diff options
-rw-r--r-- | ci/environments/scenario001-multinode.yaml | 1 | ||||
-rw-r--r-- | docker/docker-steps.j2 | 23 | ||||
-rw-r--r-- | docker/services/database/redis.yaml | 78 | ||||
-rw-r--r-- | docker/services/etcd.yaml | 105 | ||||
-rw-r--r-- | environments/docker.yaml | 1 | ||||
-rw-r--r-- | environments/services-docker/etcd.yaml | 2 | ||||
-rw-r--r-- | puppet/services/ceilometer-base.yaml | 2 | ||||
-rw-r--r-- | puppet/services/etcd.yaml | 77 | ||||
-rw-r--r-- | puppet/services/ironic-conductor.yaml | 8 | ||||
-rw-r--r-- | releasenotes/notes/ironic-boot-option-3f3036aa5e82ec7e.yaml | 12 | ||||
-rw-r--r-- | requirements.txt | 2 |
11 files changed, 271 insertions, 40 deletions
diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index 6995deae..15800243 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -4,6 +4,7 @@ resource_registry: OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml + OS::TripleO::Services::PankoApi: ../../puppet/services/panko-api.yaml OS::TripleO::Services::Collectd: ../../puppet/services/metrics/collectd.yaml OS::TripleO::Services::Tacker: ../../puppet/services/tacker.yaml OS::TripleO::Services::Congress: ../../puppet/services/congress.yaml diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index d41b1056..1d5605b2 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -256,14 +256,12 @@ resources: # BEGIN BAREMETAL CONFIG STEPS - {% if role.name == 'Controller' %} - ControllerPreConfig: - type: OS::TripleO::Tasks::ControllerPreConfig + {{role.name}}PreConfig: + type: OS::TripleO::Tasks::{{role.name}}PreConfig properties: - servers: {get_param: [servers, Controller]} + servers: {get_param: [servers, {{role.name}}]} input_values: update_identifier: {get_param: DeployIdentifier} - {% endif %} {{role.name}}Config: type: OS::TripleO::{{role.name}}Config @@ -309,10 +307,12 @@ resources: type: OS::Heat::StructuredDeploymentGroup {% if step == 1 %} depends_on: - - {{role.name}}PreConfig - {{role.name}}KollaJsonDeployment - {{role.name}}GenPuppetDeployment - {{role.name}}GenerateConfigDeployment + {%- for dep in roles %} + - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first + {%- endfor %} {% else %} depends_on: {% for dep in roles %} @@ -353,15 +353,4 @@ resources: properties: servers: {get_param: [servers, {{role.name}}]} - {% if role.name == 'Controller' %} - ControllerPostConfig: - depends_on: - - ControllerExtraConfigPost - type: OS::TripleO::Tasks::ControllerPostConfig - properties: - servers: {get_param: [servers, Controller]} - input_values: - update_identifier: {get_param: DeployIdentifier} - {% endif %} - {% endfor %} diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml new file mode 100644 index 00000000..ca7b86ab --- /dev/null +++ b/docker/services/database/redis.yaml @@ -0,0 +1,78 @@ +heat_template_version: ocata + +description: > + OpenStack containerized Redis services + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerRedisImage: + description: image + default: 'centos-binary-redis:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + +resources: + + RedisBase: + type: ../../../puppet/services/database/redis.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Redis API role. + value: + service_name: {get_attr: [RedisBase, role_data, service_name]} + config_settings: {get_attr: [RedisBase, role_data, config_settings]} + step_config: &step_config + get_attr: [RedisBase, role_data, step_config] + service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: 'redis' + puppet_tags: 'file' + step_config: *step_config + config_image: &redis_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerRedisImage} ] + kolla_config: + /var/lib/kolla/config_files/redis.json: + command: /usr/bin/redis-server /etc/redis.conf + docker_config: + step_1: + redis: + image: *redis_image + net: host + privileged: false + restart: always + volumes: + - /run:/run + - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/redis/etc/:/etc/:ro + - /etc/localtime:/etc/localtime:ro + - logs:/var/log/kolla + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable redis service + tags: step2 + service: name=redis state=stopped enabled=no diff --git a/docker/services/etcd.yaml b/docker/services/etcd.yaml new file mode 100644 index 00000000..0a7daef8 --- /dev/null +++ b/docker/services/etcd.yaml @@ -0,0 +1,105 @@ +heat_template_version: ocata + +description: > + OpenStack containerized etcd services + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerEtcdImage: + description: image + default: 'centos-binary-etcd:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EtcdInitialClusterToken: + description: Initial cluster token for the etcd cluster during bootstrap. + type: string + hidden: true + +resources: + + EtcdPuppetBase: + type: ../../puppet/services/etcd.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EtcdInitialClusterToken: {get_param: EtcdInitialClusterToken} + +outputs: + role_data: + description: Role data for the etcd role. + value: + service_name: {get_attr: [EtcdPuppetBase, role_data, service_name]} + step_config: &step_config + list_join: + - "\n" + - - "['Etcd_key'].each |String $val| { noop_resource($val) }" + - get_attr: [EtcdPuppetBase, role_data, step_config] + config_settings: + map_merge: + - {get_attr: [EtcdPuppetBase, role_data, config_settings]} + - etcd::manage_service: false + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: etcd + step_config: *step_config + config_image: &etcd_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerEtcdImage} ] + kolla_config: + /var/lib/kolla/config_files/etcd.json: + command: /usr/bin/etcd --config-file /etc/etcd/etcd.yml + permissions: + - path: /var/lib/etcd + owner: etcd:etcd + recurse: true + docker_config: + step_2: + etcd: + image: *etcd_image + net: host + privileged: false + restart: always + volumes: + - /var/lib/etcd:/var/lib/etcd + - /etc/localtime:/etc/localtime:ro + - /var/lib/kolla/config_files/etcd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/etcd/etc/etcd/etcd.yml:/etc/etcd/etcd.yml:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + docker_puppet_tasks: + # Etcd keys initialization occurs only on single node + step_2: + config_volume: 'etcd_init_tasks' + puppet_tags: 'etcd_key' + step_config: 'include ::tripleo::profile::base::etcd' + config_image: *etcd_image + volumes: + - /var/lib/config-data/etcd/etc/:/etc + - /var/lib/etcd:/var/lib/etcd:ro + host_prep_tasks: + - name: create /var/lib/etcd + file: + path: /var/lib/etcd + state: directory + upgrade_tasks: + - name: Stop and disable etcd service + tags: step2 + service: name=etcd state=stopped enabled=no diff --git a/environments/docker.yaml b/environments/docker.yaml index 755e94c2..0c6028d0 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -28,6 +28,7 @@ resource_registry: OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml + OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml diff --git a/environments/services-docker/etcd.yaml b/environments/services-docker/etcd.yaml new file mode 100644 index 00000000..c4201cf4 --- /dev/null +++ b/environments/services-docker/etcd.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::Etcd: ../../docker/services/etcd.yaml diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index e1613720..d524e612 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -88,7 +88,6 @@ outputs: value: service_name: ceilometer_base config_settings: - ceilometer_auth_enabled: true ceilometer::debug: {get_param: Debug} ceilometer::db::database_connection: list_join: @@ -133,6 +132,7 @@ outputs: ceilometer::telemetry_secret: {get_param: CeilometerMeteringSecret} service_config_settings: keystone: + ceilometer_auth_enabled: true ceilometer::keystone::auth::public_url: {get_param: [EndpointMap, CeilometerPublic, uri]} ceilometer::keystone::auth::internal_url: {get_param: [EndpointMap, CeilometerInternal, uri]} ceilometer::keystone::auth::admin_url: {get_param: [EndpointMap, CeilometerAdmin, uri]} diff --git a/puppet/services/etcd.yaml b/puppet/services/etcd.yaml index 5db8bec0..ec682531 100644 --- a/puppet/services/etcd.yaml +++ b/puppet/services/etcd.yaml @@ -25,6 +25,13 @@ parameters: MonitoringSubscriptionEtcd: default: 'overcloud-etcd' type: string + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} outputs: role_data: @@ -33,27 +40,47 @@ outputs: service_name: etcd monitoring_subscription: {get_param: MonitoringSubscriptionEtcd} config_settings: - etcd::etcd_name: - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]} - # NOTE: bind IP is found in Heat replacing the network name with the local node IP - # for the given network; replacement examples (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]} - tripleo::profile::base::etcd::client_port: '2379' - tripleo::profile::base::etcd::peer_port: '2380' - etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken} - etcd::manage_package: false - tripleo.etcd.firewall_rules: - '141 etcd': - dport: - - 2379 - - 2380 + map_merge: + - + etcd::etcd_name: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]} + tripleo::profile::base::etcd::client_port: '2379' + tripleo::profile::base::etcd::peer_port: '2380' + etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken} + etcd::manage_package: false + tripleo.etcd.firewall_rules: + '141 etcd': + dport: + - 2379 + - 2380 + - + if: + - internal_tls_enabled + - generate_service_certificates: true + tripleo::profile::base::etcd::certificate_specs: + service_certificate: '/etc/pki/tls/certs/etcd.crt' + service_key: '/etc/pki/tls/private/etcd.key' + hostname: + str_replace: + template: "%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]} + principal: + str_replace: + template: "etcd/%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]} + - {} step_config: | include ::tripleo::profile::base::etcd upgrade_tasks: @@ -71,3 +98,11 @@ outputs: - name: Stop etcd service tags: step2 service: name=etcd state=stopped + metadata_settings: + if: + - internal_tls_enabled + - + - service: etcd + network: {get_param: [ServiceNetMap, EtcdNetwork]} + type: node + - null diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 666967b9..83e2b850 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -32,6 +32,13 @@ parameters: created yet) and should be changed to an actual UUID in a post-deployment stack update. type: string + IronicDefaultBootOption: + default: 'local' + description: How to boot the bare metal instances. Set to 'local' (the + default) to use local bootloader (requires grub2 for partition + images). Set to 'netboot' to make the instances boot from + controllers using PXE/iPXE. + type: string IronicDefaultNetworkInterface: default: 'flat' description: Network interface implementation to use by default. @@ -95,6 +102,7 @@ outputs: ironic::conductor::cleaning_disk_erase: {get_param: IronicCleaningDiskErase} ironic::conductor::cleaning_network: {get_param: IronicCleaningNetwork} ironic::conductor::provisioning_network: {get_param: IronicProvisioningNetwork} + ironic::conductor::default_boot_option: {get_param: IronicDefaultBootOption} ironic::conductor::enabled_drivers: {get_param: IronicEnabledDrivers} ironic::conductor::enabled_hardware_types: {get_param: IronicEnabledHardwareTypes} # We need an endpoint containing a real IP, not a VIP here diff --git a/releasenotes/notes/ironic-boot-option-3f3036aa5e82ec7e.yaml b/releasenotes/notes/ironic-boot-option-3f3036aa5e82ec7e.yaml new file mode 100644 index 00000000..53191bd0 --- /dev/null +++ b/releasenotes/notes/ironic-boot-option-3f3036aa5e82ec7e.yaml @@ -0,0 +1,12 @@ +--- +features: + - | + New configuration ``IronicDefaultBootOption`` allows to change the default + boot option to use for bare metal instances in the overcloud. +upgrade: + - | + The default boot option for bare metal instances in overcloud was changed + to "local". This was already the default for whole-disk images, but for + partition images it requires ``grub2`` to be installed on them. + Use the new ``IronicDefaultBootOption`` configuration to override, or + set ``boot_option`` capability on nodes and flavors. diff --git a/requirements.txt b/requirements.txt index df8a71f5..4a9b7253 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,6 @@ # The order of packages is significant, because pip processes them in the order # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. -pbr>=2.0.0 # Apache-2.0 +pbr!=2.1.0,>=2.0.0 # Apache-2.0 Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause) six>=1.9.0 # MIT |