diff options
133 files changed, 5656 insertions, 1142 deletions
@@ -120,3 +120,7 @@ and should be executed according to the following table: +----------------+-------------+-------------+-------------+-------------+-----------------+ | cephrgw | | X | | X | | +----------------+-------------+-------------+-------------+-------------+-----------------+ +| tacker | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| congress | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ diff --git a/capabilities-map.yaml b/capabilities-map.yaml index 08c455f9..cc22ff92 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -413,10 +413,10 @@ topics: requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-dellsc-config.yaml - title: Cinder Dell Storage Center ISCSI backend + title: Cinder Dell EMC Storage Center ISCSI backend description: > - Enables a Cinder Dell Storage Center ISCSI backend, configured - via puppet + Enables a Cinder Dell EMC Storage Center ISCSI backend, + configured via puppet requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-hpelefthand-config.yaml @@ -426,42 +426,77 @@ topics: via puppet requires: - overcloud-resource-registry-puppet.yaml - - file: environments/cinder-eqlx-config.yaml - title: Cinder EQLX backend + - file: environments/cinder-dellps-config.yaml + title: Cinder Dell EMC PS Series backend description: > - Enables a Cinder EQLX backend, configured via puppet + Enables a Cinder Dell EMC PS Series backend, + configured via puppet requires: - overcloud-resource-registry-puppet.yaml - file: environments/cinder-iser.yaml title: Cinder iSER backend description: > Enable a Cinder iSER RDMA backend, configured via puppet + - file: environments/cinder-scaleio-config.yaml + title: Cinder Dell EMC ScaleIO backend + description: > + Enables a Cinder Dell EMC ScaleIO backend, + configured via puppet requires: - overcloud-resource-registry-puppet.yaml - - title: Externally managed Ceph + - title: Ceph description: > - Enable the use of an externally managed Ceph cluster + Enable the use of Ceph in the overcloud environments: - file: environments/puppet-ceph-external.yaml title: Externally managed Ceph - description: + description: > + Configures the overcloud to use an externally managed Ceph cluster, via RBD driver. + requires: + - overcloud-resource-registry-puppet.yaml + - file: environments/puppet-ceph.yaml + title: TripleO managed Ceph + description: > + Deploys a Ceph cluster via TripleO, requires at lease one CephStorage node or + use of hyperconverged-ceph.yaml environment for the HCI scenario, where CephOSD is + colocated with NovaCompute and configures the overcloud to use it, via RBD driver. requires: - overcloud-resource-registry-puppet.yaml - - title: Ceph Devel + - title: CephMDS description: > - Enable a Ceph storage cluster using the controller and 2 ceph nodes. - Rbd backends are enabled for Cinder, Glance, and Nova. + Deploys CephMDS via TripleO, an additional Ceph service needed to create shared + filesystems hosted in Ceph. environments: - - file: environments/puppet-ceph-devel.yaml - title: Ceph Devel + - file: environments/services/ceph-mds.yaml + title: Deploys CephMDS description: requires: + - environments/puppet-ceph.yaml + - title: Ceph Rados Gateway + description: > + Deploys CephRGW via TripleO, transparently replaces Swift providing a compatible API + which stores data in the Ceph cluster. + environments: + - file: environments/ceph-radosgw.yaml + title: Deploys CephRGW + description: + requires: + - environments/puppet-ceph.yaml + - title: Manila with CephFS + description: > + Deploys Manila and configures it with the CephFS driver. This requires the deployment of + Ceph and CephMDS from TripleO or the use of an external Ceph cluster for the overcloud. + environments: + - file: environments/manila-cephfsnative-config.yaml + title: Deploys Manila with CephFS driver + description: Deploys Manila and configures CephFS as its default backend. + requires: - overcloud-resource-registry-puppet.yaml - title: Storage Environment description: > Can be used to set up storage backends. Defaults to Ceph used as a - backend for Cinder, Glance and Nova ephemeral storage. It configures - for example which services will use Ceph, or if any of the services + backend for Cinder, Glance, Nova ephemeral storage and Gnocchi. It + configures which services will use Ceph, or if any of the services will use NFS. And more. Usually requires to be edited by user first. tags: - no-gui diff --git a/puppet/services/neutron-compute-plugin-opencontrail.yaml b/ci/environments/multinode-core.yaml index bbe4a051..0c07a1b0 100644 --- a/puppet/services/neutron-compute-plugin-opencontrail.yaml +++ b/ci/environments/multinode-core.yaml @@ -1,7 +1,7 @@ heat_template_version: ocata description: > - OpenStack Neutron Compute OpenContrail plugin + OpenStack Core Service parameters: ServiceNetMap: @@ -18,12 +18,20 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + Debug: + type: string + default: '' + +resources: outputs: role_data: - description: Role data for the Neutron Compute OpenContrail plugin + description: Role data for the multinode firewall configuration value: - service_name: neutron_compute_plugin_opencontrail + service_name: multinode_core config_settings: - step_config: | - include ::tripleo::profile::base::neutron::opencontrail::vrouter + tripleo.core.firewall_rules: + '999 core': + proto: 'udp' + dport: + - 4789 diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml index 56d04de5..4859c23a 100644 --- a/ci/environments/multinode_major_upgrade.yaml +++ b/ci/environments/multinode_major_upgrade.yaml @@ -1,12 +1,10 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml - OS::TripleO::Services::Core: multinode-core.yaml parameter_defaults: ControllerServices: - OS::TripleO::Services::CACerts - - OS::TripleO::Services::Core - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index f75c0fd3..72e25704 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -5,6 +5,9 @@ resource_registry: OS::TripleO::Services::CephOSD: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-osd.yaml OS::TripleO::Services::CephClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-client.yaml OS::TripleO::Services::PankoApi: /usr/share/openstack-tripleo-heat-templates/puppet/services/panko-api.yaml + OS::TripleO::Services::Collectd: /usr/share/openstack-tripleo-heat-templates/puppet/services/metrics/collectd.yaml + OS::TripleO::Services::Tacker: /usr/share/openstack-tripleo-heat-templates/puppet/services/tacker.yaml + OS::TripleO::Services::Congress: /usr/share/openstack-tripleo-heat-templates/puppet/services/congress.yaml parameter_defaults: ControllerServices: @@ -60,6 +63,11 @@ parameter_defaults: - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderScheduler - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Tacker + - OS::TripleO::Services::Congress + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu @@ -91,3 +99,5 @@ parameter_defaults: * evidence of criminal activity, system personnel may provide * * the evidence from such monitoring to law enforcement officials.* ****************************************************************** + CollectdExtraPlugins: + - rrdtool diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index e611c6f9..bf4721e2 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -47,6 +47,8 @@ parameter_defaults: - OS::TripleO::Services::MongoDb - OS::TripleO::Services::Zaqar - OS::TripleO::Services::Ec2Api + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml index b26ee0a3..9167010c 100644 --- a/ci/environments/scenario003-multinode.yaml +++ b/ci/environments/scenario003-multinode.yaml @@ -43,6 +43,8 @@ parameter_defaults: - OS::TripleO::Services::MistralApi - OS::TripleO::Services::MistralEngine - OS::TripleO::Services::MistralExecutor + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml index 5b253a84..87b10ca1 100644 --- a/ci/environments/scenario004-multinode.yaml +++ b/ci/environments/scenario004-multinode.yaml @@ -44,6 +44,8 @@ parameter_defaults: - OS::TripleO::Services::CephOSD - OS::TripleO::Services::CephClient - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/scripts/freeipa_setup.sh b/ci/scripts/freeipa_setup.sh index a36493a1..e699841f 100644 --- a/ci/scripts/freeipa_setup.sh +++ b/ci/scripts/freeipa_setup.sh @@ -10,6 +10,9 @@ # - HostsSecret # - ProvisioningCIDR: If set, it adds the given CIDR to the provisioning # interface (which is hardcoded to eth1) +# - UsingNovajoin: If unset, we pre-provision the service principals +# needed for the overcloud deploy. If set, we skip this, +# since novajoin will do it. # set -eux @@ -19,6 +22,15 @@ elif [ -f "/tmp/freeipa-setup.env" ]; then source /tmp/freeipa-setup.env fi +export Hostname=${Hostname:-""} +export FreeIPAIP=${FreeIPAIP:-""} +export DirectoryManagerPassword=${DirectoryManagerPassword:-""} +export AdminPassword=${AdminPassword:-""} +export UndercloudFQDN=${UndercloudFQDN:-""} +export HostsSecret=${HostsSecret:-""} +export ProvisioningCIDR=${ProvisioningCIDR:-""} +export UsingNovajoin=${UsingNovajoin:-""} + if [ -n "$ProvisioningCIDR" ]; then # Add address to provisioning network interface ip link set dev eth1 up @@ -82,7 +94,9 @@ rm -f /etc/httpd/conf.d/ssl.conf # Set up FreeIPA ipa-server-install -U -r `hostname -d|tr "[a-z]" "[A-Z]"` \ -p $DirectoryManagerPassword -a $AdminPassword \ - --hostname `hostname -f` + --hostname `hostname -f` \ + --ip-address=$FreeIPAIP \ + --setup-dns --auto-forwarders --auto-reverse # Authenticate echo $AdminPassword | kinit admin @@ -94,11 +108,13 @@ if [ "$?" = '1' ]; then exit 1 fi -# Create undercloud host -ipa host-add $UndercloudFQDN --password=$HostsSecret --force +if [ -z "$UsingNovajoin" ]; then + # Create undercloud host + ipa host-add $UndercloudFQDN --password=$HostsSecret --force -# Create overcloud nodes and services -git clone https://github.com/JAORMX/freeipa-tripleo-incubator.git -cd freeipa-tripleo-incubator -python create_ipa_tripleo_host_setup.py -w $HostsSecret -d $(hostname -d) \ - --controller-count 1 --compute-count 1 + # Create overcloud nodes and services + git clone https://github.com/JAORMX/freeipa-tripleo-incubator.git + cd freeipa-tripleo-incubator + python create_ipa_tripleo_host_setup.py -w $HostsSecret -d $(hostname -d) \ + --controller-count 1 --compute-count 1 +fi diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml index 865c74e5..dfa8ac2e 100644 --- a/docker/post.j2.yaml +++ b/docker/post.j2.yaml @@ -8,7 +8,6 @@ parameters: servers: type: json description: Mapping of Role name e.g Controller to a list of servers - role_data: type: json description: Mapping of Role name e.g Controller to the per-role data @@ -19,6 +18,11 @@ parameters: description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json resources: diff --git a/environments/cinder-dellps-config.yaml b/environments/cinder-dellps-config.yaml new file mode 100644 index 00000000..eefd0fd6 --- /dev/null +++ b/environments/cinder-dellps-config.yaml @@ -0,0 +1,31 @@ +# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# A Heat environment file which can be used to enable a +# a Cinder Dell EMC PS Series backend, configured via puppet +resource_registry: + OS::TripleO::Services::CinderBackendDellPs: ../puppet/services/cinder-backend-dellps.yaml + +parameter_defaults: + CinderEnableDellPsBackend: true + CinderDellPsBackendName: 'tripleo_dellps' + CinderDellPsSanIp: '' + CinderDellPsSanLogin: '' + CinderDellPsSanPassword: '' + CinderDellPsSanThinProvision: true + CinderDellPsGroupname: 'group-0' + CinderDellPsPool: 'default' + CinderDellPsChapLogin: '' + CinderDellPsChapPassword: '' + CinderDellPsUseChap: false diff --git a/environments/cinder-dellsc-config.yaml b/environments/cinder-dellsc-config.yaml index 92e257d4..617d640c 100644 --- a/environments/cinder-dellsc-config.yaml +++ b/environments/cinder-dellsc-config.yaml @@ -1,7 +1,7 @@ # A Heat environment file which can be used to enable a -# a Cinder Dell Storage Center ISCSI backend, configured via puppet +# Cinder Dell EMC Storage Center ISCSI backend, configured via puppet resource_registry: - OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml + OS::TripleO::Services::CinderBackendDellSc: ../puppet/services/cinder-backend-dellsc.yaml parameter_defaults: CinderEnableDellScBackend: true diff --git a/environments/cinder-eqlx-config.yaml b/environments/cinder-eqlx-config.yaml deleted file mode 100644 index ca2c5e5a..00000000 --- a/environments/cinder-eqlx-config.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# A Heat environment file which can be used to enable a -# a Cinder eqlx backen, configured via puppet -resource_registry: - OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml - -parameter_defaults: - CinderEnableEqlxBackend: true - CinderEqlxBackendName: 'tripleo_eqlx' - CinderEqlxSanIp: '' - CinderEqlxSanLogin: '' - CinderEqlxSanPassword: '' - CinderEqlxSanThinProvision: true - CinderEqlxGroupname: 'group-0' - CinderEqlxPool: 'default' - CinderEqlxChapLogin: '' - CinderEqlxChapPassword: '' - CinderEqlxUseChap: false diff --git a/environments/cinder-scaleio-config.yaml b/environments/cinder-scaleio-config.yaml new file mode 100644 index 00000000..cebd619c --- /dev/null +++ b/environments/cinder-scaleio-config.yaml @@ -0,0 +1,35 @@ +# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# A Heat environment file which can be used to enable a +# a Cinder Dell EMC SacleIO backend, configured via puppet +resource_registry: + OS::TripleO::Services::CinderBackendScaleIO: ../puppet/services/cinder-backend-scaleio.yaml + +parameter_defaults: + CinderEnableScaleIOBackend: true + CinderScaleIOBackendName: 'tripleo_scaleio' + CinderScaleIOSanIp: '' + CinderScaleIOSanLogin: '' + CinderScaleIOSanPassword: '' + CinderScaleIORestServerPort: '443' + CinderScaleIOVerifyServerCertificate: false + CinderScaleIOServerCertificatePath: '' + CinderScaleIOProtectionDomainName: 'domain1' + CinderScaleIOStoragePoolName: 'pool1' + CinderScaleIOStoragePools: 'domain1:pool1' + CinderScaleIORoundVolumeCapacity: true + CinderScaleIOUnmapVolumeBeforeDeletion: false + CinderScaleIOMaxOverSubscriptionRatio: '' + CinderScaleIOSanThinProvision: true diff --git a/environments/collectd-environment.yaml b/environments/collectd-environment.yaml new file mode 100644 index 00000000..7780530c --- /dev/null +++ b/environments/collectd-environment.yaml @@ -0,0 +1,23 @@ +resource_registry: + OS::TripleO::Services::Collectd: ../puppet/services/metrics/collectd.yaml + +# parameter_defaults: +# +## You can specify additional plugins to load using the +## CollectdExtraPlugins key: +# +# CollectdExtraPlugins: +# - disk +# - df +# +## You can use ExtraConfig (or one of the related *ExtraConfig keys) +## to configure collectd. See the documentation for puppet-collectd at +## https://github.com/voxpupuli/puppet-collectd for details. +# +# ExtraConfig: +# collectd::plugin::disk::disks: +# - "/^[vhs]d[a-f][0-9]?$/" +# collectd::plugin::df::mountpoints: +# - "/" +# collectd::plugin::df::ignoreselected: false +# collectd::plugin::cpu::valuespercentage: true diff --git a/environments/contrail/contrail-net.yaml b/environments/contrail/contrail-net.yaml new file mode 100644 index 00000000..1e64f91d --- /dev/null +++ b/environments/contrail/contrail-net.yaml @@ -0,0 +1,26 @@ +resource_registry: + OS::TripleO::Compute::Net::SoftwareConfig: contrail-nic-config-compute.yaml + OS::TripleO::Controller::Net::SoftwareConfig: contrail-nic-config.yaml + OS::TripleO::ContrailController::Net::SoftwareConfig: contrail-nic-config.yaml + OS::TripleO::ContrailAnalytics::Net::SoftwareConfig: contrail-nic-config.yaml + OS::TripleO::ContrailAnalyticsDatabase::Net::SoftwareConfig: contrail-nic-config.yaml + OS::TripleO::ContrailTsn::Net::SoftwareConfig: contrail-nic-config-compute.yaml + +parameter_defaults: + ControlPlaneSubnetCidr: '24' + ControlPlaneDefaultRoute: 192.0.2.254 + InternalApiNetCidr: 10.0.0.0/24 + InternalApiAllocationPools: [{'start': '10.0.0.10', 'end': '10.0.0.200'}] + InternalApiDefaultRoute: 10.0.0.1 + ManagementNetCidr: 10.1.0.0/24 + ManagementAllocationPools: [{'start': '10.1.0.10', 'end': '10.1.0.200'}] + ManagementInterfaceDefaultRoute: 10.1.0.1 + ExternalNetCidr: 10.2.0.0/24 + ExternalAllocationPools: [{'start': '10.2.0.10', 'end': '10.2.0.200'}] + EC2MetadataIp: 192.0.2.1 # Generally the IP of the Undercloud + DnsServers: ["8.8.8.8","8.8.4.4"] + VrouterPhysicalInterface: eth1 + VrouterGateway: 10.0.0.1 + VrouterNetmask: 255.255.255.0 + ControlVirtualInterface: eth0 + PublicVirtualInterface: vlan10 diff --git a/environments/contrail/contrail-nic-config-compute.yaml b/environments/contrail/contrail-nic-config-compute.yaml new file mode 100644 index 00000000..3007638a --- /dev/null +++ b/environments/contrail/contrail-nic-config-compute.yaml @@ -0,0 +1,167 @@ +heat_template_version: ocata + +description: > + Software Config to drive os-net-config to configure multiple interfaces + for the compute role. This is an example for a Nova compute node using + Contrail vrouter and the vhost0 interface. + +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + InternalApiDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the internal api network. + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string + +resources: + OsNetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: + list_join: + - '/' + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - type: interface + name: nic2 + use_dhcp: false + - type: interface + name: vhost0 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + routes: + - default: true + next_hop: + get_param: InternalApiDefaultRoute + - type: linux_bridge + name: br0 + use_dhcp: false + members: + - type: interface + name: nic3 + - type: vlan + vlan_id: + get_param: ManagementNetworkVlanID + device: br0 + addresses: + - ip_netmask: + get_param: ManagementIpSubnet + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID + device: br0 + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: br0 + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: br0 + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: + get_resource: OsNetConfigImpl diff --git a/environments/contrail/contrail-services.yaml b/environments/contrail/contrail-services.yaml new file mode 100644 index 00000000..80ef9d3a --- /dev/null +++ b/environments/contrail/contrail-services.yaml @@ -0,0 +1,45 @@ +# A Heat environment file which can be used to enable OpenContrail +# # extensions, configured via puppet +resource_registry: + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginContrail + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::TripleO::Services::ComputeNeutronCorePluginContrail + OS::TripleO::NodeUserData: ../../firstboot/install_vrouter_kmod.yaml + OS::TripleO::Services::ContrailHeat: ../../puppet/services/network/contrail-heat.yaml + OS::TripleO::Services::ContrailAnalytics: ../../puppet/services/network/contrail-analytics.yaml + OS::TripleO::Services::ContrailAnalyticsDatabase: ../../puppet/services/network/contrail-analytics-database.yaml + OS::TripleO::Services::ContrailConfig: ../../puppet/services/network/contrail-config.yaml + OS::TripleO::Services::ContrailControl: ../../puppet/services/network/contrail-control.yaml + OS::TripleO::Services::ContrailDatabase: ../../puppet/services/network/contrail-database.yaml + OS::TripleO::Services::ContrailWebUI: ../../puppet/services/network/contrail-webui.yaml + OS::TripleO::Services::ContrailTsn: ../../puppet/services/network/contrail-tsn.yaml + OS::TripleO::Services::ComputeNeutronCorePluginContrail: ../../puppet/services/network/contrail-vrouter.yaml + OS::TripleO::Services::NeutronCorePluginContrail: ../../puppet/services/network/contrail-neutron-plugin.yaml +parameter_defaults: + ContrailRepo: http://192.168.24.1/contrail-3.2.0.0-19 + EnablePackageInstall: true +# ContrailConfigIfmapUserName: api-server +# ContrailConfigIfmapUserPassword: api-server + OvercloudControlFlavor: control + OvercloudContrailControllerFlavor: contrail-controller + OvercloudContrailAnalyticsFlavor: contrail-analytics + OvercloudContrailAnalyticsDatabaseFlavor: contrail-analytics-database + OvercloudContrailTsnFlavor: contrail-tsn + OvercloudComputeFlavor: compute + ControllerCount: 3 + ContrailControllerCount: 3 + ContrailAnalyticsCount: 3 + ContrailAnalyticsDatabaseCount: 3 + ContrailTsnCount: 1 + ComputeCount: 3 + DnsServers: ["8.8.8.8","8.8.4.4"] + NtpServer: 10.0.0.1 + NeutronCorePlugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2 + NeutronServicePlugins: '' + NeutronTunnelTypes: '' +# NeutronMetadataProxySharedSecret: +# ContrailControlRNDCSecret: # sda1/256 hmac key, e.g. echo -n "values" | openssl dgst -sha256 -hmac key -binary | base64 diff --git a/environments/contrail/roles_data_contrail.yaml b/environments/contrail/roles_data_contrail.yaml new file mode 100644 index 00000000..5f6c4691 --- /dev/null +++ b/environments/contrail/roles_data_contrail.yaml @@ -0,0 +1,237 @@ +# Specifies which roles (groups of nodes) will be deployed +# Note this is used as an input to the various *.j2.yaml +# jinja2 templates, so that they are converted into *.yaml +# during the plan creation (via a mistral action/workflow). +# +# The format is a list, with the following format: +# +# * name: (string) mandatory, name of the role, must be unique +# +# CountDefault: (number) optional, default number of nodes, defaults to 0 +# sets the default for the {{role.name}}Count parameter in overcloud.yaml +# +# HostnameFormatDefault: (string) optional default format string for hostname +# defaults to '%stackname%-{{role.name.lower()}}-%index%' +# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml +# +# disable_constraints: (boolean) optional, whether to disable Nova and Glance +# constraints for each role specified in the templates. +# +# upgrade_batch_size: (number): batch size for upgrades where tasks are +# specified by services to run in batches vs all nodes at once. +# This defaults to 1, but larger batches may be specified here. +# +# ServicesDefault: (list) optional default list of services to be deployed +# on the role, defaults to an empty list. Sets the default for the +# {{role.name}}Services parameter in overcloud.yaml + +- name: Controller # the 'primary' role goes first + CountDefault: 1 + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephMds + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephRbdMirror + - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::ContrailHeat + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::Redis + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaVncProxy + - OS::TripleO::Services::Ec2Api + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::OpenDaylightApi + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::Zaqar + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::CinderHPELeftHandISCSI + - OS::TripleO::Services::Etcd + - OS::TripleO::Services::AuditD + +- name: Compute + CountDefault: 1 + HostnameFormatDefault: '%stackname%-novacompute-%index%' + disable_upgrade_deployment: True + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::NeutronSriovAgent + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::AuditD + +- name: BlockStorage + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::BlockStorageCinderVolume + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::AuditD + +- name: ObjectStorage + disable_upgrade_deployment: True + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::AuditD + +- name: CephStorage + disable_upgrade_deployment: True + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::AuditD + +- name: ContrailController + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::ContrailConfig + - OS::TripleO::Services::ContrailControl + - OS::TripleO::Services::ContrailDatabase + - OS::TripleO::Services::ContrailWebUI + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + +- name: ContrailAnalytics + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::ContrailAnalytics + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + +- name: ContrailAnalyticsDatabase + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::ContrailAnalyticsDatabase + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + +- name: ContrailTsn + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::ContrailTsn + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient diff --git a/environments/enable_congress.yaml b/environments/enable_congress.yaml new file mode 100644 index 00000000..1eea7f5e --- /dev/null +++ b/environments/enable_congress.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::Congress: ../puppet/services/congress.yaml diff --git a/environments/enable_tacker.yaml b/environments/enable_tacker.yaml new file mode 100644 index 00000000..1f9eca01 --- /dev/null +++ b/environments/enable_tacker.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::Tacker: ../puppet/services/tacker.yaml diff --git a/environments/host-config-pre-network.j2.yaml b/environments/host-config-pre-network.j2.yaml index fe1302b5..c79e28b4 100644 --- a/environments/host-config-pre-network.j2.yaml +++ b/environments/host-config-pre-network.j2.yaml @@ -1,12 +1,12 @@ resource_registry: # Create the registry only for roles with the word "Compute" in it. Like ComputeOvsDpdk, ComputeSriov, etc., -{% for role in roles %} +{%- for role in roles -%} {% if "Compute" in role.name %} OS::TripleO::{{role.name}}::PreNetworkConfig: ../extraconfig/pre_network/{{role.name.lower()}}-host_config_and_reboot.yaml -{% endif %} +{%- endif -%} {% endfor %} -parameter_defaults: +#parameter_defaults: # Sample parameters for Compute and ComputeOvsDpdk roles #ComputeKernelArgs: "" #ComputeTunedProfileName: "" diff --git a/environments/major-upgrade-composable-steps.yaml b/environments/major-upgrade-composable-steps.yaml index 4283b212..44580b43 100644 --- a/environments/major-upgrade-composable-steps.yaml +++ b/environments/major-upgrade-composable-steps.yaml @@ -1,2 +1,4 @@ resource_registry: OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml +parameter_defaults: + UpgradeLevelNovaCompute: auto diff --git a/environments/major-upgrade-converge.yaml b/environments/major-upgrade-converge.yaml new file mode 100644 index 00000000..e3c0e531 --- /dev/null +++ b/environments/major-upgrade-converge.yaml @@ -0,0 +1,6 @@ +# Use this to reset any mappings only used for upgrades after the +# update of all nodes is completed +resource_registry: + OS::TripleO::PostDeploySteps: ../puppet/post.yaml +parameter_defaults: + UpgradeLevelNovaCompute: '' diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml index 3da560c8..7483bdbb 100644 --- a/environments/neutron-ml2-ovn.yaml +++ b/environments/neutron-ml2-ovn.yaml @@ -3,6 +3,7 @@ resource_registry: OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml # Disabling Neutron services that overlap with OVN @@ -12,11 +13,12 @@ resource_registry: parameter_defaults: NeutronMechanismDrivers: ovn - OVNSouthboundServerPort: 6642 - OVNNorthboundServerPort: 6641 - OVNDbConnectionTimeout: 60 OVNVifType: ovs OVNNeutronSyncMode: log OVNQosDriver: ovn-qos OVNTunnelEncapType: geneve NeutronEnableDHCPAgent: false + NeutronTypeDrivers: 'geneve,vxlan,vlan,flat' + NeutronNetworkType: 'geneve' + NeutronServicePlugins: 'qos,ovn-router' + NeutronVniRanges: ['1:65536', ] diff --git a/environments/neutron-opencontrail.yaml b/environments/neutron-opencontrail.yaml deleted file mode 100644 index 51575b86..00000000 --- a/environments/neutron-opencontrail.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# A Heat environment file which can be used to enable OpenContrail -# extensions, configured via puppet -resource_registry: - OS::TripleO::ComputeExtraConfigPre: ../puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml - OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None - OS::TripleO::Services::NeutronL3Agent: OS::Heat::None - OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None - OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None - OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None - # Override the NeutronCorePlugin to use Nuage - OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginOpencontrail - OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-opencontrail.yaml - -parameter_defaults: - NeutronCorePlugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2 - NeutronServicePlugins: neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2 - NeutronTunnelTypes: '' - - # required params: - #ContrailApiServerIp: - #ContrailExtensions: '' - - # optional params - # ContrailApiServerPort: 8082 - # ContrailMultiTenancy: false diff --git a/environments/neutron-sriov.yaml b/environments/neutron-sriov.yaml index 9b7e51f9..5e9e15e3 100755 --- a/environments/neutron-sriov.yaml +++ b/environments/neutron-sriov.yaml @@ -9,9 +9,6 @@ parameter_defaults: #NovaSchedulerDefaultFilters: ['RetryFilter','AvailabilityZoneFilter','RamFilter','ComputeFilter','ComputeCapabilitiesFilter','ImagePropertiesFilter','ServerGroupAntiAffinityFilter','ServerGroupAffinityFilter','PciPassthroughFilter'] #NovaSchedulerAvailableFilters: ["nova.scheduler.filters.all_filters","nova.scheduler.filters.pci_passthrough_filter.PciPassthroughFilter"] - # Provide the vendorid:productid of the VFs - #NeutronSupportedPCIVendorDevs: ['8086:154c','8086:10ca','8086:1520'] - #NeutronPhysicalDevMappings: "datacentre:ens20f2" # Number of VFs that needs to be configured for a physical interface diff --git a/environments/puppet-ceph.yaml b/environments/puppet-ceph.yaml new file mode 100644 index 00000000..57af540a --- /dev/null +++ b/environments/puppet-ceph.yaml @@ -0,0 +1,12 @@ +resource_registry: + OS::TripleO::Services::CephMon: ../puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: ../puppet/services/ceph-osd.yaml + OS::TripleO::Services::CephClient: ../puppet/services/ceph-client.yaml + +parameter_defaults: + CinderEnableIscsiBackend: false + CinderEnableRbdBackend: true + CinderBackupBackend: ceph + NovaEnableRbdBackend: true + GlanceBackend: rbd + GnocchiBackend: rbd diff --git a/environments/services/octavia.yaml b/environments/services/octavia.yaml new file mode 100644 index 00000000..24c57b8c --- /dev/null +++ b/environments/services/octavia.yaml @@ -0,0 +1,9 @@ +resource_registry: + OS::TripleO::Services::OctaviaApi: ../../puppet/services/octavia-api.yaml + OS::TripleO::Services::OctaviaHealthManager: ../../puppet/services/octavia-health-manager.yaml + OS::TripleO::Services::OctaviaHousekeeping: ../../puppet/services/octavia-housekeeping.yaml + OS::TripleO::Services::OctaviaWorker: ../../puppet/services/octavia-worker.yaml + +parameter_defaults: + NeutronServicePlugins: "qos,router,trunk,lbaasv2" + NeutronEnableForceMetadata: true diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index a02c479a..1b666c5b 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -17,6 +17,42 @@ parameter_defaults: CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} @@ -70,6 +106,9 @@ parameter_defaults: SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index bf4d4f41..7311a1f9 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -17,6 +17,42 @@ parameter_defaults: CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'} CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'} + CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} + CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} + ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'} @@ -70,6 +106,9 @@ parameter_defaults: SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} + TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'} + TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'} ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml index 6193dde5..e6608b57 100644 --- a/environments/tls-everywhere-endpoints-dns.yaml +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -17,6 +17,42 @@ parameter_defaults: CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'} CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'} + CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} + CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} + CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} + ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', + host: 'IP_ADDRESS'} + ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} + ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} + ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} + ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} + ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} + ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} @@ -70,6 +106,9 @@ parameter_defaults: SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'} + TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'} + TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'} ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} diff --git a/extraconfig/tasks/major_upgrade_block_storage.sh b/extraconfig/tasks/major_upgrade_block_storage.sh deleted file mode 100644 index 64c4457e..00000000 --- a/extraconfig/tasks/major_upgrade_block_storage.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -# -# This runs an upgrade of Cinder Block Storage nodes. -# -set -eu - -# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -special_case_ovs_upgrade_if_needed - -yum -y install python-zaqarclient # needed for os-collect-config -yum -y -q update diff --git a/extraconfig/tasks/major_upgrade_ceph_mon.sh b/extraconfig/tasks/major_upgrade_ceph_mon.sh deleted file mode 100755 index e0d160f1..00000000 --- a/extraconfig/tasks/major_upgrade_ceph_mon.sh +++ /dev/null @@ -1,82 +0,0 @@ -#!/bin/bash -set -eu -set -o pipefail - -echo INFO: starting $(basename "$0") - -# Exit if not running -if ! pidof ceph-mon &> /dev/null; then - echo INFO: ceph-mon is not running, skipping - exit 0 -fi - -# Exit if not Hammer -INSTALLED_VERSION=$(ceph --version | awk '{print $3}') -if ! [[ "$INSTALLED_VERSION" =~ ^0\.94.* ]]; then - echo INFO: version of Ceph installed is not 0.94, skipping - exit 0 -fi - -CEPH_STATUS=$(ceph health | awk '{print $1}') -if [ ${CEPH_STATUS} = HEALTH_ERR ]; then - echo ERROR: Ceph cluster status is HEALTH_ERR, cannot be upgraded - exit 1 -fi - -# Useful when upgrading with OSDs num < replica size -if [[ ${ignore_ceph_upgrade_warnings:-False} != [Tt]rue ]]; then - timeout 300 bash -c "while [ ${CEPH_STATUS} != HEALTH_OK ]; do - echo WARNING: Waiting for Ceph cluster status to go HEALTH_OK; - sleep 30; - CEPH_STATUS=$(ceph health | awk '{print $1}') - done" -fi - -MON_PID=$(pidof ceph-mon) -MON_ID=$(hostname -s) - -# Stop daemon using Hammer sysvinit script -service ceph stop mon.${MON_ID} - -# Ensure it's stopped -timeout 60 bash -c "while kill -0 ${MON_PID} 2> /dev/null; do - sleep 2; -done" - -# Update to Jewel -yum -y -q update ceph-mon ceph - -# Restart/Exit if not on Jewel, only in that case we need the changes -UPDATED_VERSION=$(ceph --version | awk '{print $3}') -if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then - echo WARNING: Ceph was not upgraded, restarting daemons - service ceph start mon.${MON_ID} -elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then - # RPM could own some of these but we can't take risks on the pre-existing files - for d in /var/lib/ceph/mon /var/log/ceph /var/run/ceph /etc/ceph; do - chown -L -R ceph:ceph $d || echo WARNING: chown of $d failed - done - - # Replay udev events with newer rules - udevadm trigger - - # Enable systemd unit - systemctl enable ceph-mon.target - systemctl enable ceph-mon@${MON_ID} - systemctl start ceph-mon@${MON_ID} - - # Wait for daemon to be back in the quorum - timeout 300 bash -c "until (ceph quorum_status | jq .quorum_names | grep -sq ${MON_ID}); do - echo WARNING: Waiting for mon.${MON_ID} to re-join quorum; - sleep 10; - done" - - # if tunables become legacy, cluster status will be HEALTH_WARN causing - # upgrade to fail on following node - ceph osd crush tunables default - - echo INFO: Ceph was upgraded to Jewel -else - echo ERROR: Ceph was upgraded to an unknown release, daemon is stopped, need manual intervention - exit 1 -fi diff --git a/extraconfig/tasks/major_upgrade_ceph_storage.sh b/extraconfig/tasks/major_upgrade_ceph_storage.sh deleted file mode 100644 index a745e723..00000000 --- a/extraconfig/tasks/major_upgrade_ceph_storage.sh +++ /dev/null @@ -1,106 +0,0 @@ -#!/bin/bash -# -# This delivers the ceph-storage upgrade script to be invoked as part of the tripleo -# major upgrade workflow. -# -set -eu -set -o pipefail - -UPGRADE_SCRIPT=/root/tripleo_upgrade_node.sh - -declare -f special_case_ovs_upgrade_if_needed > $UPGRADE_SCRIPT -# use >> here so we don't lose the declaration we added above -cat >> $UPGRADE_SCRIPT << 'ENDOFCAT' -#!/bin/bash -### DO NOT MODIFY THIS FILE -### This file is automatically delivered to the ceph-storage nodes as part of the -### tripleo upgrades workflow -set -eu - -echo INFO: starting $(basename "$0") - -# Exit if not running -if ! pidof ceph-osd &> /dev/null; then - echo INFO: ceph-osd is not running, skipping - exit 0 -fi - -# Exit if not Hammer -INSTALLED_VERSION=$(ceph --version | awk '{print $3}') -if ! [[ "$INSTALLED_VERSION" =~ ^0\.94.* ]]; then - echo INFO: version of Ceph installed is not 0.94, skipping - exit 0 -fi - -OSD_PIDS=$(pidof ceph-osd) -OSD_IDS=$(ls /var/lib/ceph/osd | awk 'BEGIN { FS = "-" } ; { print $2 }') - -# "so that mirrors aren't rebalanced as if the OSD died" - gfidente / leseb -ceph osd set noout -ceph osd set norebalance -ceph osd set nodeep-scrub -ceph osd set noscrub - -# Stop daemon using Hammer sysvinit script -for OSD_ID in $OSD_IDS; do - service ceph stop osd.${OSD_ID} -done - -# Nice guy will return non-0 only when all failed -timeout 60 bash -c "while kill -0 ${OSD_PIDS} 2> /dev/null; do - sleep 2; -done" - -special_case_ovs_upgrade_if_needed - -# Update (Ceph to Jewel) -yum -y install python-zaqarclient # needed for os-collect-config -yum -y update - -# Restart/Exit if not on Jewel, only in that case we need the changes -UPDATED_VERSION=$(ceph --version | awk '{print $3}') -if [[ "$UPDATED_VERSION" =~ ^0\.94.* ]]; then - echo WARNING: Ceph was not upgraded, restarting daemon - for OSD_ID in $OSD_IDS; do - service ceph start osd.${OSD_ID} - done -elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then - # RPM could own some of these but we can't take risks on the pre-existing files - for d in /var/lib/ceph/osd /var/log/ceph /var/run/ceph /etc/ceph; do - chown -L -R ceph:ceph $d || echo WARNING: chown of $d failed - done - - # Replay udev events with newer rules - udevadm trigger && udevadm settle - - # If on ext4, we need to enforce lower values for name and namespace len - # or ceph-osd will refuse to start, see: http://tracker.ceph.com/issues/16187 - for OSD_ID in $OSD_IDS; do - OSD_FS=$(df -l --output=fstype /var/lib/ceph/osd/ceph-${OSD_ID} | tail -n +2) - if [ ${OSD_FS} = ext4 ]; then - crudini --set /etc/ceph/ceph.conf global osd_max_object_name_len 256 - crudini --set /etc/ceph/ceph.conf global osd_max_object_namespace_len 64 - fi - done - - # Enable systemd unit - systemctl enable ceph-osd.target - for OSD_ID in $OSD_IDS; do - systemctl enable ceph-osd@${OSD_ID} - systemctl start ceph-osd@${OSD_ID} - done - - echo INFO: Ceph was upgraded to Jewel -else - echo ERROR: Ceph was upgraded to an unknown release, daemon is stopped, need manual intervention - exit 1 -fi - -ceph osd unset noout -ceph osd unset norebalance -ceph osd unset nodeep-scrub -ceph osd unset noscrub -ENDOFCAT - -# ensure the permissions are OK -chmod 0755 $UPGRADE_SCRIPT diff --git a/extraconfig/tasks/major_upgrade_compute.sh b/extraconfig/tasks/major_upgrade_compute.sh deleted file mode 100644 index 7a3e1073..00000000 --- a/extraconfig/tasks/major_upgrade_compute.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -# -# This delivers the compute upgrade script to be invoked as part of the tripleo -# major upgrade workflow. -# -set -eu - -UPGRADE_SCRIPT=/root/tripleo_upgrade_node.sh - -cat > $UPGRADE_SCRIPT << ENDOFCAT -### DO NOT MODIFY THIS FILE -### This file is automatically delivered to the compute nodes as part of the -### tripleo upgrades workflow - -set -eu - -# pin nova to kilo (messaging +-1) for the nova-compute service - -crudini --set /etc/nova/nova.conf upgrade_levels compute $upgrade_level_nova_compute - -$(declare -f special_case_ovs_upgrade_if_needed) -special_case_ovs_upgrade_if_needed - -yum -y install python-zaqarclient # needed for os-collect-config -yum -y update - -# Due to bug#1640177 we need to restart compute agent -echo "Restarting openstack ceilometer agent compute" -systemctl restart openstack-ceilometer-compute - -ENDOFCAT - -# ensure the permissions are OK -chmod 0755 $UPGRADE_SCRIPT - diff --git a/extraconfig/tasks/major_upgrade_object_storage.sh b/extraconfig/tasks/major_upgrade_object_storage.sh deleted file mode 100644 index d9d1b4d5..00000000 --- a/extraconfig/tasks/major_upgrade_object_storage.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# -# This delivers the swift-storage upgrade script to be invoked as part of the tripleo -# major upgrade workflow. -# -set -eu - -UPGRADE_SCRIPT=/root/tripleo_upgrade_node.sh - -cat > $UPGRADE_SCRIPT << ENDOFCAT -### DO NOT MODIFY THIS FILE -### This file is automatically delivered to the swift-storage nodes as part of the -### tripleo upgrades workflow - -set -eu - -function systemctl_swift { - action=\$1 - for S in openstack-swift-account-auditor openstack-swift-account-reaper openstack-swift-account-replicator openstack-swift-account \ - openstack-swift-container-auditor openstack-swift-container-replicator openstack-swift-container-updater openstack-swift-container \ - openstack-swift-object-auditor openstack-swift-object-replicator openstack-swift-object-updater openstack-swift-object; do - systemctl \$action \$S - done -} - -$(declare -f special_case_ovs_upgrade_if_needed) -special_case_ovs_upgrade_if_needed - -systemctl_swift stop - -yum -y install python-zaqarclient # needed for os-collect-config -yum -y update - -systemctl_swift start - - - -ENDOFCAT - -# ensure the permissions are OK -chmod 0755 $UPGRADE_SCRIPT - diff --git a/extraconfig/tasks/major_upgrade_pacemaker.yaml b/extraconfig/tasks/major_upgrade_pacemaker.yaml index b63aafbd..8c91027d 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker.yaml @@ -33,33 +33,6 @@ resources: # map_merge with input_values instead of feeding params into scripts # via str_replace on bash snippets - CephMonUpgradeConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - str_replace: - template: | - #!/bin/bash - ignore_ceph_upgrade_warnings='IGNORE_CEPH_UPGRADE_WARNINGS' - params: - IGNORE_CEPH_UPGRADE_WARNINGS: {get_param: IgnoreCephUpgradeWarnings} - - get_file: major_upgrade_ceph_mon.sh - - CephMonUpgradeDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: [servers, Controller]} - config: {get_resource: CephMonUpgradeConfig} - input_values: {get_param: input_values} - update_policy: - batch_create: - max_batch_size: 1 - rolling_update: - max_batch_size: 1 - ControllerPacemakerUpgradeConfig_Step1: type: OS::Heat::SoftwareConfig properties: @@ -86,30 +59,11 @@ resources: ControllerPacemakerUpgradeDeployment_Step1: type: OS::Heat::SoftwareDeploymentGroup - depends_on: CephMonUpgradeDeployment properties: servers: {get_param: [servers, Controller]} config: {get_resource: ControllerPacemakerUpgradeConfig_Step1} input_values: {get_param: input_values} - BlockStorageUpgradeConfig: - type: OS::Heat::SoftwareConfig - depends_on: ControllerPacemakerUpgradeDeployment_Step1 - properties: - group: script - config: - list_join: - - '' - - - get_file: pacemaker_common_functions.sh - - get_file: major_upgrade_block_storage.sh - - BlockStorageUpgradeDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: [servers, BlockStorage]} - config: {get_resource: BlockStorageUpgradeConfig} - input_values: {get_param: input_values} - ControllerPacemakerUpgradeConfig_Step2: type: OS::Heat::SoftwareConfig properties: @@ -136,7 +90,7 @@ resources: ControllerPacemakerUpgradeDeployment_Step2: type: OS::Heat::SoftwareDeploymentGroup - depends_on: BlockStorageUpgradeDeployment + depends_on: ControllerPacemakerUpgradeDeployment_Step1 properties: servers: {get_param: [servers, Controller]} config: {get_resource: ControllerPacemakerUpgradeConfig_Step2} diff --git a/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml b/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml deleted file mode 100644 index c308720b..00000000 --- a/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml +++ /dev/null @@ -1,96 +0,0 @@ -heat_template_version: ocata -description: 'Upgrade for Pacemaker deployments' - -parameters: - - servers: - type: json - input_values: - type: json - description: input values for the software deployments - - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - UpgradeLevelNovaCompute: - type: string - description: Nova Compute upgrade level - default: '' - -resources: - - # For the UpgradeInit also rename /etc/resolv.conf.save for +bug/1567004 - - UpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - - # TODO(jistr): for Mitaka->Newton upgrades and further we can use - # map_merge with input_values instead of feeding params into scripts - # via str_replace on bash snippets - - # FIXME(shardy) we have hard-coded per-role *ScriptConfig's here - # Would be better to have a common config for all roles - ComputeDeliverUpgradeScriptConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - str_replace: - template: | - #!/bin/bash - upgrade_level_nova_compute='UPGRADE_LEVEL_NOVA_COMPUTE' - params: - UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute} - - get_file: pacemaker_common_functions.sh - - get_file: major_upgrade_compute.sh - - ObjectStorageDeliverUpgradeScriptConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - get_file: pacemaker_common_functions.sh - - get_file: major_upgrade_object_storage.sh - - CephStorageDeliverUpgradeScriptConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - get_file: pacemaker_common_functions.sh - - get_file: major_upgrade_ceph_storage.sh - -{% for role in roles %} - UpgradeInit{{role.name}}Deployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: UpgradeInitConfig} - input_values: {get_param: input_values} - - {% if not role.name in ['Controller', 'BlockStorage'] %} - {{role.name}}DeliverUpgradeScriptDeployment: - type: OS::Heat::SoftwareDeploymentGroup - properties: - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}DeliverUpgradeScriptConfig} - input_values: {get_param: input_values} - {% endif %} -{% endfor %} diff --git a/extraconfig/tasks/tripleo_upgrade_node.sh b/extraconfig/tasks/tripleo_upgrade_node.sh new file mode 100644 index 00000000..27ba33a8 --- /dev/null +++ b/extraconfig/tasks/tripleo_upgrade_node.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# +# This delivers the operator driven upgrade script to be invoked as part of +# the tripleo major upgrade workflow. The utility 'upgrade-non-controller.sh' +# is used from the undercloud to invoke the /root/tripleo_upgrade_node.sh +# +set -eu + +UPGRADE_SCRIPT=/root/tripleo_upgrade_node.sh + +cat > $UPGRADE_SCRIPT << ENDOFCAT +### DO NOT MODIFY THIS FILE +### This file is automatically delivered to those nodes where the +### disable_upgrade_deployment flag is set in roles_data.yaml. + +set -eu +NOVA_COMPUTE="" +if systemctl show 'openstack-nova-compute' --property ActiveState | grep '\bactive\b'; then + NOVA_COMPUTE="true" +fi + +DEBUG="true" +SCRIPT_NAME=$(basename $0) +$(declare -f log_debug) +$(declare -f manage_systemd_service) +$(declare -f systemctl_swift) + +# pin nova messaging +-1 for the nova-compute service +if [[ -n \$NOVA_COMPUTE ]]; then + crudini --set /etc/nova/nova.conf upgrade_levels compute auto +fi + +$(declare -f special_case_ovs_upgrade_if_needed) +special_case_ovs_upgrade_if_needed + +yum -y install python-zaqarclient # needed for os-collect-config +systemctl_swift stop +yum -y update +systemctl_swift start + +# Due to bug#1640177 we need to restart compute agent +if [[ -n \$NOVA_COMPUTE ]]; then + echo "Restarting openstack ceilometer agent compute" + systemctl restart openstack-ceilometer-compute +fi + +# Apply puppet manifest to converge just right after the \$ROLE upgrade +puppet apply /root/${ROLE}_puppet_config.pp + +ENDOFCAT + +# ensure the permissions are OK +chmod 0755 $UPGRADE_SCRIPT + diff --git a/firstboot/install_vrouter_kmod.yaml b/firstboot/install_vrouter_kmod.yaml new file mode 100644 index 00000000..e936e605 --- /dev/null +++ b/firstboot/install_vrouter_kmod.yaml @@ -0,0 +1,105 @@ +heat_template_version: ocata + +parameters: + ContrailRepo: + type: string + default: http://192.168.24.1/contrail + VrouterPhysicalInterface: + default: 'eth0' + description: vRouter physical interface + type: string + +description: > + Prepares vhost0 interface to be used by os-net-config + +resources: + userdata: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: vrouter_module_config} + + vrouter_module_config: + type: OS::Heat::SoftwareConfig + properties: + config: + str_replace: + template: | + #!/bin/bash + sed -i '/\[main\]/a \ \ \ \ \parser = future' /etc/puppet/puppet.conf + cat <<EOF > /etc/yum.repos.d/contrail.repo + [Contrail] + name=Contrail Repo + baseurl=$contrail_repo + enabled=1 + gpgcheck=0 + protect=1 + EOF + if [[ `hostname |awk -F"-" '{print $2}'` == "novacompute" || `hostname |awk -F"-" '{print $2}'` == "contrailtsn" ]]; then + yum install -y contrail-vrouter-utils + function pkt_setup () { + for f in /sys/class/net/$1/queues/rx-* + do + q="$(echo $f | cut -d '-' -f2)" + r=$(($q%32)) + s=$(($q/32)) + ((mask=1<<$r)) + str=(`printf "%x" $mask`) + if [ $s -gt 0 ]; then + for ((i=0; i < $s; i++)) + do + str+=,00000000 + done + fi + echo $str > $f/rps_cpus + done + ifconfig $1 up + } + function insert_vrouter() { + insmod /tmp/vrouter.ko + if [ -f /sys/class/net/pkt1/queues/rx-0/rps_cpus ]; then + pkt_setup pkt1 + fi + if [ -f /sys/class/net/pkt2/queues/rx-0/rps_cpus ]; then + pkt_setup pkt2 + fi + if [ -f /sys/class/net/pkt3/queues/rx-0/rps_cpus ]; then + pkt_setup pkt3 + fi + DEV_MAC=$(cat /sys/class/net/$phy_int/address) + vif --create vhost0 --mac $DEV_MAC + vif --add $phy_int --mac $DEV_MAC --vrf 0 --vhost-phys --type physical + vif --add vhost0 --mac $DEV_MAC --vrf 0 --type vhost --xconnect $phy_int + ip link set vhost0 up + return 0 + } + yumdownloader contrail-vrouter --destdir /tmp + cd /tmp + rpm2cpio /tmp/contrail-vrouter*.rpm | cpio -idmv + cp `find /tmp/lib/modules -name vrouter.ko |tail -1` /tmp + insert_vrouter + if [[ `ifconfig $dev |grep "inet "` ]]; then + def_gw='' + if [[ `ip route show |grep default|grep $dev` ]]; then + def_gw=`ip route show |grep default|grep $dev|awk '{print $3}'` + fi + ip=`ifconfig $dev |grep "inet "|awk '{print $2}'` + mask=`ifconfig $dev |grep "inet "|awk '{print $4}'` + ip address delete $ip/$mask dev $dev + ip address add $ip/$mask dev vhost0 + if [[ $def_gw ]]; then + ip route add default via $def_gw + fi + fi + fi + params: + $phy_int: {get_param: VrouterPhysicalInterface} + $contrail_repo: {get_param: ContrailRepo} + +outputs: + # This means get_resource from the parent template will get the userdata, see: + # http://docs.openstack.org/developer/heat/template_guide/composition.html#making-your-template-resource-more-transparent + # Note this is new-for-kilo, an alternative is returning a value then using + # get_attr in the parent template instead. + OS::stack_id: + value: {get_resource: userdata} diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index 1b2f842c..277bd676 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -28,6 +28,87 @@ Ceilometer: net_param: CeilometerApi port: 8777 +ContrailConfig: + Internal: + net_param: ContrailConfig + Public: + net_param: Public + Admin: + net_param: ContrailConfig + port: 8082 + +ContrailDiscovery: + Internal: + net_param: ContrailConfig + Public: + net_param: Public + Admin: + net_param: ContrailConfig + port: 5998 + +ContrailAnalyticsCollectorHttp: + Internal: + net_param: ContrailAnalytics + Public: + net_param: Public + Admin: + net_param: ContrailAnalytics + port: 8089 + +ContrailAnalyticsApi: + Internal: + net_param: ContrailAnalytics + Public: + net_param: Public + Admin: + net_param: ContrailAnalytics + port: 8081 + +ContrailAnalyticsHttp: + Internal: + net_param: ContrailAnalytics + Public: + net_param: Public + Admin: + net_param: ContrailAnalytics + port: 8090 + +ContrailAnalyticsCollectorSandesh: + Internal: + net_param: ContrailAnalytics + Public: + net_param: Public + Admin: + net_param: ContrailAnalytics + port: 8086 + +ContrailAnalyticsRedis: + Internal: + net_param: ContrailAnalytics + Public: + net_param: Public + Admin: + net_param: ContrailAnalytics + port: 6379 + +ContrailWebuiHttp: + Internal: + net_param: ContrailConfig + Public: + net_param: Public + Admin: + net_param: ContrailConfig + port: 8080 + +ContrailWebuiHttps: + Internal: + net_param: ContrailConfig + Public: + net_param: Public + Admin: + net_param: ContrailConfig + port: 8143 + Ec2Api: Internal: net_param: Ec2Api @@ -76,6 +157,15 @@ Cinder: V3: /v3/%(tenant_id)s port: 8776 +Congress: + Internal: + net_param: CongressApi + Public: + net_param: Public + Admin: + net_param: CongressApi + port: 1789 + Glance: Internal: net_param: GlanceApi @@ -281,6 +371,15 @@ Sahara: '': /v1.1/%(tenant_id)s port: 8386 +Tacker: + Internal: + net_param: TackerApi + Public: + net_param: Public + Admin: + net_param: TackerApi + port: 9890 + Ironic: Internal: net_param: IronicApi diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index 2d60df8b..fecac0af 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -34,6 +34,42 @@ parameters: CinderAdmin: {protocol: http, port: '8776', host: IP_ADDRESS} CinderInternal: {protocol: http, port: '8776', host: IP_ADDRESS} CinderPublic: {protocol: http, port: '8776', host: IP_ADDRESS} + CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS} + CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS} + CongressPublic: {protocol: http, port: '1789', host: IP_ADDRESS} + ContrailAnalyticsApiAdmin: {protocol: http, port: '8081', host: IP_ADDRESS} + ContrailAnalyticsApiInternal: {protocol: http, port: '8081', host: IP_ADDRESS} + ContrailAnalyticsApiPublic: {protocol: http, port: '8081', host: IP_ADDRESS} + ContrailAnalyticsCollectorHttpAdmin: {protocol: http, port: '8089', + host: IP_ADDRESS} + ContrailAnalyticsCollectorHttpInternal: {protocol: http, port: '8089', + host: IP_ADDRESS} + ContrailAnalyticsCollectorHttpPublic: {protocol: http, port: '8089', + host: IP_ADDRESS} + ContrailAnalyticsCollectorSandeshAdmin: {protocol: http, port: '8086', + host: IP_ADDRESS} + ContrailAnalyticsCollectorSandeshInternal: {protocol: http, port: '8086', + host: IP_ADDRESS} + ContrailAnalyticsCollectorSandeshPublic: {protocol: http, port: '8086', + host: IP_ADDRESS} + ContrailAnalyticsHttpAdmin: {protocol: http, port: '8090', host: IP_ADDRESS} + ContrailAnalyticsHttpInternal: {protocol: http, port: '8090', host: IP_ADDRESS} + ContrailAnalyticsHttpPublic: {protocol: http, port: '8090', host: IP_ADDRESS} + ContrailAnalyticsRedisAdmin: {protocol: http, port: '6379', host: IP_ADDRESS} + ContrailAnalyticsRedisInternal: {protocol: http, port: '6379', host: IP_ADDRESS} + ContrailAnalyticsRedisPublic: {protocol: http, port: '6379', host: IP_ADDRESS} + ContrailConfigAdmin: {protocol: http, port: '8082', host: IP_ADDRESS} + ContrailConfigInternal: {protocol: http, port: '8082', host: IP_ADDRESS} + ContrailConfigPublic: {protocol: http, port: '8082', host: IP_ADDRESS} + ContrailDiscoveryAdmin: {protocol: http, port: '5998', host: IP_ADDRESS} + ContrailDiscoveryInternal: {protocol: http, port: '5998', host: IP_ADDRESS} + ContrailDiscoveryPublic: {protocol: http, port: '5998', host: IP_ADDRESS} + ContrailWebuiHttpAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} + ContrailWebuiHttpInternal: {protocol: http, port: '8080', host: IP_ADDRESS} + ContrailWebuiHttpPublic: {protocol: http, port: '8080', host: IP_ADDRESS} + ContrailWebuiHttpsAdmin: {protocol: http, port: '8143', host: IP_ADDRESS} + ContrailWebuiHttpsInternal: {protocol: http, port: '8143', host: IP_ADDRESS} + ContrailWebuiHttpsPublic: {protocol: http, port: '8143', host: IP_ADDRESS} Ec2ApiAdmin: {protocol: http, port: '8788', host: IP_ADDRESS} Ec2ApiInternal: {protocol: http, port: '8788', host: IP_ADDRESS} Ec2ApiPublic: {protocol: http, port: '8788', host: IP_ADDRESS} @@ -87,6 +123,9 @@ parameters: SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS} + TackerAdmin: {protocol: http, port: '9890', host: IP_ADDRESS} + TackerInternal: {protocol: http, port: '9890', host: IP_ADDRESS} + TackerPublic: {protocol: http, port: '9890', host: IP_ADDRESS} ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS} ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS} ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS} @@ -1816,6 +1855,2532 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, CinderPublic, port] + CongressAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, CongressAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CongressApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CongressApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CongressAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CongressApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, CongressApiNetwork] + port: + get_param: [EndpointMap, CongressAdmin, port] + protocol: + get_param: [EndpointMap, CongressAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, CongressAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CongressAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CongressApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CongressApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CongressAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, CongressAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CongressAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CongressApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CongressApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CongressAdmin, port] + CongressInternal: + host: + str_replace: + template: + get_param: [EndpointMap, CongressInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CongressApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CongressApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CongressInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CongressApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, CongressApiNetwork] + port: + get_param: [EndpointMap, CongressInternal, port] + protocol: + get_param: [EndpointMap, CongressInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, CongressInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CongressInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CongressApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CongressApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CongressInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, CongressInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CongressInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, CongressApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, CongressApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CongressInternal, port] + CongressPublic: + host: + str_replace: + template: + get_param: [EndpointMap, CongressPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, CongressPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, CongressPublic, port] + protocol: + get_param: [EndpointMap, CongressPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, CongressPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CongressPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CongressPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, CongressPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, CongressPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, CongressPublic, port] + ContrailAnalyticsApiAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsApiAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsApiAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + port: + get_param: [EndpointMap, ContrailAnalyticsApiAdmin, port] + protocol: + get_param: [EndpointMap, ContrailAnalyticsApiAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsApiAdmin, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsApiAdmin, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, port] + ContrailAnalyticsApiInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsApiInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsApiInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + port: + get_param: [EndpointMap, ContrailAnalyticsApiInternal, port] + protocol: + get_param: [EndpointMap, ContrailAnalyticsApiInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsApiInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsApiInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsApiInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsApiInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsApiInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsApiInternal, port] + ContrailAnalyticsApiPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsApiPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsApiPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ContrailAnalyticsApiPublic, port] + protocol: + get_param: [EndpointMap, ContrailAnalyticsApiPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsApiPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsApiPublic, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsApiPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsApiPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsApiPublic, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsApiPublic, port] + ContrailAnalyticsCollectorHttpAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + port: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, + port] + protocol: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, + protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, + protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, + port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, + protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, + port] + ContrailAnalyticsCollectorHttpInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + port: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, + port] + protocol: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, + protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, + protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, + port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, + protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, + port] + ContrailAnalyticsCollectorHttpPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, + port] + protocol: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, + protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, + protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, + port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, + protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, + port] + ContrailAnalyticsCollectorSandeshAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + port: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, + port] + protocol: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, + protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, + protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, + port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, + protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, + port] + ContrailAnalyticsCollectorSandeshInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + port: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, + port] + protocol: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, + protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, + protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, + port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, + protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, + port] + ContrailAnalyticsCollectorSandeshPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, + port] + protocol: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, + protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, + protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, + port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, + protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, + port] + ContrailAnalyticsHttpAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + port: + get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, port] + protocol: + get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, port] + ContrailAnalyticsHttpInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsHttpInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsHttpInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + port: + get_param: [EndpointMap, ContrailAnalyticsHttpInternal, port] + protocol: + get_param: [EndpointMap, ContrailAnalyticsHttpInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, + protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsHttpInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, + port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, + protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsHttpInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, + port] + ContrailAnalyticsHttpPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsHttpPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsHttpPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ContrailAnalyticsHttpPublic, port] + protocol: + get_param: [EndpointMap, ContrailAnalyticsHttpPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsHttpPublic, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsHttpPublic, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, port] + ContrailAnalyticsRedisAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + port: + get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, port] + protocol: + get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, port] + ContrailAnalyticsRedisInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsRedisInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsRedisInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + port: + get_param: [EndpointMap, ContrailAnalyticsRedisInternal, port] + protocol: + get_param: [EndpointMap, ContrailAnalyticsRedisInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, + protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsRedisInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, + port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, + protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsRedisInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailAnalyticsNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, + port] + ContrailAnalyticsRedisPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsRedisPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsRedisPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ContrailAnalyticsRedisPublic, port] + protocol: + get_param: [EndpointMap, ContrailAnalyticsRedisPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsRedisPublic, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailAnalyticsRedisPublic, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, port] + ContrailConfigAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailConfigAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailConfigAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailConfigNetwork] + port: + get_param: [EndpointMap, ContrailConfigAdmin, port] + protocol: + get_param: [EndpointMap, ContrailConfigAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailConfigAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailConfigAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailConfigAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailConfigAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailConfigAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailConfigAdmin, port] + ContrailConfigInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailConfigInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailConfigInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailConfigNetwork] + port: + get_param: [EndpointMap, ContrailConfigInternal, port] + protocol: + get_param: [EndpointMap, ContrailConfigInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailConfigInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailConfigInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailConfigInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailConfigInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailConfigInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailConfigInternal, port] + ContrailConfigPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailConfigPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailConfigPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ContrailConfigPublic, port] + protocol: + get_param: [EndpointMap, ContrailConfigPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailConfigPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailConfigPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailConfigPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailConfigPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailConfigPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailConfigPublic, port] + ContrailDiscoveryAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailDiscoveryAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailDiscoveryAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailConfigNetwork] + port: + get_param: [EndpointMap, ContrailDiscoveryAdmin, port] + protocol: + get_param: [EndpointMap, ContrailDiscoveryAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailDiscoveryAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailDiscoveryAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailDiscoveryAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailDiscoveryAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailDiscoveryAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailDiscoveryAdmin, port] + ContrailDiscoveryInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailDiscoveryInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailDiscoveryInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailConfigNetwork] + port: + get_param: [EndpointMap, ContrailDiscoveryInternal, port] + protocol: + get_param: [EndpointMap, ContrailDiscoveryInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailDiscoveryInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailDiscoveryInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailDiscoveryInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailDiscoveryInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailDiscoveryInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailDiscoveryInternal, port] + ContrailDiscoveryPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailDiscoveryPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailDiscoveryPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ContrailDiscoveryPublic, port] + protocol: + get_param: [EndpointMap, ContrailDiscoveryPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailDiscoveryPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailDiscoveryPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailDiscoveryPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailDiscoveryPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailDiscoveryPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailDiscoveryPublic, port] + ContrailWebuiHttpAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailConfigNetwork] + port: + get_param: [EndpointMap, ContrailWebuiHttpAdmin, port] + protocol: + get_param: [EndpointMap, ContrailWebuiHttpAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailWebuiHttpAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailWebuiHttpAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailWebuiHttpAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailWebuiHttpAdmin, port] + ContrailWebuiHttpInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailConfigNetwork] + port: + get_param: [EndpointMap, ContrailWebuiHttpInternal, port] + protocol: + get_param: [EndpointMap, ContrailWebuiHttpInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailWebuiHttpInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailWebuiHttpInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailWebuiHttpInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailWebuiHttpInternal, port] + ContrailWebuiHttpPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ContrailWebuiHttpPublic, port] + protocol: + get_param: [EndpointMap, ContrailWebuiHttpPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailWebuiHttpPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailWebuiHttpPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailWebuiHttpPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailWebuiHttpPublic, port] + ContrailWebuiHttpsAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpsAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpsAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailConfigNetwork] + port: + get_param: [EndpointMap, ContrailWebuiHttpsAdmin, port] + protocol: + get_param: [EndpointMap, ContrailWebuiHttpsAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpsAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpsAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, port] + ContrailWebuiHttpsInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpsInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpsInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ContrailConfigNetwork] + port: + get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] + protocol: + get_param: [EndpointMap, ContrailWebuiHttpsInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailWebuiHttpsInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpsInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailWebuiHttpsInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpsInternal, + host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ContrailConfigNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ContrailConfigNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] + ContrailWebuiHttpsPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpsPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpsPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ContrailWebuiHttpsPublic, port] + protocol: + get_param: [EndpointMap, ContrailWebuiHttpsPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ContrailWebuiHttpsPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpsPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailWebuiHttpsPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ContrailWebuiHttpsPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ContrailWebuiHttpsPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ContrailWebuiHttpsPublic, port] Ec2ApiAdmin: host: str_replace: @@ -6956,6 +9521,249 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftPublic, port] + TackerAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, TackerAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, TackerApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, TackerApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, TackerAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, TackerApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, TackerApiNetwork] + port: + get_param: [EndpointMap, TackerAdmin, port] + protocol: + get_param: [EndpointMap, TackerAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, TackerAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, TackerAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, TackerApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, TackerApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, TackerAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, TackerAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, TackerAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, TackerApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, TackerApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, TackerAdmin, port] + TackerInternal: + host: + str_replace: + template: + get_param: [EndpointMap, TackerInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, TackerApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, TackerApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, TackerInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, TackerApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, TackerApiNetwork] + port: + get_param: [EndpointMap, TackerInternal, port] + protocol: + get_param: [EndpointMap, TackerInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, TackerInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, TackerInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, TackerApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, TackerApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, TackerInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, TackerInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, TackerInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, TackerApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, TackerApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, TackerInternal, port] + TackerPublic: + host: + str_replace: + template: + get_param: [EndpointMap, TackerPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, TackerPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, TackerPublic, port] + protocol: + get_param: [EndpointMap, TackerPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, TackerPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, TackerPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, TackerPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, TackerPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, TackerPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, TackerPublic, port] ZaqarAdmin: host: str_replace: diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index b2562c79..a1042ebb 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -27,6 +27,13 @@ parameters: ApacheNetwork: internal_api NeutronTenantNetwork: tenant CeilometerApiNetwork: internal_api + ContrailAnalyticsNetwork: internal_api + ContrailAnalyticsDatabaseNetwork: internal_api + ContrailConfigNetwork: internal_api + ContrailControlNetwork: internal_api + ContrailDatabaseNetwork: internal_api + ContrailWebuiNetwork: internal_api + ContrailTsnNetwork: internal_api AodhApiNetwork: internal_api PankoApiNetwork: internal_api BarbicanApiNetwork: internal_api @@ -34,6 +41,7 @@ parameters: MongodbNetwork: internal_api CinderApiNetwork: internal_api CinderIscsiNetwork: storage + CongressApiNetwork: internal_api GlanceApiNetwork: storage IronicApiNetwork: ctlplane IronicNetwork: ctlplane @@ -52,6 +60,7 @@ parameters: NovaLibvirtNetwork: internal_api Ec2ApiNetwork: internal_api Ec2ApiMetadataNetwork: internal_api + TackerApiNetwork: internal_api SwiftStorageNetwork: storage_mgmt SwiftProxyNetwork: storage SaharaApiNetwork: internal_api diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 3dd16b05..f2eb5267 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -132,6 +132,7 @@ resource_registry: OS::TripleO::Services::CinderScheduler: puppet/services/cinder-scheduler.yaml OS::TripleO::Services::CinderVolume: puppet/services/cinder-volume.yaml OS::TripleO::Services::BlockStorageCinderVolume: puppet/services/cinder-volume.yaml + OS::TripleO::Services::Congress: OS::Heat::None OS::TripleO::Services::Keystone: puppet/services/keystone.yaml OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml OS::TripleO::Services::GlanceRegistry: puppet/services/disabled/glance-registry.yaml @@ -157,7 +158,6 @@ resource_registry: OS::TripleO::Services::NeutronCorePluginML2OVN: puppet/services/neutron-plugin-ml2-ovn.yaml OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml - OS::TripleO::Services::NeutronCorePluginOpencontrail: puppet/services/neutron-plugin-opencontrail.yaml OS::TripleO::Services::OVNDBs: OS::Heat::None OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml @@ -191,6 +191,7 @@ resource_registry: OS::TripleO::Services::SwiftStorage: puppet/services/swift-storage.yaml OS::TripleO::Services::SwiftRingBuilder: puppet/services/swift-ringbuilder.yaml OS::TripleO::Services::Snmp: puppet/services/snmp.yaml + OS::TripleO::Services::Tacker: OS::Heat::None OS::TripleO::Services::Timezone: puppet/services/time/timezone.yaml OS::TripleO::Services::CeilometerApi: puppet/services/ceilometer-api.yaml OS::TripleO::Services::CeilometerCollector: puppet/services/ceilometer-collector.yaml @@ -205,6 +206,7 @@ resource_registry: OS::TripleO::Services::GnocchiStatsd: puppet/services/gnocchi-statsd.yaml # Services that are disabled by default (use relevant environment files): OS::TripleO::Services::FluentdClient: OS::Heat::None + OS::TripleO::Services::Collectd: OS::Heat::None OS::TripleO::LoggingConfiguration: puppet/services/logging/fluentd-config.yaml OS::TripleO::Services::ManilaApi: OS::Heat::None OS::TripleO::Services::ManilaScheduler: OS::Heat::None @@ -231,11 +233,6 @@ resource_registry: OS::TripleO::Services::OpenDaylightApi: OS::Heat::None OS::TripleO::Services::OpenDaylightOvs: OS::Heat::None OS::TripleO::Services::SensuClient: OS::Heat::None - OS::TripleO::Services::ContrailAnalytics: puppet/services/network/contrail-analytics.yaml - OS::TripleO::Services::ContrailConfig: puppet/services/network/contrail-config.yaml - OS::TripleO::Services::ContrailControl: puppet/services/network/contrail-control.yaml - OS::TripleO::Services::ContrailDatabase: puppet/services/network/contrail-database.yaml - OS::TripleO::Services::ContrailWebui: puppet/services/network/contrail-webui.yaml OS::TripleO::Services::TLSProxyBase: OS::Heat::None OS::TripleO::Services::Zaqar: OS::Heat::None OS::TripleO::Services::NeutronML2FujitsuCfab: OS::Heat::None @@ -244,6 +241,10 @@ resource_registry: OS::TripleO::Services::Etcd: OS::Heat::None OS::TripleO::Services::Ec2Api: OS::Heat::None OS::TripleO::Services::AuditD: OS::Heat::None + OS::TripleO::Services::OctaviaApi: OS::Heat::None + OS::TripleO::Services::OctaviaHealthManager: OS::Heat::None + OS::TripleO::Services::OctaviaHousekeeping: OS::Heat::None + OS::TripleO::Services::OctaviaWorker: OS::Heat::None parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index dea748ed..5b2ca4a2 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -610,6 +610,7 @@ resources: {% for role in roles %} {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]} {% endfor %} + EndpointMap: {get_attr: [EndpointMap, endpoint_map]} role_data: {% for role in roles %} {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 9e35af5f..d3268ee2 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -458,9 +458,7 @@ resources: - all_nodes # provided by allNodesConfig - vip_data # provided by allNodesConfig - '"%{::osfamily}"' - - cinder_dellsc_data # Optionally provided by ControllerExtraConfigPre - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre - - cinder_eqlx_data # Optionally provided by ControllerExtraConfigPre - neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre - neutron_cisco_data # Optionally provided by ControllerExtraConfigPre - cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml deleted file mode 100644 index 66252f1f..00000000 --- a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml +++ /dev/null @@ -1,59 +0,0 @@ -heat_template_version: ocata - -description: Compute node hieradata for Neutron OpenContrail configuration - -parameters: - server: - description: ID of the compute node to apply this config to - type: string - ContrailApiServerIp: - description: IP address of the OpenContrail API server - type: string - ContrailApiServerPort: - description: Port of the OpenContrail API - type: string - default: 8082 - -resources: - ComputeContrailConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - neutron_opencontrail_data: - mapped_data: - nova::network::neutron::network_api_class: nova.network.neutronv2.api.API - - contrail::vrouter::provision_vrouter::api_address: {get_input: contrail_api_server_ip} - contrail::vrouter::provision_vrouter::api_port: {get_input: contrail_api_server_port} - contrail::vrouter::provision_vrouter::keystone_admin_user: admin - contrail::vrouter::provision_vrouter::keystone_admin_tenant_name: admin - contrail::vrouter::provision_vrouter::keystone_admin_password: '"%{::admin_password}"' - - contrail::vnc_api::vnc_api_config: - 'auth/AUTHN_TYPE': - value: keystone - 'auth/AUTHN_PROTOCOL': - value: http - 'auth/AUTHN_SERVER': - value: "%{hiera('keystone_admin_api_vip')}" - 'auth/AUTHN_PORT': - value: 35357 - 'auth/AUTHN_URL': - value: '/v2.0/tokens' - - ComputeContrailDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: ComputeContrailConfig} - server: {get_param: server} - input_values: - contrail_api_server_ip: {get_param: ContrailApiServerIp} - contrail_api_server_port: {get_param: ContrailApiServerPort} - -outputs: - deploy_stdout: - description: Output of the extra hiera data deployment - value: {get_attr: [ComputeContrailDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml deleted file mode 100644 index 7d639883..00000000 --- a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml +++ /dev/null @@ -1,87 +0,0 @@ -heat_template_version: ocata - -description: Configure hieradata for Cinder Dell Storage Center configuration - -parameters: - server: - description: ID of the controller node to apply this config to - type: string - - # Config specific parameters, to be provided via parameter_defaults - CinderEnableDellScBackend: - type: boolean - default: true - CinderDellScBackendName: - type: string - default: 'tripleo_dellsc' - CinderDellScSanIp: - type: string - CinderDellScSanLogin: - type: string - default: 'Admin' - CinderDellScSanPassword: - type: string - hidden: true - CinderDellScSsn: - type: string - default: '64702' - CinderDellScIscsiIpAddress: - type: string - default: '' - CinderDellScIscsiPort: - type: string - default: '3260' - CinderDellScApiPort: - type: string - default: '3033' - CinderDellScServerFolder: - type: string - default: 'dellsc_server' - CinderDellScVolumeFolder: - type: string - default: 'dellsc_volume' - -resources: - CinderDellScConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - cinder_dellsc_data: - mapped_data: - tripleo::profile::base::cinder::volume::cinder_enable_dellsc_backend: {get_input: EnableDellScBackend} - cinder::backend::dellsc_iscsi::volume_backend_name: {get_input: DellScBackendName} - cinder::backend::dellsc_iscsi::san_ip: {get_input: DellScSanIp} - cinder::backend::dellsc_iscsi::san_login: {get_input: DellScSanLogin} - cinder::backend::dellsc_iscsi::san_password: {get_input: DellScSanPassword} - cinder::backend::dellsc_iscsi::dell_sc_ssn: {get_input: DellScSsn} - cinder::backend::dellsc_iscsi::iscsi_ip_address: {get_input: DellScIscsiIpAddress} - cinder::backend::dellsc_iscsi::iscsi_port: {get_input: DellScIscsiPort} - cinder::backend::dellsc_iscsi::dell_sc_api_port: {get_input: DellScApiPort} - cinder::backend::dellsc_iscsi::dell_sc_server_folder: {get_input: DellScServerFolder} - cinder::backend::dellsc_iscsi::dell_sc_volume_folder: {get_input: DellScVolumeFolder} - - CinderDellScDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: CinderDellScConfig} - server: {get_param: server} - input_values: - EnableDellScBackend: {get_param: CinderEnableDellScBackend} - DellScBackendName: {get_param: CinderDellScBackendName} - DellScSanIp: {get_param: CinderDellScSanIp} - DellScSanLogin: {get_param: CinderDellScSanLogin} - DellScSanPassword: {get_param: CinderDellScSanPassword} - DellScSsn: {get_param: CinderDellScSsn} - DellScIscsiIpAddress: {get_param: CinderDellScIscsiIpAddress} - DellScIscsiPort: {get_param: CinderDellScIscsiPort} - DellScApiPort: {get_param: CinderDellScApiPort} - DellScServerFolder: {get_param: CinderDellScServerFolder} - DellScVolumeFolder: {get_param: CinderDellScVolumeFolder} - -outputs: - deploy_stdout: - description: Deployment reference, used to trigger puppet apply on changes - value: {get_attr: [CinderDellScDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml deleted file mode 100644 index 30509044..00000000 --- a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml +++ /dev/null @@ -1,86 +0,0 @@ -heat_template_version: ocata - -description: Configure hieradata for Cinder Eqlx configuration - -parameters: - server: - description: ID of the controller node to apply this config to - type: string - - # Config specific parameters, to be provided via parameter_defaults - CinderEnableEqlxBackend: - type: boolean - default: true - CinderEqlxBackendName: - type: string - default: 'tripleo_eqlx' - CinderEqlxSanIp: - type: string - CinderEqlxSanLogin: - type: string - CinderEqlxSanPassword: - type: string - hidden: true - CinderEqlxSanThinProvision: - type: boolean - default: true - CinderEqlxGroupname: - type: string - default: 'group-0' - CinderEqlxPool: - type: string - default: 'default' - CinderEqlxChapLogin: - type: string - default: '' - CinderEqlxChapPassword: - type: string - default: '' - CinderEqlxUseChap: - type: boolean - default: false - -resources: - CinderEqlxConfig: - type: OS::Heat::StructuredConfig - properties: - group: os-apply-config - config: - hiera: - datafiles: - cinder_eqlx_data: - mapped_data: - tripleo::profile::base::cinder::volume::cinder_enable_eqlx_backend: {get_input: EnableEqlxBackend} - cinder::backend::eqlx::volume_backend_name: {get_input: EqlxBackendName} - cinder::backend::eqlx::san_ip: {get_input: EqlxSanIp} - cinder::backend::eqlx::san_login: {get_input: EqlxSanLogin} - cinder::backend::eqlx::san_password: {get_input: EqlxSanPassword} - cinder::backend::eqlx::san_thin_provision: {get_input: EqlxSanThinProvision} - cinder::backend::eqlx::eqlx_group_name: {get_input: EqlxGroupname} - cinder::backend::eqlx::eqlx_pool: {get_input: EqlxPool} - cinder::backend::eqlx::eqlx_use_chap: {get_input: EqlxUseChap} - cinder::backend::eqlx::eqlx_chap_login: {get_input: EqlxChapLogin} - cinder::backend::eqlx::eqlx_chap_password: {get_input: EqlxChapPassword} - - CinderEqlxDeployment: - type: OS::Heat::StructuredDeployment - properties: - config: {get_resource: CinderEqlxConfig} - server: {get_param: server} - input_values: - EnableEqlxBackend: {get_param: CinderEnableEqlxBackend} - EqlxBackendName: {get_param: CinderEqlxBackendName} - EqlxSanIp: {get_param: CinderEqlxSanIp} - EqlxSanLogin: {get_param: CinderEqlxSanLogin} - EqlxSanPassword: {get_param: CinderEqlxSanPassword} - EqlxSanThinProvision: {get_param: CinderEqlxSanThinProvision} - EqlxGroupname: {get_param: CinderEqlxGroupname} - EqlxPool: {get_param: CinderEqlxPool} - EqlxUseChap: {get_param: CinderEqlxUseChap} - EqlxChapLogin: {get_param: CinderEqlxChapLogin} - EqlxChapPassword: {get_param: CinderEqlxChapPassword} - -outputs: - deploy_stdout: - description: Deployment reference, used to trigger puppet apply on changes - value: {get_attr: [CinderEqlxDeployment, deploy_stdout]} diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index b879fafa..3362a01f 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -1,6 +1,7 @@ {% set enabled_roles = roles|rejectattr('disable_upgrade_deployment')|list -%} {% set batch_upgrade_steps_max = 3 -%} {% set upgrade_steps_max = 6 -%} +{% set deliver_script = {'deliver': False} -%} heat_template_version: ocata description: 'Upgrade steps for all roles' @@ -17,6 +18,19 @@ parameters: description: > Setting to a previously unused value during stack-update will trigger the Upgrade resources to re-run on all roles. + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + NovaPassword: + description: The password for the nova service and db account, used by nova-api. + type: string + hidden: true conditions: # Conditions to disable any steps where the task list is empty @@ -35,6 +49,45 @@ conditions: resources: +{% for role in roles if role.disable_upgrade_deployment|default(false) %} + {{role.name}}DeliverUpgradeScriptConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "set -eu\n\n" + - "if hiera -c /etc/puppet/hiera.yaml service_names | grep nova_compute ; then\n\n" + - " crudini --set /etc/nova/nova.conf placement auth_type password\n\n" + - " crudini --set /etc/nova/nova.conf placement username placement\n\n" + - " crudini --set /etc/nova/nova.conf placement project_domain_name Default\n\n" + - " crudini --set /etc/nova/nova.conf placement user_domain_name Default\n\n" + - " crudini --set /etc/nova/nova.conf placement project_name service\n\n" + - " systemctl restart openstack-nova-compute\n\n" + - "fi\n\n" + - str_replace: + template: | + crudini --set /etc/nova/nova.conf placement password 'SERVICE_PASSWORD' + crudini --set /etc/nova/nova.conf placement region_name 'REGION_NAME' + crudini --set /etc/nova/nova.conf placement auth_url 'AUTH_URL' + ROLE='ROLE_NAME' + params: + SERVICE_PASSWORD: { get_param: NovaPassword } + REGION_NAME: { get_param: KeystoneRegion } + AUTH_URL: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + ROLE_NAME: {{role.name}} + - get_file: ../extraconfig/tasks/pacemaker_common_functions.sh + - get_file: ../extraconfig/tasks/tripleo_upgrade_node.sh + + {{role.name}}DeliverUpgradeScriptDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}DeliverUpgradeScriptConfig} +{% endfor %} + # Upgrade Steps for all roles, batched updates # The UpgradeConfig resources could actually be created without # serialization, but the event output is easier to follow if we @@ -46,11 +99,22 @@ resources: {{role.name}}UpgradeBatchConfig_Step{{step}}: type: OS::TripleO::UpgradeConfig {%- if step > 0 %} + condition: {{role.name}}UpgradeBatchConfigEnabled + {% if role.name in enabled_roles %} depends_on: - {%- for dep in enabled_roles %} - - {{dep.name}}UpgradeBatch_Step{{step -1}} - {%- endfor %} - {%- endif %} + - {{role.name}}UpgradeBatch_Step{{step -1}} + {%- endif %} + {% else %} + {% for role in roles if role.disable_upgrade_deployment|default(false) %} + {% if deliver_script.update({'deliver': True}) %} {% endif %} + {% endfor %} + {% if deliver_script.deliver %} + depends_on: + {% endif %} + {% for dep in roles if dep.disable_upgrade_deployment|default(false) %} + - {{dep.name}}DeliverUpgradeScriptDeployment + {% endfor %} + {% endif %} properties: UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_batch_tasks]} step: {{step}} @@ -61,12 +125,13 @@ resources: {{role.name}}UpgradeBatch_Step{{step}}: type: OS::Heat::SoftwareDeploymentGroup condition: {{role.name}}UpgradeBatchConfigEnabled - {%- if step > 0 %} + {%- if step > 0 %} depends_on: - {%- for dep in enabled_roles %} - - {{dep.name}}UpgradeBatch_Step{{step -1}} - {%- endfor %} - {%- endif %} + - {{role.name}}UpgradeBatch_Step{{step -1}} + {% else %} + depends_on: + - {{role.name}}UpgradeBatchConfig_Step{{step}} + {%- endif %} update_policy: batch_create: max_batch_size: {{role.upgrade_batch_size|default(1)}} @@ -82,6 +147,32 @@ resources: {%- endfor %} {%- endfor %} +# Dump the puppet manifests to be apply later when disable_upgrade_deployment +# is to true +{% for role in roles if role.disable_upgrade_deployment|default(false) %} + {{role.name}}DeliverPuppetConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - str_replace: + template: | + #!/bin/bash + cat > /root/{{role.name}}_puppet_config.pp << ENDOFCAT + PUPPET_CLASSES + ENDOFCAT + params: + PUPPET_CLASSES: {get_param: [role_data, {{role.name}}, step_config]} + + {{role.name}}DeliverPuppetDeployment: + type: OS::Heat::SoftwareDeploymentGroup + properties: + servers: {get_param: [servers, {{role.name}}]} + config: {get_resource: {{role.name}}DeliverPuppetConfig} +{% endfor %} + # Upgrade Steps for all roles {%- for step in range(0, upgrade_steps_max) %} # Config resources for step {{step}} @@ -92,15 +183,12 @@ resources: # serialization, but the event output is easier to follow if we # do, and there should be minimal performance hit (creating the # config is cheap compared to the time to apply the deployment). - depends_on: {%- if step > 0 %} - {%- for dep in enabled_roles %} - - {{dep.name}}Upgrade_Step{{step -1}} - {%- endfor %} - {%- else %} - {%- for dep in enabled_roles %} - - {{dep.name}}UpgradeBatch_Step{{batch_upgrade_steps_max -1}} - {%- endfor %} + condition: {{role.name}}UpgradeConfigEnabled + {% if role.name in enabled_roles %} + depends_on: + - {{role.name}}Upgrade_Step{{step -1}} + {% endif %} {%- endif %} properties: UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]} @@ -111,17 +199,11 @@ resources: {%- for role in enabled_roles %} {{role.name}}Upgrade_Step{{step}}: type: OS::Heat::SoftwareDeploymentGroup + {%- if step > 0 %} condition: {{role.name}}UpgradeConfigEnabled depends_on: - {%- if step > 0 %} - {%- for dep in enabled_roles %} - - {{dep.name}}Upgrade_Step{{step -1}} - {%- endfor %} - {%- else %} - {%- for dep in enabled_roles %} - - {{dep.name}}UpgradeBatch_Step{{batch_upgrade_steps_max -1}} - {%- endfor %} - {%- endif %} + - {{role.name}}Upgrade_Step{{step -1}} + {%- endif %} properties: name: {{role.name}}Upgrade_Step{{step}} servers: {get_param: [servers, {{role.name}}]} @@ -154,4 +236,3 @@ outputs: {% for role in roles %} {{role.name.lower()}}: {get_attr: [{{role.name}}UpgradeConfig_Step1, upgrade_config]} {% endfor %} - diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml index 39155c36..21202775 100644 --- a/puppet/post.j2.yaml +++ b/puppet/post.j2.yaml @@ -12,7 +12,11 @@ parameters: role_data: type: json description: Mapping of Role name e.g Controller to the per-role data - + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json DeployIdentifier: default: '' type: string diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 2401d764..4bd9fc47 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -86,12 +86,6 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: "PreUpgrade step0,validation: Check service openstack-aodh-api is running" - shell: /usr/bin/systemctl show 'openstack-aodh-api' --property ActiveState | grep '\bactive\b' - tags: step0,validation - name: Stop aodh_api service (running under httpd) tags: step2 service: name=httpd state=stopped - - name: Run aodh dbsync - tags: step5 - command: aodh-dbsync diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 8648a971..f5ca329e 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -80,7 +80,7 @@ outputs: aodh::keystone::authtoken::project_name: 'service' aodh::keystone::authtoken::password: {get_param: AodhPassword} aodh::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + aodh::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::auth::auth_password: {get_param: AodhPassword} aodh::auth::auth_region: 'regionOne' aodh::auth::auth_tenant_name: 'service' diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 186af1cc..239b6ca9 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -75,7 +75,7 @@ outputs: - get_attr: [ApacheServiceBase, role_data, config_settings] - barbican::keystone::authtoken::password: {get_param: BarbicanPassword} barbican::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + barbican::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} barbican::keystone::authtoken::project_name: 'service' barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]} barbican::api::db_auto_create: false diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index 9ee07592..741f8da1 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -93,9 +93,6 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-api is running" - shell: /usr/bin/systemctl show 'openstack-ceilometer-api' --property ActiveState | grep '\bactive\b' - tags: step0,validation - name: Stop ceilometer_api service (running under httpd) tags: step2 service: name=httpd state=stopped diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index a86a0cdf..5658e416 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -96,13 +96,12 @@ outputs: - '?bind_address=' - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" ceilometer_backend: {get_param: CeilometerBackend} - ceilometer::metering_secret: {get_param: CeilometerMeteringSecret} # we include db_sync class in puppet-tripleo ceilometer::db::sync_db: false ceilometer::keystone::authtoken::project_name: 'service' ceilometer::keystone::authtoken::password: {get_param: CeilometerPassword} ceilometer::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers} diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml index 5341cfee..714434b1 100644 --- a/puppet/services/ceilometer-expirer.yaml +++ b/puppet/services/ceilometer-expirer.yaml @@ -40,7 +40,3 @@ outputs: get_attr: [CeilometerServiceBase, role_data, config_settings] step_config: | include ::tripleo::profile::base::ceilometer::expirer - upgrade_tasks: - - name: "PreUpgrade step0,validation: Check service openstack-ceilometer-expirer is running" - shell: /usr/bin/systemctl show 'openstack-ceilometer-expirer' --property ActiveState | grep '\bactive\b' - tags: step0,validation diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index 83339f2b..d7014e54 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -54,7 +54,7 @@ outputs: - get_attr: [CephBase, role_data, config_settings] - tripleo::profile::base::ceph::rgw::rgw_key: {get_param: CephRgwKey} tripleo::profile::base::ceph::rgw::keystone_admin_token: {get_param: AdminToken} - tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} tripleo::profile::base::ceph::rgw::civetweb_bind_ip: {get_param: [ServiceNetMap, CephRgwNetwork]} tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]} tripleo::profile::base::ceph::rgw::rgw_keystone_version: v3 diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index bc5f080d..8c5a07ac 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -81,7 +81,7 @@ outputs: - get_attr: [CinderBase, role_data, config_settings] - get_attr: [ApacheServiceBase, role_data, config_settings] - cinder::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + cinder::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} cinder::keystone::authtoken::password: {get_param: CinderPassword} cinder::keystone::authtoken::project_name: 'service' cinder::api::enable_proxy_headers_parsing: true diff --git a/puppet/services/cinder-backend-dellps.yaml b/puppet/services/cinder-backend-dellps.yaml new file mode 100644 index 00000000..1f15c53e --- /dev/null +++ b/puppet/services/cinder-backend-dellps.yaml @@ -0,0 +1,85 @@ +# Copyright (c) 2017 Dell Inc. or its subsidiaries. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +heat_template_version: ocata + +description: > + Openstack Cinder Dell EMC PS Series backend + +parameters: + CinderEnableDellPsBackend: + type: boolean + default: true + CinderDellPsBackendName: + type: string + default: 'tripleo_dellps' + CinderDellPsSanIp: + type: string + CinderDellPsSanLogin: + type: string + CinderDellPsSanPassword: + type: string + hidden: true + CinderDellPsSanThinProvision: + type: boolean + default: true + CinderDellPsGroupname: + type: string + default: 'group-0' + CinderDellPsPool: + type: string + default: 'default' + CinderDellPsChapLogin: + type: string + default: '' + CinderDellPsChapPassword: + type: string + default: '' + CinderDellPsUseChap: + type: boolean + default: false + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Dell EMC PS Series backend. + value: + service_name: cinder_backend_dellps + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_dellps_backend: {get_param: CinderEnableDellPsBackend} + cinder::backend::eqlx::volume_backend_name: {get_param: CinderDellPsBackendName} + cinder::backend::eqlx::san_ip: {get_param: CinderDellPsSanIp} + cinder::backend::eqlx::san_login: {get_param: CinderDellPsSanLogin} + cinder::backend::eqlx::san_password: {get_param: CinderDellPsSanPassword} + cinder::backend::eqlx::san_thin_provision: {get_param: CinderDellPsSanThinProvision} + cinder::backend::eqlx::eqlx_group_name: {get_param: CinderDellPsGroupname} + cinder::backend::eqlx::eqlx_pool: {get_param: CinderDellPsPool} + cinder::backend::eqlx::eqlx_use_chap: {get_param: CinderDellPsUseChap} + cinder::backend::eqlx::eqlx_chap_login: {get_param: CinderDellPsChapLogin} + cinder::backend::eqlx::eqlx_chap_password: {get_param: CinderDellPsChapPassword} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/cinder-backend-dellsc.yaml b/puppet/services/cinder-backend-dellsc.yaml new file mode 100644 index 00000000..6a6196ac --- /dev/null +++ b/puppet/services/cinder-backend-dellsc.yaml @@ -0,0 +1,85 @@ +# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: ocata + +description: > + Openstack Cinder Dell EMC Storage Center backend + +parameters: + CinderEnableDellScBackend: + type: boolean + default: true + CinderDellScBackendName: + type: string + default: 'tripleo_dellsc' + CinderDellScSanIp: + type: string + CinderDellScSanLogin: + type: string + default: 'Admin' + CinderDellScSanPassword: + type: string + hidden: true + CinderDellScSsn: + type: number + default: 64702 + CinderDellScIscsiIpAddress: + type: string + default: '' + CinderDellScIscsiPort: + type: number + default: 3260 + CinderDellScApiPort: + type: number + default: 3033 + CinderDellScServerFolder: + type: string + default: 'dellsc_server' + CinderDellScVolumeFolder: + type: string + default: 'dellsc_volume' + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Dell EMC Storage Center backend. + value: + service_name: cinder_backend_dellsc + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_dellsc_backend: {get_param: CinderEnableDellScBackend} + cinder::backend::dellsc_iscsi::volume_backend_name: {get_param: CinderDellScBackendName} + cinder::backend::dellsc_iscsi::san_ip: {get_param: CinderDellScSanIp} + cinder::backend::dellsc_iscsi::san_login: {get_param: CinderDellScSanLogin} + cinder::backend::dellsc_iscsi::san_password: {get_param: CinderDellScSanPassword} + cinder::backend::dellsc_iscsi::dell_sc_ssn: {get_param: CinderDellScSsn} + cinder::backend::dellsc_iscsi::iscsi_ip_address: {get_param: CinderDellScIscsiIpAddress} + cinder::backend::dellsc_iscsi::iscsi_port: {get_param: CinderDellScIscsiPort} + cinder::backend::dellsc_iscsi::dell_sc_api_port: {get_param: CinderDellScApiPort} + cinder::backend::dellsc_iscsi::dell_sc_server_folder: {get_param: CinderDellScServerFolder} + cinder::backend::dellsc_iscsi::dell_sc_volume_folder: {get_param: CinderDellScVolumeFolder} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/cinder-backend-scaleio.yaml b/puppet/services/cinder-backend-scaleio.yaml new file mode 100644 index 00000000..eb709cd5 --- /dev/null +++ b/puppet/services/cinder-backend-scaleio.yaml @@ -0,0 +1,111 @@ +# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: ocata + +description: > + Openstack Cinder Dell EMC ScaleIO backend + +parameters: + CinderEnableScaleIOBackend: + type: boolean + default: true + CinderScaleIOBackendName: + type: string + default: 'tripleo_scaleio' + CinderScaleIOSanIp: + type: string + default: '' + CinderScaleIOSanLogin: + type: string + default: '' + CinderScaleIOSanPassword: + type: string + default: '' + hidden: true + CinderScaleIORestServerPort: + type: number + default: 443 + CinderScaleIOVerifyServerCertificate: + type: boolean + default: false + CinderScaleIOServerCertificatePath: + type: string + default: '' + CinderScaleIOProtectionDomainId: + type: string + default: '' + CinderScaleIOProtectionDomainName: + type: string + default: '' + CinderScaleIOStoragePoolId: + type: string + default: '' + CinderScaleIOStoragePoolName: + type: string + default: '' + CinderScaleIOStoragePools: + type: string + default: '' + CinderScaleIORoundVolumeCapacity: + type: boolean + default: true + CinderScaleIOUnmapVolumeBeforeDeletion: + type: boolean + default: false + CinderScaleIOMaxOverSubscriptionRatio: + type: string + default: '' + CinderScaleIOSanThinProvision: + type: boolean + default: true + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Dell EMC ScaleIO backend. + value: + service_name: cinder_backend_scaleio + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_scaleio_backend: {get_param: CinderEnableScaleIOBackend} + cinder::backend::scaleio::volume_backend_name: {get_param: CinderScaleIOBackendName} + cinder::backend::scaleio::sio_login: {get_param: CinderScaleIOSanLogin} + cinder::backend::scaleio::sio_password: {get_param: CinderScaleIOSanPassword} + cinder::backend::scaleio::sio_server_hostname: {get_param: CinderScaleIOSanIp} + cinder::backend::scaleio::sio_server_port: {get_param: CinderScaleIORestServerPort} + cinder::backend::scaleio::sio_verify_server_certificate: {get_param: CinderScaleIOVerifyServerCertificate} + cinder::backend::scaleio::sio_server_certificate_path: {get_param: CinderScaleIOServerCertificatePath} + cinder::backend::scaleio::sio_protection_domain_name: {get_param: CinderScaleIOProtectionDomainName} + cinder::backend::scaleio::sio_protection_domain_id: {get_param: CinderScaleIOProtectionDomainId} + cinder::backend::scaleio::sio_storage_pool_id: {get_param: CinderScaleIOStoragePoolId} + cinder::backend::scaleio::sio_storage_pool_name: {get_param: CinderScaleIOStoragePoolName} + cinder::backend::scaleio::sio_storage_pools: {get_param: CinderScaleIOStoragePools} + cinder::backend::scaleio::sio_round_volume_capacity: {get_param: CinderScaleIORoundVolumeCapacity} + cinder::backend::scaleio::sio_unmap_volume_before_deletion: {get_param: CinderScaleIOUnmapVolumeBeforeDeletion} + cinder::backend::scaleio::sio_max_over_subscription_ratio: {get_param: CinderScaleIOMaxOverSubscriptionRatio} + cinder::backend::scaleio::sio_thin_provision: {get_param: CinderScaleIOThinProvision} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index dd1d3833..3a06afb8 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -122,6 +122,3 @@ outputs: - name: Stop cinder_volume service tags: step2 service: name=openstack-cinder-volume state=stopped - - name: Sync cinder_volume DB - tags: step5 - command: cinder-manage db sync diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml new file mode 100644 index 00000000..1b82f55c --- /dev/null +++ b/puppet/services/congress.yaml @@ -0,0 +1,90 @@ +heat_template_version: ocata + +description: > + OpenStack Congress service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + CongressPassword: + description: The password for the congress service account. + type: string + hidden: true + Debug: + type: string + default: '' + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +outputs: + role_data: + description: Role data for the Congress role. + value: + service_name: congress + config_settings: + congress_password: {get_param: CongressPassword} + congress::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://congress:' + - {get_param: CongressPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/congress' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + congress::keystone::auth::tenant: 'service' + congress::keystone::auth::password: {get_param: CongressPassword} + congress::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + congress::debug: {get_param: Debug} + congress::rpc_backend: rabbit + congress::rabbit_userid: {get_param: RabbitUserName} + congress::rabbit_password: {get_param: RabbitPassword} + congress::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + congress::rabbit_port: {get_param: RabbitClientPort} + congress::server::bind_host: {get_param: [ServiceNetMap, CongressApiNetwork]} + + congress::db::mysql::password: {get_param: CongressPassword} + congress::db::mysql::user: congress + congress::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + congress::db::mysql::dbname: congress + congress::db::mysql::allowed_hosts: + - '%' + - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + + + step_config: | + include ::tripleo::profile::base::congress diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 8c4042d9..808f1353 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -34,6 +34,10 @@ parameters: default: true description: Whether to use Galera instead of regular MariaDB. type: boolean + NovaPassword: + description: The password for the nova db account + type: string + hidden: true resources: @@ -94,6 +98,8 @@ outputs: {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql + metadata_settings: + get_attr: [MySQLTLS, role_data, metadata_settings] upgrade_tasks: - name: Check for galera root password tags: step0 @@ -104,6 +110,15 @@ outputs: - name: Start service tags: step4 service: name=mariadb state=started - metadata_settings: - get_attr: [MySQLTLS, role_data, metadata_settings] - + - name: Setup cell_v2 (create cell0 database) + tags: step4 + mysql_db: + name: nova_cell0 + state: present + - name: Setup cell_v2 (grant access to the nova DB user) + tags: step4 + mysql_user: + str_replace: + template: "name=nova password=PASSWORD host=\"%\" priv=\"nova.*:ALL/nova_cell0.*:ALL,GRANT\" state=present" + params: + PASSWORD: {get_param: NovaPassword} diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml index 7049d773..002342b6 100644 --- a/puppet/services/ec2-api.yaml +++ b/puppet/services/ec2-api.yaml @@ -66,7 +66,7 @@ outputs: ec2api::keystone::authtoken::project_name: 'service' ec2api::keystone::authtoken::password: {get_param: Ec2ApiPassword} ec2api::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - ec2api::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + ec2api::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} ec2api::api::enabled: true ec2api::package_manage: {get_param: EnablePackageInstall} ec2api::api::ec2api_listen: diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index b49b29f7..c4f97d54 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -95,7 +95,7 @@ outputs: - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } glance::api::enable_v1_api: false glance::api::enable_v2_api: true glance::api::authtoken::password: {get_param: GlancePassword} @@ -147,6 +147,3 @@ outputs: - name: Stop and disable glance registry (removed for Ocata) tags: step2 service: name=openstack-glance-registry state=stopped enabled=no - - name: Sync glance_api DB - tags: step5 - command: glance-manage --config-file=/etc/glance/glance-api.conf db_sync diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index 2aea29fd..22c0967e 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -84,7 +84,7 @@ outputs: gnocchi::api::enable_proxy_headers_parsing: true gnocchi::api::service_name: 'httpd' gnocchi::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + gnocchi::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} gnocchi::keystone::authtoken::password: {get_param: GnocchiPassword} gnocchi::keystone::authtoken::project_name: 'service' gnocchi::wsgi::apache::ssl: {get_param: EnableInternalTLS} @@ -103,15 +103,9 @@ outputs: # internal_api_subnet - > IP/CIDR gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]} gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi' - gnocchi::api::host: - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} gnocchi::api::keystone_auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + gnocchi::api::keystone_identity_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} gnocchi::storage::swift::swift_authurl: {get_param: [EndpointMap, KeystoneInternal, uri]} step_config: | include ::tripleo::profile::base::gnocchi::api @@ -134,12 +128,6 @@ outputs: metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: "PreUpgrade step0,validation: Check service openstack-gnocchi-api is running" - shell: /usr/bin/systemctl show 'openstack-gnocchi-api' --property ActiveState | grep '\bactive\b' - tags: step0,validation - name: Stop gnocchi_api service (running under httpd) tags: step2 service: name=httpd state=stopped - - name: Run gnocchi upgrade - tags: step5 - command: gnocchi-upgrade diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index 90943751..b4d314f4 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -122,7 +122,7 @@ outputs: heat::rabbit_heartbeat_timeout_threshold: 60 heat::keystone::authtoken::project_name: 'service' heat::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + heat::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } heat::keystone::authtoken::password: {get_param: HeatPassword} heat::keystone::domain::domain_name: 'heat_stack' heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 3b73eb88..e85b7537 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -144,6 +144,3 @@ outputs: - name: Stop heat_engine service tags: step2 service: name=openstack-heat-engine state=stopped - - name: Sync heat_engine DB - tags: step5 - command: heat-manage --config-file /etc/heat/heat.conf db_sync diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index ff91eb63..a84df538 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -25,6 +25,10 @@ parameters: MonitoringSubscriptionIronicApi: default: 'overcloud-ironic-api' type: string + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint resources: IronicBase: @@ -47,7 +51,7 @@ outputs: ironic::api::authtoken::project_name: 'service' ironic::api::authtoken::username: 'ironic' ironic::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + ironic::api::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): @@ -73,6 +77,7 @@ outputs: ironic::keystone::auth::auth_name: 'ironic' ironic::keystone::auth::password: {get_param: IronicPassword } ironic::keystone::auth::tenant: 'service' + ironic::keystone::auth::region: {get_param: KeystoneRegion} mysql: ironic::db::mysql::password: {get_param: IronicPassword} ironic::db::mysql::user: ironic diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 48d87209..739db13c 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -111,6 +111,3 @@ outputs: - name: Stop ironic_conductor service tags: step2 service: name=openstack-ironic-conductor state=stopped - - name: Sync ironic_conductor DB - tags: step5 - command: ironic-dbsync diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 7da4a9c2..b2374ec4 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -310,8 +310,5 @@ outputs: - name: Stop keystone service (running under httpd) tags: step2 service: name=httpd state=stopped - - name: Sync keystone DB - tags: step5 - command: keystone-manage db_sync metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] diff --git a/puppet/services/logging/fluentd-client.yaml b/puppet/services/logging/fluentd-client.yaml index 769ab68f..94c63d33 100644 --- a/puppet/services/logging/fluentd-client.yaml +++ b/puppet/services/logging/fluentd-client.yaml @@ -62,3 +62,12 @@ outputs: get_attr: [LoggingConfiguration, LoggingSharedKey] step_config: | include ::tripleo::profile::base::logging::fluentd + upgrade_tasks: + - name: Check status of fluentd service + shell: > + /usr/bin/systemctl show fluentd --property ActiveState | + grep '\bactive\b' + tags: step0,validation + - name: Stop fluentd service + tags: step2 + service: name=fluentd state=stopped diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index f1cddbd0..7b78c82e 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -49,7 +49,7 @@ outputs: - get_attr: [ManilaBase, role_data, config_settings] - manila::keystone::authtoken::password: {get_param: ManilaPassword} manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } manila::keystone::authtoken::project_name: 'service' tripleo.manila_api.firewall_rules: '150 manila': diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml index e38fe675..6ac0d2cf 100644 --- a/puppet/services/manila-share.yaml +++ b/puppet/services/manila-share.yaml @@ -46,7 +46,7 @@ outputs: - manila::volume::cinder::cinder_admin_tenant_name: 'service' manila::keystone::authtoken::password: {get_param: ManilaPassword} manila::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + manila::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } manila::keystone::authtoken::project_name: 'service' service_config_settings: get_attr: [ManilaBase, role_data, service_config_settings] diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml index ffa969e0..146cc306 100644 --- a/puppet/services/memcached.yaml +++ b/puppet/services/memcached.yaml @@ -18,6 +18,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + MemcachedMaxMemory: + default: '50%' + description: The maximum amount of memory for memcached to be configured + to use when installed. This can be either a percentage ('50%') + or a fixed value ('2048'). + type: string MonitoringSubscriptionMemcached: default: 'overcloud-memcached' type: string @@ -35,8 +41,17 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]} + memcached::max_memory: {get_param: MemcachedMaxMemory} tripleo.memcached.firewall_rules: '121 memcached': dport: 11211 step_config: | include ::tripleo::profile::base::memcached + service_config_settings: + collectd: + tripleo.collectd.plugins.memcached: + - memcached + collectd::plugin::memcached::instances: + local: + host: "%{hiera('memcached::listen_ip')}" + port: 11211 diff --git a/puppet/services/metrics/collectd.yaml b/puppet/services/metrics/collectd.yaml new file mode 100644 index 00000000..a3e3b842 --- /dev/null +++ b/puppet/services/metrics/collectd.yaml @@ -0,0 +1,120 @@ +heat_template_version: ocata + +description: Collectd client service + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + type: json + CollectdDefaultPlugins: + default: + - disk + - interface + - load + - memory + - processes + - tcpconns + type: comma_delimited_list + description: > + List of collectd plugins to activate on all overcloud hosts. See + the documentation for the puppet-collectd module for a list plugins + supported by the module (https://github.com/voxpupuli/puppet-collectd). + Set this key to override the default list of plugins. Use + CollectdExtraPlugins if you want to load additional plugins without + overriding the defaults. + CollectdExtraPlugins: + default: [] + type: comma_delimited_list + description: > + List of collectd plugins to activate on all overcloud hosts. See + the documentation for the puppet-collectd module for a list plugins + supported by the module (https://github.com/voxpupuli/puppet-collectd). + Set this key to load plugins in addition to those in + CollectdDefaultPlugins. + CollectdServer: + type: string + description: > + Address of remote collectd server to which we will send + metrics. + default: '' + CollectdServerPort: + type: number + default: 25826 + description: > + Port on remote collectd server to which we will send + metrics. + CollectdUsername: + type: string + description: > + Username for authenticating to the remote collectd server. The default + is to not configure any authentication. + default: '' + CollectdPassword: + type: string + hidden: true + description: > + Password for authenticating to the remote collectd server. The + default is to not configure any authentication. + default: '' + CollectdSecurityLevel: + type: string + description: > + Security level setting for remote collectd connection. + default: 'None' + constraints: + - allowed_values: + - None + - Sign + - Encrypt + +outputs: + role_data: + description: Role data for the Collectd client role. + value: + service_name: collectd + config_settings: + collectd::manage_repo: false + collectd::purge: true + collectd::recurse: true + collectd::purge_config: true + collectd::minimum_version: "5.7" + tripleo::profile::base::metrics::collectd::collectd_server: + get_param: CollectdServer + tripleo::profile::base::metrics::collectd::collectd_port: + get_param: CollectdServerPort + tripleo::profile::base::metrics::collectd::collectd_username: + get_param: CollectdUsername + tripleo::profile::base::metrics::collectd::collectd_password: + get_param: CollectdPassword + tripleo::profile::base::metrics::collectd::collectd_securitylevel: + get_param: CollectdSecurityLevel + tripleo.collectd.plugins.collectd: + yaql: + data: + default_plugins: {get_param: CollectdDefaultPlugins} + extra_plugins: {get_param: CollectdExtraPlugins} + expression: > + ($.data.default_plugins + $.data.extra_plugins) + .flatten().distinct() + step_config: | + include ::tripleo::profile::base::metrics::collectd + upgrade_tasks: + - name: Check status of collectd service + shell: > + /usr/bin/systemctl show collectd --property ActiveState | + grep '\bactive\b' + tags: step0,validation + - name: Stop collectd service + tags: step2 + service: name=collectd state=stopped diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml index e678b14f..4d020498 100644 --- a/puppet/services/mistral-base.yaml +++ b/puppet/services/mistral-base.yaml @@ -76,7 +76,7 @@ outputs: mistral::keystone_tenant: 'service' mistral::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} mistral::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} - mistral::identity_uri: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + mistral::identity_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} service_config_settings: keystone: mistral::keystone::auth::tenant: 'service' diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml index 76ba59c1..d74a68a2 100644 --- a/puppet/services/monitoring/sensu-client.yaml +++ b/puppet/services/monitoring/sensu-client.yaml @@ -62,3 +62,12 @@ outputs: region: {get_param: KeystoneRegion} step_config: | include ::tripleo::profile::base::monitoring::sensu + upgrade_tasks: + - name: Check status of sensu-client service + shell: > + /usr/bin/systemctl show sensu-client --property ActiveState | + grep '\bactive\b' + tags: step0,validation + - name: Stop sensu-client service + tags: step2 + service: name=sensu-client state=stopped diff --git a/puppet/services/network/contrail-analytics-database.yaml b/puppet/services/network/contrail-analytics-database.yaml new file mode 100644 index 00000000..67341ed3 --- /dev/null +++ b/puppet/services/network/contrail-analytics-database.yaml @@ -0,0 +1,43 @@ +heat_template_version: ocata + +description: > + Contrail Analytics Database service deployment using puppet, this YAML file + creates the interface between the HOT template + and the puppet manifest that actually installs + and configures Contrail Analytics Database. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role Contrail Analytics Database using composable services. + value: + service_name: contrail_analytics_database + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - contrail::analytics::database::host_ip: {get_param: [ServiceNetMap, ContrailAnalyticsDatabaseNetwork]} + step_config: | + include ::tripleo::network::contrail::analyticsdatabase diff --git a/puppet/services/network/contrail-analytics.yaml b/puppet/services/network/contrail-analytics.yaml index ad14d315..e3e0ec4b 100644 --- a/puppet/services/network/contrail-analytics.yaml +++ b/puppet/services/network/contrail-analytics.yaml @@ -21,44 +21,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - ContrailAnalyticsHostIP: - description: host IP address of Analytics - type: string - ContrailAnalyticsRedisServerIp: - description: Redis server ip address - type: string - ContrailAnalyticsCollectorServerHttpPort: - description: Collector http port - type: number - default: 8089 - ContrailAnalyticsCollectorSandeshPort: - description: Collector sandesh port - type: number - default: 8086 - ContrailAnalyticsHttpServerPort: - description: Analytics http port - type: number - default: 8090 - ContrailAnalyticsListenAddress: - default: '0.0.0.0' - description: IP address Config API is listening on - type: string - ContrailAnalyticsListenPort: - default: 8082 - description: Port Config API is listening on - type: number - ContrailAnalyticsRedisServerPort: - description: Redis server port - type: number - default: 6379 - ContrailAnalyticsRestApiIp: - description: IP address Analytics rest interface listens on - type: string - default: '0.0.0.0' - ContrailAnalyticsRestApiPort: - description: Analytics rest port - type: number - default: 8081 resources: ContrailBase: @@ -76,15 +38,14 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::analytics::collector_http_server_port: {get_param: ContrailAnalyticsCollectorServerHttpPort} - contrail::analytics::collector_sandesh_port: {get_param: ContrailAnalyticsCollectorSandeshPort} - contrail::analytics::host_ip: {get_param: ContrailAnalyticsHostIP} - contrail::analytics::http_server_port: {get_param: ContrailAnalyticsHttpServerPort} - contrail::analytics::listen_ip_address: {get_param: ContrailAnalyticsListenAddress} - contrail::analytics::listen_port: {get_param: ContrailAnalyticsListenPort} - contrail::analytics::redis_server: {get_param: ContrailAnalyticsRedisServerIp} - contrail::analytics::redis_server_port: {get_param: ContrailAnalyticsRedisServerPort} - contrail::analytics::rest_api_ip: {get_param: ContrailAnalyticsRestApiIp} - contrail::analytics::rest_api_port: {get_param: ContrailAnalyticsRestApiPort} + - contrail::analytics::collector_http_server_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, port]} + contrail::analytics::collector_sandesh_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, port]} + contrail::analytics::host_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} + contrail::analytics::http_server_port: {get_param: [EndpointMap, ContrailAnalyticsHttpInternal, port]} + contrail::analytics::listen_ip_address: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} + contrail::analytics::redis_server: '127.0.0.1' + contrail::analytics::redis_server_port: {get_param: [EndpointMap, ContrailAnalyticsRedisInternal, port]} + contrail::analytics::rest_api_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} + contrail::analytics::rest_api_port: {get_param: [EndpointMap, ContrailAnalyticsApiInternal, port]} step_config: | include ::tripleo::network::contrail::analytics diff --git a/puppet/services/network/contrail-base.yaml b/puppet/services/network/contrail-base.yaml index b49b2add..bc56a3ca 100644 --- a/puppet/services/network/contrail-base.yaml +++ b/puppet/services/network/contrail-base.yaml @@ -18,47 +18,42 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ContrailAAAMode: + description: AAAmode can be no-auth, cloud-admin or rbac + type: string + default: 'rbac' + ContrailAAAModeAnalytics: + description: AAAmode for analytics can be no-auth, cloud-admin or rbac + type: string + default: 'no-auth' AdminPassword: description: Keystone admin user password type: string + hidden: true AdminTenantName: description: Keystone admin tenant name type: string + default: 'admin' AdminToken: description: Keystone admin token type: string + hidden: true AdminUser: description: Keystone admin user name type: string - AuthHost: - description: Keystone host IP address - type: string - AuthPort: - default: 35357 - description: Keystone port + default: 'admin' + AuthPortSSL: + default: 13357 + description: Keystone SSL port + type: number + AuthPortSSLPublic: + default: 13000 + description: Keystone Public SSL port type: number - AuthProtocol: - default: 'http' - description: Keystone authentication protocol - type: string - ContrailDiscoveryServerIp: - description: Discovery server ip address - type: string - ContrailKafkaBrokerList: - description: List of kafka servers - type: comma_delimited_list ContrailAuth: default: 'keystone' description: Keystone authentication method type: string - ContrailCassandraServerList: - default: [] - description: List of cassandra servers - type: comma_delimited_list - ContrailDiscoveryServerPort: - description: Discovery server port - type: number - default: 5998 ContrailInsecure: default: false description: Keystone insecure mode @@ -67,14 +62,18 @@ parameters: default: '127.0.0.1:12111' description: Memcached server type: string - ContrailMultiTenancy: - default: true - description: Turn on/off multi-tenancy - type: boolean - ContrailZkServerIp: - default: [] - description: List of zookeeper servers - type: comma_delimited_list + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number outputs: role_data: @@ -82,19 +81,23 @@ outputs: value: service_name: contrail_base config_settings: + contrail::aaa_mode: {get_param: ContrailAAAMode} + contrail::analytics_aaa_mode: {get_param: ContrailAAAModeAnalytics} contrail::admin_password: {get_param: AdminPassword} contrail::admin_tenant_name: {get_param: AdminTenantName} contrail::admin_token: {get_param: AdminToken} contrail::admin_user: {get_param: AdminUser} - contrail::auth_host: {get_param: [EndpointMap, KeystoneInternal, host] } - contrail::auth_port: {get_param: [EndpointMap, KeystoneInternal, port] } - contrail::auth_protocol: {get_param: [EndpointMap, KeystoneInternal, protocol] } - contrail::disc_server_ip: {get_param: ContrailDiscoveryServerIp} - contrail::kafka_broker_list: {get_param: ContrailKafkaBrokerList} contrail::auth: {get_param: ContrailAuth} - contrail::cassandra_server_list: {get_param: ContrailCassandraServerList} - contrail::disc_server_port: {get_param: ContrailDiscoveryServerPort} + contrail::auth_host: {get_param: [EndpointMap, KeystonePublic, host] } + contrail::auth_port: {get_param: [EndpointMap, KeystoneAdmin, port] } + contrail::auth_port_ssl: {get_param: AuthPortSSL } + contrail::auth_port_public: {get_param: [EndpointMap, KeystonePublic, port] } + contrail::auth_port_ssl_public: {get_param: AuthPortSSLPublic } + contrail::auth_protocol: {get_param: [EndpointMap, KeystoneInternal, protocol] } + contrail::api_port: {get_param: [EndpointMap, ContrailConfigInternal, port] } + contrail::disc_server_port: {get_param: [EndpointMap, ContrailDiscoveryInternal, port] } contrail::insecure: {get_param: ContrailInsecure} contrail::memcached_server: {get_param: ContrailMemcachedServer} - contrail::multi_tenancy: {get_param: ContrailMultiTenancy} - contrail::zk_server_ip: {get_param: ContrailZkServerIp} + contrail::rabbit_password: {get_param: RabbitPassword} + contrail::rabbit_user: {get_param: RabbitUserName} + contrail::rabbit_port: {get_param: RabbitClientPort} diff --git a/puppet/services/network/contrail-config.yaml b/puppet/services/network/contrail-config.yaml index 03774480..185b6094 100644 --- a/puppet/services/network/contrail-config.yaml +++ b/puppet/services/network/contrail-config.yaml @@ -21,29 +21,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - ContrailConfigIfmapServerIp: - description: Ifmap server ip address - type: string ContrailConfigIfmapUserName: description: Ifmap user name type: string + default: 'api-server' ContrailConfigIfmapUserPassword: description: Ifmap user password type: string - ContrailConfigRabbitServerIp: - description: RabbitMq server ip address - type: string - ContrailConfigRedisServerIp: - description: Redis server ip address - type: string - ContrailConfigListenAddress: - default: '0.0.0.0' - description: IP address Config API is listening on - type: string - ContrailConfigListenPort: - default: 8082 - description: Port Config API is listening on - type: number + default: 'api-server' resources: ContrailBase: @@ -62,11 +47,10 @@ outputs: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - contrail::config::ifmap_password: {get_param: ContrailConfigIfmapUserPassword} - contrail::config::ifmap_server_ip: {get_param: ContrailConfigIfmapServerIp} contrail::config::ifmap_username: {get_param: ContrailConfigIfmapUserName} - contrail::config::listen_ip_address: {get_param: ContrailConfigListenAddress} - contrail::config::listen_port: {get_param: ContrailConfigListenPort} - contrail::config::rabbit_server: {get_param: ContrailConfigRabbitServerIp} - contrail::config::redis_server: {get_param: ContrailConfigRedisServerIp} + contrail::config::listen_ip_address: {get_param: [ServiceNetMap, ContrailConfigNetwork]} + contrail::config::listen_port: {get_param: [EndpointMap, ContrailConfigInternal, port] } + contrail::config::redis_server: '127.0.0.1' + contrail::config::host_ip: {get_param: [ServiceNetMap, ContrailConfigNetwork] } step_config: | include ::tripleo::network::contrail::config diff --git a/puppet/services/network/contrail-control.yaml b/puppet/services/network/contrail-control.yaml index 7c28d283..0964989b 100644 --- a/puppet/services/network/contrail-control.yaml +++ b/puppet/services/network/contrail-control.yaml @@ -21,15 +21,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - ContrailControlHostIP: - description: host IP address of Analytics - type: string - ContrailControlIfmapUserName: - description: Ifmap user name - type: string - ContrailControlIfmapUserPassword: - description: Ifmap user password + ContrailControlASN: + description: Autonomous System Number + type: number + default: 64512 + ContrailControlRNDCSecret: + description: sda1/256 hmac key, e.g. echo -n "values" | openssl dgst -sha256 -hmac key -binary | base64 type: string + hidden: true resources: ContrailBase: @@ -47,8 +46,8 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::control::host_ip: {get_param: ContrailControlHostIP} - contrail::control::ifmap_username: {get_param: ContrailControlIfmapUserName} - contrail::control::ifmap_password: {get_param: ContrailControlIfmapUserPassword} + - contrail::control::asn: {get_param: ContrailControlASN } + contrail::control::host_ip: {get_param: [ServiceNetMap, ContrailControlNetwork]} + contrail::control::rndc_secret: {get_param: ContrailControlRNDCSecret} step_config: | include ::tripleo::network::contrail::control diff --git a/puppet/services/network/contrail-database.yaml b/puppet/services/network/contrail-database.yaml index c56b90a2..b47c2c36 100644 --- a/puppet/services/network/contrail-database.yaml +++ b/puppet/services/network/contrail-database.yaml @@ -21,13 +21,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - ContrailDatabaseHostIP: - description: host IP address of Database node - type: string - ContrailDatabaseMinDisk: - description: Minimum disk size for database - type: number - default: 64 resources: ContrailBase: @@ -45,7 +38,6 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::database::host_ip: {get_param: ContrailDatabaseHostIP} - contrail::database::minimum_diskGB: {get_param: ContrailDatabaseMinDisk} + - contrail::database::host_ip: {get_param: [ServiceNetMap, ContrailDatabaseNetwork]} step_config: | - include ::tripleo::profile::contrail::database + include ::tripleo::network::contrail::database diff --git a/puppet/services/network/contrail-heat.yaml b/puppet/services/network/contrail-heat.yaml new file mode 100644 index 00000000..4dfc6579 --- /dev/null +++ b/puppet/services/network/contrail-heat.yaml @@ -0,0 +1,40 @@ +heat_template_version: ocata + +description: > + Contrail Heat plugin adds Contrail specific heat resources enabling heat + to orchestrate Contrail + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Contrail Heat plugin + value: + service_name: contrail_heat + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + step_config: | + include ::tripleo::network::contrail::heat diff --git a/puppet/services/network/contrail-neutron-plugin.yaml b/puppet/services/network/contrail-neutron-plugin.yaml new file mode 100644 index 00000000..2f2ceb37 --- /dev/null +++ b/puppet/services/network/contrail-neutron-plugin.yaml @@ -0,0 +1,45 @@ +heat_template_version: ocata + +description: > + OpenStack Neutron Opencontrail plugin + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ContrailExtensions: + description: List of OpenContrail extensions to be enabled + type: comma_delimited_list + default: '' + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron Opencontrail plugin + value: + service_name: contrail_neutron_plugin + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions + contrail::vrouter::contrail_extensions: {get_param: ContrailExtensions} + step_config: | + include tripleo::network::contrail::neutron_plugin diff --git a/puppet/services/network/contrail-provision.yaml b/puppet/services/network/contrail-provision.yaml new file mode 100644 index 00000000..765be9a9 --- /dev/null +++ b/puppet/services/network/contrail-provision.yaml @@ -0,0 +1,39 @@ +heat_template_version: ocata + +description: > + Provision Contrail services after deployment + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Contrail provisioning role + value: + service_name: contrail_provision + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + step_config: | + include ::tripleo::network::contrail::provision diff --git a/puppet/services/network/contrail-tsn.yaml b/puppet/services/network/contrail-tsn.yaml new file mode 100644 index 00000000..88adc4a5 --- /dev/null +++ b/puppet/services/network/contrail-tsn.yaml @@ -0,0 +1,64 @@ +heat_template_version: ocata + +description: > + Contrail TSN Service + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronMetadataProxySharedSecret: + description: Metadata Secret + type: string + VrouterPhysicalInterface: + default: 'eth0' + description: vRouter physical interface + type: string + VrouterGateway: + default: '192.168.24.1' + description: vRouter default gateway + type: string + VrouterNetmask: + default: '255.255.255.0' + description: vRouter netmask + type: string + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Contrail TSN Service + value: + service_name: contrail_tsn + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]} + contrail::vrouter::physical_interface: {get_param: VrouterPhysicalInterface} + contrail::vrouter::gateway: {get_param: VrouterGateway} + contrail::vrouter::netmask: {get_param: VrouterNetmask} + contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + contrail::vrouter::is_tsn: 'true' + tripleo.neutron_compute_plugin_opencontrail.firewall_rules: + '111 neutron_compute_plugin_opencontrail proxy': + dport: 8097 + proto: tcp + step_config: | + include ::tripleo::network::contrail::vrouter diff --git a/puppet/services/network/contrail-vrouter.yaml b/puppet/services/network/contrail-vrouter.yaml new file mode 100644 index 00000000..db9f0836 --- /dev/null +++ b/puppet/services/network/contrail-vrouter.yaml @@ -0,0 +1,64 @@ +heat_template_version: ocata + +description: > + OpenStack Neutron Compute OpenContrail plugin + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronMetadataProxySharedSecret: + description: Metadata Secret + type: string + hidden: true + ContrailVrouterPhysicalInterface: + default: 'eth0' + description: vRouter physical interface + type: string + ContrailVrouterGateway: + default: '192.0.2.1' + description: vRouter default gateway + type: string + ContrailVrouterNetmask: + default: '255.255.255.0' + description: vRouter netmask + type: string + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron Compute OpenContrail plugin + value: + service_name: contrail_vrouter + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]} + contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface} + contrail::vrouter::gateway: {get_param: ContrailVrouterGateway} + contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask} + contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + tripleo.neutron_compute_plugin_opencontrail.firewall_rules: + '111 neutron_compute_plugin_opencontrail proxy': + dport: 8097 + proto: tcp + step_config: | + include ::tripleo::network::contrail::vrouter diff --git a/puppet/services/network/contrail-webui.yaml b/puppet/services/network/contrail-webui.yaml index 72cc6fa5..3786cdd1 100644 --- a/puppet/services/network/contrail-webui.yaml +++ b/puppet/services/network/contrail-webui.yaml @@ -21,27 +21,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - ContrailWebUiAnalyticsVip: - description: Contrail Analytics VIP - type: string - ContrailWebUiConfigVip: - description: Contrail Config VIP - type: string - ContrailWebUiNeutronVip: - description: Neutron VIP - type: string - ContrailWebuiHttpPort: - default: 8080 - description: HTTP Port of Webui - type: number - ContrailWebuiHttpsPort: - default: 8143 - description: HTTPS Port of Webui - type: number - ContrailWebUiRedisIp: - description: Redis IP - type: string - default: '127.0.0.1' resources: ContrailBase: @@ -59,11 +38,8 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::webui::contrail_analytics_vip: {get_param: ContrailWebUiAnalyticsVip} - contrail::webui::contrail_config_vip: {get_param: ContrailWebUiConfigVip} - contrail::webui::contrail_webui_http_port: {get_param: ContrailWebuiHttpPort} - contrail::webui::contrail_webui_https_port: {get_param: ContrailWebuiHttpsPort} - contrail::webui::neutron_vip: {get_param: ContrailWebUiNeutronVip} - contrail::webui::redis_ip: {get_param: ContrailWebUiRedisIp} + - contrail::webui::http_port: {get_param: [EndpointMap, ContrailWebuiHttpInternal, port] } + contrail::webui::https_port: {get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] } + contrail::webui::redis_ip: '127.0.0.1' step_config: | include ::tripleo::network::contrail::webui diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 65fa0d8f..b3a07fb0 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -130,14 +130,12 @@ outputs: - '?bind_address=' - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} neutron::server::api_workers: {get_param: NeutronWorkers} neutron::server::rpc_workers: {get_param: NeutronWorkers} neutron::server::allow_automatic_l3agent_failover: {get_param: NeutronAllowL3AgentFailover} neutron::server::enable_proxy_headers_parsing: true neutron::keystone::authtoken::password: {get_param: NeutronPassword} - - neutron::server::notifications::nova_url: { get_param: [ EndpointMap, NovaInternal, uri ] } neutron::server::notifications::auth_url: { get_param: [ EndpointMap, KeystoneV3Admin, uri ] } neutron::server::notifications::tenant_name: 'service' neutron::server::notifications::project_name: 'service' @@ -198,6 +196,3 @@ outputs: - name: Stop neutron_api service tags: step2 service: name=neutron-server state=stopped - - name: Sync neutron_api DB - tags: step5 - command: neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/neutron-compute-plugin-ovn.yaml index ce28b5c3..e3a4da99 100644 --- a/puppet/services/neutron-compute-plugin-ovn.yaml +++ b/puppet/services/neutron-compute-plugin-ovn.yaml @@ -18,9 +18,6 @@ parameters: via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json - OVNDbHost: - description: IP address on which the OVN DB servers are listening - type: string OVNSouthboundServerPort: description: Port of the Southbound DB Server type: number @@ -29,6 +26,16 @@ parameters: description: Tunnel encapsulation type type: string default: geneve + NeutronBridgeMappings: + description: > + The OVS logical->physical bridge mappings to use. See the Neutron + documentation for details. Defaults to mapping br-ex - the external + bridge on hosts - to a physical name 'datacentre' which can be used + to create provider networks (and we use this for the default floating + network) - if changing this either use different post-install network + scripts or be sure to keep 'datacentre' as a mapping network name + type: comma_delimited_list + default: "datacentre:br-ex" outputs: @@ -37,9 +44,16 @@ outputs: value: service_name: neutron_compute_plugin_ovn config_settings: - tripleo::profile::base::neutron::agents::ovn::ovn_db_host: {get_param: OVNDbHost} ovn::southbound::port: {get_param: OVNSouthboundServerPort} - ovn::southbound::encap_type: {get_param: OVNTunnelEncapType} + ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType} ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]} + ovn::controller::ovn_bridge_mappings: {get_param: NeutronBridgeMappings} + tripleo.neutron_compute_plugin_ovn.firewall_rules: + '118 neutron vxlan networks': + proto: 'udp' + dport: 4789 + '119 neutron geneve networks': + proto: 'udp' + dport: 6081 step_config: | include ::tripleo::profile::base::neutron::agents::ovn diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 199b5809..6f5debdd 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -70,7 +70,7 @@ outputs: - neutron::agents::metadata::shared_secret: {get_param: NeutronMetadataProxySharedSecret} neutron::agents::metadata::metadata_workers: {get_param: NeutronWorkers} neutron::agents::metadata::auth_password: {get_param: NeutronPassword} - neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } neutron::agents::metadata::auth_tenant: 'service' neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}" step_config: | diff --git a/puppet/services/neutron-plugin-ml2-ovn.yaml b/puppet/services/neutron-plugin-ml2-ovn.yaml index 59346edc..4d4c3900 100644 --- a/puppet/services/neutron-plugin-ml2-ovn.yaml +++ b/puppet/services/neutron-plugin-ml2-ovn.yaml @@ -18,10 +18,14 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + OVNSouthboundServerPort: + description: Port of the OVN Southbound DB server + type: number + default: 6642 OVNDbConnectionTimeout: description: Timeout in seconds for the OVSDB connection transaction type: number - default: 60 + default: 180 OVNVifType: description: Type of VIF to be used for ports type: string @@ -43,6 +47,10 @@ parameters: description: OVN notification driver for Neutron QOS service plugin type: string default: NULL + NeutronGeneveMaxHeaderSize: + description: Geneve encapsulation header size + type: number + default: 38 resources: @@ -61,10 +69,12 @@ outputs: config_settings: map_merge: - get_attr: [NeutronMl2Base, role_data, config_settings] - - neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout} - neutron::plugins::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode} - neutron::plugins::ovn::ovn_l3_mode: true - neutron::plugins::ovn::vif_type: {get_param: OVNVifType} + - ovn::southbound::port: {get_param: OVNSouthboundServerPort} + neutron::plugins::ml2::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout} + neutron::plugins::ml2::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode} + neutron::plugins::ml2::ovn::ovn_l3_mode: true + neutron::plugins::ml2::ovn::vif_type: {get_param: OVNVifType} neutron::server::qos_notification_drivers: {get_param: OVNQosDriver} + neutron::plugins::ml2::max_header_size: {get_param: NeutronGeneveMaxHeaderSize} step_config: | include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index 71a0076f..3abd04f3 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -60,12 +60,6 @@ parameters: default: 'vxlan' description: The tenant network type for Neutron. type: comma_delimited_list - NeutronSupportedPCIVendorDevs: - description: | - List of supported pci vendor devices in the format VendorID:ProductID. - By default Intel & Mellanox SR-IOV capable NICs are supported. - type: comma_delimited_list - default: ['15b3:1004','8086:10ca'] resources: NeutronBase: @@ -91,7 +85,6 @@ outputs: neutron::plugins::ml2::tunnel_id_ranges: {get_param: NeutronTunnelIdRanges} neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges} neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType} - neutron::plugins::ml2::supported_pci_vendor_devs: {get_param: NeutronSupportedPCIVendorDevs} step_config: | include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/neutron-plugin-opencontrail.yaml b/puppet/services/neutron-plugin-opencontrail.yaml deleted file mode 100644 index 976e5f19..00000000 --- a/puppet/services/neutron-plugin-opencontrail.yaml +++ /dev/null @@ -1,74 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Neutron Opencontrail plugin - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - AdminPassword: - description: The password for the keystone admin account, used for monitoring, querying neutron etc. - type: string - hidden: true - AdminToken: - description: The keystone auth secret and db password. - type: string - hidden: true - ContrailApiServerIp: - description: IP address of the OpenContrail API server - type: string - ContrailApiServerPort: - description: Port of the OpenContrail API - type: string - default: 8082 - ContrailMultiTenancy: - description: Whether to enable multi tenancy - type: boolean - default: false - ContrailExtensions: - description: List of OpenContrail extensions to be enabled - type: comma_delimited_list - default: '' - -resources: - - NeutronBase: - type: ./neutron-base.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron Opencontrail plugin - value: - service_name: neutron_plugin_opencontrail - config_settings: - map_merge: - - get_attr: [NeutronBase, role_data, config_settings] - - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions,/usr/lib/python2.7/site-packages/neutron_lbaas/extensions - - neutron::plugins::opencontrail::api_server_ip: {get_param: ContrailApiServerIp} - neutron::plugins::opencontrail::api_server_port: {get_param: ContrailApiServerPort} - neutron::plugins::opencontrail::multi_tenancy: {get_param: ContrailMultiTenancy} - neutron::plugins::opencontrail::contrail_extensions: {get_param: ContrailExtensions} - neutron::plugins::opencontrail::keystone_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri] } - neutron::plugins::opencontrail::keystone_admin_user: admin - neutron::plugins::opencontrail::keystone_admin_tenant_name: admin - neutron::plugins::opencontrail::keystone_admin_password: {get_param: AdminPassword} - neutron::plugins::opencontrail::keystone_admin_token: {get_param: AdminToken} - step_config: | - include tripleo::profile::base::neutron::plugins::opencontrail diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml index bd078074..ad1dcfb0 100644 --- a/puppet/services/neutron-plugin-plumgrid.yaml +++ b/puppet/services/neutron-plugin-plumgrid.yaml @@ -102,7 +102,7 @@ outputs: - '/ovs_neutron' - '?bind_address=' - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" - neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneAdmin, host]} + neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneInternal, host]} neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword} neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} neutron::plugins::plumgrid::director_server: {get_param: PLUMgridDirectorServer} diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index 892e63dd..d18b5b48 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -58,18 +58,24 @@ parameters: default: 'public' description: Default pool for floating IP addresses type: string + NovaDbSyncTimeout: + default: 300 + description: Timeout for Nova db sync + type: number conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} resources: - ApacheServiceBase: - type: ./apache.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - EnableInternalTLS: {get_param: EnableInternalTLS} + # Temporarily disable Nova API deployed in WSGI + # https://bugs.launchpad.net/nova/+bug/1661360 + # ApacheServiceBase: + # type: ./apache.yaml + # properties: + # ServiceNetMap: {get_param: ServiceNetMap} + # DefaultPasswords: {get_param: DefaultPasswords} + # EndpointMap: {get_param: EndpointMap} + # EnableInternalTLS: {get_param: EnableInternalTLS} NovaBase: type: ./nova-base.yaml @@ -90,7 +96,9 @@ outputs: config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] - - get_attr: [ApacheServiceBase, role_data, config_settings] + # Temporarily disable Nova API deployed in WSGI + # https://bugs.launchpad.net/nova/+bug/1661360 + # - get_attr: [ApacheServiceBase, role_data, config_settings] - nova::cron::archive_deleted_rows::hour: '*/12' nova::cron::archive_deleted_rows::destination: '/dev/null' tripleo.nova_api.firewall_rules: @@ -104,7 +112,7 @@ outputs: nova::keystone::authtoken::project_name: 'service' nova::keystone::authtoken::password: {get_param: NovaPassword} nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} nova::api::enabled: true nova::api::default_floating_pool: {get_param: NovaDefaultFloatingPool} nova::api::sync_db_api: true @@ -115,20 +123,23 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} - nova::api::service_name: 'httpd' - nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} + # Temporarily disable Nova API deployed in WSGI + # https://bugs.launchpad.net/nova/+bug/1661360 + nova_wsgi_enabled: false + # nova::api::service_name: 'httpd' + # nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} - nova::wsgi::apache_api::servername: - str_replace: - template: - "%{hiera('fqdn_$NETWORK')}" - params: - $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} + # nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} + # nova::wsgi::apache_api::servername: + # str_replace: + # template: + # "%{hiera('fqdn_$NETWORK')}" + # params: + # $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} nova::api::instance_name_template: {get_param: InstanceNameTemplate} nova_enable_db_purge: {get_param: NovaEnableDBPurge} @@ -137,7 +148,9 @@ outputs: - nova_workers_zero - {} - nova::api::osapi_compute_workers: {get_param: NovaWorkers} - nova::wsgi::apache_api::workers: {get_param: NovaWorkers} + # Temporarily disable Nova API deployed in WSGI + # https://bugs.launchpad.net/nova/+bug/1661360 + # nova::wsgi::apache_api::workers: {get_param: NovaWorkers} step_config: | include tripleo::profile::base::nova::api service_config_settings: @@ -165,5 +178,90 @@ outputs: nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} nova::keystone::auth::password: {get_param: NovaPassword} nova::keystone::auth::region: {get_param: KeystoneRegion} - metadata_settings: - get_attr: [ApacheServiceBase, role_data, metadata_settings] + # Temporarily disable Nova API deployed in WSGI + # https://bugs.launchpad.net/nova/+bug/1661360 + # metadata_settings: + # get_attr: [ApacheServiceBase, role_data, metadata_settings] + upgrade_tasks: + - name: get bootstrap nodeid + tags: common + command: hiera bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout == ansible_hostname}} + - name: Extra migration for nova tripleo/+bug/1656791 + tags: step0,pre-upgrade + when: is_bootstrap_node + command: nova-manage db online_data_migrations + - name: update nova api + tags: step2 + yum: name=openstack-nova-api state=latest + - name: Stop and disable nova_api service (pre-upgrade not under httpd) + tags: step2 + service: name=openstack-nova-api state=stopped enabled=no + - name: Create puppet manifest to set transport_url in nova.conf + tags: step5 + when: is_bootstrap_node + copy: + dest: /root/nova-api_upgrade_manifest.pp + mode: 0600 + content: > + $transport_url = os_transport_url({ + 'transport' => hiera('messaging_service_name', 'rabbit'), + 'hosts' => any2array(hiera('rabbitmq_node_names', undef)), + 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ), + 'username' => hiera('nova::rabbit_userid', 'guest'), + 'password' => hiera('nova::rabbit_password'), + 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0')))) + }) + oslo::messaging::default { 'nova_config': + transport_url => $transport_url + } + - name: Run puppet apply to set tranport_url in nova.conf + tags: step5 + when: is_bootstrap_node + command: puppet apply --detailed-exitcodes /root/nova-api_upgrade_manifest.pp + register: puppet_apply_nova_api_upgrade + failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2] + changed_when: puppet_apply_nova_api_upgrade.rc == 2 + - name: Setup cell_v2 (map cell0) + tags: step5 + when: is_bootstrap_node + command: nova-manage cell_v2 map_cell0 + - name: Setup cell_v2 (create default cell) + tags: step5 + when: is_bootstrap_node + # (owalsh) puppet-nova expects the cell name 'default' + # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344 + shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection) + register: nova_api_create_cell + failed_when: nova_api_create_cell.rc not in [0,2] + changed_when: nova_api_create_cell.rc == 0 + - name: Setup cell_v2 (sync nova/cell DB) + tags: step5 + when: is_bootstrap_node + command: nova-manage db sync + async: {get_param: NovaDbSyncTimeout} + poll: 10 + - name: Setup cell_v2 (migrate hosts) + tags: step5 + when: is_bootstrap_node + command: nova-manage cell_v2 map_cell_and_hosts + - name: Setup cell_v2 (get cell uuid) + tags: step5 + when: is_bootstrap_node + shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}' + register: nova_api_cell_uuid + - name: Setup cell_v2 (migrate instances) + tags: step5 + when: is_bootstrap_node + command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}} + - name: Sync nova_api DB + tags: step5 + command: nova-manage api_db sync + when: is_bootstrap_node + - name: Online data migration for nova + tags: step5 + when: is_bootstrap_node + command: nova-manage db online_data_migrations diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index c448bf49..d892c36d 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -115,7 +115,11 @@ parameters: description: > Cron to move deleted instances to another table - Until complete default: false - + NovaPlacementAPIInterface: + type: string + description: > + Endpoint interface to be used for the placement API. + default: 'internal' conditions: @@ -134,8 +138,9 @@ outputs: nova::rabbit_port: {get_param: RabbitClientPort} nova::placement::project_name: 'service' nova::placement::password: {get_param: NovaPassword} - nova::placement::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + nova::placement::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} nova::placement::os_region_name: {get_param: KeystoneRegion} + nova::placement::os_interface: {get_param: NovaPlacementAPIInterface} nova::database_connection: list_join: - '' @@ -145,8 +150,6 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" nova::api_database_connection: list_join: - '' @@ -156,8 +159,6 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_api' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" nova::placement_database_connection: list_join: - '' @@ -167,12 +168,11 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_placement' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" nova::debug: {get_param: Debug} nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' nova::network::neutron::neutron_username: 'neutron' + nova::network::neutron::neutron_region_name: {get_param: KeystoneRegion} nova::network::neutron::dhcp_domain: '' nova::network::neutron::neutron_password: {get_param: NeutronPassword} nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 2312b635..9923e833 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -75,6 +75,10 @@ parameters: default: tag: openstack.nova.compute path: /var/log/nova/nova-compute.log + UpgradeLevelNovaCompute: + type: string + description: Nova Compute upgrade level + default: auto resources: NovaBase: @@ -141,3 +145,24 @@ outputs: # We'll probably treat it like we do with Neutron plugins. # Until then, just include it in the default nova-compute role. include tripleo::profile::base::nova::compute::libvirt + service_config_settings: + collectd: + tripleo.collectd.plugins.nova_compute: + - virt + collectd::plugins::virt::connection: "qemu:///system" + upgrade_tasks: + - name: Stop nova-compute service + tags: step2 + service: name=openstack-nova-compute state=stopped + # If not already set by puppet (e.g a pre-ocata version), set the + # upgrade_level for compute to "auto" + - name: Set compute upgrade level to auto + tags: step3 + ini_file: + str_replace: + template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL" + params: + LEVEL: {get_param: UpgradeLevelNovaCompute} + - name: Start nova-compute service + tags: step6 + service: name=openstack-nova-compute state=started diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index b96bf6e6..7b086536 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -30,6 +30,10 @@ parameters: default: tag: openstack.nova.scheduler path: /var/log/nova/nova-scheduler.log + UpgradeLevelNovaCompute: + type: string + description: Nova Compute upgrade level + default: auto conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} @@ -61,3 +65,19 @@ outputs: - nova::conductor::workers: {get_param: NovaWorkers} step_config: | include tripleo::profile::base::nova::conductor + upgrade_tasks: + - name: Stop nova_conductor service + tags: step2 + service: name=openstack-nova-conductor state=stopped + - name: update nova conductor + tags: step2 + yum: name=openstack-nova-conductor state=latest + # If not already set by puppet (e.g a pre-ocata version), set the + # upgrade_level for compute to "auto" + - name: Set compute upgrade level to auto + tags: step3 + ini_file: + str_replace: + template: "dest=/etc/nova/nova.conf section=upgrade_levels option=compute value=LEVEL" + params: + LEVEL: {get_param: UpgradeLevelNovaCompute} diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml index 79969ded..b5a1312a 100644 --- a/puppet/services/nova-consoleauth.yaml +++ b/puppet/services/nova-consoleauth.yaml @@ -48,3 +48,7 @@ outputs: get_attr: [NovaBase, role_data, config_settings] step_config: | include tripleo::profile::base::nova::consoleauth + upgrade_tasks: + - name: Stop nova_consoleauth service + tags: step2 + service: name=openstack-nova-consoleauth state=stopped diff --git a/puppet/services/nova-ironic.yaml b/puppet/services/nova-ironic.yaml index 306c6b6f..5eb2170a 100644 --- a/puppet/services/nova-ironic.yaml +++ b/puppet/services/nova-ironic.yaml @@ -42,10 +42,10 @@ outputs: - nova::compute::force_config_drive: true nova::compute::reserved_host_memory: '0' nova::compute::vnc_enabled: false - nova::ironic::common::admin_password: {get_param: IronicPassword} - nova::ironic::common::admin_tenant_name: 'service' - nova::ironic::common::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri]} - nova::ironic::common::admin_username: 'ironic' + nova::ironic::common::password: {get_param: IronicPassword} + nova::ironic::common::project_name: 'service' + nova::ironic::common::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri]} + nova::ironic::common::username: 'ironic' nova::ironic::common::api_endpoint: {get_param: [EndpointMap, IronicInternal, uri]} nova::network::neutron::dhcp_domain: '' nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager' diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 82b83561..5564c1b3 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -86,13 +86,13 @@ outputs: # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaPlacementNetwork]} nova::wsgi::apache_placement::servername: str_replace: template: "%{hiera('fqdn_$NETWORK')}" params: - $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} + $NETWORK: {get_param: [ServiceNetMap, NovaPlacementNetwork]} - if: - nova_workers_zero @@ -118,3 +118,7 @@ outputs: nova::db::mysql_placement::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + upgrade_tasks: + - name: Stop nova_placement service (running under httpd) + tags: step2 + service: name=httpd state=stopped diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index 353a75ac..0e0b9d1e 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -63,3 +63,10 @@ outputs: nova::scheduler::filter::scheduler_default_filters: {get_param: NovaSchedulerDefaultFilters} step_config: | include tripleo::profile::base::nova::scheduler + upgrade_tasks: + - name: Stop nova_scheduler service + tags: step2 + service: name=openstack-nova-scheduler state=stopped + - name: update nova scheduler + tags: step2 + yum: name=openstack-nova-scheduler state=latest diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml index bf244943..f6cf9649 100644 --- a/puppet/services/nova-vnc-proxy.yaml +++ b/puppet/services/nova-vnc-proxy.yaml @@ -64,3 +64,7 @@ outputs: - 13080 step_config: | include tripleo::profile::base::nova::vncproxy + upgrade_tasks: + - name: Stop nova_vnc_proxy service + tags: step2 + service: name=openstack-nova-consoleauth state=stopped diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml index 4c6f4c37..37ba1f73 100644 --- a/puppet/services/octavia-api.yaml +++ b/puppet/services/octavia-api.yaml @@ -68,15 +68,17 @@ outputs: - '/octavia' - '?bind_address=' - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" - octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + octavia::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} octavia::keystone::authtoken::project_name: 'service' + octavia::keystone::authtoken::password: {get_param: OctaviaPassword} octavia::api::sync_db: true tripleo.octavia_api.firewall_rules: '120 octavia api': dport: - 9876 - 13876 - octavia::host: {get_param: [ServiceNetMap, OctaviaApiNetwork]} + octavia::api::host: {get_param: [ServiceNetMap, OctaviaApiNetwork]} + neutron::server::service_providers: ['LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default'] step_config: | include tripleo::profile::base::octavia::api service_config_settings: diff --git a/puppet/services/octavia-health-manager.yaml b/puppet/services/octavia-health-manager.yaml new file mode 100644 index 00000000..51d32f23 --- /dev/null +++ b/puppet/services/octavia-health-manager.yaml @@ -0,0 +1,61 @@ +heat_template_version: ocata + +description: > + OpenStack Octavia Health Manager service. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionOctaviaHealthManager: + default: 'overcloud-octavia-health-manager' + type: string + OctaviaHealthManagerLoggingSource: + type: json + default: + tag: openstack.octavia.health-manager + path: /var/log/octavia/health-manager.log + OctaviaHeartbeatKey: + type: string + description: Key to identify heartbeat messages for amphorae. + hidden: true + +resources: + + OctaviaBase: + type: ./octavia-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Octavia Health Manager service. + value: + service_name: octavia_health_manager + monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHealthManager} + logging_source: {get_param: OctaviaHealthManagerLoggingSource} + logging_groups: + - octavia + config_settings: + map_merge: + - get_attr: [OctaviaBase, role_data, config_settings] + - octavia::health_manager::heartbeat_key: {get_param: OctaviaHeartbeatKey} + octavia::health_manager::event_streamer_driver: 'queue_event_streamer' + step_config: | + include tripleo::profile::base::octavia::health_manager + + + diff --git a/puppet/services/octavia-housekeeping.yaml b/puppet/services/octavia-housekeeping.yaml new file mode 100644 index 00000000..84c33433 --- /dev/null +++ b/puppet/services/octavia-housekeeping.yaml @@ -0,0 +1,70 @@ +heat_template_version: ocata + +description: > + OpenStack Octavia Housekeeping service. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + OctaviaAmphoraExpiryAge: + default: 0 + description: The interval in seconds after which an unused Amphora will + be considered expired and cleaned up. If left to 0, the + configuration will not be set and the system will use + the service defaults. + type: number + MonitoringSubscriptionOctaviaHousekeeping: + default: 'overcloud-octavia-housekeeping' + type: string + OctaviaHousekeepingLoggingSource: + type: json + default: + tag: openstack.octavia.housekeeping + path: /var/log/octavia/housekeeping.log + +conditions: + amphora_expiry_is_zero: {equals: [{get_param: OctaviaAmphoraExpiryAge}, 0]} + + +resources: + + OctaviaBase: + type: ./octavia-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Octavia Housekeeping service. + value: + service_name: octavia_housekeeping + monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaHousekeeping} + logging_source: {get_param: OctaviaHousekeepingLoggingSource} + logging_groups: + - octavia + config_settings: + map_merge: + - get_attr: [OctaviaBase, role_data, config_settings] + - + if: + - amphora_expiry_is_zero + - {} + - octavia::worker::amphora_expiry_age: {get_param: OctaviaAmphoraExpiryAge} + step_config: | + include tripleo::profile::base::octavia::housekeeping + + diff --git a/puppet/services/octavia-worker.yaml b/puppet/services/octavia-worker.yaml new file mode 100644 index 00000000..9212b76b --- /dev/null +++ b/puppet/services/octavia-worker.yaml @@ -0,0 +1,102 @@ +heat_template_version: ocata + +description: > + OpenStack Octavia Worker service. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MonitoringSubscriptionOctaviaWorker: + default: 'overcloud-octavia-worker' + type: string + OctaviaWorkerLoggingSource: + type: json + default: + tag: openstack.octavia.worker + path: /var/log/octavia/worker.log + OctaviaAmphoraImageTag: + default: '' + description: Glance image tag for identifying the amphora image. + type: string + OctaviaAmphoraNetworkList: + default: [] + description: List of networks to attach to amphorae. + type: comma_delimited_list + OctaviaLoadBalancerTopology: + default: '' + description: Load balancer topology configuration. + type: string + OctaviaFlavorId: + default: 65 + description: Nova flavor ID to be used when creating the nova flavor for + amphora. + type: number + OctaviaFlavorProperties: + default: {} + description: Dictionary describing the nova flavor for amphora. + type: json + OctaviaManageNovaFlavor: + default: false + description: Configure the nova flavor for the amphora. + type: boolean + OctaviaSSHKeyName: + default: 'octavia-ssh-key' + description: name for ssh key to be configured so the amphora can + be logged into. + type: string + +conditions: + octavia_topology_unset: {equals : [{get_param: OctaviaLoadBalancerTopology}, ""]} + octavia_amphora_tag_unset: {equals: [{get_param: OctaviaAmphoraImageTag}, ""]} + +resources: + + OctaviaBase: + type: ./octavia-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Octavia WoWorker service. + value: + service_name: octavia_worker + monitoring_subscription: {get_param: MonitoringSubscriptionOctaviaWorker} + logging_source: {get_param: OctaviaWorkerLoggingSource} + logging_groups: + -octavia + config_settings: + map_merge: + - get_attr: [OctaviaBase, role_data, config_settings] + - octavia::worker::amp_boot_network_list: {get_param: OctaviaAmphoraNetworkList} + octavia::worker::amp_flavor_id: {get_param: OctaviaFlavorId} + octavia::worker::nova_flavor_config: {get_param: OctaviaFlavorProperties} + octavia::worker::manage_nova_flavor: {get_param: OctaviaManageNovaFlavor} + octavia::worker::ssh_key_name: {get_param: OctaviaSSHKeyName} + - + if: + - octavia_amphora_tag_unset + - {} + - octavia::worker::amp_image_tag: {get_param: OctaviaAmphoraImageTag} + - + if: + - octavia_topology_unset + - {} + - octavia::worker::loadbalancer_topology: {get_param: OctaviaLoadBalancerTopology} + step_config: | + include tripleo::profile::base::octavia::worker + diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index c47229f1..ca21cfbe 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -87,6 +87,10 @@ parameters: \[(?<pid>[^ ]*)\] (?<host>[^ ]*) (?<message>.*)$/ + PacemakerResources: + type: comma_delimited_list + description: List of resources managed by pacemaker + default: ['rabbitmq','haproxy'] outputs: role_data: @@ -127,3 +131,17 @@ outputs: tripleo::profile::base::pacemaker::remote_authkey: {get_param: PacemakerRemoteAuthkey} step_config: | include ::tripleo::profile::base::pacemaker + upgrade_tasks: + - name: Check pacemaker cluster running before upgrade + tags: step0,validation + pacemaker_cluster: state=online check_and_fail=true + - name: Stop pacemaker cluster + tags: step1 + pacemaker_cluster: state=offline + - name: Start pacemaker cluster + tags: step4 + pacemaker_cluster: state=online + - name: Check pacemaker resource + tags: step4 + pacemaker_resource: state=started resource={{item}} check_mode=true wait_for_resource=true timeout=200 + with_items: {get_param: PacemakerResources} diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml index 6e25d796..2c2586af 100644 --- a/puppet/services/panko-base.yaml +++ b/puppet/services/panko-base.yaml @@ -53,7 +53,7 @@ outputs: panko::keystone::authtoken::project_name: 'service' panko::keystone::authtoken::password: {get_param: PankoPassword} panko::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + panko::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } panko::auth::auth_password: {get_param: PankoPassword} panko::auth::auth_region: 'regionOne' panko::auth::auth_tenant_name: 'service' diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index b4307053..e2084186 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -73,7 +73,7 @@ outputs: sahara::debug: {get_param: Debug} sahara::admin_password: {get_param: SaharaPassword} sahara::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - sahara::identity_uri: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } + sahara::identity_uri: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } sahara::use_neutron: true sahara::plugins: {get_param: SaharaPlugins} sahara::rpc_backend: rabbit diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 31a4c178..526fa888 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -87,7 +87,7 @@ outputs: - get_attr: [SwiftBase, role_data, config_settings] - swift::proxy::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + swift::proxy::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} swift::proxy::authtoken::password: {get_param: SwiftPassword} swift::proxy::authtoken::project_name: 'service' swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml new file mode 100644 index 00000000..5cf09a6d --- /dev/null +++ b/puppet/services/tacker.yaml @@ -0,0 +1,91 @@ +heat_template_version: ocata + +description: > + OpenStack Tacker service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + TackerPassword: + description: The password for the tacker service account. + type: string + hidden: true + Debug: + type: string + default: '' + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + RabbitPassword: + description: The password for RabbitMQ + type: string + hidden: true + RabbitUserName: + default: guest + description: The username for RabbitMQ + type: string + RabbitClientUseSSL: + default: false + description: > + Rabbit client subscriber parameter to specify + an SSL connection to the RabbitMQ host. + type: string + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +outputs: + role_data: + description: Role data for the Tacker role. + value: + service_name: tacker + config_settings: + tacker_password: {get_param: TackerPassword} + tacker::db::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://tacker:' + - {get_param: TackerPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/tacker' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + + tacker::keystone::auth::tenant: 'service' + tacker::keystone::auth::password: {get_param: TackerPassword} + tacker::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + tacker::debug: {get_param: Debug} + tacker::rpc_backend: rabbit + tacker::rabbit_userid: {get_param: RabbitUserName} + tacker::rabbit_password: {get_param: RabbitPassword} + tacker::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + tacker::rabbit_port: {get_param: RabbitClientPort} + tacker::server::bind_host: {get_param: [ServiceNetMap, TackerApiNetwork]} + + tacker::db::mysql::password: {get_param: TackerPassword} + tacker::db::mysql::user: tacker + tacker::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + tacker::db::mysql::dbname: tacker + tacker::db::mysql::allowed_hosts: + - '%' + - {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + + + step_config: | + include ::tripleo::profile::base::tacker diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml index 88ab90cb..b14d7bcc 100644 --- a/puppet/services/time/ntp.yaml +++ b/puppet/services/time/ntp.yaml @@ -22,8 +22,10 @@ parameters: via parameter_defaults in the resource registry. type: json NtpServer: - default: [] - description: NTP servers + default: ['pool.ntp.org'] + description: NTP servers list. Defaulted to pool.ntp.org in order to + have a sane default for Pacemaker deployments when + not configuring this parameter by default. type: comma_delimited_list outputs: diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index 0224ac13..cb860fa8 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -40,7 +40,7 @@ outputs: config_settings: zaqar::keystone::authtoken::password: {get_param: ZaqarPassword} zaqar::keystone::authtoken::project_name: 'service' - zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} zaqar::debug: {get_param: Debug} zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} diff --git a/puppet/upgrade_config.yaml b/puppet/upgrade_config.yaml index c37cc033..2cfd43f4 100644 --- a/puppet/upgrade_config.yaml +++ b/puppet/upgrade_config.yaml @@ -41,7 +41,7 @@ resources: - {get_param: SkipUpgradeConfigTags} tags: str_replace: - template: "stepSTEP" + template: "common,stepSTEP" params: STEP: {get_param: step} modulepath: /usr/share/ansible-modules diff --git a/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml b/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml index 069cbd23..f9afb18d 100644 --- a/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml +++ b/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml @@ -54,9 +54,20 @@ features: - Add Panko service support. This service is not enabled by default. Use environments/services/enable-panko.yaml to include it in your deployment. - Add EC2-API composable service support. + - Allow dnsmasq_dns_servers to be configured for Neutron DHCP Agent with a + new parameter (NeutronDhcpAgentDnsmasqDnsServers, default to []). + - Add support for Ceph RBD mirroring daemon managed by Pacemaker. + - Add deployed server bootstrap for RHEL. + - Configure VNC Server listen address on internal_api network by default. + - Support for Cinder Dell EMC PS Series. + - Support for Cinder Dell EMC EMC Storage Center. + - Support for Octavia composable services for LBaaS with Neutron. + - Support for Collectd composable services for performance monitoring. + - Support for Tacker composable service for VNF management. upgrade: - Update OpenDaylight deployment to use networking-odl v2 as a mechanism driver. + - Update Contrail composable services. deprecations: - Glance Registry service has been removed and Glance API v2 is now deploy by default. Glance API v1 is not supported anymore in TripleO. @@ -68,16 +79,26 @@ deprecations: - Removes deprecated OpenDaylight L2 only deployments. Deploying ODL without L3 DVR is no longer supported. security: - - Disallow iframe embed in Horizon configuration to prevent dashboard being - embedded within an iframe and exposed to Cross-Frame Scripting (XFS) - vulnerability on legacy browsers. - - Allow management of enforce_password_check in Horizons configuration to - display an 'Admin Password' field on the Change Password form to verify that + - Enable management of 'DISALLOW_IFRAME_EMBED' in Horizon configuration to + prevent dashboard being embedded within an iframe and exposed to Cross-Frame + Scripting (XFS) vulnerability on legacy browsers. + - Enable management of 'ENFORCE_PASSWORD_CHECK' in Horizons configuration to + display an Admin Password field on the Change Password form to verify that it is indeed the admin logged-in who wants to change the password. - - Allow management of disable_password_reveal in Horizon, to remove the + - Enable management of 'DISABLE_PASSWORD_REVEAL' in Horizon, to remove the password reveal option. - - Enable secure_proxy_ssl_header option in Horizons configuration to take + - Enable 'SECURE_PROXY_SSL_HEADER' option in Horizons configuration to take X-Forwarded-Proto header into account when forming URLs. + - Enable management of ENFORCE_PASSWORD_CHECK value. By setting + 'ENFORCE_PASSWORD_CHECK' to 'True' within Horizons local_settings.py, it + displays an ‘Admin Password’ field on the “Change Password” form to verify + that it is the admin logged-in that wants to perform the password change. + - Enable management of Horizons Password Validation. Enables injection of an + operators own password validation regex via a heat template. + - Enable management of '/etc/issue Banner' whereby an operator can populate + their own Banner warning text to be displayed upon terminal login. + - Enable management of auditd system. '/etc/audit/audit.rules' can now be + populated by means of a heat template. fixes: - Fixes `bug 1645898 <https://bugs.launchpad.net/tripleo/+bug/1645898>`__ so epmd is binded on @@ -93,3 +114,12 @@ fixes: - Fixes `bug 1643487 <https://bugs.launchpad.net/tripleo/+bug/1643487>`__ to prevent source address from binding to a VIP for database connection. + - Fixes `bug 1649836 + <https://bugs.launchpad.net/tripleo/+bug/1649836>`__ to configure + DPDK options to isolate PMD cores and ovs process cores. + - Fixes `bug 1662344 + <https://bugs.launchpad.net/tripleo/+bug/1662344>`__ by stopping + to set bind_address on nova db uri. + This reverts the changes in https://review.openstack.org/414629 for nova as + they are incompatible with cell_v2. + This is a temporary fix for HA while a long-term solution is developed. diff --git a/releasenotes/notes/add-default-ntp-server-696b8568e09be497.yaml b/releasenotes/notes/add-default-ntp-server-696b8568e09be497.yaml new file mode 100644 index 00000000..78fdbb59 --- /dev/null +++ b/releasenotes/notes/add-default-ntp-server-696b8568e09be497.yaml @@ -0,0 +1,6 @@ +--- +issues: + - We add a default NTP server to the Overcloud + for all Pacemaker and non-Pacemaker deployments, + also useful for keeping time diff controlled for + Keystone and Ceph. diff --git a/releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml b/releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml new file mode 100644 index 00000000..e560fe95 --- /dev/null +++ b/releasenotes/notes/composable-ha-37e2d7e1f57f5c10.yaml @@ -0,0 +1,12 @@ +--- +features: + - With the composable HA work landed it is now possible + to split pacemaker-managed services like galera, rabbit, + redis, haproxy and any A/P resource, off to dedicated + nodes. These services can be split off to separate nodes + either via the normal Pacemaker service (which has a limit + of 16 maximum number of nodes) or via the newer PacemakerRemote + service (but not both on the same node). Note that until + https://bugzilla.redhat.com/show_bug.cgi?id=1417936 is fixed, + PacemakerRemote should only be used for Cinder A/P resources + and Manila A/P resources. diff --git a/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml b/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml new file mode 100644 index 00000000..edcc1250 --- /dev/null +++ b/releasenotes/notes/ha-by-default-55326e699ee8602c.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - The environments/puppet-pacemaker.yaml file is now deprecated and the HA + deployment is now the default. In order to get the non-HA deployment use + environments/nonha-arch.yaml explicitly. diff --git a/releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml b/releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml new file mode 100644 index 00000000..1f41073b --- /dev/null +++ b/releasenotes/notes/keystone_internal-53cc7b24ebdd9df4.yaml @@ -0,0 +1,9 @@ +--- +other: + - | + Use Keystone internal endpoint instead of admin for services. + The admin endpoint is listening on the ctlplane network by default; + services should ideally be using the internal api network for this kind + of traffic, as the ctlplane network is mostly for provisioning. On the + other hand, the admin endpoint shouldn't be as relevant with services + switching to keystone v3. diff --git a/releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml b/releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml new file mode 100644 index 00000000..c14cefa0 --- /dev/null +++ b/releasenotes/notes/memcached-max-memory-ef6834d17953fca6.yaml @@ -0,0 +1,7 @@ +--- +features: + - | + Memcached max memory configuration is now exposed va MemcachedMaxMemory. +upgrade: + - | + Reduce the default memory configuration for memcached from 95% to 50%. diff --git a/releasenotes/notes/octavia-service-integration-03bd3eb6cfe1efaf.yaml b/releasenotes/notes/octavia-service-integration-03bd3eb6cfe1efaf.yaml new file mode 100644 index 00000000..bd8d3562 --- /dev/null +++ b/releasenotes/notes/octavia-service-integration-03bd3eb6cfe1efaf.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Added initial support for deploying the Octavia services in the overcloud. diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst index 9767dad2..43c77709 100644 --- a/releasenotes/source/index.rst +++ b/releasenotes/source/index.rst @@ -9,6 +9,7 @@ Contents :maxdepth: 2 unreleased + ocata Indices and tables diff --git a/releasenotes/source/ocata.rst b/releasenotes/source/ocata.rst new file mode 100644 index 00000000..ebe62f42 --- /dev/null +++ b/releasenotes/source/ocata.rst @@ -0,0 +1,6 @@ +=================================== + Ocata Series Release Notes +=================================== + +.. release-notes:: + :branch: origin/stable/ocata diff --git a/roles_data.yaml b/roles_data.yaml index b4291463..31b12986 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -38,6 +38,7 @@ - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderScheduler - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Congress - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi @@ -104,8 +105,10 @@ - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Collectd - OS::TripleO::Services::BarbicanApi - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::Tacker - OS::TripleO::Services::Zaqar - OS::TripleO::Services::OVNDBs - OS::TripleO::Services::NeutronML2FujitsuCfab @@ -113,6 +116,10 @@ - OS::TripleO::Services::CinderHPELeftHandISCSI - OS::TripleO::Services::Etcd - OS::TripleO::Services::AuditD + - OS::TripleO::Services::OctaviaApi + - OS::TripleO::Services::OctaviaHealthManager + - OS::TripleO::Services::OctaviaHousekeeping + - OS::TripleO::Services::OctaviaWorker - name: Compute CountDefault: 1 @@ -141,6 +148,7 @@ - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::AuditD + - OS::TripleO::Services::Collectd - name: BlockStorage ServicesDefault: @@ -156,6 +164,7 @@ - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::AuditD + - OS::TripleO::Services::Collectd - name: ObjectStorage disable_upgrade_deployment: True @@ -173,9 +182,9 @@ - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::AuditD + - OS::TripleO::Services::Collectd - name: CephStorage - disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::CACerts - OS::TripleO::Services::CephOSD @@ -189,3 +198,4 @@ - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::AuditD + - OS::TripleO::Services::Collectd diff --git a/test-requirements.txt b/test-requirements.txt index 06bce5a2..1c9e3b42 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -4,6 +4,6 @@ PyYAML>=3.10.0 # MIT Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause) six>=1.9.0 # MIT -sphinx!=1.3b1,<1.4,>=1.2.1 # BSD +sphinx>=1.5.1 # BSD oslosphinx>=4.7.0 # Apache-2.0 reno>=1.8.0 # Apache-2.0 diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 2769c152..0eacbc60 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -66,7 +66,10 @@ def validate_mysql_connection(settings): def validate_mysql_uri(key, items): # Only consider a connection if it targets mysql - if key.endswith('connection') and \ + # TODO(owalsh): skip nova mysql uris,temporary workaround for + # tripleo/+bug/1662344 + if not key.startswith('nova') and \ + key.endswith('connection') and \ search(items, mysql_protocol, no_op): # Assume the "bind_address" option is one of # the token that made up the uri |