summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ci/environments/scenario001-multinode-containers.yaml1
-rw-r--r--ci/environments/scenario007-multinode-containers.yaml3
-rw-r--r--common/deploy-steps-tasks.yaml6
-rw-r--r--common/deploy-steps.j26
-rw-r--r--deployed-server/deployed-server-roles-data.yaml267
-rwxr-xr-xdeployed-server/scripts/enable-ssh-admin.sh33
-rwxr-xr-xdocker/docker-puppet.py12
-rw-r--r--docker/services/ceph-ansible/ceph-mon.yaml1
-rw-r--r--docker/services/ceph-ansible/ceph-osd.yaml1
-rw-r--r--docker/services/horizon.yaml2
-rw-r--r--docker/services/memcached.yaml16
-rw-r--r--docker/services/swift-storage.yaml5
-rw-r--r--environments/docker.yaml2
-rw-r--r--environments/services/heat-api-cloudwatch.yaml2
-rw-r--r--extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration17
-rw-r--r--network/service_net_map.j2.yaml38
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml2
-rw-r--r--overcloud.j2.yaml6
-rw-r--r--puppet/all-nodes-config.j2.yaml (renamed from puppet/all-nodes-config.yaml)38
-rw-r--r--puppet/services/disabled/heat-api-cloudwatch-disabled.yaml48
-rw-r--r--puppet/services/memcached.yaml1
-rw-r--r--puppet/services/neutron-lbaas.yaml3
-rw-r--r--releasenotes/notes/disable-heat-api-cloudwatch-d5a471da22472bde.yaml15
-rw-r--r--releasenotes/notes/fix-dynamic-network-disabled-9f700a9e900221b6.yaml5
-rw-r--r--releasenotes/notes/sat_capsule-bb59fad44c17f97f.yaml7
25 files changed, 368 insertions, 169 deletions
diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml
index 89182666..df12bc59 100644
--- a/ci/environments/scenario001-multinode-containers.yaml
+++ b/ci/environments/scenario001-multinode-containers.yaml
@@ -101,7 +101,6 @@ parameter_defaults:
devices:
- /dev/loop3
journal_size: 512
- journal_collocation: true
osd_scenario: collocated
CephAnsibleExtraConfig:
ceph_conf_overrides:
diff --git a/ci/environments/scenario007-multinode-containers.yaml b/ci/environments/scenario007-multinode-containers.yaml
index bad3e4a5..149f2d32 100644
--- a/ci/environments/scenario007-multinode-containers.yaml
+++ b/ci/environments/scenario007-multinode-containers.yaml
@@ -7,6 +7,9 @@ resource_registry:
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
+ OS::TripleO::Services::SwiftProxy: OS::Heat::None
+ OS::TripleO::Services::SwiftStorage: OS::Heat::None
+ OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::Clustercheck
diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml
index 73d3036c..785095b6 100644
--- a/common/deploy-steps-tasks.yaml
+++ b/common/deploy-steps-tasks.yaml
@@ -4,11 +4,15 @@
#####################################################
# Per step puppet configuration of the baremetal host
#####################################################
+ - name: Set host puppet debugging fact string
+ set_fact:
+ host_puppet_config_debug: "--debug --verbose"
+ when: enable_debug|default(false)
- name: Write the config_step hieradata
copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true mode=0600
- name: Run puppet host configuration for step {{step}}
command: >-
- puppet apply
+ puppet apply {{ host_puppet_config_debug|default('') }}
--modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules
--logdest syslog --logdest console --color=false
/var/lib/tripleo-config/puppet_step_config.pp
diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2
index a1bd8826..5c923a99 100644
--- a/common/deploy-steps.j2
+++ b/common/deploy-steps.j2
@@ -48,6 +48,10 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ConfigDebug:
+ default: false
+ description: Whether to run config management (e.g. Puppet) in debug mode.
+ type: boolean
DockerPuppetDebug:
type: string
default: ''
@@ -85,6 +89,7 @@ resources:
- name: role_name
- name: update_identifier
- name: bootstrap_server_id
+ - name: enable_debug
- name: docker_puppet_debug
- name: docker_puppet_process_count
config:
@@ -291,6 +296,7 @@ resources:
role_name: {{role.name}}
update_identifier: {get_param: DeployIdentifier}
bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']}
+ enable_debug: {get_param: ConfigDebug}
docker_puppet_debug: {get_param: DockerPuppetDebug}
docker_puppet_process_count: {get_param: DockerPuppetProcessCount}
{% endfor %}
diff --git a/deployed-server/deployed-server-roles-data.yaml b/deployed-server/deployed-server-roles-data.yaml
index 73dc9099..8611940a 100644
--- a/deployed-server/deployed-server-roles-data.yaml
+++ b/deployed-server/deployed-server-roles-data.yaml
@@ -24,163 +24,268 @@
- name: ControllerDeployedServer
CountDefault: 1
disable_constraints: True
+ tags:
+ - primary
+ - controller
+ networks:
+ - External
+ - InternalApi
+ - Storage
+ - StorageMgmt
+ - Tenant
+ HostnameFormatDefault: '%stackname%-controller-%index%'
ServicesDefault:
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::BarbicanApi
- OS::TripleO::Services::CACerts
- - OS::TripleO::Services::CertmongerUser
- - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentNotification
+ # FIXME: This service was disabled in Pike and this entry should be removed
+ # in Queens.
+ - OS::TripleO::Services::CeilometerApi
+ - OS::TripleO::Services::CeilometerCollector
+ - OS::TripleO::Services::CeilometerExpirer
- OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::CephMds
+ - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CephRbdMirror
- OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderBackendDellPs
+ - OS::TripleO::Services::CinderBackendDellSc
+ - OS::TripleO::Services::CinderBackendDellEMCUnity
+ - OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI
+ - OS::TripleO::Services::CinderBackendNetApp
+ - OS::TripleO::Services::CinderBackendScaleIO
+ - OS::TripleO::Services::CinderBackendVRTSHyperScale
- OS::TripleO::Services::CinderBackup
+ - OS::TripleO::Services::CinderHPELeftHandISCSI
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
- - OS::TripleO::Services::Kernel
- - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::Clustercheck
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Congress
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Ec2Api
+ - OS::TripleO::Services::Etcd
+ - OS::TripleO::Services::ExternalSwiftProxy
+ - OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::GnocchiApi
+ - OS::TripleO::Services::GnocchiMetricd
+ - OS::TripleO::Services::GnocchiStatsd
+ - OS::TripleO::Services::HAproxy
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::Horizon
+ - OS::TripleO::Services::IronicApi
+ - OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::IronicPxe
- OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::ManilaApi
+ - OS::TripleO::Services::ManilaBackendCephFs
+ - OS::TripleO::Services::ManilaBackendGeneric
+ - OS::TripleO::Services::ManilaBackendIsilon
+ - OS::TripleO::Services::ManilaBackendNetapp
+ - OS::TripleO::Services::ManilaBackendUnity
+ - OS::TripleO::Services::ManilaBackendVNX
+ - OS::TripleO::Services::ManilaBackendVMAX
+ - OS::TripleO::Services::ManilaScheduler
+ - OS::TripleO::Services::ManilaShare
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::MongoDb
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronApi
+ - OS::TripleO::Services::NeutronBgpVpnApi
+ - OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL2gwAgent
+ - OS::TripleO::Services::NeutronL2gwApi
- OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronLbaasv2Agent
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronMetadataAgent
- - OS::TripleO::Services::NeutronApi
- - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronML2FujitsuCfab
+ - OS::TripleO::Services::NeutronML2FujitsuFossw
- OS::TripleO::Services::NeutronOvsAgent
- - OS::TripleO::Services::RabbitMQ
- - OS::TripleO::Services::HAproxy
- - OS::TripleO::Services::Keepalived
- - OS::TripleO::Services::Memcached
- - OS::TripleO::Services::Pacemaker
- - OS::TripleO::Services::Redis
- - OS::TripleO::Services::NovaConductor
- - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaConsoleauth
+ - OS::TripleO::Services::NovaIronic
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaScheduler
- - OS::TripleO::Services::NovaConsoleauth
- OS::TripleO::Services::NovaVncProxy
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
+ - OS::TripleO::Services::OctaviaApi
+ - OS::TripleO::Services::OctaviaHealthManager
+ - OS::TripleO::Services::OctaviaHousekeeping
+ - OS::TripleO::Services::OctaviaWorker
+ - OS::TripleO::Services::OpenDaylightApi
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::OVNController
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::PankoApi
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::SaharaApi
+ - OS::TripleO::Services::SaharaEngine
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::SwiftProxy
- - OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::SwiftRingBuilder
- - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::Tacker
- OS::TripleO::Services::Timezone
- - OS::TripleO::Services::CeilometerApi
- - OS::TripleO::Services::CeilometerCollector
- - OS::TripleO::Services::CeilometerExpirer
- - OS::TripleO::Services::CeilometerAgentCentral
- - OS::TripleO::Services::CeilometerAgentNotification
- - OS::TripleO::Services::Horizon
- - OS::TripleO::Services::GnocchiApi
- - OS::TripleO::Services::GnocchiMetricd
- - OS::TripleO::Services::GnocchiStatsd
- - OS::TripleO::Services::ManilaApi
- - OS::TripleO::Services::ManilaScheduler
- - OS::TripleO::Services::ManilaBackendGeneric
- - OS::TripleO::Services::ManilaBackendIsilon
- - OS::TripleO::Services::ManilaBackendNetapp
- - OS::TripleO::Services::ManilaBackendUnity
- - OS::TripleO::Services::ManilaBackendCephFs
- - OS::TripleO::Services::ManilaBackendVNX
- - OS::TripleO::Services::ManilaBackendVMAX
- - OS::TripleO::Services::ManilaShare
- - OS::TripleO::Services::AodhApi
- - OS::TripleO::Services::AodhEvaluator
- - OS::TripleO::Services::AodhNotifier
- - OS::TripleO::Services::AodhListener
- - OS::TripleO::Services::SaharaApi
- - OS::TripleO::Services::SaharaEngine
- - OS::TripleO::Services::IronicApi
- - OS::TripleO::Services::IronicConductor
- - OS::TripleO::Services::NovaIronic
- - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::OpenDaylightApi
- - OS::TripleO::Services::OpenDaylightOvs
- - OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::BarbicanApi
- - OS::TripleO::Services::PankoApi
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Tuned
+ - OS::TripleO::Services::Vpp
- OS::TripleO::Services::Zaqar
- - OS::TripleO::Services::OVNDBs
- name: ComputeDeployedServer
CountDefault: 1
HostnameFormatDefault: '%stackname%-novacompute-%index%'
disable_constraints: True
+ disable_upgrade_deployment: True
+ networks:
+ - InternalApi
+ - Tenant
+ - Storage
ServicesDefault:
+ - OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CephClient
- OS::TripleO::Services::CephExternal
- - OS::TripleO::Services::Timezone
- - OS::TripleO::Services::Ntp
- - OS::TripleO::Services::Snmp
- - OS::TripleO::Services::NovaCompute
- - OS::TripleO::Services::NovaLibvirt
- - OS::TripleO::Services::NovaMigrationTarget
- - OS::TripleO::Services::Kernel
- - OS::TripleO::Services::ComputeNeutronCorePlugin
- - OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
- OS::TripleO::Services::ComputeCeilometerAgent
+ - OS::TripleO::Services::ComputeNeutronCorePlugin
- OS::TripleO::Services::ComputeNeutronL3Agent
- OS::TripleO::Services::ComputeNeutronMetadataAgent
- - OS::TripleO::Services::TripleoPackages
- - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronSriovAgent
- OS::TripleO::Services::NeutronSriovHostConfig
+ - OS::TripleO::Services::NeutronVppAgent
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::NovaMigrationTarget
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Tuned
+ - OS::TripleO::Services::Vpp
+ - OS::TripleO::Services::OVNController
- name: BlockStorageDeployedServer
disable_constraints: True
+ networks:
+ - InternalApi
+ - Storage
+ - StorageMgmt
ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::BlockStorageCinderVolume
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
- - OS::TripleO::Services::BlockStorageCinderVolume
+ - OS::TripleO::Services::CinderBackendVRTSHyperScale
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
- - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::ContainersLogrotateCrond
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Tuned
- name: ObjectStorageDeployedServer
disable_constraints: True
+ networks:
+ - InternalApi
+ - Storage
+ - StorageMgmt
+ disable_upgrade_deployment: True
ServicesDefault:
+ - OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
- - OS::TripleO::Services::SwiftStorage
- - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::ContainersLogrotateCrond
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::Timezone
- - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Tuned
- name: CephStorageDeployedServer
disable_constraints: True
+ networks:
+ - Storage
+ - StorageMgmt
ServicesDefault:
+ - OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CephOSD
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
- OS::TripleO::Services::Timezone
- - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Tuned
diff --git a/deployed-server/scripts/enable-ssh-admin.sh b/deployed-server/scripts/enable-ssh-admin.sh
index dcabeadf..daff3907 100755
--- a/deployed-server/scripts/enable-ssh-admin.sh
+++ b/deployed-server/scripts/enable-ssh-admin.sh
@@ -10,6 +10,7 @@ SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"$HOME/.ssh/id_rsa"}
# this is the intended variable for overriding
OVERCLOUD_SSH_KEY=${OVERCLOUD_SSH_KEY:-"$SUBNODES_SSH_KEY"}
+SHORT_TERM_KEY_COMMENT="TripleO split stack short term key"
SLEEP_TIME=5
function overcloud_ssh_hosts_json {
@@ -22,7 +23,7 @@ print(json.dumps(re.split("\s+", sys.stdin.read().strip())))'
function overcloud_ssh_key_json {
# we pass the contents to Mistral instead of just path, otherwise
# the key file would have to be readable for the mistral user
- cat "$OVERCLOUD_SSH_KEY" | python -c 'import json,sys; print(json.dumps(sys.stdin.read()))'
+ cat "$1" | python -c 'import json,sys; print(json.dumps(sys.stdin.read()))'
}
function workflow_finished {
@@ -30,6 +31,12 @@ function workflow_finished {
openstack workflow execution show -f shell $execution_id | grep 'state="SUCCESS"' > /dev/null
}
+function generate_short_term_keys {
+ local tmpdir=$(mktemp -d)
+ ssh-keygen -N '' -t rsa -b 4096 -f "$tmpdir/id_rsa" -C "$SHORT_TERM_KEY_COMMENT" > /dev/null
+ echo "$tmpdir"
+}
+
if [ -z "$OVERCLOUD_HOSTS" ]; then
echo 'Please set $OVERCLOUD_HOSTS'
exit 1
@@ -41,7 +48,20 @@ echo "SSH key file: $OVERCLOUD_SSH_KEY"
echo "Hosts: $OVERCLOUD_HOSTS"
echo
-EXECUTION_PARAMS="{\"ssh_user\": \"$OVERCLOUD_SSH_USER\", \"ssh_servers\": $(overcloud_ssh_hosts_json), \"ssh_private_key\": $(overcloud_ssh_key_json)}"
+SHORT_TERM_KEY_DIR=$(generate_short_term_keys)
+SHORT_TERM_KEY_PRIVATE="$SHORT_TERM_KEY_DIR/id_rsa"
+SHORT_TERM_KEY_PUBLIC="$SHORT_TERM_KEY_DIR/id_rsa.pub"
+SHORT_TERM_KEY_PUBLIC_CONTENT=$(cat $SHORT_TERM_KEY_PUBLIC)
+
+for HOST in $OVERCLOUD_HOSTS; do
+ echo "Inserting TripleO short term key for $HOST"
+ # prepending an extra newline so that if authorized_keys didn't
+ # end with a newline previously, we don't end up garbling it up
+ ssh -i "$OVERCLOUD_SSH_KEY" -l "$OVERCLOUD_SSH_USER" "$HOST" "echo -e '\n$SHORT_TERM_KEY_PUBLIC_CONTENT' >> \$HOME/.ssh/authorized_keys"
+done
+
+echo "Starting ssh admin enablement workflow"
+EXECUTION_PARAMS="{\"ssh_user\": \"$OVERCLOUD_SSH_USER\", \"ssh_servers\": $(overcloud_ssh_hosts_json), \"ssh_private_key\": $(overcloud_ssh_key_json "$SHORT_TERM_KEY_PRIVATE")}"
EXECUTION_CREATE_OUTPUT=$(openstack workflow execution create -f shell -d 'deployed server ssh admin creation' tripleo.access.v1.enable_ssh_admin "$EXECUTION_PARAMS")
echo "$EXECUTION_CREATE_OUTPUT"
EXECUTION_ID=$(echo "$EXECUTION_CREATE_OUTPUT" | grep '^id=' | awk '-F"' '{ print $2 }')
@@ -56,5 +76,14 @@ while ! workflow_finished $EXECUTION_ID; do
sleep $SLEEP_TIME
echo -n .
done
+echo # newline after the previous dots
+
+for HOST in $OVERCLOUD_HOSTS; do
+ echo "Removing TripleO short term key from $HOST"
+ ssh -l "$OVERCLOUD_SSH_USER" "$HOST" "sed -i -e '/$SHORT_TERM_KEY_COMMENT/d' \$HOME/.ssh/authorized_keys"
+done
+
+echo "Removing short term keys locally"
+rm -r "$SHORT_TERM_KEY_DIR"
echo "Success."
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py
index cc247031..533ed07d 100755
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@@ -90,16 +90,17 @@ def match_config_volume(prefix, config):
config_volume=None
for v in volumes:
if v.startswith(prefix):
- config_volume = os.path.relpath(
- v.split(":")[0], prefix).split("/")[0]
+ config_volume = os.path.dirname(v.split(":")[0])
break
return config_volume
-def get_config_hash(prefix, config_volume):
- hashfile = os.path.join(prefix, "%s.md5sum" % config_volume)
+def get_config_hash(config_volume):
+ hashfile = "%s.md5sum" % config_volume
+ log.debug("Looking for hashfile %s for config_volume %s" % (hashfile, config_volume))
hash_data = None
if os.path.isfile(hashfile):
+ log.debug("Got hashfile %s for config_volume %s" % (hashfile, config_volume))
with open(hashfile) as f:
hash_data = f.read().rstrip()
return hash_data
@@ -248,6 +249,7 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
# Write a checksum of the config-data dir, this is used as a
# salt to trigger container restart when the config changes
tar -c -f - /var/lib/config-data/${NAME} --mtime='1970-01-01' | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum
+ tar -c -f - /var/lib/config-data/puppet-generated/${NAME} --mtime='1970-01-01' | md5sum | awk '{print $1}' > /var/lib/config-data/puppet-generated/${NAME}.md5sum
fi
""")
@@ -371,7 +373,7 @@ for infile in infiles:
for k, v in infile_data.iteritems():
config_volume = match_config_volume(config_volume_prefix, v)
if config_volume:
- config_hash = get_config_hash(config_volume_prefix, config_volume)
+ config_hash = get_config_hash(config_volume)
if config_hash:
env = v.get('environment', [])
env.append("TRIPLEO_CONFIG_HASH=%s" % config_hash)
diff --git a/docker/services/ceph-ansible/ceph-mon.yaml b/docker/services/ceph-ansible/ceph-mon.yaml
index 45f939c2..90b2db3b 100644
--- a/docker/services/ceph-ansible/ceph-mon.yaml
+++ b/docker/services/ceph-ansible/ceph-mon.yaml
@@ -83,4 +83,3 @@ outputs:
- {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
- monitor_secret: {get_param: CephMonKey}
admin_secret: {get_param: CephAdminKey}
- monitor_interface: br_ex
diff --git a/docker/services/ceph-ansible/ceph-osd.yaml b/docker/services/ceph-ansible/ceph-osd.yaml
index a441f5c9..de55924b 100644
--- a/docker/services/ceph-ansible/ceph-osd.yaml
+++ b/docker/services/ceph-ansible/ceph-osd.yaml
@@ -37,7 +37,6 @@ parameters:
devices:
- /dev/vdb
journal_size: 512
- journal_collocation: true
osd_scenario: collocated
resources:
diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml
index d6ffb6dc..2c7d7a74 100644
--- a/docker/services/horizon.yaml
+++ b/docker/services/horizon.yaml
@@ -113,7 +113,7 @@ outputs:
volumes:
- /var/log/containers/horizon:/var/log/horizon
- /var/log/containers/httpd/horizon:/var/log/httpd
- - /var/lib/config-data/horizon/etc/:/etc/
+ - /var/lib/config-data/puppet-generated/horizon/etc/openstack-dashboard:/etc/openstack-dashboard
step_3:
horizon:
image: *horizon_image
diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml
index c78b85a6..67b84249 100644
--- a/docker/services/memcached.yaml
+++ b/docker/services/memcached.yaml
@@ -80,8 +80,8 @@ outputs:
user: root
volumes:
- /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro
- - /var/log/memcached.log:/var/log/memcached.log
- command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; chown ${USER} /var/log/memcached.log']
+ - /var/log/containers/memcached:/var/log/
+ command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; touch /var/log/memcached.log && chown ${USER} /var/log/memcached.log']
memcached:
start_order: 1
image: *memcached_image
@@ -93,8 +93,16 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro
- # TODO(bogdando) capture memcached syslog logs from a container
- command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS']
+ - /var/log/containers/memcached:/var/log/
+ # NOTE: We're adding the log redirection here, even though should
+ # already be part of the options. This is because the redirection
+ # via the options is not working and ends up being passed as a
+ # parameter to the memcached command (which it silently ignores).
+ # Thus the need for the explicit redirection here. The redirection
+ # will be removed from the $OPTIONS, which is done via the puppet
+ # module, but we'll only be able to do this once the following pull
+ # request merges: https://github.com/saz/puppet-memcached/pull/88
+ command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS >> /var/log/memcached.log 2>&1']
upgrade_tasks:
- name: Stop and disable memcached service
tags: step2
diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml
index e0c1194a..2d7aff6e 100644
--- a/docker/services/swift-storage.yaml
+++ b/docker/services/swift-storage.yaml
@@ -83,7 +83,10 @@ outputs:
logging_source: {get_attr: [SwiftStorageBase, role_data, logging_source]}
logging_groups: {get_attr: [SwiftStorageBase, role_data, logging_groups]}
step_config: &step_config
- get_attr: [SwiftStorageBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - {get_attr: [SwiftStorageBase, role_data, step_config]}
+ - "class xinetd() {}"
service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
diff --git a/environments/docker.yaml b/environments/docker.yaml
index 57379925..58691cc1 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -58,6 +58,8 @@ resource_registry:
# OS::TripleO::Services::CinderBackup: ../docker/services/cinder-backup.yaml
# OS::TripleO::Services::CinderVolume: ../docker/services/cinder-volume.yaml
#
+ OS::TripleO::Services::SwiftDispersion: OS::Heat::None
+
# If SR-IOV is enabled on the compute nodes, it will need the SR-IOV
# host configuration.
OS::TripleO::Services::NeutronSriovHostConfig: OS::Heat::None
diff --git a/environments/services/heat-api-cloudwatch.yaml b/environments/services/heat-api-cloudwatch.yaml
new file mode 100644
index 00000000..ce22a91c
--- /dev/null
+++ b/environments/services/heat-api-cloudwatch.yaml
@@ -0,0 +1,2 @@
+resource_registry:
+ OS::TripleO::Services::HeatApiCloudwatch: ../../puppet/services/heat-api-cloudwatch.yaml
diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
index 487857ef..d754aafd 100644
--- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
+++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
@@ -186,14 +186,13 @@ function retry() {
set -e
}
-function detect_satellite_version {
- ping_api=$REG_SAT_URL/katello/api/ping
- if curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $ping_api | grep "200 OK"; then
- echo Satellite 6 detected at $REG_SAT_URL
- satellite_version=6
+function detect_satellite_server {
+ if curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm | grep "200 OK"; then
+ echo Satellite 6 or beyond with Katello API detected at $REG_SAT_URL
+ katello_api_enabled=1
elif curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then
- echo Satellite 5 detected at $REG_SAT_URL
- satellite_version=5
+ echo Satellite 5 with RHN detected at $REG_SAT_URL
+ katello_api_enabled=0
else
echo No Satellite detected at $REG_SAT_URL
exit 1
@@ -231,8 +230,8 @@ case "${REG_METHOD:-}" in
retry subscription-manager $repos
;;
satellite)
- detect_satellite_version
- if [ "$satellite_version" = "6" ]; then
+ detect_satellite_server
+ if [ "$katello_api_enabled" = "1" ]; then
repos="$repos --enable ${satellite_repo}"
curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm"
diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml
index e19ccd84..dfb0e910 100644
--- a/network/service_net_map.j2.yaml
+++ b/network/service_net_map.j2.yaml
@@ -103,31 +103,12 @@ parameters:
internal use only, this will be removed in future.
type: json
- InternalApiNetName:
- default: internal_api
- description: The name of the internal_api network.
+{%- for network in networks %}
+ {{network.name}}NetName:
+ default: {{network.name_lower}}
+ description: The name of the {{network.name_lower}} network.
type: string
- ExternalNetName:
- default: external
- description: The name of the external network.
- type: string
- ManagementNetName:
- default: management
- description: The name of the management network.
- type: string
- StorageNetName:
- default: storage
- description: The name of the storage network.
- type: string
- StorageMgmtNetName:
- default: storage_mgmt
- description: The name of the storage_mgmt network.
- type: string
- TenantNetName:
- default: tenant
- description: The name of the tenant network.
- type: string
-
+{%- endfor %}
parameter_groups:
- label: deprecated
@@ -145,12 +126,9 @@ resources:
- map_replace:
- {get_param: ServiceNetMapDefaults}
- values:
- external: {get_param: ExternalNetName}
- internal_api: {get_param: InternalApiNetName}
- storage: {get_param: StorageNetName}
- storage_mgmt: {get_param: StorageMgmtNetName}
- tenant: {get_param: TenantNetName}
- management: {get_param: ManagementNetName}
+{%- for network in networks %}
+ {{network.name_lower}}: {get_param: {{network.name}}NetName}
+{%- endfor %}
- map_replace:
- {get_param: ServiceNetMap}
- keys: {get_param: ServiceNetMapDeprecatedMapping}
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index e402f125..3ee77218 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -133,7 +133,7 @@ resource_registry:
OS::TripleO::Services::GlanceRegistry: puppet/services/disabled/glance-registry-disabled.yaml
OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml
OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml
- OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml
+ OS::TripleO::Services::HeatApiCloudwatch: puppet/services/disabled/heat-api-cloudwatch-disabled.yaml
OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml
OS::TripleO::Services::Kernel: puppet/services/kernel.yaml
OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index 367ac5b6..3506fe8e 100644
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -491,8 +491,12 @@ resources:
type: OS::TripleO::Network::Ports::NetIpListMap
properties:
ControlPlaneIpList: {get_attr: [{{role.name}}, ip_address]}
-{%- for network in networks if network.enabled|default(true) %}
+{%- for network in networks %}
+ {%- if network.enabled|default(true) %}
{{network.name}}IpList: {get_attr: [{{role.name}}, {{network.name_lower}}_ip_address]}
+ {%- else %}
+ {{network.name}}IpList: {get_attr: [{{role.name}}, ip_address]}
+ {%- endif %}
{%- endfor %}
EnabledServices: {get_attr: [{{role.name}}ServiceNames, value]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.j2.yaml
index 37c1d4e5..bdd2bcf3 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.j2.yaml
@@ -2,14 +2,10 @@ heat_template_version: pike
description: 'All Nodes Config for Puppet'
parameters:
- cloud_name_external:
- type: string
- cloud_name_internal_api:
- type: string
- cloud_name_storage:
- type: string
- cloud_name_storage_mgmt:
+{%- for network in networks if network.vip|default(false) %}
+ cloud_name_{{network.name_lower}}:
type: string
+{%- endfor %}
cloud_name_ctlplane:
type: string
enabled_services:
@@ -70,30 +66,12 @@ parameters:
type: boolean
default: false
- InternalApiNetName:
- default: internal_api
- description: The name of the internal_api network.
- type: string
- ExternalNetName:
- default: external
- description: The name of the external network.
- type: string
- ManagementNetName:
- default: management
- description: The name of the management network.
- type: string
- StorageNetName:
- default: storage
- description: The name of the storage network.
- type: string
- StorageMgmtNetName:
- default: storage_mgmt
- description: The name of the storage_mgmt network.
- type: string
- TenantNetName:
- default: tenant
- description: The name of the tenant network.
+{%- for network in networks %}
+ {{network.name}}NetName:
+ default: {{network.name_lower}}
+ description: The name of the {{network.name_lower}} network.
type: string
+{%- endfor %}
resources:
diff --git a/puppet/services/disabled/heat-api-cloudwatch-disabled.yaml b/puppet/services/disabled/heat-api-cloudwatch-disabled.yaml
new file mode 100644
index 00000000..f7935712
--- /dev/null
+++ b/puppet/services/disabled/heat-api-cloudwatch-disabled.yaml
@@ -0,0 +1,48 @@
+heat_template_version: pike
+
+description: >
+ Openstack Heat CloudWatch API service, disabled by default since Pike
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+
+outputs:
+ role_data:
+ description: Role data for the disabled Heat CloudWatch API
+ value:
+ service_name: heat_api_cloudwatch_disabled
+ upgrade_tasks:
+ - name: Check if heat_api_cloudwatch is deployed
+ command: systemctl is-enabled openstack-heat-api-cloudwatch
+ tags: step1
+ ignore_errors: True
+ register: heat_api_cloudwatch_enabled
+ - name: Stop and disable heat_api_cloudwatch service (pre-upgrade not under httpd)
+ tags: step1
+ when: heat_api_cloudwatch_enabled.rc == 0
+ service: name=openstack-heat-api-cloudwatch state=stopped enabled=no
diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml
index 2bc08fde..30ea4e1e 100644
--- a/puppet/services/memcached.yaml
+++ b/puppet/services/memcached.yaml
@@ -54,6 +54,7 @@ outputs:
# internal_api_subnet - > IP/CIDR
memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]}
memcached::max_memory: {get_param: MemcachedMaxMemory}
+ memcached::verbosity: 'v'
tripleo.memcached.firewall_rules:
'121 memcached':
dport: 11211
diff --git a/puppet/services/neutron-lbaas.yaml b/puppet/services/neutron-lbaas.yaml
index ec477ddc..a2c1a2ae 100644
--- a/puppet/services/neutron-lbaas.yaml
+++ b/puppet/services/neutron-lbaas.yaml
@@ -73,3 +73,6 @@ outputs:
service_config_settings:
neutron_api:
neutron::server::service_providers: {get_param: NeutronServiceProviders}
+ horizon:
+ horizon::neutron_options:
+ enable_lb: True
diff --git a/releasenotes/notes/disable-heat-api-cloudwatch-d5a471da22472bde.yaml b/releasenotes/notes/disable-heat-api-cloudwatch-d5a471da22472bde.yaml
new file mode 100644
index 00000000..5c732c01
--- /dev/null
+++ b/releasenotes/notes/disable-heat-api-cloudwatch-d5a471da22472bde.yaml
@@ -0,0 +1,15 @@
+---
+upgrade:
+ - |
+ The Heat API Cloudwatch API is deprecated in Pike and so it removed
+ by default during the Ocata to Pike upgrade. If you wish to keep this
+ service then you should use the environments/heat-api-cloudwatch.yaml
+ environment file in the tripleo-heat-templates during the upgrade (note
+ that this is migrated to running under httpd, if you do decide to keep
+ this service on Pike).
+deprecations:
+ - |
+ The Heat API Cloudwatch API is deprecated in Pike and so it is now not
+ deployed by default. You can override this behaviour with the
+ environments/heat-api-cloudwatch.yaml environment file in the
+ tripleo-heat-templates.
diff --git a/releasenotes/notes/fix-dynamic-network-disabled-9f700a9e900221b6.yaml b/releasenotes/notes/fix-dynamic-network-disabled-9f700a9e900221b6.yaml
new file mode 100644
index 00000000..c6cb3636
--- /dev/null
+++ b/releasenotes/notes/fix-dynamic-network-disabled-9f700a9e900221b6.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+ - |
+ Fixes dynamic networks to fallback to ctlplane network when they are
+ disabled.
diff --git a/releasenotes/notes/sat_capsule-bb59fad44c17f97f.yaml b/releasenotes/notes/sat_capsule-bb59fad44c17f97f.yaml
new file mode 100644
index 00000000..58298d36
--- /dev/null
+++ b/releasenotes/notes/sat_capsule-bb59fad44c17f97f.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+ - |
+ For deployments running on RHEL with Satellite 6 (or beyond) with Capsule (Katello API enabled),
+ the Katello API is available on 8443 port, so the previous API ping didn't work for this case.
+ Capsule is now supported since we just check if katello-ca-consumer-latest rpm is available
+ to tell that Satellite version is 6 or beyond.