Add nova placement API configuration
Nova placement API is recommended in Newton and is mandatory in Ocata. Scheduling will not work without it. We configure services according to: https://docs.openstack.org/developer/nova/placement.html Change-Id: Ic014ac162f50324c0341cc3013cd093d7125d53e Closes-bug: #1670354
This commit is contained in:
parent
c06bbe8263
commit
1bbe3869f7
|
@ -86,6 +86,20 @@ class openstack::ha::nova (
|
|||
balancermember_options => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3',
|
||||
}
|
||||
|
||||
openstack::ha::haproxy_service { 'nova-placement-api':
|
||||
order => '056',
|
||||
listen_port => 8778,
|
||||
internal_ssl => $internal_ssl,
|
||||
internal_ssl_path => $internal_ssl_path,
|
||||
require_service => 'nova-placement',
|
||||
haproxy_config_options => {
|
||||
'option' => ['httpchk', 'httplog', 'forceclose', 'http-buffer-request'],
|
||||
'timeout' => 'http-request 10s',
|
||||
},
|
||||
balancermember_options => 'check inter 10s fastinter 2s downinter 3s rise 3 fall 3',
|
||||
}
|
||||
|
||||
|
||||
openstack::ha::haproxy_service { 'nova-novncproxy':
|
||||
order => '170',
|
||||
listen_port => 6080,
|
||||
|
|
|
@ -18,10 +18,16 @@ class openstack_tasks::openstack_controller::keystone {
|
|||
$admin_address = get_ssl_property($ssl_hash, {}, 'nova', 'admin', 'hostname', [$management_vip])
|
||||
|
||||
$compute_port = '8774'
|
||||
$placement_port = '8778'
|
||||
$public_base_url = "${public_protocol}://${public_address}:${compute_port}"
|
||||
$internal_base_url = "${internal_protocol}://${internal_address}:${compute_port}"
|
||||
$admin_base_url = "${admin_protocol}://${admin_address}:${compute_port}"
|
||||
|
||||
$public_placement_url = "${public_protocol}://${public_address}:${placement_port}"
|
||||
$internal_placement_url = "${internal_protocol}://${internal_address}:${placement_port}"
|
||||
$admin_placement_url = "${admin_protocol}://${admin_address}:${placement_port}"
|
||||
|
||||
|
||||
$region = pick($nova_hash['region'], hiera('region', 'RegionOne'))
|
||||
|
||||
$password = $nova_hash['user_password']
|
||||
|
@ -50,6 +56,19 @@ class openstack_tasks::openstack_controller::keystone {
|
|||
tenant => $tenant,
|
||||
}
|
||||
|
||||
class { '::nova::keystone::auth_placement':
|
||||
password => $password,
|
||||
configure_endpoint => $configure_endpoint,
|
||||
configure_user => $configure_user,
|
||||
configure_user_role => $configure_user_role,
|
||||
public_url => "${public_placement_url}/placement",
|
||||
internal_url => "${internal_placement_url}/placement",
|
||||
admin_url => "${admin_placement_url}/placement",
|
||||
region => $region,
|
||||
tenant => $tenant,
|
||||
}
|
||||
|
||||
|
||||
# support compute (v2) legacy endpoint
|
||||
keystone::resource::service_identity { 'nova_legacy':
|
||||
configure_user => false,
|
||||
|
|
|
@ -66,6 +66,8 @@ class openstack_tasks::openstack_controller::openstack_controller {
|
|||
$default_floating_net = pick($neutron_config['default_floating_net'], 'net04_ext')
|
||||
$pci_vendor_devs = pick($neutron_config['supported_pci_vendor_devs'], false)
|
||||
|
||||
$repo_setup = hiera_hash('repo_setup', {})
|
||||
$repo_type = pick_default($repo_setup['repo_type'], '')
|
||||
# Boolean value for further usage
|
||||
if $pci_vendor_devs {
|
||||
$sriov_enabled = true
|
||||
|
@ -254,7 +256,26 @@ class openstack_tasks::openstack_controller::openstack_controller {
|
|||
auth_version => pick($nova_hash['auth_version'], $::os_service_default),
|
||||
memcached_servers => $local_memcached_server,
|
||||
}
|
||||
if $repo_type == 'uca' {
|
||||
class { 'osnailyfacter::apache':
|
||||
listen_ports => hiera_array('apache_ports', ['0.0.0.0:80', '0.0.0.0:8888', '0.0.0.0:5000', '0.0.0.0:35357', '0.0.0.0:8777','0.0.0.0:8042']),
|
||||
}
|
||||
|
||||
$ssl = false
|
||||
class {'::nova::wsgi::apache_placement':
|
||||
ssl => $ssl,
|
||||
priority => '36',
|
||||
bind_host => $bind_host,
|
||||
api_port => 8778,
|
||||
}
|
||||
class {'::nova::placement':
|
||||
password => $nova_hash['user_password'],
|
||||
auth_url => $keystone_auth_url,
|
||||
os_interface => 'internal',
|
||||
project_name => pick($nova_hash['admin_tenant_name'], $keystone_tenant),
|
||||
os_region_name => $region_name
|
||||
}
|
||||
}
|
||||
# Configure nova-api
|
||||
class { '::nova::api':
|
||||
enabled => true,
|
||||
|
@ -372,6 +393,7 @@ class openstack_tasks::openstack_controller::openstack_controller {
|
|||
'DEFAULT/ram_weight_multiplier': value => '1.0'
|
||||
}
|
||||
|
||||
|
||||
# TODO (iberezovskiy): In Debian open-iscsi is dependency
|
||||
# of os-brick package which is required for cinder.
|
||||
# Remove this 'if' once UCA packages are updated as well
|
||||
|
|
|
@ -38,6 +38,16 @@ class openstack_tasks::roles::compute {
|
|||
$kombu_compression = hiera('kombu_compression', $::os_service_default)
|
||||
$nova_cache = pick($nova_hash['use_cache'], true)
|
||||
$region_name = hiera('region', 'RegionOne')
|
||||
$keystone_tenant = pick($nova_hash['tenant'], 'services')
|
||||
|
||||
$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', [$nova_hash['auth_protocol'], 'http'])
|
||||
$internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
|
||||
$admin_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', [$nova_hash['auth_protocol'], 'http'])
|
||||
$admin_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
|
||||
|
||||
$keystone_auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/"
|
||||
$keystone_auth_url = "${admin_auth_protocol}://${admin_auth_address}:35357/"
|
||||
|
||||
|
||||
# get glance api servers list
|
||||
$glance_endpoint_default = hiera('glance_endpoint', $management_vip)
|
||||
|
@ -51,6 +61,10 @@ class openstack_tasks::roles::compute {
|
|||
$block_device_allocate_retries = hiera('block_device_allocate_retries', 300)
|
||||
$block_device_allocate_retries_interval = hiera('block_device_allocate_retries_interval', 3)
|
||||
|
||||
#LP1670220 set libvirt service name to libvirtd for UCA
|
||||
$repo_setup = hiera_hash('repo_setup', {})
|
||||
$repo_type = pick_default($repo_setup['repo_type'], '')
|
||||
|
||||
$transport_url = hiera('transport_url','rabbit://guest:password@127.0.0.1:5672/')
|
||||
|
||||
include ::osnailyfacter::test_compute
|
||||
|
@ -263,6 +277,17 @@ class openstack_tasks::roles::compute {
|
|||
os_region_name => $region_name,
|
||||
}
|
||||
|
||||
if $repo_type == 'uca' {
|
||||
class {'::nova::placement':
|
||||
password => $nova_hash['user_password'],
|
||||
auth_url => $keystone_auth_url,
|
||||
os_interface => 'internal',
|
||||
project_name => pick($nova_hash['admin_tenant_name'], $keystone_tenant),
|
||||
os_region_name => $region_name
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
class { '::nova::cache':
|
||||
enabled => $nova_cache,
|
||||
backend => 'oslo_cache.memcache_pool',
|
||||
|
|
|
@ -45,6 +45,7 @@ class osnailyfacter::firewall::firewall {
|
|||
$neutron_api_port = 9696
|
||||
$nova_api_compute_port = 8774
|
||||
$nova_api_metadata_port = 8775
|
||||
$nova_api_placement_port = 8778
|
||||
$nova_api_vnc_ports = '5900-6900'
|
||||
$nova_api_volume_port = 8776
|
||||
$nova_vncproxy_port = 6080
|
||||
|
@ -304,7 +305,7 @@ class osnailyfacter::firewall::firewall {
|
|||
}
|
||||
|
||||
openstack::firewall::multi_net {'105 nova internal - no ssl':
|
||||
port => [$nova_api_metadata_port, $nova_api_vnc_ports],
|
||||
port => [$nova_api_metadata_port, $nova_api_vnc_ports, $nova_api_placement_port],
|
||||
proto => 'tcp',
|
||||
action => 'accept',
|
||||
source_nets => $nova_networks,
|
||||
|
|
|
@ -141,7 +141,8 @@ class osnailyfacter::globals::globals {
|
|||
$keystone_api_address = get_network_role_property('keystone/api', 'ipaddr')
|
||||
$ceilometer_api_address = get_network_role_property('ceilometer/api', 'ipaddr')
|
||||
$aodh_api_address = get_network_role_property('aodh/api', 'ipaddr')
|
||||
$cinder_api_address = get_network_role_property('cinder/api', 'ipaddr')
|
||||
$cinder_api_address = get_network_role_property('cinder/api', 'ipaddr')
|
||||
$nova_api_address = get_network_role_property('nova/api', 'ipaddr')
|
||||
|
||||
$token_provider = hiera('token_provider','keystone.token.providers.fernet.Provider')
|
||||
|
||||
|
@ -448,7 +449,8 @@ class osnailyfacter::globals::globals {
|
|||
"${apache_api_proxy_address}:8888",
|
||||
"${keystone_api_address}:5000",
|
||||
"${keystone_api_address}:35357",
|
||||
"${cinder_api_address}:8776"
|
||||
"${cinder_api_address}:8776",
|
||||
"${nova_api_address}:8778"
|
||||
]
|
||||
}
|
||||
else {
|
||||
|
@ -458,6 +460,7 @@ class osnailyfacter::globals::globals {
|
|||
"${apache_api_proxy_address}:8888",
|
||||
"${keystone_api_address}:5000",
|
||||
"${keystone_api_address}:35357",
|
||||
"${nova_api_address}:8778"
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
@ -134,7 +134,7 @@ describe manifest do
|
|||
it 'should accept connections to nova without ssl' do
|
||||
management_nets.each do |source|
|
||||
should contain_firewall("105 nova internal - no ssl from #{source}").with(
|
||||
'dport' => [ 8775, '5900-6900' ],
|
||||
'dport' => [ 8775, '5900-6900', 8778 ],
|
||||
'proto' => 'tcp',
|
||||
'action' => 'accept',
|
||||
'source' => source,
|
||||
|
|
Loading…
Reference in New Issue