diff options
133 files changed, 6269 insertions, 3013 deletions
@@ -44,3 +44,18 @@ doc/_build # Built by pbr (python setup.py sdist): AUTHORS ChangeLog + +extraconfig/all_nodes/mac_hostname.yaml +extraconfig/all_nodes/random_string.yaml +extraconfig/all_nodes/swap-partition.yaml +extraconfig/all_nodes/swap.yaml +extraconfig/tasks/major_upgrade_pacemaker_init.yaml +network/service_net_map.yaml +overcloud-resource-registry-puppet.yaml +overcloud.yaml +puppet/blockstorage-config.yaml +puppet/cephstorage-config.yaml +puppet/compute-config.yaml +puppet/controller-config.yaml +puppet/objectstorage-config.yaml +puppet/post.yaml @@ -1,3 +1,12 @@ +======================== +Team and repository tags +======================== + +.. image:: http://governance.openstack.org/badges/tripleo-heat-templates.svg + :target: http://governance.openstack.org/reference/tags/index.html + +.. Change things from this point on + ====================== tripleo-heat-templates ====================== diff --git a/ci/README.rst b/ci/README.rst new file mode 100644 index 00000000..44e8626d --- /dev/null +++ b/ci/README.rst @@ -0,0 +1,11 @@ +======================= +TripleO CI environments +======================= + +TripleO CI environments are exclusively used for Continuous Integration +purpose or for development usage. +They should not be used in production and we don't guarantee they work outside +TripleO CI. + +For more informations about TripleO CI, please look: +https://github.com/openstack-infra/tripleo-ci diff --git a/ci/common/net-config-multinode.yaml b/ci/common/net-config-multinode.yaml new file mode 100644 index 00000000..49a06881 --- /dev/null +++ b/ci/common/net-config-multinode.yaml @@ -0,0 +1,64 @@ +heat_template_version: 2015-04-30 + +description: > + Software Config to drive os-net-config for a simple bridge configured + with a static IP address for the ctlplane network. + +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: + default: '' + description: IP address/subnet on the management network + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + +resources: + OsNetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + str_replace: + template: | + #!/bin/bash + ip addr add CONTROLPLANEIP/CONTROLPLANESUBNETCIDR dev $bridge_name + params: + CONTROLPLANEIP: {get_param: ControlPlaneIp} + CONTROLPLANESUBNETCIDR: {get_param: ControlPlaneSubnetCidr} + inputs: + - + name: bridge_name + default: br-ex + description: bridge-name + type: String + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: {get_resource: OsNetConfigImpl} diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml new file mode 100644 index 00000000..ee5bd648 --- /dev/null +++ b/ci/environments/scenario001-multinode.yaml @@ -0,0 +1,81 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::CephMon: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-osd.yaml + OS::TripleO::Services::CephClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-client.yaml + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::Redis + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true + #NOTE(gfidente): not great but we need this to deploy on ext4 + #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ + ExtraConfig: + ceph::profile::params::osd_max_object_name_len: 256 + ceph::profile::params::osd_max_object_namespace_len: 64 + #NOTE: These ID's and keys should be regenerated for + # a production deployment. What is here is suitable for + # developer and CI testing only. + CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' + CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' + CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + NovaEnableRbdBackend: true + CinderEnableRbdBackend: true + CinderBackupBackend: ceph + GlanceBackend: rbd + GnocchiBackend: rbd + CinderEnableIscsiBackend: false diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml new file mode 100644 index 00000000..97fec24c --- /dev/null +++ b/ci/environments/scenario002-multinode.yaml @@ -0,0 +1,51 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::Zaqar + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml new file mode 100644 index 00000000..092426cb --- /dev/null +++ b/ci/environments/scenario003-multinode.yaml @@ -0,0 +1,52 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml + OS::TripleO::Services::MistralApi: ../../puppet/services/mistral-api.yaml + OS::TripleO::Services::MistralEngine: ../../puppet/services/mistral-engine.yaml + OS::TripleO::Services::MistralExecutor: ../../puppet/services/mistral-executor.yaml + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::MistralApi + - OS::TripleO::Services::MistralEngine + - OS::TripleO::Services::MistralExecutor + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true + # we don't deploy Swift so we switch to file backend. + GlanceBackend: 'file' + KeystoneTokenProvider: 'fernet' diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml new file mode 100644 index 00000000..4aa18709 --- /dev/null +++ b/ci/environments/scenario004-multinode.yaml @@ -0,0 +1,62 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::CephMon: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-osd.yaml + OS::TripleO::Services::CephClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-client.yaml + OS::TripleO::Services::CephRgw: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-rgw.yaml + OS::TripleO::Services::SwiftProxy: OS::Heat::None + OS::TripleO::Services::SwiftStorage: OS::Heat::None + OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceRegistry + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephRgw + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true + #NOTE(gfidente): not great but we need this to deploy on ext4 + #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ + ExtraConfig: + ceph::profile::params::osd_max_object_name_len: 256 + ceph::profile::params::osd_max_object_namespace_len: 64 + #NOTE: These ID's and keys should be regenerated for + # a production deployment. What is here is suitable for + # developer and CI testing only. + CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' + CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' + CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' diff --git a/ci/pingtests/scenario001-multinode.yaml b/ci/pingtests/scenario001-multinode.yaml new file mode 100644 index 00000000..ede83db0 --- /dev/null +++ b/ci/pingtests/scenario001-multinode.yaml @@ -0,0 +1,186 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to created resources deployed by scenario001. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + volume1: + type: OS::Cinder::Volume + properties: + name: Volume1 + image: { get_param: image } + size: 1 + + server1: + type: OS::Nova::Server + depends_on: volume1 + properties: + name: Server1 + block_device_mapping: + - device_name: vda + volume_id: { get_resource: volume1 } + flavor: { get_resource: test_flavor } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + +# Disabling this resource now +# https://bugs.launchpad.net/tripleo/+bug/1646506 +# gnocchi_res_alarm: +# type: OS::Aodh::GnocchiResourcesAlarm +# properties: +# description: Do stuff with gnocchi +# metric: cpu_util +# aggregation_method: mean +# granularity: 60 +# evaluation_periods: 1 +# threshold: 50 +# alarm_actions: [] +# resource_type: instance +# resource_id: { get_resource: server1 } +# comparison_operator: gt + + asg: + type: OS::Heat::AutoScalingGroup + properties: + max_size: 5 + min_size: 1 + resource: + type: OS::Heat::RandomString + + scaleup_policy: + type: OS::Heat::ScalingPolicy + properties: + adjustment_type: change_in_capacity + auto_scaling_group_id: {get_resource: asg} + cooldown: 0 + scaling_adjustment: 1 + + alarm: + type: OS::Aodh::Alarm + properties: + description: Scale-up if the average CPU > 50% for 1 minute + meter_name: test_meter + statistic: count + comparison_operator: ge + threshold: 1 + period: 60 + evaluation_periods: 1 + alarm_actions: + - {get_attr: [scaleup_policy, alarm_url]} + matching_metadata: + metadata.metering.stack_id: {get_param: "OS::stack_id"} + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } + asg_size: + value: {get_attr: [asg, current_size]} diff --git a/ci/pingtests/scenario002-multinode.yaml b/ci/pingtests/scenario002-multinode.yaml new file mode 100644 index 00000000..1ab7eef9 --- /dev/null +++ b/ci/pingtests/scenario002-multinode.yaml @@ -0,0 +1,158 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to created resources deployed by scenario002. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + luks_volume_type: + type: OS::Cinder::VolumeType + properties: + name: LUKS + + encrypted_volume_type: + type: OS::Cinder::EncryptedVolumeType + properties: + volume_type: {get_resource: luks_volume_type} + provider: nova.volume.encryptors.luks.LuksEncryptor + cipher: aes-xts-plain64 + control_location: front-end + key_size: 256 + + volume1: + type: OS::Cinder::Volume + depends_on: encrypted_volume_type + properties: + name: Volume1 + image: { get_param: image } + size: 1 + volume_type: {get_resource: luks_volume_type} + + server1: + type: OS::Nova::Server + depends_on: volume1 + properties: + name: Server1 + block_device_mapping: + - device_name: vda + volume_id: { get_resource: volume1 } + flavor: { get_resource: test_flavor } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + + zaqar_queue: + type: OS::Zaqar::Queue + properties: + name: pingtest-queue + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } diff --git a/ci/pingtests/scenario003-multinode.yaml b/ci/pingtests/scenario003-multinode.yaml new file mode 100644 index 00000000..445c47af --- /dev/null +++ b/ci/pingtests/scenario003-multinode.yaml @@ -0,0 +1,154 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to created resources deployed by scenario003. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + server1: + type: OS::Nova::Server + properties: + name: Server1 + flavor: { get_resource: test_flavor } + image: { get_param: image } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + + sahara-image: + type: OS::Sahara::ImageRegistry + properties: + image: { get_param: image } + username: cirros + tags: + - tripleo + + mistral_workflow: + type: OS::Mistral::Workflow + properties: + type: direct + name: test_workflow + description: Just testing workflow resource. + input: + phrase: Hello! + output: + out: <% $.word %> + tasks: + - name: hello + action: std.echo output=<% $.phrase %> + publish: + word: <% $.hello %> + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } + exec: + description: Mistral output verifying execution + value: { get_attr: [mistral_workflow, executions]}
\ No newline at end of file diff --git a/ci/pingtests/scenario004-multinode.yaml b/ci/pingtests/scenario004-multinode.yaml new file mode 100644 index 00000000..17792cd1 --- /dev/null +++ b/ci/pingtests/scenario004-multinode.yaml @@ -0,0 +1,127 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to created resources deployed by scenario004. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + server1: + type: OS::Nova::Server + properties: + name: Server1 + flavor: { get_resource: test_flavor } + image: { get_param: image } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } diff --git a/deployed-server/scripts/get-occ-config.sh b/deployed-server/scripts/get-occ-config.sh index 2c01174e..d6219e85 100755 --- a/deployed-server/scripts/get-occ-config.sh +++ b/deployed-server/scripts/get-occ-config.sh @@ -18,21 +18,21 @@ read -a BlockStorage_hosts_a <<< $BLOCKSTORAGE_HOSTS read -a ObjectStorage_hosts_a <<< $OBJECTSTORAGE_HOSTS read -a CephStorage_hosts_a <<< $CEPHSTORAGE_HOSTS -roles="Controller Compute BlockStorage ObjectStorage CephStorage" +roles=${OVERCLOUD_ROLES:-"Controller Compute BlockStorage ObjectStorage CephStorage"} admin_user_id=$(openstack user show admin -c id -f value) admin_project_id=$(openstack project show admin -c id -f value) function check_stack { - local stack_to_check=$1 + local stack_to_check=${1:-""} - if [ "$stack_to_check" = "|" ]; then + if [ "$stack_to_check" = "" ]; then echo Stack not created return 1 fi echo Checking if $1 stack is created set +e - heat resource-list $stack_to_check + openstack stack resource list $stack_to_check rc=$? set -e @@ -49,13 +49,13 @@ for role in $roles; do sleep $SLEEP_TIME done - rg_stack=$(heat resource-list overcloud | grep " $role " | awk '{print $4}') + rg_stack=$(openstack stack resource show overcloud $role -c physical_resource_id -f value) while ! check_stack $rg_stack; do sleep $SLEEP_TIME - rg_stack=$(heat resource-list overcloud | grep " $role " | awk '{print $4}') + rg_stack=$(openstack stack resource show overcloud $role -c physical_resource_id -f value) done - stacks=$(heat resource-list $rg_stack | grep OS::TripleO::$role | awk '{print $4}') + stacks=$(openstack stack resource list $rg_stack -c physical_resource_id -f value) i=0 @@ -65,13 +65,13 @@ for role in $roles; do server_resource_name="NovaCompute" fi - server_stack=$(heat resource-list $stack | grep " $server_resource_name " | awk '{print $4}') + server_stack=$(openstack stack resource show $stack $server_resource_name -c physical_resource_id -f value) while ! check_stack $server_stack; do sleep $SLEEP_TIME - server_stack=$(heat resource-list $stack | grep " $server_resource_name " | awk '{print $4}') + server_stack=$(openstack stack resource show $stack $server_resource_name -c physical_resource_id -f value) done - deployed_server_stack=$(heat resource-list $server_stack | grep "deployed-server" | awk '{print $4}') + deployed_server_stack=$(openstack stack resource show $server_stack deployed-server -c physical_resource_id -f value) echo "======================" echo "$role$i os-collect-config.conf configuration:" diff --git a/docker/README-containers.md b/docker/README-containers.md index ff062a93..5a9f6f3c 100644 --- a/docker/README-containers.md +++ b/docker/README-containers.md @@ -20,6 +20,9 @@ glance image-create --name atomic-image --file Fedora-Cloud-Atomic-22-20150521.x You can use the tripleo.sh script up until the point of running the Overcloud. https://github.com/openstack/tripleo-common/blob/master/scripts/tripleo.sh +You will want to set up the runtime puppet script delivery system described here: +http://hardysteven.blogspot.ca/2016/08/tripleo-deploy-artifacts-and-puppet.html + Create the Overcloud: ``` $ openstack overcloud deploy --templates=tripleo-heat-templates -e tripleo-heat-templates/environments/docker.yaml -e tripleo-heat-templates/environments/docker-network.yaml --libvirt-type=qemu diff --git a/docker/compute-post.yaml b/docker/compute-post.yaml deleted file mode 100644 index 60b831be..00000000 --- a/docker/compute-post.yaml +++ /dev/null @@ -1,349 +0,0 @@ -heat_template_version: 2015-10-15 -description: > - OpenStack compute node post deployment for Docker. - -parameters: - servers: - type: json - DeployIdentifier: - type: string - description: Value which changes if the node configuration may need to be re-applied - DockerNamespace: - type: string - default: tripleoupstream - DockerComputeImage: - type: string - DockerComputeDataImage: - type: string - DockerLibvirtImage: - type: string - DockerOpenvswitchImage: - type: string - DockerOvsVswitchdImage: - type: string - DockerOpenvswitchDBImage: - type: string - LibvirtConfig: - type: string - default: "/etc/libvirt/libvirtd.conf" - NovaConfig: - type: string - default: "/etc/nova/nova.conf,/etc/nova/rootwrap.conf" - NeutronOpenvswitchAgentConfig: - type: string - default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini" - NeutronOpenvswitchAgentPluginVolume: - type: string - default: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/ovs_neutron_plugin.ini:ro" - NeutronOpenvswitchAgentOvsVolume: - type: string - default: " " - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - RoleData: - type: json - default: {} - - -resources: - - ComputePuppetConfig: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_hiera: True - enable_facter: False - tags: package,file,concat,file_line,nova_config,neutron_config,neutron_agent_ovs,neutron_plugin_ml2 - inputs: - - name: tripleo::packages::enable_install - type: Boolean - default: True - outputs: - - name: result - config: - list_join: - - '' - - - get_file: ../puppet/manifests/overcloud_compute.pp - - {get_param: StepConfig} - - - ComputePuppetDeployment: - type: OS::Heat::SoftwareDeployments - properties: - name: ComputePuppetDeployment - servers: {get_param: servers} - config: {get_resource: ComputePuppetConfig} - input_values: - update_identifier: {get_param: DeployIdentifier} - tripleo::packages::enable_install: True - - CopyEtcConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - outputs: - - name: result - config: {get_file: ./copy-etc.sh} - - CopyEtcDeployment: - type: OS::Heat::SoftwareDeployments - depends_on: ComputePuppetDeployment - properties: - name: CopyEtcDeployment - config: {get_resource: CopyEtcConfig} - servers: {get_param: servers} - - CopyJsonConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - inputs: - - name: libvirt_config - - name: nova_config - - name: neutron_openvswitch_agent_config - config: | - #!/bin/python - import json - import os - - data = {} - file_perms = '600' - libvirt_perms = '644' - - libvirt_config = os.getenv('libvirt_config').split(',') - nova_config = os.getenv('nova_config').split(',') - neutron_openvswitch_agent_config = os.getenv('neutron_openvswitch_agent_config').split(',') - - # Command, Config_files, Owner, Perms - services = {'nova-libvirt': ['/usr/sbin/libvirtd', libvirt_config, 'root', libvirt_perms], - 'nova-compute': ['/usr/bin/nova-compute', nova_config, 'nova', file_perms], - 'neutron-openvswitch-agent': ['/usr/bin/neutron-openvswitch-agent', neutron_openvswitch_agent_config, 'neutron', file_perms], - 'ovs-vswitchd': ['/usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --log-file=/var/log/openvswitch/ovs-vswitchd.log'], - 'ovsdb-server': ['/usr/sbin/ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/run/openvswitch/db.sock --log-file=/var/log/openvswitch/ovsdb-server.log'] - } - - - def build_config_files(config, owner, perms): - config_source = '/var/lib/kolla/config_files/' - config_files_dict = {} - source = os.path.basename(config) - dest = config - config_files_dict.update({'source': config_source + source, - 'dest': dest, - 'owner': owner, - 'perm': perms}) - return config_files_dict - - - for service in services: - if service != 'ovs-vswitchd' and service != 'ovsdb-server': - command = services.get(service)[0] - config_files = services.get(service)[1] - owner = services.get(service)[2] - perms = services.get(service)[3] - config_files_list = [] - for config_file in config_files: - if service == 'nova-libvirt': - command = command + ' --config ' + config_file - else: - command = command + ' --config-file ' + config_file - data['command'] = command - config_files_dict = build_config_files(config_file, owner, perms) - config_files_list.append(config_files_dict) - data['config_files'] = config_files_list - else: - data['command'] = services.get(service)[0] - data['config_files'] = [] - - json_config_dir = '/var/lib/etc-data/json-config/' - with open(json_config_dir + service + '.json', 'w') as json_file: - json.dump(data, json_file, sort_keys=True, indent=4, separators=(',', ': ')) - - CopyJsonDeployment: - type: OS::Heat::SoftwareDeployments - depends_on: CopyEtcDeployment - properties: - name: CopyJsonDeployment - config: {get_resource: CopyJsonConfig} - servers: {get_param: servers} - input_values: - libvirt_config: {get_param: LibvirtConfig} - nova_config: {get_param: NovaConfig} - neutron_openvswitch_agent_config: {get_param: NeutronOpenvswitchAgentConfig} - - NovaComputeContainersDeploymentOVS: - type: OS::Heat::StructuredDeployments - depends_on: CopyJsonDeployment - properties: - name: NovaComputeContainersDeploymentOVS - config: {get_resource: NovaComputeContainersConfigOVS} - servers: {get_param: servers} - - NovaComputeContainersConfigOVS: - type: OS::Heat::StructuredConfig - properties: - group: docker-cmd - config: - ovsvswitchd: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOvsVswitchdImage} ] - net: host - privileged: true - restart: always - volumes: - - /run:/run - - /lib/modules:/lib/modules:ro - - /var/lib/etc-data/json-config/ovs-vswitchd.json:/var/lib/kolla/config_files/config.json - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - - openvswitchdb: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchDBImage} ] - net: host - restart: always - volumes: - - /run:/run - - /var/lib/etc-data/json-config/ovsdb-server.json:/var/lib/kolla/config_files/config.json - - /etc/openvswitchd:/etc/openvswitchd - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - - NovaComputeContainersDeploymentNetconfig: - type: OS::Heat::SoftwareDeployments - depends_on: NovaComputeContainersDeploymentOVS - properties: - name: NovaComputeContainersDeploymentNetconfig - config: {get_resource: NovaComputeContainersConfigNetconfig} - servers: {get_param: servers} - - # We run os-net-config here because we depend on the ovs containers to be up - # and running before we configure the network. This allows explicit timing - # of the network configuration. - NovaComputeContainersConfigNetconfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - outputs: - - name: result - config: | - #!/bin/bash - /usr/local/bin/run-os-net-config - - LibvirtContainersDeployment: - type: OS::Heat::StructuredDeployments - depends_on: [CopyJsonDeployment, CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig] - properties: - name: LibvirtContainersDeployment - config: {get_resource: LibvirtContainersConfig} - servers: {get_param: servers} - - LibvirtContainersConfig: - type: OS::Heat::StructuredConfig - properties: - group: docker-cmd - config: - computedata: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerComputeDataImage} ] - container_name: computedata - volumes: - - /var/lib/nova/instances - - /var/lib/libvirt - - libvirt: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ] - net: host - pid: host - privileged: true - restart: always - volumes: - - /run:/run - - /lib/modules:/lib/modules:ro - - /dev:/dev - - /lib/udev:/lib/udev - - /sys/fs/cgroup:/sys/fs/cgroup - - /var/lib/etc-data/json-config/nova-libvirt.json:/var/lib/kolla/config_files/config.json - - /var/lib/etc-data/libvirt/libvirtd.conf:/var/lib/kolla/config_files/libvirtd.conf - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - volumes_from: - - computedata - - NovaComputeContainersDeployment: - type: OS::Heat::StructuredDeployments - depends_on: [CopyJsonDeployment, CopyEtcDeployment, ComputePuppetDeployment, NovaComputeContainersDeploymentNetconfig, LibvirtContainersDeployment] - properties: - name: NovaComputeContainersDeployment - config: {get_resource: NovaComputeContainersConfig} - servers: {get_param: servers} - - NovaComputeContainersConfig: - type: OS::Heat::StructuredConfig - properties: - group: docker-cmd - config: - neutronovsagent: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] - net: host - pid: host - privileged: true - restart: always - volumes: - str_split: - - "," - - list_join: - - "," - - [ "/run:/run", "/lib/modules:/lib/modules:ro", - "/var/lib/etc-data/json-config/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json", - "/var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro", - "/var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/var/lib/kolla/config_files/ml2_conf.ini:ro", - {get_param: NeutronOpenvswitchAgentPluginVolume}, - {get_param: NeutronOpenvswitchAgentOvsVolume} ] - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - volumes_from: - - computedata - - novacompute: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerComputeImage} ] - net: host - privileged: true - restart: always - volumes: - - /run:/run - - /lib/modules:/lib/modules:ro - - /dev:/dev - - /lib/udev:/lib/udev - - /etc/iscsi:/etc/iscsi - - /var/lib/etc-data/json-config/nova-compute.json:/var/lib/kolla/config_files/config.json - - /var/lib/etc-data/nova/nova.conf:/var/lib/kolla/config_files/nova.conf:ro - - /var/lib/etc-data/nova/rootwrap.conf:/var/lib/kolla/config_files/rootwrap.conf:ro - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - volumes_from: - - computedata - - ExtraConfig: - depends_on: NovaComputeContainersDeployment - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: servers} diff --git a/docker/copy-json.py b/docker/copy-json.py new file mode 100644 index 00000000..e85ff11e --- /dev/null +++ b/docker/copy-json.py @@ -0,0 +1,72 @@ +#!/bin/python +import json +import os + +data = {} +file_perms = '0600' +libvirt_perms = '0644' + +libvirt_config = os.getenv('libvirt_config').split(',') +nova_config = os.getenv('nova_config').split(',') +neutron_openvswitch_agent_config = os.getenv('neutron_openvswitch_agent_config').split(',') + +# Command, Config_files, Owner, Perms +services = { + 'nova-libvirt': [ + '/usr/sbin/libvirtd', + libvirt_config, + 'root', + libvirt_perms], + 'nova-compute': [ + '/usr/bin/nova-compute', + nova_config, + 'nova', + file_perms], + 'neutron-openvswitch-agent': [ + '/usr/bin/neutron-openvswitch-agent', + neutron_openvswitch_agent_config, + 'neutron', + file_perms], + 'ovs-vswitchd': [ + '/usr/sbin/ovs-vswitchd unix:/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --log-file=/var/log/kolla/openvswitch/ovs-vswitchd.log'], + 'ovsdb-server': [ + '/usr/sbin/ovsdb-server /etc/openvswitch/conf.db -vconsole:emer -vsyslog:err -vfile:info --remote=punix:/run/openvswitch/db.sock --remote=ptcp:6640:127.0.0.1 --log-file=/var/log/kolla/openvswitch/ovsdb-server.log'] +} + + +def build_config_files(config, owner, perms): + config_source = '/var/lib/kolla/config_files/' + config_files_dict = {} + source = os.path.basename(config) + dest = config + config_files_dict.update({'source': config_source + source, + 'dest': dest, + 'owner': owner, + 'perm': perms}) + return config_files_dict + + +for service in services: + if service != 'ovs-vswitchd' and service != 'ovsdb-server': + command = services.get(service)[0] + config_files = services.get(service)[1] + owner = services.get(service)[2] + perms = services.get(service)[3] + config_files_list = [] + for config_file in config_files: + if service == 'nova-libvirt': + command = command + ' --config ' + config_file + else: + command = command + ' --config-file ' + config_file + data['command'] = command + config_files_dict = build_config_files(config_file, owner, perms) + config_files_list.append(config_files_dict) + data['config_files'] = config_files_list + else: + data['command'] = services.get(service)[0] + data['config_files'] = [] + + json_config_dir = '/var/lib/etc-data/json-config/' + with open(json_config_dir + service + '.json', 'w') as json_file: + json.dump(data, json_file, sort_keys=True, indent=4, + separators=(',', ': ')) diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml new file mode 100644 index 00000000..de17cffe --- /dev/null +++ b/docker/post.j2.yaml @@ -0,0 +1,308 @@ +heat_template_version: 2016-10-14 + +description: > + Post-deploy configuration steps via puppet for all roles, + as defined in ../roles_data.yaml + +parameters: + servers: + type: json + description: Mapping of Role name e.g Controller to a list of servers + + role_data: + type: json + description: Mapping of Role name e.g Controller to the per-role data + + DeployIdentifier: + default: '' + type: string + description: > + Setting this to a unique value will re-run any deployment tasks which + perform configuration on a Heat stack-update. + + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + + DockerOpenvswitchDBImage: + description: image + default: 'centos-binary-openvswitch-db-server' + type: string + + DockerOvsVswitchdImage: + description: image + default: 'centos-binary-openvswitch-vswitchd' + type: string + + LibvirtConfig: + type: string + default: "/etc/libvirt/libvirtd.conf" + + NovaConfig: + type: string + default: "/etc/nova/nova.conf,/etc/nova/rootwrap.conf" + + NeutronOpenvswitchAgentConfig: + type: string + default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini" + +resources: + +{% for role in roles %} + # Post deployment steps for all roles + # A single config is re-applied with an incrementing step number + # {{role.name}} Role steps + {{role.name}}ArtifactsConfig: + type: ../puppet/deploy-artifacts.yaml + + {{role.name}}ArtifactsDeploy: + type: OS::Heat::StructuredDeploymentGroup + properties: + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}ArtifactsConfig} + + {{role.name}}PreConfig: + type: OS::TripleO::Tasks::{{role.name}}PreConfig + properties: + servers: {get_param: [servers, {{role.name}}]} + input_values: + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Config: + type: OS::TripleO::{{role.name}}Config + properties: + StepConfig: {get_param: [role_data, {{role.name}}, step_config]} + {% if role.name.lower() == 'compute' %} + PuppetTags: {get_param: [role_data, {{role.name}}, puppet_tags]} + {% endif %} + + # Step through a series of configuration steps + {{role.name}}Deployment_Step1: + type: OS::Heat::StructuredDeploymentGroup + depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] + properties: + name: {{role.name}}Deployment_Step1 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 1 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step2: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step1 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step2 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 2 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step3: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step2 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step3 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 3 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step4: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step3 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step4 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 4 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}Deployment_Step5: + type: OS::Heat::StructuredDeploymentGroup + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step4 + {% endfor %} + properties: + name: {{role.name}}Deployment_Step5 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}Config} + input_values: + step: 5 + update_identifier: {get_param: DeployIdentifier} + + {{role.name}}PostConfig: + type: OS::TripleO::Tasks::{{role.name}}PostConfig + depends_on: + {% for dep in roles %} + - {{dep.name}}Deployment_Step5 + {% endfor %} + properties: + servers: {get_param: servers} + input_values: + update_identifier: {get_param: DeployIdentifier} + + # Note, this should come last, so use depends_on to ensure + # this is created after any other resources. + {{role.name}}ExtraConfigPost: + depends_on: + {% for dep in roles %} + - {{dep.name}}PostConfig + {% endfor %} + type: OS::TripleO::NodeExtraConfigPost + properties: + servers: {get_param: [servers, {{role.name}}]} + + {% if role.name.lower() == 'compute' %} + CopyEtcConfig: + type: OS::Heat::SoftwareConfig + depends_on: {{role.name}}PostConfig + properties: + group: script + outputs: + - name: result + config: {get_file: ../docker/copy-etc.sh} + + CopyEtcDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + name: CopyEtcDeployment + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: CopyEtcConfig} + + CopyJsonConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: libvirt_config + - name: nova_config + - name: neutron_openvswitch_agent_config + config: {get_file: ../docker/copy-json.py} + + CopyJsonDeployment: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: CopyEtcDeployment + properties: + name: CopyJsonDeployment + config: {get_resource: CopyJsonConfig} + servers: {get_param: [servers, {{role.name}}]} + input_values: + libvirt_config: {get_param: LibvirtConfig} + nova_config: {get_param: NovaConfig} + neutron_openvswitch_agent_config: {get_param: NeutronOpenvswitchAgentConfig} + + NovaComputeContainersDeploymentOVS: + type: OS::Heat::StructuredDeploymentGroup + depends_on: CopyJsonDeployment + properties: + name: NovaComputeContainersDeploymentOVS + config: {get_resource: NovaComputeContainersConfigOVS} + servers: {get_param: [servers, {{role.name}}]} + + NovaComputeContainersConfigOVS: + type: OS::Heat::StructuredConfig + properties: + group: docker-cmd + config: + openvswitchdb: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchDBImage} ] + net: host + restart: always + volumes: + - /var/lib/etc-data/json-config/ovsdb-server.json:/var/lib/kolla/config_files/config.json + - /etc/localtime:/etc/localtime:ro + - /run:/run + - logs:/var/log/kolla/ + - openvswitch_db:/var/lib/openvswitch/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + + ovsvswitchd: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOvsVswitchdImage} ] + net: host + privileged: true + restart: always + volumes: + - /var/lib/etc-data/json-config/ovs-vswitchd.json:/var/lib/kolla/config_files/config.json + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /run:/run + - logs:/var/log/kolla/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + + NovaComputeContainersDeploymentNetconfig: + type: OS::Heat::SoftwareDeploymentGroup + depends_on: NovaComputeContainersDeploymentOVS + properties: + name: NovaComputeContainersDeploymentNetconfig + config: {get_resource: NovaComputeContainersConfigNetconfig} + servers: {get_param: [servers, {{role.name}}]} + + # We run os-net-config here because we depend on the ovs containers to be up + # and running before we configure the network. This allows explicit timing + # of the network configuration. + NovaComputeContainersConfigNetconfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + outputs: + - name: result + config: | + #!/bin/bash + /usr/local/bin/run-os-net-config + + {{role.name}}ContainersConfig_Step1: + type: OS::Heat::StructuredConfig + depends_on: CopyJsonDeployment + properties: + group: docker-cmd + config: + {get_param: [role_data, {{role.name}}, docker_config, step_1]} + + {{role.name}}ContainersConfig_Step2: + type: OS::Heat::StructuredConfig + depends_on: CopyJsonDeployment + properties: + group: docker-cmd + config: + {get_param: [role_data, {{role.name}}, docker_config, step_2]} + + {{role.name}}ContainersDeployment_Step1: + type: OS::Heat::StructuredDeploymentGroup + depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy, NovaComputeContainersDeploymentNetconfig] + properties: + name: {{role.name}}ContainersDeployment_Step1 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}ContainersConfig_Step1} + + {{role.name}}ContainersDeployment_Step2: + type: OS::Heat::StructuredDeploymentGroup + depends_on: {{role.name}}ContainersDeployment_Step1 + properties: + name: {{role.name}}ContainersDeployment_Step2 + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}ContainersConfig_Step2} + {% endif %} +{% endfor %} diff --git a/docker/services/README.rst b/docker/services/README.rst new file mode 100644 index 00000000..8d1f9e86 --- /dev/null +++ b/docker/services/README.rst @@ -0,0 +1,60 @@ +======== +services +======== + +A TripleO nested stack Heat template that encapsulates generic configuration +data to configure a specific service. This generally includes everything +needed to configure the service excluding the local bind ports which +are still managed in the per-node role templates directly (controller.yaml, +compute.yaml, etc.). All other (global) service settings go into +the puppet/service templates. + +Input Parameters +---------------- + +Each service may define its own input parameters and defaults. +Operators will use the parameter_defaults section of any Heat +environment to set per service parameters. + +Config Settings +--------------- + +Each service may define a config_settings output variable which returns +Hiera settings to be configured. + +Steps +----- + +Each service may define an output variable which returns a puppet manifest +snippet that will run at each of the following steps. Earlier manifests +are re-asserted when applying latter ones. + + * config_settings: Custom hiera settings for this service. These are + used to generate configs. + + * step_config: A puppet manifest that is used to step through the deployment + sequence. Each sequence is given a "step" (via hiera('step') that provides + information for when puppet classes should activate themselves. + + * docker_compose: + + * container_name: + + * volumes: + +Steps correlate to the following: + + 1) Service configuration generation with puppet. + + 2) Early Openstack Service setup (database init?) + + 3) Early containerized networking services startup (OVS) + + 4) Network configuration + + 5) General OpenStack Services + + 6) Service activation (Pacemaker) + + 7) Fencing (Pacemaker) + diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml new file mode 100644 index 00000000..8d092a34 --- /dev/null +++ b/docker/services/neutron-ovs-agent.yaml @@ -0,0 +1,75 @@ +heat_template_version: 2015-04-30 + +description: > + OpenStack Neutron openvswitch service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerOpenvswitchImage: + description: image + default: 'centos-binary-neutron-openvswitch-agent' + type: string + NeutronOpenvswitchAgentPluginVolume: + type: string + default: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/ovs_neutron_plugin.ini:ro" + NeutronOpenvswitchAgentOvsVolume: + type: string + default: " " + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NeutronOvsAgentBase: + type: ../../puppet/services/neutron-ovs-agent.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for Neutron openvswitch service + value: + config_settings: {get_attr: [NeutronOvsAgentBase, role_data, config_settings]} + step_config: {get_attr: [NeutronOvsAgentBase, role_data, step_config]} + puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2 + docker_config: + step_1: + neutronovsagent: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] + net: host + pid: host + privileged: true + restart: always + volumes: + - /var/lib/etc-data/json-config/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json + - /var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro + - /var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/var/lib/kolla/config_files/ml2_conf.ini:ro + - {get_param: NeutronOpenvswitchAgentPluginVolume} + - {get_param: NeutronOpenvswitchAgentOvsVolume} + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /run:/run + - logs:/var/log/kolla/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_2: {} diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml new file mode 100644 index 00000000..5c56aeee --- /dev/null +++ b/docker/services/nova-compute.yaml @@ -0,0 +1,69 @@ +heat_template_version: 2015-04-30 + +description: > + OpenStack containerized Nova Compute service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaComputeImage: + description: image + default: 'centos-binary-nova-compute' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaComputeBase: + type: ../../puppet/services/nova-compute.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Compute service. + value: + config_settings: {get_attr: [NovaComputeBase, role_data, config_settings]} + step_config: {get_attr: [NovaComputeBase, role_data, step_config]} + puppet_tags: nova_config,nova_paste_api_ini + docker_config: + step_1: + novacompute: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + net: host + privileged: true + user: root + restart: always + volumes: + - /var/lib/etc-data/json-config/nova-compute.json:/var/lib/kolla/config_files/config.json + - /var/lib/etc-data/nova/nova.conf:/var/lib/kolla/config_files/nova.conf:ro + - /var/lib/etc-data/nova/rootwrap.conf:/var/lib/kolla/config_files/rootwrap.conf:ro + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /run:/run + - /dev:/dev + - logs:/var/log/kolla/ + - /etc/iscsi:/etc/iscsi + - libvirtd:/var/lib/libvirt + - nova_compute:/var/lib/nova/ + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_2: {} diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml new file mode 100644 index 00000000..36511557 --- /dev/null +++ b/docker/services/nova-libvirt.yaml @@ -0,0 +1,69 @@ +heat_template_version: 2015-04-30 + +description: > + OpenStack Libvirt Service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerLibvirtImage: + description: image + default: 'centos-binary-libvirt' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + + NovaLibvirtBase: + type: ../../puppet/services/nova-libvirt.yaml + properties: + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Libvirt service. + value: + config_settings: {get_attr: [NovaLibvirtBase, role_data, config_settings]} + step_config: {get_attr: [NovaLibvirtBase, role_data, step_config]} + puppet_tags: nova_config + docker_config: + step_1: + nova_libvirt: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ] + net: host + pid: host + privileged: true + restart: always + volumes: + - /var/lib/etc-data/json-config/nova-libvirt.json:/var/lib/kolla/config_files/config.json + - /var/lib/etc-data/libvirt/libvirtd.conf:/var/lib/kolla/config_files/libvirtd.conf + - /etc/localtime:/etc/localtime:ro + - /lib/modules:/lib/modules:ro + - /run:/run + - /dev:/dev + - /sys/fs/cgroup:/sys/fs/cgroup + - logs:/var/log/kolla/ + - libvirtd:/var/lib/libvirt + - nova_compute:/var/lib/nova/ + - nova_libvirt_qemu:/etc/libvirt/qemu + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + step_2: {} diff --git a/docker/services/services.yaml b/docker/services/services.yaml new file mode 100644 index 00000000..37e7b655 --- /dev/null +++ b/docker/services/services.yaml @@ -0,0 +1,73 @@ +heat_template_version: 2016-10-14 + +description: > + Utility stack to convert an array of services into a set of combined + role configs. + +parameters: + Services: + default: [] + description: | + List nested stack service templates. + type: comma_delimited_list + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + description: Mapping of service -> default password. Used to help + pass top level passwords managed by Heat into services. + type: json + +resources: + + PuppetServices: + type: ../../puppet/services/services.yaml + properties: + Services: {get_param: Services} + ServiceNetMap: {get_param: ServiceNetMap} + EndpointMap: {get_param: EndpointMap} + DefaultPasswords: {get_param: DefaultPasswords} + + ServiceChain: + type: OS::Heat::ResourceChain + properties: + resources: {get_param: Services} + concurrent: true + resource_properties: + ServiceNetMap: {get_param: ServiceNetMap} + EndpointMap: {get_param: EndpointMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Combined Role data for this set of services. + value: + service_names: + {get_attr: [PuppetServices, role_data, service_names]} + monitoring_subscriptions: + {get_attr: [PuppetServices, role_data, monitoring_subscriptions]} + logging_sources: + {get_attr: [PuppetServices, role_data, logging_sources]} + logging_groups: + {get_attr: [PuppetServices, role_data, logging_groups]} + service_config_settings: + {get_attr: [PuppetServices, role_data, service_config_settings]} + config_settings: + {get_attr: [PuppetServices, role_data, config_settings]} + global_config_settings: + {get_attr: [PuppetServices, role_data, global_config_settings]} + step_config: + {get_attr: [PuppetServices, role_data, step_config]} + puppet_tags: {list_join: [",", {get_attr: [ServiceChain, role_data, puppet_tags]}]} + docker_config: + step_1: {map_merge: {get_attr: [ServiceChain, role_data, docker_config, step_1]}} + step_2: {map_merge: {get_attr: [ServiceChain, role_data, docker_config, step_2]}} diff --git a/environments/docker.yaml b/environments/docker.yaml index c03d8511..0755c61f 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -1,7 +1,16 @@ resource_registry: # Docker container with heat agents for containerized compute node. - OS::TripleO::ComputePostDeployment: ../docker/compute-post.yaml OS::TripleO::NodeUserData: ../docker/firstboot/install_docker_agents.yaml + OS::TripleO::Services::NovaLibvirt: ../docker/services/nova-libvirt.yaml + OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml + OS::TripleO::Services::NovaCompute: ../docker/services/nova-compute.yaml + # NOTE (dprince) here we set new roles to be docker enabled as we add support + #OS::TripleO::ComputePostDeploySteps: ../docker/post.yaml + # NOTE (mandre) Defining per role post deploy steps doesn't work yet + # Set a global PostDeploySteps that works for both containerized and + # non-containerized roles + OS::TripleO::PostDeploySteps: ../docker/post.yaml + OS::TripleO::Services: ../docker/services/services.yaml parameter_defaults: NovaImage: atomic-image @@ -10,11 +19,15 @@ parameter_defaults: DockerNamespace: tripleoupstream # Enable local Docker registry DockerNamespaceIsRegistry: false - # Compute Node Images - DockerComputeImage: centos-binary-nova-compute:latest - DockerAgentImage: heat-docker-agents:latest - DockerComputeDataImage: centos-binary-data:latest - DockerLibvirtImage: centos-binary-nova-libvirt:latest - DockerOpenvswitchImage: centos-binary-neutron-openvswitch-agent:latest - DockerOvsVswitchdImage: centos-binary-openvswitch-vswitchd:latest - DockerOpenvswitchDBImage: centos-binary-openvswitch-db-server:latest + DockerAgentImage: heat-docker-agents:newton + # Docker containers + DockerNovaComputeImage: centos-binary-nova-compute:newton + DockerLibvirtImage: centos-binary-nova-libvirt:newton + DockerOpenvswitchImage: centos-binary-neutron-openvswitch-agent:newton + DockerOvsVswitchdImage: centos-binary-openvswitch-vswitchd:newton + DockerOpenvswitchDBImage: centos-binary-openvswitch-db-server:newton + + ComputeServices: + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::ComputeNeutronOvsAgent diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml index 5116c6da..c01b4888 100644 --- a/environments/enable-internal-tls.yaml +++ b/environments/enable-internal-tls.yaml @@ -3,4 +3,5 @@ parameter_defaults: EnableInternalTLS: true resource_registry: - OS::TripleO::Services::ApacheTLS: ../../puppet/services/apache-internal-tls-certmonger.yaml + OS::TripleO::Services::ApacheTLS: ../puppet/services/apache-internal-tls-certmonger.yaml + OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index cee4ae4a..77fa5a49 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -5,7 +5,24 @@ resource_registry: parameter_defaults: ComputeServices: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::NeutronSriovAgent + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::CephOSD - -parameter_merge_strategies: - ComputeServices: merge
\ No newline at end of file diff --git a/environments/major-upgrade-composable-steps.yaml b/environments/major-upgrade-composable-steps.yaml new file mode 100644 index 00000000..7e10014b --- /dev/null +++ b/environments/major-upgrade-composable-steps.yaml @@ -0,0 +1,3 @@ +resource_registry: + OS::TripleO::UpgradeSteps: ../puppet/major_upgrade_steps.yaml + OS::TripleO::PostDeploySteps: OS::Heat::None diff --git a/environments/network-environment.yaml b/environments/network-environment.yaml index d0fc9ec6..b02fc198 100644 --- a/environments/network-environment.yaml +++ b/environments/network-environment.yaml @@ -50,7 +50,12 @@ parameter_defaults: DnsServers: ["8.8.8.8","8.8.4.4"] # Set to empty string to enable multiple external networks or VLANs NeutronExternalNetworkBridge: "''" + # List of Neutron network types for tenant networks (will be used in order) + NeutronNetworkType: 'vxlan,vlan' # The tunnel type for the tenant network (vxlan or gre). Set to '' to disable tunneling. NeutronTunnelTypes: 'vxlan' + # Neutron VLAN ranges per network, for example 'datacentre:1:499,tenant:500:1000': + NeutronNetworkVLANRanges: 'datacentre:1:1000' # Customize bonding options, e.g. "mode=4 lacp_rate=1 updelay=1000 miimon=100" + # for Linux bonds w/LACP, or "bond_mode=active-backup" for OVS active/backup. BondInterfaceOvsOptions: "bond_mode=active-backup" diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml index 821ad0c2..bafb2a73 100644 --- a/environments/neutron-ml2-ovn.yaml +++ b/environments/neutron-ml2-ovn.yaml @@ -5,6 +5,9 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml +# Disabling Neutron services that overlap with OVN + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None parameter_defaults: NeutronMechanismDrivers: ovn diff --git a/environments/neutron-ovs-dvr.yaml b/environments/neutron-ovs-dvr.yaml index b658d3a5..973cbe16 100644 --- a/environments/neutron-ovs-dvr.yaml +++ b/environments/neutron-ovs-dvr.yaml @@ -30,10 +30,15 @@ parameter_defaults: # affect the agent on the controller node. NeutronL3AgentMode: 'dvr_snat' - # L3 HA isn't supported for DVR enabled routers. If upgrading from a system - # where L3 HA is enabled and has neutron routers configured, it is - # recommended setting this value to true until such time all routers can be - # migrated to DVR routers. Once migration of the routers is complete, - # NeutronL3HA can be returned to false. All new systems should be deployed - # with NeutronL3HA set to false. - NeutronL3HA: false + # Enabling DVR deploys additional services to the compute nodes that through + # normal operation will consume memory. The amount required is roughly + # proportional to the number of Neutron routers that will be scheduled to + # that host. It is necessary to reserve memory on the compute nodes to avoid + # memory issues when creating instances that are connected to routed + # networks. The current expected consumption is 50 MB per router in addition + # to the base reserved amount. Deployers should refer to existing + # documentation, release notes, etc. for additional information on estimating + # an appropriate value. The provided value here is based on an estimate of 10 + # routers and is an example value *only* and should be reviewed and modified + # if necessary before deploying. + NovaReservedHostMemory: 2560 diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index 8cfbab6d..b8e93f20 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -16,3 +16,6 @@ resource_registry: OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml # Services that are disabled by default (use relevant environment files): + + # Services that are disabled for HA deployments with pacemaker + OS::TripleO::Services::Keepalived: OS::Heat::None diff --git a/environments/services/panko.yaml b/environments/services/panko.yaml new file mode 100644 index 00000000..28bf99f6 --- /dev/null +++ b/environments/services/panko.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::PankoApi: ../../puppet/services/panko-api.yaml diff --git a/environments/services/zaqar.yaml b/environments/services/zaqar.yaml new file mode 100644 index 00000000..ee137925 --- /dev/null +++ b/environments/services/zaqar.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index 79c7599f..e91c7bc3 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -53,9 +53,18 @@ parameter_defaults: NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index a49ca343..c9096f44 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -53,9 +53,18 @@ parameter_defaults: NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'} + PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} + PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'} SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'} SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'} + ZaqarWebSocketAdmin: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'https', port: '9000', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml index cc1915fe..365b0a54 100644 --- a/environments/tls-everywhere-endpoints-dns.yaml +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -53,9 +53,18 @@ parameter_defaults: NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} + PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} + PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} + PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketInternal: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketPublic: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} diff --git a/environments/use-dns-for-vips.yaml b/environments/use-dns-for-vips.yaml index daf07bc7..b700312f 100644 --- a/environments/use-dns-for-vips.yaml +++ b/environments/use-dns-for-vips.yaml @@ -1,5 +1,5 @@ # A Heat environment file which can be used to disable the writing of the VIPs # to the /etc/hosts file in the overcloud. Use this in case you have a working # DNS server that you will provide for the overcloud. -resource_registry: - OS::TripleO::Services::VipHosts: OS::Heat::None +parameter_defaults: + AddVipsToEtcHosts: False diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration index 1c9acd2b..71ab0767 100644 --- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration @@ -116,6 +116,7 @@ case "${REG_METHOD:-}" in if [ -z "${REG_AUTO_ATTACH:-}" -a -z "${REG_ACTIVATION_KEY:-}" ]; then subscription-manager attach $attach_opts fi + subscription-manager repos --disable '*' subscription-manager $repos ;; satellite) diff --git a/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp b/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp index 1c376285..a8d43663 100644 --- a/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp +++ b/extraconfig/tasks/mitaka_to_newton_ceilometer_wsgi_upgrade.pp @@ -48,7 +48,13 @@ $mongodb_replset = hiera('mongodb::server::replset') $mongo_node_string = join($mongo_node_ips_with_port, ',') $database_connection = "mongodb://${mongo_node_string}/ceilometer?replicaSet=${mongodb_replset}" -include ::ceilometer +$rabbit_hosts = hiera('rabbitmq_node_ips', undef) +$rabbit_port = hiera('ceilometer::rabbit_port', 5672) +$rabbit_endpoints = suffix(any2array(normalize_ip_for_uri($rabbit_hosts)), ":${rabbit_port}") + +class { '::ceilometer' : + rabbit_hosts => $rabbit_endpoints, +} class {'::ceilometer::db': database_connection => $database_connection, diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh index 4612f197..8a88ee64 100755 --- a/extraconfig/tasks/yum_update.sh +++ b/extraconfig/tasks/yum_update.sh @@ -62,6 +62,19 @@ if [[ "$pacemaker_status" == "active" && \ fi fi +# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 +if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then + echo "Manual upgrade of openvswitch - restart in postun detected" + mkdir OVS_UPGRADE || true + pushd OVS_UPGRADE + echo "Attempting to downloading latest openvswitch with yumdownloader" + yumdownloader --resolve openvswitch + echo "Updating openvswitch with nopostun option" + rpm -U --replacepkgs --nopostun ./*.rpm + popd +else + echo "Skipping manual upgrade of openvswitch - no restart in postun detected" +fi if [[ "$pacemaker_status" == "active" ]] ; then echo "Pacemaker running, stopping cluster node and doing full package update" @@ -81,20 +94,6 @@ else exit 0 fi -# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then - echo "Manual upgrade of openvswitch - restart in postun detected" - mkdir OVS_UPGRADE || true - pushd OVS_UPGRADE - echo "Attempting to downloading latest openvswitch with yumdownloader" - yumdownloader --resolve openvswitch - echo "Updating openvswitch with nopostun option" - rpm -U --replacepkgs --nopostun ./*.rpm - popd -else - echo "Skipping manual upgrade of openvswitch - no restart in postun detected" -fi - command=${command:-update} full_command="yum -q -y $command $command_arguments" echo "Running: $full_command" @@ -104,6 +103,17 @@ return_code=$? echo "$result" echo "yum return code: $return_code" +# Writes any changes caused by alterations to os-net-config and bounces the +# interfaces *before* restarting the cluster. +os-net-config -c /etc/os-net-config/config.json -v --detailed-exit-codes +RETVAL=$? +if [[ $RETVAL == 2 ]]; then + echo "os-net-config: interface configuration files updated successfully" +elif [[ $RETVAL != 0 ]]; then + echo "ERROR: os-net-config configuration failed" + exit $RETVAL +fi + if [[ "$pacemaker_status" == "active" ]] ; then echo "Starting cluster node" pcs cluster start diff --git a/hosts-config.yaml b/hosts-config.yaml index df0addfd..a24b9bb4 100644 --- a/hosts-config.yaml +++ b/hosts-config.yaml @@ -3,19 +3,23 @@ description: 'All Hosts Config' parameters: hosts: - type: comma_delimited_list + type: string resources: hostsConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config - config: - hosts: - list_join: - - "\n" - - {get_param: hosts} + group: script + inputs: + - name: hosts + default: + list_join: + - ' ' + - str_split: + - '\n' + - {get_param: hosts} + config: {get_file: scripts/hosts-config.sh} outputs: config_id: @@ -28,3 +32,6 @@ outputs: hostname-based access to the deployed nodes (useful for testing without setting up a DNS). value: {get_attr: [hostsConfigImpl, config, hosts]} + OS::stack_id: + description: The ID of the hostsConfigImpl resource. + value: {get_resource: hostsConfigImpl} diff --git a/net-config-bond.yaml b/net-config-bond.yaml index ec881bdc..db6ff2c7 100644 --- a/net-config-bond.yaml +++ b/net-config-bond.yaml @@ -1,20 +1,22 @@ -heat_template_version: 2016-10-14 - +heat_template_version: '2016-10-14' description: > Software Config to drive os-net-config with 2 bonded nics on a bridge. - parameters: BondInterfaceOvsOptions: default: '' - description: | - The ovs_options string for the bond interface. Set things like + description: 'The ovs_options string for the bond interface. Set things like + lacp=active and/or bond_mode=balance-slb using this option. + + ' type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ControlPlaneIp: default: '' description: IP address/subnet on the ctlplane network @@ -43,43 +45,35 @@ parameters: default: '' description: IP address/subnet on the management network type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: true - # Can't do this yet: https://bugs.launchpad.net/heat/+bug/1344284 - #ovs_extra: - # - list_join: - # - ' ' - # - - br-set-external-id - # - {get_input: bridge_name} - # - bridge-id - # - {get_input: bridge_name} - members: - - - type: ovs_bond + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: true + members: + - type: ovs_bond name: bond1 use_dhcp: true - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - # os-net-config translates nic1 => em1 (for example) - - - type: interface - name: nic1 - - - type: interface - name: nic2 - + - type: interface + name: nic1 + - type: interface + name: nic2 outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/net-config-bridge.yaml b/net-config-bridge.yaml index 4f7a19dc..e7b96695 100644 --- a/net-config-bridge.yaml +++ b/net-config-bridge.yaml @@ -1,8 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > Software Config to drive os-net-config for a simple bridge. - parameters: ControlPlaneIp: default: '' @@ -32,35 +30,29 @@ parameters: default: '' description: IP address/subnet on the management network type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: true - # Can't do this yet: https://bugs.launchpad.net/heat/+bug/1344284 - #ovs_extra: - # - list_join: - # - ' ' - # - - br-set-external-id - # - {get_input: bridge_name} - # - bridge-id - # - {get_input: bridge_name} - members: - - - type: interface - name: {get_input: interface_name} + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: true + members: + - type: interface + name: interface_name # force the MAC address of the bridge to this interface primary: true - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/net-config-linux-bridge.yaml b/net-config-linux-bridge.yaml index 0980803e..d8274f3c 100644 --- a/net-config-linux-bridge.yaml +++ b/net-config-linux-bridge.yaml @@ -1,8 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > Software Config to drive os-net-config for a simple bridge. - parameters: ControlPlaneIp: default: '' @@ -35,43 +33,45 @@ parameters: ControlPlaneDefaultRoute: # Override this via parameter_defaults description: The default route of the control plane network. type: string - default: '192.0.2.1' + default: 192.0.2.1 EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - default: '169.254.169.254/32' - - + default: 169.254.169.254/32 resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: ControlPlaneIp} - members: - - - type: interface - name: {get_input: interface_name} + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: bridge_name + addresses: + - ip_netmask: + get_param: ControlPlaneIp + members: + - type: interface + name: interface_name # force the MAC address of the bridge to this interface primary: true - routes: - - - ip_netmask: 0.0.0.0/0 - next_hop: {get_param: ControlPlaneDefaultRoute} + routes: + - ip_netmask: 0.0.0.0/0 + next_hop: + get_param: ControlPlaneDefaultRoute default: true - - - ip_netmask: {get_param: EC2MetadataIp} - next_hop: {get_param: ControlPlaneDefaultRoute} - + - ip_netmask: + get_param: EC2MetadataIp + next_hop: + get_param: ControlPlaneDefaultRoute outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/net-config-static-bridge-with-external-dhcp.yaml b/net-config-static-bridge-with-external-dhcp.yaml index 6dbe5982..a1d86728 100644 --- a/net-config-static-bridge-with-external-dhcp.yaml +++ b/net-config-static-bridge-with-external-dhcp.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config for a simple bridge configured - with a static IP address for the ctlplane network. - + Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network. parameters: ControlPlaneIp: default: '' @@ -47,53 +44,44 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: true - members: - - - type: interface - name: {get_input: interface_name} + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: true + members: + - type: interface + name: interface_name # force the MAC address of the bridge to this interface primary: true - - - type: interface - # would like to do the following, but can't b/c of: - # https://bugs.launchpad.net/heat/+bug/1344284 - # name: - # list_join: - # - '/' - # - - {get_input: bridge_name} - # - ':0' - # So, just hardcode to br-ex:0 for now, br-ex is hardcoded in - # controller.yaml anyway. - name: br-ex:0 - addresses: - - - ip_netmask: + - type: interface + name: br-ex:0 + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/net-config-static-bridge.yaml b/net-config-static-bridge.yaml index a3d6d8b5..1e1498b3 100644 --- a/net-config-static-bridge.yaml +++ b/net-config-static-bridge.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config for a simple bridge configured - with a static IP address for the ctlplane network. - + Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network. parameters: ControlPlaneIp: default: '' @@ -47,42 +44,44 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface - name: {get_input: interface_name} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface + name: interface_name # force the MAC address of the bridge to this interface primary: true - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/net-config-static.yaml b/net-config-static.yaml index 9de16cd8..c67b4e99 100644 --- a/net-config-static.yaml +++ b/net-config-static.yaml @@ -1,8 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > Software Config to drive os-net-config for a simple bridge. - parameters: ControlPlaneIp: default: '' @@ -46,37 +44,39 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: {get_input: interface_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: interface_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/ceph-storage.yaml b/network/config/bond-with-vlans/ceph-storage.yaml index 9f537c02..2f92f4b5 100644 --- a/network/config/bond-with-vlans/ceph-storage.yaml +++ b/network/config/bond-with-vlans/ceph-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the ceph storage role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the ceph storage role. parameters: ControlPlaneIp: default: '' @@ -35,14 +32,16 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -75,7 +74,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,64 +88,63 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: br-bond - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: br-bond + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -161,8 +159,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/cinder-storage.yaml b/network/config/bond-with-vlans/cinder-storage.yaml index b4d71fa3..0e53e202 100644 --- a/network/config/bond-with-vlans/cinder-storage.yaml +++ b/network/config/bond-with-vlans/cinder-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the cinder storage role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the cinder storage role. parameters: ControlPlaneIp: default: '' @@ -35,14 +32,16 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -75,7 +74,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,71 +88,70 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: br-bond - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: br-bond + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -168,8 +166,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/compute-dpdk.yaml b/network/config/bond-with-vlans/compute-dpdk.yaml index 3fc764be..a9b314a4 100644 --- a/network/config/bond-with-vlans/compute-dpdk.yaml +++ b/network/config/bond-with-vlans/compute-dpdk.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the compute role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role. parameters: ControlPlaneIp: default: '' @@ -35,8 +32,8 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string ExternalNetworkVlanID: default: 10 @@ -70,7 +67,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -84,71 +81,70 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: {get_input: bridge_name} - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: bridge_name + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: TenantNetworkVlanID} + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -163,30 +159,25 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - - - type: ovs_user_bridge - name: br-link - members: - - - type: ovs_dpdk_bond + - type: ovs_user_bridge + name: br-link + members: + - type: ovs_dpdk_bond name: dpdkbond0 members: - - - type: ovs_dpdk_port - name: dpdk0 - members: - - - type: interface - name: nic4 - - - type: ovs_dpdk_port - name: dpdk1 - members: - - - type: interface - name: nic5 - + - type: ovs_dpdk_port + name: dpdk0 + members: + - type: interface + name: nic4 + - type: ovs_dpdk_port + name: dpdk1 + members: + - type: interface + name: nic5 outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/compute.yaml b/network/config/bond-with-vlans/compute.yaml index b2cfb0a2..4cac448b 100644 --- a/network/config/bond-with-vlans/compute.yaml +++ b/network/config/bond-with-vlans/compute.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the compute role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role. parameters: ControlPlaneIp: default: '' @@ -35,14 +32,16 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -75,7 +74,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,71 +88,70 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: {get_input: bridge_name} - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: bridge_name + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: TenantNetworkVlanID} + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -168,8 +166,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml index 4c3e59fa..46090974 100644 --- a/network/config/bond-with-vlans/controller-no-external.yaml +++ b/network/config/bond-with-vlans/controller-no-external.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the controller role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role. parameters: ControlPlaneIp: default: '' @@ -35,14 +32,16 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -71,7 +70,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,79 +88,76 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: true - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: bridge_name + use_dhcp: true + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: TenantNetworkVlanID} + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -176,8 +172,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/controller-v6.yaml b/network/config/bond-with-vlans/controller-v6.yaml index 1361d969..d07a26ff 100644 --- a/network/config/bond-with-vlans/controller-v6.yaml +++ b/network/config/bond-with-vlans/controller-v6.yaml @@ -1,11 +1,8 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the controller role with IPv6 on the External - network. The IPv6 default route is on the External network, and the - IPv4 default route is on the Control Plane. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role with IPv6 + on the External network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control + Plane. parameters: ControlPlaneIp: default: '' @@ -36,15 +33,17 @@ parameters: description: IP address/subnet on the management network type: string BondInterfaceOvsOptions: - default: 'bond_mode=active-backup' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + default: bond_mode=active-backup + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -77,7 +76,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -91,91 +90,88 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - # IPv4 Default Route - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: {get_input: bridge_name} - dns_servers: {get_param: DnsServers} - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: ExternalNetworkVlanID} + vlan_id: + get_param: ExternalNetworkVlanID addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} + - ip_netmask: + get_param: ExternalIpSubnet routes: - # IPv6 Default Route - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: TenantNetworkVlanID} + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -191,8 +187,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml index 677c90c5..e2973a72 100644 --- a/network/config/bond-with-vlans/controller.yaml +++ b/network/config/bond-with-vlans/controller.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the controller role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role. parameters: ControlPlaneIp: default: '' @@ -34,15 +31,17 @@ parameters: description: IP address/subnet on the management network type: string BondInterfaceOvsOptions: - default: 'bond_mode=active-backup' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + default: bond_mode=active-backup + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -71,7 +70,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,86 +88,85 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - type: ovs_bridge - name: {get_input: bridge_name} - dns_servers: {get_param: DnsServers} - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: ExternalNetworkVlanID} + vlan_id: + get_param: ExternalNetworkVlanID addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} + - ip_netmask: + get_param: ExternalIpSubnet routes: - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: TenantNetworkVlanID} + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -184,8 +182,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/swift-storage.yaml b/network/config/bond-with-vlans/swift-storage.yaml index e16d6b6e..5bdba802 100644 --- a/network/config/bond-with-vlans/swift-storage.yaml +++ b/network/config/bond-with-vlans/swift-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config with 2 bonded nics on a bridge - with VLANs attached for the swift storage role. - + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the swift storage role. parameters: ControlPlaneIp: default: '' @@ -35,14 +32,16 @@ parameters: type: string BondInterfaceOvsOptions: default: '' - description: The ovs_options string for the bond interface. Set things like - lacp=active and/or bond_mode=balance-slb using this option. + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. type: string constraints: - - allowed_pattern: "^((?!balance.tcp).)*$" - description: | - The balance-tcp bond mode is known to cause packet loss and - should not be used in BondInterfaceOvsOptions. + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + + should not be used in BondInterfaceOvsOptions. + + ' ExternalNetworkVlanID: default: 10 description: Vlan ID for the external network traffic. @@ -75,7 +74,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -89,71 +88,70 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: ovs_bridge - name: br-bond - members: - - - type: ovs_bond + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: ovs_bridge + name: br-bond + members: + - type: ovs_bond name: bond1 - ovs_options: {get_param: BondInterfaceOvsOptions} + ovs_options: + get_param: BondInterfaceOvsOptions members: - - - type: interface - name: nic2 - primary: true - - - type: interface - name: nic3 - - - type: vlan + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan device: bond1 - vlan_id: {get_param: InternalApiNetworkVlanID} + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageNetworkVlanID} + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan device: bond1 - vlan_id: {get_param: StorageMgmtNetworkVlanID} + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -168,8 +166,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/ceph-storage.yaml b/network/config/multiple-nics/ceph-storage.yaml index c31c6e65..e9c34213 100644 --- a/network/config/multiple-nics/ceph-storage.yaml +++ b/network/config/multiple-nics/ceph-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the ceph storage role. - + Software Config to drive os-net-config to configure multiple interfaces for the ceph storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,48 +76,48 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic3 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -135,8 +132,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/cinder-storage.yaml b/network/config/multiple-nics/cinder-storage.yaml index 4f8b7f64..f58f1168 100644 --- a/network/config/multiple-nics/cinder-storage.yaml +++ b/network/config/multiple-nics/cinder-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the cinder storage role. - + Software Config to drive os-net-config to configure multiple interfaces for the cinder storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,55 +76,54 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic3 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: interface - name: nic4 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -142,8 +138,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml index 77514745..9b0c8c02 100644 --- a/network/config/multiple-nics/compute.yaml +++ b/network/config/multiple-nics/compute.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the compute role. - + Software Config to drive os-net-config to configure multiple interfaces for the compute role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,62 +76,58 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic4 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - # Create a bridge which can also be used for VLAN-mode bridge mapping - type: ovs_bridge - name: br-tenant - use_dhcp: false - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: ovs_bridge + name: br-tenant + use_dhcp: false + addresses: + - ip_netmask: + get_param: TenantIpSubnet + members: + - type: interface name: nic5 use_dhcp: false - # force the MAC address of the bridge to this interface primary: true # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment @@ -150,8 +143,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/controller-v6.yaml b/network/config/multiple-nics/controller-v6.yaml index da1f95f1..a0ed9f78 100644 --- a/network/config/multiple-nics/controller-v6.yaml +++ b/network/config/multiple-nics/controller-v6.yaml @@ -1,11 +1,7 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the controller role with IPv6 on the External network. The IPv6 - default route is on the External network, and the IPv4 default route - is on the Control Plane. - + Software Config to drive os-net-config to configure multiple interfaces for the controller role with IPv6 on the External + network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane. parameters: ControlPlaneIp: default: '' @@ -67,7 +63,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -81,89 +77,81 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp # IPv4 Default Route - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic3 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: interface - name: nic4 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - # Create a bridge which can also be used for VLAN-mode bridge mapping - type: ovs_bridge - name: br-tenant - use_dhcp: false - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} - members: - - - type: interface + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: ovs_bridge + name: br-tenant + use_dhcp: false + addresses: + - ip_netmask: + get_param: TenantIpSubnet + members: + - type: interface name: nic5 use_dhcp: false - # force the MAC address of the bridge to this interface primary: true - - - type: ovs_bridge - name: {get_input: bridge_name} - dns_servers: {get_param: DnsServers} - use_dhcp: false - addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} - routes: - # IPv6 Default Route - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - members: - - - type: interface + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + use_dhcp: false + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + routes: + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + members: + - type: interface name: nic6 - # force the MAC address of the bridge to this interface primary: true # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment @@ -180,8 +168,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/controller.yaml b/network/config/multiple-nics/controller.yaml index 7a1f9e5f..e38c545c 100644 --- a/network/config/multiple-nics/controller.yaml +++ b/network/config/multiple-nics/controller.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the controller role. - + Software Config to drive os-net-config to configure multiple interfaces for the controller role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,84 +76,77 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic3 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: interface - name: nic4 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - # Create a bridge which can also be used for VLAN-mode bridge mapping - type: ovs_bridge - name: br-tenant - use_dhcp: false - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: ovs_bridge + name: br-tenant + use_dhcp: false + addresses: + - ip_netmask: + get_param: TenantIpSubnet + members: + - type: interface name: nic5 use_dhcp: false - # force the MAC address of the bridge to this interface primary: true - - - type: ovs_bridge - name: {get_input: bridge_name} - dns_servers: {get_param: DnsServers} - use_dhcp: false - addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} - routes: - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - members: - - - type: interface + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + use_dhcp: false + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + routes: + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + members: + - type: interface name: nic6 - # force the MAC address of the bridge to this interface primary: true # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment @@ -173,8 +163,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/swift-storage.yaml b/network/config/multiple-nics/swift-storage.yaml index 05083105..1ad503a7 100644 --- a/network/config/multiple-nics/swift-storage.yaml +++ b/network/config/multiple-nics/swift-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure multiple interfaces - for the swift storage role. - + Software Config to drive os-net-config to configure multiple interfaces for the swift storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,55 +76,54 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: interface - name: nic1 - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - - - type: interface - name: nic2 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: interface - name: nic3 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: interface - name: nic4 - use_dhcp: false - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -142,8 +138,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml index fc8e8b6f..0a6faa79 100644 --- a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - ceph storage role. - + Software Config to drive os-net-config to configure VLANs for the ceph storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,54 +76,55 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -141,8 +139,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml index 6fb247ed..5abaea66 100644 --- a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - cinder storage role. - + Software Config to drive os-net-config to configure VLANs for the cinder storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,61 +76,62 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -148,8 +146,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/compute.yaml b/network/config/single-nic-linux-bridge-vlans/compute.yaml index e31720d8..aa63dd3a 100644 --- a/network/config/single-nic-linux-bridge-vlans/compute.yaml +++ b/network/config/single-nic-linux-bridge-vlans/compute.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - compute role. - + Software Config to drive os-net-config to configure VLANs for the compute role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,68 +76,69 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface - name: {get_input: interface_name} + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface + name: interface_name # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} - # device: {get_input: bridge_name} + # device: bridge_name # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} @@ -148,8 +146,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml index 80125149..28cf6ced 100644 --- a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml +++ b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml @@ -1,11 +1,7 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - controller role with IPv6 on the External network. The IPv6 default - route is on the External network, and the IPv4 default route is on - the Control Plane. - + Software Config to drive os-net-config to configure VLANs for the controller role with IPv6 on the External network. The + IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane. parameters: ControlPlaneIp: default: '' @@ -63,7 +59,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -81,81 +77,79 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - # IPv4 Default Route - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface - name: {get_input: interface_name} - # force the MAC address of the bridge to this interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface + name: interface_name primary: true - - - type: vlan - vlan_id: {get_param: ExternalNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} - routes: - # IPv6 Default Route - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + routes: + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -163,7 +157,7 @@ resources: #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} - # device: {get_input: bridge_name} + # device: bridge_name # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} @@ -171,8 +165,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/controller.yaml b/network/config/single-nic-linux-bridge-vlans/controller.yaml index aef5d4e3..566f1feb 100644 --- a/network/config/single-nic-linux-bridge-vlans/controller.yaml +++ b/network/config/single-nic-linux-bridge-vlans/controller.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - controller role. - + Software Config to drive os-net-config to configure VLANs for the controller role. parameters: ControlPlaneIp: default: '' @@ -61,7 +58,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,81 +76,79 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - # IPv4 Default Route - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface - name: {get_input: interface_name} - # force the MAC address of the bridge to this interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface + name: interface_name primary: true - - - type: vlan - vlan_id: {get_param: ExternalNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} - routes: - # IPv6 Default Route - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} - device: {get_input: bridge_name} - addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + routes: + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -161,7 +156,7 @@ resources: #- # type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} - # device: {get_input: bridge_name} + # device: bridge_name # addresses: # - # ip_netmask: {get_param: ManagementIpSubnet} @@ -169,8 +164,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml index a5d2f966..fe948ad1 100644 --- a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - swift storage role. - + Software Config to drive os-net-config to configure VLANs for the swift storage role. parameters: ControlPlaneIp: default: '' @@ -65,7 +62,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,61 +76,62 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: linux_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} - device: br-storage - addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: br-storage + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -148,8 +146,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/ceph-storage.yaml b/network/config/single-nic-vlans/ceph-storage.yaml index 6fa288af..6e0a97da 100644 --- a/network/config/single-nic-vlans/ceph-storage.yaml +++ b/network/config/single-nic-vlans/ceph-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - ceph storage role. - + Software Config to drive os-net-config to configure VLANs for the ceph storage role. parameters: ControlPlaneIp: default: '' @@ -53,7 +50,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -67,52 +64,53 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -126,8 +124,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/cinder-storage.yaml b/network/config/single-nic-vlans/cinder-storage.yaml index d1135776..f58665f7 100644 --- a/network/config/single-nic-vlans/cinder-storage.yaml +++ b/network/config/single-nic-vlans/cinder-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - cinder storage role. - + Software Config to drive os-net-config to configure VLANs for the cinder storage role. parameters: ControlPlaneIp: default: '' @@ -57,7 +54,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -71,58 +68,59 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -136,8 +134,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/compute.yaml b/network/config/single-nic-vlans/compute.yaml index bd3cef34..40264284 100644 --- a/network/config/single-nic-vlans/compute.yaml +++ b/network/config/single-nic-vlans/compute.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - compute role. - + Software Config to drive os-net-config to configure VLANs for the compute role. parameters: ControlPlaneIp: default: '' @@ -57,7 +54,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -71,58 +68,59 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -136,8 +134,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/controller-no-external.yaml b/network/config/single-nic-vlans/controller-no-external.yaml index 8e8b0f5d..b9aec1ea 100644 --- a/network/config/single-nic-vlans/controller-no-external.yaml +++ b/network/config/single-nic-vlans/controller-no-external.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - controller role. No external IP is configured. - + Software Config to drive os-net-config to configure VLANs for the controller role. No external IP is configured. parameters: ControlPlaneIp: default: '' @@ -61,7 +58,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,64 +76,65 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -150,8 +148,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/controller-v6.yaml b/network/config/single-nic-vlans/controller-v6.yaml index ecbf2efb..4f065d1e 100644 --- a/network/config/single-nic-vlans/controller-v6.yaml +++ b/network/config/single-nic-vlans/controller-v6.yaml @@ -1,11 +1,7 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - controller role with IPv6 on the External network. The IPv6 default - route is on the External network, and the IPv4 default route is on - the Control Plane. - + Software Config to drive os-net-config to configure VLANs for the controller role with IPv6 on the External network. The + IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane. parameters: ControlPlaneIp: default: '' @@ -67,7 +63,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -81,76 +77,74 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - # IPv4 Default Route - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 - # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: ExternalNetworkVlanID} + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} + - ip_netmask: + get_param: ExternalIpSubnet routes: - # IPv6 Default Route - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -165,8 +159,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/controller.yaml b/network/config/single-nic-vlans/controller.yaml index c5979a89..4a615d91 100644 --- a/network/config/single-nic-vlans/controller.yaml +++ b/network/config/single-nic-vlans/controller.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - controller role. - + Software Config to drive os-net-config to configure VLANs for the controller role. parameters: ControlPlaneIp: default: '' @@ -61,7 +58,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: - default: '10.0.0.1' + default: 10.0.0.1 description: default route for the external network type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -79,71 +76,72 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: {get_input: bridge_name} - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: ExternalNetworkVlanID} + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID addresses: - - - ip_netmask: {get_param: ExternalIpSubnet} + - ip_netmask: + get_param: ExternalIpSubnet routes: - - - default: true - next_hop: {get_param: ExternalInterfaceDefaultRoute} - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} - - - type: vlan - vlan_id: {get_param: TenantNetworkVlanID} + - ip_netmask: + get_param: StorageMgmtIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID addresses: - - - ip_netmask: {get_param: TenantIpSubnet} + - ip_netmask: + get_param: TenantIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the External interface. This will @@ -158,8 +156,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/swift-storage.yaml b/network/config/single-nic-vlans/swift-storage.yaml index 7b06580c..88f69b4d 100644 --- a/network/config/single-nic-vlans/swift-storage.yaml +++ b/network/config/single-nic-vlans/swift-storage.yaml @@ -1,9 +1,6 @@ -heat_template_version: 2015-04-30 - +heat_template_version: '2016-10-14' description: > - Software Config to drive os-net-config to configure VLANs for the - swift storage role. - + Software Config to drive os-net-config to configure VLANs for the swift storage role. parameters: ControlPlaneIp: default: '' @@ -57,7 +54,7 @@ parameters: description: The default route of the control plane network. type: string ExternalInterfaceDefaultRoute: # Not used by default in this template - default: '10.0.0.1' + default: 10.0.0.1 description: The default route of the external network. type: string ManagementInterfaceDefaultRoute: # Commented out by default in this template @@ -71,58 +68,59 @@ parameters: EC2MetadataIp: # Override this via parameter_defaults description: The IP address of the EC2 metadata server. type: string - resources: OsNetConfigImpl: - type: OS::Heat::StructuredConfig + type: OS::Heat::SoftwareConfig properties: - group: os-apply-config + group: script config: - os_net_config: - network_config: - - - type: ovs_bridge - name: br-storage - use_dhcp: false - dns_servers: {get_param: DnsServers} - addresses: - - - ip_netmask: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: br-storage + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: list_join: - - '/' - - - {get_param: ControlPlaneIp} - - {get_param: ControlPlaneSubnetCidr} - routes: - - - ip_netmask: 169.254.169.254/32 - next_hop: {get_param: EC2MetadataIp} - - - default: true - next_hop: {get_param: ControlPlaneDefaultRoute} - members: - - - type: interface + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface name: nic1 # force the MAC address of the bridge to this interface primary: true - - - type: vlan - vlan_id: {get_param: InternalApiNetworkVlanID} + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID addresses: - - - ip_netmask: {get_param: InternalApiIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageNetworkVlanID} + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageIpSubnet} - - - type: vlan - vlan_id: {get_param: StorageMgmtNetworkVlanID} + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID addresses: - - - ip_netmask: {get_param: StorageMgmtIpSubnet} + - ip_netmask: + get_param: StorageMgmtIpSubnet # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. @@ -136,8 +134,9 @@ resources: # - # default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} - outputs: OS::stack_id: description: The OsNetConfigImpl resource. - value: {get_resource: OsNetConfigImpl} + value: + get_resource: OsNetConfigImpl + diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index 1df3b665..0178c4dd 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -37,6 +37,15 @@ Gnocchi: net_param: GnocchiApi port: 8041 +Panko: + Internal: + net_param: PankoApi + Public: + net_param: Public + Admin: + net_param: PankoApi + port: 8779 + Cinder: Internal: net_param: CinderApi @@ -267,3 +276,21 @@ Ironic: uri_suffixes: '': /v1 port: 6385 + +Zaqar: + Internal: + net_param: ZaqarApi + Public: + net_param: Public + Admin: + net_param: ZaqarApi + port: 8888 + +ZaqarWebSocket: + Internal: + net_param: ZaqarApi + Public: + net_param: Public + Admin: + net_param: ZaqarApi + port: 9000 diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index 43fb20cc..7ebb318f 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -70,12 +70,21 @@ parameters: NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS} + PankoAdmin: {protocol: http, port: '8779', host: IP_ADDRESS} + PankoInternal: {protocol: http, port: '8779', host: IP_ADDRESS} + PankoPublic: {protocol: http, port: '8779', host: IP_ADDRESS} SaharaAdmin: {protocol: http, port: '8386', host: IP_ADDRESS} SaharaInternal: {protocol: http, port: '8386', host: IP_ADDRESS} SaharaPublic: {protocol: http, port: '8386', host: IP_ADDRESS} SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS} + ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarWebSocketAdmin: {protocol: http, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketInternal: {protocol: http, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketPublic: {protocol: http, port: '9000', host: IP_ADDRESS} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. CloudEndpoints: @@ -5311,6 +5320,249 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaVNCProxyPublic, port] + PankoAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, PankoAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, PankoAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PankoApiNetwork] + port: + get_param: [EndpointMap, PankoAdmin, port] + protocol: + get_param: [EndpointMap, PankoAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, PankoAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, PankoAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoAdmin, port] + PankoInternal: + host: + str_replace: + template: + get_param: [EndpointMap, PankoInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, PankoInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PankoApiNetwork] + port: + get_param: [EndpointMap, PankoInternal, port] + protocol: + get_param: [EndpointMap, PankoInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, PankoInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, PankoInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PankoApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PankoApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoInternal, port] + PankoPublic: + host: + str_replace: + template: + get_param: [EndpointMap, PankoPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, PankoPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, PankoPublic, port] + protocol: + get_param: [EndpointMap, PankoPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, PankoPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, PankoPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, PankoPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, PankoPublic, port] SaharaAdmin: host: str_replace: @@ -6045,3 +6297,489 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftPublic, port] + ZaqarAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarAdmin, port] + protocol: + get_param: [EndpointMap, ZaqarAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarAdmin, port] + ZaqarInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarInternal, port] + protocol: + get_param: [EndpointMap, ZaqarInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarInternal, port] + ZaqarPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ZaqarPublic, port] + protocol: + get_param: [EndpointMap, ZaqarPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarPublic, port] + ZaqarWebSocketAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarWebSocketAdmin, port] + protocol: + get_param: [EndpointMap, ZaqarWebSocketAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketAdmin, port] + ZaqarWebSocketInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarWebSocketInternal, port] + protocol: + get_param: [EndpointMap, ZaqarWebSocketInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketInternal, port] + ZaqarWebSocketPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ZaqarWebSocketPublic, port] + protocol: + get_param: [EndpointMap, ZaqarWebSocketPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketPublic, port] diff --git a/network/scripts/run-os-net-config.sh b/network/scripts/run-os-net-config.sh new file mode 100755 index 00000000..fc1e6d54 --- /dev/null +++ b/network/scripts/run-os-net-config.sh @@ -0,0 +1,136 @@ +#!/bin/bash +# Note this script expects the following environment variables to be set +# normally these are provided by the calling SoftwareConfig resource, but +# they may also be set manually for testing +# $bridge_name : The bridge device name to apply +# $interface_name : The interface name to apply +# +# Also this token is replaced via a str_replace in the SoftwareConfig running +# the script - in future we may extend this to also work with a variable, e.g +# a deployment input via input_values +# $network_config : the json serialized os-net-config config to apply +# +set -ux + +function get_metadata_ip() { + + local METADATA_IP + + # Look for a variety of Heat transports + # FIXME: Heat should provide a way to obtain this in a single place + for URL in os-collect-config.cfn.metadata_url os-collect-config.heat.auth_url os-collect-config.request.metadata_url os-collect-config.zaqar.auth_url; do + METADATA_IP=$(os-apply-config --key $URL --key-default '' --type raw 2>/dev/null | sed -e 's|http.*://\([^:]*\).*|\1|') + [ -n "$METADATA_IP" ] && break + done + + echo $METADATA_IP + +} + +function is_local_ip() { + local IP_TO_CHECK=$1 + if ip -o a | grep "inet6\? $IP_TO_CHECK/" &>/dev/null; then + return 0 + else + return 1 + fi +} + +function ping_metadata_ip() { + local METADATA_IP=$(get_metadata_ip) + + if [ -n "$METADATA_IP" ] && ! is_local_ip $METADATA_IP; then + + echo -n "Trying to ping metadata IP ${METADATA_IP}..." + + local COUNT=0 + until ping -c 1 $METADATA_IP &> /dev/null; do + COUNT=$(( $COUNT + 1 )) + if [ $COUNT -eq 10 ]; then + echo "FAILURE" + echo "$METADATA_IP is not pingable." >&2 + exit 1 + fi + done + echo "SUCCESS" + + else + echo "No metadata IP found. Skipping." + fi +} + +function configure_safe_defaults() { + +[[ $? == 0 ]] && return 0 + +cat > /etc/os-net-config/dhcp_all_interfaces.yaml <<EOF_CAT +# This file is an autogenerated safe defaults file for os-net-config +# which runs DHCP on all discovered interfaces to ensure connectivity +# back to the undercloud for updates +network_config: +EOF_CAT + + for iface in $(ls /sys/class/net | grep -v ^lo$); do + local mac_addr_type="$(cat /sys/class/net/${iface}/addr_assign_type)" + if [ "$mac_addr_type" != "0" ]; then + echo "Device has generated MAC, skipping." + else + ip link set dev $iface up &>/dev/null + HAS_LINK="$(cat /sys/class/net/${iface}/carrier)" + + TRIES=10 + while [ "$HAS_LINK" == "0" -a $TRIES -gt 0 ]; do + HAS_LINK="$(cat /sys/class/net/${iface}/carrier)" + if [ "$HAS_LINK" == "1" ]; then + break + else + sleep 1 + fi + TRIES=$(( TRIES - 1 )) + done + if [ "$HAS_LINK" == "1" ] ; then +cat >> /etc/os-net-config/dhcp_all_interfaces.yaml <<EOF_CAT + - + type: interface + name: $iface + use_dhcp: true +EOF_CAT + fi + fi + done + os-net-config -c /etc/os-net-config/dhcp_all_interfaces.yaml -v --detailed-exit-codes --cleanup + RETVAL=$? + if [[ $RETVAL == 2 ]]; then + ping_metadata_ip + elif [[ $RETVAL != 0 ]]; then + echo "ERROR: configuration of safe defaults failed." + fi +} + +if [ -n '$network_config' ]; then + trap configure_safe_defaults EXIT + + mkdir -p /etc/os-net-config + # Note these variables come from the calling heat SoftwareConfig + echo '$network_config' > /etc/os-net-config/config.json + sed -i "s/bridge_name/$bridge_name/" /etc/os-net-config/config.json + sed -i "s/interface_name/$interface_name/" /etc/os-net-config/config.json + + os-net-config -c /etc/os-net-config/config.json -v --detailed-exit-codes + RETVAL=$? + if [[ $RETVAL == 2 ]]; then + ping_metadata_ip + + #NOTE: dprince this udev rule can apparently leak DHCP processes? + # https://bugs.launchpad.net/tripleo/+bug/1538259 + # until we discover the root cause we can simply disable the + # rule because networking has already been configured at this point + if [ -f /etc/udev/rules.d/99-dhcp-all-interfaces.rules ]; then + rm /etc/udev/rules.d/99-dhcp-all-interfaces.rules + fi + + elif [[ $RETVAL != 0 ]]; then + echo "ERROR: os-net-config configuration failed." >&2 + exit 1 + fi +fi diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index 61c97f13..0cb6571f 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -25,6 +25,7 @@ parameters: NeutronTenantNetwork: tenant CeilometerApiNetwork: internal_api AodhApiNetwork: internal_api + PankoApiNetwork: internal_api BarbicanApiNetwork: internal_api GnocchiApiNetwork: internal_api MongodbNetwork: internal_api diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 3e201175..77a48658 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -11,6 +11,7 @@ resource_registry: OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml {% for role in roles %} + OS::TripleO::{{role.name}}PostDeploySteps: puppet/post.yaml OS::TripleO::{{role.name}}: puppet/{{role.name.lower()}}-role.yaml OS::TripleO::{{role.name}}Config: puppet/{{role.name.lower()}}-config.yaml OS::TripleO::Tasks::{{role.name}}PreConfig: OS::Heat::None @@ -99,6 +100,10 @@ resource_registry: # validation resources OS::TripleO::AllNodes::Validation: all-nodes-validation.yaml + # Upgrade resources + OS::TripleO::UpgradeConfig: puppet/upgrade_config.yaml + OS::TripleO::UpgradeSteps: OS::Heat::None + # services OS::TripleO::Services: puppet/services/services.yaml OS::TripleO::Services::Apache: puppet/services/apache.yaml @@ -124,6 +129,7 @@ resource_registry: OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml OS::TripleO::Services::Kernel: puppet/services/kernel.yaml OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml + OS::TripleO::Services::MySQLTLS: OS::Heat::None OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml @@ -180,7 +186,6 @@ resource_registry: OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: puppet/services/gnocchi-metricd.yaml OS::TripleO::Services::GnocchiStatsd: puppet/services/gnocchi-statsd.yaml - OS::TripleO::Services::VipHosts: puppet/services/vip-hosts.yaml # Services that are disabled by default (use relevant environment files): OS::TripleO::Services::FluentdClient: OS::Heat::None OS::TripleO::LoggingConfiguration: puppet/services/logging/fluentd-config.yaml @@ -197,6 +202,7 @@ resource_registry: OS::TripleO::Services::AodhEvaluator: puppet/services/aodh-evaluator.yaml OS::TripleO::Services::AodhNotifier: puppet/services/aodh-notifier.yaml OS::TripleO::Services::AodhListener: puppet/services/aodh-listener.yaml + OS::TripleO::Services::PankoApi: OS::Heat::None OS::TripleO::Services::MistralEngine: OS::Heat::None OS::TripleO::Services::MistralApi: OS::Heat::None OS::TripleO::Services::MistralExecutor: OS::Heat::None @@ -213,6 +219,7 @@ resource_registry: OS::TripleO::Services::ContrailControl: puppet/services/network/contrail-control.yaml OS::TripleO::Services::ContrailDatabase: puppet/services/network/contrail-database.yaml OS::TripleO::Services::ContrailWebui: puppet/services/network/contrail-webui.yaml + OS::TripleO::Services::Zaqar: OS::Heat::None parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index 64bed276..39a092b1 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -170,9 +170,50 @@ parameters: description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. + AddVipsToEtcHosts: + default: True + type: boolean + description: > + Set to true to append per network Vips to /etc/hosts on each node. + +conditions: + add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]} resources: + VipHosts: + type: OS::Heat::Value + properties: + type: string + value: + list_join: + - "\n" + - - str_replace: + template: IP HOST + params: + IP: {get_attr: [VipMap, net_ip_map, external]} + HOST: {get_param: CloudName} + - str_replace: + template: IP HOST + params: + IP: {get_attr: [VipMap, net_ip_map, ctlplane]} + HOST: {get_param: CloudNameCtlplane} + - str_replace: + template: IP HOST + params: + IP: {get_attr: [VipMap, net_ip_map, internal_api]} + HOST: {get_param: CloudNameInternal} + - str_replace: + template: IP HOST + params: + IP: {get_attr: [VipMap, net_ip_map, storage]} + HOST: {get_param: CloudNameStorage} + - str_replace: + template: IP HOST + params: + IP: {get_attr: [VipMap, net_ip_map, storage_mgmt]} + HOST: {get_param: CloudNameStorageManagement} + HeatAuthEncryptionKey: type: OS::Heat::RandomString @@ -310,7 +351,7 @@ resources: # - The outer one filters the map based on the services enabled for the role # then merges the result into one map. - yaql: - expression: let(root => $) -> $.data.map.items().where($[0] in $root.data.services).select($[1]).reduce($1.mergeWith($2), {}) + expression: let(root => $) -> $.data.map.items().where($[0] in coalesce($root.data.services, [])).select($[1]).reduce($1.mergeWith($2), {}) data: map: yaql: @@ -328,9 +369,16 @@ resources: type: OS::TripleO::Hosts::SoftwareConfig properties: hosts: + list_join: + - "\n" + - - if: + - add_vips_to_etc_hosts + - {get_attr: [VipHosts, value]} + - '' + - {% for role in roles %} - - list_join: - - '\n' + - list_join: + - "\n" - {get_attr: [{{role.name}}, hosts_entry]} {% endfor %} @@ -542,8 +590,8 @@ resources: # Post deployment steps for all roles AllNodesDeploySteps: type: OS::TripleO::PostDeploySteps -{% for role in roles %} depends_on: +{% for role in roles %} - {{role.name}}AllNodesDeployment {% endfor %} properties: @@ -556,6 +604,21 @@ resources: {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} {% endfor %} + # Upgrade steps for all roles + AllNodesUpgradeSteps: + type: OS::TripleO::UpgradeSteps + depends_on: AllNodesDeploySteps + properties: + servers: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]} +{% endfor %} + role_data: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} +{% endfor %} + + outputs: ManagedEndpoints: description: Asserts that the keystone endpoints have been provisioned. @@ -581,35 +644,16 @@ outputs: list_join: - "\n" - - {get_attr: [hostsConfig, hosts_entries]} - - - - str_replace: - template: IP HOST - params: - IP: {get_attr: [VipMap, net_ip_map, external]} - HOST: {get_param: CloudName} - - str_replace: - template: IP HOST - params: - IP: {get_attr: [VipMap, net_ip_map, ctlplane]} - HOST: {get_param: CloudNameCtlplane} - - str_replace: - template: IP HOST - params: - IP: {get_attr: [VipMap, net_ip_map, internal_api]} - HOST: {get_param: CloudNameInternal} - - str_replace: - template: IP HOST - params: - IP: {get_attr: [VipMap, net_ip_map, storage]} - HOST: {get_param: CloudNameStorage} - - str_replace: - template: IP HOST - params: - IP: {get_attr: [VipMap, net_ip_map, storage_mgmt]} - HOST: {get_param: CloudNameStorageManagement} + - - {get_attr: [VipHosts, value]} EnabledServices: description: The services enabled on each role value: {% for role in roles %} {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} {% endfor %} + RoleData: + description: The configuration data associated with each role + value: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} +{% endfor %} diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index cc5e4eac..0a8bec6e 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -71,140 +71,132 @@ resources: allNodesConfigImpl: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - datafiles: - bootstrap_node: - mapped_data: - bootstrap_nodeid: {get_input: bootstrap_nodeid} - bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip} - all_nodes: - mapped_data: - map_merge: - - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources} - - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups} - - enabled_services: {get_param: enabled_services} - # This writes out a mapping of service_name_enabled: 'true' - # For any services not enabled, hiera foo_enabled will - # return nil, as it's undefined - - map_merge: - repeat: - template: - # Note this must be string 'true' due to - # https://bugs.launchpad.net/heat/+bug/1617203 - SERVICE_enabled: 'true' - for_each: - SERVICE: - str_split: [',', {get_param: enabled_services}] - # Dynamically generate per-service network data - # This works as follows (outer->inner functions) - # yaql - filters services where no mapping exists in ServiceNetMap - # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap - # map_merge/repeat: generate a per-service mapping - - yaql: - # This filters any entries where the value hasn't been substituted for - # a list, e.g it's still $service_network. This happens when there is - # no network defined for the service in the ServiceNetMap, which is OK - # as not all services have to be bound to a network, so we filter them - expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) - data: - map: - map_replace: + datafiles: + bootstrap_node: + bootstrap_nodeid: {get_input: bootstrap_nodeid} + bootstrap_nodeid_ip: {get_input: bootstrap_nodeid_ip} + all_nodes: + map_merge: + - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources} + - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups} + - enabled_services: {get_param: enabled_services} + # This writes out a mapping of service_name_enabled: 'true' + # For any services not enabled, hiera foo_enabled will + # return nil, as it's undefined + - map_merge: + repeat: + template: + # Note this must be string 'true' due to + # https://bugs.launchpad.net/heat/+bug/1617203 + SERVICE_enabled: 'true' + for_each: + SERVICE: + str_split: [',', {get_param: enabled_services}] + # Dynamically generate per-service network data + # This works as follows (outer->inner functions) + # yaql - filters services where no mapping exists in ServiceNetMap + # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap + # map_merge/repeat: generate a per-service mapping + - yaql: + # This filters any entries where the value hasn't been substituted for + # a list, e.g it's still $service_network. This happens when there is + # no network defined for the service in the ServiceNetMap, which is OK + # as not all services have to be bound to a network, so we filter them + expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) + data: + map: + map_replace: + - map_merge: + repeat: + template: + SERVICE_network: SERVICE_network + for_each: + SERVICE: + str_split: [',', {get_param: enabled_services}] + - values: {get_param: ServiceNetMap} + # Keystone doesn't provide separate entries for the public + # and admin endpoints, so we need to add them here manually + # like we do in the vip-config below + - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]} + keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]} + # provides a mapping of service_name_ips to a list of IPs + - {get_param: service_ips} + - {get_param: service_node_names} + - {get_param: short_service_node_names} + - controller_node_ips: + list_join: + - ',' + - {get_param: controller_ips} + controller_node_names: + list_join: + - ',' + - {get_param: controller_names} + memcached_node_ips_v6: + repeat: + template: "inet6:[NAME]" + for_each: + NAME: {get_param: memcache_node_ips} + deploy_identifier: {get_param: DeployIdentifier} + update_identifier: {get_param: UpdateIdentifier} + stack_action: {get_param: StackAction} + vip_data: + map_merge: + # Dynamically generate per-service VIP data based on enabled_services + # This works as follows (outer->inner functions) + # yaql - filters services where no mapping exists in ServiceNetMap + # map_replace: substitute e.g internal_api with the IP from NetVipMap + # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap + # map_merge/repeat: generate a per-service mapping + - yaql: + # This filters any entries where the value hasn't been substituted for + # a list, e.g it's still $service_network. This happens when there is + # no network defined for the service in the ServiceNetMap, which is OK + # as not all services have to be bound to a network, so we filter them + expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) + data: + map: + map_replace: + - map_replace: - map_merge: repeat: template: - SERVICE_network: SERVICE_network + SERVICE_vip: SERVICE_network for_each: SERVICE: str_split: [',', {get_param: enabled_services}] - values: {get_param: ServiceNetMap} - # Keystone doesn't provide separate entries for the public - # and admin endpoints, so we need to add them here manually - # like we do in the vip-config below - - keystone_admin_api_network: {get_param: [ServiceNetMap, keystone_admin_api_network]} - keystone_public_api_network: {get_param: [ServiceNetMap, keystone_public_api_network]} - # provides a mapping of service_name_ips to a list of IPs - - {get_param: service_ips} - - {get_param: service_node_names} - - {get_param: short_service_node_names} - - controller_node_ips: - list_join: - - ',' - - {get_param: controller_ips} - controller_node_names: - list_join: - - ',' - - {get_param: controller_names} - memcached_node_ips_v6: - str_replace: - template: "['inet6:[SERVERS_LIST]']" - params: - SERVERS_LIST: - list_join: - - "]','inet6:[" - - {get_param: memcache_node_ips} - - deploy_identifier: {get_param: DeployIdentifier} - update_identifier: {get_param: UpdateIdentifier} - stack_action: {get_param: StackAction} - vip_data: - mapped_data: - map_merge: - # Dynamically generate per-service VIP data based on enabled_services - # This works as follows (outer->inner functions) - # yaql - filters services where no mapping exists in ServiceNetMap - # map_replace: substitute e.g internal_api with the IP from NetVipMap - # map_replace: substitute e.g heat_api_network with network name from ServiceNetMap - # map_merge/repeat: generate a per-service mapping - - yaql: - # This filters any entries where the value hasn't been substituted for - # a list, e.g it's still $service_network. This happens when there is - # no network defined for the service in the ServiceNetMap, which is OK - # as not all services have to be bound to a network, so we filter them - expression: dict($.data.map.items().where(isString($[1]) and not $[1].endsWith("_network"))) - data: - map: - map_replace: - - map_replace: - - map_merge: - repeat: - template: - SERVICE_vip: SERVICE_network - for_each: - SERVICE: - str_split: [',', {get_param: enabled_services}] - - values: {get_param: ServiceNetMap} - - values: {get_param: NetVipMap} - - keystone_admin_api_vip: - get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}] - keystone_public_api_vip: - get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}] - public_virtual_ip: {get_param: [NetVipMap, external]} - controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} - internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} - storage_virtual_ip: {get_param: [NetVipMap, storage]} - storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} - redis_vip: {get_param: RedisVirtualIP} - # public_virtual_ip and controller_virtual_ip are needed in - # both HAproxy & keepalived. - tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]} - tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} - tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]} - tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} - tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} - tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]} - tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} - tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP} - tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]} - cloud_name_external: {get_param: cloud_name_external} - cloud_name_internal_api: {get_param: cloud_name_internal_api} - cloud_name_storage: {get_param: cloud_name_storage} - cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt} - cloud_name_ctlplane: {get_param: cloud_name_ctlplane} - # TLS parameters - certmonger_ca: {get_param: CertmongerCA} - enable_internal_tls: {get_param: EnableInternalTLS} + - values: {get_param: NetVipMap} + - keystone_admin_api_vip: + get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_admin_api_network]}] + keystone_public_api_vip: + get_param: [NetVipMap, {get_param: [ServiceNetMap, keystone_public_api_network]}] + public_virtual_ip: {get_param: [NetVipMap, external]} + controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} + internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} + storage_virtual_ip: {get_param: [NetVipMap, storage]} + storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} + redis_vip: {get_param: RedisVirtualIP} + # public_virtual_ip and controller_virtual_ip are needed in + # both HAproxy & keepalived. + tripleo::haproxy::public_virtual_ip: {get_param: [NetVipMap, external]} + tripleo::haproxy::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} + tripleo::keepalived::public_virtual_ip: {get_param: [NetVipMap, external]} + tripleo::keepalived::controller_virtual_ip: {get_param: [NetVipMap, ctlplane]} + tripleo::keepalived::internal_api_virtual_ip: {get_param: [NetVipMap, internal_api]} + tripleo::keepalived::storage_virtual_ip: {get_param: [NetVipMap, storage]} + tripleo::keepalived::storage_mgmt_virtual_ip: {get_param: [NetVipMap, storage_mgmt]} + tripleo::keepalived::redis_virtual_ip: {get_param: RedisVirtualIP} + tripleo::redis_notification::haproxy_monitor_ip: {get_param: [NetVipMap, ctlplane]} + cloud_name_external: {get_param: cloud_name_external} + cloud_name_internal_api: {get_param: cloud_name_internal_api} + cloud_name_storage: {get_param: cloud_name_storage} + cloud_name_storage_mgmt: {get_param: cloud_name_storage_mgmt} + cloud_name_ctlplane: {get_param: cloud_name_ctlplane} + # TLS parameters + certmonger_ca: {get_param: CertmongerCA} + enable_internal_tls: {get_param: EnableInternalTLS} outputs: config_id: diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 8b695fff..c9bf894f 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -66,6 +66,7 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -238,39 +239,69 @@ resources: BlockStorageConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - volume_extraconfig - - extraconfig - - service_names - - service_configs - - volume - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - volume_extraconfig: - mapped_data: {get_param: BlockStorageExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - volume: - mapped_data: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - volume_extraconfig + - extraconfig + - service_names + - service_configs + - volume + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + volume_extraconfig: {get_param: BlockStorageExtraConfig} + extraconfig: {get_param: ExtraConfig} + volume: + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - internalapi + - {get_param: CloudDomain} + fqdn_storage: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storage + - {get_param: CloudDomain} + fqdn_storage_mgmt: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + fqdn_tenant: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - tenant + - {get_param: CloudDomain} + fqdn_management: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - management + - {get_param: CloudDomain} + fqdn_ctlplane: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - ctlplane + - {get_param: CloudDomain} # Resource for site-specific injection of root certificate NodeTLSCAData: diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index f7e29b70..18787a21 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -72,6 +72,7 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -243,39 +244,69 @@ resources: CephStorageConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - ceph_extraconfig - - extraconfig - - service_names - - service_configs - - ceph - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - ceph_extraconfig: - mapped_data: {get_param: CephStorageExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - ceph: - mapped_data: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - ceph_extraconfig + - extraconfig + - service_names + - service_configs + - ceph + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + ceph_extraconfig: {get_param: CephStorageExtraConfig} + extraconfig: {get_param: ExtraConfig} + ceph: + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - internalapi + - {get_param: CloudDomain} + fqdn_storage: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storage + - {get_param: CloudDomain} + fqdn_storage_mgmt: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + fqdn_tenant: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - tenant + - {get_param: CloudDomain} + fqdn_management: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - management + - {get_param: CloudDomain} + fqdn_ctlplane: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - ctlplane + - {get_param: CloudDomain} # Resource for site-specific injection of root certificate NodeTLSCAData: diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 4d77d6d3..f359bf70 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -87,6 +87,7 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -250,45 +251,75 @@ resources: NovaComputeConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - compute_extraconfig - - extraconfig - - service_names - - service_configs - - compute - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre - - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre - - nova_nuage_data # Optionally provided by ComputeExtraConfigPre - - midonet_data # Optionally provided by AllNodesExtraConfig - - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre - - cisco_aci_data # Optionally provided by ComputeExtraConfigPre - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - compute_extraconfig: - mapped_data: {get_param: NovaComputeExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - compute: - mapped_data: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - compute_extraconfig + - extraconfig + - service_names + - service_configs + - compute + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + - neutron_bigswitch_data # Optionally provided by ComputeExtraConfigPre + - cisco_n1kv_data # Optionally provided by ComputeExtraConfigPre + - nova_nuage_data # Optionally provided by ComputeExtraConfigPre + - midonet_data # Optionally provided by AllNodesExtraConfig + - neutron_opencontrail_data # Optionally provided by ComputeExtraConfigPre + - cisco_aci_data # Optionally provided by ComputeExtraConfigPre + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + compute_extraconfig: {get_param: NovaComputeExtraConfig} + extraconfig: {get_param: ExtraConfig} + compute: + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - internalapi + - {get_param: CloudDomain} + fqdn_storage: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storage + - {get_param: CloudDomain} + fqdn_storage_mgmt: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storagemgmt + - {get_param: CloudDomain} + fqdn_tenant: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - tenant + - {get_param: CloudDomain} + fqdn_management: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - management + - {get_param: CloudDomain} + fqdn_ctlplane: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - ctlplane + - {get_param: CloudDomain} NovaComputeDeployment: type: OS::TripleO::SoftwareDeployment diff --git a/puppet/config.role.j2.yaml b/puppet/config.role.j2.yaml index e59a0216..552c59b2 100644 --- a/puppet/config.role.j2.yaml +++ b/puppet/config.role.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: 2016-10-14 description: > A software config which runs puppet on the {{role}} role @@ -12,6 +12,14 @@ parameters: type: string description: Config manifests that will be used to step through the deployment. default: '' + PuppetTags: + type: string + description: List of comma-separated tags to limit puppet catalog to. + default: '' + +conditions: + + puppet_tags_empty: {equals : [{get_param: PuppetTags}, '']} resources: @@ -24,6 +32,13 @@ resources: enable_hiera: True enable_facter: False modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + tags: + if: + - puppet_tags_empty + - '' + - list_join: + - ',' + - ['file,concat,file_line', {get_param: PuppetTags}] outputs: - name: result inputs: diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index b1433b04..77b54ff3 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -101,6 +101,7 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -298,57 +299,87 @@ resources: ControllerConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - controller_extraconfig - - extraconfig - - service_configs - - service_names - - controller - - bootstrap_node # provided by BootstrapNodeConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre - - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre - - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre - - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre - - midonet_data #Optionally provided by AllNodesExtraConfig - - cisco_aci_data # Optionally provided by ControllerExtraConfigPre - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - controller_extraconfig: - mapped_data: - map_merge: - - {get_param: controllerExtraConfig} - - {get_param: ControllerExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - controller: - mapped_data: # data supplied directly to this deployment configuration, etc - bootstack_nodeid: {get_input: bootstack_nodeid} + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - controller_extraconfig + - extraconfig + - service_configs + - service_names + - controller + - bootstrap_node # provided by BootstrapNodeConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre + - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre + - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre + - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre + - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre + - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre + - midonet_data #Optionally provided by AllNodesExtraConfig + - cisco_aci_data # Optionally provided by ControllerExtraConfigPre + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + controller_extraconfig: + map_merge: + - {get_param: controllerExtraConfig} + - {get_param: ControllerExtraConfig} + extraconfig: {get_param: ExtraConfig} + controller: + # data supplied directly to this deployment configuration, etc + bootstack_nodeid: {get_input: bootstack_nodeid} + # Pacemaker + enable_load_balancer: {get_input: enable_load_balancer} - # Pacemaker - enable_load_balancer: {get_input: enable_load_balancer} - - # Misc - tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + # Misc + tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - internalapi + - {get_param: CloudDomain} + fqdn_storage: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storage + - {get_param: CloudDomain} + fqdn_storage_mgmt: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storagemgmt + - {get_param: CloudDomain} + fqdn_tenant: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - tenant + - {get_param: CloudDomain} + fqdn_management: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - management + - {get_param: CloudDomain} + fqdn_ctlplane: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - ctlplane + - {get_param: CloudDomain} # Hook for site-specific additional pre-deployment config, e.g extra hieradata ControllerExtraConfigPre: diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml new file mode 100644 index 00000000..f8dad433 --- /dev/null +++ b/puppet/major_upgrade_steps.j2.yaml @@ -0,0 +1,98 @@ +heat_template_version: 2016-10-14 +description: 'Upgrade steps for all roles' + +parameters: + servers: + type: json + + role_data: + type: json + description: Mapping of Role name e.g Controller to the per-role data + + UpdateIdentifier: + type: string + description: > + Setting to a previously unused value during stack-update will trigger + the Upgrade resources to re-run on all roles. + + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' + +resources: + + # For the UpgradeInit also rename /etc/resolv.conf.save for +bug/1567004 + UpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + +{% for role in roles %} + {{role.name}}Upgrade_Init: + type: OS::Heat::StructuredDeploymentGroup + properties: + name: {{role.name}}Upgrade_Init + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: UpgradeInitConfig} +{% endfor %} + +# Upgrade Steps for all roles +# FIXME(shardy): would be nice to make the number of steps configurable +{% for step in range(1, 8) %} + {% for role in roles %} + # Step {{step}} resources + {{role.name}}UpgradeConfig_Step{{step}}: + type: OS::TripleO::UpgradeConfig + # The UpgradeConfig resources could actually be created without + # serialization, but the event output is easier to follow if we + # do, and there should be minimal performance hit (creating the + # config is cheap compared to the time to apply the deployment). + depends_on: + {% if step == 1 %} + - {{role.name}}Upgrade_Init + {% else %} + {% for dep in roles %} + - {{dep.name}}Upgrade_Step{{step -1}} + {% endfor %} + {% endif %} + properties: + UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]} + step: {{step}} + + {{role.name}}Upgrade_Step{{step}}: + type: OS::Heat::StructuredDeploymentGroup + {% if step > 1 %} + depends_on: + {% for dep in roles %} + - {{dep.name}}Upgrade_Step{{step -1}} + {% endfor %} + {% endif %} + properties: + name: {{role.name}}Upgrade_Step{{step}} + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}UpgradeConfig_Step{{step}}} + input_values: + role: {{role.name}} + update_identifier: {get_param: UpdateIdentifier} + {% endfor %} +{% endfor %} + +outputs: + # Output the config for each role, just use Step1 as the config should be + # the same for all steps (only the tag provided differs) + upgrade_configs: + description: The per-role upgrade configuration used + value: +{% for role in roles %} + {{role.name.lower()}}: {get_attr: [{{role.name}}UpgradeConfig_Step1, upgrade_config]} +{% endfor %} + diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index d7681d10..60c12c3b 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -66,6 +66,7 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -227,39 +228,69 @@ resources: SwiftStorageHieraConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - object_extraconfig - - extraconfig - - service_names - - service_configs - - object - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - object_extraconfig: - mapped_data: {get_param: ObjectStorageExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - object: - mapped_data: # data supplied directly to this deployment configuration, etc - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - object_extraconfig + - extraconfig + - service_names + - service_configs + - object + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + object_extraconfig: {get_param: ObjectStorageExtraConfig} + extraconfig: {get_param: ExtraConfig} + object: + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + fqdn_internal_api: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - internalapi + - {get_param: CloudDomain} + fqdn_storage: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storage + - {get_param: CloudDomain} + fqdn_storage_mgmt: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + fqdn_tenant: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - tenant + - {get_param: CloudDomain} + fqdn_management: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - management + - {get_param: CloudDomain} + fqdn_ctlplane: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - ctlplane + - {get_param: CloudDomain} SwiftStorageHieraDeploy: diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml index 8218f41a..582eb28d 100644 --- a/puppet/post.j2.yaml +++ b/puppet/post.j2.yaml @@ -57,72 +57,29 @@ resources: {% endif %} # Step through a series of configuration steps - {{role.name}}Deployment_Step1: - type: OS::Heat::StructuredDeploymentGroup - depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] - properties: - name: {{role.name}}Deployment_Step1 - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: 1 - update_identifier: {get_param: DeployIdentifier} - - {{role.name}}Deployment_Step2: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step1 - {% endfor %} - properties: - name: {{role.name}}Deployment_Step2 - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: 2 - update_identifier: {get_param: DeployIdentifier} - - {{role.name}}Deployment_Step3: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step2 - {% endfor %} - properties: - name: {{role.name}}Deployment_Step3 - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: 3 - update_identifier: {get_param: DeployIdentifier} +{% for step in range(1, 6) %} + {% for role in roles %} - {{role.name}}Deployment_Step4: + {{role.name}}Deployment_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup + {% if step == 1 %} + depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] + {% else %} depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step3 - {% endfor %} + {% for dep in roles %} + - {{dep.name}}Deployment_Step{{step -1}} + {% endfor %} + {% endif %} properties: - name: {{role.name}}Deployment_Step4 + name: {{role.name}}Deployment_Step{{step}} servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}Config} input_values: - step: 4 + step: {{step}} update_identifier: {get_param: DeployIdentifier} - {{role.name}}Deployment_Step5: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step4 {% endfor %} - properties: - name: {{role.name}}Deployment_Step5 - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: 5 - update_identifier: {get_param: DeployIdentifier} +{% endfor %} {{role.name}}PostConfig: type: OS::TripleO::Tasks::{{role.name}}PostConfig diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 5b419f80..587ff58d 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -5,13 +5,17 @@ parameters: description: Flavor for the {{role}} node. default: baremetal type: string +{% if disable_constraints is not defined %} constraints: - custom_constraint: nova.flavor +{% endif %} {{role}}Image: type: string default: overcloud-full +{% if disable_constraints is not defined %} constraints: - custom_constraint: glance.image +{% endif %} ImageUpdatePolicy: default: 'REBUILD_PRESERVE_EPHEMERAL' description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt. @@ -20,8 +24,10 @@ parameters: description: Name of an existing Nova key pair to enable SSH access to the instances type: string default: default +{% if disable_constraints is not defined %} constraints: - custom_constraint: nova.keypair +{% endif %} ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -72,6 +78,7 @@ parameters: constraints: - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE] CloudDomain: + default: 'localdomain' type: string description: > The DNS domain used for the hosts. This should match the dhcp_domain @@ -249,41 +256,71 @@ resources: {{role}}Config: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: hiera config: - hiera: - hierarchy: - - '"%{::uuid}"' - - heat_config_%{::deploy_config_name} - - {{role.lower()}}_extraconfig - - extraconfig - - service_names - - service_configs - - {{role.lower()}} - - bootstrap_node # provided by allNodesConfig - - all_nodes # provided by allNodesConfig - - vip_data # provided by allNodesConfig - - '"%{::osfamily}"' - merge_behavior: deeper - datafiles: - service_names: - mapped_data: - service_names: {get_param: ServiceNames} - sensu::subscriptions: {get_param: MonitoringSubscriptions} - service_configs: - mapped_data: - map_replace: - - {get_param: ServiceConfigSettings} - - values: {get_attr: [NetIpMap, net_ip_map]} - {{role.lower()}}_extraconfig: - mapped_data: {get_param: {{role}}ExtraConfig} - extraconfig: - mapped_data: {get_param: ExtraConfig} - {{role.lower()}}: - mapped_data: - tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} - tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} + hierarchy: + - '"%{::uuid}"' + - heat_config_%{::deploy_config_name} + - {{role.lower()}}_extraconfig + - extraconfig + - service_names + - service_configs + - {{role.lower()}} + - bootstrap_node # provided by allNodesConfig + - all_nodes # provided by allNodesConfig + - vip_data # provided by allNodesConfig + - '"%{::osfamily}"' + merge_behavior: deeper + datafiles: + service_names: + service_names: {get_param: ServiceNames} + sensu::subscriptions: {get_param: MonitoringSubscriptions} + service_configs: + map_replace: + - {get_param: ServiceConfigSettings} + - values: {get_attr: [NetIpMap, net_ip_map]} + {{role.lower()}}_extraconfig: {get_param: {{role}}ExtraConfig} + extraconfig: {get_param: ExtraConfig} + {{role.lower()}}: + tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} + tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} + tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} + fqdn_internal_api: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - internalapi + - {get_param: CloudDomain} + fqdn_storage: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storage + - {get_param: CloudDomain} + fqdn_storage_mgmt: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storagemgmt + - {get_param: CloudDomain} + fqdn_tenant: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - tenant + - {get_param: CloudDomain} + fqdn_management: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - management + - {get_param: CloudDomain} + fqdn_ctlplane: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - ctlplane + - {get_param: CloudDomain} # Resource for site-specific injection of root certificate NodeTLSCAData: diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 8fe51fa3..856b306e 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -22,8 +22,8 @@ Config Settings Each service may define a config_settings output variable which returns Hiera settings to be configured. -Steps ------ +Deployment Steps +---------------- Each service may define an output variable which returns a puppet manifest snippet that will run at each of the following steps. Earlier manifests @@ -49,8 +49,28 @@ are re-asserted when applying latter ones. 5) Service activation (Pacemaker) - 6) Fencing (Pacemaker) +Upgrade Steps +------------- + +Each service template may optionally define a `upgrade_tasks` key, which is a +list of ansible tasks to be performed during the upgrade process. + +Similar to the step_config, we allow a series of steps for the per-service +upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first +step, "step2" for the second, etc. + + Steps/tages correlate to the following: + + 1) Quiesce the control-plane, e.g disable LoadBalancer, stop pacemaker cluster + + 2) Stop all control-plane services, ready for upgrade + + 3) Perform a package update, (either specific packages or the whole system) + + 4) Start services needed for migration tasks (e.g DB) + + 5) Perform any migration tasks, e.g DB sync commands -Note: Not all roles currently support all steps: + 6) Start control-plane services - * ObjectStorage role only supports steps 2, 3 and 4 + 7) Any additional online migration tasks (e.g data migrations) diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 48cc4af6..0cc7ad8b 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -21,11 +21,6 @@ parameters: MonitoringSubscriptionAodhApi: default: 'overcloud-ceilometer-aodh-api' type: string - EnableCombinationAlarms: - default: false - description: Combination alarms are deprecated in Newton, hence disabled - by default. To enable, set this parameter to true. - type: boolean EnableInternalTLS: type: boolean default: false @@ -60,7 +55,7 @@ outputs: aodh::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} aodh::api::service_name: 'httpd' @@ -73,7 +68,7 @@ outputs: aodh::api::host: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the @@ -83,7 +78,6 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR aodh::wsgi::apache::bind_host: {get_param: [ServiceNetMap, AodhApiNetwork]} - tripleo::profile::base::aodh::api::enable_combination_alarms: {get_param: EnableCombinationAlarms} service_config_settings: get_attr: [AodhBase, role_data, service_config_settings] step_config: | diff --git a/puppet/services/apache-internal-tls-certmonger.yaml b/puppet/services/apache-internal-tls-certmonger.yaml index 87e53f13..1d76b9a3 100644 --- a/puppet/services/apache-internal-tls-certmonger.yaml +++ b/puppet/services/apache-internal-tls-certmonger.yaml @@ -35,8 +35,8 @@ outputs: httpd-NETWORK: service_certificate: '/etc/pki/tls/certs/httpd-NETWORK.crt' service_key: '/etc/pki/tls/private/httpd-NETWORK.key' - hostname: "%{::fqdn_NETWORK}" - principal: "HTTP/%{::fqdn_NETWORK}" + hostname: "%{hiera('fqdn_NETWORK')}" + principal: "HTTP/%{hiera('fqdn_NETWORK')}" for_each: NETWORK: # NOTE(jaosorior) Get unique network names to create diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index ab6b0ec7..24687d03 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -24,7 +24,7 @@ parameters: hidden: true BarbicanWorkers: description: Set the number of workers for barbican::wsgi::apache - default: '"%{::processorcount}"' + default: '%{::processorcount}' type: string Debug: default: '' @@ -93,7 +93,7 @@ outputs: barbican::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]} barbican::db::database_connection: @@ -128,3 +128,17 @@ outputs: barbican::keystone::auth::password: {get_param: BarbicanPassword} barbican::keystone::auth::region: {get_param: KeystoneRegion} barbican::keystone::auth::tenant: 'service' + nova_compute: + nova::compute::keymgr_api_class: > + castellan.key_manager.barbican_key_manager.BarbicanKeyManager + nova::compute::barbican_endpoint: + get_param: [EndpointMap, BarbicanInternal, uri] + nova::compute::barbican_auth_endpoint: + get_param: [EndpointMap, KeystoneV3Internal, uri] + cinder_api: + cinder::api::keymgr_api_class: > + castellan.key_manager.barbican_key_manager.BarbicanKeyManager + cinder::api::keymgr_encryption_api_url: + get_param: [EndpointMap, BarbicanInternal, uri] + cinder::api::keymgr_encryption_auth_url: + get_param: [EndpointMap, KeystoneV3Internal, uri] diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index 97b255a9..2e2d3f2d 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -75,7 +75,7 @@ outputs: ceilometer::api::host: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} @@ -83,7 +83,7 @@ outputs: ceilometer::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} service_config_settings: diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 4ace7526..ded1bc03 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -36,6 +36,12 @@ parameters: type: string constraints: - allowed_values: ['gnocchi', 'database'] + CeilometerEventDispatcher: + default: ['gnocchi'] + description: Comma-separated list of Dispatchers to process events data + type: comma_delimited_list + constraints: + - allowed_values: ['panko', 'gnocchi', 'database'] CeilometerWorkers: default: 0 description: Number of workers for Ceilometer service. @@ -102,6 +108,7 @@ outputs: ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_endpoint_type: 'internalURL' ceilometer::collector::meter_dispatcher: {get_param: CeilometerMeterDispatcher} + ceilometer::collector::event_dispatcher: {get_param: CeilometerEventDispatcher} ceilometer::dispatcher::gnocchi::url: {get_param: [EndpointMap, GnocchiInternal, uri]} ceilometer::dispatcher::gnocchi::filter_project: 'service' ceilometer::dispatcher::gnocchi::archive_policy: 'low' diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index 786e9ddd..8faf5640 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -119,36 +119,33 @@ outputs: NETWORK: {get_param: [ServiceNetMap, CephMonNetwork]} ceph::profile::params::public_addr: {get_param: [ServiceNetMap, CephMonNetwork]} ceph::profile::params::client_keys: - str_replace: - template: "{ - client.admin: { - secret: 'ADMIN_KEY', - mode: '0600', - cap_mon: 'allow *', - cap_osd: 'allow *', + map_replace: + - client.admin: + secret: {get_param: CephAdminKey} + mode: '0600' + cap_mon: 'allow *' + cap_osd: 'allow *' cap_mds: 'allow *' - }, - client.bootstrap-osd: { - secret: 'ADMIN_KEY', - keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring', + client.bootstrap-osd: + secret: {get_param: CephAdminKey} + keyring_path: '/var/lib/ceph/bootstrap-osd/ceph.keyring' cap_mon: 'allow profile bootstrap-osd' - }, - client.CLIENT_USER: { - secret: 'CLIENT_KEY', - mode: '0644', - cap_mon: 'allow r', - cap_osd: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' - } - }" - params: - CLIENT_USER: {get_param: CephClientUserName} - CLIENT_KEY: {get_param: CephClientKey} - ADMIN_KEY: {get_param: CephAdminKey} - NOVA_POOL: {get_param: NovaRbdPoolName} - CINDER_POOL: {get_param: CinderRbdPoolName} - CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} - GLANCE_POOL: {get_param: GlanceRbdPoolName} - GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + CEPH_CLIENT_KEY: + secret: {get_param: CephClientKey} + mode: '0644' + cap_mon: 'allow r' + cap_osd: + str_replace: + template: 'allow class-read object_prefix rbd_children, allow rwx pool=CINDER_POOL, allow rwx pool=CINDERBACKUP_POOL, allow rwx pool=NOVA_POOL, allow rwx pool=GLANCE_POOL, allow rwx pool=GNOCCHI_POOL' + params: + NOVA_POOL: {get_param: NovaRbdPoolName} + CINDER_POOL: {get_param: CinderRbdPoolName} + CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} + GLANCE_POOL: {get_param: GlanceRbdPoolName} + GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + - keys: + CEPH_CLIENT_KEY: + list_join: ['.', ['client', {get_param: CephClientUserName}]] service_config_settings: glance_api: glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]} diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index 89c1a5ee..4b85d28f 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -68,6 +68,7 @@ outputs: ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]} ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} + ceph::rgw::keystone::auth::user: 'swift' ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} ceph::rgw::keystone::auth::tenant: 'service' diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 803d8b83..6cb2b194 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -42,7 +42,7 @@ parameters: CinderWorkers: type: string description: Set the number of workers for cinder::wsgi::apache - default: '"%{::os_workers}"' + default: '%{::os_workers}' EnableInternalTLS: type: boolean default: false @@ -101,7 +101,7 @@ outputs: cinder::api::bind_host: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]} cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS} @@ -115,7 +115,7 @@ outputs: cinder::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]} - diff --git a/puppet/services/database/mysql-internal-tls-certmonger.yaml b/puppet/services/database/mysql-internal-tls-certmonger.yaml new file mode 100644 index 00000000..3ba51fb6 --- /dev/null +++ b/puppet/services/database/mysql-internal-tls-certmonger.yaml @@ -0,0 +1,43 @@ +heat_template_version: 2016-10-14 + +description: > + MySQL configurations for using TLS via certmonger. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + # The following parameters are not needed by the template but are + # required to pass the pep8 tests + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: MySQL configurations for using TLS via certmonger. + value: + service_name: mysql_internal_tls_certmonger + config_settings: + generate_service_certificates: true + tripleo::profile::base::database::mysql::certificate_specs: + service_certificate: '/etc/pki/tls/certs/mysql.crt' + service_key: '/etc/pki/tls/private/mysql.key' + hostname: + str_replace: + template: "%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + principal: + str_replace: + template: "mysql/%{hiera('cloud_name_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 094a7c9f..abe752e2 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -35,50 +35,68 @@ parameters: description: Whether to use Galera instead of regular MariaDB. type: boolean +resources: + + MySQLTLS: + type: OS::TripleO::Services::MySQLTLS + properties: + ServiceNetMap: {get_param: ServiceNetMap} + outputs: role_data: description: Service MySQL using composable services. value: service_name: mysql config_settings: - # The Galera package should work in cluster and - # non-cluster modes based on the config file. - # We set the package name here explicitly so - # that it matches what we pre-install - # in tripleo-puppet-elements. - mysql::server::package_name: 'mariadb-galera-server' - mysql::server::manage_config_file: true - tripleo.mysql.firewall_rules: - '104 mysql galera': - dport: - - 873 - - 3306 - - 4444 - - 4567 - - 4568 - - 9200 - mysql_max_connections: {get_param: MysqlMaxConnections} - mysql::server::root_password: - yaql: - expression: $.data.passwords.where($ != '').first() - data: - passwords: - - {get_param: MysqlRootPassword} - - {get_param: [DefaultPasswords, mysql_root_password]} - mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} - enable_galera: {get_param: EnableGalera} - # NOTE: bind IP is found in Heat replacing the network name with the - # local node IP for the given network; replacement examples - # (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]} - tripleo::profile::base::database::mysql::bind_address: - str_replace: - template: - '"%{::fqdn_$NETWORK}"' - params: - $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + map_merge: + - get_attr: [MySQLTLS, role_data, config_settings] + - + # The Galera package should work in cluster and + # non-cluster modes based on the config file. + # We set the package name here explicitly so + # that it matches what we pre-install + # in tripleo-puppet-elements. + mysql::server::package_name: 'mariadb-galera-server' + mysql::server::manage_config_file: true + tripleo.mysql.firewall_rules: + '104 mysql galera': + dport: + - 873 + - 3306 + - 4444 + - 4567 + - 4568 + - 9200 + mysql_max_connections: {get_param: MysqlMaxConnections} + mysql::server::root_password: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: MysqlRootPassword} + - {get_param: [DefaultPasswords, mysql_root_password]} + mysql_clustercheck_password: {get_param: MysqlClustercheckPassword} + enable_galera: {get_param: EnableGalera} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + mysql_bind_host: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::bind_address: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql + upgrade_tasks: + - name: Stop service + tags: step2 + service: name=mariadb state=stopped + - name: Start service + tags: step4 + service: name=mariadb state=started + diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index 4ed3c007..2fab0eb6 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -39,6 +39,6 @@ outputs: # internal_api_subnet - > IP/CIDR redis::bind: {get_param: [ServiceNetMap, RedisNetwork]} redis::port: 6379 - redis::sentinel::master_name: '"%{hiera(\"bootstrap_nodeid\")}"' - redis::sentinel::redis_host: '"%{hiera(\"bootstrap_nodeid_ip\")}"' + redis::sentinel::master_name: "%{hiera('bootstrap_nodeid')}" + redis::sentinel::redis_host: "%{hiera('bootstrap_nodeid_ip')}" redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh' diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index ac15de4f..b3d39e0f 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -91,7 +91,7 @@ outputs: gnocchi::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} @@ -105,7 +105,7 @@ outputs: gnocchi::api::host: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 0813cb7e..675a79ec 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -34,16 +34,6 @@ parameters: description: The password for Redis type: string hidden: true - ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. - type: string - PublicVirtualInterface: - default: 'br-ex' - description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. - type: string MonitoringSubscriptionHaproxy: default: 'overcloud-haproxy' type: string @@ -81,11 +71,16 @@ outputs: tripleo::haproxy::haproxy_stats_user: {get_param: HAProxyStatsUser} tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} tripleo::haproxy::redis_password: {get_param: RedisPassword} - tripleo::haproxy::control_virtual_interface: {get_param: ControlVirtualInterface} - tripleo::haproxy::public_virtual_interface: {get_param: PublicVirtualInterface} tripleo::profile::base::haproxy::certificates_specs: map_merge: - get_attr: [HAProxyPublicTLS, role_data, certificates_specs] - get_attr: [HAProxyInternalTLS, role_data, certificates_specs] step_config: | include ::tripleo::profile::base::haproxy + upgrade_tasks: + - name: Stop haproxy service + tags: step1 + service: name=haproxy state=stopped + - name: Start haproxy service + tags: step4 # Needed at step 4 for mysql + service: name=haproxy state=started diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 017bb76f..8eaf4044 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -59,12 +59,14 @@ outputs: - 80 - 443 horizon::disable_password_reveal: true + horizon::enforce_password_check: true horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache horizon::django_session_engine: 'django.contrib.sessions.backends.cache' horizon::vhost_extra_params: add_listen: false priority: 10 access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' + options: ['FollowSymLinks','MultiViews'] horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]} horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]} horizon::secret_key: diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 4ac9fc30..f173aa63 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -68,7 +68,7 @@ outputs: list_join: - '' - - 'http://' - - '%{hiera("ironic_conductor_http_host")}:' + - "%{hiera('ironic_conductor_http_host')}:" - {get_param: IronicIPXEPort} ironic::drivers::pxe::ipxe_enabled: {get_param: IronicIPXEEnabled} ironic::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index 38cfbe22..b4f1a100 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > Keepalived service configured with Puppet @@ -19,19 +19,28 @@ parameters: via parameter_defaults in the resource registry. type: json ControlVirtualInterface: - default: 'br-ex' - description: Interface where virtual ip will be assigned. + default: '' + description: > + Interface where virtual ip will be assigned. This value will be + automatically set by the deployment tool. Overriding here will + override automatic setting. type: string PublicVirtualInterface: - default: 'br-ex' + default: '' description: > - Specifies the interface where the public-facing virtual ip will be assigned. - This should be int_public when a VLAN is being used. + Interface where virtual ip will be assigned. This value will be + automatically set by the deployment tool. Overriding here will + override automatic setting. type: string MonitoringSubscriptionKeepalived: default: 'overcloud-keepalived' type: string +conditions: + + control_iface_empty: {equals : [{get_param: ControlVirtualInterface}, '']} + public_iface_empty: {equals : [{get_param: PublicVirtualInterface}, '']} + outputs: role_data: description: Role data for the Keepalived role. @@ -39,10 +48,27 @@ outputs: service_name: keepalived monitoring_subscription: {get_param: MonitoringSubscriptionKeepalived} config_settings: - tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface} - tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface} - tripleo.keepalived.firewall_rules: - '106 keepalived vrrp': - proto: vrrp + map_merge: + - tripleo.keepalived.firewall_rules: + '106 keepalived vrrp': + proto: vrrp + - + if: + - control_iface_empty + - {} + - tripleo::keepalived::control_virtual_interface: {get_param: ControlVirtualInterface} + - + if: + - public_iface_empty + - {} + - tripleo::keepalived::public_virtual_interface: {get_param: PublicVirtualInterface} step_config: | include ::tripleo::profile::base::keepalived + upgrade_tasks: + - name: Stop keepalived service + tags: step1 + service: name=keepalived state=stopped + - name: Start keepalived service + tags: step4 # Needed at step 4 for mysql + service: name=keepalived state=started + diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index d819e043..e48d7037 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -89,7 +89,7 @@ parameters: KeystoneWorkers: type: string description: Set the number of workers for keystone::wsgi::apache - default: '"%{::os_workers}"' + default: '%{::os_workers}' MonitoringSubscriptionKeystone: default: 'overcloud-keystone' type: string @@ -99,6 +99,12 @@ parameters: KeystoneCredential1: type: string description: The second Keystone credential key. Must be a valid key. + KeystoneFernetKey0: + type: string + description: The first Keystone fernet key. Must be a valid key. + KeystoneFernetKey1: + type: string + description: The second Keystone fernet key. Must be a valid key. KeystoneLoggingSource: type: json default: @@ -156,6 +162,11 @@ outputs: content: {get_param: KeystoneCredential0} '/etc/keystone/credential-keys/1': content: {get_param: KeystoneCredential1} + keystone::fernet_keys: + '/etc/keystone/fernet-keys/0': + content: {get_param: KeystoneFernetKey0} + '/etc/keystone/fernet-keys/1': + content: {get_param: KeystoneFernetKey1} keystone::debug: {get_param: Debug} keystone::rabbit_userid: {get_param: RabbitUserName} keystone::rabbit_password: {get_param: RabbitPassword} @@ -184,13 +195,13 @@ outputs: keystone::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} keystone::wsgi::apache::servername_admin: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} @@ -208,13 +219,13 @@ outputs: keystone::admin_bind_host: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} keystone::public_bind_host: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the @@ -237,3 +248,14 @@ outputs: keystone::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + # Ansible tasks to handle upgrade + upgrade_tasks: + - name: Stop keystone service (running under httpd) + tags: step2 + service: name=httpd state=stopped + - name: Sync keystone DB + tags: step5 + command: keystone-manage db_sync + - name: Start keystone service (running under httpd) + tags: step6 + service: name=httpd state=started diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml index e5762328..ea23b8b6 100644 --- a/puppet/services/monitoring/sensu-base.yaml +++ b/puppet/services/monitoring/sensu-base.yaml @@ -45,7 +45,7 @@ parameters: default: '/sensu' SensuRedactVariables: description: Variables from Sensu configuration, which have to be redacted. - type: array + type: comma_delimited_list default: - password - passwd diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 408eb795..5fd9d7a2 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -57,26 +57,20 @@ parameters: default: tag: openstack.neutron.api path: /var/log/neutron/server.log - ControllerCount: - description: | - Under normal conditions, this should not be overridden manually and is - set at deployment time. The default value is present to allow the - template to be used in environments that do not override it. - default: 1 - type: number # DEPRECATED: the following options are deprecated and are currently maintained # for backwards compatibility. They will be removed in the Ocata cycle. NeutronL3HA: - default: false + default: '' + type: string description: | - Whether to enable HA for virtual routers. While the default value is - 'false', L3 HA will be automatically enabled if the number of nodes - hosting controller configurations and DVR is disabled. This parameter is - being deprecated in Newton and is scheduled to be removed in Ocata. - Future releases will enable L3 HA by default if it is appropriate for the - deployment type. Alternate mechanisms will be available to override. - type: boolean + Whether to enable HA for virtual routers. When not set, L3 HA will be + automatically enabled if the number of nodes hosting controller + configurations and DVR is disabled. Valid values are 'true' or 'false' + This parameter is being deprecated in Newton and is scheduled to be + removed in Ocata. Future releases will enable L3 HA by default if it is + appropriate for the deployment type. Alternate mechanisms will be + available to override. parameter_groups: - label: deprecated @@ -97,18 +91,6 @@ resources: DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} -conditions: - - auto_enable_l3_ha: - and: - - not: - equals: - - get_param: ControllerCount - - 1 - - equals: - - get_param: NeutronEnableDVR - - false - outputs: role_data: description: Role data for the Neutron Server agent service. @@ -135,7 +117,6 @@ outputs: neutron::server::api_workers: {get_param: NeutronWorkers} neutron::server::rpc_workers: {get_param: NeutronWorkers} neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} - neutron::server::l3_ha: {if: ["auto_enable_l3_ha", true, {get_param: NeutronL3HA}]} neutron::server::enable_proxy_headers_parsing: true neutron::keystone::authtoken::password: {get_param: NeutronPassword} @@ -158,6 +139,7 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR neutron::bind_host: {get_param: [ServiceNetMap, NeutronApiNetwork]} + tripleo::profile::base::neutron::server::l3_ha_override: {get_param: NeutronL3HA} step_config: | include tripleo::profile::base::neutron::server service_config_settings: diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 0b2cef07..3d03c313 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -84,16 +84,12 @@ outputs: neutron::rabbit_port: {get_param: RabbitClientPort} neutron::dhcp_agents_per_network: {get_param: NeutronDhcpAgentsPerNetwork} neutron::core_plugin: {get_param: NeutronCorePlugin} - neutron::service_plugins: - str_replace: - template: PLUGINS - params: - PLUGINS: {get_param: NeutronServicePlugins} + neutron::service_plugins: {get_param: NeutronServicePlugins} neutron::debug: {get_param: Debug} neutron::purge_config: {get_param: EnableConfigPurge} neutron::allow_overlapping_ips: true neutron::rabbit_heartbeat_timeout_threshold: 60 - neutron::host: '"%{::fqdn}"' #NOTE: extra quoting is needed + neutron::host: '%{::fqdn}' neutron::db::database_db_max_retries: -1 neutron::db::database_max_retries: -1 neutron::global_physnet_mtu: {get_param: NeutronGlobalPhysnetMtu} diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 8be4c6d6..c87de285 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -72,6 +72,6 @@ outputs: neutron::agents::metadata::auth_password: {get_param: NeutronPassword} neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } neutron::agents::metadata::auth_tenant: 'service' - neutron::agents::metadata::metadata_ip: '"%{hiera(\"nova_metadata_vip\")}"' + neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}" step_config: | include tripleo::profile::base::neutron::metadata diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index cca0deee..e2b90b7b 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -94,21 +94,9 @@ outputs: - neutron::agents::ml2::ovs::l2_population: {get_param: NeutronEnableL2Pop} neutron::agents::ml2::ovs::enable_distributed_routing: {get_param: NeutronEnableDVR} neutron::agents::ml2::ovs::arp_responder: {get_param: NeutronEnableARPResponder} - neutron::agents::ml2::ovs::bridge_mappings: - str_replace: - template: MAPPINGS - params: - MAPPINGS: {get_param: NeutronBridgeMappings} - neutron::agents::ml2::ovs::tunnel_types: - str_replace: - template: TYPES - params: - TYPES: {get_param: NeutronTunnelTypes} - neutron::agents::ml2::ovs::extensions: - str_replace: - template: AGENT_EXTENSIONS - params: - AGENT_EXTENSIONS: {get_param: NeutronAgentExtensions} + neutron::agents::ml2::ovs::bridge_mappings: {get_param: NeutronBridgeMappings} + neutron::agents::ml2::ovs::tunnel_types: {get_param: NeutronTunnelTypes} + neutron::agents::ml2::ovs::extensions: {get_param: NeutronAgentExtensions} # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index 5dbae3dc..88b5064c 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -83,46 +83,14 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - - neutron::plugins::ml2::mechanism_drivers: - str_replace: - template: MECHANISMS - params: - MECHANISMS: {get_param: NeutronMechanismDrivers} - neutron::plugins::ml2::type_drivers: - str_replace: - template: DRIVERS - params: - DRIVERS: {get_param: NeutronTypeDrivers} - neutron::plugins::ml2::flat_networks: - str_replace: - template: NETWORKS - params: - NETWORKS: {get_param: NeutronFlatNetworks} - neutron::plugins::ml2::extension_drivers: - str_replace: - template: PLUGIN_EXTENSIONS - params: - PLUGIN_EXTENSIONS: {get_param: NeutronPluginExtensions} - neutron::plugins::ml2::network_vlan_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronNetworkVLANRanges} - neutron::plugins::ml2::tunnel_id_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronTunnelIdRanges} - neutron::plugins::ml2::vni_ranges: - str_replace: - template: RANGES - params: - RANGES: {get_param: NeutronVniRanges} - neutron::plugins::ml2::tenant_network_types: - str_replace: - template: TYPES - params: - TYPES: {get_param: NeutronNetworkType} + - neutron::plugins::ml2::mechanism_drivers: {get_param: NeutronMechanismDrivers} + neutron::plugins::ml2::type_drivers: {get_param: NeutronTypeDrivers} + neutron::plugins::ml2::flat_networks: {get_param: NeutronFlatNetworks} + neutron::plugins::ml2::extension_drivers: {get_param: NeutronPluginExtensions} + neutron::plugins::ml2::network_vlan_ranges: {get_param: NeutronNetworkVLANRanges} + neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges} + neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges} + neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType} neutron::plugins::ml2::supported_pci_vendor_devs: {get_param: NeutronSupportedPCIVendorDevs} step_config: | diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 49bd84bc..50e4c996 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -87,8 +87,8 @@ outputs: map_merge: - get_attr: [NovaBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings] - - nova::cron::archive_deleted_rows::hour: '"*/12"' - nova::cron::archive_deleted_rows::destination: '"/dev/null"' + - nova::cron::archive_deleted_rows::hour: '*/12' + nova::cron::archive_deleted_rows::destination: '/dev/null' tripleo.nova_api.firewall_rules: '113 nova_api': dport: @@ -108,7 +108,7 @@ outputs: nova::api::api_bind_address: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::api::service_name: 'httpd' @@ -122,7 +122,7 @@ outputs: nova::wsgi::apache::servername: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 74a95d20..20bf2e42 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -109,7 +109,7 @@ outputs: nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} nova::rabbit_heartbeat_timeout_threshold: 60 nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' - nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed. + nova::host: '%{::fqdn}' nova::notify_on_state_change: 'vm_and_task_state' nova::notification_driver: messagingv2 nova::network::neutron::neutron_auth_type: 'v3password' diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index f7f2510e..908b676e 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -52,7 +52,7 @@ parameters: For different formats, refer to the nova.conf documentation for pci_passthrough_whitelist configuration type: json - default: '' + default: {} NovaVcpuPinSet: description: > A list or range of physical CPU cores to reserve for virtual machine @@ -97,11 +97,7 @@ outputs: map_merge: - get_attr: [NovaBase, role_data, config_settings] - nova::compute::libvirt::manage_libvirt_services: false - nova::compute::pci_passthrough: - str_replace: - template: "'JSON_PARAM'" - params: - JSON_PARAM: {get_param: NovaPCIPassthrough} + nova::compute::pci_passthrough: {get_param: NovaPCIPassthrough} nova::compute::vcpu_pin_set: {get_param: NovaVcpuPinSet} nova::compute::reserved_host_memory: {get_param: NovaReservedHostMemory} # we manage migration in nova common puppet profile @@ -117,7 +113,7 @@ outputs: - '.' - - 'client' - {get_param: CephClientUserName} - nova::compute::rbd::libvirt_rbd_secret_uuid: '"%{hiera(\"ceph::profile::params::fsid\")}"' + nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend} diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index 7deaf0ca..f2905903 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -40,7 +40,7 @@ outputs: - tripleo::profile::pacemaker::database::mysql::bind_address: str_replace: template: - '"%{::fqdn_$NETWORK}"' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml index 52104a71..e4115d64 100644 --- a/puppet/services/pacemaker/haproxy.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -38,7 +38,5 @@ outputs: - get_attr: [LoadbalancerServiceBase, role_data, config_settings] - tripleo::haproxy::haproxy_service_manage: false tripleo::haproxy::mysql_clustercheck: true - enable_keepalived: false - tripleo::haproxy::keepalived: false step_config: | include ::tripleo::profile::pacemaker::haproxy diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml new file mode 100644 index 00000000..a8bd5e8a --- /dev/null +++ b/puppet/services/panko-api.yaml @@ -0,0 +1,84 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Panko API service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionPankoApi: + default: 'overcloud-ceilometer-panko-api' + type: string + EnableInternalTLS: + type: boolean + default: false + +resources: + PankoBase: + type: ./panko-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + +outputs: + role_data: + description: Role data for the Panko API service. + value: + service_name: panko_api + monitoring_subscription: {get_param: MonitoringSubscriptionPankoApi} + config_settings: + map_merge: + - get_attr: [PankoBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] + - panko::wsgi::apache::ssl: {get_param: EnableInternalTLS} + panko::wsgi::apache::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} + panko::api::service_name: 'httpd' + panko::api::enable_proxy_headers_parsing: true + tripleo.panko_api.firewall_rules: + '140 panko-api': + dport: + - 8779 + - 13779 + panko::api::host: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} + # NOTE: bind IP is found in Heat replacing the network name with the + # local node IP for the given network; replacement examples + # (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + panko::wsgi::apache::bind_host: {get_param: [ServiceNetMap, PankoApiNetwork]} + service_config_settings: + get_attr: [PankoBase, role_data, service_config_settings] + step_config: | + include tripleo::profile::base::panko::api diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml new file mode 100644 index 00000000..32754a55 --- /dev/null +++ b/puppet/services/panko-base.yaml @@ -0,0 +1,74 @@ +heat_template_version: 2016-04-08 + +description: > + OpenStack Panko service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + PankoPassword: + description: The password for the panko services. + type: string + hidden: true + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + +outputs: + role_data: + description: Role data for the Panko role. + value: + service_name: panko_base + config_settings: + panko_redis_password: {get_param: RedisPassword} + panko::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://panko:' + - {get_param: PankoPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/panko' + panko::debug: {get_param: Debug} + panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + panko::keystone::authtoken::project_name: 'service' + panko::keystone::authtoken::password: {get_param: PankoPassword} + panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } + panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + panko::auth::auth_password: {get_param: PankoPassword} + panko::auth::auth_region: 'regionOne' + panko::auth::auth_tenant_name: 'service' + service_config_settings: + keystone: + panko::keystone::auth::public_url: {get_param: [EndpointMap, PankoPublic, uri]} + panko::keystone::auth::internal_url: {get_param: [EndpointMap, PankoInternal, uri]} + panko::keystone::auth::admin_url: {get_param: [EndpointMap, PankoAdmin, uri]} + panko::keystone::auth::password: {get_param: PankoPassword} + panko::keystone::auth::region: {get_param: KeystoneRegion} + panko::keystone::auth::tenant: 'service' + mysql: + panko::db::mysql::user: panko + panko::db::mysql::password: {get_param: PankoPassword} + panko::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + panko::db::mysql::dbname: panko + panko::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 44a09a42..b77e0a91 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -97,6 +97,13 @@ outputs: # internal_api_subnet - > IP/CIDR rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]} rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues} - step_config: | include ::tripleo::profile::base::rabbitmq + upgrade_tasks: + - name: Stop rabbitmq service + tags: step2 + service: name=rabbitmq-server state=stopped + - name: Start rabbitmq service + tags: step6 + service: name=rabbitmq-server state=started + diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index ffe2d2d4..13df5bbe 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -108,3 +108,8 @@ outputs: expression: $.data.role_data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) data: {role_data: {get_attr: [ServiceChain, role_data]}} step_config: {list_join: ["\n", {get_attr: [ServiceChain, role_data, step_config]}]} + upgrade_tasks: + yaql: + # Note we use distinct() here to filter any identical tasks, e.g yum update for all services + expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() + data: {get_attr: [ServiceChain, role_data]} diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index ba1d99f1..ba184ab0 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -77,6 +77,7 @@ outputs: swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName} swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} + swift::proxy::ceilometer::nonblocking_notify: true tripleo.swift_proxy.firewall_rules: '122 swift proxy': dport: @@ -99,6 +100,11 @@ outputs: - 'authtoken' - 'keystone' - 'staticweb' + - 'copy' + - 'container-quotas' + - 'account-quotas' + - 'slo' + - 'dlo' - 'versioned_writes' - 'ceilometer' - 'proxy-logging' diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index 124f5fe8..69912fa5 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -32,3 +32,7 @@ outputs: tripleo::packages::enable_install: {get_param: EnablePackageInstall} step_config: | include ::tripleo::packages + upgrade_tasks: + - name: Update all packages + tags: step3 + yum: name=* state=latest diff --git a/puppet/services/vip-hosts.yaml b/puppet/services/vip-hosts.yaml deleted file mode 100644 index a9d757ee..00000000 --- a/puppet/services/vip-hosts.yaml +++ /dev/null @@ -1,56 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - If the deployer doesn't have a DNS server for the overcloud nodes. This will - populate the node-names and IPs for the VIPs of the overcloud. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -outputs: - role_data: - description: role data for the VIP hosts role - value: - service_name: vip_hosts - config_settings: - tripleo::vip_hosts::hosts_spec: - external: - name: "%{hiera('cloud_name_external')}" - ip: "%{hiera('public_virtual_ip')}" - ensure: present - comment: FQDN of the external VIP - internal_api: - name: "%{hiera('cloud_name_internal_api')}" - ip: "%{hiera('internal_api_virtual_ip')}" - ensure: present - comment: FQDN of the internal api VIP - storage: - name: "%{hiera('cloud_name_storage')}" - ip: "%{hiera('storage_virtual_ip')}" - ensure: present - comment: FQDN of the storage VIP - storage_mgmt: - name: "%{hiera('cloud_name_storage_mgmt')}" - ip: "%{hiera('storage_mgmt_virtual_ip')}" - ensure: present - comment: FQDN of the storage mgmt VIP - ctlplane: - name: "%{hiera('cloud_name_ctlplane')}" - ip: "%{hiera('controller_virtual_ip')}" - ensure: present - comment: FQDN of the ctlplane VIP - step_config: | - include ::tripleo::vip_hosts diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml new file mode 100644 index 00000000..77240c3c --- /dev/null +++ b/puppet/services/zaqar.yaml @@ -0,0 +1,66 @@ +heat_template_version: 2016-04-08 + +description: > + Openstack Zaqar service. Shared for all Heat services. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + ZaqarPassword: + description: The password for Zaqar + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + + +outputs: + role_data: + description: Shared role data for the Heat services. + value: + service_name: zaqar + config_settings: + zaqar::keystone::authtoken::password: {get_param: ZaqarPassword} + zaqar::keystone::authtoken::project_name: 'service' + zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + zaqar::debug: {get_param: Debug} + zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} + zaqar::transport::wsgi::bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]} + zaqar::message_pipeline: 'zaqar.notification.notifier' + zaqar::unreliable: true + service_config_settings: + keystone: + zaqar::keystone::auth::password: {get_param: ZaqarPassword} + zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} + zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} + zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} + zaqar::keystone::auth::region: {get_param: KeystoneRegion} + zaqar::keystone::auth::tenant: 'service' + zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} + zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} + zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} + zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} + zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} + zaqar::keystone::auth_websocket::tenant: 'service' + + step_config: | + include ::tripleo::profile::base::zaqar diff --git a/puppet/upgrade_config.yaml b/puppet/upgrade_config.yaml new file mode 100644 index 00000000..c67e10b3 --- /dev/null +++ b/puppet/upgrade_config.yaml @@ -0,0 +1,48 @@ +heat_template_version: 2016-10-14 +description: 'Upgrade for via ansible by applying a step related tag' + +parameters: + UpgradeStepConfig: + type: json + description: Config (ansible yaml) that will be used to step through the deployment. + default: '' + + step: + type: string + description: Step number of the upgrade + +resources: + + AnsibleConfig: + type: OS::Heat::Value + properties: + value: + str_replace: + template: CONFIG + params: + CONFIG: + - hosts: localhost + connection: local + tasks: {get_param: UpgradeStepConfig} + + AnsibleUpgradeConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: ansible + options: + tags: + str_replace: + template: "stepSTEP" + params: + STEP: {get_param: step} + inputs: + - name: role + config: {get_attr: [AnsibleConfig, value]} + +outputs: + OS::stack_id: + description: The software config which runs ansible with tags + value: {get_resource: AnsibleUpgradeConfigImpl} + upgrade_config: + description: The configuration file used for upgrade + value: {get_attr: [AnsibleConfig, value]} diff --git a/requirements.txt b/requirements.txt index 4e46b891..9c4a708a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,2 @@ pbr>=0.5.21,<1.0 +Jinja2>=2.8 # BSD License (3 clause) diff --git a/roles_data.yaml b/roles_data.yaml index dad62f85..81ddf9ca 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -94,8 +94,9 @@ - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::VipHosts - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::Zaqar - name: Compute CountDefault: 1 @@ -121,7 +122,6 @@ - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::VipHosts - name: BlockStorage ServicesDefault: @@ -135,7 +135,6 @@ - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::VipHosts - name: ObjectStorage ServicesDefault: @@ -150,7 +149,6 @@ - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::VipHosts - name: CephStorage ServicesDefault: @@ -164,4 +162,3 @@ - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::VipHosts diff --git a/scripts/hosts-config.sh b/scripts/hosts-config.sh new file mode 100755 index 00000000..4826d615 --- /dev/null +++ b/scripts/hosts-config.sh @@ -0,0 +1,47 @@ +#!/bin/bash +set -eux +set -o pipefail + +write_entries() { + local file="$1" + local entries="$2" + + # Don't do anything if the file isn't there + if [ ! -f "$file" ]; then + return + fi + + if grep -q "^# HEAT_HOSTS_START" "$file"; then + temp=$(mktemp) + awk -v v="$entries" '/^# HEAT_HOSTS_START/ { + print $0 + print v + f=1 + }f &&!/^# HEAT_HOSTS_END$/{next}/^# HEAT_HOSTS_END$/{f=0}!f' "$file" > "$temp" + echo "INFO: Updating hosts file $file, check below for changes" + diff "$file" "$temp" || true + cat "$temp" > "$file" + else + echo -ne "\n# HEAT_HOSTS_START - Do not edit manually within this section!\n" >> "$file" + echo "$entries" >> "$file" + echo -ne "# HEAT_HOSTS_END\n\n" >> "$file" + fi + +} + +if [ ! -z "$hosts" ]; then + # cloud-init files are /etc/cloud/templates/hosts.OSNAME.tmpl + DIST=$(lsb_release -is | tr -s [A-Z] [a-z]) + case $DIST in + fedora|redhatenterpriseserver) + name="redhat" + ;; + *) + name="$DIST" + ;; + esac + write_entries "/etc/cloud/templates/hosts.${name}.tmpl" "$hosts" + write_entries "/etc/hosts" "$hosts" +else + echo "No hosts in Heat, nothing written." +fi diff --git a/tools/process-templates.py b/tools/process-templates.py new file mode 100755 index 00000000..a15b00e2 --- /dev/null +++ b/tools/process-templates.py @@ -0,0 +1,125 @@ +#!/usr/bin/env python +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import argparse +import jinja2 +import os +import sys +import yaml + + +def parse_opts(argv): + parser = argparse.ArgumentParser( + description='Configure host network interfaces using a JSON' + ' config file format.') + parser.add_argument('-p', '--base_path', metavar='BASE_PATH', + help="""base path of templates to process.""", + default='.') + parser.add_argument('-r', '--roles-data', metavar='ROLES_DATA', + help="""relative path to the roles_data.yaml file.""", + default='roles_data.yaml') + parser.add_argument('--safe', + action='store_true', + help="""Enable safe mode (do not overwrite files).""", + default=False) + opts = parser.parse_args(argv[1:]) + + return opts + + +def _j2_render_to_file(j2_template, j2_data, outfile_name=None, + overwrite=True): + yaml_f = outfile_name or j2_template.replace('.j2.yaml', '.yaml') + print('rendering j2 template to file: %s' % outfile_name) + + if not overwrite and os.path.exists(outfile_name): + print('ERROR: path already exists for file: %s' % outfile_name) + sys.exit(1) + + try: + # Render the j2 template + template = jinja2.Environment().from_string(j2_template) + r_template = template.render(**j2_data) + except jinja2.exceptions.TemplateError as ex: + error_msg = ("Error rendering template %s : %s" + % (yaml_f, six.text_type(ex))) + print(error_msg) + raise Exception(error_msg) + with open(outfile_name, 'w') as out_f: + out_f.write(r_template) + + +def process_templates(template_path, role_data_path, overwrite): + + with open(role_data_path) as role_data_file: + role_data = yaml.safe_load(role_data_file) + + j2_excludes_path = os.path.join(template_path, 'j2_excludes.yaml') + with open(j2_excludes_path) as role_data_file: + j2_excludes = yaml.safe_load(role_data_file) + + role_names = [r.get('name') for r in role_data] + r_map = {} + for r in role_data: + r_map[r.get('name')] = r + excl_templates = ['%s/%s' % (template_path, e) + for e in j2_excludes.get('name')] + + if os.path.isdir(template_path): + for subdir, dirs, files in os.walk(template_path): + for f in files: + file_path = os.path.join(subdir, f) + # We do two templating passes here: + # 1. *.role.j2.yaml - we template just the role name + # and create multiple files (one per role) + # 2. *.j2.yaml - we template with all roles_data, + # and create one file common to all roles + if f.endswith('.role.j2.yaml'): + print("jinja2 rendering role template %s" % f) + with open(file_path) as j2_template: + template_data = j2_template.read() + print("jinja2 rendering roles %s" % "," + .join(role_names)) + for role in role_names: + j2_data = {'role': role} + # (dprince) For the undercloud installer we don't + # want to have heat check nova/glance API's + if r_map[role].get('disable_constraints', False): + j2_data['disable_constraints'] = True + out_f = "-".join( + [role.lower(), + os.path.basename(f).replace('.role.j2.yaml', + '.yaml')]) + out_f_path = os.path.join(subdir, out_f) + if not (out_f_path in excl_templates): + _j2_render_to_file(template_data, j2_data, + out_f_path, overwrite) + else: + print('skipping rendering of %s' % out_f_path) + elif f.endswith('.j2.yaml'): + print("jinja2 rendering normal template %s" % f) + with open(file_path) as j2_template: + template_data = j2_template.read() + j2_data = {'roles': role_data} + out_f = file_path.replace('.j2.yaml', '.yaml') + _j2_render_to_file(template_data, j2_data, out_f, + overwrite) + + else: + print('Unexpected argument %s' % template_path) + +opts = parse_opts(sys.argv) + +role_data_path = os.path.join(opts.base_path, opts.roles_data) + +process_templates(opts.base_path, role_data_path, (not opts.safe)) diff --git a/tools/yaml-nic-config-2-script.py b/tools/yaml-nic-config-2-script.py new file mode 100755 index 00000000..b8f07e4f --- /dev/null +++ b/tools/yaml-nic-config-2-script.py @@ -0,0 +1,219 @@ +#!/usr/bin/env python +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import collections +import copy +import os +import sys +import traceback +import yaml +import six +import re + + +#convert comments into 'comments<num>: ...' YAML +def to_commented_yaml(filename): + out_str = '' + last_non_comment_spaces = '' + with open(filename, 'r') as f: + comment_count = 0 + for line in f: + char_count = 0 + spaces = '' + for char in line: + char_count += 1 + if char == ' ': + spaces+=' ' + next; + elif char == '#': + comment_count += 1 + comment = line[char_count:-1] + out_str += "%scomment%i_%i: '%s'\n" % (last_non_comment_spaces, comment_count, len(spaces), comment) + break; + else: + last_non_comment_spaces = spaces + out_str += line + + #inline comments check + m = re.match(".*:.*#(.*)", line) + if m: + comment_count += 1 + out_str += "%s inline_comment%i: '%s'\n" % (last_non_comment_spaces, comment_count, m.group(1)) + break; + + with open(filename, 'w') as f: + f.write(out_str) + + return out_str + +#convert back to normal #commented YAML +def to_normal_yaml(filename): + + with open(filename, 'r') as f: + data = f.read() + + out_str = '' + next_line_break = False + for line in data.split('\n'): + m = re.match(" +comment[0-9]+_([0-9]+): '(.*)'.*", line) #normal comments + i = re.match(" +inline_comment[0-9]+: '(.*)'.*", line) #inline comments + if m: + if next_line_break: + out_str += '\n' + next_line_break = False + for x in range(0, int(m.group(1))): + out_str += " " + out_str += "#%s\n" % m.group(2) + elif i: + out_str += " #%s\n" % i.group(1) + next_line_break = False + else: + if next_line_break: + out_str += '\n' + out_str += line + next_line_break = True + + if next_line_break: + out_str += '\n' + + with open(filename, 'w') as f: + f.write(out_str) + + return out_str + + +class description(six.text_type): + pass + +# FIXME: Some of this duplicates code from build_endpoint_map.py, we should +# refactor to share the common code +class TemplateDumper(yaml.SafeDumper): + def represent_ordered_dict(self, data): + return self.represent_dict(data.items()) + + def description_presenter(self, data): + if '\n' in data: + style = '>' + else: + style = '' + return self.represent_scalar( + yaml.resolver.BaseResolver.DEFAULT_SCALAR_TAG, data, style=style) + + +# We load mappings into OrderedDict to preserve their order +class TemplateLoader(yaml.SafeLoader): + def construct_mapping(self, node): + self.flatten_mapping(node) + return collections.OrderedDict(self.construct_pairs(node)) + + +TemplateDumper.add_representer(description, + TemplateDumper.description_presenter) + +TemplateDumper.add_representer(collections.OrderedDict, + TemplateDumper.represent_ordered_dict) + + +TemplateLoader.add_constructor(yaml.resolver.BaseResolver.DEFAULT_MAPPING_TAG, + TemplateLoader.construct_mapping) + +def write_template(template, filename=None): + with open(filename, 'w') as f: + yaml.dump(template, f, TemplateDumper, width=120, default_flow_style=False) + +def exit_usage(): + print('Usage %s <yaml file>' % sys.argv[0]) + sys.exit(1) + +def convert(filename): + print('Converting %s' % filename) + try: + tpl = yaml.load(open(filename).read(), Loader=TemplateLoader) + except Exception: + print(traceback.format_exc()) + return 0 + + # Check which path we need for run-os-net-config.sh because we have + # nic config templates in the top-level and network/config + script_paths = ['network/scripts/run-os-net-config.sh', + '../../scripts/run-os-net-config.sh'] + script_path = None + for p in script_paths: + check_path = os.path.join(os.path.dirname(filename), p) + if os.path.isfile(check_path): + print("Found %s, using %s" % (check_path, p)) + script_path = p + if script_path is None: + print("Error couldn't find run-os-net-config.sh relative to filename") + exit_usage() + + for r in six.iteritems(tpl.get('resources', {})): + if (r[1].get('type') == 'OS::Heat::StructuredConfig' and + r[1].get('properties', {}).get('group') == 'os-apply-config' and + r[1].get('properties', {}).get('config', {}).get('os_net_config')): + #print("match %s" % r[0]) + new_r = collections.OrderedDict() + new_r['type'] = 'OS::Heat::SoftwareConfig' + new_r['properties'] = collections.OrderedDict() + new_r['properties']['group'] = 'script' + old_net_config = r[1].get( + 'properties', {}).get('config', {}).get('os_net_config') + new_config = {'str_replace': collections.OrderedDict()} + new_config['str_replace']['template'] = {'get_file': script_path} + new_config['str_replace']['params'] = {'$network_config': old_net_config} + new_r['properties']['config'] = new_config + tpl['resources'][r[0]] = new_r + else: + print("No match %s" % r[0]) + return 0 + + # Preserve typical HOT template key ordering + od_result = collections.OrderedDict() + # Need to bump the HOT version so str_replace supports serializing to json + od_result['heat_template_version'] = "2016-10-14" + if tpl.get('description'): + od_result['description'] = description(tpl['description']) + od_result['parameters'] = tpl['parameters'] + od_result['resources'] = tpl['resources'] + od_result['outputs'] = tpl['outputs'] + #print('Result:') + #print('%s' % yaml.dump(od_result, Dumper=TemplateDumper, width=120, default_flow_style=False)) + #print('---') + #replace = raw_input( + #"Replace file %s? Answer y/n" % filename).lower() == 'y' + #if replace: + #print("Replace %s" % filename) + write_template(od_result, filename) + #else: + # print("NOT replacing %s" % filename) + # return 0 + return 1 + +if len(sys.argv) < 2: + exit_usage() + +path_args = sys.argv[1:] +exit_val = 0 +num_converted = 0 + +for base_path in path_args: + if os.path.isfile(base_path) and base_path.endswith('.yaml'): + to_commented_yaml(base_path) + num_converted += convert(base_path) + to_normal_yaml(base_path) + else: + print('Unexpected argument %s' % base_path) + exit_usage() +if num_converted == 0: + exit_val = 1 +sys.exit(exit_val) @@ -11,4 +11,9 @@ deps = -r{toxinidir}/requirements.txt commands = {posargs} [testenv:pep8] -commands = python ./tools/yaml-validate.py . +commands = + python ./tools/process-templates.py + python ./tools/yaml-validate.py . + +[testenv:templates] +commands = python ./tools/process-templates.py |