7876851011
This patch optimizes how we deploy hiera by using a new heat hook specifically designed to help compose hiera within heat templates. As part of this change: - we update all the 'hiera' software configurations to set the group to hiera instead of os-apply-config. - The new format uses JSON instead of YAML. The hook actually writes out the hiera JSON directly so no conversion takes place. Arrays, Strings, Booleans all stay in their native formats. As such we can avoid having to do many of the awkward string and list conversions in t-h-t to support the previous YAML formatting. - The new hook prefers JSON over YAML so upgrading users will have the new files prefered. (we will post a cleanup routine for the old files soon but this isn't a new behavior, JSON is now simply prefered.) - A lot of services required edits to account for default settings that worked in YAML that no longer work correctly in the native JSON format. In almost all these cases I think the resulting codes looks cleaner and is more explicit with regards to what is getting configured in hiera on the actual nodes. Depends-On: I6a383b1ad4ec29458569763bd3f56fd3f2bd726b Closes-bug: #1596373 Change-Id: Ibe7e2044e200e2c947223286fdf4fd5bcf98c2e1
206 lines
9.2 KiB
YAML
206 lines
9.2 KiB
YAML
heat_template_version: 2016-10-14
|
|
description: 'All Nodes Config for Puppet'
|
|
|
|
parameters:
|
|
cloud_name_external:
|
|
type: string
|
|
cloud_name_internal_api:
|
|
type: string
|
|
cloud_name_storage:
|
|
type: string
|
|
cloud_name_storage_mgmt:
|
|
type: string
|
|
cloud_name_ctlplane:
|
|
type: string
|
|
# FIXME(shardy) this can be comma_delimited_list when
|
|
# https://bugs.launchpad.net/heat/+bug/1617019 is fixed
|
|
enabled_services:
|
|
type: string
|
|
controller_ips:
|
|
type: comma_delimited_list
|
|
logging_groups:
|
|
type: json
|
|
logging_sources:
|
|
type: json
|
|
service_ips:
|
|
type: json
|
|
service_node_names:
|
|
type: json
|
|
short_service_node_names:
|
|
type: json
|
|
controller_names:
|
|
type: comma_delimited_list
|
|
memcache_node_ips:
|
|
type: comma_delimited_list
|
|
NetVipMap:
|
|
type: json
|
|
RedisVirtualIP:
|
|
type: string
|
|
default: ''
|
|
ServiceNetMap:
|
|
type: json
|
|
DeployIdentifier:
|
|
type: string
|
|
default: ''
|
|
description: >
|
|
Setting this to a unique value will re-run any deployment tasks which
|
|
perform configuration on a Heat stack-update.
|
|
UpdateIdentifier:
|
|
type: string
|
|
description: >
|
|
Setting to a previously unused value during stack-update will trigger
|
|
package update on all nodes
|
|
StackAction:
|
|
type: string
|
|
description: >
|
|
Heat action on performed top-level stack.
|
|
constraints:
|
|
- allowed_values: ['CREATE', 'UPDATE']
|
|
# NOTE(jaosorior): This is being set as IPA as it's the first
|
|
# CA we'll actually be testing out. But we can change this if
|
|
# people request it.
|
|
CertmongerCA:
|
|
type: string
|
|
default: 'IPA'
|
|
EnableInternalTLS:
|
|
type: boolean
|
|
default: false
|
|
|
|
resources:
|
|
|
|
allNodesConfigImpl:
|
|
type: OS::Heat::StructuredConfig
|
|
properties:
|
|
group: hiera
|
|
config:
|
|
datafiles:
|
|
bootstrap_node:
|
|
bootstrap_nodeid: {get_input: bootstrap_nodeid}
|
|
bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip}
|
|
all_nodes:
|
|
map_merge:
|
|
- tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources}
|
|
- tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups}
|
|
- enabled_services: {get_param: enabled_services}
|
|
# This writes out a mapping of service_name_enabled: 'true'
|
|
# For any services not enabled, hiera foo_enabled will
|
|
# return nil, as it's undefined
|
|
- map_merge:
|
|
repeat:
|
|
template:
|
|
# Note this must be string 'true' due to
|
|
# https://bugs.launchpad.net/heat/+bug/1617203
|
|
SERVICE_enabled: 'true'
|
|
for_each:
|
|
SERVICE:
|
|
str_split: [',', {get_param: enabled_services}]
|
|
# Dynamically generate per-service network data
|
|
# This works as follows (outer->inner functions)
|
|
# yaql - filters services where no mapping exists in ServiceNetMap
|
|
# map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
|
|
# map_merge/repeat: generate a per-service mapping
|
|
- yaql:
|
|
# This filters any entries where the value hasn't been substituted for
|
|
# a list, e.g it's still $service_network. This happens when there is
|
|
# no network defined for the service in the ServiceNetMap, which is OK
|
|
# as not all services have to be bound to a network, so we filter them
|
|
expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
|
|
data:
|
|
map:
|
|
map_replace:
|
|
- map_merge:
|
|
repeat:
|
|
template:
|
|
SERVICE_network: SERVICE_network
|
|
for_each:
|
|
SERVICE:
|
|
str_split: [',', {get_param: enabled_services}]
|
|
- values: {get_param: ServiceNetMap}
|
|
# Keystone doesn't provide separate entries for the public
|
|
# and admin endpoints, so we need to add them here manually
|
|
# like we do in the vip-config below
|
|
- keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]}
|
|
keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]}
|
|
# provides a mapping of service_name_ips to a list of IPs
|
|
- {get_param: service_ips}
|
|
- {get_param: service_node_names}
|
|
- {get_param: short_service_node_names}
|
|
- controller_node_ips:
|
|
list_join:
|
|
- ','
|
|
- {get_param: controller_ips}
|
|
controller_node_names:
|
|
list_join:
|
|
- ','
|
|
- {get_param: controller_names}
|
|
memcached_node_ips_v6:
|
|
repeat:
|
|
template: "inet6:[NAME]"
|
|
for_each:
|
|
NAME: {get_param: memcache_node_ips}
|
|
deploy_identifier: {get_param: DeployIdentifier}
|
|
update_identifier: {get_param: UpdateIdentifier}
|
|
stack_action: {get_param: StackAction}
|
|
vip_data:
|
|
map_merge:
|
|
# Dynamically generate per-service VIP data based on enabled_services
|
|
# This works as follows (outer->inner functions)
|
|
# yaql - filters services where no mapping exists in ServiceNetMap
|
|
# map_replace: substitute e.g internal_api with the IP from NetVipMap
|
|
# map_replace: substitute e.g heat_api_network with network name from ServiceNetMap
|
|
# map_merge/repeat: generate a per-service mapping
|
|
- yaql:
|
|
# This filters any entries where the value hasn't been substituted for
|
|
# a list, e.g it's still $service_network. This happens when there is
|
|
# no network defined for the service in the ServiceNetMap, which is OK
|
|
# as not all services have to be bound to a network, so we filter them
|
|
expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network")))
|
|
data:
|
|
map:
|
|
map_replace:
|
|
- map_replace:
|
|
- map_merge:
|
|
repeat:
|
|
template:
|
|
SERVICE_vip: SERVICE_network
|
|
for_each:
|
|
SERVICE:
|
|
str_split: [',', {get_param: enabled_services}]
|
|
- values: {get_param: ServiceNetMap}
|
|
- values: {get_param: NetVipMap}
|
|
- keystone_admin_api_vip:
|
|
get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}]
|
|
keystone_public_api_vip:
|
|
get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}]
|
|
public_virtual_ip: {get_param: [NetVipMap, external]}
|
|
controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
|
|
internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
|
|
storage_virtual_ip: {get_param: [NetVipMap, storage]}
|
|
storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
|
|
redis_vip: {get_param: RedisVirtualIP}
|
|
# public_virtual_ip and controller_virtual_ip are needed in
|
|
# both HAproxy & keepalived.
|
|
tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]}
|
|
tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
|
|
tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]}
|
|
tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]}
|
|
tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]}
|
|
tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]}
|
|
tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]}
|
|
tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP}
|
|
tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]}
|
|
cloud_name_external: {get_param: cloud_name_external}
|
|
cloud_name_internal_api: {get_param: cloud_name_internal_api}
|
|
cloud_name_storage: {get_param: cloud_name_storage}
|
|
cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt}
|
|
cloud_name_ctlplane: {get_param: cloud_name_ctlplane}
|
|
# TLS parameters
|
|
certmonger_ca: {get_param: CertmongerCA}
|
|
enable_internal_tls: {get_param: EnableInternalTLS}
|
|
|
|
outputs:
|
|
config_id:
|
|
description: The ID of the allNodesConfigImpl resource.
|
|
value:
|
|
{get_resource: allNodesConfigImpl}
|