summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJames Slagle <jslagle@redhat.com>2017-06-16 11:13:25 -0400
committerJames Slagle <jslagle@redhat.com>2017-06-16 11:13:25 -0400
commitd6c0979eb3de79b8c3a79ea5798498f0241eb32d (patch)
tree808607f65fe92d9e57b20c62b48159123818da0b
parent0354927a1143dd766cab4b9a88d4af84e404d6d9 (diff)
Blacklist support for ExtraConfig
Commit I46941e54a476c7cc8645cd1aff391c9c6c5434de added support for blacklisting servers from triggered Heat deployments. This commit adds that functionality to the remaining Deployments in tripleo-heat-templates for the ExtraConfig interfaces. Since we can not (should not) change the interface to ExtraConfig, Heat conditions are used on the actual <role>ExtraConfigPre and NodeExtraConfig resources instead of using the actions approach on Deployments. Change-Id: I38fdb50d1d966a6c3651980c52298317fa3bece4
-rw-r--r--extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml25
-rw-r--r--extraconfig/pre_network/config_then_reboot.yaml24
-rw-r--r--extraconfig/pre_network/host_config_and_reboot.role.j2.yaml23
-rw-r--r--extraconfig/pre_network/host_config_and_reboot.yaml23
-rw-r--r--extraconfig/tasks/ssh/host_public_key.yaml8
-rw-r--r--puppet/blockstorage-role.yaml14
-rw-r--r--puppet/cephstorage-role.yaml17
-rw-r--r--puppet/compute-role.yaml17
-rw-r--r--puppet/controller-role.yaml17
-rw-r--r--puppet/objectstorage-role.yaml14
-rw-r--r--puppet/role.role.j2.yaml17
11 files changed, 192 insertions, 7 deletions
diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
index 96632bc2..fb0d1699 100644
--- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
+++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
@@ -59,6 +59,19 @@ parameters:
description: |
When enabled, the system will perform a yum update after performing the
RHEL Registration process.
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
+
+conditions:
+ deployment_actions_empty:
+ equals:
+ - {get_param: deployment_actions}
+ - []
resources:
@@ -136,7 +149,11 @@ resources:
name: RHELUnregistrationDeployment
server: {get_param: server}
config: {get_resource: RHELUnregistration}
- actions: ['DELETE'] # Only do this on DELETE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['DELETE'] # Only do this on DELETE
input_values:
REG_METHOD: {get_param: rhel_reg_method}
@@ -169,7 +186,11 @@ resources:
name: UpdateDeploymentAfterRHELRegistration
config: {get_resource: YumUpdateConfigurationAfterRHELRegistration}
server: {get_param: server}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
outputs:
deploy_stdout:
diff --git a/extraconfig/pre_network/config_then_reboot.yaml b/extraconfig/pre_network/config_then_reboot.yaml
index 48ba5263..79cb7cbc 100644
--- a/extraconfig/pre_network/config_then_reboot.yaml
+++ b/extraconfig/pre_network/config_then_reboot.yaml
@@ -7,6 +7,19 @@ description: >
parameters:
server:
type: string
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
+
+conditions:
+ deployment_actions_empty:
+ equals:
+ - {get_param: deployment_actions}
+ - []
resources:
@@ -24,6 +37,11 @@ resources:
name: SomeDeployment
server: {get_param: server}
config: {get_resource: SomeConfig}
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
actions: ['CREATE'] # Only do this on CREATE
RebootConfig:
@@ -44,5 +62,9 @@ resources:
name: RebootDeployment
server: {get_param: server}
config: {get_resource: RebootConfig}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
signal_transport: NO_SIGNAL
diff --git a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml
index 41d8f4f6..fe52ef7e 100644
--- a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml
+++ b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml
@@ -19,6 +19,13 @@ parameters:
{{role}}HostCpusList:
type: string
default: ""
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
parameter_group:
- label: deprecated
@@ -38,6 +45,10 @@ conditions:
equals:
- get_param: {{role}}TunedProfileName
- ""
+ deployment_actions_empty:
+ equals:
+ - {get_param: deployment_actions}
+ - []
resources:
@@ -62,7 +73,11 @@ resources:
name: HostParametersDeployment
server: {get_param: server}
config: {get_resource: HostParametersConfig}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
input_values:
_KERNEL_ARGS_: {get_param: {{role}}KernelArgs}
_TUNED_PROFILE_NAME_: {get_param: {{role}}TunedProfileName}
@@ -88,7 +103,11 @@ resources:
name: RebootDeployment
server: {get_param: server}
config: {get_resource: RebootConfig}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
signal_transport: NO_SIGNAL
outputs:
diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml
index 74e716ad..21309dd5 100644
--- a/extraconfig/pre_network/host_config_and_reboot.yaml
+++ b/extraconfig/pre_network/host_config_and_reboot.yaml
@@ -11,9 +11,20 @@ parameters:
type: json
description: Role Specific parameters
default: {}
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
conditions:
is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}}
+ deployment_actions_empty:
+ equals:
+ - {get_param: deployment_actions}
+ - []
resources:
HostParametersConfig:
@@ -37,7 +48,11 @@ resources:
name: HostParametersDeployment
server: {get_param: server}
config: {get_resource: HostParametersConfig}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
input_values:
_KERNEL_ARGS_: {get_param: [RoleParameters, KernelArgs]}
_TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]}
@@ -63,7 +78,11 @@ resources:
name: RebootDeployment
server: {get_param: server}
config: {get_resource: RebootConfig}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
signal_transport: NO_SIGNAL
outputs:
diff --git a/extraconfig/tasks/ssh/host_public_key.yaml b/extraconfig/tasks/ssh/host_public_key.yaml
index e4ba0cc4..02fdbf1c 100644
--- a/extraconfig/tasks/ssh/host_public_key.yaml
+++ b/extraconfig/tasks/ssh/host_public_key.yaml
@@ -7,6 +7,13 @@ parameters:
server:
description: ID of the node to apply this config to
type: string
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
resources:
SshHostPubKeyConfig:
@@ -28,6 +35,7 @@ resources:
properties:
config: {get_resource: SshHostPubKeyConfig}
server: {get_param: server}
+ actions: {get_param: deployment_actions}
outputs:
diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml
index 08bc03a5..18f8d960 100644
--- a/puppet/blockstorage-role.yaml
+++ b/puppet/blockstorage-role.yaml
@@ -377,6 +377,7 @@ resources:
properties:
server: {get_resource: BlockStorage}
RoleParameters: {get_param: RoleParameters}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -485,6 +486,9 @@ resources:
NodeExtraConfig:
depends_on: NodeTLSCAData
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: BlockStorage}
@@ -507,11 +511,21 @@ resources:
- ['CREATE', 'UPDATE']
- []
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: BlockStorageDeployment
properties:
server: {get_resource: BlockStorage}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml
index 3f596423..d63b60b1 100644
--- a/puppet/cephstorage-role.yaml
+++ b/puppet/cephstorage-role.yaml
@@ -383,6 +383,7 @@ resources:
properties:
server: {get_resource: CephStorage}
RoleParameters: {get_param: RoleParameters}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -489,6 +490,9 @@ resources:
CephStorageExtraConfigPre:
depends_on: CephStorageDeployment
type: OS::TripleO::CephStorageExtraConfigPre
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: CephStorage}
@@ -497,6 +501,9 @@ resources:
NodeExtraConfig:
depends_on: [CephStorageExtraConfigPre, NodeTLSCAData]
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: CephStorage}
@@ -518,11 +525,21 @@ resources:
- ['CREATE', 'UPDATE']
- []
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: CephStorageDeployment
properties:
server: {get_resource: CephStorage}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml
index 8a3c487a..c86183ac 100644
--- a/puppet/compute-role.yaml
+++ b/puppet/compute-role.yaml
@@ -386,6 +386,7 @@ resources:
properties:
server: {get_resource: NovaCompute}
RoleParameters: {get_param: RoleParameters}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkConfig:
type: OS::TripleO::Compute::Net::SoftwareConfig
@@ -512,6 +513,9 @@ resources:
ComputeExtraConfigPre:
depends_on: NovaComputeDeployment
type: OS::TripleO::ComputeExtraConfigPre
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: NovaCompute}
@@ -520,6 +524,9 @@ resources:
NodeExtraConfig:
depends_on: [ComputeExtraConfigPre, NodeTLSCAData]
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: NovaCompute}
@@ -542,11 +549,21 @@ resources:
update_identifier:
get_param: UpdateIdentifier
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: NovaComputeDeployment
properties:
server: {get_resource: NovaCompute}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml
index 6bc23669..156758b2 100644
--- a/puppet/controller-role.yaml
+++ b/puppet/controller-role.yaml
@@ -406,6 +406,7 @@ resources:
properties:
server: {get_resource: Controller}
RoleParameters: {get_param: RoleParameters}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkConfig:
type: OS::TripleO::Controller::Net::SoftwareConfig
@@ -552,6 +553,9 @@ resources:
ControllerExtraConfigPre:
depends_on: ControllerDeployment
type: OS::TripleO::ControllerExtraConfigPre
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: Controller}
@@ -560,6 +564,9 @@ resources:
NodeExtraConfig:
depends_on: [ControllerExtraConfigPre, NodeTLSData]
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: Controller}
@@ -582,11 +589,21 @@ resources:
update_identifier:
get_param: UpdateIdentifier
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: ControllerDeployment
properties:
server: {get_resource: Controller}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml
index c35bb250..47032a83 100644
--- a/puppet/objectstorage-role.yaml
+++ b/puppet/objectstorage-role.yaml
@@ -377,6 +377,7 @@ resources:
properties:
server: {get_resource: SwiftStorage}
RoleParameters: {get_param: RoleParameters}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -485,6 +486,9 @@ resources:
NodeExtraConfig:
depends_on: NodeTLSCAData
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: SwiftStorage}
@@ -506,11 +510,21 @@ resources:
- ['CREATE', 'UPDATE']
- []
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: SwiftStorageHieraDeploy
properties:
server: {get_resource: SwiftStorage}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index b7f47594..266657c8 100644
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -399,6 +399,7 @@ resources:
properties:
server: {get_resource: {{role}}}
RoleParameters: {get_param: RoleParameters}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -511,6 +512,9 @@ resources:
{{role}}ExtraConfigPre:
depends_on: {{role}}Deployment
type: OS::TripleO::{{role}}ExtraConfigPre
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: {{role}}}
@@ -519,6 +523,9 @@ resources:
NodeExtraConfig:
depends_on: [{{role}}ExtraConfigPre, NodeTLSCAData]
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: {{role}}}
@@ -541,11 +548,21 @@ resources:
- ['CREATE', 'UPDATE']
- []
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: {{role}}Deployment
properties:
server: {get_resource: {{role}}}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address: