Hiera optimization: use a new hiera hook

This patch optimizes how we deploy hiera by using a new
heat hook specifically designed to help compose hiera
within heat templates. As part of this change:

 - we update all the 'hiera' software configurations to set the group to hiera
   instead of os-apply-config.

 - The new format uses JSON instead of YAML. The hook actually writes
   out the hiera JSON directly so no conversion takes place. Arrays,
   Strings, Booleans all stay in their native formats. As such we can avoid
   having to do many of the awkward string and list conversions in t-h-t to
   support the previous YAML formatting.

 - The new hook prefers JSON over YAML so upgrading users will have the
   new files prefered. (we will post a cleanup routine for the old files
   soon but this isn't a new behavior, JSON is now simply prefered.)

 - A lot of services required edits to account for default settings that
   worked in YAML that no longer work correctly in the native JSON
   format. In almost all these cases I think the resulting codes looks
   cleaner and is more explicit with regards to what is getting
   configured in hiera on the actual nodes.

Depends-On: I6a383b1ad4ec29458569763bd3f56fd3f2bd726b
Closes-bug: #1596373

Change-Id: Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
This commit is contained in:
Dan Prince 2016-10-10 21:09:01 -04:00
parent 9cd0c5a50c
commit 7876851011
27 changed files with 389 additions and 475 deletions

View File

@ -71,140 +71,132 @@ resources:
allNodesConfigImpl:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
group: hiera
config:
hiera:
datafiles:
bootstrap_node:
mapped_data:
bootstrap_nodeid: {get_input: bootstrap_nodeid}
bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip}
all_nodes:
mapped_data:
map_merge:
- tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources}
- tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups}
- enabled_services: {get_param: enabled_services}
# This writes out a mapping of service_name_enabled: 'true'
# For any services not enabled, hiera foo_enabled will
# return nil, as it's undefined
- map_merge:
repeat:
template:
# Note this must be string 'true' due to
# https://bugs.launchpad.net/heat/+bug/1617203
SERVICE_enabled: 'true'
for_each:
SERVICE:
str_split: [',', {get_param: enabled_services}]
# Dynamically generate per-service network data
# This works as follows (outer->inner functions)
# yaql - filters services where no mapping exists in ServiceNetMap
# map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
# map_merge/repeat: generate a per-service mapping
- yaql:
# This filters any entries where the value hasn't been substituted for
# a list, e.g it's still $service_network. This happens when there is
# no network defined for the service in the ServiceNetMap, which is OK
# as not all services have to be bound to a network, so we filter them
expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
data:
map:
map_replace:
datafiles:
bootstrap_node:
bootstrap_nodeid: {get_input: bootstrap_nodeid}
bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip}
all_nodes:
map_merge:
- tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources}
- tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups}
- enabled_services: {get_param: enabled_services}
# This writes out a mapping of service_name_enabled: 'true'
# For any services not enabled, hiera foo_enabled will
# return nil, as it's undefined
- map_merge:
repeat:
template:
# Note this must be string 'true' due to
# https://bugs.launchpad.net/heat/+bug/1617203
SERVICE_enabled: 'true'
for_each:
SERVICE:
str_split: [',', {get_param: enabled_services}]
# Dynamically generate per-service network data
# This works as follows (outer->inner functions)
# yaql - filters services where no mapping exists in ServiceNetMap
# map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
# map_merge/repeat: generate a per-service mapping
- yaql:
# This filters any entries where the value hasn't been substituted for
# a list, e.g it's still $service_network. This happens when there is
# no network defined for the service in the ServiceNetMap, which is OK
# as not all services have to be bound to a network, so we filter them
expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
data:
map:
map_replace:
- map_merge:
repeat:
template:
SERVICE_network: SERVICE_network
for_each:
SERVICE:
str_split: [',', {get_param: enabled_services}]
- values: {get_param: ServiceNetMap}
# Keystone doesn't provide separate entries for the public
# and admin endpoints, so we need to add them here manually
# like we do in the vip-config below
- keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]}
keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]}
# provides a mapping of service_name_ips to a list of IPs
- {get_param: service_ips}
- {get_param: service_node_names}
- {get_param: short_service_node_names}
- controller_node_ips:
list_join:
- ','
- {get_param: controller_ips}
controller_node_names:
list_join:
- ','
- {get_param: controller_names}
memcached_node_ips_v6:
repeat:
template: "inet6:[NAME]"
for_each:
NAME: {get_param: memcache_node_ips}
deploy_identifier: {get_param: DeployIdentifier}
update_identifier: {get_param: UpdateIdentifier}
stack_action: {get_param: StackAction}
vip_data:
map_merge:
# Dynamically generate per-service VIP data based on enabled_services
# This works as follows (outer->inner functions)
# yaql - filters services where no mapping exists in ServiceNetMap
# map_replace: substitute e.g internal_api with the IP from NetVipMap
# map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
# map_merge/repeat: generate a per-service mapping
- yaql:
# This filters any entries where the value hasn't been substituted for
# a list, e.g it's still $service_network. This happens when there is
# no network defined for the service in the ServiceNetMap, which is OK
# as not all services have to be bound to a network, so we filter them
expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
data:
map:
map_replace:
- map_replace:
- map_merge:
repeat:
template:
SERVICE_network: SERVICE_network
SERVICE_vip: SERVICE_network
for_each:
SERVICE:
str_split: [',', {get_param: enabled_services}]
- values: {get_param: ServiceNetMap}
# Keystone doesn't provide separate entries for the public
# and admin endpoints, so we need to add them here manually
# like we do in the vip-config below
- keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]}
keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]}
# provides a mapping of service_name_ips to a list of IPs
- {get_param: service_ips}
- {get_param: service_node_names}
- {get_param: short_service_node_names}
- controller_node_ips:
list_join:
- ','
- {get_param: controller_ips}
controller_node_names:
list_join:
- ','
- {get_param: controller_names}
memcached_node_ips_v6:
str_replace:
template: "['inet6:[SERVERS_LIST]']"
params:
SERVERS_LIST:
list_join:
- "]','inet6:["
- {get_param: memcache_node_ips}
deploy_identifier: {get_param: DeployIdentifier}
update_identifier: {get_param: UpdateIdentifier}
stack_action: {get_param: StackAction}
vip_data:
mapped_data:
map_merge:
# Dynamically generate per-service VIP data based on enabled_services
# This works as follows (outer->inner functions)
# yaql - filters services where no mapping exists in ServiceNetMap
# map_replace: substitute e.g internal_api with the IP from NetVipMap
# map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
# map_merge/repeat: generate a per-service mapping
- yaql:
# This filters any entries where the value hasn't been substituted for
# a list, e.g it's still $service_network. This happens when there is
# no network defined for the service in the ServiceNetMap, which is OK
# as not all services have to be bound to a network, so we filter them
expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
data:
map:
map_replace:
- map_replace:
- map_merge:
repeat:
template:
SERVICE_vip: SERVICE_network
for_each:
SERVICE:
str_split: [',', {get_param: enabled_services}]
- values: {get_param: ServiceNetMap}
- values: {get_param: NetVipMap}
- keystone_admin_api_vip:
get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}]
keystone_public_api_vip:
get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}]
public_virtual_ip: {get_param: [NetVipMap, external]}
controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
storage_virtual_ip: {get_param: [NetVipMap, storage]}
storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
redis_vip: {get_param: RedisVirtualIP}
# public_virtual_ip and controller_virtual_ip are needed in
# both HAproxy & keepalived.
tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]}
tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]}
tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]}
tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP}
tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]}
cloud_name_external: {get_param: cloud_name_external}
cloud_name_internal_api: {get_param: cloud_name_internal_api}
cloud_name_storage: {get_param: cloud_name_storage}
cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt}
cloud_name_ctlplane: {get_param: cloud_name_ctlplane}
# TLS parameters
certmonger_ca: {get_param: CertmongerCA}
enable_internal_tls: {get_param: EnableInternalTLS}
- values: {get_param: NetVipMap}
- keystone_admin_api_vip:
get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}]
keystone_public_api_vip:
get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}]
public_virtual_ip: {get_param: [NetVipMap, external]}
controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
storage_virtual_ip: {get_param: [NetVipMap, storage]}
storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
redis_vip: {get_param: RedisVirtualIP}
# public_virtual_ip and controller_virtual_ip are needed in
# both HAproxy & keepalived.
tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]}
tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]}
tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]}
tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP}
tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]}
cloud_name_external: {get_param: cloud_name_external}
cloud_name_internal_api: {get_param: cloud_name_internal_api}
cloud_name_storage: {get_param: cloud_name_storage}
cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt}
cloud_name_ctlplane: {get_param: cloud_name_ctlplane}
# TLS parameters
certmonger_ca: {get_param: CertmongerCA}
enable_internal_tls: {get_param: EnableInternalTLS}
outputs:
config_id:

View File

@ -239,39 +239,33 @@ resources:
BlockStorageConfig:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
group: hiera
config:
hiera:
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
- volume_extraconfig
- extraconfig
- service_names
- service_configs
- volume
- bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
merge_behavior: deeper
datafiles:
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
volume_extraconfig:
mapped_data: {get_param: BlockStorageExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
volume:
mapped_data:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
- volume_extraconfig
- extraconfig
- service_names
- service_configs
- volume
- bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
merge_behavior: deeper
datafiles:
service_names:
service_names: {get_param: ServiceNames}
sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
volume_extraconfig: {get_param: BlockStorageExtraConfig}
extraconfig: {get_param: ExtraConfig}
volume:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
# Resource for site-specific injection of root certificate
NodeTLSCAData:

View File

@ -244,39 +244,33 @@ resources:
CephStorageConfig:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
group: hiera
config:
hiera:
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
- ceph_extraconfig
- extraconfig
- service_names
- service_configs
- ceph
- bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
merge_behavior: deeper
datafiles:
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
ceph_extraconfig:
mapped_data: {get_param: CephStorageExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
ceph:
mapped_data:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
- ceph_extraconfig
- extraconfig
- service_names
- service_configs
- ceph
- bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
merge_behavior: deeper
datafiles:
service_names:
service_names: {get_param: ServiceNames}
sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
ceph_extraconfig: {get_param: CephStorageExtraConfig}
extraconfig: {get_param: ExtraConfig}
ceph:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
# Resource for site-specific injection of root certificate
NodeTLSCAData:

View File

@ -251,45 +251,39 @@ resources:
NovaComputeConfig:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
group: hiera
config:
hiera:
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
- compute_extraconfig
- extraconfig
- service_names
- service_configs
- compute
- bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
- neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre
- cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre
- nova_nuage_data # Optionally provided by ComputeExtraConfigPre
- midonet_data # Optionally provided by AllNodesExtraConfig
- neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre
- cisco_aci_data # Optionally provided by ComputeExtraConfigPre
merge_behavior: deeper
datafiles:
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
compute_extraconfig:
mapped_data: {get_param: NovaComputeExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
compute:
mapped_data:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
- compute_extraconfig
- extraconfig
- service_names
- service_configs
- compute
- bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
- neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre
- cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre
- nova_nuage_data # Optionally provided by ComputeExtraConfigPre
- midonet_data # Optionally provided by AllNodesExtraConfig
- neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre
- cisco_aci_data # Optionally provided by ComputeExtraConfigPre
merge_behavior: deeper
datafiles:
service_names:
service_names: {get_param: ServiceNames}
sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
compute_extraconfig: {get_param: NovaComputeExtraConfig}
extraconfig: {get_param: ExtraConfig}
compute:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
NovaComputeDeployment:
type: OS::TripleO::SoftwareDeployment

View File

@ -299,57 +299,51 @@ resources:
ControllerConfig:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
group: hiera
config:
hiera:
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
- controller_extraconfig
- extraconfig
- service_configs
- service_names
- controller
- bootstrap_node # provided by BootstrapNodeConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
- cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
- cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
- cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
- neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
- neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
- midonet_data #Optionally provided by AllNodesExtraConfig
- cisco_aci_data # Optionally provided by ControllerExtraConfigPre
merge_behavior: deeper
datafiles:
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
controller_extraconfig:
mapped_data:
map_merge:
- {get_param: controllerExtraConfig}
- {get_param: ControllerExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
controller:
mapped_data: # data supplied directly to this deployment configuration, etc
bootstack_nodeid: {get_input: bootstack_nodeid}
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
- controller_extraconfig
- extraconfig
- service_configs
- service_names
- controller
- bootstrap_node # provided by BootstrapNodeConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
- cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre
- cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
- cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre
- neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
- neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
- midonet_data #Optionally provided by AllNodesExtraConfig
- cisco_aci_data # Optionally provided by ControllerExtraConfigPre
merge_behavior: deeper
datafiles:
service_names:
service_names: {get_param: ServiceNames}
sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
controller_extraconfig:
map_merge:
- {get_param: controllerExtraConfig}
- {get_param: ControllerExtraConfig}
extraconfig: {get_param: ExtraConfig}
controller:
# data supplied directly to this deployment configuration, etc
bootstack_nodeid: {get_input: bootstack_nodeid}
# Pacemaker
enable_load_balancer: {get_input: enable_load_balancer}
# Pacemaker
enable_load_balancer: {get_input: enable_load_balancer}
# Misc
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
# Misc
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
ControllerExtraConfigPre:

View File

@ -228,40 +228,33 @@ resources:
SwiftStorageHieraConfig:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
group: hiera
config:
hiera:
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
- object_extraconfig
- extraconfig
- service_names
- service_configs
- object
- bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
merge_behavior: deeper
datafiles:
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
object_extraconfig:
mapped_data: {get_param: ObjectStorageExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
object:
mapped_data: # data supplied directly to this deployment configuration, etc
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
- object_extraconfig
- extraconfig
- service_names
- service_configs
- object
- bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
merge_behavior: deeper
datafiles:
service_names:
service_names: {get_param: ServiceNames}
sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
object_extraconfig: {get_param: ObjectStorageExtraConfig}
extraconfig: {get_param: ExtraConfig}
object:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
SwiftStorageHieraDeploy:
type: OS::Heat::StructuredDeployment

View File

@ -250,41 +250,35 @@ resources:
{{role}}Config:
type: OS::Heat::StructuredConfig
properties:
group: os-apply-config
group: hiera
config:
hiera:
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
- {{role.lower()}}_extraconfig
- extraconfig
- service_names
- service_configs
- {{role.lower()}}
- bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
merge_behavior: deeper
datafiles:
service_names:
mapped_data:
service_names: {get_param: ServiceNames}
sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
mapped_data:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
{{role.lower()}}_extraconfig:
mapped_data: {get_param: {{role}}ExtraConfig}
extraconfig:
mapped_data: {get_param: ExtraConfig}
{{role.lower()}}:
mapped_data:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
hierarchy:
- '"%{::uuid}"'
- heat_config_%{::deploy_config_name}
- {{role.lower()}}_extraconfig
- extraconfig
- service_names
- service_configs
- {{role.lower()}}
- bootstrap_node # provided by allNodesConfig
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
merge_behavior: deeper
datafiles:
service_names:
service_names: {get_param: ServiceNames}
sensu::subscriptions: {get_param: MonitoringSubscriptions}
service_configs:
map_replace:
- {get_param: ServiceConfigSettings}
- values: {get_attr: [NetIpMap, net_ip_map]}
{{role.lower()}}_extraconfig: {get_param: {{role}}ExtraConfig}
extraconfig: {get_param: ExtraConfig}
{{role.lower()}}:
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources}
tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups}
# Resource for site-specific injection of root certificate
NodeTLSCAData:

View File

@ -55,7 +55,7 @@ outputs:
aodh::wsgi::apache::servername:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
aodh::api::service_name: 'httpd'
@ -68,7 +68,7 @@ outputs:
aodh::api::host:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the

View File

@ -24,7 +24,7 @@ parameters:
hidden: true
BarbicanWorkers:
description: Set the number of workers for barbican::wsgi::apache
default: '"%{::processorcount}"'
default: '%{::processorcount}'
type: string
Debug:
default: ''
@ -93,7 +93,7 @@ outputs:
barbican::wsgi::apache::servername:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]}
barbican::db::database_connection:

View File

@ -75,7 +75,7 @@ outputs:
ceilometer::api::host:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
@ -83,7 +83,7 @@ outputs:
ceilometer::wsgi::apache::servername:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]}
service_config_settings:

View File

@ -119,36 +119,33 @@ outputs:
NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]}
ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]}
ceph::profile::params::client_keys:
str_replace:
template: "{
client.admin: {
secret: 'ADMIN_KEY',
mode: '0600',
cap_mon: 'allow *',
cap_osd: 'allow *',
map_replace:
- client.admin:
secret: {get_param: CephAdminKey}
mode: '0600'
cap_mon: 'allow *'
cap_osd: 'allow *'
cap_mds: 'allow *'
},
client.bootstrap-osd: {
secret: 'ADMIN_KEY',
keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring',
client.bootstrap-osd:
secret: {get_param: CephAdminKey}
keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring'
cap_mon: 'allow profile bootstrap-osd'
},
client.CLIENT_USER: {
secret: 'CLIENT_KEY',
mode: '0644',
cap_mon: 'allow r',
cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
}
}"
params:
CLIENT_USER: {get_param: CephClientUserName}
CLIENT_KEY: {get_param: CephClientKey}
ADMIN_KEY: {get_param: CephAdminKey}
NOVA_POOL: {get_param: NovaRbdPoolName}
CINDER_POOL: {get_param: CinderRbdPoolName}
CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
CEPH_CLIENT_KEY:
secret: {get_param: CephClientKey}
mode: '0644'
cap_mon: 'allow r'
cap_osd:
str_replace:
template: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL'
params:
NOVA_POOL: {get_param: NovaRbdPoolName}
CINDER_POOL: {get_param: CinderRbdPoolName}
CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
- keys:
CEPH_CLIENT_KEY:
list_join: ['.', ['client', {get_param: CephClientUserName}]]
service_config_settings:
glance_api:
glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]}

View File

@ -42,7 +42,7 @@ parameters:
CinderWorkers:
type: string
description: Set the number of workers for cinder::wsgi::apache
default: '"%{::os_workers}"'
default: '%{::os_workers}'
EnableInternalTLS:
type: boolean
default: false
@ -101,7 +101,7 @@ outputs:
cinder::api::bind_host:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS}
@ -115,7 +115,7 @@ outputs:
cinder::wsgi::apache::servername:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]}
-

View File

@ -87,7 +87,7 @@ outputs:
tripleo::profile::base::database::mysql::bind_address:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
step_config: |

View File

@ -39,6 +39,6 @@ outputs:
# internal_api_subnet - > IP/CIDR
redis::bind: {get_param: [ServiceNetMap, RedisNetwork]}
redis::port: 6379
redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"'
redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"'
redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}"
redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}"
redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'

View File

@ -91,7 +91,7 @@ outputs:
gnocchi::wsgi::apache::servername:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}
tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend}
@ -105,7 +105,7 @@ outputs:
gnocchi::api::host:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]}

View File

@ -68,7 +68,7 @@ outputs:
list_join:
- ''
- - 'http://'
- '%{hiera("ironic_conductor_http_host")}:'
- "%{hiera('ironic_conductor_http_host')}:"
- {get_param: IronicIPXEPort}
ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled}
ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]}

View File

@ -1,4 +1,4 @@
heat_template_version: 2016-04-08
heat_template_version: 2016-10-14
description: >
Keepalived service configured with Puppet
@ -36,6 +36,11 @@ parameters:
default: 'overcloud-keepalived'
type: string
conditions:
control_iface_empty: {equals : [{get_param: ControlVirtualInterface}, '']}
public_iface_empty: {equals : [{get_param: PublicVirtualInterface}, '']}
outputs:
role_data:
description: Role data for the Keepalived role.
@ -43,10 +48,19 @@ outputs:
service_name: keepalived
monitoring_subscription: {get_param: MonitoringSubscriptionKeepalived}
config_settings:
tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface}
tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface}
tripleo.keepalived.firewall_rules:
'106 keepalived vrrp':
proto: vrrp
map_merge:
- tripleo.keepalived.firewall_rules:
'106 keepalived vrrp':
proto: vrrp
-
if:
- control_iface_empty
- {}
- tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface}
-
if:
- public_iface_empty
- {}
- tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface}
step_config: |
include ::tripleo::profile::base::keepalived

View File

@ -89,7 +89,7 @@ parameters:
KeystoneWorkers:
type: string
description: Set the number of workers for keystone::wsgi::apache
default: '"%{::os_workers}"'
default: '%{::os_workers}'
MonitoringSubscriptionKeystone:
default: 'overcloud-keystone'
type: string
@ -195,13 +195,13 @@ outputs:
keystone::wsgi::apache::servername:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
keystone::wsgi::apache::servername_admin:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
keystone::wsgi::apache::workers: {get_param: KeystoneWorkers}
@ -219,13 +219,13 @@ outputs:
keystone::admin_bind_host:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]}
keystone::public_bind_host:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the

View File

@ -84,16 +84,12 @@ outputs:
neutron::rabbit_port: {get_param: RabbitClientPort}
neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork}
neutron::core_plugin: {get_param: NeutronCorePlugin}
neutron::service_plugins:
str_replace:
template: PLUGINS
params:
PLUGINS: {get_param: NeutronServicePlugins}
neutron::service_plugins: {get_param: NeutronServicePlugins}
neutron::debug: {get_param: Debug}
neutron::purge_config: {get_param: EnableConfigPurge}
neutron::allow_overlapping_ips: true
neutron::rabbit_heartbeat_timeout_threshold: 60
neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed
neutron::host: '%{::fqdn}'
neutron::db::database_db_max_retries: -1
neutron::db::database_max_retries: -1
neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu}

View File

@ -72,6 +72,6 @@ outputs:
neutron::agents::metadata::auth_password: {get_param: NeutronPassword}
neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] }
neutron::agents::metadata::auth_tenant: 'service'
neutron::agents::metadata::metadata_ip: '"%{hiera(\"nova_metadata_vip\")}"'
neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
step_config: |
include tripleo::profile::base::neutron::metadata

View File

@ -94,21 +94,9 @@ outputs:
- neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop}
neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR}
neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder}
neutron::agents::ml2::ovs::bridge_mappings:
str_replace:
template: MAPPINGS
params:
MAPPINGS: {get_param: NeutronBridgeMappings}
neutron::agents::ml2::ovs::tunnel_types:
str_replace:
template: TYPES
params:
TYPES: {get_param: NeutronTunnelTypes}
neutron::agents::ml2::ovs::extensions:
str_replace:
template: AGENT_EXTENSIONS
params:
AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions}
neutron::agents::ml2::ovs::bridge_mappings: {get_param: NeutronBridgeMappings}
neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes}
neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions}
# NOTE: bind IP is found in Heat replacing the network name with the
# local node IP for the given network; replacement examples
# (eg. for internal_api):

View File

@ -83,46 +83,14 @@ outputs:
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- neutron::plugins::ml2::mechanism_drivers:
str_replace:
template: MECHANISMS
params:
MECHANISMS: {get_param: NeutronMechanismDrivers}
neutron::plugins::ml2::type_drivers:
str_replace:
template: DRIVERS
params:
DRIVERS: {get_param: NeutronTypeDrivers}
neutron::plugins::ml2::flat_networks:
str_replace:
template: NETWORKS
params:
NETWORKS: {get_param: NeutronFlatNetworks}
neutron::plugins::ml2::extension_drivers:
str_replace:
template: PLUGIN_EXTENSIONS
params:
PLUGIN_EXTENSIONS: {get_param: NeutronPluginExtensions}
neutron::plugins::ml2::network_vlan_ranges:
str_replace:
template: RANGES
params:
RANGES: {get_param: NeutronNetworkVLANRanges}
neutron::plugins::ml2::tunnel_id_ranges:
str_replace:
template: RANGES
params:
RANGES: {get_param: NeutronTunnelIdRanges}
neutron::plugins::ml2::vni_ranges:
str_replace:
template: RANGES
params:
RANGES: {get_param: NeutronVniRanges}
neutron::plugins::ml2::tenant_network_types:
str_replace:
template: TYPES
params:
TYPES: {get_param: NeutronNetworkType}
- neutron::plugins::ml2::mechanism_drivers: {get_param: NeutronMechanismDrivers}
neutron::plugins::ml2::type_drivers: {get_param: NeutronTypeDrivers}
neutron::plugins::ml2::flat_networks: {get_param: NeutronFlatNetworks}
neutron::plugins::ml2::extension_drivers: {get_param: NeutronPluginExtensions}
neutron::plugins::ml2::network_vlan_ranges: {get_param: NeutronNetworkVLANRanges}
neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges}
neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges}
neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
neutron::plugins::ml2::supported_pci_vendor_devs: {get_param: NeutronSupportedPCIVendorDevs}
step_config: |

View File

@ -87,8 +87,8 @@ outputs:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- get_attr: [ApacheServiceBase, role_data, config_settings]
- nova::cron::archive_deleted_rows::hour: '"*/12"'
nova::cron::archive_deleted_rows::destination: '"/dev/null"'
- nova::cron::archive_deleted_rows::hour: '*/12'
nova::cron::archive_deleted_rows::destination: '/dev/null'
tripleo.nova_api.firewall_rules:
'113 nova_api':
dport:
@ -108,7 +108,7 @@ outputs:
nova::api::api_bind_address:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::api::service_name: 'httpd'
@ -122,7 +122,7 @@ outputs:
nova::wsgi::apache::servername:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]}
nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret}

View File

@ -109,7 +109,7 @@ outputs:
nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]}
nova::rabbit_heartbeat_timeout_threshold: 60
nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL'
nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed.
nova::host: '%{::fqdn}'
nova::notify_on_state_change: 'vm_and_task_state'
nova::notification_driver: messagingv2
nova::network::neutron::neutron_auth_type: 'v3password'

View File

@ -52,7 +52,7 @@ parameters:
For different formats, refer to the nova.conf documentation for
pci_passthrough_whitelist configuration
type: json
default: ''
default: {}
NovaVcpuPinSet:
description: >
A list or range of physical CPU cores to reserve for virtual machine
@ -97,11 +97,7 @@ outputs:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
- nova::compute::libvirt::manage_libvirt_services: false
nova::compute::pci_passthrough:
str_replace:
template: "'JSON_PARAM'"
params:
JSON_PARAM: {get_param: NovaPCIPassthrough}
nova::compute::pci_passthrough: {get_param: NovaPCIPassthrough}
nova::compute::vcpu_pin_set: {get_param: NovaVcpuPinSet}
nova::compute::reserved_host_memory: {get_param: NovaReservedHostMemory}
# we manage migration in nova common puppet profile
@ -117,7 +113,7 @@ outputs:
- '.'
- - 'client'
- {get_param: CephClientUserName}
nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"'
nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}"
nova::compute::instance_usage_audit: true
nova::compute::instance_usage_audit_period: 'hour'
nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend}

View File

@ -40,7 +40,7 @@ outputs:
- tripleo::profile::pacemaker::database::mysql::bind_address:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the

View File

@ -55,7 +55,7 @@ outputs:
panko::wsgi::apache::servername:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
panko::api::service_name: 'httpd'
@ -68,7 +68,7 @@ outputs:
panko::api::host:
str_replace:
template:
'"%{::fqdn_$NETWORK}"'
'%{::fqdn_$NETWORK}'
params:
$NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]}
# NOTE: bind IP is found in Heat replacing the network name with the