diff options
25 files changed, 368 insertions, 169 deletions
diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index 89182666..df12bc59 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -101,7 +101,6 @@ parameter_defaults: devices: - /dev/loop3 journal_size: 512 - journal_collocation: true osd_scenario: collocated CephAnsibleExtraConfig: ceph_conf_overrides: diff --git a/ci/environments/scenario007-multinode-containers.yaml b/ci/environments/scenario007-multinode-containers.yaml index bad3e4a5..149f2d32 100644 --- a/ci/environments/scenario007-multinode-containers.yaml +++ b/ci/environments/scenario007-multinode-containers.yaml @@ -7,6 +7,9 @@ resource_registry: # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None + OS::TripleO::Services::SwiftProxy: OS::Heat::None + OS::TripleO::Services::SwiftStorage: OS::Heat::None + OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None parameter_defaults: ControllerServices: - OS::TripleO::Services::Clustercheck diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml index 73d3036c..785095b6 100644 --- a/common/deploy-steps-tasks.yaml +++ b/common/deploy-steps-tasks.yaml @@ -4,11 +4,15 @@ ##################################################### # Per step puppet configuration of the baremetal host ##################################################### + - name: Set host puppet debugging fact string + set_fact: + host_puppet_config_debug: "--debug --verbose" + when: enable_debug|default(false) - name: Write the config_step hieradata copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true mode=0600 - name: Run puppet host configuration for step {{step}} command: >- - puppet apply + puppet apply {{ host_puppet_config_debug|default('') }} --modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --logdest syslog --logdest console --color=false /var/lib/tripleo-config/puppet_step_config.pp diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2 index a1bd8826..5c923a99 100644 --- a/common/deploy-steps.j2 +++ b/common/deploy-steps.j2 @@ -48,6 +48,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean DockerPuppetDebug: type: string default: '' @@ -85,6 +89,7 @@ resources: - name: role_name - name: update_identifier - name: bootstrap_server_id + - name: enable_debug - name: docker_puppet_debug - name: docker_puppet_process_count config: @@ -291,6 +296,7 @@ resources: role_name: {{role.name}} update_identifier: {get_param: DeployIdentifier} bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']} + enable_debug: {get_param: ConfigDebug} docker_puppet_debug: {get_param: DockerPuppetDebug} docker_puppet_process_count: {get_param: DockerPuppetProcessCount} {% endfor %} diff --git a/deployed-server/deployed-server-roles-data.yaml b/deployed-server/deployed-server-roles-data.yaml index 73dc9099..8611940a 100644 --- a/deployed-server/deployed-server-roles-data.yaml +++ b/deployed-server/deployed-server-roles-data.yaml @@ -24,163 +24,268 @@ - name: ControllerDeployedServer CountDefault: 1 disable_constraints: True + tags: + - primary + - controller + networks: + - External + - InternalApi + - Storage + - StorageMgmt + - Tenant + HostnameFormatDefault: '%stackname%-controller-%index%' ServicesDefault: + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BarbicanApi - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CertmongerUser - - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + # FIXME: This service was disabled in Pike and this entry should be removed + # in Queens. + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector + - OS::TripleO::Services::CeilometerExpirer - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephMds + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephRbdMirror - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackendDellPs + - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendDellEMCUnity + - OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI + - OS::TripleO::Services::CinderBackendNetApp + - OS::TripleO::Services::CinderBackendScaleIO + - OS::TripleO::Services::CinderBackendVRTSHyperScale - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderHPELeftHandISCSI - OS::TripleO::Services::CinderScheduler - OS::TripleO::Services::CinderVolume - - OS::TripleO::Services::Kernel - - OS::TripleO::Services::Keystone + - OS::TripleO::Services::Clustercheck + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Congress + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Ec2Api + - OS::TripleO::Services::Etcd + - OS::TripleO::Services::ExternalSwiftProxy + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::HAproxy - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::IronicPxe - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendIsilon + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaBackendUnity + - OS::TripleO::Services::ManilaBackendVNX + - OS::TripleO::Services::ManilaBackendVMAX + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronBgpVpnApi + - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL2gwAgent + - OS::TripleO::Services::NeutronL2gwApi - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronLbaasv2Agent + - OS::TripleO::Services::NeutronLinuxbridgeAgent - OS::TripleO::Services::NeutronMetadataAgent - - OS::TripleO::Services::NeutronApi - - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronML2FujitsuCfab + - OS::TripleO::Services::NeutronML2FujitsuFossw - OS::TripleO::Services::NeutronOvsAgent - - OS::TripleO::Services::RabbitMQ - - OS::TripleO::Services::HAproxy - - OS::TripleO::Services::Keepalived - - OS::TripleO::Services::Memcached - - OS::TripleO::Services::Pacemaker - - OS::TripleO::Services::Redis - - OS::TripleO::Services::NovaConductor - - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaIronic - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaScheduler - - OS::TripleO::Services::NovaConsoleauth - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::OctaviaApi + - OS::TripleO::Services::OctaviaHealthManager + - OS::TripleO::Services::OctaviaHousekeeping + - OS::TripleO::Services::OctaviaWorker + - OS::TripleO::Services::OpenDaylightApi + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::Redis + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder - - OS::TripleO::Services::Snmp + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Tacker - OS::TripleO::Services::Timezone - - OS::TripleO::Services::CeilometerApi - - OS::TripleO::Services::CeilometerCollector - - OS::TripleO::Services::CeilometerExpirer - - OS::TripleO::Services::CeilometerAgentCentral - - OS::TripleO::Services::CeilometerAgentNotification - - OS::TripleO::Services::Horizon - - OS::TripleO::Services::GnocchiApi - - OS::TripleO::Services::GnocchiMetricd - - OS::TripleO::Services::GnocchiStatsd - - OS::TripleO::Services::ManilaApi - - OS::TripleO::Services::ManilaScheduler - - OS::TripleO::Services::ManilaBackendGeneric - - OS::TripleO::Services::ManilaBackendIsilon - - OS::TripleO::Services::ManilaBackendNetapp - - OS::TripleO::Services::ManilaBackendUnity - - OS::TripleO::Services::ManilaBackendCephFs - - OS::TripleO::Services::ManilaBackendVNX - - OS::TripleO::Services::ManilaBackendVMAX - - OS::TripleO::Services::ManilaShare - - OS::TripleO::Services::AodhApi - - OS::TripleO::Services::AodhEvaluator - - OS::TripleO::Services::AodhNotifier - - OS::TripleO::Services::AodhListener - - OS::TripleO::Services::SaharaApi - - OS::TripleO::Services::SaharaEngine - - OS::TripleO::Services::IronicApi - - OS::TripleO::Services::IronicConductor - - OS::TripleO::Services::NovaIronic - - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::OpenDaylightApi - - OS::TripleO::Services::OpenDaylightOvs - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::BarbicanApi - - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned + - OS::TripleO::Services::Vpp - OS::TripleO::Services::Zaqar - - OS::TripleO::Services::OVNDBs - name: ComputeDeployedServer CountDefault: 1 HostnameFormatDefault: '%stackname%-novacompute-%index%' disable_constraints: True + disable_upgrade_deployment: True + networks: + - InternalApi + - Tenant + - Storage ServicesDefault: + - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephClient - OS::TripleO::Services::CephExternal - - OS::TripleO::Services::Timezone - - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - - OS::TripleO::Services::NovaCompute - - OS::TripleO::Services::NovaLibvirt - - OS::TripleO::Services::NovaMigrationTarget - - OS::TripleO::Services::Kernel - - OS::TripleO::Services::ComputeNeutronCorePlugin - - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronL3Agent - OS::TripleO::Services::ComputeNeutronMetadataAgent - - OS::TripleO::Services::TripleoPackages - - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronLinuxbridgeAgent - OS::TripleO::Services::NeutronSriovAgent - OS::TripleO::Services::NeutronSriovHostConfig + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned + - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController - name: BlockStorageDeployedServer disable_constraints: True + networks: + - InternalApi + - Storage + - StorageMgmt ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser - - OS::TripleO::Services::BlockStorageCinderVolume + - OS::TripleO::Services::CinderBackendVRTSHyperScale + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Timezone + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned - name: ObjectStorageDeployedServer disable_constraints: True + networks: + - InternalApi + - Storage + - StorageMgmt + disable_upgrade_deployment: True ServicesDefault: + - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::Timezone - - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned - name: CephStorageDeployedServer disable_constraints: True + networks: + - Storage + - StorageMgmt ServicesDefault: + - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::Timezone - - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned diff --git a/deployed-server/scripts/enable-ssh-admin.sh b/deployed-server/scripts/enable-ssh-admin.sh index dcabeadf..daff3907 100755 --- a/deployed-server/scripts/enable-ssh-admin.sh +++ b/deployed-server/scripts/enable-ssh-admin.sh @@ -10,6 +10,7 @@ SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"$HOME/.ssh/id_rsa"} # this is the intended variable for overriding OVERCLOUD_SSH_KEY=${OVERCLOUD_SSH_KEY:-"$SUBNODES_SSH_KEY"} +SHORT_TERM_KEY_COMMENT="TripleO split stack short term key" SLEEP_TIME=5 function overcloud_ssh_hosts_json { @@ -22,7 +23,7 @@ print(json.dumps(re.split("\s+", sys.stdin.read().strip())))' function overcloud_ssh_key_json { # we pass the contents to Mistral instead of just path, otherwise # the key file would have to be readable for the mistral user - cat "$OVERCLOUD_SSH_KEY" | python -c 'import json,sys; print(json.dumps(sys.stdin.read()))' + cat "$1" | python -c 'import json,sys; print(json.dumps(sys.stdin.read()))' } function workflow_finished { @@ -30,6 +31,12 @@ function workflow_finished { openstack workflow execution show -f shell $execution_id | grep 'state="SUCCESS"' > /dev/null } +function generate_short_term_keys { + local tmpdir=$(mktemp -d) + ssh-keygen -N '' -t rsa -b 4096 -f "$tmpdir/id_rsa" -C "$SHORT_TERM_KEY_COMMENT" > /dev/null + echo "$tmpdir" +} + if [ -z "$OVERCLOUD_HOSTS" ]; then echo 'Please set $OVERCLOUD_HOSTS' exit 1 @@ -41,7 +48,20 @@ echo "SSH key file: $OVERCLOUD_SSH_KEY" echo "Hosts: $OVERCLOUD_HOSTS" echo -EXECUTION_PARAMS="{\"ssh_user\": \"$OVERCLOUD_SSH_USER\", \"ssh_servers\": $(overcloud_ssh_hosts_json), \"ssh_private_key\": $(overcloud_ssh_key_json)}" +SHORT_TERM_KEY_DIR=$(generate_short_term_keys) +SHORT_TERM_KEY_PRIVATE="$SHORT_TERM_KEY_DIR/id_rsa" +SHORT_TERM_KEY_PUBLIC="$SHORT_TERM_KEY_DIR/id_rsa.pub" +SHORT_TERM_KEY_PUBLIC_CONTENT=$(cat $SHORT_TERM_KEY_PUBLIC) + +for HOST in $OVERCLOUD_HOSTS; do + echo "Inserting TripleO short term key for $HOST" + # prepending an extra newline so that if authorized_keys didn't + # end with a newline previously, we don't end up garbling it up + ssh -i "$OVERCLOUD_SSH_KEY" -l "$OVERCLOUD_SSH_USER" "$HOST" "echo -e '\n$SHORT_TERM_KEY_PUBLIC_CONTENT' >> \$HOME/.ssh/authorized_keys" +done + +echo "Starting ssh admin enablement workflow" +EXECUTION_PARAMS="{\"ssh_user\": \"$OVERCLOUD_SSH_USER\", \"ssh_servers\": $(overcloud_ssh_hosts_json), \"ssh_private_key\": $(overcloud_ssh_key_json "$SHORT_TERM_KEY_PRIVATE")}" EXECUTION_CREATE_OUTPUT=$(openstack workflow execution create -f shell -d 'deployed server ssh admin creation' tripleo.access.v1.enable_ssh_admin "$EXECUTION_PARAMS") echo "$EXECUTION_CREATE_OUTPUT" EXECUTION_ID=$(echo "$EXECUTION_CREATE_OUTPUT" | grep '^id=' | awk '-F"' '{ print $2 }') @@ -56,5 +76,14 @@ while ! workflow_finished $EXECUTION_ID; do sleep $SLEEP_TIME echo -n . done +echo # newline after the previous dots + +for HOST in $OVERCLOUD_HOSTS; do + echo "Removing TripleO short term key from $HOST" + ssh -l "$OVERCLOUD_SSH_USER" "$HOST" "sed -i -e '/$SHORT_TERM_KEY_COMMENT/d' \$HOME/.ssh/authorized_keys" +done + +echo "Removing short term keys locally" +rm -r "$SHORT_TERM_KEY_DIR" echo "Success." diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index cc247031..533ed07d 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -90,16 +90,17 @@ def match_config_volume(prefix, config): config_volume=None for v in volumes: if v.startswith(prefix): - config_volume = os.path.relpath( - v.split(":")[0], prefix).split("/")[0] + config_volume = os.path.dirname(v.split(":")[0]) break return config_volume -def get_config_hash(prefix, config_volume): - hashfile = os.path.join(prefix, "%s.md5sum" % config_volume) +def get_config_hash(config_volume): + hashfile = "%s.md5sum" % config_volume + log.debug("Looking for hashfile %s for config_volume %s" % (hashfile, config_volume)) hash_data = None if os.path.isfile(hashfile): + log.debug("Got hashfile %s for config_volume %s" % (hashfile, config_volume)) with open(hashfile) as f: hash_data = f.read().rstrip() return hash_data @@ -248,6 +249,7 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume # Write a checksum of the config-data dir, this is used as a # salt to trigger container restart when the config changes tar -c -f - /var/lib/config-data/${NAME} --mtime='1970-01-01' | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum + tar -c -f - /var/lib/config-data/puppet-generated/${NAME} --mtime='1970-01-01' | md5sum | awk '{print $1}' > /var/lib/config-data/puppet-generated/${NAME}.md5sum fi """) @@ -371,7 +373,7 @@ for infile in infiles: for k, v in infile_data.iteritems(): config_volume = match_config_volume(config_volume_prefix, v) if config_volume: - config_hash = get_config_hash(config_volume_prefix, config_volume) + config_hash = get_config_hash(config_volume) if config_hash: env = v.get('environment', []) env.append("TRIPLEO_CONFIG_HASH=%s" % config_hash) diff --git a/docker/services/ceph-ansible/ceph-mon.yaml b/docker/services/ceph-ansible/ceph-mon.yaml index 45f939c2..90b2db3b 100644 --- a/docker/services/ceph-ansible/ceph-mon.yaml +++ b/docker/services/ceph-ansible/ceph-mon.yaml @@ -83,4 +83,3 @@ outputs: - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} - monitor_secret: {get_param: CephMonKey} admin_secret: {get_param: CephAdminKey} - monitor_interface: br_ex diff --git a/docker/services/ceph-ansible/ceph-osd.yaml b/docker/services/ceph-ansible/ceph-osd.yaml index a441f5c9..de55924b 100644 --- a/docker/services/ceph-ansible/ceph-osd.yaml +++ b/docker/services/ceph-ansible/ceph-osd.yaml @@ -37,7 +37,6 @@ parameters: devices: - /dev/vdb journal_size: 512 - journal_collocation: true osd_scenario: collocated resources: diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index d6ffb6dc..2c7d7a74 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -113,7 +113,7 @@ outputs: volumes: - /var/log/containers/horizon:/var/log/horizon - /var/log/containers/httpd/horizon:/var/log/httpd - - /var/lib/config-data/horizon/etc/:/etc/ + - /var/lib/config-data/puppet-generated/horizon/etc/openstack-dashboard:/etc/openstack-dashboard step_3: horizon: image: *horizon_image diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml index c78b85a6..67b84249 100644 --- a/docker/services/memcached.yaml +++ b/docker/services/memcached.yaml @@ -80,8 +80,8 @@ outputs: user: root volumes: - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro - - /var/log/memcached.log:/var/log/memcached.log - command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; chown ${USER} /var/log/memcached.log'] + - /var/log/containers/memcached:/var/log/ + command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; touch /var/log/memcached.log && chown ${USER} /var/log/memcached.log'] memcached: start_order: 1 image: *memcached_image @@ -93,8 +93,16 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro - # TODO(bogdando) capture memcached syslog logs from a container - command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS'] + - /var/log/containers/memcached:/var/log/ + # NOTE: We're adding the log redirection here, even though should + # already be part of the options. This is because the redirection + # via the options is not working and ends up being passed as a + # parameter to the memcached command (which it silently ignores). + # Thus the need for the explicit redirection here. The redirection + # will be removed from the $OPTIONS, which is done via the puppet + # module, but we'll only be able to do this once the following pull + # request merges: https://github.com/saz/puppet-memcached/pull/88 + command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS >> /var/log/memcached.log 2>&1'] upgrade_tasks: - name: Stop and disable memcached service tags: step2 diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index e0c1194a..2d7aff6e 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -83,7 +83,10 @@ outputs: logging_source: {get_attr: [SwiftStorageBase, role_data, logging_source]} logging_groups: {get_attr: [SwiftStorageBase, role_data, logging_groups]} step_config: &step_config - get_attr: [SwiftStorageBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [SwiftStorageBase, role_data, step_config]} + - "class xinetd() {}" service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/environments/docker.yaml b/environments/docker.yaml index 57379925..58691cc1 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -58,6 +58,8 @@ resource_registry: # OS::TripleO::Services::CinderBackup: ../docker/services/cinder-backup.yaml # OS::TripleO::Services::CinderVolume: ../docker/services/cinder-volume.yaml # + OS::TripleO::Services::SwiftDispersion: OS::Heat::None + # If SR-IOV is enabled on the compute nodes, it will need the SR-IOV # host configuration. OS::TripleO::Services::NeutronSriovHostConfig: OS::Heat::None diff --git a/environments/services/heat-api-cloudwatch.yaml b/environments/services/heat-api-cloudwatch.yaml new file mode 100644 index 00000000..ce22a91c --- /dev/null +++ b/environments/services/heat-api-cloudwatch.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::HeatApiCloudwatch: ../../puppet/services/heat-api-cloudwatch.yaml diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration index 487857ef..d754aafd 100644 --- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration @@ -186,14 +186,13 @@ function retry() { set -e } -function detect_satellite_version { - ping_api=$REG_SAT_URL/katello/api/ping - if curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $ping_api | grep "200 OK"; then - echo Satellite 6 detected at $REG_SAT_URL - satellite_version=6 +function detect_satellite_server { + if curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm | grep "200 OK"; then + echo Satellite 6 or beyond with Katello API detected at $REG_SAT_URL + katello_api_enabled=1 elif curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then - echo Satellite 5 detected at $REG_SAT_URL - satellite_version=5 + echo Satellite 5 with RHN detected at $REG_SAT_URL + katello_api_enabled=0 else echo No Satellite detected at $REG_SAT_URL exit 1 @@ -231,8 +230,8 @@ case "${REG_METHOD:-}" in retry subscription-manager $repos ;; satellite) - detect_satellite_version - if [ "$satellite_version" = "6" ]; then + detect_satellite_server + if [ "$katello_api_enabled" = "1" ]; then repos="$repos --enable ${satellite_repo}" curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index e19ccd84..dfb0e910 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -103,31 +103,12 @@ parameters: internal use only, this will be removed in future. type: json - InternalApiNetName: - default: internal_api - description: The name of the internal_api network. +{%- for network in networks %} + {{network.name}}NetName: + default: {{network.name_lower}} + description: The name of the {{network.name_lower}} network. type: string - ExternalNetName: - default: external - description: The name of the external network. - type: string - ManagementNetName: - default: management - description: The name of the management network. - type: string - StorageNetName: - default: storage - description: The name of the storage network. - type: string - StorageMgmtNetName: - default: storage_mgmt - description: The name of the storage_mgmt network. - type: string - TenantNetName: - default: tenant - description: The name of the tenant network. - type: string - +{%- endfor %} parameter_groups: - label: deprecated @@ -145,12 +126,9 @@ resources: - map_replace: - {get_param: ServiceNetMapDefaults} - values: - external: {get_param: ExternalNetName} - internal_api: {get_param: InternalApiNetName} - storage: {get_param: StorageNetName} - storage_mgmt: {get_param: StorageMgmtNetName} - tenant: {get_param: TenantNetName} - management: {get_param: ManagementNetName} +{%- for network in networks %} + {{network.name_lower}}: {get_param: {{network.name}}NetName} +{%- endfor %} - map_replace: - {get_param: ServiceNetMap} - keys: {get_param: ServiceNetMapDeprecatedMapping} diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index e402f125..3ee77218 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -133,7 +133,7 @@ resource_registry: OS::TripleO::Services::GlanceRegistry: puppet/services/disabled/glance-registry-disabled.yaml OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml - OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml + OS::TripleO::Services::HeatApiCloudwatch: puppet/services/disabled/heat-api-cloudwatch-disabled.yaml OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml OS::TripleO::Services::Kernel: puppet/services/kernel.yaml OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index 367ac5b6..3506fe8e 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -491,8 +491,12 @@ resources: type: OS::TripleO::Network::Ports::NetIpListMap properties: ControlPlaneIpList: {get_attr: [{{role.name}}, ip_address]} -{%- for network in networks if network.enabled|default(true) %} +{%- for network in networks %} + {%- if network.enabled|default(true) %} {{network.name}}IpList: {get_attr: [{{role.name}}, {{network.name_lower}}_ip_address]} + {%- else %} + {{network.name}}IpList: {get_attr: [{{role.name}}, ip_address]} + {%- endif %} {%- endfor %} EnabledServices: {get_attr: [{{role.name}}ServiceNames, value]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.j2.yaml index 37c1d4e5..bdd2bcf3 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.j2.yaml @@ -2,14 +2,10 @@ heat_template_version: pike description: 'All Nodes Config for Puppet' parameters: - cloud_name_external: - type: string - cloud_name_internal_api: - type: string - cloud_name_storage: - type: string - cloud_name_storage_mgmt: +{%- for network in networks if network.vip|default(false) %} + cloud_name_{{network.name_lower}}: type: string +{%- endfor %} cloud_name_ctlplane: type: string enabled_services: @@ -70,30 +66,12 @@ parameters: type: boolean default: false - InternalApiNetName: - default: internal_api - description: The name of the internal_api network. - type: string - ExternalNetName: - default: external - description: The name of the external network. - type: string - ManagementNetName: - default: management - description: The name of the management network. - type: string - StorageNetName: - default: storage - description: The name of the storage network. - type: string - StorageMgmtNetName: - default: storage_mgmt - description: The name of the storage_mgmt network. - type: string - TenantNetName: - default: tenant - description: The name of the tenant network. +{%- for network in networks %} + {{network.name}}NetName: + default: {{network.name_lower}} + description: The name of the {{network.name_lower}} network. type: string +{%- endfor %} resources: diff --git a/puppet/services/disabled/heat-api-cloudwatch-disabled.yaml b/puppet/services/disabled/heat-api-cloudwatch-disabled.yaml new file mode 100644 index 00000000..f7935712 --- /dev/null +++ b/puppet/services/disabled/heat-api-cloudwatch-disabled.yaml @@ -0,0 +1,48 @@ +heat_template_version: pike + +description: > + Openstack Heat CloudWatch API service, disabled by default since Pike + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the disabled Heat CloudWatch API + value: + service_name: heat_api_cloudwatch_disabled + upgrade_tasks: + - name: Check if heat_api_cloudwatch is deployed + command: systemctl is-enabled openstack-heat-api-cloudwatch + tags: step1 + ignore_errors: True + register: heat_api_cloudwatch_enabled + - name: Stop and disable heat_api_cloudwatch service (pre-upgrade not under httpd) + tags: step1 + when: heat_api_cloudwatch_enabled.rc == 0 + service: name=openstack-heat-api-cloudwatch state=stopped enabled=no diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml index 2bc08fde..30ea4e1e 100644 --- a/puppet/services/memcached.yaml +++ b/puppet/services/memcached.yaml @@ -54,6 +54,7 @@ outputs: # internal_api_subnet - > IP/CIDR memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]} memcached::max_memory: {get_param: MemcachedMaxMemory} + memcached::verbosity: 'v' tripleo.memcached.firewall_rules: '121 memcached': dport: 11211 diff --git a/puppet/services/neutron-lbaas.yaml b/puppet/services/neutron-lbaas.yaml index ec477ddc..a2c1a2ae 100644 --- a/puppet/services/neutron-lbaas.yaml +++ b/puppet/services/neutron-lbaas.yaml @@ -73,3 +73,6 @@ outputs: service_config_settings: neutron_api: neutron::server::service_providers: {get_param: NeutronServiceProviders} + horizon: + horizon::neutron_options: + enable_lb: True diff --git a/releasenotes/notes/disable-heat-api-cloudwatch-d5a471da22472bde.yaml b/releasenotes/notes/disable-heat-api-cloudwatch-d5a471da22472bde.yaml new file mode 100644 index 00000000..5c732c01 --- /dev/null +++ b/releasenotes/notes/disable-heat-api-cloudwatch-d5a471da22472bde.yaml @@ -0,0 +1,15 @@ +--- +upgrade: + - | + The Heat API Cloudwatch API is deprecated in Pike and so it removed + by default during the Ocata to Pike upgrade. If you wish to keep this + service then you should use the environments/heat-api-cloudwatch.yaml + environment file in the tripleo-heat-templates during the upgrade (note + that this is migrated to running under httpd, if you do decide to keep + this service on Pike). +deprecations: + - | + The Heat API Cloudwatch API is deprecated in Pike and so it is now not + deployed by default. You can override this behaviour with the + environments/heat-api-cloudwatch.yaml environment file in the + tripleo-heat-templates. diff --git a/releasenotes/notes/fix-dynamic-network-disabled-9f700a9e900221b6.yaml b/releasenotes/notes/fix-dynamic-network-disabled-9f700a9e900221b6.yaml new file mode 100644 index 00000000..c6cb3636 --- /dev/null +++ b/releasenotes/notes/fix-dynamic-network-disabled-9f700a9e900221b6.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes dynamic networks to fallback to ctlplane network when they are + disabled. diff --git a/releasenotes/notes/sat_capsule-bb59fad44c17f97f.yaml b/releasenotes/notes/sat_capsule-bb59fad44c17f97f.yaml new file mode 100644 index 00000000..58298d36 --- /dev/null +++ b/releasenotes/notes/sat_capsule-bb59fad44c17f97f.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + For deployments running on RHEL with Satellite 6 (or beyond) with Capsule (Katello API enabled), + the Katello API is available on 8443 port, so the previous API ping didn't work for this case. + Capsule is now supported since we just check if katello-ca-consumer-latest rpm is available + to tell that Satellite version is 6 or beyond. |