summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--deployed-server/deployed-server.yaml4
-rwxr-xr-x[-rw-r--r--]docker/firstboot/start_docker_agents.sh1
-rw-r--r--docker/post.j2.yaml23
-rw-r--r--environments/major-upgrade-all-in-one.yaml8
-rw-r--r--network/config/multiple-nics/compute-dvr.yaml162
-rw-r--r--network/service_net_map.j2.yaml1
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml1
-rw-r--r--overcloud.j2.yaml17
-rw-r--r--puppet/blockstorage-role.yaml45
-rw-r--r--puppet/cephstorage-role.yaml45
-rw-r--r--puppet/compute-role.yaml45
-rw-r--r--puppet/controller-role.yaml44
-rw-r--r--puppet/extraconfig/tls/freeipa-enroll.yaml72
-rw-r--r--puppet/major_upgrade_steps.j2.yaml32
-rw-r--r--puppet/objectstorage-role.yaml45
-rw-r--r--puppet/role.role.j2.yaml46
-rw-r--r--puppet/services/horizon.yaml1
-rw-r--r--puppet/services/neutron-sriov-agent.yaml5
-rw-r--r--puppet/services/panko-base.yaml1
-rw-r--r--puppet/services/rabbitmq.yaml4
-rwxr-xr-xscripts/hosts-config.sh14
21 files changed, 519 insertions, 97 deletions
diff --git a/deployed-server/deployed-server.yaml b/deployed-server/deployed-server.yaml
index 22797c2e..73b71588 100644
--- a/deployed-server/deployed-server.yaml
+++ b/deployed-server/deployed-server.yaml
@@ -51,7 +51,7 @@ resources:
InstanceIdConfig:
type: OS::Heat::StructuredConfig
properties:
- group: os-apply-config
+ group: apply-config
config:
instance-id: {get_attr: [deployed-server, "OS::stack_id"]}
@@ -69,7 +69,7 @@ resources:
#!/bin/bash
set -eux
mkdir -p $heat_outputs_path
- host=$(hostnamectl --transient)
+ host=$(hostname -s)
echo -n $host > $heat_outputs_path.hostname
cat $heat_outputs_path.hostname
outputs:
diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh
index acb44ce5..e7e276b2 100644..100755
--- a/docker/firstboot/start_docker_agents.sh
+++ b/docker/firstboot/start_docker_agents.sh
@@ -43,6 +43,7 @@ AGENT_COMMAND_MOUNTS="-v /var/lib/etc-data:/var/lib/etc-data \
-v /var/lib/cloud:/var/lib/cloud \
-v /var/lib/heat-cfntools:/var/lib/heat-cfntools \
-v /etc/sysconfig/docker:/etc/sysconfig/docker \
+ -v /etc/sysconfig/network-scripts:/etc/sysconfig/network-scripts \
-v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2"
diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml
index de17cffe..6cb92c83 100644
--- a/docker/post.j2.yaml
+++ b/docker/post.j2.yaml
@@ -252,27 +252,6 @@ resources:
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- NovaComputeContainersDeploymentNetconfig:
- type: OS::Heat::SoftwareDeploymentGroup
- depends_on: NovaComputeContainersDeploymentOVS
- properties:
- name: NovaComputeContainersDeploymentNetconfig
- config: {get_resource: NovaComputeContainersConfigNetconfig}
- servers: {get_param: [servers, {{role.name}}]}
-
- # We run os-net-config here because we depend on the ovs containers to be up
- # and running before we configure the network. This allows explicit timing
- # of the network configuration.
- NovaComputeContainersConfigNetconfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- outputs:
- - name: result
- config: |
- #!/bin/bash
- /usr/local/bin/run-os-net-config
-
{{role.name}}ContainersConfig_Step1:
type: OS::Heat::StructuredConfig
depends_on: CopyJsonDeployment
@@ -291,7 +270,7 @@ resources:
{{role.name}}ContainersDeployment_Step1:
type: OS::Heat::StructuredDeploymentGroup
- depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy, NovaComputeContainersDeploymentNetconfig]
+ depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy]
properties:
name: {{role.name}}ContainersDeployment_Step1
servers: {get_param: [servers, {{role.name}}]}
diff --git a/environments/major-upgrade-all-in-one.yaml b/environments/major-upgrade-all-in-one.yaml
new file mode 100644
index 00000000..69d72edd
--- /dev/null
+++ b/environments/major-upgrade-all-in-one.yaml
@@ -0,0 +1,8 @@
+# We run the upgrade steps without disabling the OS::TripleO::PostDeploySteps
+# this means you can do a major upgrade in one pass, which may be useful
+# e.g for all-in-one deployments where we can upgrade the compute services
+# at the same time as the controlplane
+# Note that it will be necessary to pass a mapping of OS::Heat::None again for
+# any subsequent updates, or the upgrade steps will run again.
+resource_registry:
+ OS::TripleO::UpgradeSteps: ../puppet/major_upgrade_steps.yaml
diff --git a/network/config/multiple-nics/compute-dvr.yaml b/network/config/multiple-nics/compute-dvr.yaml
new file mode 100644
index 00000000..db9b4919
--- /dev/null
+++ b/network/config/multiple-nics/compute-dvr.yaml
@@ -0,0 +1,162 @@
+heat_template_version: '2016-10-14'
+description: >
+ Software Config to drive os-net-config to configure multiple interfaces for the
+ compute role with external bridge for DVR.
+parameters:
+ ControlPlaneIp:
+ default: ''
+ description: IP address/subnet on the ctlplane network
+ type: string
+ ExternalIpSubnet:
+ default: ''
+ description: IP address/subnet on the external network
+ type: string
+ InternalApiIpSubnet:
+ default: ''
+ description: IP address/subnet on the internal API network
+ type: string
+ StorageIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage network
+ type: string
+ StorageMgmtIpSubnet:
+ default: ''
+ description: IP address/subnet on the storage mgmt network
+ type: string
+ TenantIpSubnet:
+ default: ''
+ description: IP address/subnet on the tenant network
+ type: string
+ ManagementIpSubnet: # Only populated when including environments/network-management.yaml
+ default: ''
+ description: IP address/subnet on the management network
+ type: string
+ ExternalNetworkVlanID:
+ default: 10
+ description: Vlan ID for the external network traffic.
+ type: number
+ InternalApiNetworkVlanID:
+ default: 20
+ description: Vlan ID for the internal_api network traffic.
+ type: number
+ StorageNetworkVlanID:
+ default: 30
+ description: Vlan ID for the storage network traffic.
+ type: number
+ StorageMgmtNetworkVlanID:
+ default: 40
+ description: Vlan ID for the storage mgmt network traffic.
+ type: number
+ TenantNetworkVlanID:
+ default: 50
+ description: Vlan ID for the tenant network traffic.
+ type: number
+ ManagementNetworkVlanID:
+ default: 60
+ description: Vlan ID for the management network traffic.
+ type: number
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+ ControlPlaneDefaultRoute: # Override this via parameter_defaults
+ description: The default route of the control plane network.
+ type: string
+ ExternalInterfaceDefaultRoute: # Not used by default in this template
+ default: 10.0.0.1
+ description: The default route of the external network.
+ type: string
+ ManagementInterfaceDefaultRoute: # Commented out by default in this template
+ default: unset
+ description: The default route of the management network.
+ type: string
+ DnsServers: # Override this via parameter_defaults
+ default: []
+ description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf.
+ type: comma_delimited_list
+ EC2MetadataIp: # Override this via parameter_defaults
+ description: The IP address of the EC2 metadata server.
+ type: string
+resources:
+ OsNetConfigImpl:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ str_replace:
+ template:
+ get_file: ../../scripts/run-os-net-config.sh
+ params:
+ $network_config:
+ network_config:
+ - type: interface
+ name: nic1
+ use_dhcp: false
+ dns_servers:
+ get_param: DnsServers
+ addresses:
+ - ip_netmask:
+ list_join:
+ - /
+ - - get_param: ControlPlaneIp
+ - get_param: ControlPlaneSubnetCidr
+ routes:
+ - ip_netmask: 169.254.169.254/32
+ next_hop:
+ get_param: EC2MetadataIp
+ - default: true
+ next_hop:
+ get_param: ControlPlaneDefaultRoute
+ - type: interface
+ name: nic2
+ use_dhcp: false
+ addresses:
+ - ip_netmask:
+ get_param: StorageIpSubnet
+ - type: interface
+ name: nic4
+ use_dhcp: false
+ addresses:
+ - ip_netmask:
+ get_param: InternalApiIpSubnet
+ - type: ovs_bridge
+ name: br-tenant
+ use_dhcp: false
+ addresses:
+ - ip_netmask:
+ get_param: TenantIpSubnet
+ members:
+ - type: interface
+ name: nic5
+ use_dhcp: false
+ primary: true
+ # External bridge for DVR (no IP address required)
+ - type: ovs_bridge
+ name: bridge_name
+ dns_servers:
+ get_param: DnsServers
+ use_dhcp: false
+ members:
+ - type: interface
+ name: nic6
+ primary: true
+ # Uncomment when including environments/network-management.yaml
+ # If setting default route on the Management interface, comment
+ # out the default route on the Control Plane.
+ #-
+ # type: interface
+ # name: nic7
+ # use_dhcp: false
+ # addresses:
+ # -
+ # ip_netmask: {get_param: ManagementIpSubnet}
+ # routes:
+ # -
+ # default: true
+ # next_hop: {get_param: ManagementInterfaceDefaultRoute}
+outputs:
+ OS::stack_id:
+ description: The OsNetConfigImpl resource.
+ value:
+ get_resource: OsNetConfigImpl
+
diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml
index 0cb6571f..5991b3bc 100644
--- a/network/service_net_map.j2.yaml
+++ b/network/service_net_map.j2.yaml
@@ -59,6 +59,7 @@ parameters:
PublicNetwork: external
OpendaylightApiNetwork: internal_api
MistralApiNetwork: internal_api
+ ZaqarApiNetwork: internal_api
# We special-case the default ResolveNetwork for the CephStorage role
# for backwards compatibility, all other roles default to internal_api
CephStorageHostnameResolveNetwork: storage
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 77a48658..ebbeef6e 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -90,6 +90,7 @@ resource_registry:
OS::TripleO::Network::Ports::StorageVipPort: network/ports/noop.yaml
OS::TripleO::Network::Ports::StorageMgmtVipPort: network/ports/noop.yaml
OS::TripleO::Network::Ports::RedisVipPort: network/ports/ctlplane_vip.yaml
+ OS::TripleO::Network::Ports::ControlPlaneVipPort: OS::Neutron::Port
# Service to network Mappings
OS::TripleO::ServiceNetMap: network/service_net_map.yaml
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index 39a092b1..f7e6f37f 100644
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -477,7 +477,7 @@ resources:
type: OS::TripleO::Network
ControlVirtualIP:
- type: OS::Neutron::Port
+ type: OS::TripleO::Network::Ports::ControlPlaneVipPort
depends_on: Networks
properties:
name: control_virtual_ip
@@ -587,9 +587,9 @@ resources:
servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]}
{% endfor %}
- # Post deployment steps for all roles
- AllNodesDeploySteps:
- type: OS::TripleO::PostDeploySteps
+ # Upgrade steps for all roles
+ AllNodesUpgradeSteps:
+ type: OS::TripleO::UpgradeSteps
depends_on:
{% for role in roles %}
- {{role.name}}AllNodesDeployment
@@ -604,10 +604,10 @@ resources:
{{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]}
{% endfor %}
- # Upgrade steps for all roles
- AllNodesUpgradeSteps:
- type: OS::TripleO::UpgradeSteps
- depends_on: AllNodesDeploySteps
+ # Post deployment steps for all roles
+ AllNodesDeploySteps:
+ type: OS::TripleO::PostDeploySteps
+ depends_on: AllNodesUpgradeSteps
properties:
servers:
{% for role in roles %}
@@ -618,7 +618,6 @@ resources:
{{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]}
{% endfor %}
-
outputs:
ManagedEndpoints:
description: Asserts that the keystone endpoints have been provisioned.
diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml
index 36587a41..7d1f8d8f 100644
--- a/puppet/blockstorage-role.yaml
+++ b/puppet/blockstorage-role.yaml
@@ -71,11 +71,20 @@ parameters:
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
configured in the Undercloud neutron. Defaults to localdomain.
+ BlockStorageServerMetadata:
+ default: {}
+ description: >
+ Extra properties or metadata passed to Nova for the created nodes in
+ the overcloud. It's accessible via the Nova metadata API. This option is
+ role-specific and is merged with the values given to the ServerMetadata
+ parameter.
+ type: json
ServerMetadata:
default: {}
description: >
Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API.
+ the overcloud. It's accessible via the Nova metadata API. This applies to
+ all roles and is merged with a role-specific metadata parameter.
type: json
BlockStorageSchedulerHints:
type: json
@@ -97,6 +106,12 @@ parameters:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
+ UpgradeInitCommand:
+ type: string
+ description: |
+ Command or script snippet to run on all overcloud nodes to
+ initialize the upgrade process. E.g. a repository switch.
+ default: ''
resources:
BlockStorage:
@@ -118,7 +133,10 @@ resources:
template: {get_param: Hostname}
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
- metadata: {get_param: ServerMetadata}
+ metadata:
+ map_merge:
+ - {get_param: ServerMetadata}
+ - {get_param: BlockStorageServerMetadata}
scheduler_hints: {get_param: BlockStorageSchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
@@ -315,9 +333,30 @@ resources:
server: {get_resource: BlockStorage}
actions: {get_param: NetworkDeploymentActions}
+ BlockStorageUpgradeInitConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - "#!/bin/bash\n\n"
+ - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
+ - get_param: UpgradeInitCommand
+
+ # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
+ # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
+ BlockStorageUpgradeInitDeployment:
+ type: OS::Heat::SoftwareDeployment
+ depends_on: NetworkDeployment
+ properties:
+ name: BlockStorageUpgradeInitDeployment
+ server: {get_resource: BlockStorage}
+ config: {get_resource: BlockStorageUpgradeInitConfig}
+
BlockStorageDeployment:
type: OS::Heat::StructuredDeployment
- depends_on: NetworkDeployment
+ depends_on: BlockStorageUpgradeInitDeployment
properties:
name: BlockStorageDeployment
server: {get_resource: BlockStorage}
diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml
index 558f97d8..2c46bf1a 100644
--- a/puppet/cephstorage-role.yaml
+++ b/puppet/cephstorage-role.yaml
@@ -77,11 +77,20 @@ parameters:
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
configured in the Undercloud neutron. Defaults to localdomain.
+ CephStorageServerMetadata:
+ default: {}
+ description: >
+ Extra properties or metadata passed to Nova for the created nodes in
+ the overcloud. It's accessible via the Nova metadata API. This option is
+ role-specific and is merged with the values given to the ServerMetadata
+ parameter.
+ type: json
ServerMetadata:
default: {}
description: >
Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API.
+ the overcloud. It's accessible via the Nova metadata API. This applies to
+ all roles and is merged with a role-specific metadata parameter.
type: json
CephStorageSchedulerHints:
type: json
@@ -103,6 +112,12 @@ parameters:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
+ UpgradeInitCommand:
+ type: string
+ description: |
+ Command or script snippet to run on all overcloud nodes to
+ initialize the upgrade process. E.g. a repository switch.
+ default: ''
resources:
CephStorage:
@@ -124,7 +139,10 @@ resources:
template: {get_param: Hostname}
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
- metadata: {get_param: ServerMetadata}
+ metadata:
+ map_merge:
+ - {get_param: ServerMetadata}
+ - {get_param: CephStorageServerMetadata}
scheduler_hints: {get_param: CephStorageSchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
@@ -321,9 +339,30 @@ resources:
server: {get_resource: CephStorage}
actions: {get_param: NetworkDeploymentActions}
+ CephStorageUpgradeInitConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - "#!/bin/bash\n\n"
+ - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
+ - get_param: UpgradeInitCommand
+
+ # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
+ # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
+ CephStorageUpgradeInitDeployment:
+ type: OS::Heat::SoftwareDeployment
+ depends_on: NetworkDeployment
+ properties:
+ name: CephStorageUpgradeInitDeployment
+ server: {get_resource: CephStorage}
+ config: {get_resource: CephStorageUpgradeInitConfig}
+
CephStorageDeployment:
type: OS::Heat::StructuredDeployment
- depends_on: NetworkDeployment
+ depends_on: CephStorageUpgradeInitDeployment
properties:
name: CephStorageDeployment
config: {get_resource: CephStorageConfig}
diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml
index 818f18c8..0a2598c1 100644
--- a/puppet/compute-role.yaml
+++ b/puppet/compute-role.yaml
@@ -92,11 +92,20 @@ parameters:
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
configured in the Undercloud neutron. Defaults to localdomain.
+ NovaComputeServerMetadata:
+ default: {}
+ description: >
+ Extra properties or metadata passed to Nova for the created nodes in
+ the overcloud. It's accessible via the Nova metadata API. This option is
+ role-specific and is merged with the values given to the ServerMetadata
+ parameter.
+ type: json
ServerMetadata:
default: {}
description: >
Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API.
+ the overcloud. It's accessible via the Nova metadata API. This applies to
+ all roles and is merged with a role-specific metadata parameter.
type: json
NovaComputeSchedulerHints:
type: json
@@ -115,6 +124,12 @@ parameters:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
+ UpgradeInitCommand:
+ type: string
+ description: |
+ Command or script snippet to run on all overcloud nodes to
+ initialize the upgrade process. E.g. a repository switch.
+ default: ''
resources:
@@ -138,7 +153,10 @@ resources:
template: {get_param: Hostname}
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
- metadata: {get_param: ServerMetadata}
+ metadata:
+ map_merge:
+ - {get_param: ServerMetadata}
+ - {get_param: NovaComputeServerMetadata}
scheduler_hints: {get_param: NovaComputeSchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
@@ -338,6 +356,27 @@ resources:
bridge_name: {get_param: NeutronPhysicalBridge}
interface_name: {get_param: NeutronPublicInterface}
+ NovaComputeUpgradeInitConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - "#!/bin/bash\n\n"
+ - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
+ - get_param: UpgradeInitCommand
+
+ # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
+ # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
+ NovaComputeUpgradeInitDeployment:
+ type: OS::Heat::SoftwareDeployment
+ depends_on: NetworkDeployment
+ properties:
+ name: NovaComputeUpgradeInitDeployment
+ server: {get_resource: NovaCompute}
+ config: {get_resource: NovaComputeUpgradeInitConfig}
+
NovaComputeConfig:
type: OS::Heat::StructuredConfig
properties:
@@ -383,7 +422,7 @@ resources:
NovaComputeDeployment:
type: OS::TripleO::SoftwareDeployment
- depends_on: NetworkDeployment
+ depends_on: NovaComputeUpgradeInitDeployment
properties:
name: NovaComputeDeployment
config: {get_resource: NovaComputeConfig}
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml
index 2781daa0..5e03adcd 100644
--- a/puppet/controller-role.yaml
+++ b/puppet/controller-role.yaml
@@ -106,11 +106,20 @@ parameters:
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
configured in the Undercloud neutron. Defaults to localdomain.
+ ControllerServerMetadata:
+ default: {}
+ description: >
+ Extra properties or metadata passed to Nova for the created nodes in
+ the overcloud. It's accessible via the Nova metadata API. This option is
+ role-specific and is merged with the values given to the ServerMetadata
+ parameter.
+ type: json
ServerMetadata:
default: {}
description: >
Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API.
+ the overcloud. It's accessible via the Nova metadata API. This applies to
+ all roles and is merged with a role-specific metadata parameter.
type: json
ControllerSchedulerHints:
type: json
@@ -129,6 +138,12 @@ parameters:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
+ UpgradeInitCommand:
+ type: string
+ description: |
+ Command or script snippet to run on all overcloud nodes to
+ initialize the upgrade process. E.g. a repository switch.
+ default: ''
parameter_groups:
- label: deprecated
@@ -157,7 +172,10 @@ resources:
template: {get_param: Hostname}
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
- metadata: {get_param: ServerMetadata}
+ metadata:
+ map_merge:
+ - {get_param: ServerMetadata}
+ - {get_param: ControllerServerMetadata}
scheduler_hints: {get_param: ControllerSchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
@@ -372,10 +390,30 @@ resources:
server: {get_resource: Controller}
NodeIndex: {get_param: NodeIndex}
+ ControllerUpgradeInitConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - "#!/bin/bash\n\n"
+ - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
+ - get_param: UpgradeInitCommand
+
+ # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
+ # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
+ ControllerUpgradeInitDeployment:
+ type: OS::Heat::SoftwareDeployment
+ depends_on: NetworkDeployment
+ properties:
+ name: ControllerUpgradeInitDeployment
+ server: {get_resource: Controller}
+ config: {get_resource: ControllerUpgradeInitConfig}
ControllerDeployment:
type: OS::TripleO::SoftwareDeployment
- depends_on: NetworkDeployment
+ depends_on: ControllerUpgradeInitDeployment
properties:
name: ControllerDeployment
config: {get_resource: ControllerConfig}
diff --git a/puppet/extraconfig/tls/freeipa-enroll.yaml b/puppet/extraconfig/tls/freeipa-enroll.yaml
new file mode 100644
index 00000000..44be7c65
--- /dev/null
+++ b/puppet/extraconfig/tls/freeipa-enroll.yaml
@@ -0,0 +1,72 @@
+heat_template_version: 2015-10-15
+
+description: Enroll nodes to FreeIPA
+
+parameters:
+ server:
+ description: ID of the controller node to apply this config to
+ type: string
+
+ CloudDomain:
+ description: >
+ The configured cloud domain; this will also be used as the kerberos realm
+ type: string
+
+ FreeIPAOTP:
+ description: 'OTP that will be used for FreeIPA enrollment'
+ type: string
+ hidden: true
+ FreeIPAServer:
+ description: 'FreeIPA server DNS name'
+ type: string
+ FreeIPAIPAddress:
+ default: ''
+ description: 'FreeIPA server IP Address'
+ type: string
+
+resources:
+ FreeIPAEnrollmentConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ inputs:
+ - name: otp
+ - name: ipa_server
+ - name: ipa_domain
+ - name: ipa_ip
+ config: |
+ #!/bin/sh
+ sed -i "/${ipa_server}/d" /etc/hosts
+ # Optionally add the FreeIPA server IP to /etc/hosts
+ if [ -n "${ipa_ip}" ]; then
+ echo "${ipa_ip} ${ipa_server}" >> /etc/hosts
+ fi
+ # Set the node's domain if needed
+ if [ ! $(hostname -f | grep "${ipa_domain}$") ]; then
+ hostnamectl set-hostname "$(hostname).${ipa_domain}"
+ fi
+ yum install -y ipa-client
+ # Enroll. If there is already keytab, we have already done this.
+ if [ ! -f /etc/krb5.keytab ]; then
+ ipa-client-install --server ${ipa_server} -w ${otp} \
+ --domain=${ipa_domain} -U
+ fi
+ # Get a TGT
+ kinit -k -t /etc/krb5.keytab
+
+ FreeIPAControllerEnrollmentDeployment:
+ type: OS::Heat::SoftwareDeployment
+ properties:
+ name: FreeIPAEnrollmentDeployment
+ config: {get_resource: FreeIPAEnrollmentConfig}
+ server: {get_param: server}
+ input_values:
+ otp: {get_param: FreeIPAOTP}
+ ipa_server: {get_param: FreeIPAServer}
+ ipa_domain: {get_param: CloudDomain}
+ ipa_ip: {get_param: FreeIPAIPAddress}
+
+outputs:
+ deploy_stdout:
+ description: Output of the FreeIPA enrollment deployment
+ value: {get_attr: [FreeIPAControllerEnrollmentDeployment, deploy_stdout]}
diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml
index f8dad433..8d954c09 100644
--- a/puppet/major_upgrade_steps.j2.yaml
+++ b/puppet/major_upgrade_steps.j2.yaml
@@ -15,36 +15,8 @@ parameters:
Setting to a previously unused value during stack-update will trigger
the Upgrade resources to re-run on all roles.
- UpgradeInitCommand:
- type: string
- description: |
- Command or script snippet to run on all overcloud nodes to
- initialize the upgrade process. E.g. a repository switch.
- default: ''
-
resources:
- # For the UpgradeInit also rename /etc/resolv.conf.save for +bug/1567004
- UpgradeInitConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - "#!/bin/bash\n\n"
- - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- - get_param: UpgradeInitCommand
-
-{% for role in roles %}
- {{role.name}}Upgrade_Init:
- type: OS::Heat::StructuredDeploymentGroup
- properties:
- name: {{role.name}}Upgrade_Init
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: UpgradeInitConfig}
-{% endfor %}
-
# Upgrade Steps for all roles
# FIXME(shardy): would be nice to make the number of steps configurable
{% for step in range(1, 8) %}
@@ -56,10 +28,8 @@ resources:
# serialization, but the event output is easier to follow if we
# do, and there should be minimal performance hit (creating the
# config is cheap compared to the time to apply the deployment).
+ {% if step > 1 %}
depends_on:
- {% if step == 1 %}
- - {{role.name}}Upgrade_Init
- {% else %}
{% for dep in roles %}
- {{dep.name}}Upgrade_Step{{step -1}}
{% endfor %}
diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml
index 2c76492a..088a2e3d 100644
--- a/puppet/objectstorage-role.yaml
+++ b/puppet/objectstorage-role.yaml
@@ -71,11 +71,20 @@ parameters:
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
configured in the Undercloud neutron. Defaults to localdomain.
+ SwiftStorageServerMetadata:
+ default: {}
+ description: >
+ Extra properties or metadata passed to Nova for the created nodes in
+ the overcloud. It's accessible via the Nova metadata API. This option is
+ role-specific and is merged with the values given to the ServerMetadata
+ parameter.
+ type: json
ServerMetadata:
default: {}
description: >
Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API.
+ the overcloud. It's accessible via the Nova metadata API. This applies to
+ all roles and is merged with a role-specific metadata parameter.
type: json
ObjectStorageSchedulerHints:
type: json
@@ -97,6 +106,12 @@ parameters:
type: string
description: Command which will be run whenever configuration data changes
default: os-refresh-config --timeout 14400
+ UpgradeInitCommand:
+ type: string
+ description: |
+ Command or script snippet to run on all overcloud nodes to
+ initialize the upgrade process. E.g. a repository switch.
+ default: ''
resources:
@@ -118,7 +133,10 @@ resources:
template: {get_param: Hostname}
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
- metadata: {get_param: ServerMetadata}
+ metadata:
+ map_merge:
+ - {get_param: ServerMetadata}
+ - {get_param: SwiftStorageServerMetadata}
scheduler_hints: {get_param: ObjectStorageSchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
@@ -315,6 +333,27 @@ resources:
server: {get_resource: SwiftStorage}
actions: {get_param: NetworkDeploymentActions}
+ SwiftStorageUpgradeInitConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - "#!/bin/bash\n\n"
+ - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
+ - get_param: UpgradeInitCommand
+
+ # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
+ # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
+ SwiftStorageUpgradeInitDeployment:
+ type: OS::Heat::SoftwareDeployment
+ depends_on: NetworkDeployment
+ properties:
+ name: SwiftStorageUpgradeInitDeployment
+ server: {get_resource: SwiftStorage}
+ config: {get_resource: SwiftStorageUpgradeInitConfig}
+
SwiftStorageHieraConfig:
type: OS::Heat::StructuredConfig
properties:
@@ -354,7 +393,7 @@ resources:
SwiftStorageHieraDeploy:
type: OS::Heat::StructuredDeployment
- depends_on: NetworkDeployment
+ depends_on: SwiftStorageUpgradeInitDeployment
properties:
name: SwiftStorageHieraDeploy
server: {get_resource: SwiftStorage}
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index 9726d978..1f432773 100644
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -83,11 +83,20 @@ parameters:
description: >
The DNS domain used for the hosts. This should match the dhcp_domain
configured in the Undercloud neutron. Defaults to localdomain.
+ {{role}}ServerMetadata:
+ default: {}
+ description: >
+ Extra properties or metadata passed to Nova for the created nodes in
+ the overcloud. It's accessible via the Nova metadata API. This option is
+ role-specific and is merged with the values given to the ServerMetadata
+ parameter.
+ type: json
ServerMetadata:
default: {}
description: >
Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API.
+ the overcloud. It's accessible via the Nova metadata API. This applies to
+ all roles and is merged with a role-specific metadata parameter.
type: json
{{role}}SchedulerHints:
type: json
@@ -115,6 +124,13 @@ parameters:
LoggingGroups:
type: comma_delimited_list
default: []
+ UpgradeInitCommand:
+ type: string
+ description: |
+ Command or script snippet to run on all overcloud nodes to
+ initialize the upgrade process. E.g. a repository switch.
+ default: ''
+
resources:
{{role}}:
@@ -136,7 +152,10 @@ resources:
template: {get_param: Hostname}
params: {get_param: HostnameMap}
software_config_transport: {get_param: SoftwareConfigTransport}
- metadata: {get_param: ServerMetadata}
+ metadata:
+ map_merge:
+ - {get_param: ServerMetadata}
+ - {get_param: {{role}}ServerMetadata}
scheduler_hints: {get_param: {{role}}SchedulerHints}
# Combine the NodeAdminUserData and NodeUserData mime archives
@@ -333,9 +352,30 @@ resources:
server: {get_resource: {{role}}}
actions: {get_param: NetworkDeploymentActions}
+ {{role}}UpgradeInitConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config:
+ list_join:
+ - ''
+ - - "#!/bin/bash\n\n"
+ - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
+ - get_param: UpgradeInitCommand
+
+ # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
+ # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
+ {{role}}UpgradeInitDeployment:
+ type: OS::Heat::SoftwareDeployment
+ depends_on: NetworkDeployment
+ properties:
+ name: {{role}}UpgradeInitDeployment
+ server: {get_resource: {{role}}}
+ config: {get_resource: {{role}}UpgradeInitConfig}
+
{{role}}Deployment:
type: OS::Heat::StructuredDeployment
- depends_on: NetworkDeployment
+ depends_on: {{role}}UpgradeInitDeployment
properties:
name: {{role}}Deployment
config: {get_resource: {{role}}Config}
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 8eaf4044..e59dc202 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -58,6 +58,7 @@ outputs:
dport:
- 80
- 443
+ horizon::enable_secure_proxy_ssl_header: true
horizon::disable_password_reveal: true
horizon::enforce_password_check: true
horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml
index 44f7f242..0ab066d7 100644
--- a/puppet/services/neutron-sriov-agent.yaml
+++ b/puppet/services/neutron-sriov-agent.yaml
@@ -25,6 +25,7 @@ parameters:
All physical networks listed in network_vlan_ranges
on the server should have mappings to appropriate
interfaces on each agent.
+ Example "tenant0:ens2f0,tenant1:ens2f1"
type: comma_delimited_list
default: ""
NeutronExcludeDevices:
@@ -40,8 +41,8 @@ parameters:
NeutronSriovNumVFs:
description: >
Provide the list of VFs to be reserved for each SR-IOV interface.
- Format "<interface_name1>:<numvfs1>","<interface_name2>:<numvfs2>"
- Example "eth1:4096","eth2:128"
+ Format "<interface_name1>:<numvfs1>,<interface_name2>:<numvfs2>"
+ Example "eth1:4096,eth2:128"
type: comma_delimited_list
default: ""
diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml
index 32754a55..af9c5353 100644
--- a/puppet/services/panko-base.yaml
+++ b/puppet/services/panko-base.yaml
@@ -37,7 +37,6 @@ outputs:
value:
service_name: panko_base
config_settings:
- panko_redis_password: {get_param: RedisPassword}
panko::db::database_connection:
list_join:
- ''
diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml
index b77e0a91..08f3f6bc 100644
--- a/puppet/services/rabbitmq.yaml
+++ b/puppet/services/rabbitmq.yaml
@@ -73,6 +73,8 @@ outputs:
rabbitmq::repos_ensure: false
rabbitmq::tcp_keepalive: true
rabbitmq_environment:
+ NODE_PORT: ''
+ NODE_IP_ADDRESS: ''
RABBITMQ_NODENAME: "rabbit@%{::hostname}"
RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"'
rabbitmq_kernel_variables:
@@ -95,7 +97,7 @@ outputs:
# internal_api -> IP
# internal_api_uri -> [IP]
# internal_api_subnet - > IP/CIDR
- rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]}
+ rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]}
rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues}
step_config: |
include ::tripleo::profile::base::rabbitmq
diff --git a/scripts/hosts-config.sh b/scripts/hosts-config.sh
index 4826d615..f456b316 100755
--- a/scripts/hosts-config.sh
+++ b/scripts/hosts-config.sh
@@ -30,17 +30,9 @@ write_entries() {
}
if [ ! -z "$hosts" ]; then
- # cloud-init files are /etc/cloud/templates/hosts.OSNAME.tmpl
- DIST=$(lsb_release -is | tr -s [A-Z] [a-z])
- case $DIST in
- fedora|redhatenterpriseserver)
- name="redhat"
- ;;
- *)
- name="$DIST"
- ;;
- esac
- write_entries "/etc/cloud/templates/hosts.${name}.tmpl" "$hosts"
+ for tmpl in /etc/cloud/templates/hosts.*.tmpl ; do
+ write_entries "$tmpl" "$hosts"
+ done
write_entries "/etc/hosts" "$hosts"
else
echo "No hosts in Heat, nothing written."