit_userid: {get_param: RabbitUserName}
glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort}
glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword}
glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
glance::registry::debug: {get_param: Debug}
glance::registry::workers: {get_param: GlanceWorkers}
- glance::db::mysql::user: glance
- glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- glance::db::mysql::dbname: glance
- glance::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
glance::registry::db::database_db_max_retries: -1
glance::registry::db::database_max_retries: -1
tripleo.glance_registry.firewall_rules:
glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]}
step_config: |
include ::tripleo::profile::base::glance::registry
+ service_config_settings:
+ mysql:
+ glance::db::mysql::password: {get_param: GlancePassword}
+ glance::db::mysql::user: glance
+ glance::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ glance::db::mysql::dbname: glance
+ glance::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
gnocchi::keystone::auth::public_url: { get_param: [ EndpointMap, GnocchiPublic, uri ] }
gnocchi::keystone::auth::region: {get_param: KeystoneRegion}
gnocchi::keystone::auth::tenant: 'service'
+ mysql:
+ gnocchi::db::mysql::password: {get_param: GnocchiPassword}
+ gnocchi::db::mysql::user: gnocchi
+ gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ gnocchi::db::mysql::dbname: gnocchi
+ gnocchi::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
service_name: gnocchi_base
config_settings:
#Gnocchi engine
+ gnocchi_redis_password: {get_param: RedisPassword}
gnocchi::debug: {get_param: Debug}
gnocchi::db::database_connection:
list_join:
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/gnocchi'
- gnocchi::db::mysql::password: {get_param: GnocchiPassword}
gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types'
- gnocchi::storage::coordination_url:
- list_join:
- - ''
- - - 'redis://:'
- - {get_param: RedisPassword}
- - '@'
- - "%{hiera('redis_vip')}"
- - ':6379/'
gnocchi::storage::swift::swift_user: 'service:gnocchi'
gnocchi::storage::swift::swift_auth_version: 2
gnocchi::storage::swift::swift_key: {get_param: GnocchiPassword}
gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616'
gnocchi::statsd::flush_delay: 10
gnocchi::statsd::archive_policy_name: 'low'
- gnocchi::db::mysql::user: gnocchi
- gnocchi::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- gnocchi::db::mysql::dbname: gnocchi
- gnocchi::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
MonitoringSubscriptionGnocchiMetricd:
default: 'overcloud-gnocchi-metricd'
type: string
+ GnocchiMetricdWorkers:
+ default: ''
+ description: Number of workers for Gnocchi MetricD
+ type: string
resources:
GnocchiServiceBase:
config_settings:
map_merge:
- get_attr: [GnocchiServiceBase, role_data, config_settings]
+ - gnocchi::metricd::workers: {get_param: GnocchiMetricdWorkers}
step_config: |
include ::tripleo::profile::base::gnocchi::metricd
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/heat'
heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]}
- heat::db::mysql::password: {get_param: HeatPassword}
heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword}
- heat::db::mysql::user: heat
- heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- heat::db::mysql::dbname: heat
- heat::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
heat::engine::auth_encryption_key:
yaql:
expression: $.data.passwords.where($ != '').first()
- {get_param: [DefaultPasswords, heat_auth_encryption_key]}
step_config: |
include ::tripleo::profile::base::heat::engine
+
+ service_config_settings:
+ mysql:
+ heat::db::mysql::password: {get_param: HeatPassword}
+ heat::db::mysql::user: heat
+ heat::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ heat::db::mysql::dbname: heat
+ heat::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
ironic::keystone::auth::auth_name: 'ironic'
ironic::keystone::auth::password: {get_param: IronicPassword }
ironic::keystone::auth::tenant: 'service'
+ mysql:
+ ironic::db::mysql::password: {get_param: IronicPassword}
+ ironic::db::mysql::user: ironic
+ ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ ironic::db::mysql::dbname: ironic
+ ironic::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
ironic::rabbit_password: {get_param: RabbitPassword}
ironic::rabbit_port: {get_param: RabbitClientPort}
ironic::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
- ironic::db::mysql::password: {get_param: IronicPassword}
- ironic::db::mysql::user: ironic
- ironic::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- ironic::db::mysql::dbname: ironic
- ironic::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
step_config: |
include ::tripleo::profile::base::ironic
logging_source: {get_param: KeystoneLoggingSource}
logging_groups:
- keystone
- config_settings:
config_settings:
map_merge:
- get_attr: [ApacheServiceBase, role_data, config_settings]
'/etc/keystone/credential-keys/1':
content: {get_param: KeystoneCredential1}
keystone::debug: {get_param: Debug}
- keystone::db::mysql::password: {get_param: AdminToken}
keystone::rabbit_userid: {get_param: RabbitUserName}
keystone::rabbit_password: {get_param: RabbitPassword}
keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
keystone::endpoint::region: {get_param: KeystoneRegion}
keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
- keystone::db::mysql::user: keystone
- keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- keystone::db::mysql::dbname: keystone
- keystone::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
keystone::rabbit_heartbeat_timeout_threshold: 60
keystone::cron::token_flush::maxdelay: 3600
keystone::roles::admin::service_tenant: 'service'
keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
step_config: |
include ::tripleo::profile::base::keystone
+ service_config_settings:
+ mysql:
+ keystone::db::mysql::password: {get_param: AdminToken}
+ keystone::db::mysql::user: keystone
+ keystone::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ keystone::db::mysql::dbname: keystone
+ keystone::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
include ::tripleo::profile::base::manila::api
service_config_settings:
keystone:
+ manila::keystone::auth::tenant: 'service'
manila::keystone::auth::public_url: {get_param: [EndpointMap, ManilaV1Public, uri]}
manila::keystone::auth::internal_url: {get_param: [EndpointMap, ManilaV1Internal, uri]}
manila::keystone::auth::admin_url: {get_param: [EndpointMap, ManilaV1Admin, uri]}
manila::keystone::auth::admin_url_v2: {get_param: [EndpointMap, ManilaAdmin, uri]}
manila::keystone::auth::password: {get_param: ManilaPassword}
manila::keystone::auth::region: {get_param: KeystoneRegion}
+ mysql:
+ manila::db::mysql::password: {get_param: ManilaPassword}
+ manila::db::mysql::user: manila
+ manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ manila::db::mysql::dbname: manila
+ manila::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
--- /dev/null
+heat_template_version: 2016-04-08
+
+description: >
+ Openstack Manila Cephfs backend
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ # CephFS Native backend params:
+ ManilaCephFSNativeEnableBackend:
+ type: boolean
+ default: false
+ ManilaCephFSNativeBackendName:
+ type: string
+ default: cephfsnative
+ ManilaCephFSNativeDriverHandlesShareServers:
+ type: boolean
+ default: false
+ ManilaCephFSNativeShareBackendName:
+ type: string
+ default: 'cephfs'
+ ManilaCephFSNativeCephFSConfPath:
+ type: string
+ default: '/etc/ceph/cephfs.conf'
+ ManilaCephFSNativeCephFSAuthId:
+ type: string
+ default: 'manila'
+ ManilaCephFSNativeCephFSClusterName:
+ type: string
+ default: 'ceph'
+ ManilaCephFSNativeCephFSEnableSnapshots:
+ type: boolean
+ default: true
+
+outputs:
+ role_data:
+ description: Role data for the Manila Cephfs backend.
+ value:
+ service_name: manila_backend_cephfs
+ config_settings:
+ manila::backend::cephfsnative::enable_backend: {get_param: ManilaCephFSNativeEnableBackend}
+ manila::backend::cephfsnative::title: {get_param: ManilaCephFSNativeBackendName}
+ manila::backend::cephfsnative::driver_handles_share_servers: {get_param: ManilaCephFSNativeDriverHandlesShareServers}
+ manila::backend::cephfsnative::share_backend_name: {get_param: ManilaCephFSNativeShareBackendName}
+ manila::backend::cephfsnative::cephfs_conf_path: {get_param: ManilaCephFSNativeCephFSConfPath}
+ manila::backend::cephfsnative::cephfs_auth_id: {get_param: ManilaCephFSNativeCephFSAuthId}
+ manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName}
+ manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots}
+ step_config:
manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
manila::rabbit_port: {get_param: RabbitClientPort}
manila::debug: {get_param: Debug}
- manila::db::mysql::user: manila
- manila::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- manila::db::mysql::dbname: manila
manila::db::database_db_max_retries: -1
manila::db::database_max_retries: -1
- manila::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
- manila::compute::nova::nova_admin_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]}
manila::compute::nova::nova_admin_password: {get_param: NovaPassword}
manila::compute::nova::nova_admin_tenant_name: 'service'
- manila::db::mysql::password: {get_param: ManilaPassword}
manila::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]}
manila::network::neutron::neutron_admin_auth_url: {get_param: [EndpointMap, NeutronAdmin, uri]}
manila::network::neutron::neutron_admin_password: {get_param: NeutronPassword}
default: 'True'
description: Allow automatic l3-agent failover
type: string
- NeutronL3HA:
- default: false
- description: |
- Whether to enable HA for virtual routers. While the default value is
- 'false', L3 HA will be automatically enabled if the number of nodes hosting
- controller configurations and DVR is disabled.
- type: boolean
NovaPassword:
description: The password for the nova service and db account, used by nova-api.
type: string
default: 1
type: number
+ # DEPRECATED: the following options are deprecated and are currently maintained
+ # for backwards compatibility. They will be removed in the Ocata cycle.
+ NeutronL3HA:
+ default: false
+ description: |
+ Whether to enable HA for virtual routers. While the default value is
+ 'false', L3 HA will be automatically enabled if the number of nodes
+ hosting controller configurations and DVR is disabled. This parameter is
+ being deprecated in Newton and is scheduled to be removed in Ocata.
+ Future releases will enable L3 HA by default if it is appropriate for the
+ deployment type. Alternate mechanisms will be available to override.
+ type: boolean
+
+parameter_groups:
+- label: deprecated
+ description: |
+ The following parameters are deprecated and will be removed. They should not
+ be relied on for new deployments. If you have concerns regarding deprecated
+ parameters, please contact the TripleO development team on IRC or the
+ OpenStack mailing list.
+ parameters:
+ - NeutronL3HA
+
resources:
NeutronBase:
neutron::server::notifications::password: {get_param: NovaPassword}
neutron::keystone::authtoken::project_name: 'service'
neutron::server::sync_db: true
- neutron::db::mysql::password: {get_param: NeutronPassword}
- neutron::db::mysql::user: neutron
- neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- neutron::db::mysql::dbname: ovs_neutron
- neutron::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
tripleo.neutron_server.firewall_rules:
'114 neutron server':
dport:
neutron::keystone::auth::admin_url: { get_param: [ EndpointMap, NeutronAdmin, uri ] }
neutron::keystone::auth::password: {get_param: NeutronPassword}
neutron::keystone::auth::region: {get_param: KeystoneRegion}
+ mysql:
+ neutron::db::mysql::password: {get_param: NeutronPassword}
+ neutron::db::mysql::user: neutron
+ neutron::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ neutron::db::mysql::dbname: ovs_neutron
+ neutron::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
type: string
hidden: true
NeutronWorkers:
- default: 0
- description: Number of workers for Neutron service.
- type: number
+ default: ''
+ description: |
+ Sets the number of worker processes for the neutron metadata agent. The
+ default value results in the configuration being left unset and a
+ system-dependent default will be chosen (usually the number of
+ processors). Please note that this can result in a large number of
+ processes and memory consumption on systems with a large core count. On
+ such systems it is recommended that a non-default value be selected that
+ matches the load requirements.
+ type: string
NeutronPassword:
description: The password for the neutron service and db account, used by neutron agents.
type: string
nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]}
nova::keystone::auth::password: {get_param: NovaPassword}
nova::keystone::auth::region: {get_param: KeystoneRegion}
+ mysql:
+ nova::db::mysql::password: {get_param: NovaPassword}
+ nova::db::mysql::user: nova
+ nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ nova::db::mysql::dbname: nova
+ nova::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
+ nova::db::mysql_api::password: {get_param: NovaPassword}
+ nova::db::mysql_api::user: nova_api
+ nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ nova::db::mysql_api::dbname: nova_api
+ nova::db::mysql_api::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/nova_api'
- nova::db::mysql::password: {get_param: NovaPassword}
- nova::db::mysql::user: nova
- nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- nova::db::mysql::dbname: nova
- nova::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
- nova::db::mysql_api::password: {get_param: NovaPassword}
- nova::db::mysql_api::user: nova_api
- nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- nova::db::mysql_api::dbname: nova_api
- nova::db::mysql_api::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
nova::debug: {get_param: Debug}
nova::purge_config: {get_param: EnableConfigPurge}
nova::network::neutron::neutron_project_name: 'service'
nova::notify_on_state_change: 'vm_and_task_state'
nova::notification_driver: messagingv2
nova::network::neutron::neutron_auth_type: 'v3password'
- nova::db::mysql::user: nova
- nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- nova::db::mysql::dbname: nova
- nova::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
- nova::db::mysql_api::user: nova_api
- nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- nova::db::mysql_api::dbname: nova_api
- nova::db::mysql_api::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
nova::db::database_db_max_retries: -1
nova::db::database_max_retries: -1
nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}
- get_attr: [CinderVolumeBase, role_data, config_settings]
- cinder::volume::manage_service: false
cinder::volume::enabled: false
+ cinder::host: hostgroup
step_config:
include ::tripleo::profile::pacemaker::cinder::volume
resources:
MongoDbBase:
- type: ../../database/mongodb-base.yaml
+ type: ../../database/mongodb.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
value:
service_name: mysql
config_settings:
- get_attr: [MysqlBase, role_data, config_settings]
+ map_merge:
+ - get_attr: [MysqlBase, role_data, config_settings]
+ - tripleo::profile::pacemaker::database::mysql::bind_address:
+ str_replace:
+ template:
+ '"%{::fqdn_$NETWORK}"'
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ # NOTE: bind IP is found in Heat replacing the network name with the
+ # local node IP for the given network; replacement examples
+ # (eg. for internal_api):
+ # internal_api -> IP
+ # internal_api_uri -> [IP]
+ # internal_api_subnet - > IP/CIDR
+ tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr:
+ get_param: [ServiceNetMap, MysqlNetwork]
step_config: |
include ::tripleo::profile::pacemaker::database::mysql
resources:
RedisBase:
- type: ../../database/redis-base.yaml
+ type: ../../database/redis.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
type: string
default: ''
hidden: true
+ RabbitHAQueues:
+ description:
+ The number of HA queues to be configured in rabbit. The default is 0 which will
+ be automatically overridden to CEIL(N/2) where N is the number of nodes running
+ rabbitmq.
+ default: 0
+ type: number
MonitoringSubscriptionRabbitmq:
default: 'overcloud-rabbitmq'
type: string
rabbitmq_config_variables:
tcp_listen_options: '[binary, {packet, raw}, {reuseaddr, true}, {backlog, 128}, {nodelay, true}, {exit_on_close, false}, {keepalive, true}]'
cluster_partition_handling: 'pause_minority'
+ queue_master_locator: '<<"min-masters">>'
loopback_users: '[]'
rabbitmq::erlang_cookie:
yaql:
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]}
+ rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
+
step_config: |
include ::tripleo::profile::base::rabbitmq
sahara::keystone::auth::admin_url: {get_param: [EndpointMap, SaharaAdmin, uri]}
sahara::keystone::auth::password: {get_param: SaharaPassword }
sahara::keystone::auth::region: {get_param: KeystoneRegion}
+ mysql:
+ sahara::db::mysql::password: {get_param: SaharaPassword}
+ sahara::db::mysql::user: sahara
+ sahara::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ sahara::db::mysql::dbname: sahara
+ sahara::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
- '@'
- {get_param: [EndpointMap, MysqlInternal, host]}
- '/sahara'
- sahara::db::mysql::password: {get_param: SaharaPassword}
- sahara::db::mysql::user: sahara
- sahara::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
- sahara::db::mysql::dbname: sahara
- sahara::db::mysql::allowed_hosts:
- - '%'
- - "%{hiera('mysql_bind_host')}"
sahara::rabbit_password: {get_param: RabbitPassword}
sahara::rabbit_user: {get_param: RabbitUserName}
sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL}
value:
service_name: ntp
config_settings:
- ntp::ntpservers: {get_param: NtpServer}
+ ntp::servers: {get_param: NtpServer}
tripleo.ntp.firewall_rules:
'105 ntp':
dport: 123
- OS::Tripleo::Services::ManilaScheduler
- OS::Tripleo::Services::ManilaBackendGeneric
- OS::Tripleo::Services::ManilaBackendNetapp
+ - OS::Tripleo::Services::ManilaBackendCephFs
- OS::Tripleo::Services::ManilaShare
- OS::TripleO::Services::AodhApi
- OS::TripleO::Services::AodhEvaluator
- name: BlockStorage
ServicesDefault:
- OS::TripleO::Services::CACerts
- - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::BlockStorageCinderVolume
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::Timezone