diff options
195 files changed, 2446 insertions, 2799 deletions
@@ -82,7 +82,7 @@ and should be executed according to the following table: | neutron-bgpvpn | | | | X | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ | ovn | | | | | | X | -+---------------------------------------------------------------------------------------------------------+ ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ | neutron-l2gw | | | | X | | | +----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ | rabbitmq | X | X | X | X | X | X | diff --git a/capabilities-map.yaml b/capabilities-map.yaml index fdf2ad63..91daa689 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -312,6 +312,13 @@ topics: Enables a Cinder Dell EMC Storage Center ISCSI backend requires: - overcloud-resource-registry-puppet.yaml + - file: environments/cinder-dellemc-unity-config.yaml + title: Cinder Dell EMC Unity backend + description: > + Enables a Cinder Dell EMC Unity backend, + configured via puppet + requires: + - overcloud-resource-registry-puppet.yaml - file: environments/cinder-hpelefthand-config.yaml title: Cinder HPELeftHandISCSI backend description: > diff --git a/ci/common/net-config-multinode-os-net-config.yaml b/ci/common/net-config-multinode-os-net-config.yaml index 6f4542bd..9d45a9ff 100644 --- a/ci/common/net-config-multinode-os-net-config.yaml +++ b/ci/common/net-config-multinode-os-net-config.yaml @@ -15,7 +15,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -23,7 +23,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/ci/common/net-config-multinode.yaml b/ci/common/net-config-multinode.yaml index f7e250e2..6beb62f0 100644 --- a/ci/common/net-config-multinode.yaml +++ b/ci/common/net-config-multinode.yaml @@ -15,7 +15,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -23,7 +23,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml index 7768c4f0..03baf4aa 100644 --- a/ci/environments/multinode-containers.yaml +++ b/ci/environments/multinode-containers.yaml @@ -52,9 +52,7 @@ parameter_defaults: - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages @@ -75,3 +73,4 @@ parameter_defaults: SwiftCeilometerPipelineEnabled: False Debug: True NotificationDriver: 'noop' + GlanceBackend: 'file' diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml index 2b25e58e..f945a021 100644 --- a/ci/environments/multinode.yaml +++ b/ci/environments/multinode.yaml @@ -48,9 +48,6 @@ parameter_defaults: - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute @@ -72,3 +69,4 @@ parameter_defaults: SwiftCeilometerPipelineEnabled: False Debug: True NotificationDriver: 'noop' + GlanceBackend: 'file' diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml index d8f71414..81301349 100644 --- a/ci/environments/multinode_major_upgrade.yaml +++ b/ci/environments/multinode_major_upgrade.yaml @@ -32,9 +32,6 @@ parameter_defaults: - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::SaharaApi - OS::TripleO::Services::SaharaEngine - OS::TripleO::Services::MySQL @@ -68,3 +65,4 @@ parameter_defaults: SwiftCeilometerPipelineEnabled: False Debug: True NotificationDriver: 'noop' + GlanceBackend: 'file' diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index 73dc5b14..edc03d6c 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -7,9 +7,9 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml # TODO deploy ceph with ceph-ansible: https://review.openstack.org/#/c/465066/ - OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml - OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml - OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml + OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml + OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml + OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml @@ -99,9 +99,19 @@ parameter_defaults: Debug: true #NOTE(gfidente): not great but we need this to deploy on ext4 #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ - ExtraConfig: - ceph::profile::params::osd_max_object_name_len: 256 - ceph::profile::params::osd_max_object_namespace_len: 64 + CephAnsibleDisksConfig: + devices: + - /dev/loop3 + journal_size: 512 + journal_collocation: true + CephAnsibleExtraConfig: + ceph_conf_overrides: + global: + osd_pool_default_size: 1 + osd_pool_default_pg_num: 32 + osd_max_object_name_len: 256 + osd_max_object_namespace_len: 64 + CephAnsibleSkipTags: '' #NOTE: These ID's and keys should be regenerated for # a production deployment. What is here is suitable for # developer and CI testing only. @@ -109,6 +119,7 @@ parameter_defaults: CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + CephPoolDefaultSize: 1 NovaEnableRbdBackend: true CinderEnableRbdBackend: true CinderBackupBackend: ceph diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml index d300f773..584c1e5e 100644 --- a/ci/environments/scenario002-multinode-containers.yaml +++ b/ci/environments/scenario002-multinode-containers.yaml @@ -8,7 +8,10 @@ resource_registry: OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml # TODO: Barbican is not yet containerized: https://review.openstack.org/#/c/474327 # OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml - OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml + OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml + # TODO: Zaqar doesn't work when containerized + # https://bugs.launchpad.net/tripleo/+bug/1710959 + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar-api.yaml OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml # NOTE: This is needed because of upgrades from Ocata to Pike. We # deploy the initial environment with Ocata templates, and diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index 513d3f71..5670c213 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -2,7 +2,7 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml - OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar-api.yaml OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml OS::TripleO::Services::Redis: ../../puppet/services/pacemaker/database/redis.yaml diff --git a/ci/environments/scenario004-multinode-containers.yaml b/ci/environments/scenario004-multinode-containers.yaml index 6d795f97..5590de26 100644 --- a/ci/environments/scenario004-multinode-containers.yaml +++ b/ci/environments/scenario004-multinode-containers.yaml @@ -95,6 +95,7 @@ parameter_defaults: CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + CephPoolDefaultSize: 1 SwiftCeilometerPipelineEnabled: false NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin' BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default' diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2 index b36bb97a..8d17c223 100644 --- a/common/deploy-steps.j2 +++ b/common/deploy-steps.j2 @@ -11,6 +11,7 @@ # primary role is: {{primary_role_name}} {% set deploy_steps_max = 6 -%} {% set update_steps_max = 6 -%} +{% set upgrade_steps_max = 6 -%} heat_template_version: pike @@ -337,4 +338,20 @@ outputs: with_sequence: count={{deploy_steps_max-1}} loop_control: loop_var: step + upgrade_steps_tasks: | +{%- for role in roles %} + - include: {{role.name}}/upgrade_tasks.yaml + when: role_name == '{{role.name}}' +{%- endfor %} + upgrade_steps_playbook: | + - hosts: overcloud + tasks: + - include: upgrade_steps_tasks.yaml + with_sequence: count={{upgrade_steps_max-1}} + loop_control: + loop_var: step + - include: deploy_steps_tasks.yaml + with_sequence: count={{deploy_steps_max-1}} + loop_control: + loop_var: step diff --git a/docker/firstboot/setup_docker_host.sh b/docker/firstboot/setup_docker_host.sh deleted file mode 100755 index 8b4c6a03..00000000 --- a/docker/firstboot/setup_docker_host.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -set -eux -# This file contains setup steps that can't be or have not yet been moved to -# puppet - -# Disable libvirtd since it conflicts with nova_libvirt container -/usr/bin/systemctl disable libvirtd.service -/usr/bin/systemctl stop libvirtd.service diff --git a/docker/firstboot/setup_docker_host.yaml b/docker/firstboot/setup_docker_host.yaml deleted file mode 100644 index ddfa8802..00000000 --- a/docker/firstboot/setup_docker_host.yaml +++ /dev/null @@ -1,19 +0,0 @@ -heat_template_version: pike - -resources: - - userdata: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: setup_docker_host} - - setup_docker_host: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: {get_file: ./setup_docker_host.sh} - -outputs: - OS::stack_id: - value: {get_resource: userdata} diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index 8afb6d28..da4b981c 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -114,6 +114,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - + - /var/lib/config-data/aodh/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /var/log/containers/aodh:/var/log/aodh command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync" diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index 85fe0608..f09e98ce 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -30,6 +30,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + StackUpdateType: + type: string + description: > + Type of update, to differentiate between UPGRADE and UPDATE cases + when StackAction is UPDATE (both are the same stack action). + constraints: + - allowed_values: ['', 'UPGRADE'] + default: '' CephAnsibleWorkflowName: type: string description: Name of the Mistral workflow to execute @@ -38,10 +46,18 @@ parameters: type: string description: Path to the ceph-ansible playbook to execute default: /usr/share/ceph-ansible/site-docker.yml.sample + CephAnsibleUpgradePlaybook: + type: string + description: Path to the ceph-ansible playbook to execute on upgrade + default: /usr/share/ceph-ansible/infrastructure-playbooks/take-over-existing-cluster.yml CephAnsibleExtraConfig: type: json description: Extra vars for the ceph-ansible playbook default: {} + CephAnsibleSkipTags: + type: string + description: List of ceph-ansible tags to skip + default: 'package-install,with_pkg' CephClusterFSID: type: string description: The Ceph cluster FSID. Must be a UUID. @@ -78,7 +94,7 @@ parameters: default: vms type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: @@ -88,6 +104,14 @@ parameters: description: default minimum replication for RBD copies type: number default: 3 + ManilaCephFSNativeCephFSAuthId: + default: manila + type: string + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true CephIPv6: default: False type: boolean @@ -101,6 +125,35 @@ conditions: yaql: data: {get_param: DockerCephDaemonImage} expression: $.data.split('/')[0].matches('(\.|:)') + perform_upgrade: + equals: [{get_param: StackUpdateType}, 'UPGRADE'] + +resources: + DockerImageUrlParts: + type: OS::Heat::Value + properties: + type: json + value: + host: + if: + - custom_registry_host + - yaql: + expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*)/').split($location)[1] + data: {get_param: DockerCephDaemonImage} + - docker.io + image: + if: + - custom_registry_host + - yaql: + expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*)/').split($location)[2] + data: {get_param: DockerCephDaemonImage} + - yaql: + expression: $.data.rightSplit(':', 1)[0] + data: {get_param: DockerCephDaemonImage} + image_tag: + yaql: + expression: $.data.rightSplit(':', 1)[1] + data: {get_param: DockerCephDaemonImage} outputs: role_data: @@ -119,27 +172,21 @@ outputs: - name: ceph_base_ansible_workflow workflow: { get_param: CephAnsibleWorkflowName } input: + ansible_skip_tags: {get_param: CephAnsibleSkipTags} ceph_ansible_extra_vars: {get_param: CephAnsibleExtraConfig} - ceph_ansible_playbook: {get_param: CephAnsiblePlaybook} + ceph_ansible_playbook: + if: + - perform_upgrade + - {get_param: CephAnsibleUpgradePlaybook} + - {get_param: CephAnsiblePlaybook} config_settings: ceph_common_ansible_vars: + ireallymeanit: 'yes' fsid: { get_param: CephClusterFSID } docker: true - ceph_docker_registry: - if: - - custom_registry_host - - yaql: - expression: regex('(?:https?://)?(.*)/').split($.data)[1] - data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} - - docker.io - ceph_docker_image: - if: - - custom_registry_host - - yaql: - expression: regex('(?:https?://)?(.*)/').split($.data)[2] - data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} - - {str_split: [':', {get_param: DockerCephDaemonImage}, 0]} - ceph_docker_image_tag: {str_split: [':', {get_param: DockerCephDaemonImage}, 1]} + ceph_docker_registry: {get_attr: [DockerImageUrlParts, value, host]} + ceph_docker_image: {get_attr: [DockerImageUrlParts, value, image]} + ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]} containerized_deployment: true public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} @@ -186,11 +233,17 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} - acls: - - "u:glance:r--" - - "u:nova:r--" - - "u:cinder:r--" - - "u:gnocchi:r--" + mode: "0644" + - name: + list_join: + - '.' + - - client + - {get_param: ManilaCephFSNativeCephFSAuthId} + key: {get_param: CephManilaClientKey} + mon_cap: "allow r, allow command auth del, allow command auth caps, allow command auth get, allow command auth get-or-create" + mds_cap: "allow *" + osd_cap: "allow rw" + mode: "0644" keys: *openstack_keys pools: [] ceph_conf_overrides: diff --git a/docker/services/ceph-ansible/ceph-mds.yaml b/docker/services/ceph-ansible/ceph-mds.yaml new file mode 100644 index 00000000..4ef3a669 --- /dev/null +++ b/docker/services/ceph-ansible/ceph-mds.yaml @@ -0,0 +1,83 @@ +heat_template_version: pike + +description: > + Ceph Metadata service. + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CephMdsKey: + description: The cephx key for the MDS service. Can be created + with ceph-authtool --gen-print-key. + type: string + hidden: true + ManilaCephFSDataPoolName: + default: manila_data + type: string + ManilaCephFSMetadataPoolName: + default: manila_metadata + type: string + ManilaCephFSNativeShareBackendName: + default: cephfs + type: string + +resources: + CephBase: + type: ./ceph-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Ceph Metadata service. + value: + service_name: ceph_mds + upgrade_tasks: [] + step_config: '' + puppet_config: + config_image: '' + config_volume: '' + step_config: '' + docker_config: {} + service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]} + config_settings: + map_merge: + - tripleo.ceph_mds.firewall_rules: + '112 ceph_mds': + dport: + - '6800-7300' + - ceph_mds_ansible_vars: + map_merge: + - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} + - cephfs_data: {get_param: ManilaCephFSDataPoolName} + cephfs_metadata: {get_param: ManilaCephFSMetadataPoolName} + cephfs: {get_param: ManilaCephFSNativeShareBackendName} diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 86bb6d54..9b5c5b8f 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -36,6 +36,18 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -77,6 +89,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/mongodb owner: mongodb:mongodb @@ -84,6 +100,8 @@ outputs: - path: /var/log/mongodb owner: mongodb:mongodb recurse: true + - path: /etc/pki/tls/certs/mongodb.pem + owner: mongodb:mongodb docker_config: step_2: mongodb: @@ -91,11 +109,21 @@ outputs: net: host privileged: false volumes: &mongodb_volumes - - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro - - /etc/localtime:/etc/localtime:ro - - /var/log/containers/mongodb:/var/log/mongodb - - /var/lib/mongodb:/var/lib/mongodb + list_concat: + - - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - /var/log/containers/mongodb:/var/log/mongodb + - /var/lib/mongodb:/var/lib/mongodb + - if: + - internal_tls_enabled + - - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: @@ -106,8 +134,18 @@ outputs: step_config: 'include ::tripleo::profile::base::database::mongodb' config_image: *mongodb_config_image volumes: - - /var/lib/mongodb:/var/lib/mongodb - - /var/log/containers/mongodb:/var/log/mongodb + list_concat: + - - /var/lib/mongodb:/var/lib/mongodb + - /var/log/containers/mongodb:/var/log/mongodb + - if: + - internal_tls_enabled + - - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro + - null host_prep_tasks: - name: create persistent directories file: diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml index 54331415..402dc351 100644 --- a/docker/services/database/mysql.yaml +++ b/docker/services/database/mysql.yaml @@ -40,6 +40,18 @@ parameters: type: string hidden: true default: '' + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -86,10 +98,21 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + preserve_properties: true + optional: true permissions: - path: /var/lib/mysql owner: mysql:mysql recurse: true + - path: /etc/pki/tls/certs/mysql.crt + owner: mysql:mysql + optional: true + - path: /etc/pki/tls/private/mysql.key + owner: mysql:mysql + optional: true docker_config: # Kolla_bootstrap runs before permissions set by kolla_config step_1: @@ -108,12 +131,25 @@ outputs: # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] volumes: &mysql_volumes - - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro - - /etc/localtime:/etc/localtime:ro - - /etc/hosts:/etc/hosts:ro - - /var/lib/mysql:/var/lib/mysql - - /var/log/containers/mysql:/var/log/mariadb + list_concat: + - + - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro + - /etc/localtime:/etc/localtime:ro + - /etc/hosts:/etc/hosts:ro + - /var/lib/mysql:/var/lib/mysql + - /var/log/containers/mysql:/var/log/mariadb + - if: + - internal_tls_enabled + - + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/mysql.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mysql.crt:ro + - /etc/pki/tls/private/mysql.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/mysql.key:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_BOOTSTRAP=True @@ -146,9 +182,24 @@ outputs: step_config: 'include ::tripleo::profile::base::database::mysql' config_image: *mysql_config_image volumes: - - /var/lib/mysql:/var/lib/mysql/:ro - - /var/log/containers/mysql:/var/log/mariadb - - /var/lib/config-data/mysql/root:/root:ro #provides .my.cnf + list_concat: + - + - /var/lib/mysql:/var/lib/mysql/:ro + - /var/log/containers/mysql:/var/log/mariadb + - /var/lib/config-data/mysql/root:/root:ro #provides .my.cnf + - if: + - internal_tls_enabled + - + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/mysql.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mysql.crt:ro + - /etc/pki/tls/private/mysql.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/mysql.key:ro + - null + metadata_settings: + get_attr: [MysqlPuppetBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent directories file: diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index 044eb283..df226b15 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -39,10 +39,16 @@ parameters: EnableInternalTLS: type: boolean default: false + GlanceNfsEnabled: + default: false + description: > + When using GlanceBackend 'file', mount NFS share for image storage. + type: boolean conditions: internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + nfs_backend_enabled: {equals: [{get_param: GlanceNfsEnabled}, true]} resources: @@ -128,6 +134,11 @@ outputs: - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/glance:/var/log/glance - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro + - + if: + - nfs_backend_enabled + - /var/lib/glance:/var/lib/glance + - '' environment: - KOLLA_BOOTSTRAP=True - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index 7c6b6766..1443da40 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -116,6 +116,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - + - /var/lib/config-data/gnocchi/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/log/containers/gnocchi:/var/log/gnocchi - /etc/ceph:/etc/ceph:ro diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 19e658cd..2957312b 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -81,6 +81,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -99,6 +103,7 @@ outputs: - /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: @@ -106,6 +111,10 @@ outputs: file: path: /var/log/containers/gnocchi state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable openstack-gnocchi-statsd service tags: step2 diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index 2f0584ea..f0e2f71d 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -60,6 +60,18 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -86,6 +98,9 @@ outputs: - get_attr: [HAProxyBase, role_data, config_settings] - tripleo::haproxy::haproxy_daemon: false tripleo::haproxy::haproxy_service_manage: false + # NOTE(jaosorior): We disable the CRL since we have no way to restart haproxy + # when this is updated + tripleo::haproxy::crl_file: null step_config: &step_config get_attr: [HAProxyBase, role_data, step_config] service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} @@ -96,12 +111,23 @@ outputs: step_config: "class {'::tripleo::profile::base::haproxy': manage_firewall => false}" config_image: {get_param: DockerHAProxyConfigImage} - volumes: &deployed_cert_mount - - list_join: - - ':' - - - {get_param: DeployedSSLCertificatePath} - - {get_param: DeployedSSLCertificatePath} - - 'ro' + volumes: + list_concat: + - - list_join: + - ':' + - - {get_param: DeployedSSLCertificatePath} + - {get_param: DeployedSSLCertificatePath} + - 'ro' + - if: + - internal_tls_enabled + - - /etc/pki/tls/certs/haproxy:/etc/pki/tls/certs/haproxy:ro + - /etc/pki/tls/private/haproxy:/etc/pki/tls/private/haproxy:ro + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - null kolla_config: /var/lib/kolla/config_files/haproxy.json: command: haproxy -f /etc/haproxy/haproxy.cfg @@ -110,6 +136,16 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + preserve_properties: true + optional: true + permissions: + - path: /etc/pki/tls/certs/haproxy + owner: haproxy:haproxy + recurse: true + optional: true docker_config: step_1: haproxy_firewall: @@ -133,7 +169,6 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - *deployed_cert_mount - - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro @@ -154,10 +189,24 @@ outputs: volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - *deployed_cert_mount - - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro + - list_join: + - ':' + - - {get_param: DeployedSSLCertificatePath} + - {get_param: DeployedSSLCertificatePath} + - 'ro' + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/haproxy:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/haproxy:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS metadata_settings: diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index a20dc131..fdba7d58 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -109,6 +109,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - + - /var/lib/config-data/heat/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro - /var/log/containers/heat:/var/log/heat command: "/usr/bin/bootstrap_host_exec heat_engine su heat -s /bin/bash -c 'heat-manage db_sync'" diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index 3d3bc7c3..f2f2b8dc 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -36,6 +36,13 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -117,6 +124,16 @@ outputs: - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro - /var/log/containers/horizon:/var/log/horizon + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/logrotate-crond.yaml b/docker/services/logrotate-crond.yaml new file mode 100644 index 00000000..22ee5b56 --- /dev/null +++ b/docker/services/logrotate-crond.yaml @@ -0,0 +1,84 @@ +heat_template_version: pike + +description: > + Containerized logrotate with crond for containerized service logs rotation + +parameters: + DockerCrondImage: + description: image + type: string + DockerCrondConfigImage: + description: The container image to use for the crond config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + +outputs: + role_data: + description: Role data for the crond role. + value: + service_name: logrotate_crond + config_settings: {} + step_config: &step_config | + include ::tripleo::profile::base::logging::logrotate + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: crond + step_config: *step_config + config_image: {get_param: DockerCrondConfigImage} + kolla_config: + /var/lib/kolla/config_files/logrotate-crond.json: + command: /usr/sbin/crond -s -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + docker_config: + step_4: + logrotate_crond: + image: {get_param: DockerCrondImage} + net: none + pid: host + privileged: true + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/crond/:/var/lib/kolla/config_files/src:ro + - /var/log/containers:/var/log/containers + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index b4fce226..85a07128 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -122,6 +122,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - + - /var/lib/config-data/neutron/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro - /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro - /var/log/containers/neutron:/var/log/neutron diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index 45de265e..be2c8a5e 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -128,6 +128,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - + - /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - /var/log/containers/nova:/var/log/nova command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'" diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 916b057e..47414083 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -12,10 +12,6 @@ parameters: DockerNovaLibvirtConfigImage: description: The container image to use for the nova_libvirt config_volume type: string - EnablePackageInstall: - default: 'false' - description: Set to true to enable package installation at deploy time - type: boolean ServiceData: default: {} description: Dictionary packing service data @@ -65,7 +61,7 @@ parameters: description: Whether to enable or not the Rbd backend for Cinder type: boolean CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: @@ -144,13 +140,45 @@ outputs: dest: "/etc/ceph/" merge: true preserve_properties: true + /var/lib/kolla/config_files/nova_virtlogd.json: + command: /usr/sbin/virtlogd --config /etc/libvirt/virtlogd.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova recurse: true docker_config: step_3: + nova_virtlogd: + start_order: 0 + image: {get_param: DockerNovaLibvirtImage} + net: host + pid: host + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_virtlogd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro + - /lib/modules:/lib/modules:ro + - /dev:/dev + - /run:/run + - /sys/fs/cgroup:/sys/fs/cgroup + - /var/lib/nova:/var/lib/nova + - /var/run/libvirt:/var/run/libvirt + - /var/lib/libvirt:/var/lib/libvirt + - /etc/libvirt/qemu:/etc/libvirt/qemu:ro + - /var/log/libvirt/qemu:/var/log/libvirt/qemu + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS nova_libvirt: + start_order: 1 image: {get_param: DockerNovaLibvirtImage} net: host pid: host @@ -169,7 +197,6 @@ outputs: - /sys/fs/cgroup:/sys/fs/cgroup - /var/lib/nova:/var/lib/nova - /etc/libvirt:/etc/libvirt - # Needed to use host's virtlogd - /var/run/libvirt:/var/run/libvirt - /var/lib/libvirt:/var/lib/libvirt - /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro @@ -216,22 +243,19 @@ outputs: file: path: /etc/ceph state: directory - - name: set enable_package_install fact - set_fact: - enable_package_install: {get_param: EnablePackageInstall} - # We use virtlogd on host, so when using Deployed Server - # feature, we need to ensure libvirt is installed. - - name: install libvirt-daemon - package: - name: libvirt-daemon - state: present - when: enable_package_install - - name: start virtlogd socket + - name: check if libvirt is installed + command: /usr/bin/rpm -q libvirt-daemon + failed_when: false + register: libvirt_installed + - name: make sure libvirt services are disabled service: - name: virtlogd.socket - state: started - enabled: yes - when: enable_package_install + name: "{{ item }}" + state: stopped + enabled: no + with_items: + - libvirtd.service + - virtlogd.socket + when: libvirt_installed.rc == 0 upgrade_tasks: - name: Stop and disable libvirtd service tags: step2 diff --git a/docker/services/nova-metadata.yaml b/docker/services/nova-metadata.yaml index 0a8a74cd..53ae7910 100644 --- a/docker/services/nova-metadata.yaml +++ b/docker/services/nova-metadata.yaml @@ -4,6 +4,12 @@ description: > OpenStack containerized Nova Metadata service parameters: + DockerNovaMetadataImage: + description: image + type: string + DockerNovaConfigImage: + description: The container image to use for the nova config_volume + type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -33,6 +39,9 @@ parameters: resources: + ContainersCommon: + type: ./containers-common.yaml + NovaMetadataBase: type: ../../puppet/services/nova-metadata.yaml properties: @@ -56,9 +65,56 @@ outputs: service_config_settings: {get_attr: [NovaMetadataBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: - config_volume: '' - puppet_tags: '' + config_volume: nova + puppet_tags: nova_config step_config: *step_config - config_image: '' - kolla_config: {} - docker_config: {} + config_image: {get_param: DockerNovaConfigImage} + kolla_config: + /var/lib/kolla/config_files/nova_metadata.json: + command: /usr/bin/nova-api-metadata + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/nova + owner: nova:nova + recurse: true + docker_config: + step_2: + nova_init_logs: + image: &nova_metadata_image {get_param: DockerNovaMetadataImage} + privileged: false + user: root + volumes: + - /var/log/containers/nova:/var/log/nova + command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova'] + step_4: + nova_metadata: + start_order: 2 + image: *nova_metadata_image + net: host + user: nova + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_metadata.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/nova:/var/log/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + metadata_settings: + get_attr: [NovaMetadataBase, role_data, metadata_settings] + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/nova + state: directory + upgrade_tasks: + - name: Stop and disable nova_api service + tags: step2 + service: name=openstack-nova-api state=stopped enabled=no diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index c6a80efa..c2117c04 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -76,7 +76,13 @@ outputs: config_settings: map_merge: - get_attr: [CinderBackupBase, role_data, config_settings] - - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image {get_param: DockerCinderBackupImage} + - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerCinderBackupImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' cinder::backup::manage_service: false cinder::backup::enabled: false step_config: "" @@ -102,10 +108,33 @@ outputs: owner: cinder:cinder recurse: true docker_config: + step_1: + cinder_backup_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'CINDERBACKUP_IMAGE' 'CINDERBACKUP_IMAGE_PCMKLATEST'" + params: + CINDERBACKUP_IMAGE: {get_param: DockerCinderBackupImage} + CINDERBACKUP_IMAGE_PCMKLATEST: *cinder_backup_image_pcmklatest + image: {get_param: DockerCinderBackupImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_3: cinder_backup_init_logs: start_order: 0 - image: *cinder_backup_image + image: {get_param: DockerCinderBackupImage} privileged: false user: root volumes: @@ -129,7 +158,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::backup_bundle' - image: *cinder_backup_image + image: {get_param: DockerCinderBackupImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index 3c1b7a74..a4f69517 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -69,7 +69,13 @@ outputs: config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] - - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image {get_param: DockerCinderVolumeImage} + - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerCinderVolumeImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' cinder::volume::manage_service: false cinder::volume::enabled: false cinder::host: hostgroup @@ -93,10 +99,33 @@ outputs: owner: cinder:cinder recurse: true docker_config: + step_1: + cinder_volume_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'CINDERVOLUME_IMAGE' 'CINDERVOLUME_IMAGE_PCMKLATEST'" + params: + CINDERVOLUME_IMAGE: {get_param: DockerCinderVolumeImage} + CINDERVOLUME_IMAGE_PCMKLATEST: *cinder_volume_image_pcmklatest + image: {get_param: DockerCinderVolumeImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_3: cinder_volume_init_logs: start_order: 0 - image: *cinder_volume_image + image: {get_param: DockerCinderVolumeImage} privileged: false user: root volumes: @@ -120,7 +149,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::volume_bundle' - image: *cinder_volume_image + image: {get_param: DockerCinderVolumeImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index a9e49b28..3de1696d 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -79,7 +79,13 @@ outputs: config_settings: map_merge: - {get_attr: [MysqlPuppetBase, role_data, config_settings]} - - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage} + - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerMysqlImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123 tripleo.mysql.firewall_rules: '104 mysql galera-bundle': @@ -141,7 +147,7 @@ outputs: mysql_data_ownership: start_order: 0 detach: false - image: *mysql_image + image: {get_param: DockerMysqlImage} net: host user: root # Kolla does only non-recursive chown @@ -151,7 +157,7 @@ outputs: mysql_bootstrap: start_order: 1 detach: false - image: *mysql_image + image: {get_param: DockerMysqlImage} net: host # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done command: @@ -196,6 +202,28 @@ outputs: passwords: - {get_param: MysqlRootPassword} - {get_param: [DefaultPasswords, mysql_root_password]} + mysql_image_tag: + start_order: 2 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'MYSQL_IMAGE' 'MYSQL_IMAGE_PCMKLATEST'" + params: + MYSQL_IMAGE: {get_param: DockerMysqlImage} + MYSQL_IMAGE_PCMKLATEST: *mysql_image_pcmklatest + image: {get_param: DockerMysqlImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_2: mysql_init_bundle: start_order: 1 @@ -214,7 +242,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle' - image: *mysql_image + image: {get_param: DockerMysqlImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro @@ -255,3 +283,9 @@ outputs: - name: Disable mysql service tags: step2 service: name=mariadb enabled=no + - name: Remove clustercheck service from xinetd + tags: step2 + file: state=absent path=/etc/xinetd.d/galera-monitor + - name: Restart xinetd service after clustercheck removal + tags: step2 + service: name=xinetd state=restarted diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index 75b6d650..0b8aa046 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -60,7 +60,13 @@ outputs: - redis::service_manage: false redis::notify_service: false redis::managed_by_cluster_manager: true - tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage} + tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerRedisImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124 tripleo.redis.firewall_rules: '108 redis-bundle': @@ -104,6 +110,29 @@ outputs: owner: redis:redis recurse: true docker_config: + step_1: + redis_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'REDIS_IMAGE' 'REDIS_IMAGE_PCMKLATEST'" + params: + REDIS_IMAGE: {get_param: DockerRedisImage} + REDIS_IMAGE_PCMKLATEST: *redis_image_pcmklatest + image: {get_param: DockerRedisImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_2: redis_init_bundle: start_order: 2 diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index 24155912..2e5c7424 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -41,6 +41,22 @@ parameters: default: {} description: Parameters specific to the role type: json + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + InternalTLSCRLPEMFile: + default: '/etc/pki/CA/crl/overcloud-crl.pem' + type: string + description: Specifies the default CRL PEM file to use for revocation if + TLS is used for services in the internal network. + HAProxyInternalTLSCertsDirectory: + default: '/etc/pki/tls/certs/haproxy' + type: string + HAProxyInternalTLSKeysDirectory: + default: '/etc/pki/tls/private/haproxy' + type: string resources: @@ -65,6 +81,24 @@ outputs: - tripleo::haproxy::haproxy_daemon: false haproxy_docker: true tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image {get_param: DockerHAProxyImage} + # the list of directories that contain the certs to bind mount in the countainer + # bind-mounting the directories rather than all the cert, key and pem files ensures + # that docker won't create directories on the host when then pem files do not exist + tripleo::profile::pacemaker::haproxy_bundle::tls_mapping: &tls_mapping + - get_param: InternalTLSCAFile + - get_param: HAProxyInternalTLSKeysDirectory + - get_param: HAProxyInternalTLSCertsDirectory + tripleo::profile::pacemaker::haproxy_bundle::internal_certs_directory: {get_param: HAProxyInternalTLSCertsDirectory} + tripleo::profile::pacemaker::haproxy_bundle::internal_keys_directory: {get_param: HAProxyInternalTLSKeysDirectory} + # disable the use CRL file until we can restart the container when the file expires + tripleo::haproxy::crl_file: null + tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerHAProxyImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' step_config: "" service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS @@ -80,11 +114,9 @@ outputs: - 'include ::tripleo::profile::pacemaker::haproxy_bundle' config_image: {get_param: DockerHAProxyConfigImage} volumes: &deployed_cert_mount - - list_join: - - ':' - - - {get_param: DeployedSSLCertificatePath} - - {get_param: DeployedSSLCertificatePath} - - 'ro' + yaql: + expression: $.data.select($+":"+$+":ro") + data: *tls_mapping kolla_config: /var/lib/kolla/config_files/haproxy.json: command: haproxy -f /etc/haproxy/haproxy.cfg @@ -94,7 +126,53 @@ outputs: merge: true preserve_properties: true optional: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + optional: true + preserve_properties: true + permissions: + - path: + list_join: + - '' + - - {get_param: HAProxyInternalTLSCertsDirectory} + - '/*' + owner: haproxy:haproxy + perm: '0600' + optional: true + - path: + list_join: + - '' + - - {get_param: HAProxyInternalTLSKeysDirectory} + - '/*' + owner: haproxy:haproxy + perm: '0600' + optional: true docker_config: + step_1: + haproxy_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'HAPROXY_IMAGE' 'HAPROXY_IMAGE_PCMKLATEST'" + params: + HAPROXY_IMAGE: {get_param: DockerHAProxyImage} + HAPROXY_IMAGE_PCMKLATEST: *haproxy_image_pcmklatest + image: {get_param: DockerHAProxyImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw + image: {get_param: DockerHAProxyImage} step_2: haproxy_init_bundle: start_order: 3 @@ -118,7 +196,7 @@ outputs: - ';' - - 'include ::tripleo::profile::base::pacemaker' - 'include ::tripleo::profile::pacemaker::haproxy_bundle' - image: *haproxy_image + image: {get_param: DockerHAProxyImage} volumes: list_concat: - *deployed_cert_mount diff --git a/docker/services/pacemaker/manila-share.yaml b/docker/services/pacemaker/manila-share.yaml new file mode 100644 index 00000000..c88737aa --- /dev/null +++ b/docker/services/pacemaker/manila-share.yaml @@ -0,0 +1,171 @@ +heat_template_version: pike + +description: > + OpenStack containerized Manila Share service + +parameters: + DockerManilaShareImage: + description: image + type: string + DockerManilaConfigImage: + description: image + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + MySQLClient: + type: ../../../puppet/services/database/mysql-client.yaml + + ManilaBase: + type: ../../../puppet/services/pacemaker/manila-share.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Manila Share role. + value: + service_name: {get_attr: [ManilaBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [ManilaBase, role_data, config_settings] + - tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerManilaShareImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' + manila::share::manage_service: false + manila::share::enabled: false + manila::host: hostgroup + step_config: "" + service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: manila + puppet_tags: manila_config,file,concat,file_line + step_config: + list_join: + - "\n" + - - {get_attr: [ManilaBase, role_data, step_config]} + - - {get_attr: [MySQLClient, role_data, step_config]} + config_image: {get_param: DockerManilaConfigImage} + kolla_config: + /var/lib/kolla/config_files/manila_share.json: + command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + # NOTE(gfidente): ceph ansible generated + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph" + merge: true + preserve_properties: true + permissions: + - path: /var/log/manila + owner: manila:manila + recurse: true + docker_config: + step_1: + manila_share_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'MANILASHARE_IMAGE' 'MANILASHARE_IMAGE_PCMKLATEST'" + params: + MANILASHARE_IMAGE: {get_param: DockerManilaShareImage} + MANILASHARE_IMAGE_PCMKLATEST: *manila_share_image_pcmklatest + image: {get_param: DockerManilaShareImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw + step_3: + manila_share_init_logs: + start_order: 0 + image: {get_param: DockerManilaShareImage} + privileged: false + user: root + volumes: + - /var/log/containers/manila:/var/log/manila + command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila'] + step_5: + manila_share_init_bundle: + start_order: 0 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location' + CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::manila::share_bundle' + image: {get_param: DockerManilaShareImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/manila + - /var/lib/manila + upgrade_tasks: + - name: Stop and disable manila_share service + tags: step2 + service: name=openstack-manila-share state=stopped enabled=no diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index de53ceee..ba1abaf9 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -62,7 +62,13 @@ outputs: map_merge: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::service_manage: false - tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage} + tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest + list_join: + - ':' + - - yaql: + data: {get_param: DockerRabbitmqImage} + expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0] + - 'pcmklatest' tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 tripleo.rabbitmq.firewall_rules: '109 rabbitmq-bundle': @@ -92,6 +98,11 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + optional: true + preserve_properties: true permissions: - path: /var/lib/rabbitmq owner: rabbitmq:rabbitmq @@ -99,13 +110,21 @@ outputs: - path: /var/log/rabbitmq owner: rabbitmq:rabbitmq recurse: true + - path: /etc/pki/tls/certs/rabbitmq.crt + owner: rabbitmq:rabbitmq + perm: '0600' + optional: true + - path: /etc/pki/tls/private/rabbitmq.key + owner: rabbitmq:rabbitmq + perm: '0600' + optional: true # When using pacemaker we don't launch the container, instead that is done by pacemaker # itself. docker_config: step_1: rabbitmq_bootstrap: start_order: 0 - image: *rabbitmq_image + image: {get_param: DockerRabbitmqImage} net: host privileged: false volumes: @@ -128,6 +147,28 @@ outputs: passwords: - {get_param: RabbitCookie} - {get_param: [DefaultPasswords, rabbit_cookie]} + rabbitmq_image_tag: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + "/usr/bin/docker tag 'RABBITMQ_IMAGE' 'RABBITMQ_IMAGE_PCMKLATEST'" + params: + RABBITMQ_IMAGE: {get_param: DockerRabbitmqImage} + RABBITMQ_IMAGE_PCMKLATEST: *rabbitmq_image_pcmklatest + image: {get_param: DockerRabbitmqImage} + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /dev/shm:/dev/shm:rw + - /etc/sysconfig/docker:/etc/sysconfig/docker:ro + - /usr/bin:/usr/bin:ro + - /var/run/docker.sock:/var/run/docker.sock:rw step_2: rabbitmq_init_bundle: start_order: 0 @@ -146,7 +187,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle' - image: *rabbitmq_image + image: {get_param: DockerRabbitmqImage} volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro @@ -164,6 +205,8 @@ outputs: echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done + metadata_settings: + get_attr: [RabbitmqBase, role_data, metadata_settings] upgrade_tasks: - name: get bootstrap nodeid tags: common diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index 01c17388..626d9176 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -116,6 +116,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - + - /var/lib/config-data/panko/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro - /var/lib/config-data/panko/etc/panko:/etc/panko:ro - /var/log/containers/panko:/var/log/panko command: "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync'" diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index 418c60d2..add78879 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -40,6 +40,18 @@ parameters: type: string default: '' hidden: true + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -66,6 +78,10 @@ outputs: map_merge: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::admin_enable: false + - if: + - internal_tls_enabled + - tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here + - {} step_config: &step_config list_join: - "\n" @@ -85,10 +101,21 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-tls/*" + dest: "/" + merge: true + preserve_properties: true + optional: true permissions: - path: /var/lib/rabbitmq owner: rabbitmq:rabbitmq recurse: true + - path: /etc/pki/tls/certs/rabbitmq.crt + owner: rabbitmq:rabbitmq + optional: true + - path: /etc/pki/tls/private/rabbitmq.key + owner: rabbitmq:rabbitmq + optional: true docker_config: # Kolla_bootstrap runs before permissions set by kolla_config step_1: @@ -115,6 +142,17 @@ outputs: - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq + - if: + - internal_tls_enabled + - + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - KOLLA_BOOTSTRAP=True @@ -143,6 +181,17 @@ outputs: - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq + - if: + - internal_tls_enabled + - + - list_join: + - ':' + - - {get_param: InternalTLSCAFile} + - {get_param: InternalTLSCAFile} + - 'ro' + - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro + - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro + - null environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: @@ -155,6 +204,8 @@ outputs: volumes: - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro - /var/lib/rabbitmq:/var/lib/rabbitmq:ro + metadata_settings: + get_attr: [RabbitmqBase, role_data, metadata_settings] host_prep_tasks: - name: create persistent directories file: diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 072c6759..b6fb4001 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -57,7 +57,7 @@ resources: type: ../../puppet/services/database/mysql-client.yaml ZaqarBase: - type: ../../puppet/services/zaqar.yaml + type: ../../puppet/services/zaqar-api.yaml properties: EndpointMap: {get_param: EndpointMap} ServiceData: {get_param: ServiceData} diff --git a/environments/ceph-ansible/ceph-mds.yaml b/environments/ceph-ansible/ceph-mds.yaml new file mode 100644 index 00000000..0834269c --- /dev/null +++ b/environments/ceph-ansible/ceph-mds.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::CephMds: ../../docker/services/ceph-ansible/ceph-mds.yaml diff --git a/environments/cinder-dellemc-unity-config.yaml b/environments/cinder-dellemc-unity-config.yaml new file mode 100644 index 00000000..c67c91cb --- /dev/null +++ b/environments/cinder-dellemc-unity-config.yaml @@ -0,0 +1,14 @@ +# A Heat environment file which can be used to enable a +# Cinder Dell EMC Unity backend, configured via puppet +resource_registry: + OS::TripleO::Services::CinderBackendDellEMCUnity: ../puppet/services/cinder-backend-dellemc-unity.yaml + +parameter_defaults: + CinderEnableDellEMCUnityBackend: true + CinderDellEMCUnityBackendName: 'tripleo_dellemc_unity' + CinderDellEMCUnitySanIp: '' + CinderDellEMCUnitySanLogin: 'Admin' + CinderDellEMCUnitySanPassword: '' + CinderDellEMCUnityStorageProtocol: 'iSCSI' + CinderDellEMCUnityIoPorts: '' + CinderDellEMCUnityStoragePoolNames: '' diff --git a/environments/composable-roles/monolithic-ha.yaml b/environments/composable-roles/monolithic-ha.yaml new file mode 100644 index 00000000..a1dcd7bf --- /dev/null +++ b/environments/composable-roles/monolithic-ha.yaml @@ -0,0 +1,59 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Monolithic Controller HA deployment +# description: | +# A Heat environment that can be used to deploy controller and compute +# services in an HA configuration with SSL everywhere and network +# isolation. +# This should be used with a roles_data.yaml containing the Controller, +# Compute and CephStorage roles. +# openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage +parameter_defaults: + # Number of CephStorage nodes to deploy + # Type: number + CephStorageCount: 1 + + # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + CephStorageHostnameFormat: '%stackname%-cephstorage-%index%' + + # Number of Compute nodes to deploy + # Type: number + ComputeCount: 3 + + # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ComputeHostnameFormat: '%stackname%-novacompute-%index%' + + # Number of Controller nodes to deploy + # Type: number + ControllerCount: 3 + + # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ControllerHostnameFormat: '%stackname%-controller-%index%' + + # DNS servers to use for the Overcloud + # Type: comma_delimited_list + DnsServers: ['8.8.8.8', '8,8.4.4'] + + # NTP servers list. Defaulted to pool.ntp.org in order to have a sane default for Pacemaker deployments when not configuring this parameter by default. + # Type: comma_delimited_list + NtpServer: ['pool.ntp.org'] + + # Name of the flavor for Ceph nodes + # Type: string + OvercloudCephStorageFlavor: ceph + + # Name of the flavor for Compute nodes + # Type: string + OvercloudComputeFlavor: compute + + # Name of the flavor for Controller nodes + # Type: string + OvercloudControllerFlavor: control + diff --git a/environments/composable-roles/monolithic-nonha.yaml b/environments/composable-roles/monolithic-nonha.yaml new file mode 100644 index 00000000..f49ddf2a --- /dev/null +++ b/environments/composable-roles/monolithic-nonha.yaml @@ -0,0 +1,59 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Monolithic Controller Non-HA deployment +# description: | +# A Heat environment that can be used to deploy controller and compute +# services in an Non-HA configuration with SSL undercloud only and a +# flat network. +# This should be used with a roles_data.yaml containing the Controller, +# Compute and CephStorage roles. +# openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage +parameter_defaults: + # Number of CephStorage nodes to deploy + # Type: number + CephStorageCount: 1 + + # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + CephStorageHostnameFormat: '%stackname%-cephstorage-%index%' + + # Number of Compute nodes to deploy + # Type: number + ComputeCount: 1 + + # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ComputeHostnameFormat: '%stackname%-novacompute-%index%' + + # Number of Controller nodes to deploy + # Type: number + ControllerCount: 1 + + # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ControllerHostnameFormat: '%stackname%-controller-%index%' + + # DNS servers to use for the Overcloud + # Type: comma_delimited_list + DnsServers: ['8.8.8.8', '8,8.4.4'] + + # NTP servers list. Defaulted to pool.ntp.org in order to have a sane default for Pacemaker deployments when not configuring this parameter by default. + # Type: comma_delimited_list + NtpServer: ['pool.ntp.org'] + + # Name of the flavor for Ceph nodes + # Type: string + OvercloudCephStorageFlavor: ceph + + # Name of the flavor for Compute nodes + # Type: string + OvercloudComputeFlavor: compute + + # Name of the flavor for Controller nodes + # Type: string + OvercloudControllerFlavor: control + diff --git a/environments/composable-roles/standalone.yaml b/environments/composable-roles/standalone.yaml new file mode 100644 index 00000000..3305c9ed --- /dev/null +++ b/environments/composable-roles/standalone.yaml @@ -0,0 +1,84 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Controller HA deployment with standalone Database, Messaging and Networker nodes. +# description: | +# A Heat environment that can be used to deploy controller, database, +# messaging, networker and compute services in an HA configuration with SSL +# everywhere and network isolation. +# This should be used with a roles_data.yaml containing the +# ControllerOpenstack, Database, Messaging, Networker, Compute and +# CephStorage roles. +# openstack overcloud roles generate -o ~/roles_data.yaml ControllerOpenstack Database Messaging Networker Compute CephStorage +parameter_defaults: + # Number of CephStorage nodes to deploy + # Type: number + CephStorageCount: 1 + + # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + CephStorageHostnameFormat: '%stackname%-cephstorage-%index%' + + # Number of Compute nodes to deploy + # Type: number + ComputeCount: 1 + + # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ComputeHostnameFormat: '%stackname%-novacompute-%index%' + + # Number of Controller nodes to deploy + # Type: number + ControllerCount: 3 + + # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ControllerHostnameFormat: '%stackname%-controller-%index%' + + # Number of Database nodes + # Type: number + DatabaseCount: 3 + + # DNS servers to use for the Overcloud + # Type: comma_delimited_list + DnsServers: ['8.8.8.8', '8,8.4.4'] + + # Number of Messaging nodes + # Type: number + MessagingCount: 3 + + # Number of Networker nodes + # Type: number + NetworkerCount: 2 + + # NTP servers list. Defaulted to pool.ntp.org in order to have a sane default for Pacemaker deployments when not configuring this parameter by default. + # Type: comma_delimited_list + NtpServer: ['pool.ntp.org'] + + # Name of the flavor for Ceph nodes + # Type: string + OvercloudCephStorageFlavor: ceph + + # Name of the flavor for Compute nodes + # Type: string + OvercloudComputeFlavor: compute + + # Name of the flavor for Controller nodes + # Type: string + OvercloudControllerFlavor: control + + # Name of the flavor for Database nodes + # Type: string + OvercloudDatabaseFlavor: db + + # Name of the flavor for Messaging nodes + # Type: string + OvercloudMessagingFlavor: messaging + + # Name of the flavor for Networker nodes + # Type: string + OvercloudNetworkerFlavor: networker + diff --git a/environments/contrail/roles_data_contrail.yaml b/environments/contrail/roles_data_contrail.yaml index eae809a5..dd1c5455 100644 --- a/environments/contrail/roles_data_contrail.yaml +++ b/environments/contrail/roles_data_contrail.yaml @@ -66,6 +66,7 @@ - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder @@ -122,6 +123,7 @@ - OS::TripleO::Services::CephExternal - OS::TripleO::Services::Timezone - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::NovaCompute @@ -149,6 +151,7 @@ - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd @@ -165,6 +168,7 @@ - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp @@ -184,6 +188,7 @@ - OS::TripleO::Services::CephOSD - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::Timezone @@ -203,6 +208,7 @@ - OS::TripleO::Services::ContrailWebUI - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages @@ -217,6 +223,7 @@ - OS::TripleO::Services::ContrailAnalytics - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages @@ -230,6 +237,7 @@ - OS::TripleO::Services::ContrailAnalyticsDatabase - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages @@ -243,6 +251,7 @@ - OS::TripleO::Services::ContrailTsn - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages @@ -256,6 +265,7 @@ - OS::TripleO::Services::ContrailTsn - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Timezone - OS::TripleO::Services::Snmp - OS::TripleO::Services::TripleoPackages diff --git a/environments/docker-centos-tripleoupstream.yaml b/environments/docker-centos-tripleoupstream.yaml deleted file mode 100644 index 01a118e4..00000000 --- a/environments/docker-centos-tripleoupstream.yaml +++ /dev/null @@ -1,124 +0,0 @@ -# Generated with the following on 2017-08-11T04:58:59.567629 -# -# openstack overcloud container image prepare --env-file environments/docker-centos-tripleoupstream.yaml -# - -parameter_defaults: - DockerAodhApiImage: tripleoupstream/centos-binary-aodh-api:latest - DockerAodhConfigImage: tripleoupstream/centos-binary-aodh-api:latest - DockerAodhEvaluatorImage: tripleoupstream/centos-binary-aodh-evaluator:latest - DockerAodhListenerImage: tripleoupstream/centos-binary-aodh-listener:latest - DockerAodhNotifierImage: tripleoupstream/centos-binary-aodh-notifier:latest - DockerBarbicanApiImage: tripleoupstream/centos-binary-barbican-api:latest - DockerCeilometerCentralImage: tripleoupstream/centos-binary-ceilometer-central:latest - DockerCeilometerComputeImage: tripleoupstream/centos-binary-ceilometer-compute:latest - DockerCeilometerConfigImage: tripleoupstream/centos-binary-ceilometer-central:latest - DockerCeilometerIpmiImage: tripleoupstream/centos-binary-ceilometer-ipmi:latest - DockerCeilometerNotificationImage: tripleoupstream/centos-binary-ceilometer-notification:latest - DockerCinderApiImage: tripleoupstream/centos-binary-cinder-api:latest - DockerCinderBackupImage: tripleoupstream/centos-binary-cinder-backup:latest - DockerCinderConfigImage: tripleoupstream/centos-binary-cinder-api:latest - DockerCinderSchedulerImage: tripleoupstream/centos-binary-cinder-scheduler:latest - DockerCinderVolumeImage: tripleoupstream/centos-binary-cinder-volume:latest - DockerClustercheckConfigImage: tripleoupstream/centos-binary-mariadb:latest - DockerClustercheckImage: tripleoupstream/centos-binary-mariadb:latest - DockerCollectdConfigImage: tripleoupstream/centos-binary-collectd:latest - DockerCollectdImage: tripleoupstream/centos-binary-collectd:latest - DockerCongressApiImage: tripleoupstream/centos-binary-congress-api:latest - DockerCongressConfigImage: tripleoupstream/centos-binary-congress-api:latest - DockerEc2ApiConfigImage: tripleoupstream/centos-binary-ec2-api:latest - DockerEc2ApiImage: tripleoupstream/centos-binary-ec2-api:latest - DockerEtcdConfigImage: tripleoupstream/centos-binary-etcd:latest - DockerEtcdImage: tripleoupstream/centos-binary-etcd:latest - DockerGlanceApiConfigImage: tripleoupstream/centos-binary-glance-api:latest - DockerGlanceApiImage: tripleoupstream/centos-binary-glance-api:latest - DockerGnocchiApiImage: tripleoupstream/centos-binary-gnocchi-api:latest - DockerGnocchiConfigImage: tripleoupstream/centos-binary-gnocchi-api:latest - DockerGnocchiMetricdImage: tripleoupstream/centos-binary-gnocchi-metricd:latest - DockerGnocchiStatsdImage: tripleoupstream/centos-binary-gnocchi-statsd:latest - DockerHAProxyConfigImage: tripleoupstream/centos-binary-haproxy:latest - DockerHAProxyImage: tripleoupstream/centos-binary-haproxy:latest - DockerHeatApiCfnConfigImage: tripleoupstream/centos-binary-heat-api-cfn:latest - DockerHeatApiCfnImage: tripleoupstream/centos-binary-heat-api-cfn:latest - DockerHeatApiConfigImage: tripleoupstream/centos-binary-heat-api:latest - DockerHeatApiImage: tripleoupstream/centos-binary-heat-api:latest - DockerHeatConfigImage: tripleoupstream/centos-binary-heat-api:latest - DockerHeatEngineImage: tripleoupstream/centos-binary-heat-engine:latest - DockerHorizonConfigImage: tripleoupstream/centos-binary-horizon:latest - DockerHorizonImage: tripleoupstream/centos-binary-horizon:latest - DockerIronicApiConfigImage: tripleoupstream/centos-binary-ironic-api:latest - DockerIronicApiImage: tripleoupstream/centos-binary-ironic-api:latest - DockerIronicConductorImage: tripleoupstream/centos-binary-ironic-conductor:latest - DockerIronicConfigImage: tripleoupstream/centos-binary-ironic-pxe:latest - DockerIronicInspectorConfigImage: tripleoupstream/centos-binary-ironic-inspector:latest - DockerIronicInspectorImage: tripleoupstream/centos-binary-ironic-inspector:latest - DockerIronicPxeImage: tripleoupstream/centos-binary-ironic-pxe:latest - DockerIscsidConfigImage: tripleoupstream/centos-binary-iscsid:latest - DockerIscsidImage: tripleoupstream/centos-binary-iscsid:latest - DockerKeystoneConfigImage: tripleoupstream/centos-binary-keystone:latest - DockerKeystoneImage: tripleoupstream/centos-binary-keystone:latest - DockerManilaApiImage: tripleoupstream/centos-binary-manila-api:latest - DockerManilaConfigImage: tripleoupstream/centos-binary-manila-api:latest - DockerManilaSchedulerImage: tripleoupstream/centos-binary-manila-scheduler:latest - DockerManilaShareImage: tripleoupstream/centos-binary-manila-share:latest - DockerMemcachedConfigImage: tripleoupstream/centos-binary-memcached:latest - DockerMemcachedImage: tripleoupstream/centos-binary-memcached:latest - DockerMistralApiImage: tripleoupstream/centos-binary-mistral-api:latest - DockerMistralConfigImage: tripleoupstream/centos-binary-mistral-api:latest - DockerMistralEngineImage: tripleoupstream/centos-binary-mistral-engine:latest - DockerMistralExecutorImage: tripleoupstream/centos-binary-mistral-executor:latest - DockerMongodbConfigImage: tripleoupstream/centos-binary-mongodb:latest - DockerMongodbImage: tripleoupstream/centos-binary-mongodb:latest - DockerMultipathdConfigImage: tripleoupstream/centos-binary-multipathd:latest - DockerMultipathdImage: tripleoupstream/centos-binary-multipathd:latest - DockerMysqlClientConfigImage: tripleoupstream/centos-binary-mariadb:latest - DockerMysqlConfigImage: tripleoupstream/centos-binary-mariadb:latest - DockerMysqlImage: tripleoupstream/centos-binary-mariadb:latest - DockerNeutronApiImage: tripleoupstream/centos-binary-neutron-server:latest - DockerNeutronConfigImage: tripleoupstream/centos-binary-neutron-server:latest - DockerNeutronDHCPImage: tripleoupstream/centos-binary-neutron-dhcp-agent:latest - DockerNeutronL3AgentImage: tripleoupstream/centos-binary-neutron-l3-agent:latest - DockerNeutronMetadataImage: tripleoupstream/centos-binary-neutron-metadata-agent:latest - DockerNovaApiImage: tripleoupstream/centos-binary-nova-api:latest - DockerNovaComputeImage: tripleoupstream/centos-binary-nova-compute:latest - DockerNovaComputeIronicImage: tripleoupstream/centos-binary-nova-compute-ironic:latest - DockerNovaConductorImage: tripleoupstream/centos-binary-nova-conductor:latest - DockerNovaConfigImage: tripleoupstream/centos-binary-nova-api:latest - DockerNovaConsoleauthImage: tripleoupstream/centos-binary-nova-consoleauth:latest - DockerNovaLibvirtConfigImage: tripleoupstream/centos-binary-nova-compute:latest - DockerNovaLibvirtImage: tripleoupstream/centos-binary-nova-libvirt:latest - DockerNovaPlacementConfigImage: tripleoupstream/centos-binary-nova-placement-api:latest - DockerNovaPlacementImage: tripleoupstream/centos-binary-nova-placement-api:latest - DockerNovaSchedulerImage: tripleoupstream/centos-binary-nova-scheduler:latest - DockerNovaVncProxyImage: tripleoupstream/centos-binary-nova-novncproxy:latest - DockerOVNControllerConfigImage: tripleoupstream/centos-binary-ovn-controller:latest - DockerOVNControllerImage: tripleoupstream/centos-binary-ovn-controller:latest - DockerOVNNbDbImage: tripleoupstream/centos-binary-ovn-nb-db-server:latest - DockerOVNNorthdImage: tripleoupstream/centos-binary-ovn-northd:latest - DockerOVNSbDbImage: tripleoupstream/centos-binary-ovn-sb-db-server:latest - DockerOctaviaApiImage: tripleoupstream/centos-binary-octavia-api:latest - DockerOctaviaConfigImage: tripleoupstream/centos-binary-octavia-api:latest - DockerOctaviaHealthManagerImage: tripleoupstream/centos-binary-octavia-health-manager:latest - DockerOctaviaHousekeepingImage: tripleoupstream/centos-binary-octavia-housekeeping:latest - DockerOctaviaWorkerImage: tripleoupstream/centos-binary-octavia-worker:latest - DockerOpenvswitchImage: tripleoupstream/centos-binary-neutron-openvswitch-agent:latest - DockerPankoApiImage: tripleoupstream/centos-binary-panko-api:latest - DockerPankoConfigImage: tripleoupstream/centos-binary-panko-api:latest - DockerRabbitmqConfigImage: tripleoupstream/centos-binary-rabbitmq:latest - DockerRabbitmqImage: tripleoupstream/centos-binary-rabbitmq:latest - DockerRedisConfigImage: tripleoupstream/centos-binary-redis:latest - DockerRedisImage: tripleoupstream/centos-binary-redis:latest - DockerSaharaApiImage: tripleoupstream/centos-binary-sahara-api:latest - DockerSaharaConfigImage: tripleoupstream/centos-binary-sahara-api:latest - DockerSaharaEngineImage: tripleoupstream/centos-binary-sahara-engine:latest - DockerSensuClientImage: tripleoupstream/centos-binary-sensu-client:latest - DockerSensuConfigImage: tripleoupstream/centos-binary-sensu-client:latest - DockerSwiftAccountImage: tripleoupstream/centos-binary-swift-account:latest - DockerSwiftConfigImage: tripleoupstream/centos-binary-swift-proxy-server:latest - DockerSwiftContainerImage: tripleoupstream/centos-binary-swift-container:latest - DockerSwiftObjectImage: tripleoupstream/centos-binary-swift-object:latest - DockerSwiftProxyImage: tripleoupstream/centos-binary-swift-proxy-server:latest - DockerTackerConfigImage: tripleoupstream/centos-binary-tacker:latest - DockerTackerImage: tripleoupstream/centos-binary-tacker:latest - DockerZaqarConfigImage: tripleoupstream/centos-binary-zaqar:latest - DockerZaqarImage: tripleoupstream/centos-binary-zaqar:latest diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 49d02e6f..e15cc3e3 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -1,11 +1,6 @@ # This environment contains the services that can work with TLS-everywhere. resource_registry: - # This can be used when you don't want to run puppet on the host, - # e.g atomic, but it has been replaced with OS::TripleO::Services::Docker - # OS::TripleO::NodeUserData: ../docker/firstboot/setup_docker_host.yaml OS::TripleO::Services::Docker: ../puppet/services/docker.yaml - # The compute node still needs extra initialization steps - OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2 OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml @@ -23,12 +18,14 @@ resource_registry: OS::TripleO::Services::GnocchiApi: ../docker/services/gnocchi-api.yaml OS::TripleO::Services::GnocchiMetricd: ../docker/services/gnocchi-metricd.yaml OS::TripleO::Services::GnocchiStatsd: ../docker/services/gnocchi-statsd.yaml + OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml - OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml + OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml + OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml @@ -36,7 +33,16 @@ resource_registry: OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml + OS::TripleO::Services::NovaApi: ../docker/services/nova-api.yaml + OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml + OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml + OS::TripleO::Services::NovaMetadata: ../docker/services/nova-metadata.yaml + OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml + OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml + OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml + OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml + OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml diff --git a/environments/docker.yaml b/environments/docker.yaml index 9b977f6e..dfa30b08 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -1,10 +1,4 @@ resource_registry: - # This can be used when you don't want to run puppet on the host, - # e.g atomic, but it has been replaced with OS::TripleO::Services::Docker - # OS::TripleO::NodeUserData: ../docker/firstboot/setup_docker_host.yaml - # The compute node still needs extra initialization steps - OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml - OS::TripleO::Services::Docker: ../puppet/services/docker.yaml # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2 OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml @@ -22,6 +16,7 @@ resource_registry: OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml + OS::TripleO::Services::NovaMetadata: ../docker/services/nova-metadata.yaml OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml @@ -56,6 +51,7 @@ resource_registry: OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml OS::TripleO::Services::Multipathd: ../docker/services/multipathd.yaml + OS::TripleO::Services::ContainersLogrotateCrond: ../docker/services/logrotate-crond.yaml # FIXME: Had to remove these to unblock containers CI. They should be put back when fixed. # OS::TripleO::Services::CinderApi: ../docker/services/cinder-api.yaml # OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 834c4f10..81044170 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -11,6 +11,7 @@ parameter_defaults: - OS::TripleO::Services::CephExternal - OS::TripleO::Services::Timezone - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::Securetty diff --git a/environments/major-upgrade-composable-steps.yaml b/environments/major-upgrade-composable-steps.yaml index 5a695171..db83f906 100644 --- a/environments/major-upgrade-composable-steps.yaml +++ b/environments/major-upgrade-composable-steps.yaml @@ -1,5 +1,5 @@ resource_registry: - OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml + OS::TripleO::PostDeploySteps: ../common/major_upgrade_steps.yaml parameter_defaults: EnableConfigPurge: true StackUpdateType: UPGRADE diff --git a/environments/network-isolation-v6.j2.yaml b/environments/network-isolation-v6.j2.yaml new file mode 100644 index 00000000..bb27ee43 --- /dev/null +++ b/environments/network-isolation-v6.j2.yaml @@ -0,0 +1,58 @@ +{%- set primary_role = [roles[0]] -%} +{%- for role in roles -%} + {%- if 'primary' in role.tags and 'controller' in role.tags -%} + {%- set _ = primary_role.pop() -%} + {%- set _ = primary_role.append(role) -%} + {%- endif -%} +{%- endfor -%} +{%- set primary_role_name = primary_role[0].name -%} +# Enable the creation of Neutron networks for isolated Overcloud +# traffic and configure each role to assign ports (related +# to that role) on these networks. +# primary role is: {{primary_role_name}} +resource_registry: + # networks as defined in network_data.yaml + {%- for network in networks if network.enabled|default(true) %} + {%- if network.name != 'Tenant' %} + OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}_v6.yaml + {%- else %} + # IPv4 until OVS and Neutron support IPv6 tunnel endpoints + OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}.yaml + {%- endif %} + {%- endfor %} + + # Port assignments for the VIPs + {%- for network in networks if network.vip and network.enabled|default(true) %} + OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}_v6.yaml + {%- endfor %} + + OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml + +{%- for role in roles %} + # Port assignments for the {{role.name}} + {%- for network in networks %} + {%- if network.name in role.networks|default([]) and network.enabled|default(true) and network.name != 'Tenant' %} + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}_v6.yaml + {%- elif network.name in role.networks|default([]) and network.enabled|default(true) and network.name == 'Tenant' %} + # IPv4 until OVS and Neutron support IPv6 tunnel endpoints + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml + {%- else %} + OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/noop.yaml + {%- endif %} + {%- endfor %} +{%- endfor %} + + +parameter_defaults: + # Enable IPv6 for Ceph. + CephIPv6: True + # Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster. + CorosyncIPv6: True + # Enable IPv6 for MongoDB. This is required when MongoDB is using an IPv6 IP. + MongoDbIPv6: True + # Enable various IPv6 features in Nova. + NovaIPv6: True + # Enable IPv6 environment for RabbitMQ. + RabbitIPv6: True + # Enable IPv6 environment for Memcached. + MemcachedIPv6: True diff --git a/environments/network-isolation-v6.yaml b/environments/network-isolation-v6.yaml deleted file mode 100644 index 11ca5b31..00000000 --- a/environments/network-isolation-v6.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# Enable the creation of IPv6 Neutron networks for isolated Overcloud -# traffic and configure each role to assign ports (related -# to that role) on these networks. -resource_registry: - OS::TripleO::Network::External: ../network/external_v6.yaml - OS::TripleO::Network::InternalApi: ../network/internal_api_v6.yaml - OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt_v6.yaml - OS::TripleO::Network::Storage: ../network/storage_v6.yaml - # IPv4 until OVS and Neutron support IPv6 tunnel endpoints - OS::TripleO::Network::Tenant: ../network/tenant.yaml - - # Port assignments for the VIPs - OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_v6.yaml - OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage_v6.yaml - OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt_v6.yaml - OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml - - # Port assignments for the controller role - OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_v6.yaml - OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml - OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant.yaml - - # Port assignments for the compute role - OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant.yaml - - # Port assignments for the ceph storage role - OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml - - # Port assignments for the swift storage role - OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml - - # Port assignments for the block storage role - OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml - OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml - OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml - -parameter_defaults: - # Enable IPv6 for Ceph. - CephIPv6: True - # Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster. - CorosyncIPv6: True - # Enable IPv6 for MongoDB. This is required when MongoDB is using an IPv6 IP. - MongoDbIPv6: True - # Enable various IPv6 features in Nova. - NovaIPv6: True - # Enable IPv6 environment for RabbitMQ. - RabbitIPv6: true - # Enable IPv6 environment for Memcached. - MemcachedIPv6: true diff --git a/environments/network-management-v6.yaml b/environments/network-management-v6.yaml index 812e84f3..59056217 100644 --- a/environments/network-management-v6.yaml +++ b/environments/network-management-v6.yaml @@ -1,3 +1,7 @@ +# ****************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/network-isolation-v6.yaml +# and define the needed networks in your custom role file. +# ****************************************************************************** # Enable the creation of an IPv6 system management network. This # creates a Neutron network for isolated Overcloud # system management traffic and configures each role to diff --git a/environments/network-management.yaml b/environments/network-management.yaml index 041617be..5f50bb15 100644 --- a/environments/network-management.yaml +++ b/environments/network-management.yaml @@ -1,3 +1,7 @@ +# *************************************************************************** +# DEPRECATED: Use tripleo-heat-templates/environments/network-isolation.yaml +# and define the needed networks in your custom role file. +# *************************************************************************** # Enable the creation of a system management network. This # creates a Neutron network for isolated Overcloud # system management traffic and configures each role to diff --git a/environments/neutron-sriov.yaml b/environments/neutron-sriov.yaml index 5e9e15e3..591e2260 100755 --- a/environments/neutron-sriov.yaml +++ b/environments/neutron-sriov.yaml @@ -3,7 +3,7 @@ resource_registry: OS::TripleO::Services::NeutronSriovAgent: ../puppet/services/neutron-sriov-agent.yaml parameter_defaults: - NeutronMechanismDrivers: ['openvswitch','sriovnicswitch'] + NeutronMechanismDrivers: ['sriovnicswitch', 'openvswitch'] # Add PciPassthroughFilter to the scheduler default filters #NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter'] diff --git a/environments/services/zaqar.yaml b/environments/services/zaqar.yaml index e501b69c..f57582c2 100644 --- a/environments/services/zaqar.yaml +++ b/environments/services/zaqar.yaml @@ -1,3 +1,3 @@ resource_registry: - OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar-api.yaml OS::TripleO::Services::MongoDb: ../../puppet/services/database/mongodb.yaml diff --git a/environments/storage/external-ceph.yaml b/environments/storage/external-ceph.yaml index f1c9d516..0f2d0396 100644 --- a/environments/storage/external-ceph.yaml +++ b/environments/storage/external-ceph.yaml @@ -13,7 +13,7 @@ parameter_defaults: # Type: string CephAdminKey: '' - # The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + # The Ceph client key. Can be created with ceph-authtool --gen-print-key. # Mandatory. This parameter must be set by the user. # Type: string CephClientKey: <None> diff --git a/extraconfig/nova_metadata/krb-service-principals.yaml b/extraconfig/nova_metadata/krb-service-principals.j2.yaml index cdd4341a..b18dba66 100644 --- a/extraconfig/nova_metadata/krb-service-principals.yaml +++ b/extraconfig/nova_metadata/krb-service-principals.j2.yaml @@ -5,30 +5,38 @@ parameters: RoleData: type: json description: the list containing the 'role_data' output for the ServiceChain - - # Coming from parameter_defaults +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} + # Special case the External hostname param, which is CloudName CloudName: default: overcloud.localdomain description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org type: string +{%- elif network.name == 'InternalApi' %} + # Special case the Internal API hostname param, which is CloudNameInternal CloudNameInternal: - default: overcloud.internalapi.localdomain + default: overcloud.{{network.name.lower()}}.localdomain description: > - The DNS name of this cloud's internal API endpoint. E.g. - 'ci-overcloud.internalapi.tripleo.org'. + The DNS name of this cloud's {{network.name_lower}} endpoint. E.g. + 'ci-overcloud.{{network.name.lower()}}.tripleo.org'. type: string - CloudNameStorage: - default: overcloud.storage.localdomain +{%- elif network.name == 'StorageMgmt' %} + # Special case StorageMgmt hostname param, which is CloudNameStorageManagement + CloudNameStorageManagement: + default: overcloud.{{network.name.lower()}}.localdomain description: > - The DNS name of this cloud's storage endpoint. E.g. - 'ci-overcloud.storage.tripleo.org'. + The DNS name of this cloud's {{network.name_lower}} endpoint. E.g. + 'ci-overcloud.{{network.name.lower()}}.tripleo.org'. type: string - CloudNameStorageManagement: - default: overcloud.storagemgmt.localdomain +{%- else %} + CloudName{{network.name}}: + default: overcloud.{{network.name.lower()}}.localdomain description: > - The DNS name of this cloud's storage management endpoint. E.g. - 'ci-overcloud.storagemgmt.tripleo.org'. + The DNS name of this cloud's {{network.name_lower}} endpoint. E.g. + 'ci-overcloud.{{network.name.lower()}}.tripleo.org'. type: string +{%- endif %} +{%- endfor %} CloudNameCtlplane: default: overcloud.ctlplane.localdomain description: > @@ -61,10 +69,17 @@ resources: data: metadata: {get_attr: [IncomingMetadataSettings, value]} fqdns: +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} external: {get_param: CloudName} +{%- elif network.name == 'InternalApi' %} internal_api: {get_param: CloudNameInternal} - storage: {get_param: CloudNameStorage} +{%- elif network.name == 'StorageMgmt' %} storage_mgmt: {get_param: CloudNameStorageManagement} +{%- else %} + {{network.name_lower}}: {get_param: CloudName{{network.name}}} +{%- endif %} +{%- endfor %} ctlplane: {get_param: CloudNameCtlplane} CompactServices: @@ -82,3 +97,4 @@ outputs: map_merge: - {get_attr: [IndividualServices, value]} - compact_services: {get_attr: [CompactServices, value]} + diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml index fb0d1699..b9fd08b4 100644 --- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml +++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml @@ -59,22 +59,31 @@ parameters: description: | When enabled, the system will perform a yum update after performing the RHEL Registration process. - deployment_actions: - default: ['CREATE', 'UPDATE'] - type: comma_delimited_list - description: > - List of stack actions that will trigger any deployments in this - templates. The actions will be an empty list of the server is in the - toplevel DeploymentServerBlacklist parameter's value. + DeleteOnRHELUnregistration: + type: boolean + default: false + description: | + When true, the system profile will be deleted from the registration + service when the rhel-registration.yaml nested stack is deleted. conditions: - deployment_actions_empty: + unregister_on_delete: equals: - - {get_param: deployment_actions} - - [] + - {get_param: DeleteOnRHELUnregistration} + - true + update_requested: + equals: + - {get_param: UpdateOnRHELRegistration} + - true resources: + DeploymentActions: + type: OS::Heat::Value + properties: + value: + yaql + RHELRegistration: type: OS::Heat::SoftwareConfig properties: @@ -151,9 +160,9 @@ resources: config: {get_resource: RHELUnregistration} actions: if: - - deployment_actions_empty + - unregister_on_delete + - ['DELETE'] - [] - - ['DELETE'] # Only do this on DELETE input_values: REG_METHOD: {get_param: rhel_reg_method} @@ -180,17 +189,12 @@ resources: UpdateDeploymentAfterRHELRegistration: type: OS::Heat::SoftwareDeployment depends_on: RHELRegistrationDeployment - conditions: - update_requested: {get_param: UpdateOnRHELRegistration} + condition: update_requested properties: name: UpdateDeploymentAfterRHELRegistration config: {get_resource: YumUpdateConfigurationAfterRHELRegistration} server: {get_param: server} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE + actions: ['CREATE'] # Only do this on CREATE outputs: deploy_stdout: diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration index d14ed73f..487857ef 100644 --- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration @@ -235,11 +235,25 @@ case "${REG_METHOD:-}" in if [ "$satellite_version" = "6" ]; then repos="$repos --enable ${satellite_repo}" curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" + + # https://bugs.launchpad.net/tripleo/+bug/1711435 + # Delete the /etc/rhsm/facts directory entirely so that the + # %post script from katello-ca-consumer does not override the + # hostname with $(hostname -f) if there is no fqdn set + fqdn=$(hostname -f) + if [ "$fqdn" = "localhost" -o "$fqdn" = "localhost.localdomain" ]; then + rm -rf /etc/rhsm/facts + fi + rpm -Uvh katello-ca-consumer-latest.noarch.rpm || true retry subscription-manager register $opts retry subscription-manager $repos retry yum install -y katello-agent || true # needed for errata reporting to satellite6 katello-package-upload + + # https://bugs.launchpad.net/tripleo/+bug/1711435 + # recreate the facts dir just in case we rm'd it earlier + mkdir -p /etc/rhsm/facts else pushd /usr/share/rhn/ curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT diff --git a/j2_excludes.yaml b/j2_excludes.yaml index 4afbeb01..74fb3bb1 100644 --- a/j2_excludes.yaml +++ b/j2_excludes.yaml @@ -5,39 +5,9 @@ # name: # - puppet/cephstorage-role.yaml name: - - network/internal_api.yaml - - network/external.yaml - - network/storage.yaml - - network/storage_mgmt.yaml - - network/tenant.yaml - - network/management.yaml - network/internal_api_v6.yaml - network/external_v6.yaml - network/storage_v6.yaml - network/storage_mgmt_v6.yaml - network/tenant_v6.yaml - network/management_v6.yaml - - network/ports/internal_api.yaml - - network/ports/external.yaml - - network/ports/storage.yaml - - network/ports/storage_mgmt.yaml - - network/ports/tenant.yaml - - network/ports/management.yaml - - network/ports/internal_api_v6.yaml - - network/ports/external_v6.yaml - - network/ports/storage_v6.yaml - - network/ports/storage_mgmt_v6.yaml - - network/ports/tenant_v6.yaml - - network/ports/management_v6.yaml - - network/ports/internal_api_from_pool.yaml - - network/ports/external_from_pool.yaml - - network/ports/storage_from_pool.yaml - - network/ports/storage_mgmt_from_pool.yaml - - network/ports/tenant_from_pool.yaml - - network/ports/management_from_pool.yaml - - network/ports/internal_api_from_pool_v6.yaml - - network/ports/external_from_pool_v6.yaml - - network/ports/storage_from_pool_v6.yaml - - network/ports/storage_mgmt_from_pool_v6.yaml - - network/ports/tenant_from_pool_v6.yaml - - network/ports/management_from_pool_v6.yaml diff --git a/net-config-bond.yaml b/net-config-bond.yaml index 95b47455..8a97c854 100644 --- a/net-config-bond.yaml +++ b/net-config-bond.yaml @@ -22,7 +22,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -30,7 +30,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/net-config-bridge.yaml b/net-config-bridge.yaml index 29646ab5..0668245d 100644 --- a/net-config-bridge.yaml +++ b/net-config-bridge.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/net-config-linux-bridge.yaml b/net-config-linux-bridge.yaml index 6c44e60e..3964341a 100644 --- a/net-config-linux-bridge.yaml +++ b/net-config-linux-bridge.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/net-config-noop.yaml b/net-config-noop.yaml index 57f1a197..bdfda577 100644 --- a/net-config-noop.yaml +++ b/net-config-noop.yaml @@ -15,7 +15,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -23,7 +23,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/net-config-static-bridge-with-external-dhcp.yaml b/net-config-static-bridge-with-external-dhcp.yaml index cbf282ea..0e0d5900 100644 --- a/net-config-static-bridge-with-external-dhcp.yaml +++ b/net-config-static-bridge-with-external-dhcp.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/net-config-static-bridge.yaml b/net-config-static-bridge.yaml index c778bd81..e3e930d5 100644 --- a/net-config-static-bridge.yaml +++ b/net-config-static-bridge.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/net-config-static.yaml b/net-config-static.yaml index e864be03..02e2fe65 100644 --- a/net-config-static.yaml +++ b/net-config-static.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/net-config-undercloud.yaml b/net-config-undercloud.yaml index 881fbfd7..df02833a 100644 --- a/net-config-undercloud.yaml +++ b/net-config-undercloud.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/ceph-storage.yaml b/network/config/bond-with-vlans/ceph-storage.yaml index 9683456a..bd15a189 100644 --- a/network/config/bond-with-vlans/ceph-storage.yaml +++ b/network/config/bond-with-vlans/ceph-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/cinder-storage.yaml b/network/config/bond-with-vlans/cinder-storage.yaml index 3ad6d653..4ea3c470 100644 --- a/network/config/bond-with-vlans/cinder-storage.yaml +++ b/network/config/bond-with-vlans/cinder-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/compute-dpdk.yaml b/network/config/bond-with-vlans/compute-dpdk.yaml index 095c4973..5def1ca9 100644 --- a/network/config/bond-with-vlans/compute-dpdk.yaml +++ b/network/config/bond-with-vlans/compute-dpdk.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/compute.yaml b/network/config/bond-with-vlans/compute.yaml index 882402af..2acbc877 100644 --- a/network/config/bond-with-vlans/compute.yaml +++ b/network/config/bond-with-vlans/compute.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml index 4901f94d..55603518 100644 --- a/network/config/bond-with-vlans/controller-no-external.yaml +++ b/network/config/bond-with-vlans/controller-no-external.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/controller-v6.yaml b/network/config/bond-with-vlans/controller-v6.yaml index 33c6fa65..69ab7539 100644 --- a/network/config/bond-with-vlans/controller-v6.yaml +++ b/network/config/bond-with-vlans/controller-v6.yaml @@ -14,7 +14,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -22,7 +22,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml index 100821b7..70e41eb6 100644 --- a/network/config/bond-with-vlans/controller.yaml +++ b/network/config/bond-with-vlans/controller.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/networker.yaml b/network/config/bond-with-vlans/networker.yaml index aa6e9da6..45994c72 100644 --- a/network/config/bond-with-vlans/networker.yaml +++ b/network/config/bond-with-vlans/networker.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/bond-with-vlans/swift-storage.yaml b/network/config/bond-with-vlans/swift-storage.yaml index 0ede081f..c31bf225 100644 --- a/network/config/bond-with-vlans/swift-storage.yaml +++ b/network/config/bond-with-vlans/swift-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/contrail/contrail-nic-config-compute.yaml b/network/config/contrail/contrail-nic-config-compute.yaml index a5f0ecab..5f9e9198 100644 --- a/network/config/contrail/contrail-nic-config-compute.yaml +++ b/network/config/contrail/contrail-nic-config-compute.yaml @@ -16,7 +16,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string InternalApiDefaultRoute: # Not used by default in this template default: '10.0.0.1' @@ -28,7 +28,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/contrail/contrail-nic-config.yaml b/network/config/contrail/contrail-nic-config.yaml index 595f34d1..fb78caca 100644 --- a/network/config/contrail/contrail-nic-config.yaml +++ b/network/config/contrail/contrail-nic-config.yaml @@ -16,7 +16,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string InternalApiDefaultRoute: # Not used by default in this template default: '10.0.0.1' @@ -28,7 +28,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/multiple-nics/ceph-storage.yaml b/network/config/multiple-nics/ceph-storage.yaml index 3cc4361f..8448f84f 100644 --- a/network/config/multiple-nics/ceph-storage.yaml +++ b/network/config/multiple-nics/ceph-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/multiple-nics/cinder-storage.yaml b/network/config/multiple-nics/cinder-storage.yaml index fa7d49e3..57882e22 100644 --- a/network/config/multiple-nics/cinder-storage.yaml +++ b/network/config/multiple-nics/cinder-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/multiple-nics/compute-dvr.yaml b/network/config/multiple-nics/compute-dvr.yaml index a7939125..562a63d9 100644 --- a/network/config/multiple-nics/compute-dvr.yaml +++ b/network/config/multiple-nics/compute-dvr.yaml @@ -13,7 +13,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -21,7 +21,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml index d1dc06a3..febfed0c 100644 --- a/network/config/multiple-nics/compute.yaml +++ b/network/config/multiple-nics/compute.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/multiple-nics/controller-v6.yaml b/network/config/multiple-nics/controller-v6.yaml index 477eeaae..17544f22 100644 --- a/network/config/multiple-nics/controller-v6.yaml +++ b/network/config/multiple-nics/controller-v6.yaml @@ -13,7 +13,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -21,7 +21,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/multiple-nics/controller.yaml b/network/config/multiple-nics/controller.yaml index 59f16b93..7d9dbe7a 100644 --- a/network/config/multiple-nics/controller.yaml +++ b/network/config/multiple-nics/controller.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/multiple-nics/networker.yaml b/network/config/multiple-nics/networker.yaml index b251fb9c..abee66ca 100644 --- a/network/config/multiple-nics/networker.yaml +++ b/network/config/multiple-nics/networker.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/multiple-nics/swift-storage.yaml b/network/config/multiple-nics/swift-storage.yaml index 180f553f..cf547918 100644 --- a/network/config/multiple-nics/swift-storage.yaml +++ b/network/config/multiple-nics/swift-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml index 6685f2bc..b22f633a 100644 --- a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml index ecc57ad5..1c5a8c9a 100644 --- a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-linux-bridge-vlans/compute.yaml b/network/config/single-nic-linux-bridge-vlans/compute.yaml index a637ef00..f4fd5fba 100644 --- a/network/config/single-nic-linux-bridge-vlans/compute.yaml +++ b/network/config/single-nic-linux-bridge-vlans/compute.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml index d4058078..44fc961c 100644 --- a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml +++ b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml @@ -13,7 +13,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -21,7 +21,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-linux-bridge-vlans/controller.yaml b/network/config/single-nic-linux-bridge-vlans/controller.yaml index a52a8b84..0a54145a 100644 --- a/network/config/single-nic-linux-bridge-vlans/controller.yaml +++ b/network/config/single-nic-linux-bridge-vlans/controller.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-linux-bridge-vlans/networker.yaml b/network/config/single-nic-linux-bridge-vlans/networker.yaml index b1733dec..7dd48944 100644 --- a/network/config/single-nic-linux-bridge-vlans/networker.yaml +++ b/network/config/single-nic-linux-bridge-vlans/networker.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml index ad154fad..2649391f 100644 --- a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-vlans/ceph-storage.yaml b/network/config/single-nic-vlans/ceph-storage.yaml index 790e8a7d..ebcc721c 100644 --- a/network/config/single-nic-vlans/ceph-storage.yaml +++ b/network/config/single-nic-vlans/ceph-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-vlans/cinder-storage.yaml b/network/config/single-nic-vlans/cinder-storage.yaml index 6dee3bee..d2548e4e 100644 --- a/network/config/single-nic-vlans/cinder-storage.yaml +++ b/network/config/single-nic-vlans/cinder-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-vlans/compute.yaml b/network/config/single-nic-vlans/compute.yaml index d2559d2c..78814af1 100644 --- a/network/config/single-nic-vlans/compute.yaml +++ b/network/config/single-nic-vlans/compute.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-vlans/controller-no-external.yaml b/network/config/single-nic-vlans/controller-no-external.yaml index d26de321..1dc9a6f3 100644 --- a/network/config/single-nic-vlans/controller-no-external.yaml +++ b/network/config/single-nic-vlans/controller-no-external.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-vlans/controller-v6.yaml b/network/config/single-nic-vlans/controller-v6.yaml index 8f68760f..f1055ae3 100644 --- a/network/config/single-nic-vlans/controller-v6.yaml +++ b/network/config/single-nic-vlans/controller-v6.yaml @@ -13,7 +13,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -21,7 +21,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-vlans/controller.yaml b/network/config/single-nic-vlans/controller.yaml index 8530118f..171fcf5d 100644 --- a/network/config/single-nic-vlans/controller.yaml +++ b/network/config/single-nic-vlans/controller.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-vlans/networker.yaml b/network/config/single-nic-vlans/networker.yaml index 54a17e46..2502984a 100644 --- a/network/config/single-nic-vlans/networker.yaml +++ b/network/config/single-nic-vlans/networker.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/config/single-nic-vlans/swift-storage.yaml b/network/config/single-nic-vlans/swift-storage.yaml index b4587e04..99ab66c1 100644 --- a/network/config/single-nic-vlans/swift-storage.yaml +++ b/network/config/single-nic-vlans/swift-storage.yaml @@ -12,7 +12,7 @@ parameters: type: string InternalApiIpSubnet: default: '' - description: IP address/subnet on the internal API network + description: IP address/subnet on the internal_api network type: string StorageIpSubnet: default: '' @@ -20,7 +20,7 @@ parameters: type: string StorageMgmtIpSubnet: default: '' - description: IP address/subnet on the storage mgmt network + description: IP address/subnet on the storage_mgmt network type: string TenantIpSubnet: default: '' diff --git a/network/external.yaml b/network/external.yaml deleted file mode 100644 index 708d4635..00000000 --- a/network/external.yaml +++ /dev/null @@ -1,69 +0,0 @@ -heat_template_version: pike - -description: > - External network. Public traffic, Neutron l3router for floating IPs/SNAT, etc. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - ExternalNetCidr: - default: '10.0.0.0/24' - description: Cidr for the external network. - type: string - ExternalNetValueSpecs: - default: {'provider:physical_network': 'external', 'provider:network_type': 'flat'} - description: Value specs for the external network. - type: json - ExternalNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - ExternalNetEnableDHCP: - default: false - description: Whether to enable DHCP on the associated subnet. - type: boolean - ExternalNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - ExternalNetName: - default: external - description: The name of the external network. - type: string - ExternalSubnetName: - default: external_subnet - description: The name of the external subnet in Neutron. - type: string - ExternalAllocationPools: - default: [{'start': '10.0.0.4', 'end': '10.0.0.250'}] - description: Ip allocation pool range for the external network. - type: json - ExternalInterfaceDefaultRoute: - default: '10.0.0.1' - description: default route for the external network - type: string - -resources: - ExternalNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: ExternalNetAdminStateUp} - name: {get_param: ExternalNetName} - shared: {get_param: ExternalNetShared} - value_specs: {get_param: ExternalNetValueSpecs} - - ExternalSubnet: - type: OS::Neutron::Subnet - properties: - cidr: {get_param: ExternalNetCidr} - enable_dhcp: {get_param: ExternalNetEnableDHCP} - name: {get_param: ExternalSubnetName} - network: {get_resource: ExternalNetwork} - allocation_pools: {get_param: ExternalAllocationPools} - gateway_ip: {get_param: ExternalInterfaceDefaultRoute} - -outputs: - OS::stack_id: - description: Neutron external network - value: {get_resource: ExternalNetwork} - subnet_cidr: - value: {get_attr: [ExternalSubnet, cidr]} diff --git a/network/internal_api.yaml b/network/internal_api.yaml deleted file mode 100644 index 6e1885a9..00000000 --- a/network/internal_api.yaml +++ /dev/null @@ -1,65 +0,0 @@ -heat_template_version: pike - -description: > - Internal API network. Used for most APIs, Database, RPC. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - InternalApiNetCidr: - default: '172.16.2.0/24' - description: Cidr for the internal API network. - type: string - InternalApiNetValueSpecs: - default: {'provider:physical_network': 'internal_api', 'provider:network_type': 'flat'} - description: Value specs for the internal API network. - type: json - InternalApiNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - InternalApiNetEnableDHCP: - default: false - description: Whether to enable DHCP on the associated subnet. - type: boolean - InternalApiNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - InternalApiNetName: - default: internal_api - description: The name of the internal API network. - type: string - InternalApiSubnetName: - default: internal_api_subnet - description: The name of the internal API subnet in Neutron. - type: string - InternalApiAllocationPools: - default: [{'start': '172.16.2.4', 'end': '172.16.2.250'}] - description: Ip allocation pool range for the internal API network. - type: json - -resources: - InternalApiNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: InternalApiNetAdminStateUp} - name: {get_param: InternalApiNetName} - shared: {get_param: InternalApiNetShared} - value_specs: {get_param: InternalApiNetValueSpecs} - - InternalApiSubnet: - type: OS::Neutron::Subnet - properties: - cidr: {get_param: InternalApiNetCidr} - enable_dhcp: {get_param: InternalApiNetEnableDHCP} - name: {get_param: InternalApiSubnetName} - network: {get_resource: InternalApiNetwork} - allocation_pools: {get_param: InternalApiAllocationPools} - gateway_ip: null - -outputs: - OS::stack_id: - description: Neutron internal network - value: {get_resource: InternalApiNetwork} - subnet_cidr: - value: {get_attr: [InternalApiSubnet, cidr]} diff --git a/network/internal_api_v6.yaml b/network/internal_api_v6.yaml index 7264b1c0..6a0912e2 100644 --- a/network/internal_api_v6.yaml +++ b/network/internal_api_v6.yaml @@ -8,11 +8,11 @@ parameters: InternalApiNetCidr: # OpenStack uses the EUI-64 address format, which requires a /64 prefix default: 'fd00:fd00:fd00:2000::/64' - description: Cidr for the internal API network. + description: Cidr for the internal_api network. type: string InternalApiNetValueSpecs: default: {'provider:physical_network': 'internal_api', 'provider:network_type': 'flat'} - description: Value specs for the internal API network. + description: Value specs for the internal_api network. type: json InternalApiNetAdminStateUp: default: false @@ -24,15 +24,15 @@ parameters: type: boolean InternalApiNetName: default: internal_api - description: The name of the internal API network. + description: The name of the internal_api network. type: string InternalApiSubnetName: default: internal_api_subnet - description: The name of the internal API subnet in Neutron. + description: The name of the internal_api subnet in Neutron. type: string InternalApiAllocationPools: default: [{'start': 'fd00:fd00:fd00:2000::10', 'end': 'fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe'}] - description: Ip allocation pool range for the internal API network. + description: Ip allocation pool range for the internal_api network. type: json IPv6AddressMode: default: dhcpv6-stateful diff --git a/network/management.yaml b/network/management.yaml deleted file mode 100644 index be197e5c..00000000 --- a/network/management.yaml +++ /dev/null @@ -1,70 +0,0 @@ -heat_template_version: pike - -description: > - Management network. System administration, SSH, DNS, NTP, etc. This network - would usually be the default gateway for the non-controller nodes. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - ManagementNetCidr: - default: '10.0.1.0/24' - description: Cidr for the management network. - type: string - ManagementNetValueSpecs: - default: {'provider:physical_network': 'management', 'provider:network_type': 'flat'} - description: Value specs for the management network. - type: json - ManagementNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - ManagementNetEnableDHCP: - default: false - description: Whether to enable DHCP on the associated subnet. - type: boolean - ManagementNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - ManagementNetName: - default: management - description: The name of the management network. - type: string - ManagementSubnetName: - default: management_subnet - description: The name of the management subnet in Neutron. - type: string - ManagementAllocationPools: - default: [{'start': '10.0.1.4', 'end': '10.0.1.250'}] - description: Ip allocation pool range for the management network. - type: json - ManagementInterfaceDefaultRoute: - default: unset - description: The default route of the management network. - type: string - -resources: - ManagementNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: ManagementNetAdminStateUp} - name: {get_param: ManagementNetName} - shared: {get_param: ManagementNetShared} - value_specs: {get_param: ManagementNetValueSpecs} - - ManagementSubnet: - type: OS::Neutron::Subnet - properties: - cidr: {get_param: ManagementNetCidr} - enable_dhcp: {get_param: ManagementNetEnableDHCP} - name: {get_param: ManagementSubnetName} - network: {get_resource: ManagementNetwork} - allocation_pools: {get_param: ManagementAllocationPools} - gateway_ip: {get_param: ManagementInterfaceDefaultRoute} - -outputs: - OS::stack_id: - description: Neutron management network - value: {get_resource: ManagementNetwork} - subnet_cidr: - value: {get_attr: [ManagementSubnet, cidr]} diff --git a/network/network.network.j2.yaml b/network/network.network.j2.yaml index ccf437bb..29d58cd5 100644 --- a/network/network.network.j2.yaml +++ b/network/network.network.j2.yaml @@ -15,7 +15,7 @@ parameters: type: json {{network.name}}NetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean {{network.name}}NetEnableDHCP: default: false @@ -27,7 +27,7 @@ parameters: type: boolean {{network.name}}NetName: default: {{network.name_lower}} - description: The name of the {{network.name_lower}} network. + description: The name of the {{network.name_lower}} network. type: string {{network.name}}SubnetName: default: {{network.name_lower}}_subnet @@ -38,7 +38,7 @@ parameters: description: Ip allocation pool range for the {{network.name_lower}} network. type: json {{network.name}}InterfaceDefaultRoute: - default: {{network.gateway_ip|default("not_defined")}} + default: {{network.gateway_ip|default('""')}} description: default route for the {{network.name_lower}} network type: string {%- if network.vlan %} diff --git a/network/ports/external.yaml b/network/ports/external.yaml deleted file mode 100644 index 72922093..00000000 --- a/network/ports/external.yaml +++ /dev/null @@ -1,61 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the external network. The IP address will be chosen - automatically if FixedIPs is empty. - -parameters: - ExternalNetName: - description: The name of the external network. - default: external - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml - description: The name of the undercloud Neutron control plane - default: ctlplane - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - ExternalPort: - type: OS::Neutron::Port - properties: - network: {get_param: ExternalNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: external network IP - value: {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: external network IP (for compatibility with external_v6.yaml) - value: {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the external network IP - value: - list_join: - - '' - - - {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [ExternalPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/external_from_pool.yaml b/network/ports/external_from_pool.yaml deleted file mode 100644 index a14aa90b..00000000 --- a/network/ports/external_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - ExternalNetName: - description: The name of the external network. - default: external - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - ExternalNetCidr: - default: '10.0.0.0/24' - description: Cidr for the external network. - type: string - -outputs: - ip_address: - description: external network IP - value: {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: external network IP (for compatibility with IPv6) - value: {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the external network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: ExternalNetCidr}, 1]} diff --git a/network/ports/external_from_pool_v6.yaml b/network/ports/external_from_pool_v6.yaml deleted file mode 100644 index 2aa51267..00000000 --- a/network/ports/external_from_pool_v6.yaml +++ /dev/null @@ -1,52 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs. This version is for IPv6 - addresses. The ip_address_uri output will have brackets for use in URLs. - -parameters: - ExternalNetName: - description: The name of the external network. - default: external - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - ExternalNetCidr: - default: '2001:db8:fd00:1000::/64' - description: Cidr for the external network. - type: string - -outputs: - ip_address: - description: external network IP - value: {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: external network IP (for compatibility with IPv6) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the external network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: ExternalNetCidr}, 1]} diff --git a/network/ports/internal_api.yaml b/network/ports/internal_api.yaml deleted file mode 100644 index e9eb7875..00000000 --- a/network/ports/internal_api.yaml +++ /dev/null @@ -1,57 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the internal_api network. - -parameters: - InternalApiNetName: - description: The name of the internal API network. - default: internal_api - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - InternalApiPort: - type: OS::Neutron::Port - properties: - network: {get_param: InternalApiNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: internal API network IP - value: {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: | - internal API network IP (for compatibility with internal_api_v6.yaml) - value: {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the internal API network IP - value: - list_join: - - '' - - - {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [InternalApiPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/internal_api_from_pool.yaml b/network/ports/internal_api_from_pool.yaml deleted file mode 100644 index 31c72daf..00000000 --- a/network/ports/internal_api_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - InternalApiNetName: - description: The name of the internal API network. - default: internal_api - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - InternalApiNetCidr: - default: '172.16.2.0/24' - description: Cidr for the internal API network. - type: string - -outputs: - ip_address: - description: internal API network IP - value: {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: internal API network IP (for compatibility with internal_api_v6.yaml) - value: {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the internal API network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: InternalApiNetCidr}, 1]} diff --git a/network/ports/internal_api_from_pool_v6.yaml b/network/ports/internal_api_from_pool_v6.yaml deleted file mode 100644 index 657310ed..00000000 --- a/network/ports/internal_api_from_pool_v6.yaml +++ /dev/null @@ -1,52 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs. This version is for IPv6 - addresses. The ip_address_uri output will have brackets for use in URLs. - -parameters: - InternalApiNetName: - description: The name of the internal API network. - default: internal_api - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - InternalApiNetCidr: - default: 'fd00:fd00:fd00:2000::/64' - description: Cidr for the internal API network. - type: string - -outputs: - ip_address: - description: internal API network IP - value: {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: internal API network IP (for compatibility with internal_api_v6.yaml) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the internal API network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: InternalApiNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: InternalApiNetCidr}, 1]} diff --git a/network/ports/internal_api_v6.yaml b/network/ports/internal_api_v6.yaml deleted file mode 100644 index 6a9e7083..00000000 --- a/network/ports/internal_api_v6.yaml +++ /dev/null @@ -1,61 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the internal_api network. - -parameters: - InternalApiNetName: - description: The name of the internal API network. - default: internal_api - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - InternalApiPort: - type: OS::Neutron::Port - properties: - network: {get_param: InternalApiNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: internal API network IP - value: {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: internal api network IP with brackets suitable for a URL - value: - list_join: - - '' - - - '[' - - {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the internal API network IP - value: - list_join: - - '' - - - {get_attr: [InternalApiPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [InternalApiPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/management.yaml b/network/ports/management.yaml deleted file mode 100644 index 417d0612..00000000 --- a/network/ports/management.yaml +++ /dev/null @@ -1,49 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the management network. The IP address will be chosen - automatically if FixedIPs is empty. - -parameters: - ManagementNetName: - description: The name of the management network. - default: management - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - type: string - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - ManagementPort: - type: OS::Neutron::Port - properties: - network: {get_param: ManagementNetName} - name: {get_param: PortName} - replacement_policy: AUTO - -outputs: - ip_address: - description: management network IP - value: {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: management network IP (for compatibility with management_v6.yaml) - value: {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the management network IP - value: - list_join: - - '' - - - {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [ManagementPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/management_from_pool.yaml b/network/ports/management_from_pool.yaml deleted file mode 100644 index 4815d163..00000000 --- a/network/ports/management_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - ManagementNetName: - description: The name of the management network. - default: management - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - ManagementNetCidr: - default: '172.16.4.0/24' - description: Cidr for the management network. - type: string - -outputs: - ip_address: - description: management network IP - value: {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: management network IP (for compatibility with management_v6.yaml) - value: {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the management network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: ManagementNetCidr}, 1]} diff --git a/network/ports/management_from_pool_v6.yaml b/network/ports/management_from_pool_v6.yaml deleted file mode 100644 index 2a7d3b1d..00000000 --- a/network/ports/management_from_pool_v6.yaml +++ /dev/null @@ -1,52 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs. This version is for IPv6 - addresses. The ip_address_uri output will have brackets for use in URLs. - -parameters: - ManagementNetName: - description: The name of the management network. - default: management - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - ManagementNetCidr: - default: 'fd00:fd00:fd00:6000::/64' - description: Cidr for the management network. - type: string - -outputs: - ip_address: - description: management network IP - value: {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: management network IP (for compatibility with management_v6.yaml) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the management network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: ManagementNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: ManagementNetCidr}, 1]} diff --git a/network/ports/management_v6.yaml b/network/ports/management_v6.yaml deleted file mode 100644 index 9de06d9c..00000000 --- a/network/ports/management_v6.yaml +++ /dev/null @@ -1,54 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the management network. The IP address will be chosen - automatically if FixedIPs is empty. - -parameters: - ManagementNetName: - description: The name of the management network. - default: management - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - type: string - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - ManagementPort: - type: OS::Neutron::Port - properties: - network: {get_param: ManagementNetName} - name: {get_param: PortName} - replacement_policy: AUTO - -outputs: - ip_address: - description: management network IP - value: {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: management network IP with brackets suitable for a URL - value: - list_join: - - '' - - - '[' - - {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the management network IP - value: - list_join: - - '' - - - {get_attr: [ManagementPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [ManagementPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.j2.yaml index a9111ed9..e929ab2c 100644 --- a/network/ports/net_ip_list_map.yaml +++ b/network/ports/net_ip_list_map.j2.yaml @@ -4,24 +4,11 @@ parameters: ControlPlaneIpList: default: [] type: comma_delimited_list - ExternalIpList: - default: [] - type: comma_delimited_list - InternalApiIpList: - default: [] - type: comma_delimited_list - StorageIpList: - default: [] - type: comma_delimited_list - StorageMgmtIpList: - default: [] - type: comma_delimited_list - TenantIpList: - default: [] - type: comma_delimited_list - ManagementIpList: +{%- for network in networks %} + {{network.name}}IpList: default: [] type: comma_delimited_list +{%- endfor %} EnabledServices: default: [] type: comma_delimited_list @@ -37,7 +24,7 @@ parameters: InternalApiNetName: default: internal_api - description: The name of the internal API network. + description: The name of the internal_api network. type: string ExternalNetName: default: external @@ -53,12 +40,17 @@ parameters: type: string StorageMgmtNetName: default: storage_mgmt - description: The name of the Storage management network. + description: The name of the storage_mgmt network. type: string TenantNetName: default: tenant description: The name of the tenant network. +{%- for network in networks %} + {{network.name}}NetName: + default: {{network.name_lower}} + description: The name of the {{network.name_lower}} network. type: string +{%- endfor %} resources: @@ -91,19 +83,13 @@ resources: value: map_replace: - ctlplane: {get_param: ControlPlaneIpList} - external: {get_param: ExternalIpList} - internal_api: {get_param: InternalApiIpList} - storage: {get_param: StorageIpList} - storage_mgmt: {get_param: StorageMgmtIpList} - tenant: {get_param: TenantIpList} - management: {get_param: ManagementIpList} +{%- for network in networks %} + {{network.name_lower}}: {get_param: {{network.name}}IpList} +{%- endfor %} - keys: - external: {get_param: ExternalNetName} - internal_api: {get_param: InternalApiNetName} - storage: {get_param: StorageNetName} - storage_mgmt: {get_param: StorageMgmtNetName} - tenant: {get_param: TenantNetName} - management: {get_param: ManagementNetName} +{%- for network in networks %} + {{network.name_lower}}: {get_param: {{network.name}}NetName} +{%- endfor %} outputs: net_ip_map: diff --git a/network/ports/net_ip_map.j2.yaml b/network/ports/net_ip_map.j2.yaml new file mode 100644 index 00000000..f01d624a --- /dev/null +++ b/network/ports/net_ip_map.j2.yaml @@ -0,0 +1,81 @@ +heat_template_version: pike + +parameters: + ControlPlaneIp: + default: '' + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string +{%- for network in networks %} + {{network.name}}Ip: + default: '' + type: string + {{network.name}}IpSubnet: + description: 'IP address/subnet on the {{network.name_lower}} network' + default: '' + type: string + {{network.name}}IpUri: + default: '' + type: string + description: IP address with brackets in case of IPv6 +{%- endfor %} + +{%- for network in networks %} + {{network.name}}NetName: + default: {{network.name_lower}} + description: The name of the {{network.name_lower}} network. + type: string +{%- endfor %} + +resources: + + NetIpMapValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - ctlplane: {get_param: ControlPlaneIp} +{%- for network in networks %} + {{network.name_lower}}: {get_param: {{network.name}}Ip} +{%- endfor %} + ctlplane_subnet: + list_join: + - '' + - - {get_param: ControlPlaneIp} + - '/' + - {get_param: ControlPlaneSubnetCidr} +{%- for network in networks %} + {{network.name_lower}}_subnet: {get_param: {{network.name}}IpSubnet} +{%- endfor %} + ctlplane_uri: {get_param: ControlPlaneIp} +{%- for network in networks %} + {{network.name_lower}}_uri: {get_param: {{network.name}}IpUri} +{%- endfor %} + - keys: +{%- for network in networks %} + {{network.name_lower}}: {get_param: {{network.name}}NetName} +{%- endfor %} +{%- for network in networks %} + {{network.name_lower}}_subnet: + str_replace: + template: NAME_subnet + params: + NAME: {get_param: {{network.name}}NetName} +{%- endfor %} +{%- for network in networks %} + {{network.name_lower}}_uri: + str_replace: + template: NAME_uri + params: + NAME: {get_param: {{network.name}}NetName} +{%- endfor %} + +outputs: + net_ip_map: + description: > + A Hash containing a mapping of network names to assigned IPs + for a specific machine. + value: {get_attr: [NetIpMapValue, value]} diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml deleted file mode 100644 index ce58e96f..00000000 --- a/network/ports/net_ip_map.yaml +++ /dev/null @@ -1,210 +0,0 @@ -heat_template_version: pike - -parameters: - ControlPlaneIp: - default: '' - type: string - ControlPlaneSubnetCidr: # Override this via parameter_defaults - default: '24' - description: The subnet CIDR of the control plane network. - type: string - ExternalIp: - default: '' - type: string - ExternalIpSubnet: - default: '' - type: string - description: IP address/subnet on the external network - ExternalIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - InternalApiIp: - default: '' - type: string - InternalApiIpSubnet: - default: '' - type: string - description: IP address/subnet on the internal API network - InternalApiIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - StorageIp: - default: '' - type: string - StorageIpSubnet: - default: '' - type: string - description: IP address/subnet on the storage network - StorageIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - StorageMgmtIp: - default: '' - type: string - StorageMgmtIpSubnet: - default: '' - type: string - description: IP address/subnet on the storage mgmt network - StorageMgmtIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - TenantIp: - default: '' - type: string - TenantIpSubnet: - default: '' - type: string - description: IP address/subnet on the tenant network - TenantIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - ManagementIp: - default: '' - type: string - ManagementIpSubnet: - default: '' - type: string - description: IP address/subnet on the management network - ManagementIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - - InternalApiNetName: - default: internal_api - description: The name of the internal API network. - type: string - ExternalNetName: - default: external - description: The name of the external network. - type: string - ManagementNetName: - default: management - description: The name of the management network. - type: string - StorageNetName: - default: storage - description: The name of the storage network. - type: string - StorageMgmtNetName: - default: storage_mgmt - description: The name of the Storage management network. - type: string - TenantNetName: - default: tenant - description: The name of the tenant network. - type: string - -resources: - - NetIpMapValue: - type: OS::Heat::Value - properties: - type: json - value: - map_replace: - - ctlplane: {get_param: ControlPlaneIp} - external: {get_param: ExternalIp} - internal_api: {get_param: InternalApiIp} - storage: {get_param: StorageIp} - storage_mgmt: {get_param: StorageMgmtIp} - tenant: {get_param: TenantIp} - management: {get_param: ManagementIp} - ctlplane_subnet: - list_join: - - '' - - - {get_param: ControlPlaneIp} - - '/' - - {get_param: ControlPlaneSubnetCidr} - external_subnet: {get_param: ExternalIpSubnet} - internal_api_subnet: {get_param: InternalApiIpSubnet} - storage_subnet: {get_param: StorageIpSubnet} - storage_mgmt_subnet: {get_param: StorageMgmtIpSubnet} - tenant_subnet: {get_param: TenantIpSubnet} - management_subnet: {get_param: ManagementIpSubnet} - ctlplane_uri: {get_param: ControlPlaneIp} - external_uri: {get_param: ExternalIpUri} - internal_api_uri: {get_param: InternalApiIpUri} - storage_uri: {get_param: StorageIpUri} - storage_mgmt_uri: {get_param: StorageMgmtIpUri} - tenant_uri: {get_param: TenantIpUri} - management_uri: {get_param: ManagementIpUri} - - keys: - external: {get_param: ExternalNetName} - internal_api: {get_param: InternalApiNetName} - storage: {get_param: StorageNetName} - storage_mgmt: {get_param: StorageMgmtNetName} - tenant: {get_param: TenantNetName} - management: {get_param: ManagementNetName} - external_subnet: - str_replace: - template: NAME_subnet - params: - NAME: {get_param: ExternalNetName} - internal_api_subnet: - str_replace: - template: NAME_subnet - params: - NAME: {get_param: InternalApiNetName} - storage_subnet: - str_replace: - template: NAME_subnet - params: - NAME: {get_param: StorageNetName} - storage_mgmt_subnet: - str_replace: - template: NAME_subnet - params: - NAME: {get_param: StorageMgmtNetName} - tenant_subnet: - str_replace: - template: NAME_subnet - params: - NAME: {get_param: TenantNetName} - management_subnet: - str_replace: - template: NAME_subnet - params: - NAME: {get_param: ManagementNetName} - external_uri: - str_replace: - template: NAME_uri - params: - NAME: {get_param: ExternalNetName} - internal_api_uri: - str_replace: - template: NAME_uri - params: - NAME: {get_param: InternalApiNetName} - storage_uri: - str_replace: - template: NAME_uri - params: - NAME: {get_param: StorageNetName} - storage_mgmt_uri: - str_replace: - template: NAME_uri - params: - NAME: {get_param: StorageMgmtNetName} - tenant_uri: - str_replace: - template: NAME_uri - params: - NAME: {get_param: TenantNetName} - management_uri: - str_replace: - template: NAME_uri - params: - NAME: {get_param: ManagementNetName} - -outputs: - net_ip_map: - description: > - A Hash containing a mapping of network names to assigned IPs - for a specific machine. - value: {get_attr: [NetIpMapValue, value]} diff --git a/network/ports/net_vip_map_external.j2.yaml b/network/ports/net_vip_map_external.j2.yaml new file mode 100644 index 00000000..b17f48b5 --- /dev/null +++ b/network/ports/net_vip_map_external.j2.yaml @@ -0,0 +1,40 @@ +heat_template_version: pike + +parameters: + # Set these via parameter defaults to configure external VIPs + ControlPlaneIP: + default: '' + type: string +{%- for network in networks if network.vip|default(false) %} + {{network.name}}NetworkVip: + default: '' + type: string +{%- endfor %} + # The following are unused in this template + ControlPlaneIp: + default: '' + type: string +{%- for network in networks if network.vip|default(false) %} + {{network.name}}Ip: + default: '' + type: string + {{network.name}}IpUri: + default: '' + type: string + description: IP address with brackets in case of IPv6 +{%- endfor %} + +outputs: + net_ip_map: + description: > + A Hash containing a mapping of network names to assigned IPs + for a specific machine. + value: + ctlplane: {get_param: ControlPlaneIP} +{%- for network in networks if network.vip|default(false) %} + {{network.name_lower}}: {get_param: {{network.name}}NetworkVip} +{%- endfor %} + ctlplane_uri: {get_param: ControlPlaneIP} +{%- for network in networks if network.vip|default(false) %} + {{network.name_lower}}_uri: {get_param: {{network.name}}NetworkVip} +{%- endfor %} diff --git a/network/ports/net_vip_map_external.yaml b/network/ports/net_vip_map_external.yaml deleted file mode 100644 index d0847882..00000000 --- a/network/ports/net_vip_map_external.yaml +++ /dev/null @@ -1,68 +0,0 @@ -heat_template_version: pike - -parameters: - # Set these via parameter defaults to configure external VIPs - ControlPlaneIP: - default: '' - type: string - ExternalNetworkVip: - default: '' - type: string - InternalApiNetworkVip: - default: '' - type: string - StorageNetworkVip: - default: '' - type: string - StorageMgmtNetworkVip: - default: '' - type: string - # The following are unused in this template - ControlPlaneIp: - default: '' - type: string - ExternalIp: - default: '' - type: string - ExternalIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - InternalApiIp: - default: '' - type: string - InternalApiIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - StorageIp: - default: '' - type: string - StorageIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - StorageMgmtIp: - default: '' - type: string - StorageMgmtIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - -outputs: - net_ip_map: - description: > - A Hash containing a mapping of network names to assigned IPs - for a specific machine. - value: - ctlplane: {get_param: ControlPlaneIP} - external: {get_param: ExternalNetworkVip} - internal_api: {get_param: InternalApiNetworkVip} - storage: {get_param: StorageNetworkVip} - storage_mgmt: {get_param: StorageMgmtNetworkVip} - ctlplane_uri: {get_param: ControlPlaneIP} - external_uri: {get_param: ExternalNetworkVip} - internal_api_uri: {get_param: InternalApiNetworkVip} - storage_uri: {get_param: StorageNetworkVip} - storage_mgmt_uri: {get_param: StorageMgmtNetworkVip} diff --git a/network/ports/net_vip_map_external_v6.j2.yaml b/network/ports/net_vip_map_external_v6.j2.yaml new file mode 100644 index 00000000..5eff73c1 --- /dev/null +++ b/network/ports/net_vip_map_external_v6.j2.yaml @@ -0,0 +1,45 @@ +heat_template_version: pike + +parameters: + # Set these via parameter defaults to configure external VIPs + ControlPlaneIP: + default: '' + type: string +{%- for network in networks if network.vip|default(false) %} + {{network.name}}NetworkVip: + default: '' + type: string +{%- endfor %} + # The following are unused in this template + ControlPlaneIp: + default: '' + type: string +{%- for network in networks if network.vip|default(false) %} + {{network.name}}Ip: + default: '' + type: string + {{network.name}}IpUri: + default: '' + type: string + description: IP address with brackets in case of IPv6 +{%- endfor %} + +outputs: + net_ip_map: + description: > + A Hash containing a mapping of network names to assigned IPs + for a specific machine. + value: + ctlplane: {get_param: ControlPlaneIP} +{%- for network in networks if network.vip|default(false) %} + {{network.name_lower}}: {get_param: {{network.name}}NetworkVip} +{%- endfor %} + ctlplane_uri: {get_param: ControlPlaneIP} +{%- for network in networks if network.vip|default(false) %} + {{network.name_lower}}_uri: + list_join: + - '' + - - '[' + - {get_param: {{network.name}}NetworkVip} + - ']' +{%- endfor %} diff --git a/network/ports/net_vip_map_external_v6.yaml b/network/ports/net_vip_map_external_v6.yaml deleted file mode 100644 index 72e60cb2..00000000 --- a/network/ports/net_vip_map_external_v6.yaml +++ /dev/null @@ -1,88 +0,0 @@ -heat_template_version: pike - -parameters: - # Set these via parameter defaults to configure external VIPs - ControlPlaneIP: - default: '' - type: string - ExternalNetworkVip: - default: '' - type: string - InternalApiNetworkVip: - default: '' - type: string - StorageNetworkVip: - default: '' - type: string - StorageMgmtNetworkVip: - default: '' - type: string - # The following are unused in this template - ControlPlaneIp: - default: '' - type: string - ExternalIp: - default: '' - type: string - ExternalIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - InternalApiIp: - default: '' - type: string - InternalApiIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - StorageIp: - default: '' - type: string - StorageIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - StorageMgmtIp: - default: '' - type: string - StorageMgmtIpUri: - default: '' - type: string - description: IP address with brackets in case of IPv6 - -outputs: - net_ip_map: - description: > - A Hash containing a mapping of network names to assigned IPs - for a specific machine. - value: - ctlplane: {get_param: ControlPlaneIP} - external: {get_param: ExternalNetworkVip} - internal_api: {get_param: InternalApiNetworkVip} - storage: {get_param: StorageNetworkVip} - storage_mgmt: {get_param: StorageMgmtNetworkVip} - ctlplane_uri: {get_param: ControlPlaneIP} - external_uri: - list_join: - - '' - - - '[' - - {get_param: ExternalNetworkVip} - - ']' - internal_api_uri: - list_join: - - '' - - - '[' - - {get_param: InternalApiNetworkVip} - - ']' - storage_uri: - list_join: - - '' - - - '[' - - {get_param: StorageNetworkVip} - - ']' - storage_mgmt_uri: - list_join: - - '' - - - '[' - - {get_param: StorageMgmtNetworkVip} - - ']' diff --git a/network/ports/external_v6.yaml b/network/ports/port.j2 index 5a1b5ae3..2088d840 100644 --- a/network/ports/external_v6.yaml +++ b/network/ports/port.j2 @@ -1,19 +1,19 @@ heat_template_version: pike description: > - Creates a port on the external network. The IP address will be chosen + Creates a port on the {{network.name}} network. The IP address will be chosen automatically if FixedIPs is empty. parameters: - ExternalNetName: - description: The name of the external network. - default: external + {{network.name}}NetName: + description: The name of the {{network.name_lower}} network. + default: {{network.name_lower|default(network.name|lower)}} type: string PortName: description: Name of the port default: '' type: string - ControlPlaneIP: # Here for compatability with noop.yaml + ControlPlaneIP: # Here for compatibility with noop.yaml description: IP address on the control plane default: '' type: string @@ -36,31 +36,37 @@ parameters: resources: - ExternalPort: + {{network.name}}Port: type: OS::Neutron::Port properties: - network: {get_param: ExternalNetName} + network: {get_param: {{network.name}}NetName} name: {get_param: PortName} fixed_ips: {get_param: FixedIPs} replacement_policy: AUTO outputs: ip_address: - description: external network IP - value: {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} + description: {{network.name}} network IP + value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} ip_address_uri: - description: external network IP with brackets suitable for a URL +{%- if network.ipv6 or ipv6_override|default(false) %} + description: {{network.name}} network IP (with brackets for IPv6 URLs) value: list_join: - '' - - '[' - - {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} + - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} - ']' +{%- else %} + description: {{network.name}} network IP (for compatibility with IPv6 URLs) + value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} +{%- endif %} ip_subnet: - description: IP/Subnet CIDR for the external network IP + description: IP/Subnet CIDR for the {{network.name}} network IP value: list_join: - '' - - - {get_attr: [ExternalPort, fixed_ips, 0, ip_address]} + - - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} - '/' - - {str_split: ['/', {get_attr: [ExternalPort, subnets, 0, cidr]}, 1]} + - {str_split: ['/', {get_attr: [{{network.name}}Port, subnets, 0, cidr]}, 1]} + diff --git a/network/ports/port.network.j2.yaml b/network/ports/port.network.j2.yaml index ded3e798..d0bd45ab 100644 --- a/network/ports/port.network.j2.yaml +++ b/network/ports/port.network.j2.yaml @@ -1,72 +1 @@ -heat_template_version: pike - -description: > - Creates a port on the {{network.name}} network. The IP address will be chosen - automatically if FixedIPs is empty. - -parameters: - {{network.name}}NetName: - description: Name of the {{network.name_lower}} neutron network - default: {{network.name_lower|default(network.name|lower)}} - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml - description: The name of the undercloud Neutron control plane - default: ctlplane - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - {{network.name}}Port: - type: OS::Neutron::Port - properties: - network: {get_param: {{network.name}}NetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: {{network.name}} network IP - value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} - ip_address_uri: -{%- if network.ipv6 %} - description: {{network.name}} network IP (with brackets for IPv6 URLs) - value: - list_join: - - '' - - - '[' - - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} - - ']' -{%- else %} - description: {{network.name}} network IP (for compatibility with IPv6 URLs) - value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} -{%- endif %} - ip_subnet: - description: IP/Subnet CIDR for the {{network.name}} network IP - value: - list_join: - - '' - - - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [{{network.name}}Port, subnets, 0, cidr]}, 1]} - +{% include 'port.j2' %} diff --git a/network/ports/port_from_pool.j2 b/network/ports/port_from_pool.j2 new file mode 100644 index 00000000..14b93692 --- /dev/null +++ b/network/ports/port_from_pool.j2 @@ -0,0 +1,65 @@ +heat_template_version: pike + +description: > + Creates a port on the {{network.name}} network, using a map of IPs per role. + Each role has a map of IPs in <Role>IPs parameters, with a list of IPs by + network (lower_name or lower case). For example: + ControllerIPs: + external: + - 1.2.3.4 # First controller + - 1.2.3.5 # Second controller + +parameters: + {{network.name}}NetName: + description: The name of the {{network.name_lower}} network. + default: {{network.name_lower}} + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatibility with noop.yaml + description: IP address on the control plane + default: '' + type: string + ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml + description: The name of the undercloud Neutron control plane + default: ctlplane + type: string + IPPool: # Set in <Role>IPs map, see environments/ips-from-pool-all.yaml + default: {} + type: json + NodeIndex: # First node in the role will get first IP, and so on... + default: 0 + type: number + {{network.name}}NetCidr: + default: {{network.ip_subnet}} + description: Cidr for the {{network.name_lower}} network. + type: string + +outputs: + ip_address: + description: {{network.name}} network IP + value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + ip_address_uri: +{%- if network.ipv6 or ipv6_override|default(false) %} + description: {{network.name}} network IP (with brackets for IPv6 URLs) + value: + list_join: + - '' + - - '[' + - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + - ']' +{%- else %} + description: {{network.name}} network IP (for compatibility with {{network.name_lower}}_v6.yaml) + value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} +{%- endif %} + ip_subnet: + description: IP/Subnet CIDR for the {{network.name}} network IP + value: + list_join: + - '' + - - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + - '/' + - {str_split: ['/', {get_param: {{network.name}}NetCidr}, 1]} + diff --git a/network/ports/port_from_pool.network.j2.yaml b/network/ports/port_from_pool.network.j2.yaml index 9c08ec76..ff863583 100644 --- a/network/ports/port_from_pool.network.j2.yaml +++ b/network/ports/port_from_pool.network.j2.yaml @@ -1,65 +1 @@ -heat_template_version: pike - -description: > - Creates a port on the {{network.name}} network, using a map of IPs per role. - Each role has a map of IPs in <Role>IPs parameters, with a list of IPs by - network (lower_name or lower case). For example: - ControllerIPs: - external: - - 1.2.3.4 # First controller - - 1.2.3.5 # Second controller - -parameters: - {{network.name}}NetName: - description: Name of the {{network.name}} neutron network - default: {{network.name_lower}} - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml - description: The name of the undercloud Neutron control plane - default: ctlplane - type: string - IPPool: # Set in <Role>IPs map, see environments/ips-from-pool-all.yaml - default: {} - type: json - NodeIndex: # First node in the role will get first IP, and so on... - default: 0 - type: number - {{network.name}}NetCidr: - default: {{network.ip_subnet}} - description: Cidr for the {{network.name_lower}} network. - type: string - -outputs: - ip_address: - description: {{network.name}} network IP - value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} - ip_address_uri: -{%- if network.ipv6 %} - description: {{network.name}} network IP (with brackets for IPv6 URLs) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} - - ']' -{%- else %} - description: {{network.name}} network IP (for compatibility with {{network.name_lower}}_v6.yaml) - value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} -{%- endif %} - ip_subnet: - description: IP/Subnet CIDR for the {{network.name}} network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: {{network.name}}NetCidr}, 1]} - +{% include 'port_from_pool.j2' %} diff --git a/network/ports/port_from_pool_v6.network.j2.yaml b/network/ports/port_from_pool_v6.network.j2.yaml new file mode 100644 index 00000000..689e1ad0 --- /dev/null +++ b/network/ports/port_from_pool_v6.network.j2.yaml @@ -0,0 +1,2 @@ +{% set ipv6_override = true -%} +{% include 'port_from_pool.j2' %} diff --git a/network/ports/port_v6.network.j2.yaml b/network/ports/port_v6.network.j2.yaml new file mode 100644 index 00000000..59709bde --- /dev/null +++ b/network/ports/port_v6.network.j2.yaml @@ -0,0 +1,2 @@ +{% set ipv6_override = true -%} +{% include 'port.j2' %} diff --git a/network/ports/storage.yaml b/network/ports/storage.yaml deleted file mode 100644 index 13e51ccf..00000000 --- a/network/ports/storage.yaml +++ /dev/null @@ -1,56 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the storage network. - -parameters: - StorageNetName: - description: The name of the storage network. - default: storage - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - StoragePort: - type: OS::Neutron::Port - properties: - network: {get_param: StorageNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: storage network IP - value: {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: storage network IP (for compatibility with storage_v6.yaml) - value: {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the storage network IP - value: - list_join: - - '' - - - {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [StoragePort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_from_pool.yaml b/network/ports/storage_from_pool.yaml deleted file mode 100644 index 11aa20c7..00000000 --- a/network/ports/storage_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - StorageNetName: - description: The name of the storage network. - default: storage - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - StorageNetCidr: - default: '172.16.1.0/24' - description: Cidr for the storage network. - type: string - -outputs: - ip_address: - description: storage network IP - value: {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: storage network IP (for compatibility with storage_v6.yaml) - value: {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the storage network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: StorageNetCidr}, 1]} diff --git a/network/ports/storage_from_pool_v6.yaml b/network/ports/storage_from_pool_v6.yaml deleted file mode 100644 index 2d2c3055..00000000 --- a/network/ports/storage_from_pool_v6.yaml +++ /dev/null @@ -1,52 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs. This version is for IPv6 - addresses. The ip_address_uri output will have brackets for use in URLs. - -parameters: - StorageNetName: - description: The name of the storage network. - default: storage - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - StorageNetCidr: - default: 'fd00:fd00:fd00:3000::/64' - description: Cidr for the storage network. - type: string - -outputs: - ip_address: - description: storage network IP - value: {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: storage network IP (for compatibility with storage_v6.yaml) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the storage network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: StorageNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: StorageNetCidr}, 1]} diff --git a/network/ports/storage_mgmt.yaml b/network/ports/storage_mgmt.yaml deleted file mode 100644 index c06c58ef..00000000 --- a/network/ports/storage_mgmt.yaml +++ /dev/null @@ -1,57 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the storage_mgmt API network. - -parameters: - StorageMgmtNetName: - description: The name of the Storage management network. - default: storage_mgmt - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - StorageMgmtPort: - type: OS::Neutron::Port - properties: - network: {get_param: StorageMgmtNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: storage_mgmt network IP - value: {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: | - storage_mgmt network IP (for compatibility with storage_mgmt_v6.yaml) - value: {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the storage_mgmt network IP - value: - list_join: - - '' - - - {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [StorageMgmtPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_mgmt_from_pool.yaml b/network/ports/storage_mgmt_from_pool.yaml deleted file mode 100644 index 07308a70..00000000 --- a/network/ports/storage_mgmt_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - StorageMgmtNetName: - description: The name of the Storage management network. - default: storage_mgmt - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - StorageMgmtNetCidr: - default: '172.16.3.0/24' - description: Cidr for the storage management network. - type: string - -outputs: - ip_address: - description: storage MGMT network IP - value: {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: storage MGMT network IP (for compatibility with storage_mgmt_v6.yaml) - value: {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the storage MGMT network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: StorageMgmtNetCidr}, 1]} diff --git a/network/ports/storage_mgmt_from_pool_v6.yaml b/network/ports/storage_mgmt_from_pool_v6.yaml deleted file mode 100644 index 1b30f0ce..00000000 --- a/network/ports/storage_mgmt_from_pool_v6.yaml +++ /dev/null @@ -1,52 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs This version is for IPv6 - addresses. The ip_address_uri output will have brackets for use in URLs. - -parameters: - StorageMgmtNetName: - description: The name of the Storage management network. - default: storage_mgmt - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - StorageMgmtNetCidr: - default: 'fd00:fd00:fd00:4000::/64' - description: Cidr for the storage management network. - type: string - -outputs: - ip_address: - description: storage MGMT network IP - value: {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: storage MGMT network IP (for compatibility with storage_mgmt_v6.yaml) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the storage MGMT network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: StorageMgmtNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: StorageMgmtNetCidr}, 1]} diff --git a/network/ports/storage_mgmt_v6.yaml b/network/ports/storage_mgmt_v6.yaml deleted file mode 100644 index c10b1393..00000000 --- a/network/ports/storage_mgmt_v6.yaml +++ /dev/null @@ -1,61 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the storage_mgmt API network. - -parameters: - StorageMgmtNetName: - description: The name of the Storage management network. - default: storage_mgmt - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - StorageMgmtPort: - type: OS::Neutron::Port - properties: - network: {get_param: StorageMgmtNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: storage_mgmt network IP - value: {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: storage_mgmt network IP with brackets suitable for a URI - value: - list_join: - - '' - - - '[' - - {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the storage_mgmt network IP - value: - list_join: - - '' - - - {get_attr: [StorageMgmtPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [StorageMgmtPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/storage_v6.yaml b/network/ports/storage_v6.yaml deleted file mode 100644 index c7d47c54..00000000 --- a/network/ports/storage_v6.yaml +++ /dev/null @@ -1,61 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the storage network. - -parameters: - StorageNetName: - description: The name of the storage network. - default: storage - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - StoragePort: - type: OS::Neutron::Port - properties: - network: {get_param: StorageNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: storage network IP - value: {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: storage network IP with brackets suitable for a URL - value: - list_join: - - '' - - - '[' - - {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the storage network IP - value: - list_join: - - '' - - - {get_attr: [StoragePort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [StoragePort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/tenant.yaml b/network/ports/tenant.yaml deleted file mode 100644 index 6c5eee38..00000000 --- a/network/ports/tenant.yaml +++ /dev/null @@ -1,56 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the tenant network. - -parameters: - TenantNetName: - description: The name of the tenant network. - default: tenant - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - TenantPort: - type: OS::Neutron::Port - properties: - network: {get_param: TenantNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: tenant network IP - value: {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: tenant network IP (for compatibility with tenant_v6.yaml) - value: {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - ip_subnet: - description: IP/Subnet CIDR for the tenant network IP - value: - list_join: - - '' - - - {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [TenantPort, subnets, 0, cidr]}, 1]} diff --git a/network/ports/tenant_from_pool.yaml b/network/ports/tenant_from_pool.yaml deleted file mode 100644 index 94c419df..00000000 --- a/network/ports/tenant_from_pool.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - TenantNetName: - description: The name of the tenant network. - default: tenant - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatibility with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - TenantNetCidr: - default: '172.16.0.0/24' - description: Cidr for the tenant network. - type: string - -outputs: - ip_address: - description: tenant network IP - value: {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: tenant network IP (for compatibility with tenant_v6.yaml) - value: {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - ip_subnet: - description: IP/Subnet CIDR for the tenant network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: TenantNetCidr}, 1]} diff --git a/network/ports/tenant_from_pool_v6.yaml b/network/ports/tenant_from_pool_v6.yaml deleted file mode 100644 index cc2b619a..00000000 --- a/network/ports/tenant_from_pool_v6.yaml +++ /dev/null @@ -1,51 +0,0 @@ -heat_template_version: pike - -description: > - Returns an IP from a network mapped list of IPs - -parameters: - TenantNetName: - description: The name of the tenant network. - default: tenant - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - IPPool: - default: {} - description: A network mapped list of IPs - type: json - NodeIndex: - default: 0 - description: Index of the IP to get from Pool - type: number - TenantNetCidr: - default: 'fd00:fd00:fd00:5000::/64' - description: Cidr for the tenant network. - type: string - -outputs: - ip_address: - description: tenant network IP - value: {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - ip_address_uri: - description: tenant network IP (for compatibility with tenant_v6.yaml) - value: - list_join: - - '' - - - '[' - - {get_param: [IPPool, {get_param: ExternalNetName}, {get_param: NodeIndex}]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the tenant network IP - value: - list_join: - - '' - - - {get_param: [IPPool, {get_param: TenantNetName}, {get_param: NodeIndex}]} - - '/' - - {str_split: ['/', {get_param: TenantNetCidr}, 1]} diff --git a/network/ports/tenant_v6.yaml b/network/ports/tenant_v6.yaml deleted file mode 100644 index 47d52d8a..00000000 --- a/network/ports/tenant_v6.yaml +++ /dev/null @@ -1,61 +0,0 @@ -heat_template_version: pike - -description: > - Creates a port on the tenant network. - -parameters: - TenantNetName: - description: The name of the tenant network. - default: tenant - type: string - PortName: - description: Name of the port - default: '' - type: string - ControlPlaneIP: # Here for compatability with noop.yaml - description: IP address on the control plane - default: '' - type: string - FixedIPs: - description: > - Control the IP allocation for the VIP port. E.g. - [{'ip_address':'1.2.3.4'}] - default: [] - type: json - IPPool: # Here for compatibility with from_pool.yaml - default: {} - type: json - NodeIndex: # Here for compatibility with from_pool.yaml - default: 0 - type: number - -resources: - - TenantPort: - type: OS::Neutron::Port - properties: - network: {get_param: TenantNetName} - name: {get_param: PortName} - fixed_ips: {get_param: FixedIPs} - replacement_policy: AUTO - -outputs: - ip_address: - description: tenant network IP - value: {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - ip_address_uri: - description: tenant network IP with brackets suitable for a URL - value: - list_join: - - '' - - - '[' - - {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - - ']' - ip_subnet: - description: IP/Subnet CIDR for the tenant network IP - value: - list_join: - - '' - - - {get_attr: [TenantPort, fixed_ips, 0, ip_address]} - - '/' - - {str_split: ['/', {get_attr: [TenantPort, subnets, 0, cidr]}, 1]} diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index ba8e5568..54646c38 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -106,7 +106,7 @@ parameters: InternalApiNetName: default: internal_api - description: The name of the internal API network. + description: The name of the internal_api network. type: string ExternalNetName: default: external @@ -122,7 +122,7 @@ parameters: type: string StorageMgmtNetName: default: storage_mgmt - description: The name of the Storage management network. + description: The name of the storage_mgmt network. type: string TenantNetName: default: tenant diff --git a/network/storage.yaml b/network/storage.yaml deleted file mode 100644 index 9729044d..00000000 --- a/network/storage.yaml +++ /dev/null @@ -1,65 +0,0 @@ -heat_template_version: pike - -description: > - Storage network. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - StorageNetCidr: - default: '172.16.1.0/24' - description: Cidr for the storage network. - type: string - StorageNetValueSpecs: - default: {'provider:physical_network': 'storage', 'provider:network_type': 'flat'} - description: Value specs for the storage network. - type: json - StorageNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - StorageNetEnableDHCP: - default: false - description: Whether to enable DHCP on the associated subnet. - type: boolean - StorageNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - StorageNetName: - default: storage - description: The name of the storage network. - type: string - StorageSubnetName: - default: storage_subnet - description: The name of the storage subnet in Neutron. - type: string - StorageAllocationPools: - default: [{'start': '172.16.1.4', 'end': '172.16.1.250'}] - description: Ip allocation pool range for the storage network. - type: json - -resources: - StorageNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: StorageNetAdminStateUp} - name: {get_param: StorageNetName} - shared: {get_param: StorageNetShared} - value_specs: {get_param: StorageNetValueSpecs} - - StorageSubnet: - type: OS::Neutron::Subnet - properties: - cidr: {get_param: StorageNetCidr} - enable_dhcp: {get_param: StorageNetEnableDHCP} - name: {get_param: StorageSubnetName} - network: {get_resource: StorageNetwork} - allocation_pools: {get_param: StorageAllocationPools} - gateway_ip: null - -outputs: - OS::stack_id: - description: Neutron storage network - value: {get_resource: StorageNetwork} - subnet_cidr: - value: {get_attr: [StorageSubnet, cidr]} diff --git a/network/storage_mgmt.yaml b/network/storage_mgmt.yaml deleted file mode 100644 index fc005573..00000000 --- a/network/storage_mgmt.yaml +++ /dev/null @@ -1,65 +0,0 @@ -heat_template_version: pike - -description: > - Storage management network. Storage replication, etc. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - StorageMgmtNetCidr: - default: '172.16.3.0/24' - description: Cidr for the storage management network. - type: string - StorageMgmtNetValueSpecs: - default: {'provider:physical_network': 'storage_mgmt', 'provider:network_type': 'flat'} - description: Value specs for the storage_mgmt network. - type: json - StorageMgmtNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - StorageMgmtNetEnableDHCP: - default: false - description: Whether to enable DHCP on the associated subnet. - type: boolean - StorageMgmtNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - StorageMgmtNetName: - default: storage_mgmt - description: The name of the Storage management network. - type: string - StorageMgmtSubnetName: - default: storage_mgmt_subnet - description: The name of the Storage management subnet in Neutron. - type: string - StorageMgmtAllocationPools: - default: [{'start': '172.16.3.4', 'end': '172.16.3.250'}] - description: Ip allocation pool range for the storage mgmt network. - type: json - -resources: - StorageMgmtNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: StorageMgmtNetAdminStateUp} - name: {get_param: StorageMgmtNetName} - shared: {get_param: StorageMgmtNetShared} - value_specs: {get_param: StorageMgmtNetValueSpecs} - - StorageMgmtSubnet: - type: OS::Neutron::Subnet - properties: - cidr: {get_param: StorageMgmtNetCidr} - enable_dhcp: {get_param: StorageMgmtNetEnableDHCP} - name: {get_param: StorageMgmtSubnetName} - network: {get_resource: StorageMgmtNetwork} - allocation_pools: {get_param: StorageMgmtAllocationPools} - gateway_ip: null - -outputs: - OS::stack_id: - description: Neutron storage management network - value: {get_resource: StorageMgmtNetwork} - subnet_cidr: - value: {get_attr: [StorageMgmtSubnet, cidr]} diff --git a/network/storage_mgmt_v6.yaml b/network/storage_mgmt_v6.yaml index cef87de9..7ed4c92e 100644 --- a/network/storage_mgmt_v6.yaml +++ b/network/storage_mgmt_v6.yaml @@ -8,7 +8,7 @@ parameters: StorageMgmtNetCidr: # OpenStack uses the EUI-64 address format, which requires a /64 prefix default: 'fd00:fd00:fd00:4000::/64' - description: Cidr for the storage management network. + description: Cidr for the storage_mgmt network. type: string StorageMgmtNetValueSpecs: default: {'provider:physical_network': 'storage_mgmt', 'provider:network_type': 'flat'} @@ -24,15 +24,15 @@ parameters: type: boolean StorageMgmtNetName: default: storage_mgmt - description: The name of the Storage management network. + description: The name of the storage_mgmt network. type: string StorageMgmtSubnetName: default: storage_mgmt_subnet - description: The name of the Storage management subnet in Neutron. + description: The name of the storage_mgmt subnet in Neutron. type: string StorageMgmtAllocationPools: default: [{'start': 'fd00:fd00:fd00:4000::10', 'end': 'fd00:fd00:fd00:4000:ffff:ffff:ffff:fffe'}] - description: Ip allocation pool range for the storage mgmt network. + description: Ip allocation pool range for the storage_mgmt network. type: json IPv6AddressMode: default: dhcpv6-stateful diff --git a/network/tenant.yaml b/network/tenant.yaml deleted file mode 100644 index 67c4abbc..00000000 --- a/network/tenant.yaml +++ /dev/null @@ -1,65 +0,0 @@ -heat_template_version: pike - -description: > - Tenant network. - -parameters: - # the defaults here work for static IP assignment (IPAM) only - TenantNetCidr: - default: '172.16.0.0/24' - description: Cidr for the tenant network. - type: string - TenantNetValueSpecs: - default: {'provider:physical_network': 'tenant', 'provider:network_type': 'flat'} - description: Value specs for the tenant network. - type: json - TenantNetAdminStateUp: - default: false - description: The admin state of the network. - type: boolean - TenantNetEnableDHCP: - default: false - description: Whether to enable DHCP on the associated subnet. - type: boolean - TenantNetShared: - default: false - description: Whether this network is shared across all tenants. - type: boolean - TenantNetName: - default: tenant - description: The name of the tenant network. - type: string - TenantSubnetName: - default: tenant_subnet - description: The name of the tenant subnet in Neutron. - type: string - TenantAllocationPools: - default: [{'start': '172.16.0.4', 'end': '172.16.0.250'}] - description: Ip allocation pool range for the tenant network. - type: json - -resources: - TenantNetwork: - type: OS::Neutron::Net - properties: - admin_state_up: {get_param: TenantNetAdminStateUp} - name: {get_param: TenantNetName} - shared: {get_param: TenantNetShared} - value_specs: {get_param: TenantNetValueSpecs} - - TenantSubnet: - type: OS::Neutron::Subnet - properties: - cidr: {get_param: TenantNetCidr} - enable_dhcp: {get_param: TenantNetEnableDHCP} - name: {get_param: TenantSubnetName} - network: {get_resource: TenantNetwork} - allocation_pools: {get_param: TenantAllocationPools} - gateway_ip: null - -outputs: - OS::stack_id: - description: Neutron tenant network - value: {get_resource: TenantNetwork} - subnet_cidr: - value: {get_attr: [TenantSubnet, cidr]} diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 63868b54..0f0e9ceb 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -195,6 +195,7 @@ resource_registry: OS::TripleO::Services::NovaLibvirt: puppet/services/nova-libvirt.yaml OS::TripleO::Services::NovaMigrationTarget: puppet/services/nova-migration-target.yaml OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml + OS::TripleO::Services::ContainersLogrotateCrond: OS::Heat::None OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None OS::TripleO::Services::SwiftStorage: puppet/services/swift-storage.yaml @@ -263,6 +264,7 @@ resource_registry: OS::TripleO::Services::NeutronML2FujitsuFossw: OS::Heat::None OS::TripleO::Services::CinderBackendDellPs: OS::Heat::None OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None + OS::TripleO::Services::CinderBackendDellEMCUnity: OS::Heat::None OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None OS::TripleO::Services::CinderBackendScaleIO: OS::Heat::None OS::TripleO::Services::CinderBackendVRTSHyperScale: OS::Heat::None @@ -279,7 +281,6 @@ resource_registry: OS::TripleO::Services::NeutronVppAgent: OS::Heat::None OS::TripleO::Services::Docker: OS::Heat::None OS::TripleO::Services::CertmongerUser: OS::Heat::None - OS::TripleO::Services::Iscsid: OS::Heat::None OS::TripleO::Services::Clustercheck: OS::Heat::None OS::TripleO::Services::VRTSHyperScale: OS::Heat::None diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index a7a4fe25..2e398671 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -21,40 +21,44 @@ description: > parameters: # Common parameters (not specific to a role) +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} + # Special case the External hostname param, which is CloudName CloudName: default: overcloud.localdomain description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org type: string +{%- elif network.name == 'InternalApi' %} + # Special case the Internal API hostname param, which is CloudNameInternal CloudNameInternal: - default: overcloud.internalapi.localdomain + default: overcloud.{{network.name.lower()}}.localdomain description: > - The DNS name of this cloud's internal API endpoint. E.g. - 'ci-overcloud.internalapi.tripleo.org'. + The DNS name of this cloud's {{network.name_lower}} endpoint. E.g. + 'ci-overcloud.{{network.name.lower()}}.tripleo.org'. type: string - CloudNameStorage: - default: overcloud.storage.localdomain +{%- elif network.name == 'StorageMgmt' %} + # Special case StorageMgmt hostname param, which is CloudNameStorageManagement + CloudNameStorageManagement: + default: overcloud.{{network.name.lower()}}.localdomain description: > - The DNS name of this cloud's storage endpoint. E.g. - 'ci-overcloud.storage.tripleo.org'. + The DNS name of this cloud's {{network.name_lower}} endpoint. E.g. + 'ci-overcloud.{{network.name.lower()}}.tripleo.org'. type: string - CloudNameStorageManagement: - default: overcloud.storagemgmt.localdomain +{%- else %} + CloudName{{network.name}}: + default: overcloud.{{network.name.lower()}}.localdomain description: > - The DNS name of this cloud's storage management endpoint. E.g. - 'ci-overcloud.storagemgmt.tripleo.org'. + The DNS name of this cloud's {{network.name_lower}} endpoint. E.g. + 'ci-overcloud.{{network.name.lower()}}.tripleo.org'. type: string +{%- endif %} +{%- endfor %} CloudNameCtlplane: default: overcloud.ctlplane.localdomain description: > The DNS name of this cloud's provisioning network endpoint. E.g. 'ci-overcloud.ctlplane.tripleo.org'. type: string - ControlFixedIPs: - default: [] - description: > - Control the IP allocation for the ControlVirtualIP port. E.g. - [{'ip_address':'1.2.3.4'}] - type: json ExtraConfig: default: {} description: | @@ -77,12 +81,6 @@ parameters: description: | DEPRECATED use ComputeExtraConfig instead type: json - InternalApiVirtualFixedIPs: - default: [] - description: > - Control the IP allocation for the InternalApiVirtualInterface port. E.g. - [{'ip_address':'1.2.3.4'}] - type: json NeutronControlPlaneID: default: 'ctlplane' type: string @@ -91,28 +89,34 @@ parameters: default: nic1 description: Which interface to add to the NeutronPhysicalBridge. type: string - PublicVirtualFixedIPs: + ControlFixedIPs: default: [] description: > - Control the IP allocation for the PublicVirtualInterface port. E.g. + Control the IP allocation for the ControlVirtualIP port. E.g. [{'ip_address':'1.2.3.4'}] type: json - RabbitCookieSalt: - type: string - default: unset - description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. - StorageVirtualFixedIPs: +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} + # TODO (dsneddon) Legacy name, eventually refactor to match network name + PublicVirtualFixedIPs: default: [] description: > - Control the IP allocation for the StorageVirtualInterface port. E.g. + Control the IP allocation for the PublicVirtualInterface port. E.g. [{'ip_address':'1.2.3.4'}] type: json - StorageMgmtVirtualFixedIPs: +{%- else %} + {{network.name}}VirtualFixedIPs: default: [] description: > - Control the IP allocation for the StorageMgmgVirtualInterface port. E.g. + Control the IP allocation for the {{network.name}}VirtualInterface port. E.g. [{'ip_address':'1.2.3.4'}] type: json +{%- endif %} +{%- endfor %} + RabbitCookieSalt: + type: string + default: unset + description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change. RedisVirtualFixedIPs: default: [] description: > @@ -240,28 +244,38 @@ resources: - - str_replace: template: IP HOST params: - IP: {get_attr: [VipMap, net_ip_map, external]} - HOST: {get_param: CloudName} + IP: {get_attr: [VipMap, net_ip_map, ctlplane]} + HOST: {get_param: CloudNameCtlplane} +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} + # Special case the External hostname param, which is CloudName - str_replace: template: IP HOST params: - IP: {get_attr: [VipMap, net_ip_map, ctlplane]} - HOST: {get_param: CloudNameCtlplane} + IP: {get_attr: [VipMap, net_ip_map, {{network.name_lower}}]} + HOST: {get_param: CloudName} +{%- elif network.name == 'InternalApi' %} + # Special case the Internal API hostname param, which is CloudNameInternal - str_replace: template: IP HOST params: - IP: {get_attr: [VipMap, net_ip_map, internal_api]} + IP: {get_attr: [VipMap, net_ip_map, {{network.name_lower}}]} HOST: {get_param: CloudNameInternal} +{%- elif network.name == 'StorageMgmt' %} + # Special case StorageMgmt hostname param, which is CloudNameStorageManagement - str_replace: template: IP HOST params: - IP: {get_attr: [VipMap, net_ip_map, storage]} - HOST: {get_param: CloudNameStorage} + IP: {get_attr: [VipMap, net_ip_map, {{network.name_lower}}]} + HOST: {get_param: CloudNameStorageManagement} +{%- else %} - str_replace: template: IP HOST params: - IP: {get_attr: [VipMap, net_ip_map, storage_mgmt]} - HOST: {get_param: CloudNameStorageManagement} + IP: {get_attr: [VipMap, net_ip_map, {{network.name_lower}}]} + HOST: {get_param: CloudName{{network.name}}} +{%- endif %} +{%- endfor %} HeatAuthEncryptionKey: type: OS::TripleO::RandomString @@ -297,11 +311,21 @@ resources: type: OS::TripleO::EndpointMap properties: CloudEndpoints: - external: {get_param: CloudName} - internal_api: {get_param: CloudNameInternal} - storage: {get_param: CloudNameStorage} - storage_mgmt: {get_param: CloudNameStorageManagement} ctlplane: {get_param: CloudNameCtlplane} +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} + # Special case the External hostname param, which is CloudName + {{network.name_lower}}: {get_param: CloudName} +{%- elif network.name == 'InternalApi' %} + # Special case the Internal API hostname param, which is CloudNameInternal + {{network.name_lower}}: {get_param: CloudNameInternal} +{%- elif network.name == 'StorageMgmt' %} + # Special case StorageMgmt hostname param, which is CloudNameStorageManagement + {{network.name_lower}}: {get_param: CloudNameStorageManagement} +{%- else %} + {{network.name_lower}}: {get_param: CloudName{{network.name}}} +{%- endif %} +{%- endfor %} NetIpMap: {get_attr: [VipMap, net_ip_map]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} @@ -458,12 +482,9 @@ resources: type: OS::TripleO::Network::Ports::NetIpListMap properties: ControlPlaneIpList: {get_attr: [{{role.name}}, ip_address]} - ExternalIpList: {get_attr: [{{role.name}}, external_ip_address]} - InternalApiIpList: {get_attr: [{{role.name}}, internal_api_ip_address]} - StorageIpList: {get_attr: [{{role.name}}, storage_ip_address]} - StorageMgmtIpList: {get_attr: [{{role.name}}, storage_mgmt_ip_address]} - TenantIpList: {get_attr: [{{role.name}}, tenant_ip_address]} - ManagementIpList: {get_attr: [{{role.name}}, management_ip_address]} +{%- for network in networks if network.enabled|default(true) %} + {{network.name}}IpList: {get_attr: [{{role.name}}, {{network.name_lower}}_ip_address]} +{%- endfor %} EnabledServices: {get_attr: [{{role.name}}ServiceNames, value]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} ServiceHostnameList: {get_attr: [{{role.name}}, hostname]} @@ -582,10 +603,20 @@ resources: allNodesConfig: type: OS::TripleO::AllNodes::SoftwareConfig properties: - cloud_name_external: {get_param: CloudName} - cloud_name_internal_api: {get_param: CloudNameInternal} - cloud_name_storage: {get_param: CloudNameStorage} - cloud_name_storage_mgmt: {get_param: CloudNameStorageManagement} +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} + # Special case the External hostname param, which is CloudName + cloud_name_{{network.name_lower}}: {get_param: CloudName} +{%- elif network.name == 'InternalApi' %} + # Special case the Internal API hostname param, which is CloudNameInternal + cloud_name_{{network.name_lower}}: {get_param: CloudNameInternal} +{%- elif network.name == 'StorageMgmt' %} + # Special case StorageMgmt hostname param, which is CloudNameStorageManagement + cloud_name_{{network.name_lower}}: {get_param: CloudNameStorageManagement} +{%- else %} + cloud_name_{{network.name_lower}}: {get_param: CloudName{{network.name}}} +{%- endif %} +{%- endfor %} cloud_name_ctlplane: {get_param: CloudNameCtlplane} enabled_services: list_join: @@ -699,6 +730,8 @@ resources: ServiceName: redis FixedIPs: {get_param: RedisVirtualFixedIPs} +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} # The public VIP is on the External net, falls back to ctlplane PublicVirtualIP: depends_on: Networks @@ -708,43 +741,38 @@ resources: ControlPlaneNetwork: {get_param: NeutronControlPlaneID} PortName: public_virtual_ip FixedIPs: {get_param: PublicVirtualFixedIPs} - - InternalApiVirtualIP: +{%- elif network.name == 'StorageMgmt' %} + {{network.name}}VirtualIP: depends_on: Networks - type: OS::TripleO::Network::Ports::InternalApiVipPort + type: OS::TripleO::Network::Ports::{{network.name}}VipPort properties: ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - PortName: internal_api_virtual_ip - FixedIPs: {get_param: InternalApiVirtualFixedIPs} - - StorageVirtualIP: - depends_on: Networks - type: OS::TripleO::Network::Ports::StorageVipPort - properties: - ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - PortName: storage_virtual_ip - FixedIPs: {get_param: StorageVirtualFixedIPs} - - StorageMgmtVirtualIP: + PortName: storage_management_virtual_ip + FixedIPs: {get_param: {{network.name}}VirtualFixedIPs} +{%- else %} + {{network.name}}VirtualIP: depends_on: Networks - type: OS::TripleO::Network::Ports::StorageMgmtVipPort + type: OS::TripleO::Network::Ports::{{network.name}}VipPort properties: ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} - PortName: storage_management_virtual_ip - FixedIPs: {get_param: StorageMgmtVirtualFixedIPs} + PortName: {{network.name_lower}}_virtual_ip + FixedIPs: {get_param: {{network.name}}VirtualFixedIPs} +{%- endif %} +{%- endfor %} VipMap: type: OS::TripleO::Network::Ports::NetVipMap properties: ControlPlaneIp: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]} +{%- for network in networks if network.vip|default(false) %} +{%- if network.name == 'External' %} ExternalIp: {get_attr: [PublicVirtualIP, ip_address]} ExternalIpUri: {get_attr: [PublicVirtualIP, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiVirtualIP, ip_address]} - InternalApiIpUri: {get_attr: [InternalApiVirtualIP, ip_address_uri]} - StorageIp: {get_attr: [StorageVirtualIP, ip_address]} - StorageIpUri: {get_attr: [StorageVirtualIP, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtVirtualIP, ip_address]} - StorageMgmtIpUri: {get_attr: [StorageMgmtVirtualIP, ip_address_uri]} +{%- else %} + {{network.name}}Ip: {get_attr: [{{network.name}}VirtualIP, ip_address]} + {{network.name}}IpUri: {get_attr: [{{network.name}}VirtualIP, ip_address_uri]} +{%- endif %} +{%- endfor %} # No tenant or management VIP required # Because of nested get_attr functions in the KeystoneAdminVip output, we # can't determine which attributes of VipMap are used until after @@ -758,24 +786,12 @@ resources: PingTestIps: list_join: - ' ' - - - yaql: - expression: coalesce($.data, []).first(null) - data: {get_attr: [{{primary_role_name}}, external_ip_address]} - - yaql: - expression: coalesce($.data, []).first(null) - data: {get_attr: [{{primary_role_name}}, internal_api_ip_address]} - - yaql: - expression: coalesce($.data, []).first(null) - data: {get_attr: [{{primary_role_name}}, storage_ip_address]} - - yaql: - expression: coalesce($.data, []).first(null) - data: {get_attr: [{{primary_role_name}}, storage_mgmt_ip_address]} - - yaql: - expression: coalesce($.data, []).first(null) - data: {get_attr: [{{primary_role_name}}, tenant_ip_address]} + - +{%- for network in networks if network.enabled|default(true) %} - yaql: expression: coalesce($.data, []).first(null) - data: {get_attr: [{{primary_role_name}}, management_ip_address]} + data: {get_attr: [{{primary_role_name}}, {{network.name_lower}}_ip_address]} +{%- endfor %} UpdateWorkflow: type: OS::TripleO::Tasks::UpdateWorkflow diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 24aa1525..3044fe39 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -76,7 +76,7 @@ parameters: InternalApiNetName: default: internal_api - description: The name of the internal API network. + description: The name of the internal_api network. type: string ExternalNetName: default: external @@ -92,7 +92,7 @@ parameters: type: string StorageMgmtNetName: default: storage_mgmt - description: The name of the Storage management network. + description: The name of the storage_mgmt network. type: string TenantNetName: default: tenant diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index ce9f9b9d..f6573f6c 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -11,7 +11,7 @@ parameters: type: string hidden: true CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: @@ -61,6 +61,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ManilaCephFSNativeCephFSAuthId: + type: string + default: 'manila' + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true # DEPRECATED options for compatibility with overcloud.yaml # This should be removed and manipulation of the ControllerServices list # used instead, but we need client support for that first @@ -133,6 +141,14 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + MANILA_CLIENT_KEY: + mode: '0644' + secret: {get_param: CephManilaClientKey} + cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"' + cap_mds: 'allow *' + cap_osd: 'allow rw' - keys: CEPH_CLIENT_KEY: list_join: ['.', ['client', {get_param: CephClientUserName}]] + MANILA_CLIENT_KEY: + list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]] diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index 97e44159..1459b851 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -5,7 +5,7 @@ description: > parameters: CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClientUserName: @@ -68,6 +68,14 @@ parameters: image. Only applies to format 2 images. Set to '1' for Jewel clients using older Ceph servers. type: string + ManilaCephFSNativeCephFSAuthId: + type: string + default: 'manila' + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true outputs: role_data: @@ -94,9 +102,17 @@ outputs: CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName} GLANCE_POOL: {get_param: GlanceRbdPoolName} GNOCCHI_POOL: {get_param: GnocchiRbdPoolName} + MANILA_CLIENT_KEY: + mode: '0644' + secret: {get_param: CephManilaClientKey} + cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"' + cap_mds: 'allow *' + cap_osd: 'allow rw' - keys: CEPH_CLIENT_KEY: list_join: ['.', ['client', {get_param: CephClientUserName}]] + MANILA_CLIENT_KEY: + list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]] ceph::profile::params::manage_repo: false # FIXME(gfidente): we should not have to list the packages explicitly in # the templates, but this should stay until the following is fixed: diff --git a/puppet/services/ceph-mds.yaml b/puppet/services/ceph-mds.yaml index c561ea0e..ad799edb 100644 --- a/puppet/services/ceph-mds.yaml +++ b/puppet/services/ceph-mds.yaml @@ -35,6 +35,15 @@ parameters: with ceph-authtool --gen-print-key. type: string hidden: true + ManilaCephFSDataPoolName: + default: manila_data + type: string + ManilaCephFSMetadataPoolName: + default: manila_metadata + type: string + ManilaCephFSNativeShareBackendName: + default: cephfs + type: string resources: CephBase: @@ -60,5 +69,8 @@ outputs: '112 ceph_mds': dport: - '6800-7300' + ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName} + ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName} + ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName} step_config: | include ::tripleo::profile::base::ceph::mds diff --git a/puppet/services/cinder-backend-dellemc-unity.yaml b/puppet/services/cinder-backend-dellemc-unity.yaml new file mode 100644 index 00000000..c8b8bd8f --- /dev/null +++ b/puppet/services/cinder-backend-dellemc-unity.yaml @@ -0,0 +1,85 @@ +# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: pike + +description: > + Openstack Cinder Dell EMC Unity backend + +parameters: + CinderEnableDellEMCUnityBackend: + type: boolean + default: true + CinderDellEMCUnityBackendName: + type: string + default: 'tripleo_dellemc_unity' + CinderDellEMCUnitySanIp: + type: string + CinderDellEMCUnitySanLogin: + type: string + default: 'Admin' + CinderDellEMCUnitySanPassword: + type: string + hidden: true + CinderDellEMCUnityStorageProtocol: + type: string + default: 'iSCSI' + CinderDellEMCUnityIoPorts: + type: string + default: '' + CinderDellEMCUnityStoragePoolNames: + type: string + default: '' + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Dell EMC Storage Center backend. + value: + service_name: cinder_backend_dellemc_unity + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_dellemc_unity_backend: {get_param: CinderEnableDellEMCUnityBackend} + cinder::backend::dellemc_unity::volume_backend_name: {get_param: CinderDellEMCUnityBackendName} + cinder::backend::dellemc_unity::san_ip: {get_param: CinderDellEMCUnitySanIp} + cinder::backend::dellemc_unity::san_login: {get_param: CinderDellEMCUnitySanLogin} + cinder::backend::dellemc_unity::san_password: {get_param: CinderDellEMCUnitySanPassword} + cinder::backend::dellemc_unity::storage_protocol: {get_param: CinderDellEMCUnityStorageProtocol} + cinder::backend::dellemc_unity::unity_io_ports: {get_param: CinderDellEMCUnityIoPorts} + cinder::backend::dellemc_unity::unity_storage_pool_names: {get_param: CinderDellEMCUnityStoragePoolNames} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/docker.yaml b/puppet/services/docker.yaml index d11ef66a..2cda08eb 100644 --- a/puppet/services/docker.yaml +++ b/puppet/services/docker.yaml @@ -7,8 +7,9 @@ parameters: DockerInsecureRegistryAddress: description: Optional. The IP Address and Port of an insecure docker namespace that will be configured in /etc/sysconfig/docker. - type: string - default: '' + The value can be multiple addresses separated by commas. + type: comma_delimited_list + default: [] EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set @@ -37,7 +38,7 @@ parameters: type: json conditions: - insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, '']} + insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, []]} outputs: role_data: @@ -48,11 +49,10 @@ outputs: if: - insecure_registry_is_empty - {} - - tripleo::profile::base::docker::insecure_registry_address: {get_param: DockerInsecureRegistryAddress} + - tripleo::profile::base::docker::insecure_registries: {get_param: DockerInsecureRegistryAddress} step_config: | include ::tripleo::profile::base::docker upgrade_tasks: - name: Install docker packages on upgrade if missing tags: step3 yum: name=docker state=latest - diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml index 642685a8..e0173d88 100644 --- a/puppet/services/haproxy-internal-tls-certmonger.yaml +++ b/puppet/services/haproxy-internal-tls-certmonger.yaml @@ -86,7 +86,6 @@ outputs: - - {get_param: HAProxyInternalTLSKeysDirectory} - '/overcloud-haproxy-NETWORK.key' hostname: "%{hiera('cloud_name_NETWORK')}" - postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_NETWORK')}" for_each: NETWORK: {get_attr: [HAProxyNetworks, value]} diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml index b2766c44..14d171dc 100644 --- a/puppet/services/haproxy-public-tls-certmonger.yaml +++ b/puppet/services/haproxy-public-tls-certmonger.yaml @@ -71,7 +71,6 @@ outputs: - - {get_param: HAProxyInternalTLSKeysDirectory} - '/overcloud-haproxy-external.key' hostname: "%{hiera('cloud_name_external')}" - postsave_cmd: "" # TODO principal: "haproxy/%{hiera('cloud_name_external')}" metadata_settings: - service: haproxy diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 63ab92eb..642a0f09 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -67,6 +67,14 @@ parameters: MonitoringSubscriptionHorizon: default: 'overcloud-horizon' type: string + EnableInternalTLS: + type: boolean + default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. conditions: @@ -109,6 +117,14 @@ outputs: - {get_param: [DefaultPasswords, horizon_secret]} horizon::secure_cookies: {get_param: [HorizonSecureCookies]} memcached_ipv6: {get_param: MemcachedIPv6} + horizon::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]} + horizon::listen_ssl: {get_param: EnableInternalTLS} + horizon::horizon_ca: {get_param: InternalTLSCAFile} - if: - debug_unset diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 9d6b508b..9207d99f 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -52,12 +52,6 @@ parameters: ManilaCephFSNativeCephFSEnableSnapshots: type: boolean default: false - ManilaCephFSDataPoolName: - default: manila_data - type: string - ManilaCephFSMetadataPoolName: - default: manila_metadata - type: string # (jprovazn) default value is set to assure this templates works with an # external ceph too (user/key is created only when ceph is deployed by # TripleO) @@ -81,7 +75,4 @@ outputs: manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName} manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots} manila::backend::cephfsnative::ceph_client_key: {get_param: CephManilaClientKey} - ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName} - ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName} - ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName} step_config: diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 81f12f01..30f34777 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -57,10 +57,15 @@ parameters: default: tag: openstack.neutron.agent.metadata path: /var/log/neutron/metadata-agent.log + EnableInternalTLS: + type: boolean + default: false conditions: neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']} + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + resources: NeutronBase: @@ -90,6 +95,17 @@ outputs: neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } neutron::agents::metadata::auth_tenant: 'service' neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}" + neutron::agents::metadata::metadata_host: + str_replace: + template: + "%{hiera('cloud_name_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + neutron::agents::metadata::metadata_protocol: + if: + - internal_tls_enabled + - 'https' + - 'http' - if: - neutron_workers_unset diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index bc91374a..1ea6b1ae 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -76,6 +76,12 @@ parameters: description: Firewall driver for realizing neutron security group function type: string default: 'openvswitch' + NeutronOverlayIPVersion: + default: 4 + description: IP version used for all overlay network endpoints. + type: number + constraints: + - allowed_values: [4,6] resources: NeutronBase: @@ -105,6 +111,7 @@ outputs: neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges} neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType} neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver} + neutron::plugins::ml2::overlay_ip_version: {get_param: NeutronOverlayIPVersion} step_config: | include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 36866a3a..22a743e0 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -37,7 +37,7 @@ parameters: default: openstack type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 04936c33..df9e88fb 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -34,7 +34,7 @@ parameters: default: openstack type: string CephClientKey: - description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. type: string hidden: true CephClusterFSID: @@ -162,7 +162,7 @@ outputs: dport: - 16514 - '49152-49215' - - '5900-5999' + - '5900-6923' - if: diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml index ca9eed09..3ac5f300 100644 --- a/puppet/services/nova-metadata.yaml +++ b/puppet/services/nova-metadata.yaml @@ -34,10 +34,26 @@ parameters: default: 0 description: Number of workers for Nova services. type: number + EnableInternalTLS: + type: boolean + default: false conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} + use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} + +resources: + + TLSProxyBase: + type: OS::TripleO::Services::TLSProxyBase + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + outputs: role_data: description: Role data for the Nova Metadata service. @@ -45,10 +61,29 @@ outputs: service_name: nova_metadata config_settings: map_merge: - - nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + - get_attr: [TLSProxyBase, role_data, config_settings] + - nova::api::metadata_listen: + if: + - use_tls_proxy + - 'localhost' + - {get_param: [ServiceNetMap, NovaMetadataNetwork]} - if: - nova_workers_zero - {} - nova::api::metadata_workers: {get_param: NovaWorkers} + - + if: + - use_tls_proxy + - tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip: + get_param: [ServiceNetMap, NovaMetadataNetwork] + tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]} + - {} step_config: "" + metadata_settings: + get_attr: [TLSProxyBase, role_data, metadata_settings] diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index a1134f3e..f4675875 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -66,11 +66,17 @@ outputs: resource: openstack-cinder-volume state: disable wait_for_resource: true - - name: Sync cinder DB + - name: get bootstrap nodeid tags: step5 - command: cinder-manage db sync - - name: Start cinder_volume service (pacemaker) - tags: step5 - pacemaker_resource: - resource: openstack-cinder-volume - state: enable + command: hiera bootstrap_nodeid + register: bootstrap_node + - block: + - name: Sync cinder DB + tags: step5 + command: cinder-manage db sync + - name: Start cinder_volume service (pacemaker) + tags: step5 + pacemaker_resource: + resource: openstack-cinder-volume + state: enable + when: bootstrap_node.stdout == ansible_hostname diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar-api.yaml index 4a1ad179..82d105ef 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar-api.yaml @@ -87,9 +87,9 @@ resources: outputs: role_data: - description: Shared role data for the Heat services. + description: Shared role data for the Zaqar services. value: - service_name: zaqar + service_name: zaqar_api config_settings: map_merge: - get_attr: [ApacheServiceBase, role_data, config_settings] diff --git a/releasenotes/notes/Change-zaqar-profile-path-7b00c68c0812fb3d.yaml b/releasenotes/notes/Change-zaqar-profile-path-7b00c68c0812fb3d.yaml new file mode 100644 index 00000000..52db34b6 --- /dev/null +++ b/releasenotes/notes/Change-zaqar-profile-path-7b00c68c0812fb3d.yaml @@ -0,0 +1,6 @@ +--- +upgrade: + - | + The path to the zaqar profile has changed from puppet/services/zaqar.yaml to + puppet/services/zaqar-api.yaml. Make sure to update any references to this + in the resource registry. diff --git a/releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml b/releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml new file mode 100644 index 00000000..764686f4 --- /dev/null +++ b/releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - | + Both environments/network-management.yaml and environments/network-management-v6.yaml + are now deprecated in favor of specifying the needed networks on each role. diff --git a/releasenotes/notes/dont-unregister-on-delete-9708f7cbc73a0d2f.yaml b/releasenotes/notes/dont-unregister-on-delete-9708f7cbc73a0d2f.yaml new file mode 100644 index 00000000..96e6234d --- /dev/null +++ b/releasenotes/notes/dont-unregister-on-delete-9708f7cbc73a0d2f.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - Don't unregister systems from the portal/satellite + when deleting from Heat. There are several reasons why + it's compelling to fix this behavior. See + https://bugs.launchpad.net/tripleo/+bug/1710144 + for full information. The previous behavior can be triggered + by setting the DeleteOnRHELUnregistration parameter to "true". diff --git a/releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml b/releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml new file mode 100644 index 00000000..e417f5f2 --- /dev/null +++ b/releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - | + Fix Heat condition for RHEL registration yum update + There were 2 problems with this condition making the + rhel-registration.yaml template broken: "conditions" should be "condition" + and the condition should refer to just a condition name defined in the + "conditions:" section of the template. See + https://bugs.launchpad.net/tripleo/+bug/1709916 diff --git a/releasenotes/notes/neutron-ml2-overlay-ip-version-4f14932355847aa0.yaml b/releasenotes/notes/neutron-ml2-overlay-ip-version-4f14932355847aa0.yaml new file mode 100644 index 00000000..1c20b26d --- /dev/null +++ b/releasenotes/notes/neutron-ml2-overlay-ip-version-4f14932355847aa0.yaml @@ -0,0 +1,5 @@ +--- +features: + - Add NeutronOverlayIPVersion parameter to congfigure neutron ML2 + overlay_ip_version option. This parameter should be set to 6 when user + requires tenant vxlan tunnel endpoints to be IPv6. diff --git a/releasenotes/notes/unity_cinder_e9872898724a11e7.yaml b/releasenotes/notes/unity_cinder_e9872898724a11e7.yaml new file mode 100644 index 00000000..f2edb9f7 --- /dev/null +++ b/releasenotes/notes/unity_cinder_e9872898724a11e7.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Add support for Dell EMC Unity cinder driver diff --git a/releasenotes/notes/workaround-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml b/releasenotes/notes/workaround-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml new file mode 100644 index 00000000..04b21fba --- /dev/null +++ b/releasenotes/notes/workaround-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - Workaround systems getting registered as "localhost" during + RHEL registration if they don't have a fqdn set by first + rm'ing the /etc/rhsm/facts directory. When the directory does not + exist, the katello-rshm-consumer which runs when installing + the katello-ca-consumer will not set the hostname.override fact to + "localhost". See https://bugs.launchpad.net/tripleo/+bug/1711435 diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py index 939b263c..9d46018a 100644 --- a/releasenotes/source/conf.py +++ b/releasenotes/source/conf.py @@ -52,7 +52,7 @@ copyright = u'2017, TripleO Developers' # built documents. # # The full version, including alpha/beta/rc tags. -release = '7.0.0.0b3' +release = '7.0.0.0rc1' # The short X.Y version. version = '7.0.0' diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml index e4fdfa44..9d1bef08 100644 --- a/roles/BlockStorage.yaml +++ b/roles/BlockStorage.yaml @@ -21,6 +21,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/CephStorage.yaml b/roles/CephStorage.yaml index f3978c5b..8e62e8e7 100644 --- a/roles/CephStorage.yaml +++ b/roles/CephStorage.yaml @@ -18,6 +18,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/Compute.yaml b/roles/Compute.yaml index ce5ab742..9d2c8189 100644 --- a/roles/Compute.yaml +++ b/roles/Compute.yaml @@ -44,6 +44,7 @@ - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient diff --git a/roles/ComputeHCI.yaml b/roles/ComputeHCI.yaml index 0e8a90b7..0216b04a 100644 --- a/roles/ComputeHCI.yaml +++ b/roles/ComputeHCI.yaml @@ -35,6 +35,7 @@ - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient diff --git a/roles/ComputeOvsDpdk.yaml b/roles/ComputeOvsDpdk.yaml index 7c3cd218..9b94710d 100644 --- a/roles/ComputeOvsDpdk.yaml +++ b/roles/ComputeOvsDpdk.yaml @@ -31,6 +31,7 @@ - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient diff --git a/roles/Controller.yaml b/roles/Controller.yaml index 224d1356..56f54f54 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -34,6 +34,8 @@ - OS::TripleO::Services::CeilometerAgentNotification # FIXME: This service was disabled in Pike and this entry should be removed # in Queens. + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector - OS::TripleO::Services::CeilometerExpirer - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephMds @@ -44,6 +46,7 @@ - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackendDellPs - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendDellEMCUnity - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO - OS::TripleO::Services::CinderBackendVRTSHyperScale @@ -108,6 +111,7 @@ - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OctaviaApi - OS::TripleO::Services::OctaviaHealthManager - OS::TripleO::Services::OctaviaHousekeeping diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 10d76dd7..2cfc0cb9 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -27,12 +27,14 @@ - OS::TripleO::Services::CeilometerAgentCentral - OS::TripleO::Services::CeilometerAgentNotification - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector - OS::TripleO::Services::CeilometerExpirer - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephMds - OS::TripleO::Services::CephMon - OS::TripleO::Services::CephRbdMirror - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderHPELeftHandISCSI @@ -79,6 +81,7 @@ - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OctaviaApi - OS::TripleO::Services::OctaviaHealthManager - OS::TripleO::Services::OctaviaHousekeeping diff --git a/roles/Database.yaml b/roles/Database.yaml index e101fd4f..ffeada05 100644 --- a/roles/Database.yaml +++ b/roles/Database.yaml @@ -10,12 +10,14 @@ ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/IronicConductor.yaml b/roles/IronicConductor.yaml index ae848bc8..d5d8ddd7 100644 --- a/roles/IronicConductor.yaml +++ b/roles/IronicConductor.yaml @@ -8,12 +8,14 @@ ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::IronicConductor - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone diff --git a/roles/Messaging.yaml b/roles/Messaging.yaml index 47e0f920..cd6071c4 100644 --- a/roles/Messaging.yaml +++ b/roles/Messaging.yaml @@ -10,10 +10,12 @@ ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::SensuClient diff --git a/roles/Networker.yaml b/roles/Networker.yaml index 311e0a7d..1bf58031 100644 --- a/roles/Networker.yaml +++ b/roles/Networker.yaml @@ -11,6 +11,7 @@ ServicesDefault: - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::Collectd - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel @@ -29,6 +30,7 @@ - OS::TripleO::Services::NeutronOvsAgent - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::PacemakerRemote - OS::TripleO::Services::SensuClient diff --git a/roles/ObjectStorage.yaml b/roles/ObjectStorage.yaml index ad372be6..e2eacd9e 100644 --- a/roles/ObjectStorage.yaml +++ b/roles/ObjectStorage.yaml @@ -26,6 +26,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles/Telemetry.yaml b/roles/Telemetry.yaml index b1c73798..1dbb887f 100644 --- a/roles/Telemetry.yaml +++ b/roles/Telemetry.yaml @@ -12,10 +12,13 @@ - OS::TripleO::Services::AodhEvaluator - OS::TripleO::Services::AodhListener - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::CACerts - OS::TripleO::Services::CeilometerAgentCentral - OS::TripleO::Services::CeilometerAgentNotification - OS::TripleO::Services::CeilometerApi + - OS::TrieplO::Services::CeilometerCollector - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd @@ -23,6 +26,7 @@ - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQL - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::PankoApi - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::Redis diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml index a408a21b..a78ba398 100644 --- a/roles/Undercloud.yaml +++ b/roles/Undercloud.yaml @@ -39,6 +39,7 @@ - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftRingBuilder diff --git a/roles_data.yaml b/roles_data.yaml index 8f670994..313fcaa9 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -37,6 +37,8 @@ - OS::TripleO::Services::CeilometerAgentNotification # FIXME: This service was disabled in Pike and this entry should be removed # in Queens. + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector - OS::TripleO::Services::CeilometerExpirer - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephMds @@ -47,6 +49,7 @@ - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackendDellPs - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendDellEMCUnity - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO - OS::TripleO::Services::CinderBackendVRTSHyperScale @@ -111,6 +114,7 @@ - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OctaviaApi - OS::TripleO::Services::OctaviaHealthManager - OS::TripleO::Services::OctaviaHousekeeping @@ -185,6 +189,7 @@ - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient @@ -219,6 +224,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp @@ -255,6 +261,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp @@ -285,6 +292,7 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index d61d1a2f..4628665b 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -42,6 +42,7 @@ - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftRingBuilder diff --git a/sample-env-generator/composable-roles.yaml b/sample-env-generator/composable-roles.yaml new file mode 100644 index 00000000..91d6060f --- /dev/null +++ b/sample-env-generator/composable-roles.yaml @@ -0,0 +1,174 @@ +# +# This environment generator is used to generate some sample composable role +# environment files. +# +environments: + - + name: composable-roles/monolithic-nonha + title: Monolithic Controller Non-HA deployment + description: | + A Heat environment that can be used to deploy controller and compute + services in an Non-HA configuration with SSL undercloud only and a + flat network. + This should be used with a roles_data.yaml containing the Controller, + Compute and CephStorage roles. + openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage + files: + overcloud.yaml: + parameters: + - ControllerHostnameFormat + - ComputeHostnameFormat + - CephStorageHostnameFormat + - ControllerCount + - ComputeCount + - CephStorageCount + puppet/services/time/ntp.yaml: + parameters: + - NtpServer + sample-env-generator/composable-roles.yaml: + parameters: + - DnsServers + - OvercloudControllerFlavor + - OvercloudComputeFlavor + - OvercloudCephStorageFlavor + sample_values: + ControllerCount: 1 + OvercloudControllerFlavor: control + ComputeCount: 1 + OvercloudComputeFlavor: compute + CephStorageCount: 1 + OvercloudCephStorageFlavor: ceph + + - + name: composable-roles/monolithic-ha + title: Monolithic Controller HA deployment + description: | + A Heat environment that can be used to deploy controller and compute + services in an HA configuration with SSL everywhere and network + isolation. + This should be used with a roles_data.yaml containing the Controller, + Compute and CephStorage roles. + openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage + files: + overcloud.yaml: + parameters: + - ControllerHostnameFormat + - ComputeHostnameFormat + - CephStorageHostnameFormat + - ControllerCount + - ComputeCount + - CephStorageCount + puppet/services/time/ntp.yaml: + parameters: + - NtpServer + sample-env-generator/composable-roles.yaml: + parameters: + - DnsServers + - OvercloudControllerFlavor + - OvercloudComputeFlavor + - OvercloudCephStorageFlavor + sample_values: + ControllerCount: 3 + OvercloudControllerFlavor: control + ComputeCount: 3 + OvercloudComputeFlavor: compute + CephStorageCount: 1 + OvercloudCephStorageFlavor: ceph + + - + name: composable-roles/standalone + title: Controller HA deployment with standalone Database, Messaging and Networker nodes. + description: | + A Heat environment that can be used to deploy controller, database, + messaging, networker and compute services in an HA configuration with SSL + everywhere and network isolation. + This should be used with a roles_data.yaml containing the + ControllerOpenstack, Database, Messaging, Networker, Compute and + CephStorage roles. + openstack overcloud roles generate -o ~/roles_data.yaml ControllerOpenstack Database Messaging Networker Compute CephStorage + files: + overcloud.yaml: + parameters: + - ControllerHostnameFormat + - ComputeHostnameFormat + - CephStorageHostnameFormat + - ControllerCount + - ComputeCount + - CephStorageCount + puppet/services/time/ntp.yaml: + parameters: + - NtpServer + sample-env-generator/composable-roles.yaml: + parameters: + - DnsServers + - DatabaseCount + - MessagingCount + - NetworkerCount + - OvercloudControllerFlavor + - OvercloudComputeFlavor + - OvercloudCephStorageFlavor + - OvercloudDatabaseFlavor + - OvercloudMessagingFlavor + - OvercloudNetworkerFlavor + sample_values: + ControllerCount: 3 + OvercloudControllerFlavor: control + ComputeCount: 1 + OvercloudComputeFlavor: compute + CephStorageCount: 1 + OvercloudCephStorageFlavor: ceph + DatabaseCount: 3 + OvercloudDatabaseFlavor: db + MessagingCount: 3 + OvercloudMessagingFlavor: messaging + NetworkerCount: 2 + OvercloudNetworkerFlavor: networker + + +# NOTE(aschultz): So because these are dynamic based on the roles used, we +# do not currently define these in any heat files. So we're defining them here +# so that the sample env generator can still provide these configuration items +# in the generated config files. +parameters: + DnsServers: + default: ['8.8.8.8', '8,8.4.4'] + description: DNS servers to use for the Overcloud + type: comma_delimited_list + # Dynamic vars based on roles + DatabaseCount: + default: 0 + description: Number of Database nodes + type: number + MessagingCount: + default: 0 + description: Number of Messaging nodes + type: number + NetworkerCount: + default: 0 + description: Number of Networker nodes + type: number + OvercloudControllerFlavor: + default: control + description: Name of the flavor for Controller nodes + type: string + OvercloudComputeFlavor: + default: compute + description: Name of the flavor for Compute nodes + type: string + OvercloudCephStorageFlavor: + default: compute + description: Name of the flavor for Ceph nodes + type: string + OvercloudDatabaseFlavor: + default: database + description: Name of the flavor for Database nodes + type: string + OvercloudMessagingFlavor: + default: messaging + description: Name of the flavor for Messaging nodes + type: string + OvercloudNetworkerFlavor: + default: networker + description: Name of the flavor for Networker nodes + type: string + diff --git a/tripleo_heat_templates/environment_generator.py b/tripleo_heat_templates/environment_generator.py index 876dd854..f1469390 100755 --- a/tripleo_heat_templates/environment_generator.py +++ b/tripleo_heat_templates/environment_generator.py @@ -50,7 +50,7 @@ _PRIVATE_OVERRIDES = ['server', 'servers', 'NodeIndex', 'DefaultPasswords'] # static. This allows us to generate sample environments using them when # necessary, but they won't be improperly included by accident. _HIDDEN_PARAMS = ['EndpointMap', 'RoleName', 'RoleParameters', - 'ServiceNetMap', + 'ServiceNetMap', 'ServiceData', ] |