diff options
| -rw-r--r-- | environments/hyperconverged-ceph.yaml | 1 | ||||
| -rw-r--r-- | extraconfig/nova_metadata/krb-service-principals.yaml | 6 | ||||
| -rw-r--r-- | puppet/services/ceph-rgw.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/congress.yaml | 1 | ||||
| -rw-r--r-- | puppet/services/ironic-conductor.yaml | 21 | ||||
| -rw-r--r-- | puppet/services/monitoring/sensu-client.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/neutron-compute-plugin-ovn.yaml | 1 | ||||
| -rw-r--r-- | puppet/services/ovn-dbs.yaml | 6 | ||||
| -rw-r--r-- | puppet/services/pacemaker.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/services.yaml | 11 | ||||
| -rw-r--r-- | releasenotes/notes/docker-service-all-roles-5c22a018caeafcf0.yaml | 5 | ||||
| -rw-r--r-- | releasenotes/notes/ironic-neutron-integration-76c4f9e0d10785e4.yaml | 9 | ||||
| -rw-r--r-- | releasenotes/notes/ovn-fcd4b0168e6745a8.yaml | 6 | ||||
| -rw-r--r-- | releasenotes/source/conf.py | 4 | ||||
| -rw-r--r-- | roles_data.yaml | 4 | ||||
| -rwxr-xr-x | scripts/hosts-config.sh | 18 |
16 files changed, 77 insertions, 22 deletions
diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 7b778aad..f1c90e2d 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -33,3 +33,4 @@ parameter_defaults: - OS::TripleO::Services::CephOSD - OS::TripleO::Services::Vpp - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Docker diff --git a/extraconfig/nova_metadata/krb-service-principals.yaml b/extraconfig/nova_metadata/krb-service-principals.yaml index c66e6460..56d3cbc0 100644 --- a/extraconfig/nova_metadata/krb-service-principals.yaml +++ b/extraconfig/nova_metadata/krb-service-principals.yaml @@ -46,7 +46,7 @@ resources: # Filter null values and values that contain don't contain # 'metadata_settings', get the values from that key and get the # unique ones. - expression: list($.data.where($ != null).where($.containsKey('metadata_settings')).metadata_settings.flatten().distinct()) + expression: list(coalesce($.data, []).where($ != null).where($.containsKey('metadata_settings')).metadata_settings.flatten().distinct()) data: {get_param: RoleData} # Generates entries for nova metadata with the following format: @@ -57,7 +57,7 @@ resources: properties: value: yaql: - expression: let(fqdns => $.data.fqdns) -> dict($.data.metadata.where($ != null and $.type = 'vip').select([concat('managed_service_', $.service, $.network), concat($.service, '/', $fqdns.get($.network))])) + expression: let(fqdns => $.data.fqdns) -> dict(coalesce($.data.metadata, []).where($ != null and $.type = 'vip').select([concat('managed_service_', $.service, $.network), concat($.service, '/', $fqdns.get($.network))])) data: metadata: {get_attr: [IncomingMetadataSettings, value]} fqdns: @@ -72,7 +72,7 @@ resources: properties: value: yaql: - expression: dict($.data.where($ != null and $.type = 'node').select([$.service, $.network.replace('_', '')]).groupBy($[0], $[1])) + expression: dict(coalesce($.data, []).where($ != null and $.type = 'node').select([$.service, $.network.replace('_', '')]).groupBy($[0], $[1])) data: {get_attr: [IncomingMetadataSettings, value]} outputs: diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index 01531971..49856115 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -73,7 +73,7 @@ outputs: ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} - ceph::rgw::keystone::auth::roles: [ 'admin', 'member', '_member_' ] + ceph::rgw::keystone::auth::roles: [ 'admin', 'Member', '_member_' ] ceph::rgw::keystone::auth::tenant: service ceph::rgw::keystone::auth::user: swift ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 1d9eecb1..5f6b5657 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -79,6 +79,7 @@ outputs: congress::rabbit_port: {get_param: RabbitClientPort} congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]} + congress::keystone::authtoken::password: {get_param: CongressPassword} congress::keystone::authtoken::project_name: 'service' congress::keystone::authtoken::user_domain_name: 'Default' congress::keystone::authtoken::project_domain_name: 'Default' diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 56e1a90b..be910d10 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -32,6 +32,15 @@ parameters: created yet) and should be changed to an actual UUID in a post-deployment stack update. type: string + IronicDefaultNetworkInterface: + default: 'flat' + description: Network interface implementation to use by default. + Set to "flat" (the default) to use one flat provider network. + Set to "neutron" to make Ironic interact with the Neutron + ML2 driver to enable other network types and certain + advances networking features. Requires + IronicProvisioningNetwork to be correctly set. + type: string IronicEnabledDrivers: default: ['pxe_ipmitool', 'pxe_drac', 'pxe_ilo'] description: Enabled Ironic drivers @@ -48,6 +57,15 @@ parameters: description: The password for the Ironic service and db account, used by the Ironic services type: string hidden: true + IronicProvisioningNetwork: + default: 'provisioning' + description: Name or UUID of the *overcloud* network used for provisioning + of bare metal nodes, if IronicDefaultNetworkInterface is + set to "neutron". The default value of "provisioning" can be + left during the initial deployment (when no networks are + created yet) and should be changed to an actual UUID in + a post-deployment stack update. + type: string MonitoringSubscriptionIronicConductor: default: 'overcloud-ironic-conductor' type: string @@ -72,6 +90,7 @@ outputs: - ironic::conductor::api_url: {get_param: [EndpointMap, IronicInternal, uri_no_suffix]} ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase} ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork} + ironic::conductor::provisioning_network: {get_param: IronicProvisioningNetwork} ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers} # We need an endpoint containing a real IP, not a VIP here ironic_conductor_http_host: {get_param: [ServiceNetMap, IronicNetwork]} @@ -93,6 +112,8 @@ outputs: # NOTE(dtantsur): UEFI only works with iPXE currently for us ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template' ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi' + ironic::drivers::interfaces::enabled_network_interfaces: ['flat', 'neutron'] + ironic::drivers::interfaces::default_network_interface: {get_param: IronicDefaultNetworkInterface} tripleo.ironic_conductor.firewall_rules: '134 ironic conductor TFTP': dport: 69 diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml index aba2b1ed..4b5f36ac 100644 --- a/puppet/services/monitoring/sensu-client.yaml +++ b/puppet/services/monitoring/sensu-client.yaml @@ -81,4 +81,4 @@ outputs: - name: Install sensu package if it was disabled tags: step3 yum: name=sensu state=latest - when: sensu_client.rc != 0 + when: sensu_client_enabled.rc != 0 diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/neutron-compute-plugin-ovn.yaml index e3a4da99..0dca29ab 100644 --- a/puppet/services/neutron-compute-plugin-ovn.yaml +++ b/puppet/services/neutron-compute-plugin-ovn.yaml @@ -48,6 +48,7 @@ outputs: ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType} ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]} ovn::controller::ovn_bridge_mappings: {get_param: NeutronBridgeMappings} + nova::compute::force_config_drive: true tripleo.neutron_compute_plugin_ovn.firewall_rules: '118 neutron vxlan networks': proto: 'udp' diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml index 7f81afde..6b8be77c 100644 --- a/puppet/services/ovn-dbs.yaml +++ b/puppet/services/ovn-dbs.yaml @@ -36,5 +36,11 @@ outputs: ovn::northbound::port: {get_param: OVNNorthboundServerPort} ovn::southbound::port: {get_param: OVNSouthboundServerPort} ovn::northd::dbs_listen_ip: {get_param: [ServiceNetMap, OvnDbsNetwork]} + tripleo.ovn_dbs.firewall_rules: + '121 OVN DB server ports': + proto: 'tcp' + dport: + - {get_param: OVNNorthboundServerPort} + - {get_param: OVNSouthboundServerPort} step_config: | include ::tripleo::profile::base::neutron::ovn_northd diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index 28fcbd6f..f7a0edf8 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -141,6 +141,8 @@ outputs: - name: Check pacemaker cluster running before upgrade tags: step0,validation pacemaker_cluster: state=online check_and_fail=true + async: 30 + poll: 4 - name: Stop pacemaker cluster tags: step2 pacemaker_cluster: state=offline diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index a2286d16..9820b431 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -90,14 +90,11 @@ outputs: # fluentd user. yaql: expression: > - set($.data.groups.flatten()).where($) + set(($.data.default + $.data.extra + $.data.role_data.where($ != null).select($.get('logging_groups'))).flatten()).where($) data: - groups: - - [{get_attr: [LoggingConfiguration, LoggingDefaultGroups]}] - - yaql: - expression: list($.data.role_data.where($ != null).select($.get('logging_groups')).where($ != null)) - data: {role_data: {get_attr: [ServiceChain, role_data]}} - - [{get_attr: [LoggingConfiguration, LoggingExtraGroups]}] + default: {get_attr: [LoggingConfiguration, LoggingDefaultGroups]} + extra: {get_attr: [LoggingConfiguration, LoggingExtraGroups]} + role_data: {get_attr: [ServiceChain, role_data]} config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} global_config_settings: map_merge: diff --git a/releasenotes/notes/docker-service-all-roles-5c22a018caeafcf0.yaml b/releasenotes/notes/docker-service-all-roles-5c22a018caeafcf0.yaml new file mode 100644 index 00000000..734db08a --- /dev/null +++ b/releasenotes/notes/docker-service-all-roles-5c22a018caeafcf0.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + When deploying with environments/docker.yaml, the docker service + is now deployed on all predefined roles. diff --git a/releasenotes/notes/ironic-neutron-integration-76c4f9e0d10785e4.yaml b/releasenotes/notes/ironic-neutron-integration-76c4f9e0d10785e4.yaml new file mode 100644 index 00000000..dd99acc7 --- /dev/null +++ b/releasenotes/notes/ironic-neutron-integration-76c4f9e0d10785e4.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + Allow setting the Ironic provisioning network UUID or name via new + ``IronicProvisioningNetwork`` configuration. + - | + Enable support for "neutron" Ironic networking plugin, enabling advanced + integration with Neutron, such as VLAN/VXLAN network support, bonding and + security groups. diff --git a/releasenotes/notes/ovn-fcd4b0168e6745a8.yaml b/releasenotes/notes/ovn-fcd4b0168e6745a8.yaml new file mode 100644 index 00000000..f5ccec06 --- /dev/null +++ b/releasenotes/notes/ovn-fcd4b0168e6745a8.yaml @@ -0,0 +1,6 @@ +--- +features: + - Support configuring NeutronBridgeMappings + - Set force_config_drive to true as OVN doesn't support metadata service + - Add necessary iptables rules to allow Geneve traffic and ovsdb-server + traffic for Northbound and Southbound databases. diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py index 8da995b0..ec158ceb 100644 --- a/releasenotes/source/conf.py +++ b/releasenotes/source/conf.py @@ -52,9 +52,9 @@ copyright = u'2017, TripleO Developers' # built documents. # # The full version, including alpha/beta/rc tags. -release = '6.0.0.0b3' +release = '7.0.0.0b1' # The short X.Y version. -version = '6.0.0' +version = '7.0.0' # The full version, including alpha/beta/rc tags. diff --git a/roles_data.yaml b/roles_data.yaml index d7721353..48859473 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -163,6 +163,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Vpp - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Docker - name: BlockStorage ServicesDefault: @@ -182,6 +183,7 @@ - OS::TripleO::Services::AuditD - OS::TripleO::Services::Collectd - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Docker - name: ObjectStorage disable_upgrade_deployment: True @@ -203,6 +205,7 @@ - OS::TripleO::Services::AuditD - OS::TripleO::Services::Collectd - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Docker - name: CephStorage ServicesDefault: @@ -222,3 +225,4 @@ - OS::TripleO::Services::AuditD - OS::TripleO::Services::Collectd - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Docker diff --git a/scripts/hosts-config.sh b/scripts/hosts-config.sh index f456b316..b3109a0c 100755 --- a/scripts/hosts-config.sh +++ b/scripts/hosts-config.sh @@ -13,14 +13,16 @@ write_entries() { if grep -q "^# HEAT_HOSTS_START" "$file"; then temp=$(mktemp) - awk -v v="$entries" '/^# HEAT_HOSTS_START/ { - print $0 - print v - f=1 - }f &&!/^# HEAT_HOSTS_END$/{next}/^# HEAT_HOSTS_END$/{f=0}!f' "$file" > "$temp" - echo "INFO: Updating hosts file $file, check below for changes" - diff "$file" "$temp" || true - cat "$temp" > "$file" + ( + sed '/^# HEAT_HOSTS_START/,$d' "$file" + echo -ne "\n# HEAT_HOSTS_START - Do not edit manually within this section!\n" + echo "$entries" + echo -ne "# HEAT_HOSTS_END\n\n" + sed '1,/^# HEAT_HOSTS_END/d' "$file" + ) > "$temp" + echo "INFO: Updating hosts file $file, check below for changes" + diff "$file" "$temp" || true + cat "$temp" > "$file" else echo -ne "\n# HEAT_HOSTS_START - Do not edit manually within this section!\n" >> "$file" echo "$entries" >> "$file" |