Mv pacemaker and firewall out of controller
This patch moves settings for pacemaker and the tripleo firewall out of controller.yaml. Related bug: #1604414 Change-Id: I0164717bfd79cdea3de8eb7a64771028bea201ac
This commit is contained in:
parent
7ab48cc832
commit
827d110a34
|
@ -440,9 +440,7 @@ resources:
|
|||
properties:
|
||||
CloudDomain: {get_param: CloudDomain}
|
||||
controllerExtraConfig: {get_param: controllerExtraConfig}
|
||||
PcsdPassword: {get_resource: PcsdPassword}
|
||||
RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]}
|
||||
RedisVirtualIPUri: {get_attr: [RedisVirtualIP, ip_address_uri]}
|
||||
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
|
||||
EndpointMap: {get_attr: [EndpointMap, endpoint_map]}
|
||||
Hostname:
|
||||
|
|
|
@ -23,18 +23,10 @@ parameters:
|
|||
...
|
||||
}
|
||||
type: json
|
||||
CorosyncIPv6:
|
||||
default: false
|
||||
description: Enable IPv6 in Corosync
|
||||
type: boolean
|
||||
Debug:
|
||||
default: ''
|
||||
description: Set to True to enable debugging on all services.
|
||||
type: string
|
||||
EnableFencing:
|
||||
default: false
|
||||
description: Whether to enable fencing in Pacemaker or not.
|
||||
type: boolean
|
||||
EnableLoadBalancer:
|
||||
default: true
|
||||
description: Whether to deploy a LoadBalancer on the Controller
|
||||
|
@ -45,38 +37,6 @@ parameters:
|
|||
Additional hieradata to inject into the cluster, note that
|
||||
ControllerExtraConfig takes precedence over ExtraConfig.
|
||||
type: json
|
||||
FencingConfig:
|
||||
default: {}
|
||||
description: |
|
||||
Pacemaker fencing configuration. The JSON should have
|
||||
the following structure:
|
||||
{
|
||||
"devices": [
|
||||
{
|
||||
"agent": "AGENT_NAME",
|
||||
"host_mac": "HOST_MAC_ADDRESS",
|
||||
"params": {"PARAM_NAME": "PARAM_VALUE"}
|
||||
}
|
||||
]
|
||||
}
|
||||
For instance:
|
||||
{
|
||||
"devices": [
|
||||
{
|
||||
"agent": "fence_xvm",
|
||||
"host_mac": "52:54:00:aa:bb:cc",
|
||||
"params": {
|
||||
"multicast_address": "225.0.0.12",
|
||||
"port": "baremetal_0",
|
||||
"manage_fw": true,
|
||||
"manage_key_file": true,
|
||||
"key_file": "/etc/fence_xvm.key",
|
||||
"key_file_password": "abcdef"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
type: json
|
||||
OvercloudControlFlavor:
|
||||
description: Flavor for control nodes to request when deploying.
|
||||
default: baremetal
|
||||
|
@ -98,33 +58,13 @@ parameters:
|
|||
type: string
|
||||
constraints:
|
||||
- custom_constraint: nova.keypair
|
||||
ManageFirewall:
|
||||
default: false
|
||||
description: Whether to manage IPtables rules.
|
||||
type: boolean
|
||||
PurgeFirewallRules:
|
||||
default: false
|
||||
description: Whether IPtables rules should be purged before setting up the new ones.
|
||||
type: boolean
|
||||
NeutronPublicInterface:
|
||||
default: nic1
|
||||
description: What interface to bridge onto br-ex for network nodes.
|
||||
type: string
|
||||
PcsdPassword:
|
||||
type: string
|
||||
description: The password for the 'pcsd' user.
|
||||
hidden: true
|
||||
RedisPassword:
|
||||
description: The password for Redis
|
||||
type: string
|
||||
hidden: true
|
||||
RedisVirtualIP:
|
||||
type: string
|
||||
default: '' # Has to be here because of the ignored empty value bug
|
||||
RedisVirtualIPUri:
|
||||
type: string
|
||||
default: '' # Has to be here because of the ignored empty value bug
|
||||
description: An IP address which is wrapped in brackets in case of IPv6
|
||||
SwiftRawDisks:
|
||||
default: {}
|
||||
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
|
||||
|
@ -358,17 +298,9 @@ resources:
|
|||
server: {get_resource: Controller}
|
||||
input_values:
|
||||
bootstack_nodeid: {get_attr: [Controller, name]}
|
||||
debug: {get_param: Debug}
|
||||
enable_fencing: {get_param: EnableFencing}
|
||||
enable_load_balancer: {get_param: EnableLoadBalancer}
|
||||
manage_firewall: {get_param: ManageFirewall}
|
||||
purge_firewall_rules: {get_param: PurgeFirewallRules}
|
||||
corosync_ipv6: {get_param: CorosyncIPv6}
|
||||
fencing_config: {get_param: FencingConfig}
|
||||
pcsd_password: {get_param: PcsdPassword}
|
||||
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
|
||||
redis_vip: {get_param: RedisVirtualIP}
|
||||
ironic_api_network: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, IronicApiNetwork]}]}
|
||||
|
||||
# Map heat metadata into hiera datafiles
|
||||
ControllerConfig:
|
||||
|
@ -421,17 +353,10 @@ resources:
|
|||
bootstack_nodeid: {get_input: bootstack_nodeid}
|
||||
|
||||
# Pacemaker
|
||||
enable_fencing: {get_input: enable_fencing}
|
||||
enable_load_balancer: {get_input: enable_load_balancer}
|
||||
hacluster_pwd: {get_input: pcsd_password}
|
||||
corosync_ipv6: {get_input: corosync_ipv6}
|
||||
tripleo::fencing::config: {get_input: fencing_config}
|
||||
|
||||
# Redis
|
||||
redis_vip: {get_input: redis_vip}
|
||||
# Firewall
|
||||
tripleo::firewall::manage_firewall: {get_input: manage_firewall}
|
||||
tripleo::firewall::purge_firewall_rules: {get_input: purge_firewall_rules}
|
||||
# Misc
|
||||
tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]}
|
||||
tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
heat_template_version: 2016-04-08
|
||||
heat_template_version: 2016-10-14
|
||||
|
||||
description: >
|
||||
Pacemaker service configured with Puppet
|
||||
|
@ -21,6 +21,51 @@ parameters:
|
|||
MonitoringSubscriptionPacemaker:
|
||||
default: 'overcloud-pacemaker'
|
||||
type: string
|
||||
CorosyncIPv6:
|
||||
default: false
|
||||
description: Enable IPv6 in Corosync
|
||||
type: boolean
|
||||
EnableFencing:
|
||||
default: false
|
||||
description: Whether to enable fencing in Pacemaker or not.
|
||||
type: boolean
|
||||
PcsdPassword:
|
||||
type: string
|
||||
description: The password for the 'pcsd' user for pacemaker.
|
||||
hidden: true
|
||||
default: ''
|
||||
FencingConfig:
|
||||
default: {}
|
||||
description: |
|
||||
Pacemaker fencing configuration. The JSON should have
|
||||
the following structure:
|
||||
{
|
||||
"devices": [
|
||||
{
|
||||
"agent": "AGENT_NAME",
|
||||
"host_mac": "HOST_MAC_ADDRESS",
|
||||
"params": {"PARAM_NAME": "PARAM_VALUE"}
|
||||
}
|
||||
]
|
||||
}
|
||||
For instance:
|
||||
{
|
||||
"devices": [
|
||||
{
|
||||
"agent": "fence_xvm",
|
||||
"host_mac": "52:54:00:aa:bb:cc",
|
||||
"params": {
|
||||
"multicast_address": "225.0.0.12",
|
||||
"port": "baremetal_0",
|
||||
"manage_fw": true,
|
||||
"manage_key_file": true,
|
||||
"key_file": "/etc/fence_xvm.key",
|
||||
"key_file_password": "abcdef"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
type: json
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
|
@ -44,5 +89,15 @@ outputs:
|
|||
'131 pacemaker udp':
|
||||
proto: 'udp'
|
||||
dport: 5405
|
||||
corosync_ipv6: {get_param: CorosyncIPv6}
|
||||
tripleo::fencing::config: {get_param: FencingConfig}
|
||||
enable_fencing: {get_param: EnableFencing}
|
||||
hacluster_pwd:
|
||||
yaql:
|
||||
expression: $.data.passwords.where($ != '').first()
|
||||
data:
|
||||
passwords:
|
||||
- {get_param: PcsdPassword}
|
||||
- {get_param: [DefaultPasswords, pcsd_password]}
|
||||
step_config: |
|
||||
include ::tripleo::profile::base::pacemaker
|
||||
|
|
|
@ -18,11 +18,22 @@ parameters:
|
|||
description: Mapping of service endpoint -> protocol. Typically set
|
||||
via parameter_defaults in the resource registry.
|
||||
type: json
|
||||
ManageFirewall:
|
||||
default: false
|
||||
description: Whether to manage IPtables rules.
|
||||
type: boolean
|
||||
PurgeFirewallRules:
|
||||
default: false
|
||||
description: Whether IPtables rules should be purged before setting up the new ones.
|
||||
type: boolean
|
||||
|
||||
outputs:
|
||||
role_data:
|
||||
description: Role data for the TripleO firewall settings
|
||||
value:
|
||||
service_name: tripleo_firewall
|
||||
config_settings:
|
||||
tripleo::firewall::manage_firewall: {get_param: ManageFirewall}
|
||||
tripleo::firewall::purge_firewall_rules: {get_param: PurgeFirewallRules}
|
||||
step_config: |
|
||||
include ::tripleo::firewall
|
||||
|
|
Loading…
Reference in New Issue