diff options
87 files changed, 2645 insertions, 131 deletions
@@ -22,8 +22,10 @@ lib64 pip-log.txt # Unit test / coverage reports +cover .coverage .tox +.testrepository nosetests.xml # Translations diff --git a/.testr.conf b/.testr.conf new file mode 100644 index 00000000..5837838f --- /dev/null +++ b/.testr.conf @@ -0,0 +1,4 @@ +[DEFAULT] +test_command=OS_STDOUT_CAPTURE=1 OS_STDERR_CAPTURE=1 OS_TEST_TIMEOUT=60 OS_LOG_CAPTURE=1 ${PYTHON:-python} -m subunit.run discover -t ./tripleo_heat_templates ./tripleo_heat_templates $LISTOPT $IDOPTION +test_id_option=--load-list $IDFILE +test_list_option=--list diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 340a9e9f..4d9d40d4 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -190,37 +190,23 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume if [ -n "$PUPPET_TAGS" ]; then TAGS="--tags \"$PUPPET_TAGS\"" fi + + # workaround LP1696283 + mkdir -p /etc/ssh + touch /etc/ssh/ssh_known_hosts + FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply --verbose $TAGS /etc/config.pp # Disables archiving if [ -z "$NO_ARCHIVE" ]; then - rm -Rf /var/lib/config-data/${NAME} - - # copying etc should be enough for most services - mkdir -p /var/lib/config-data/${NAME}/etc - cp -a /etc/* /var/lib/config-data/${NAME}/etc/ - - # workaround LP1696283 - mkdir -p /var/lib/config-data/${NAME}/etc/ssh - touch /var/lib/config-data/${NAME}/etc/ssh/ssh_known_hosts - - if [ -d /root/ ]; then - cp -a /root/ /var/lib/config-data/${NAME}/root/ - fi - if [ -d /var/lib/ironic/tftpboot/ ]; then - mkdir -p /var/lib/config-data/${NAME}/var/lib/ironic/ - cp -a /var/lib/ironic/tftpboot/ /var/lib/config-data/${NAME}/var/lib/ironic/tftpboot/ - fi - if [ -d /var/lib/ironic/httpboot/ ]; then - mkdir -p /var/lib/config-data/${NAME}/var/lib/ironic/ - cp -a /var/lib/ironic/httpboot/ /var/lib/config-data/${NAME}/var/lib/ironic/httpboot/ - fi - - # apache services may files placed in /var/www/ - if [ -d /var/www/ ]; then - mkdir -p /var/lib/config-data/${NAME}/var/www - cp -a /var/www/* /var/lib/config-data/${NAME}/var/www/ - fi + archivedirs=("/etc" "/root" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www") + rsync_srcs="" + for d in "${archivedirs[@]}"; do + if [ -d "$d" ]; then + rsync_srcs+=" $d" + fi + done + rsync -a -R --delay-updates --delete-after $rsync_srcs /var/lib/config-data/${NAME} # Write a checksum of the config-data dir, this is used as a # salt to trigger container restart when the config changes diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index 4b93ddd7..bda5469a 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -86,16 +86,15 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: aodh_init_log: - start_order: 0 image: *aodh_image user: root volumes: - /var/log/containers/aodh:/var/log/aodh command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R aodh:aodh /var/log/aodh'] + step_3: aodh_db_sync: - start_order: 1 image: *aodh_image net: host privileged: false diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml new file mode 100644 index 00000000..94bd66d8 --- /dev/null +++ b/docker/services/cinder-api.yaml @@ -0,0 +1,156 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderApiImage: + description: image + default: 'centos-binary-cinder-api:latest' + type: string + # we configure all cinder services in the same cinder base container + DockerCinderConfigImage: + description: image + default: 'centos-binary-cinder-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CinderBase: + type: ../../puppet/services/cinder-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Cinder API role. + value: + service_name: {get_attr: [CinderBase, role_data, service_name]} + config_settings: {get_attr: [CinderBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CinderBase, role_data, step_config] + service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_api.json: + command: /usr/sbin/httpd -DFOREGROUND + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_2: + cinder_api_init_logs: + image: &cinder_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderApiImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_3: + cinder_api_db_sync: + image: *cinder_api_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/log/containers/cinder:/var/log/cinder + command: + - '/usr/bin/bootstrap_host_exec' + - 'cinder_api' + - "su cinder -s /bin/bash -c 'cinder-manage db sync'" + step_4: + cinder_api: + image: *cinder_api_image + net: host + privileged: false + restart: always + # NOTE(mandre) kolla image changes the user to 'cinder', we need it + # to be root to run httpd + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/lib/config-data/cinder/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/cinder/var/www/:/var/www/:ro + - /var/log/containers/cinder:/var/log/cinder + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/cinder + state: directory + upgrade_tasks: + - name: Stop and disable cinder_api service + tags: step2 + service: name=httpd state=stopped enabled=no diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml new file mode 100644 index 00000000..0958a7e8 --- /dev/null +++ b/docker/services/cinder-backup.yaml @@ -0,0 +1,132 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Backup service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderBackupImage: + description: image + default: 'centos-binary-cinder-backup:latest' + type: string + # we configure all cinder services in the same cinder base container + DockerCinderConfigImage: + description: image + default: 'centos-binary-cinder-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CinderBase: + type: ../../puppet/services/cinder-backup.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Cinder Backup role. + value: + service_name: {get_attr: [CinderBase, role_data, service_name]} + config_settings: {get_attr: [CinderBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CinderBase, role_data, step_config] + service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_backup.json: + command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/lib/cinder + owner: cinder:cinder + recurse: true + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_3: + cinder_backup_init_logs: + start_order: 0 + image: &cinder_backup_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_4: + cinder_backup: + image: *cinder_backup_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this + - /dev/:/dev/ + - /run/:/run/ + - /sys:/sys + - /lib/modules:/lib/modules:ro + - /etc/iscsi:/etc/iscsi + - /var/lib/cinder:/var/lib/cinder + - /var/log/containers/cinder:/var/log/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/lib/cinder + - /var/log/containers/cinder + upgrade_tasks: + - name: Stop and disable cinder_backup service + tags: step2 + service: name=openstack-cinder-backup state=stopped enabled=no diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml new file mode 100644 index 00000000..8199c34b --- /dev/null +++ b/docker/services/cinder-scheduler.yaml @@ -0,0 +1,120 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Scheduler service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderSchedulerImage: + description: image + default: 'centos-binary-cinder-scheduler:latest' + type: string + # we configure all cinder services in the same cinder base container + DockerCinderConfigImage: + description: image + default: 'centos-binary-cinder-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CinderBase: + type: ../../puppet/services/cinder-scheduler.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Cinder Scheduler role. + value: + service_name: {get_attr: [CinderBase, role_data, service_name]} + config_settings: {get_attr: [CinderBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CinderBase, role_data, step_config] + service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_scheduler.json: + command: /usr/bin/cinder-scheduler --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_2: + cinder_scheduler_init_logs: + image: &cinder_scheduler_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderSchedulerImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_4: + cinder_scheduler: + image: *cinder_scheduler_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_scheduler.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/log/containers/cinder:/var/log/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/cinder + upgrade_tasks: + - name: Stop and disable cinder_scheduler service + tags: step2 + service: name=openstack-cinder-scheduler state=stopped enabled=no diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml new file mode 100644 index 00000000..4ee1996c --- /dev/null +++ b/docker/services/cinder-volume.yaml @@ -0,0 +1,163 @@ +heat_template_version: pike + +description: > + OpenStack containerized Cinder Volume service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCinderVolumeImage: + description: image + default: 'centos-binary-cinder-volume:latest' + type: string + # we configure all cinder services in the same cinder base container + DockerCinderConfigImage: + description: image + default: 'centos-binary-cinder-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + # custom parameters for the Cinder volume role + CinderEnableIscsiBackend: + default: true + description: Whether to enable or not the Iscsi backend for Cinder + type: boolean + CinderLVMLoopDeviceSize: + default: 10280 + description: The size of the loopback file used by the cinder LVM driver. + type: number + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CinderBase: + type: ../../puppet/services/cinder-volume.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Cinder Volume role. + value: + service_name: {get_attr: [CinderBase, role_data, service_name]} + config_settings: {get_attr: [CinderBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CinderBase, role_data, step_config] + service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: cinder + puppet_tags: cinder_config,file,concat,file_line + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/cinder_volume.json: + command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + docker_config: + step_3: + cinder_volume_init_logs: + start_order: 0 + image: &cinder_volume_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/cinder:/var/log/cinder + command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder'] + step_4: + cinder_volume: + image: *cinder_volume_image + net: host + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this + - /dev/:/dev/ + - /run/:/run/ + - /sys:/sys + - /etc/iscsi:/etc/iscsi + - /var/lib/cinder:/var/lib/cinder + - /var/log/containers/cinder:/var/log/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: "{{ item }}" + state: directory + with_items: + - /var/log/containers/cinder + - /var/lib/cinder + #FIXME: all of this should be conditional on the CinderEnableIscsiBackend value being set to true + - name: cinder create LVM volume group dd + command: + list_join: + - '' + - - 'dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek=' + - str_replace: + template: VALUE + params: + VALUE: {get_param: CinderLVMLoopDeviceSize} + - 'M' + args: + creates: /var/lib/cinder/cinder-volumes + - name: cinder create LVM volume group + shell: | + if ! losetup /dev/loop2; then + losetup /dev/loop2 /var/lib/cinder/cinder-volumes + fi + if ! pvdisplay | grep cinder-volumes; then + pvcreate /dev/loop2 + fi + if ! vgdisplay | grep cinder-volumes; then + vgcreate cinder-volumes /dev/loop2 + fi + args: + executable: /bin/bash + creates: /dev/loop2 + upgrade_tasks: + - name: Stop and disable cinder_volume service + tags: step2 + service: name=openstack-cinder-volume state=stopped enabled=no diff --git a/docker/services/congress-api.yaml b/docker/services/congress-api.yaml index 3ee1d91d..92b0eeb9 100644 --- a/docker/services/congress-api.yaml +++ b/docker/services/congress-api.yaml @@ -82,9 +82,8 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: congress_init_logs: - start_order: 0 image: &congress_image list_join: - '/' @@ -94,8 +93,8 @@ outputs: volumes: - /var/log/containers/congress:/var/log/congress command: ['/bin/bash', '-c', 'chown -R congress:congress /var/log/congress'] + step_3: congress_db_sync: - start_order: 1 image: *congress_image net: host privileged: false diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml index c73db857..9eabb719 100644 --- a/docker/services/database/mysql.yaml +++ b/docker/services/database/mysql.yaml @@ -87,17 +87,16 @@ outputs: recurse: true docker_config: # Kolla_bootstrap runs before permissions set by kolla_config - step_2: + step_1: mysql_init_logs: - start_order: 0 image: *mysql_image privileged: false user: root volumes: - /var/log/containers/mysql:/var/log/mariadb command: ['/bin/bash', '-c', 'chown -R mysql:mysql /var/log/mariadb'] + step_2: mysql_bootstrap: - start_order: 1 detach: false image: *mysql_image net: host diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml index 9e84dd5f..9d0d30c8 100644 --- a/docker/services/database/redis.yaml +++ b/docker/services/database/redis.yaml @@ -79,6 +79,7 @@ outputs: step_1: redis_init_logs: start_order: 0 + detach: false image: *redis_image privileged: false user: root @@ -86,6 +87,7 @@ outputs: - /var/log/containers/redis:/var/log/redis command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis'] redis: + start_order: 1 image: *redis_image net: host privileged: false diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index c3af5231..5c244012 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -85,17 +85,16 @@ outputs: command: /usr/sbin/httpd -DFOREGROUND docker_config: # Kolla_bootstrap/db_sync runs before permissions set by kolla_config - step_3: + step_2: glance_init_logs: - start_order: 0 image: *glance_image privileged: false user: root volumes: - /var/log/containers/glance:/var/log/glance command: ['/bin/bash', '-c', 'chown -R glance:glance /var/log/glance'] + step_3: glance_api_db_sync: - start_order: 1 image: *glance_image net: host privileged: false diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index e3b72bc5..bd1c3168 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -86,16 +86,15 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: gnocchi_init_log: - start_order: 0 image: *gnocchi_image user: root volumes: - /var/log/containers/gnocchi:/var/log/gnocchi command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi'] + step_3: gnocchi_db_sync: - start_order: 1 image: *gnocchi_image net: host detach: false diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index 0adad538..7a3312dd 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -80,16 +80,15 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: heat_init_log: - start_order: 0 image: *heat_engine_image user: root volumes: - /var/log/containers/heat:/var/log/heat command: ['/bin/bash', '-c', 'chown -R heat:heat /var/log/heat'] + step_3: heat_engine_db_sync: - start_order: 1 image: *heat_engine_image net: host privileged: false diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index 022eb5dd..13bd091c 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -86,7 +86,7 @@ outputs: owner: apache:apache recurse: false docker_config: - step_3: + step_2: horizon_fix_perms: image: *horizon_image user: root @@ -99,8 +99,8 @@ outputs: volumes: - /var/log/containers/horizon:/var/log/horizon - /var/lib/config-data/horizon/etc/:/etc/ + step_3: horizon: - start_order: 1 image: *horizon_image net: host privileged: false diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index 650ce4cf..a32176af 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -82,9 +82,8 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: ironic_init_logs: - start_order: 0 image: &ironic_image list_join: - '/' @@ -94,6 +93,7 @@ outputs: volumes: - /var/log/containers/ironic:/var/log/ironic command: ['/bin/bash', '-c', 'chown -R ironic:ironic /var/log/ironic'] + step_3: ironic_db_sync: start_order: 1 image: *ironic_image diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml new file mode 100644 index 00000000..53f5aff2 --- /dev/null +++ b/docker/services/iscsid.yaml @@ -0,0 +1,109 @@ +heat_template_version: pike + +description: > + OpenStack containerized Iscsid service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerIscsidImage: + description: image + default: 'centos-binary-iscsid:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + +outputs: + role_data: + description: Role data for the Iscsid API role. + value: + service_name: iscsid + config_settings: {} + step_config: '' + service_config_settings: {} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: iscsid + #puppet_tags: file + step_config: '' + config_image: &iscsid_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerIscsidImage} ] + kolla_config: + /var/lib/kolla/config_files/iscsid.json: + command: /usr/sbin/iscsid -f + docker_config: + step_3: + iscsid: + start_order: 2 + image: *iscsid_image + net: host + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/iscsid.json:/var/lib/kolla/config_files/config.json:ro + - /dev/:/dev/ + - /run/:/run/ + - /sys:/sys + - /lib/modules:/lib/modules:ro + - /etc/iscsi:/etc/iscsi + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /etc/iscsi + file: + path: /etc/iscsi + state: directory + - name: stat /lib/systemd/system/iscsid.socket + stat: path=/lib/systemd/system/iscsid.socket + register: stat_iscsid_socket + - name: Stop and disable iscsid.socket service + service: name=iscsid.socket state=stopped enabled=no + when: stat_iscsid_socket.stat.exists + upgrade_tasks: + - name: stat /lib/systemd/system/iscsid.service + stat: path=/lib/systemd/system/iscsid.service + register: stat_iscsid_service + - name: Stop and disable iscsid service + tags: step2 + service: name=iscsid state=stopped enabled=no + when: stat_iscsid_service.stat.exists + - name: stat /lib/systemd/system/iscsid.socket + stat: path=/lib/systemd/system/iscsid.socket + register: stat_iscsid_socket + - name: Stop and disable iscsid.socket service + tags: step2 + service: name=iscsid.socket state=stopped enabled=no + when: stat_iscsid_socket.stat.exists + metadata_settings: {} diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 5b253b46..4cd44f21 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -95,16 +95,15 @@ outputs: command: /usr/sbin/httpd -DFOREGROUND docker_config: # Kolla_bootstrap/db sync runs before permissions set by kolla_config - step_3: + step_2: keystone_init_log: - start_order: 0 image: *keystone_image user: root command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R keystone:keystone /var/log/keystone'] volumes: - /var/log/containers/keystone:/var/log/keystone + step_3: keystone_db_sync: - start_order: 1 image: *keystone_image net: host privileged: false diff --git a/docker/services/manila-scheduler.yaml b/docker/services/manila-scheduler.yaml new file mode 100644 index 00000000..fbc80fc5 --- /dev/null +++ b/docker/services/manila-scheduler.yaml @@ -0,0 +1,105 @@ +heat_template_version: pike + +description: > + OpenStack containerized Manila Scheduler service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerManilaSchedulerImage: + description: image + default: 'centos-binary-manila-scheduler:latest' + type: string + DockerManilaConfigImage: + description: image + default: 'centos-binary-manila-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + ManilaSchedulerPuppetBase: + type: ../../puppet/services/manila-scheduler.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Manila Scheduler role. + value: + service_name: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_name]} + config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, config_settings]} + step_config: &step_config + {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]} + service_config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: manila + puppet_tags: manila_config,manila_scheduler_paste_ini + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/manila_scheduler.json: + command: /usr/bin/manila-scheduler --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + permissions: + - path: /var/log/manila + owner: manila:manila + recurse: true + docker_config: + step_4: + manila_scheduler: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerManilaSchedulerImage} ] + net: host + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro + - /var/log/containers/manila:/var/log/manila + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: Create persistent manila logs directory + file: + path: /var/log/containers/manila + state: directory + upgrade_tasks: + - name: Stop and disable manila_scheduler service + tags: step2 + service: name=openstack-manila-scheduler state=stopped enabled=no diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml index d85a0878..d4539649 100644 --- a/docker/services/memcached.yaml +++ b/docker/services/memcached.yaml @@ -72,6 +72,7 @@ outputs: step_1: memcached_init_logs: start_order: 0 + detach: false image: *memcached_image privileged: false user: root diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index cc7e613e..30c3cde1 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -82,9 +82,8 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: mistral_init_logs: - start_order: 0 image: &mistral_image list_join: - '/' @@ -94,8 +93,9 @@ outputs: volumes: - /var/log/containers/mistral:/var/log/mistral command: ['/bin/bash', '-c', 'chown -R mistral:mistral /var/log/mistral'] + step_3: mistral_db_sync: - start_order: 1 + start_order: 0 image: *mistral_image net: host privileged: false @@ -109,7 +109,7 @@ outputs: - /var/log/containers/mistral:/var/log/mistral command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'" mistral_db_populate: - start_order: 2 + start_order: 1 image: *mistral_image net: host privileged: false diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml new file mode 100644 index 00000000..d8927d4b --- /dev/null +++ b/docker/services/multipathd.yaml @@ -0,0 +1,89 @@ +heat_template_version: pike + +description: > + OpenStack containerized Multipathd service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMultipathdImage: + description: image + default: 'centos-binary-multipathd:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + +outputs: + role_data: + description: Role data for the Multipathd API role. + value: + service_name: multipathd + config_settings: {} + step_config: '' + service_config_settings: {} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: multipathd + #puppet_tags: file + step_config: '' + config_image: &multipathd_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerMultipathdImage} ] + kolla_config: + /var/lib/kolla/config_files/multipathd.json: + command: /usr/sbin/multipathd -d + docker_config: + step_3: + multipathd: + start_order: 1 + image: *multipathd_image + net: host + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/multipathd.json:/var/lib/kolla/config_files/config.json:ro + - /dev/:/dev/ + - /run/:/run/ + - /sys:/sys + - /lib/modules:/lib/modules:ro + - /etc/iscsi:/etc/iscsi + - /var/lib/cinder:/var/lib/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + upgrade_tasks: + - name: Stop and disable multipathd service + tags: step2 + service: name=multipathd state=stopped enabled=no + metadata_settings: {} diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index fbdf75ab..6c2d4cae 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -92,9 +92,8 @@ outputs: command: /usr/sbin/httpd -DFOREGROUND docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: neutron_init_logs: - start_order: 0 image: &neutron_api_image list_join: - '/' @@ -104,8 +103,8 @@ outputs: volumes: - /var/log/containers/neutron:/var/log/neutron command: ['/bin/bash', '-c', 'chown -R neutron:neutron /var/log/neutron'] + step_3: neutron_db_sync: - start_order: 1 image: *neutron_api_image net: host privileged: false diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index 2375dada..c97f45de 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -86,9 +86,8 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: nova_init_logs: - start_order: 0 image: &nova_api_image list_join: - '/' @@ -98,8 +97,9 @@ outputs: volumes: - /var/log/containers/nova:/var/log/nova command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova'] + step_3: nova_api_db_sync: - start_order: 1 + start_order: 0 image: *nova_api_image net: host detach: false @@ -116,7 +116,7 @@ outputs: # to be capable of upgrading a baremetal setup. This is to ensure the name # of the cell is 'default' nova_api_map_cell0: - start_order: 2 + start_order: 1 image: *nova_api_image net: host detach: false @@ -124,7 +124,7 @@ outputs: volumes: *nova_api_volumes command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'" nova_api_create_default_cell: - start_order: 3 + start_order: 2 image: *nova_api_image net: host detach: false @@ -136,7 +136,7 @@ outputs: user: root command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 create_cell --name=default'" nova_db_sync: - start_order: 4 + start_order: 3 image: *nova_api_image net: host detach: false diff --git a/docker/services/nova-consoleauth.yaml b/docker/services/nova-consoleauth.yaml new file mode 100644 index 00000000..19f25d8e --- /dev/null +++ b/docker/services/nova-consoleauth.yaml @@ -0,0 +1,108 @@ +heat_template_version: pike + +description: > + OpenStack containerized Nova Consoleauth service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaConsoleauthImage: + description: image + default: 'centos-binary-nova-consoleauth:latest' + type: string + DockerNovaConfigImage: + description: image + default: 'centos-binary-nova-base:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + NovaConsoleauthPuppetBase: + type: ../../puppet/services/nova-consoleauth.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Nova Consoleauth service. + value: + service_name: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_name]} + config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [NovaConsoleauthPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: nova + puppet_tags: nova_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_consoleauth.json: + command: /usr/bin/nova-consoleauth + permissions: + - path: /var/log/nova + owner: nova:nova + recurse: true + docker_config: + step_4: + nova_consoleauth: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConsoleauthImage} ] + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_consoleauth.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/log/containers/nova:/var/log/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/nova + state: directory + upgrade_tasks: + - name: Stop and disable nova_consoleauth service + tags: step2 + service: name=openstack-nova-consoleauth state=stopped enabled=no diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml new file mode 100644 index 00000000..97d2d154 --- /dev/null +++ b/docker/services/nova-vnc-proxy.yaml @@ -0,0 +1,108 @@ +heat_template_version: pike + +description: > + OpenStack containerized Nova Vncproxy service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerNovaVncProxyImage: + description: image + default: 'centos-binary-nova-novncproxy:latest' + type: string + DockerNovaConfigImage: + description: image + default: 'centos-binary-nova-base:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + NovaVncProxyPuppetBase: + type: ../../puppet/services/nova-vnc-proxy.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Nova Vncproxy service. + value: + service_name: {get_attr: [NovaVncProxyPuppetBase, role_data, service_name]} + config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [NovaVncProxyPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: nova + puppet_tags: nova_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/nova_vnc_proxy.json: + command: /usr/bin/nova-novncproxy --web /usr/share/novnc/ + permissions: + - path: /var/log/nova + owner: nova:nova + recurse: true + docker_config: + step_4: + nova_vnc_proxy: + image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerNovaVncProxyImage} ] + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_vnc_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/log/containers/nova:/var/log/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/nova + state: directory + upgrade_tasks: + - name: Stop and disable nova_vnc_proxy service + tags: step2 + service: name=openstack-nova-novncproxy state=stopped enabled=no diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index ae19652e..7557afd6 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -60,11 +60,7 @@ outputs: list_join: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ] - step_config: - list_join: - - "\n" - - - &noop_pcmk "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }" - - 'include ::tripleo::profile::pacemaker::haproxy_bundle' + step_config: "" service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -74,8 +70,8 @@ outputs: list_join: - "\n" - - "exec {'wait-for-settle': command => '/bin/true' }" - - &noop_firewall "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}" - - *noop_pcmk + - "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}" + - "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }" - 'include ::tripleo::profile::pacemaker::haproxy_bundle' config_image: *haproxy_image kolla_config: @@ -88,6 +84,7 @@ outputs: detach: false net: host user: root + privileged: true command: - '/bin/bash' - '-c' @@ -98,14 +95,20 @@ outputs: - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json" - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'" params: - TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' + TAGS: 'tripleo::firewall::rule,pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' CONFIG: list_join: - ';' - - - *noop_firewall - - 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::haproxy_bundle' + - - 'include ::tripleo::profile::base::pacemaker' + - 'include ::tripleo::profile::pacemaker::haproxy_bundle' image: *haproxy_image volumes: + # puppet saves iptables rules in /etc/sysconfig + - /etc/sysconfig:/etc/sysconfig:rw + # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount + # the necessary bit and prevent systemd to try to reload the service in the container + - /usr/libexec/iptables:/usr/libexec/iptables:ro + - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /etc/puppet:/tmp/puppet-etc:ro diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index c381c0da..585148e5 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -87,16 +87,15 @@ outputs: owner: panko:panko recurse: true docker_config: - step_3: + step_2: panko_init_log: - start_order: 0 image: *panko_image user: root volumes: - /var/log/containers/panko:/var/log/panko command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R panko:panko /var/log/panko'] + step_3: panko_db_sync: - start_order: 1 image: *panko_image net: host detach: false diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index 609aec06..06d663c9 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -89,6 +89,7 @@ outputs: step_1: rabbitmq_init_logs: start_order: 0 + detach: false image: *rabbitmq_image privileged: false user: root @@ -97,6 +98,7 @@ outputs: command: ['/bin/bash', '-c', 'chown -R rabbitmq:rabbitmq /var/log/rabbitmq'] rabbitmq_bootstrap: start_order: 1 + detach: false image: *rabbitmq_image net: host privileged: false diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml new file mode 100644 index 00000000..10670796 --- /dev/null +++ b/docker/services/sahara-api.yaml @@ -0,0 +1,119 @@ +heat_template_version: pike + +description: > + OpenStack Sahara service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerSaharaApiImage: + description: image + default: 'centos-binary-sahara-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + SaharaApiPuppetBase: + type: ../../puppet/services/sahara-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Sahara API role. + value: + service_name: {get_attr: [SaharaApiPuppetBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [SaharaApiPuppetBase, role_data, config_settings] + - sahara::sync_db: false + step_config: &step_config + get_attr: [SaharaApiPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [SaharaApiPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: sahara + puppet_tags: sahara_api_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template + step_config: *step_config + config_image: &sahara_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSaharaApiImage} ] + kolla_config: + /var/lib/kolla/config_files/sahara-api.json: + command: /usr/bin/sahara-api --config-file /etc/sahara/sahara.conf + permissions: + - path: /var/lib/sahara + owner: sahara:sahara + recurse: true + - path: /var/log/sahara + owner: sahara:sahara + recurse: true + docker_config: + step_3: + sahara_db_sync: + image: *sahara_image + net: host + privileged: false + detach: false + volumes: &sahara_volumes + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/sahara-api.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro + - /lib/modules:/lib/modules:ro + - /var/lib/sahara:/var/lib/sahara + - /var/log/containers/sahara:/var/log/sahara + command: "/usr/bin/bootstrap_host_exec sahara_api su sahara -s /bin/bash -c 'sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head'" + step_4: + sahara_api: + image: *sahara_image + net: host + privileged: false + restart: always + volumes: *sahara_volumes + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /var/lib/sahara + file: + path: /var/lib/sahara + state: directory + - name: create persistent sahara logs directory + file: + path: /var/log/containers/sahara + state: directory + upgrade_tasks: + - name: Stop and disable sahara_api service + tags: step2 + service: name=openstack-sahara-api state=stopped enabled=no diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml new file mode 100644 index 00000000..41b5790b --- /dev/null +++ b/docker/services/sahara-engine.yaml @@ -0,0 +1,110 @@ +heat_template_version: pike + +description: > + OpenStack Sahara service configured with Puppet + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerSaharaEngineImage: + description: image + default: 'centos-binary-sahara-engine:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + SaharaEnginePuppetBase: + type: ../../puppet/services/sahara-engine.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Sahara Engine role. + value: + service_name: {get_attr: [SaharaEnginePuppetBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [SaharaEnginePuppetBase, role_data, config_settings] + - sahara::sync_db: false + step_config: &step_config + get_attr: [SaharaEnginePuppetBase, role_data, step_config] + service_config_settings: {get_attr: [SaharaEnginePuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: sahara + puppet_tags: sahara_engine_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template + step_config: *step_config + config_image: &sahara_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSaharaEngineImage} ] + kolla_config: + /var/lib/kolla/config_files/sahara-engine.json: + command: /usr/bin/sahara-engine --config-file /etc/sahara/sahara.conf + permissions: + - path: /var/lib/sahara + owner: sahara:sahara + recurse: true + - path: /var/log/sahara + owner: sahara:sahara + recurse: true + docker_config: + step_4: + sahara_engine: + image: *sahara_image + net: host + privileged: false + restart: always + volumes: &sahara_volumes + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/sahara-engine.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro + - /var/lib/sahara:/var/lib/sahara + - /var/log/containers/sahara:/var/log/sahara + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create /var/lib/sahara + file: + path: /var/lib/sahara + state: directory + - name: create persistent sahara logs directory + file: + path: /var/log/containers/sahara + state: directory + upgrade_tasks: + - name: Stop and disable sahara_engine service + tags: step2 + service: name=openstack-sahara-engine state=stopped enabled=no diff --git a/docker/services/sensu-client.yaml b/docker/services/sensu-client.yaml new file mode 100644 index 00000000..e6bdf155 --- /dev/null +++ b/docker/services/sensu-client.yaml @@ -0,0 +1,131 @@ +heat_template_version: pike + +description: > + Containerized Sensu client service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerSensuClientImage: + description: image + default: 'centos-binary-sensu-client:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + SensuDockerCheckCommand: + type: string + default: | + for i in $(docker ps --format '{{.ID}}'); do + if result=$(docker inspect --format='{{.State.Health.Status}}' $i 2>/dev/null); then + if [ "$result" != 'healthy' ]; then + echo "$(docker inspect --format='{{.Name}}' $i) ($i): $(docker inspect --format='{{json .State}}' $i)" && exit 2; + fi + fi + done + SensuDockerCheckInterval: + type: number + description: The frequency in seconds the docker health check is executed. + default: 10 + SensuDockerCheckHandlers: + default: [] + description: The Sensu event handler to use for events + created by the docker health check. + type: comma_delimited_list + SensuDockerCheckOccurrences: + type: number + description: The number of event occurrences before sensu-plugin-aware handler should take action. + default: 3 + SensuDockerCheckRefresh: + type: number + description: The number of seconds sensu-plugin-aware handlers should wait before taking second action. + default: 90 + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + SensuClientBase: + type: ../../puppet/services/monitoring/sensu-client.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Sensu client role. + value: + service_name: {get_attr: [SensuClientBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [SensuClientBase, role_data, config_settings] + - sensu::checks: + check-docker-health: + standalone: true + command: {get_param: SensuDockerCheckCommand} + interval: {get_param: SensuDockerCheckInterval} + handlers: {get_param: SensuDockerCheckHandlers} + occurrences: {get_param: SensuDockerCheckOccurrences} + refresh: {get_param: SensuDockerCheckRefresh} + step_config: &step_config + get_attr: [SensuClientBase, role_data, step_config] + service_config_settings: {get_attr: [SensuClientBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: sensu + puppet_tags: sensu_rabbitmq_config,sensu_client_config,sensu_check_config,sensu_check + step_config: *step_config + config_image: &sensu_client_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerSensuClientImage} ] + kolla_config: + /var/lib/kolla/config_files/sensu-client.json: + command: /usr/bin/sensu-client -d /etc/sensu/conf.d/ + docker_config: + step_3: + sensu_client: + image: *sensu_client_image + net: host + privileged: true + # NOTE(mmagr) kolla image changes the user to 'sensu', we need it + # to be root have rw permission to docker.sock to run successfully + # "docker inspect" command + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/run/docker.sock:/var/run/docker.sock:rw + - /var/lib/kolla/config_files/sensu-client.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/sensu/etc/sensu/:/etc/sensu/:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable sensu-client service + tags: step2 + service: name=sensu-client.service state=stopped enabled=no diff --git a/docker/services/swift-ringbuilder.yaml b/docker/services/swift-ringbuilder.yaml index bfd445d0..075d8d7c 100644 --- a/docker/services/swift-ringbuilder.yaml +++ b/docker/services/swift-ringbuilder.yaml @@ -58,6 +58,14 @@ parameters: default: true description: 'Use a local directory for Swift storage services when building rings' type: boolean + SwiftRingGetTempurl: + default: '' + description: A temporary Swift URL to download rings from. + type: string + SwiftRingPutTempurl: + default: '' + description: A temporary Swift URL to upload rings to. + type: string resources: @@ -75,14 +83,17 @@ outputs: description: Role data for Swift Ringbuilder configuration in containers. value: service_name: {get_attr: [SwiftRingbuilderBase, role_data, service_name]} - config_settings: {get_attr: [SwiftRingbuilderBase, role_data, config_settings]} + config_settings: + map_merge: + - {get_attr: [SwiftRingbuilderBase, role_data, config_settings]} + - tripleo::profile::base::swift::ringbuilder:skip_consistency_check: true step_config: &step_config get_attr: [SwiftRingbuilderBase, role_data, step_config] service_config_settings: {get_attr: [SwiftRingbuilderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: 'swift' - puppet_tags: exec,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance + puppet_tags: exec,fetch_swift_ring_tarball,extract_swift_ring_tarball,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance,create_swift_ring_tarball,upload_swift_ring_tarball step_config: *step_config config_image: list_join: diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml index 2fc99d6f..df9750c9 100644 --- a/docker/services/tacker.yaml +++ b/docker/services/tacker.yaml @@ -82,9 +82,8 @@ outputs: recurse: true docker_config: # db sync runs before permissions set by kolla_config - step_3: + step_2: tacker_init_logs: - start_order: 0 image: &tacker_image list_join: - '/' @@ -94,8 +93,8 @@ outputs: volumes: - /var/log/containers/tacker:/var/log/tacker command: ['/bin/bash', '-c', 'chown -R tacker:tacker /var/log/tacker'] + step_3: tacker_db_sync: - start_order: 1 image: *tacker_image net: host privileged: false diff --git a/environments/cinder-dellsc-config.yaml b/environments/cinder-dellsc-config.yaml index 99e517bf..681a2fe9 100644 --- a/environments/cinder-dellsc-config.yaml +++ b/environments/cinder-dellsc-config.yaml @@ -19,3 +19,4 @@ parameter_defaults: CinderDellScSecondarySanLogin: 'Admin' CinderDellScSecondarySanPassword: '' CinderDellScSecondaryScApiPort: 3033 + CinderDellScExcludedDomainIp: '' diff --git a/environments/docker.yaml b/environments/docker.yaml index d28b5218..5de0c8d9 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -18,7 +18,9 @@ resource_registry: OS::TripleO::Services::NovaApi: ../docker/services/nova-api.yaml OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml + OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml + OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml @@ -47,6 +49,12 @@ resource_registry: OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml + OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml + OS::TripleO::Services::Multipathd: ../docker/services/multipathd.yaml + OS::TripleO::Services::CinderApi: ../docker/services/cinder-api.yaml + OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml + OS::TripleO::Services::CinderBackup: ../docker/services/cinder-backup.yaml + OS::TripleO::Services::CinderVolume: ../docker/services/cinder-volume.yaml OS::TripleO::PostDeploySteps: ../docker/post.yaml OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml index 39ded654..481459cb 100644 --- a/environments/enable-tls.yaml +++ b/environments/enable-tls.yaml @@ -2,6 +2,7 @@ # For these values to take effect, one of the tls-endpoints-*.yaml environments # must also be used. parameter_defaults: + HorizonSecureCookies: True SSLCertificate: | The contents of your certificate go here SSLIntermediateCertificate: '' diff --git a/environments/host-config-and-reboot.j2.yaml b/environments/host-config-and-reboot.j2.yaml new file mode 100644 index 00000000..d5f69ec5 --- /dev/null +++ b/environments/host-config-and-reboot.j2.yaml @@ -0,0 +1,18 @@ +resource_registry: +{% for role in roles %} + OS::TripleO::{{role.name}}::PreNetworkConfig: ../extraconfig/pre_network/host_config_and_reboot.yaml +{% endfor %} + +#parameter_defaults: + # Note: There are no global parameters which can be applied to all roles as + # these configuration have to be specific to role. + + # Sample parameters for Compute and ComputeOvsDpdk roles + #ComputeParameters: + #KernelArgs: "" + #TunedProfileName: "" + #HostIsolatedCoreList: "" + #ComputeOvsDpdkParameters: + #KernelArgs: "" + #TunedProfileName: "" + #HostIsolatedCoreList: "" diff --git a/environments/host-config-pre-network.j2.yaml b/environments/host-config-pre-network.j2.yaml deleted file mode 100644 index c79e28b4..00000000 --- a/environments/host-config-pre-network.j2.yaml +++ /dev/null @@ -1,16 +0,0 @@ -resource_registry: -# Create the registry only for roles with the word "Compute" in it. Like ComputeOvsDpdk, ComputeSriov, etc., -{%- for role in roles -%} -{% if "Compute" in role.name %} - OS::TripleO::{{role.name}}::PreNetworkConfig: ../extraconfig/pre_network/{{role.name.lower()}}-host_config_and_reboot.yaml -{%- endif -%} -{% endfor %} - -#parameter_defaults: - # Sample parameters for Compute and ComputeOvsDpdk roles - #ComputeKernelArgs: "" - #ComputeTunedProfileName: "" - #ComputeHostCpuList: "" - #ComputeOvsDpdkKernelArgs: "" - #ComputeOvsDpdkTunedProfileName: "" - #ComputeOvsDpdkHostCpuList: "" diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 0f7e1143..05a3a391 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -36,3 +36,4 @@ parameter_defaults: - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Docker + - OS::TripleO::Services::Iscsid diff --git a/environments/network-isolation.j2.yaml b/environments/network-isolation.j2.yaml index 3ef9b275..6a7318fc 100644 --- a/environments/network-isolation.j2.yaml +++ b/environments/network-isolation.j2.yaml @@ -13,7 +13,7 @@ resource_registry: # networks as defined in network_data.yaml {%- for network in networks if network.enabled|default(true) %} - OS::TripleO::Network::{{network.name}}: ../network/{{network.name.lower()}}.yaml + OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}.yaml {%- endfor %} # Port assignments for the VIPs diff --git a/environments/predictable-placement/custom-hostnames.yaml b/environments/predictable-placement/custom-hostnames.yaml new file mode 100644 index 00000000..0d9d520b --- /dev/null +++ b/environments/predictable-placement/custom-hostnames.yaml @@ -0,0 +1,33 @@ +# ******************************************************************* +# This file was created automatically by the sample environment +# generator. Developers should use `tox -e genconfig` to update it. +# Users are recommended to make changes to a copy of the file instead +# of the original, if any customizations are needed. +# ******************************************************************* +# title: Custom Hostnames +# description: | +# Hostname format for each role +# Note %index% is translated into the index of the node, e.g 0/1/2 etc +# and %stackname% is replaced with OS::stack_name in the template below. +# If you want to use the heat generated names, pass '' (empty string). +parameter_defaults: + # Format for BlockStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + BlockStorageHostnameFormat: '%stackname%-blockstorage-%index%' + + # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + CephStorageHostnameFormat: '%stackname%-cephstorage-%index%' + + # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ComputeHostnameFormat: '%stackname%-novacompute-%index%' + + # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ControllerHostnameFormat: '%stackname%-controller-%index%' + + # Format for ObjectStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Type: string + ObjectStorageHostnameFormat: '%stackname%-objectstorage-%index%' + diff --git a/environments/services-docker/manila.yaml b/environments/services-docker/manila.yaml index 6f7608c1..795309f6 100644 --- a/environments/services-docker/manila.yaml +++ b/environments/services-docker/manila.yaml @@ -1,2 +1,3 @@ resource_registry: OS::TripleO::Services::ManilaApi: ../../docker/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../../docker/services/manila-scheduler.yaml diff --git a/environments/services-docker/sahara.yaml b/environments/services-docker/sahara.yaml new file mode 100644 index 00000000..d0bf9fe1 --- /dev/null +++ b/environments/services-docker/sahara.yaml @@ -0,0 +1,3 @@ +resource_registry: + OS::TripleO::Services::SaharaApi: ../../docker/services/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: ../../docker/services/sahara-engine.yaml diff --git a/environments/services-docker/sensu-client.yaml b/environments/services-docker/sensu-client.yaml new file mode 100644 index 00000000..c03104d2 --- /dev/null +++ b/environments/services-docker/sensu-client.yaml @@ -0,0 +1,3 @@ + +resource_registry: + OS::TripleO::Services::SensuClient: ../../docker/services/sensu-client.yaml diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index 44432210..92b696b7 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -100,9 +100,9 @@ parameter_defaults: OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} - PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} - PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} - PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} + PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'} + PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'} + PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'} SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index 5ac2918b..c879ff94 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -100,9 +100,9 @@ parameter_defaults: OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'} OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'} - PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} - PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'} - PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'} + PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'} + PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'} + PankoPublic: {protocol: 'https', port: '13977', host: 'IP_ADDRESS'} SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'} SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml index 3f1bd04e..84cabf10 100644 --- a/environments/tls-everywhere-endpoints-dns.yaml +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -100,9 +100,9 @@ parameter_defaults: OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'} OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'} - PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} - PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'} - PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'} + PankoAdmin: {protocol: 'https', port: '8977', host: 'CLOUDNAME'} + PankoInternal: {protocol: 'https', port: '8977', host: 'CLOUDNAME'} + PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'} SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'} SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'} diff --git a/extraconfig/pre_network/ansible_host_config.ansible b/extraconfig/pre_network/ansible_host_config.yaml index c126c1a1..f4f1a14a 100644 --- a/extraconfig/pre_network/ansible_host_config.ansible +++ b/extraconfig/pre_network/ansible_host_config.yaml @@ -28,8 +28,8 @@ lineinfile: dest: /etc/tuned/cpu-partitioning-variables.conf regexp: '^isolated_cores=.*' - line: 'isolated_cores={{ _HOST_CPUS_LIST_ }}' - when: _HOST_CPUS_LIST_|default("") != "" + line: 'isolated_cores={{ _TUNED_CORES_ }}' + when: _TUNED_CORES_|default("") != "" - name: Tune-d provile activation shell: tuned-adm profile {{ _TUNED_PROFILE_NAME_ }} @@ -52,7 +52,7 @@ when: - item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') != "lo" # This condition will list all the interfaces except the one with valid IP (which is Provisioning network at this stage) - # Simpler Version - hostvars[inventory_hostname]['ansible_' + iface_name ]['ipv4']['address'] is undefined - - hostvars[inventory_hostname]['ansible_' + item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') ]['ipv4']['address'] is undefined + # Simpler Version - hostvars[inventory_hostname]['ansible_' + iface_name ]['ipv4'] is undefined + - hostvars[inventory_hostname]['ansible_' + item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') ]['ipv4'] is undefined with_items: - "{{ ifcfg_files.files }}" diff --git a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml index 658fea77..41d8f4f6 100644 --- a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml @@ -7,6 +7,9 @@ description: > parameters: server: type: string + # Deprecated Parameters, these configuration are deprecated in favor or role-specific parameters. + # Use: extraconfig/pre_network/host_config_and_reboot.yaml. + # Deprecated in Pike and will be removed in Queens. {{role}}KernelArgs: type: string default: "" @@ -17,6 +20,13 @@ parameters: type: string default: "" +parameter_group: + - label: deprecated + parameters: + - {{role}}KernelArgs + - {{role}}TunedProfileName + - {{role}}HostCpusList + conditions: param_exists: or: diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml new file mode 100644 index 00000000..74e716ad --- /dev/null +++ b/extraconfig/pre_network/host_config_and_reboot.yaml @@ -0,0 +1,85 @@ +heat_template_version: pike + +description: > + All configurations which require reboot should be initiated via PreNetworkConfig. After + this configuration is completed, the corresponding node will be rebooted. + +parameters: + server: + type: string + RoleParameters: + type: json + description: Role Specific parameters + default: {} + +conditions: + is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}} + +resources: + HostParametersConfig: + type: OS::Heat::SoftwareConfig + condition: is_host_config_required + properties: + group: ansible + inputs: + - name: _KERNEL_ARGS_ + - name: _TUNED_PROFILE_NAME_ + - name: _TUNED_CORES_ + outputs: + - name: result + config: + get_file: ansible_host_config.yaml + + HostParametersDeployment: + type: OS::Heat::SoftwareDeployment + condition: is_host_config_required + properties: + name: HostParametersDeployment + server: {get_param: server} + config: {get_resource: HostParametersConfig} + actions: ['CREATE'] # Only do this on CREATE + input_values: + _KERNEL_ARGS_: {get_param: [RoleParameters, KernelArgs]} + _TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]} + _TUNED_CORES_: {get_param: [RoleParameters, HostIsolatedCoreList]} + + RebootConfig: + type: OS::Heat::SoftwareConfig + condition: is_host_config_required + properties: + group: script + config: | + #!/bin/bash + # Stop os-collect-config to avoid any race collecting another + # deployment before reboot happens + systemctl stop os-collect-config.service + /sbin/reboot + + RebootDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: HostParametersDeployment + condition: is_host_config_required + properties: + name: RebootDeployment + server: {get_param: server} + config: {get_resource: RebootConfig} + actions: ['CREATE'] # Only do this on CREATE + signal_transport: NO_SIGNAL + +outputs: + result: + condition: is_host_config_required + value: + get_attr: [HostParametersDeployment, result] + stdout: + condition: is_host_config_required + value: + get_attr: [HostParametersDeployment, deploy_stdout] + stderr: + condition: is_host_config_required + value: + get_attr: [HostParametersDeployment, deploy_stderr] + status_code: + condition: is_host_config_required + value: + get_attr: [HostParametersDeployment, deploy_status_code] diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index f5f2b97e..ece40085 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -134,7 +134,7 @@ Panko: net_param: Public Admin: net_param: PankoApi - port: 8779 + port: 8977 Cinder: Internal: diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index 4509bca9..42d1fbd0 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -117,9 +117,9 @@ parameters: OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS} OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS} OctaviaPublic: {protocol: http, port: '9876', host: IP_ADDRESS} - PankoAdmin: {protocol: http, port: '8779', host: IP_ADDRESS} - PankoInternal: {protocol: http, port: '8779', host: IP_ADDRESS} - PankoPublic: {protocol: http, port: '8779', host: IP_ADDRESS} + PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS} + PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS} + PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS} SaharaAdmin: {protocol: http, port: '8386', host: IP_ADDRESS} SaharaInternal: {protocol: http, port: '8386', host: IP_ADDRESS} SaharaPublic: {protocol: http, port: '8386', host: IP_ADDRESS} diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index ee192750..0dc93f5c 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -264,6 +264,7 @@ resource_registry: OS::TripleO::Services::NeutronVppAgent: OS::Heat::None OS::TripleO::Services::Docker: OS::Heat::None OS::TripleO::Services::CertmongerUser: OS::Heat::None + OS::TripleO::Services::Iscsid: OS::Heat::None parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index f8655b18..c7db59f8 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -446,6 +446,7 @@ resources: MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChainRoleData, value, monitoring_subscriptions]} ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_metadata_settings]} DeploymentServerBlacklistDict: {get_attr: [DeploymentServerBlacklistDict, value]} + RoleParameters: {get_param: {{role.name}}Parameters} {% endfor %} {% for role in roles %} diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 60ddeb8a..08bc03a5 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -139,6 +139,10 @@ parameters: Map of server hostnames to blacklist from any triggered deployments. If the value is 1, the server will be blacklisted. This parameter is generated from the parent template. + RoleParameters: + type: json + description: Role Specific Parameters + default: {} conditions: server_not_blacklisted: @@ -372,6 +376,7 @@ resources: type: OS::TripleO::BlockStorage::PreNetworkConfig properties: server: {get_resource: BlockStorage} + RoleParameters: {get_param: RoleParameters} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -466,6 +471,7 @@ resources: fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} + fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} # Resource for site-specific injection of root certificate NodeTLSCAData: diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 9d30ab29..3f596423 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -145,6 +145,10 @@ parameters: Map of server hostnames to blacklist from any triggered deployments. If the value is 1, the server will be blacklisted. This parameter is generated from the parent template. + RoleParameters: + type: json + description: Role Specific Parameters + default: {} conditions: server_not_blacklisted: @@ -378,6 +382,7 @@ resources: type: OS::TripleO::CephStorage::PreNetworkConfig properties: server: {get_resource: CephStorage} + RoleParameters: {get_param: RoleParameters} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -471,6 +476,7 @@ resources: fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} + fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} # Resource for site-specific injection of root certificate NodeTLSCAData: diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 06a31ec9..8a3c487a 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -157,6 +157,10 @@ parameters: Map of server hostnames to blacklist from any triggered deployments. If the value is 1, the server will be blacklisted. This parameter is generated from the parent template. + RoleParameters: + type: json + description: Role Specific Parameters + default: {} conditions: server_not_blacklisted: @@ -381,6 +385,7 @@ resources: type: OS::TripleO::Compute::PreNetworkConfig properties: server: {get_resource: NovaCompute} + RoleParameters: {get_param: RoleParameters} NetworkConfig: type: OS::TripleO::Compute::Net::SoftwareConfig @@ -479,6 +484,7 @@ resources: fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} + fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} NovaComputeDeployment: type: OS::TripleO::SoftwareDeployment diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index cccfdef1..6bc23669 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -171,6 +171,10 @@ parameters: Map of server hostnames to blacklist from any triggered deployments. If the value is 1, the server will be blacklisted. This parameter is generated from the parent template. + RoleParameters: + type: json + description: Role Specific Parameters + default: {} parameter_groups: - label: deprecated @@ -401,6 +405,7 @@ resources: type: OS::TripleO::Controller::PreNetworkConfig properties: server: {get_resource: Controller} + RoleParameters: {get_param: RoleParameters} NetworkConfig: type: OS::TripleO::Controller::Net::SoftwareConfig @@ -541,6 +546,7 @@ resources: fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} + fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} # Hook for site-specific additional pre-deployment config, e.g extra hieradata ControllerExtraConfigPre: diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 19ea1b65..c35bb250 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -139,6 +139,10 @@ parameters: Map of server hostnames to blacklist from any triggered deployments. If the value is 1, the server will be blacklisted. This parameter is generated from the parent template. + RoleParameters: + type: json + description: Role Specific Parameters + default: {} conditions: server_not_blacklisted: @@ -372,6 +376,7 @@ resources: type: OS::TripleO::ObjectStorage::PreNetworkConfig properties: server: {get_resource: SwiftStorage} + RoleParameters: {get_param: RoleParameters} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -451,6 +456,7 @@ resources: fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} + fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} SwiftStorageHieraDeploy: type: OS::Heat::StructuredDeployment diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 7af90e24..b7f47594 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -161,6 +161,10 @@ parameters: Map of server hostnames to blacklist from any triggered deployments. If the value is 1, the server will be blacklisted. This parameter is generated from the parent template. + RoleParameters: + type: json + description: Role Specific Parameters + default: {} conditions: server_not_blacklisted: @@ -394,6 +398,7 @@ resources: type: OS::TripleO::{{role}}::PreNetworkConfig properties: server: {get_resource: {{role}}} + RoleParameters: {get_param: RoleParameters} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -493,6 +498,7 @@ resources: fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} + fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} # Resource for site-specific injection of root certificate NodeTLSCAData: diff --git a/puppet/services/cinder-backend-dellsc.yaml b/puppet/services/cinder-backend-dellsc.yaml index a201134c..c0bffb18 100644 --- a/puppet/services/cinder-backend-dellsc.yaml +++ b/puppet/services/cinder-backend-dellsc.yaml @@ -61,6 +61,9 @@ parameters: CinderDellScSecondaryScApiPort: type: number default: 3033 + CinderDellScExcludedDomainIp: + type: string + default: '' ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -105,5 +108,6 @@ outputs: cinder::backend::dellsc_iscsi::secondary_san_login: {get_param: CinderDellScSecondarySanLogin} cinder::backend::dellsc_iscsi::secondary_san_password: {get_param: CinderDellScSecondarySanPassword} cinder::backend::dellsc_iscsi::secondary_sc_api_port: {get_param: CinderDellScSecondaryScApiPort} + cinder::backend::dellsc_iscsi::excluded_domain_ip: {get_param: CinderDellScExcludedDomainIp} step_config: | include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/cinder-backend-netapp.yaml b/puppet/services/cinder-backend-netapp.yaml index bddc8e1a..fbde4c0a 100644 --- a/puppet/services/cinder-backend-netapp.yaml +++ b/puppet/services/cinder-backend-netapp.yaml @@ -93,6 +93,12 @@ parameters: CinderNetappWebservicePath: type: string default: '/devmgr/v2' + CinderNetappNasSecureFileOperations: + type: string + default: 'false' + CinderNetappNasSecureFilePermissions: + type: string + default: 'false' # DEPRECATED options for compatibility with older versions CinderNetappEseriesHostType: type: string @@ -133,5 +139,7 @@ outputs: cinder::backend::netapp::netapp_storage_pools: {get_param: CinderNetappStoragePools} cinder::backend::netapp::netapp_host_type: {get_param: CinderNetappHostType} cinder::backend::netapp::netapp_webservice_path: {get_param: CinderNetappWebservicePath} + cinder::backend::netapp::nas_secure_file_operations: {get_param: CinderNetappNasSecureFileOperations} + cinder::backend::netapp::nas_secure_file_permissions: {get_param: CinderNetappNasSecureFilePermissions} step_config: | include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index fe95222b..1f8c345d 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -40,6 +40,20 @@ parameters: NFS servers used by Cinder NFS backend. Effective when CinderEnableNfsBackend is true. type: comma_delimited_list + CinderNasSecureFileOperations: + default: false + description: > + Controls whether security enhanced NFS file operations are enabled. + Valid values are 'auto', 'true' or 'false'. Effective when + CinderEnableNfsBackend is true. + type: string + CinderNasSecureFilePermissions: + default: false + description: > + Controls whether security enhanced NFS file permissions are enabled. + Valid values are 'auto', 'true' or 'false'. Effective when + CinderEnableNfsBackend is true. + type: string CinderRbdPoolName: default: volumes type: string @@ -105,6 +119,8 @@ outputs: tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend} tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions} tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: {get_param: CinderNfsServers} + tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_operations: {get_param: CinderNasSecureFileOperations} + tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_permissions: {get_param: CinderNasSecureFilePermissions} tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper} tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_protocol: {get_param: CinderISCSIProtocol} diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 93bced8b..092d0720 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -55,7 +55,7 @@ parameters: HorizonSecureCookies: description: Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in Horizon type: boolean - default: true + default: false MemcachedIPv6: default: false description: Enable IPv6 features in Memcached. diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index f3a9cbc4..af494016 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -113,10 +113,23 @@ parameters: description: The second Keystone credential key. Must be a valid key. KeystoneFernetKey0: type: string - description: The first Keystone fernet key. Must be a valid key. + default: '' + description: (DEPRECATED) The first Keystone fernet key. Must be a valid key. KeystoneFernetKey1: type: string - description: The second Keystone fernet key. Must be a valid key. + default: '' + description: (DEPRECATED) The second Keystone fernet key. Must be a valid key. + KeystoneFernetKeys: + type: json + description: Mapping containing keystone's fernet keys and their paths. + ManageKeystoneFernetKeys: + type: boolean + default: true + description: Whether TripleO should manage the keystone fernet keys or not. + If set to true, the fernet keys will get the values from the + saved keys repository in mistral (the KeystoneFernetKeys + variable). If set to false, only the stack creation + initializes the keys, but subsequent updates won't touch them. KeystoneLoggingSource: type: json default: @@ -187,6 +200,17 @@ parameters: default: {} hidden: true +parameter_groups: +- label: deprecated + description: | + The following parameters are deprecated and will be removed. They should not + be relied on for new deployments. If you have concerns regarding deprecated + parameters, please contact the TripleO development team on IRC or the + OpenStack mailing list. + parameters: + - KeystoneFernetKey0 + - KeystoneFernetKey1 + resources: ApacheServiceBase: @@ -241,12 +265,8 @@ outputs: content: {get_param: KeystoneCredential0} '/etc/keystone/credential-keys/1': content: {get_param: KeystoneCredential1} - keystone::fernet_keys: - '/etc/keystone/fernet-keys/0': - content: {get_param: KeystoneFernetKey0} - '/etc/keystone/fernet-keys/1': - content: {get_param: KeystoneFernetKey1} - keystone::fernet_replace_keys: false + keystone::fernet_keys: {get_param: KeystoneFernetKeys} + keystone::fernet_replace_keys: {get_param: ManageKeystoneFernetKeys} keystone::debug: if: - service_debug_unset diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml index c124d1e6..090640ed 100644 --- a/puppet/services/neutron-sriov-agent.yaml +++ b/puppet/services/neutron-sriov-agent.yaml @@ -65,6 +65,24 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + # Merging role-specific parameters (RoleParameters) with the default parameters. + # RoleParameters will have the precedence over the default parameters. + RoleParametersValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - map_replace: + - neutron::agents::ml2::sriov::physical_device_mappings: NeutronPhysicalDevMappings + neutron::agents::ml2::sriov::exclude_devices: NeutronExcludeDevices + tripleo::host::sriov::number_of_vfs: NeutronSriovNumVFs + - values: {get_param: [RoleParameters]} + - values: + NeutronPhysicalDevMappings: {get_param: NeutronPhysicalDevMappings} + NeutronExcludeDevices: {get_param: NeutronExcludeDevices} + NeutronSriovNumVFs: {get_param: NeutronSriovNumVFs} + outputs: role_data: description: Role data for the Neutron SR-IOV nic agent service. @@ -73,8 +91,6 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - - neutron::agents::ml2::sriov::physical_device_mappings: {get_param: NeutronPhysicalDevMappings} - neutron::agents::ml2::sriov::exclude_devices: {get_param: NeutronExcludeDevices} - tripleo::host::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs} + - get_attr: [RoleParametersValue, value] step_config: | include ::tripleo::profile::base::neutron::sriov diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml index a41e34f7..0289b7a7 100644 --- a/puppet/services/panko-api.yaml +++ b/puppet/services/panko-api.yaml @@ -84,8 +84,8 @@ outputs: tripleo.panko_api.firewall_rules: '140 panko-api': dport: - - 8779 - - 13779 + - 8977 + - 13977 panko::api::host: str_replace: template: diff --git a/releasenotes/notes/Introduce-ManageKeystoneFernetKeys-parameter-2478cf5fc5e64256.yaml b/releasenotes/notes/Introduce-ManageKeystoneFernetKeys-parameter-2478cf5fc5e64256.yaml new file mode 100644 index 00000000..64a4d7e7 --- /dev/null +++ b/releasenotes/notes/Introduce-ManageKeystoneFernetKeys-parameter-2478cf5fc5e64256.yaml @@ -0,0 +1,6 @@ +--- +features: + - This introduces the ManageKeystoneFernetKeys parameter, which tells + heat/puppet if it should replace the existing fernet keys on a stack + deployment or not. This is useful if the deployer wants to do key rotations + out of band. diff --git a/releasenotes/notes/Use-KeystoneFernetKeys-parameter-bd635a106bb8e00f.yaml b/releasenotes/notes/Use-KeystoneFernetKeys-parameter-bd635a106bb8e00f.yaml new file mode 100644 index 00000000..1e2673f1 --- /dev/null +++ b/releasenotes/notes/Use-KeystoneFernetKeys-parameter-bd635a106bb8e00f.yaml @@ -0,0 +1,10 @@ +--- +features: + - The KeystoneFernetKeys parameter was introduced, which is able to take any + amount of keys as long as it's in the right format. It's generated by the + same mechanism as the rest of the passwords; so it's value is also + available via mistral's "password" environment variable. This will also + allow for rotations to be made via mistral and via stack updates. +deprecations: + - The individual keystone fernet key parameters (KeystoneFernetKey0 and + KeystoneFernetKey1) were deprecated in favor of KeystoneFernetKeys. diff --git a/releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml b/releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml new file mode 100644 index 00000000..73b9f9c9 --- /dev/null +++ b/releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml @@ -0,0 +1,5 @@ +--- +features: + - Add parameters to control the Cinder NAS security settings associated + with the NFS and NetApp Cinder back ends. The settings are disabled + by default. diff --git a/releasenotes/notes/change-panko-api-port-fb8967420cd036b1.yaml b/releasenotes/notes/change-panko-api-port-fb8967420cd036b1.yaml new file mode 100644 index 00000000..353d16db --- /dev/null +++ b/releasenotes/notes/change-panko-api-port-fb8967420cd036b1.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - Changed panko api port to run on 8977 instead of 8779. 8779 is reserved + for trove. Hence changing to avoid conflicts. diff --git a/releasenotes/notes/pre-network-config-role-specific-b36cc4bd6383e493.yaml b/releasenotes/notes/pre-network-config-role-specific-b36cc4bd6383e493.yaml new file mode 100644 index 00000000..95e9260b --- /dev/null +++ b/releasenotes/notes/pre-network-config-role-specific-b36cc4bd6383e493.yaml @@ -0,0 +1,11 @@ +--- +features: + - PreNetworkConfig is modified to support role-specific parameters. +upgrade: + - PreNetworkConfig takes a new parameter, RoleParameters. All the templates + associated with PreNetworkConfig should add this new parameter during + upgrade. +deprecations: + - Parameters {{role}}KernelArgs, {{role}}TunedProfileName and + {{role}}HostCpusList are deprecated. Alternatively, role-specific + parameter support has been added with the same names. diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml index 16873fd1..b0117400 100644 --- a/roles/BlockStorage.yaml +++ b/roles/BlockStorage.yaml @@ -16,6 +16,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp diff --git a/roles/Compute.yaml b/roles/Compute.yaml index d6bd1f3c..75a6f608 100644 --- a/roles/Compute.yaml +++ b/roles/Compute.yaml @@ -25,6 +25,7 @@ - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronLinuxbridgeAgent diff --git a/roles/Controller.yaml b/roles/Controller.yaml index cccb75af..b0a13138 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -63,6 +63,7 @@ - OS::TripleO::Services::Horizon - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml index 0a9bcadf..bcdedc71 100644 --- a/roles/Undercloud.yaml +++ b/roles/Undercloud.yaml @@ -19,6 +19,7 @@ - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor - OS::TripleO::Services::IronicPxe + - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Keystone - OS::TripleO::Services::Memcached - OS::TripleO::Services::MistralApi diff --git a/roles_data.yaml b/roles_data.yaml index 23f8d19a..f96e5625 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -66,6 +66,7 @@ - OS::TripleO::Services::Horizon - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone @@ -154,6 +155,7 @@ - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronLinuxbridgeAgent @@ -189,6 +191,7 @@ - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index d6a30a1e..50083ce4 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -22,6 +22,7 @@ - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor - OS::TripleO::Services::IronicPxe + - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Keystone - OS::TripleO::Services::Memcached - OS::TripleO::Services::MistralApi diff --git a/sample-env-generator/README.rst b/sample-env-generator/README.rst new file mode 100644 index 00000000..71e9810a --- /dev/null +++ b/sample-env-generator/README.rst @@ -0,0 +1,149 @@ +Sample Environment Generator +---------------------------- + +This is a tool to automate the generation of our sample environment +files. It takes a yaml file as input, and based on the environments +defined in that file generates a number of sample environment files +from the parameters in the Heat templates. + +Usage +===== + +The simplest case is when an existing sample environment needs to be +updated to reflect changes in the templates. Use the tox ``genconfig`` +target to do this:: + + tox -e genconfig + +.. note:: The tool should be run from the root directory of the + ``tripleo-heat-templates`` project. + +If a new sample environment is needed, it should be added to the +``sample-env-generator/sample-environments.yaml`` file. The existing +entries in the file can be used as examples, and a more detailed +explanation of the different available keys is below: + +- **name**: the output file will be this name + .yaml, in the + ``environments`` directory. +- **title**: a human-readable title for the environment. +- **description**: A description of the environment. Will be included + as a comment at the top of the sample file. +- **files**: The Heat templates containing the parameter definitions + for the environment. Should be specified as a path relative to the + root of the ``tripleo-heat-templates`` project. For example: + ``puppet/extraconfig/tls/tls-cert-inject.yaml:``. Each filename + should be a YAML dictionary that contains a ``parameters`` entry. +- **parameters**: There should be one ``parameters`` entry per file in the + ``files`` section (see the example configuration below). + This can be either a list of parameters related to + the environment, which is necessary for templates like + overcloud.yaml, or the string 'all', which indicates that all + parameters from the file should be included. +- **static**: Can be used to specify that certain parameters must + not be changed. Examples would be the EnableSomething params + in the templates. When writing a sample config for Something, + ``EnableSomething: True`` would be a static param, since it + would be nonsense to include the environment with it set to any other + value. +- **sample_values**: Sometimes it is useful to include a sample value + for a parameter that is not the parameter's actual default. + An example of this is the SSLCertificate param in the enable-tls + environment file. +- **resource_registry**: Many environments also need to pass + resource_registry entries when they are used. This can be used + to specify that in the configuration file. + +Some behavioral notes: + +- Parameters without default values will be marked as mandatory to indicate + that the user must set a value for them. +- It is no longer recommended to set parameters using the ``parameters`` + section. Instead, all parameters should be set as ``parameter_defaults`` + which will work regardless of whether the parameter is top-level or nested. + Therefore, the tool will always set parameters in the ``parameter_defaults`` + section. +- Parameters whose name begins with the _ character are treated as private. + This indicates that the parameter value will be passed in from another + template and does not need to be exposed directly to the user. + +If adding a new environment, don't forget to add the new file to the +git repository so it will be included with the review. + +Example +======= + +Given a Heat template named ``example.yaml`` that looks like:: + + parameters: + EnableExample: + default: False + description: Enable the example feature + type: boolean + ParamOne: + default: one + description: First example param + type: string + ParamTwo: + description: Second example param + type: number + _PrivateParam: + default: does not matter + description: Will not show up + type: string + +And an environment generator entry that looks like:: + + environments: + - + name: example + title: Example Environment + description: | + An example environment demonstrating how to use the sample + environment generator. This text will be included at the top + of the generated file as a comment. + files: + example.yaml: + parameters: all + sample_values: + EnableExample: True + static: + - EnableExample + resource_registry: + OS::TripleO::ExampleData: ../extraconfig/example.yaml + +The generated environment file would look like:: + + # ******************************************************************* + # This file was created automatically by the sample environment + # generator. Developers should use `tox -e genconfig` to update it. + # Users are recommended to make changes to a copy of the file instead + # of the original, if any customizations are needed. + # ******************************************************************* + # title: Example Environment + # description: | + # An example environment demonstrating how to use the sample + # environment generator. This text will be included at the top + # of the generated file as a comment. + parameter_defaults: + # First example param + # Type: string + ParamOne: one + + # Second example param + # Mandatory. This parameter must be set by the user. + # Type: number + ParamTwo: <None> + + # ****************************************************** + # Static parameters - these are values that must be + # included in the environment but should not be changed. + # ****************************************************** + # Enable the example feature + # Type: boolean + EnableExample: True + + # ********************* + # End static parameters + # ********************* + resource_registry: + OS::TripleO::ExampleData: ../extraconfig/example.yaml diff --git a/sample-env-generator/sample-environments.yaml b/sample-env-generator/sample-environments.yaml new file mode 100644 index 00000000..ffda7aca --- /dev/null +++ b/sample-env-generator/sample-environments.yaml @@ -0,0 +1,17 @@ +environments: + - + name: predictable-placement/custom-hostnames + title: Custom Hostnames + files: + overcloud.yaml: + parameters: + - ControllerHostnameFormat + - ComputeHostnameFormat + - BlockStorageHostnameFormat + - ObjectStorageHostnameFormat + - CephStorageHostnameFormat + description: | + Hostname format for each role + Note %index% is translated into the index of the node, e.g 0/1/2 etc + and %stackname% is replaced with OS::stack_name in the template below. + If you want to use the heat generated names, pass '' (empty string). diff --git a/test-requirements.txt b/test-requirements.txt index 76f03d75..df5af85d 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -7,3 +7,11 @@ six>=1.9.0 # MIT sphinx!=1.6.1,>=1.5.1 # BSD oslosphinx>=4.7.0 # Apache-2.0 reno!=2.3.1,>=1.8.0 # Apache-2.0 +coverage>=4.0,!=4.4 # Apache-2.0 +fixtures>=3.0.0 # Apache-2.0/BSD +python-subunit>=0.0.18 # Apache-2.0/BSD +testrepository>=0.0.18 # Apache-2.0/BSD +testscenarios>=0.4 # Apache-2.0/BSD +testtools>=1.4.0 # MIT +mock>=2.0 # BSD +oslotest>=1.10.0 # Apache-2.0 @@ -1,12 +1,14 @@ [tox] minversion = 1.6 skipsdist = True +envlist = py35,py27,pep8 [testenv] usedevelop = True install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages} deps = -r{toxinidir}/requirements.txt -r{toxinidir}/test-requirements.txt +commands = python setup.py testr --slowest --testr-args='{posargs}' [testenv:venv] commands = {posargs} @@ -22,3 +24,11 @@ commands = python ./tools/process-templates.py [testenv:releasenotes] commands = bash -c tools/releasenotes_tox.sh + +[testenv:cover] +commands = python setup.py test --coverage --coverage-package-name=tripleo_heat_templates --testr-args='{posargs}' + +[testenv:genconfig] +commands = + python ./tools/process-templates.py + python ./tripleo_heat_templates/environment_generator.py sample-env-generator/sample-environments.yaml diff --git a/tripleo_heat_templates/__init__.py b/tripleo_heat_templates/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tripleo_heat_templates/__init__.py diff --git a/tripleo_heat_templates/environment_generator.py b/tripleo_heat_templates/environment_generator.py new file mode 100755 index 00000000..e2f48720 --- /dev/null +++ b/tripleo_heat_templates/environment_generator.py @@ -0,0 +1,189 @@ +#!/usr/bin/env python + +# Copyright 2015 Red Hat Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import errno +import os +import sys +import yaml + + +_PARAM_FORMAT = u""" # %(description)s + %(mandatory)s# Type: %(type)s + %(name)s: %(default)s +""" +_STATIC_MESSAGE_START = ( + ' # ******************************************************\n' + ' # Static parameters - these are values that must be\n' + ' # included in the environment but should not be changed.\n' + ' # ******************************************************\n' + ) +_STATIC_MESSAGE_END = (' # *********************\n' + ' # End static parameters\n' + ' # *********************\n' + ) +_FILE_HEADER = ( + '# *******************************************************************\n' + '# This file was created automatically by the sample environment\n' + '# generator. Developers should use `tox -e genconfig` to update it.\n' + '# Users are recommended to make changes to a copy of the file instead\n' + '# of the original, if any customizations are needed.\n' + '# *******************************************************************\n' + ) +# Certain parameter names can't be changed, but shouldn't be shown because +# they are never intended for direct user input. +_PRIVATE_OVERRIDES = ['server', 'servers', 'NodeIndex'] + + +def _create_output_dir(target_file): + try: + os.makedirs(os.path.dirname(target_file)) + except OSError as e: + if e.errno == errno.EEXIST: + pass + else: + raise + + +def _generate_environment(input_env, parent_env=None): + if parent_env is None: + parent_env = {} + env = dict(parent_env) + env.update(input_env) + parameter_defaults = {} + param_names = [] + for template_file, template_data in env['files'].items(): + with open(template_file) as f: + f_data = yaml.safe_load(f) + f_params = f_data['parameters'] + parameter_defaults.update(f_params) + if template_data['parameters'] == 'all': + new_names = [k for k, v in f_params.items()] + else: + new_names = template_data['parameters'] + missing_params = [name for name in new_names + if name not in f_params] + if missing_params: + raise RuntimeError('Did not find specified parameter names %s ' + 'in file %s for environment %s' % + (missing_params, template_file, + env['name'])) + param_names += new_names + + static_names = env.get('static', []) + static_defaults = {k: v for k, v in parameter_defaults.items() + if k in param_names and + k in static_names + } + parameter_defaults = {k: v for k, v in parameter_defaults.items() + if k in param_names and + k not in _PRIVATE_OVERRIDES and + not k.startswith('_') and + k not in static_names + } + for k, v in env.get('sample_values', {}).items(): + if k in parameter_defaults: + parameter_defaults[k]['sample'] = v + if k in static_defaults: + static_defaults[k]['sample'] = v + + def write_sample_entry(f, name, value): + default = value.get('default') + mandatory = '' + if default is None: + mandatory = ('# Mandatory. This parameter must be set by the ' + 'user.\n ') + default = '<None>' + if value.get('sample') is not None: + default = value['sample'] + if default == '': + default = "''" + try: + # If the default value is something like %index%, yaml won't + # parse the output correctly unless we wrap it in quotes. + # However, not all default values can be wrapped so we need to + # do it conditionally. + if default.startswith('%'): + default = "'%s'" % default + except AttributeError: + pass + + values = {'name': name, + 'type': value['type'], + 'description': + value.get('description', '').rstrip().replace('\n', + '\n # '), + 'default': default, + 'mandatory': mandatory, + } + f.write(_PARAM_FORMAT % values + '\n') + + target_file = os.path.join('environments', env['name'] + '.yaml') + _create_output_dir(target_file) + with open(target_file, 'w') as env_file: + env_file.write(_FILE_HEADER) + # TODO(bnemec): Once Heat allows the title and description to live in + # the environment itself, uncomment these entries and make them + # top-level keys in the YAML. + env_title = env.get('title', '') + env_file.write(u'# title: %s\n' % env_title) + env_desc = env.get('description', '') + env_file.write(u'# description: |\n') + for line in env_desc.splitlines(): + env_file.write(u'# %s\n' % line) + + if parameter_defaults: + env_file.write(u'parameter_defaults:\n') + for name, value in sorted(parameter_defaults.items()): + write_sample_entry(env_file, name, value) + if static_defaults: + env_file.write(_STATIC_MESSAGE_START) + for name, value in sorted(static_defaults.items()): + write_sample_entry(env_file, name, value) + if static_defaults: + env_file.write(_STATIC_MESSAGE_END) + + if env.get('resource_registry'): + env_file.write(u'resource_registry:\n') + for res, value in sorted(env.get('resource_registry', {}).items()): + env_file.write(u' %s: %s\n' % (res, value)) + print('Wrote sample environment "%s"' % target_file) + + for e in env.get('children', []): + _generate_environment(e, env) + + +def generate_environments(config_file): + with open(config_file) as f: + config = yaml.safe_load(f) + for env in config['environments']: + _generate_environment(env) + + +def usage(exit_code=1): + print('Usage: %s <filename.yaml>' % sys.argv[0]) + sys.exit(exit_code) + + +def main(): + try: + config_file = sys.argv[1] + except IndexError: + usage() + generate_environments(config_file) + + +if __name__ == '__main__': + main() diff --git a/tripleo_heat_templates/tests/__init__.py b/tripleo_heat_templates/tests/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/tripleo_heat_templates/tests/__init__.py diff --git a/tripleo_heat_templates/tests/test_environment_generator.py b/tripleo_heat_templates/tests/test_environment_generator.py new file mode 100644 index 00000000..d0a622da --- /dev/null +++ b/tripleo_heat_templates/tests/test_environment_generator.py @@ -0,0 +1,396 @@ +# Copyright 2015 Red Hat Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import io +import tempfile + +import mock +from oslotest import base +import six +import testscenarios + +from tripleo_heat_templates import environment_generator + +load_tests = testscenarios.load_tests_apply_scenarios + +basic_template = ''' +parameters: + FooParam: + default: foo + description: Foo description + type: string + BarParam: + default: 42 + description: Bar description + type: number +resources: + # None +''' +basic_private_template = ''' +parameters: + FooParam: + default: foo + description: Foo description + type: string + _BarParam: + default: 42 + description: Bar description + type: number +resources: + # None +''' +mandatory_template = ''' +parameters: + FooParam: + description: Mandatory param + type: string +resources: + # None +''' +index_template = ''' +parameters: + FooParam: + description: Param with %index% as its default + type: string + default: '%index%' +resources: + # None +''' +multiline_template = ''' +parameters: + FooParam: + description: | + Parameter with + multi-line description + type: string + default: '' +resources: + # None +''' + + +class GeneratorTestCase(base.BaseTestCase): + content_scenarios = [ + ('basic', + {'template': basic_template, + 'exception': None, + 'input_file': '''environments: + - + name: basic + title: Basic Environment + description: Basic description + files: + foo.yaml: + parameters: all +''', + 'expected_output': '''# title: Basic Environment +# description: | +# Basic description +parameter_defaults: + # Bar description + # Type: number + BarParam: 42 + + # Foo description + # Type: string + FooParam: foo + +''', + }), + ('basic-one-param', + {'template': basic_template, + 'exception': None, + 'input_file': '''environments: + - + name: basic + title: Basic Environment + description: Basic description + files: + foo.yaml: + parameters: + - FooParam +''', + 'expected_output': '''# title: Basic Environment +# description: | +# Basic description +parameter_defaults: + # Foo description + # Type: string + FooParam: foo + +''', + }), + ('basic-static-param', + {'template': basic_template, + 'exception': None, + 'input_file': '''environments: + - + name: basic + title: Basic Environment + description: Basic description + files: + foo.yaml: + parameters: all + static: + - BarParam +''', + 'expected_output': '''# title: Basic Environment +# description: | +# Basic description +parameter_defaults: + # Foo description + # Type: string + FooParam: foo + + # ****************************************************** + # Static parameters - these are values that must be + # included in the environment but should not be changed. + # ****************************************************** + # Bar description + # Type: number + BarParam: 42 + + # ********************* + # End static parameters + # ********************* +''', + }), + ('basic-static-param-sample', + {'template': basic_template, + 'exception': None, + 'input_file': '''environments: + - + name: basic + title: Basic Environment + description: Basic description + files: + foo.yaml: + parameters: all + static: + - BarParam + sample_values: + BarParam: 1 + FooParam: '' +''', + 'expected_output': '''# title: Basic Environment +# description: | +# Basic description +parameter_defaults: + # Foo description + # Type: string + FooParam: '' + + # ****************************************************** + # Static parameters - these are values that must be + # included in the environment but should not be changed. + # ****************************************************** + # Bar description + # Type: number + BarParam: 1 + + # ********************* + # End static parameters + # ********************* +''', + }), + ('basic-private', + {'template': basic_private_template, + 'exception': None, + 'input_file': '''environments: + - + name: basic + title: Basic Environment + description: Basic description + files: + foo.yaml: + parameters: all +''', + 'expected_output': '''# title: Basic Environment +# description: | +# Basic description +parameter_defaults: + # Foo description + # Type: string + FooParam: foo + +''', + }), + ('mandatory', + {'template': mandatory_template, + 'exception': None, + 'input_file': '''environments: + - + name: basic + title: Basic Environment + description: Basic description + files: + foo.yaml: + parameters: all +''', + 'expected_output': '''# title: Basic Environment +# description: | +# Basic description +parameter_defaults: + # Mandatory param + # Mandatory. This parameter must be set by the user. + # Type: string + FooParam: <None> + +''', + }), + ('basic-sample', + {'template': basic_template, + 'exception': None, + 'input_file': '''environments: + - + name: basic + title: Basic Environment + description: Basic description + files: + foo.yaml: + parameters: all + sample_values: + FooParam: baz +''', + 'expected_output': '''# title: Basic Environment +# description: | +# Basic description +parameter_defaults: + # Bar description + # Type: number + BarParam: 42 + + # Foo description + # Type: string + FooParam: baz + +''', + }), + ('basic-resource-registry', + {'template': basic_template, + 'exception': None, + 'input_file': '''environments: + - + name: basic + title: Basic Environment + description: Basic description + files: + foo.yaml: + parameters: all + resource_registry: + OS::TripleO::FakeResource: fake-filename.yaml +''', + 'expected_output': '''# title: Basic Environment +# description: | +# Basic description +parameter_defaults: + # Bar description + # Type: number + BarParam: 42 + + # Foo description + # Type: string + FooParam: foo + +resource_registry: + OS::TripleO::FakeResource: fake-filename.yaml +''', + }), + ('missing-param', + {'template': basic_template, + 'exception': RuntimeError, + 'input_file': '''environments: + - + name: basic + title: Basic Environment + description: Basic description + files: + foo.yaml: + parameters: + - SomethingNonexistent +''', + 'expected_output': None, + }), + ('percent-index', + {'template': index_template, + 'exception': None, + 'input_file': '''environments: + - + name: basic + title: Basic Environment + description: Basic description + files: + foo.yaml: + parameters: all +''', + 'expected_output': '''# title: Basic Environment +# description: | +# Basic description +parameter_defaults: + # Param with %index% as its default + # Type: string + FooParam: '%index%' + +''', + }), + ('multi-line-desc', + {'template': multiline_template, + 'exception': None, + 'input_file': '''environments: + - + name: basic + title: Basic Environment + description: Basic description + files: + foo.yaml: + parameters: all +''', + 'expected_output': '''# title: Basic Environment +# description: | +# Basic description +parameter_defaults: + # Parameter with + # multi-line description + # Type: string + FooParam: '' + +''', + }), + ] + + @classmethod + def generate_scenarios(cls): + cls.scenarios = testscenarios.multiply_scenarios( + cls.content_scenarios) + + def test_generator(self): + fake_input = io.StringIO(six.text_type(self.input_file)) + fake_template = io.StringIO(six.text_type(self.template)) + _, fake_output_path = tempfile.mkstemp() + fake_output = open(fake_output_path, 'w') + with mock.patch('tripleo_heat_templates.environment_generator.open', + create=True) as mock_open: + mock_open.side_effect = [fake_input, fake_template, fake_output] + if not self.exception: + environment_generator.generate_environments('ignored.yaml') + else: + self.assertRaises(self.exception, + environment_generator.generate_environments, + 'ignored.yaml') + return + expected = environment_generator._FILE_HEADER + self.expected_output + with open(fake_output_path) as f: + self.assertEqual(expected, f.read()) + +GeneratorTestCase.generate_scenarios() |