diff options
415 files changed, 5369 insertions, 3460 deletions
@@ -59,3 +59,6 @@ puppet/compute-config.yaml puppet/controller-config.yaml puppet/objectstorage-config.yaml puppet/post.yaml + +# Files created by releasenotes build +releasenotes/build @@ -53,3 +53,68 @@ A description of the directory layout in TripleO Heat Templates. * validation-scripts: validation scripts useful to all deployment configurations + + +Service testing matrix +---------------------- + +The configuration for the CI scenarios will be defined in `tripleo-heat-templates/ci/` +and should be executed according to the following table: + ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| - | scenario001 | scenario002 | scenario003 | scenario004 | multinode-nonha | ++================+=============+=============+=============+=============+=================+ +| keystone | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| glance | file | swift | file | file | swift | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| cinder | rbd | iscsi | | | iscsi | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| heat | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| mysql | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| neutron | ovs | ovs | ovs | ovs | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| rabbitmq | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| mongodb | X | X | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| redis | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| haproxy | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| keepalived | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| memcached | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| pacemaker | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| nova | qemu | qemu | qemu | qemu | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| ntp | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| snmp | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| timezone | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| sahara | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| mistral | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| swift | | X | | | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| aodh | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| ceilometer | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| gnocchi | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| panko | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| barbican | | X | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| zaqar | | X | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| cephrgw | | X | | X | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ diff --git a/all-nodes-validation.yaml b/all-nodes-validation.yaml index a7383375..65d01d0f 100644 --- a/all-nodes-validation.yaml +++ b/all-nodes-validation.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Software Config to drive validations that occur on all nodes. diff --git a/bootstrap-config.yaml b/bootstrap-config.yaml index c87670e3..a3fdee96 100644 --- a/bootstrap-config.yaml +++ b/bootstrap-config.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: 'Bootstrap Config' parameters: diff --git a/capabilities-map.yaml b/capabilities-map.yaml index ae747621..4aecd570 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -355,6 +355,11 @@ topics: description: Enables PLUMgrid extensions requires: - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-ml2-fujitsu-cfab.yaml + title: Fujitsu Neutron plugin for C-Fabric + description: Enable C-Fabric in the overcloud + requires: + - overcloud-resource-registry-puppet.yaml - title: Nova Extensions description: @@ -399,6 +404,13 @@ topics: via puppet requires: - overcloud-resource-registry-puppet.yaml + - file: environments/cinder-hpelefthand-config.yaml + title: Cinder HPELeftHandISCSI backend + description: > + Enables a Cinder HPELeftHandISCSI backend, configured + via puppet + requires: + - overcloud-resource-registry-puppet.yaml - file: environments/cinder-eqlx-config.yaml title: Cinder EQLX backend description: > diff --git a/ci/common/net-config-multinode.yaml b/ci/common/net-config-multinode.yaml index 49a06881..bf947d3e 100644 --- a/ci/common/net-config-multinode.yaml +++ b/ci/common/net-config-multinode.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Software Config to drive os-net-config for a simple bridge configured diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index 1a5242a9..db6967e0 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -1,13 +1,16 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::CephMon: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-osd.yaml + OS::TripleO::Services::CephClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-client.yaml + OS::TripleO::Services::PankoApi: /usr/share/openstack-tripleo-heat-templates/puppet/services/panko-api.yaml parameter_defaults: ControllerServices: - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi - - OS::TripleO::Services::GlanceRegistry - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch @@ -26,6 +29,7 @@ parameter_defaults: - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::NovaConductor - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp @@ -47,10 +51,33 @@ parameter_defaults: - OS::TripleO::Services::GnocchiApi - OS::TripleO::Services::GnocchiMetricd - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu Debug: true - # we don't deploy Swift so we switch to file backend. - GlanceBackend: 'file' - GnocchiBackend: 'file' + #NOTE(gfidente): not great but we need this to deploy on ext4 + #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ + ExtraConfig: + ceph::profile::params::osd_max_object_name_len: 256 + ceph::profile::params::osd_max_object_namespace_len: 64 + #NOTE: These ID's and keys should be regenerated for + # a production deployment. What is here is suitable for + # developer and CI testing only. + CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' + CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' + CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + NovaEnableRbdBackend: true + CinderEnableRbdBackend: true + CinderBackupBackend: ceph + GlanceBackend: rbd + GnocchiBackend: rbd + CinderEnableIscsiBackend: false diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index b8bc5762..636b3a26 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -1,14 +1,14 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml - OS::TripleO::Services::BarbicanApi: /usr/share/openstack-tripleo-heat-templates/puppet/services/barbican-api.yaml + OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml parameter_defaults: ControllerServices: - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi - - OS::TripleO::Services::GlanceRegistry - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch @@ -27,6 +27,7 @@ parameter_defaults: - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::NovaConductor - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp @@ -42,7 +43,10 @@ parameter_defaults: - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::Zaqar ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu Debug: true + SwiftCeilometerPipelineEnabled: false diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml index 25fe1697..08e4d19f 100644 --- a/ci/environments/scenario003-multinode.yaml +++ b/ci/environments/scenario003-multinode.yaml @@ -12,7 +12,6 @@ parameter_defaults: - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi - - OS::TripleO::Services::GlanceRegistry - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch @@ -31,6 +30,7 @@ parameter_defaults: - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::NovaConductor - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp @@ -49,3 +49,5 @@ parameter_defaults: Debug: true # we don't deploy Swift so we switch to file backend. GlanceBackend: 'file' + KeystoneTokenProvider: 'fernet' + SwiftCeilometerPipelineEnabled: false diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml new file mode 100644 index 00000000..e97113b0 --- /dev/null +++ b/ci/environments/scenario004-multinode.yaml @@ -0,0 +1,63 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::CephMon: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-osd.yaml + OS::TripleO::Services::CephClient: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-client.yaml + OS::TripleO::Services::CephRgw: /usr/share/openstack-tripleo-heat-templates/puppet/services/ceph-rgw.yaml + OS::TripleO::Services::SwiftProxy: OS::Heat::None + OS::TripleO::Services::SwiftStorage: OS::Heat::None + OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephRgw + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true + #NOTE(gfidente): not great but we need this to deploy on ext4 + #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ + ExtraConfig: + ceph::profile::params::osd_max_object_name_len: 256 + ceph::profile::params::osd_max_object_namespace_len: 64 + #NOTE: These ID's and keys should be regenerated for + # a production deployment. What is here is suitable for + # developer and CI testing only. + CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' + CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' + CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + SwiftCeilometerPipelineEnabled: false diff --git a/ci/pingtests/scenario001-multinode.yaml b/ci/pingtests/scenario001-multinode.yaml index 7374846f..2651c0d0 100644 --- a/ci/pingtests/scenario001-multinode.yaml +++ b/ci/pingtests/scenario001-multinode.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2013-05-23 +heat_template_version: ocata description: > HOT template to created resources deployed by scenario001. @@ -72,12 +72,22 @@ resources: router_id: { get_resource: router } subnet_id: { get_resource: private_subnet } + volume1: + type: OS::Cinder::Volume + properties: + name: Volume1 + image: { get_param: image } + size: 1 + server1: type: OS::Nova::Server + depends_on: volume1 properties: name: Server1 + block_device_mapping: + - device_name: vda + volume_id: { get_resource: volume1 } flavor: { get_resource: test_flavor } - image: { get_param: image } key_name: { get_resource: key_pair } networks: - port: { get_resource: server1_port } diff --git a/ci/pingtests/scenario002-multinode.yaml b/ci/pingtests/scenario002-multinode.yaml index d7a30fd9..7af1ba0c 100644 --- a/ci/pingtests/scenario002-multinode.yaml +++ b/ci/pingtests/scenario002-multinode.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2013-05-23 +heat_template_version: ocata description: > HOT template to created resources deployed by scenario002. @@ -144,6 +144,11 @@ resources: ram: 512 vcpus: 1 + zaqar_queue: + type: OS::Zaqar::Queue + properties: + name: pingtest-queue + outputs: server1_private_ip: description: IP address of server1 in private network diff --git a/ci/pingtests/scenario003-multinode.yaml b/ci/pingtests/scenario003-multinode.yaml index 445c47af..c3ceadaf 100644 --- a/ci/pingtests/scenario003-multinode.yaml +++ b/ci/pingtests/scenario003-multinode.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2013-05-23 +heat_template_version: ocata description: > HOT template to created resources deployed by scenario003. diff --git a/ci/pingtests/scenario004-multinode.yaml b/ci/pingtests/scenario004-multinode.yaml new file mode 100644 index 00000000..a188fd1c --- /dev/null +++ b/ci/pingtests/scenario004-multinode.yaml @@ -0,0 +1,127 @@ +heat_template_version: ocata + +description: > + HOT template to created resources deployed by scenario004. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + server1: + type: OS::Nova::Server + properties: + name: Server1 + flavor: { get_resource: test_flavor } + image: { get_param: image } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } diff --git a/ci/scripts/freeipa_setup.sh b/ci/scripts/freeipa_setup.sh new file mode 100644 index 00000000..6906a2dd --- /dev/null +++ b/ci/scripts/freeipa_setup.sh @@ -0,0 +1,96 @@ +#!/bin/bash +# +# Used environment variables: +# +# - Hostname +# - FreeIPAIP +# - DirectoryManagerPassword +# - AdminPassword +# - UndercloudFQDN +# - HostsSecret +# +set -eux + +if [ -f "~/freeipa-setup.env" ]; then + source ~/freeipa-setup.env +elif [ -f "/tmp/freeipa-setup.env" ]; then + source /tmp/freeipa-setup.env +fi + +# Set DNS servers +echo "nameserver 8.8.8.8" >> /etc/resolv.conf +echo "nameserver 8.8.4.4" >> /etc/resolv.conf + +yum -q -y remove openstack-dashboard + +# Install the needed packages +yum -q install -y ipa-server ipa-server-dns epel-release rng-tools mod_nss git +yum -q install -y haveged + +# Prepare hostname +hostnamectl set-hostname --static $Hostname + +echo $FreeIPAIP `hostname` | tee -a /etc/hosts + +# Set iptables rules +cat << EOF > freeipa-iptables-rules.txt +# Firewall configuration written by system-config-firewall +# Manual customization of this file is not recommended. +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT +-A INPUT -p icmp -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT +#TCP ports for FreeIPA +-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp --dport 88 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp --dport 464 -j ACCEPT +-A INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT +#UDP ports for FreeIPA +-A INPUT -m state --state NEW -m udp -p udp --dport 88 -j ACCEPT +-A INPUT -m state --state NEW -m udp -p udp --dport 464 -j ACCEPT +-A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT +-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT +-A INPUT -j REJECT --reject-with icmp-host-prohibited +-A FORWARD -j REJECT --reject-with icmp-host-prohibited +COMMIT +EOF + +iptables-restore < freeipa-iptables-rules.txt + +# Entropy generation; otherwise, ipa-server-install will lag. +chkconfig haveged on +systemctl start haveged + +# Remove conflicting httpd configuration +rm -f /etc/httpd/conf.d/ssl.conf + +# Set up FreeIPA +ipa-server-install -U -r `hostname -d|tr "[a-z]" "[A-Z]"` \ + -p $DirectoryManagerPassword -a $AdminPassword \ + --hostname `hostname -f` + +# Authenticate +echo $AdminPassword | kinit admin + +# Verify we have TGT +klist + +if [ "$?" = '1' ]; then + exit 1 +fi + +# Create undercloud host +ipa host-add $UndercloudFQDN --password=$HostsSecret --force + +# Create overcloud nodes and services +git clone https://github.com/JAORMX/freeipa-tripleo-incubator.git +cd freeipa-tripleo-incubator +python create_ipa_tripleo_host_setup.py -w $HostsSecret -d $(hostname -d) \ + --controller-count 1 --compute-count 1 diff --git a/default_passwords.yaml b/default_passwords.yaml index 7a47f443..c85881e5 100644 --- a/default_passwords.yaml +++ b/default_passwords.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: Passwords we manage at the top level diff --git a/deployed-server/README.rst b/deployed-server/README.rst index ce74e77b..f269b6a4 100644 --- a/deployed-server/README.rst +++ b/deployed-server/README.rst @@ -119,10 +119,15 @@ from the deployment command, the script should be ready to run: [NovaCompute]: CREATE_IN_PROGRESS state changed The user running the script must be able to ssh as root to each server. Define -the hostnames of the deployed servers you intend to use for each role type:: - - export controller_hosts="controller0 controller1 controller2" - export compute_hosts="compute0" +the the names of your custom roles (if applicable) and hostnames of the deployed +servers you intend to use for each role type. For each role name, a +corresponding <role-name>_hosts variable should also be defined, e.g.:: + + export ROLES="Controller NewtorkNode StorageNode Compute" + export Controller_hosts="10.0.0.1 10.0.0.2 10.0.0.3" + export NetworkNode_hosts="10.0.0.4 10.0.0.5 10.0.0.6" + export StorageNode_hosts="10.0.0.7 10.0.08" + export Compute_hosts="10.0.0.9 10.0.0.10 10.0.0.11" Then run the script on the undercloud with a stackrc file sourced, and the script will copy the needed os-collect-config.conf configuration to each diff --git a/deployed-server/ctlplane-port.yaml b/deployed-server/ctlplane-port.yaml index eb10fba0..7b5cdf11 100644 --- a/deployed-server/ctlplane-port.yaml +++ b/deployed-server/ctlplane-port.yaml @@ -1,8 +1,14 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata parameters: - Hostname: + network: type: string + default: ctlplane + name: + type: string + replacement_policy: + type: string + default: AUTO resources: @@ -13,11 +19,10 @@ resources: name: list_join: - '-' - - - {get_param: Hostname} - - ctlplane + - - {get_param: name} - port replacement_policy: AUTO outputs: - ip_address: - value: {get_attr: [ControlPlanePort, fixed_ips, 0, ip_address]} + fixed_ips: + value: {get_attr: [ControlPlanePort, fixed_ips]} diff --git a/deployed-server/deployed-neutron-port.yaml b/deployed-server/deployed-neutron-port.yaml new file mode 100644 index 00000000..bddf8bc1 --- /dev/null +++ b/deployed-server/deployed-neutron-port.yaml @@ -0,0 +1,67 @@ +heat_template_version: ocata + +description: " + A fake OS::Neutron::Port stack which outputs fixed_ips and subnets based on + the input from the DeployedServerPortMap (set via parameter_defaults). This + lookup requires the use of port naming conventions. In order for this to work + with deployed-server the keys should be <hostname>-<network>. + Example: + parameter_defaults: + DeployedServerPortMap: + gatsby-ctlplane: + fixed_ips: + - ip_address: 127.0.0.1 + subnets: + - cidr: 24" + +parameters: + name: + default: '' + type: string + network: + default: '' + type: string + fixed_ips: + default: '' + type: comma_delimited_list + replacement_policy: + default: '' + type: string + DeployedServerPortMap: + default: {} + type: json + + +outputs: + fixed_ips: + value: + {get_param: [DeployedServerPortMap, {get_param: name}, fixed_ips]} + subnets: + value: + {get_param: [DeployedServerPortMap, {get_param: name}, subnets]} + name: + value: {get_param: name} + status: + value: DOWN + allowed_address_pairs: + value: {} + device_id: + value: '' + device_owner: + value: {get_param: network} + dns_assignment: + value: '' + port_security_enabled: + value: False + admin_state_up: + value: False + security_groups: + value: {} + network_id: + value: '' + tenant_id: + value: '' + qos_policy_id: + value: '' + mac_address: + value: '' diff --git a/deployed-server/deployed-server-bootstrap-centos.sh b/deployed-server/deployed-server-bootstrap-centos.sh new file mode 100644 index 00000000..7266ca57 --- /dev/null +++ b/deployed-server/deployed-server-bootstrap-centos.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +set -eux + +yum install -y \ + jq \ + python-ipaddr \ + openstack-puppet-modules \ + os-net-config \ + openvswitch \ + python-heat-agent* + +ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules + +setenforce 0 +sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config diff --git a/deployed-server/deployed-server-bootstrap-centos.yaml b/deployed-server/deployed-server-bootstrap-centos.yaml new file mode 100644 index 00000000..ac537386 --- /dev/null +++ b/deployed-server/deployed-server-bootstrap-centos.yaml @@ -0,0 +1,22 @@ +heat_template_version: 2014-10-16 + +description: 'Deployed Server Bootstrap Config' + +parameters: + + server: + type: string + +resources: + + DeployedServerBootstrapConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: {get_file: deployed-server-bootstrap-centos.sh} + + DeployedServerBootstrapDeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: DeployedServerBootstrapConfig} + server: {get_param: server} diff --git a/deployed-server/deployed-server-config.yaml b/deployed-server/deployed-server-config.yaml deleted file mode 100644 index 8c59dc72..00000000 --- a/deployed-server/deployed-server-config.yaml +++ /dev/null @@ -1,22 +0,0 @@ -heat_template_version: 2014-10-16 -parameters: - user_data_format: - type: string - default: SOFTWARE_CONFIG - -resources: - # We just need something which returns a unique ID, but we can't - # use RandomString because RefId returns the value, not the physical - # resource ID, SoftwareConfig should work as it returns a UUID - deployed-server-config: - type: OS::Heat::SoftwareConfig - -outputs: - # FIXME(shardy) this is needed because TemplateResource returns an - # ARN not a UUID, which overflows the Deployment server_id column.. - user_data_format: - value: SOFTWARE_CONFIG - OS::stack_id: - value: {get_resource: deployed-server-config} - - diff --git a/deployed-server/deployed-server-roles-data.yaml b/deployed-server/deployed-server-roles-data.yaml new file mode 100644 index 00000000..9795a00f --- /dev/null +++ b/deployed-server/deployed-server-roles-data.yaml @@ -0,0 +1,172 @@ +# Specifies which roles (groups of nodes) will be deployed +# Note this is used as an input to the various *.j2.yaml +# jinja2 templates, so that they are converted into *.yaml +# during the plan creation (via a mistral action/workflow). +# +# The format is a list, with the following format: +# +# * name: (string) mandatory, name of the role, must be unique +# +# CountDefault: (number) optional, default number of nodes, defaults to 0 +# sets the default for the {{role.name}}Count parameter in overcloud.yaml +# +# HostnameFormatDefault: (string) optional default format string for hostname +# defaults to '%stackname%-{{role.name.lower()}}-%index%' +# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml +# +# disable_constraints: (boolean) optional, whether to disable Nova and Glance +# constraints for each role specified in the templates. +# +# ServicesDefault: (list) optional default list of services to be deployed +# on the role, defaults to an empty list. Sets the default for the +# {{role.name}}Services parameter in overcloud.yaml + +- name: ControllerDeployedServer + CountDefault: 1 + disable_constraints: True + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::Redis + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaVncProxy + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::OpenDaylightApi + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::Zaqar + - OS::TripleO::Services::OVNDBs + +- name: ComputeDeployedServer + CountDefault: 1 + HostnameFormatDefault: '%stackname%-novacompute-%index%' + disable_constraints: True + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::NeutronSriovAgent + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + +- name: BlockStorageDeployedServer + disable_constraints: True + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::BlockStorageCinderVolume + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + +- name: ObjectStorageDeployedServer + disable_constraints: True + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient + +- name: CephStorageDeployedServer + disable_constraints: True + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient diff --git a/deployed-server/deployed-server.yaml b/deployed-server/deployed-server.yaml index da5698e5..1e8afb25 100644 --- a/deployed-server/deployed-server.yaml +++ b/deployed-server/deployed-server.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata parameters: image: type: string @@ -21,7 +21,7 @@ parameters: default: '' name: type: string - default: '' + default: 'deployed-server' image_update_policy: type: string default: '' @@ -38,28 +38,52 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' resources: - # We just need something which returns a unique ID, but we can't - # use RandomString because RefId returns the value, not the physical - # resource ID, SoftwareConfig should work as it returns a UUID deployed-server: - type: OS::TripleO::DeployedServerConfig + type: OS::Heat::DeployedServer + properties: + name: {get_param: name} + software_config_transport: {get_param: software_config_transport} + + UpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + + UpgradeInitDeployment: + type: OS::Heat::SoftwareDeployment properties: - user_data_format: SOFTWARE_CONFIG + name: UpgradeInitDeployment + server: {get_resource: deployed-server} + config: {get_resource: UpgradeInitConfig} + InstanceIdConfig: type: OS::Heat::StructuredConfig properties: - group: os-apply-config + group: apply-config config: - instance-id: {get_attr: [deployed-server, "OS::stack_id"]} + instance-id: {get_resource: deployed-server} InstanceIdDeployment: type: OS::Heat::StructuredDeployment properties: config: {get_resource: InstanceIdConfig} server: {get_resource: deployed-server} + depends_on: UpgradeInitDeployment HostsEntryConfig: type: OS::Heat::SoftwareConfig @@ -69,21 +93,10 @@ resources: #!/bin/bash set -eux mkdir -p $heat_outputs_path - host=$(hostnamectl --static) - echo -n "$host " > $heat_outputs_path.hosts_entry - host_ip=$(python -c "import socket; print socket.gethostbyname(\"$host\")") - echo -n "$host_ip " >> $heat_outputs_path.hosts_entry - echo >> $heat_outputs_path.hosts_entry - cat $heat_outputs_path.hosts_entry - echo -n $host_ip > $heat_outputs_path.ip_address - cat $heat_outputs_path.ip_address + host=$(hostname -s) echo -n $host > $heat_outputs_path.hostname cat $heat_outputs_path.hostname outputs: - - name: hosts_entry - description: hosts_entry - - name: ip_address - description: ip_address - name: hostname description: hostname @@ -93,23 +106,28 @@ resources: config: {get_resource: HostsEntryConfig} server: {get_resource: deployed-server} + DeployedServerBootstrapConfig: + type: OS::TripleO::DeployedServer::Bootstrap + properties: + server: {get_resource: deployed-server} + ControlPlanePort: type: OS::TripleO::DeployedServer::ControlPlanePort properties: - Hostname: {get_attr: [HostsEntryDeployment, hostname]} + network: ctlplane + name: + list_join: + - '-' + - - {get_attr: [HostsEntryDeployment, hostname]} + - ctlplane + replacement_policy: AUTO outputs: - # FIXME(shardy) this is needed because TemplateResource returns an - # ARN not a UUID, which overflows the Deployment server_id column.. OS::stack_id: - value: {get_attr: [deployed-server, "OS::stack_id"]} + value: {get_resource: deployed-server} networks: value: ctlplane: - - {get_attr: [ControlPlanePort, ip_address]} + - {get_attr: [ControlPlanePort, fixed_ips, 0, ip_address]} name: - value: {get_attr: [HostsEntryDeployment, hostname]} - hosts_entry: - value: {get_attr: [HostsEntryDeployment, hosts_entry]} - ip_address: - value: {get_attr: [HostsEntryDeployment, ip_address]} + value: {get_attr: [HostsEntryDeployment, hostname]} diff --git a/deployed-server/scripts/get-occ-config.sh b/deployed-server/scripts/get-occ-config.sh index d6219e85..6c196f97 100755 --- a/deployed-server/scripts/get-occ-config.sh +++ b/deployed-server/scripts/get-occ-config.sh @@ -11,14 +11,22 @@ OBJECTSTORAGE_HOSTS=${OBJECTSTORAGE_HOSTS:-""} CEPHSTORAGE_HOSTS=${CEPHSTORAGE_HOSTS:-""} SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"~/.ssh/id_rsa"} SSH_OPTIONS="-tt -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=Verbose -o PasswordAuthentication=no -o ConnectionAttempts=32" +OVERCLOUD_ROLES=${OVERCLOUD_ROLES:-"Controller Compute BlockStorage ObjectStorage CephStorage"} + +# Set the _hosts vars for the default roles based on the old var names that +# were all caps for backwards compatibility. +Controller_hosts=${Controller_hosts:-"$CONTROLLER_HOSTS"} +Compute_hosts=${Compute_hosts:-"$COMPUTE_HOSTS"} +BlockStorage_hosts=${BlockStorage_hosts:-"$BLOCKSTORAGE_HOSTS"} +ObjectStorage_hosts=${ObjectStorage_hosts:-"$OBJECTSTORAGE_HOSTS"} +CephStorage_hosts=${CephStorage_hosts:-"$CEPHSTORAGE_HOSTS"} + +# Set the _hosts_a vars for each role defined +for role in $OVERCLOUD_ROLES; do + eval hosts=\${${role}_hosts} + read -a ${role}_hosts_a <<< $hosts +done -read -a Controller_hosts_a <<< $CONTROLLER_HOSTS -read -a Compute_hosts_a <<< $COMPUTE_HOSTS -read -a BlockStorage_hosts_a <<< $BLOCKSTORAGE_HOSTS -read -a ObjectStorage_hosts_a <<< $OBJECTSTORAGE_HOSTS -read -a CephStorage_hosts_a <<< $CEPHSTORAGE_HOSTS - -roles=${OVERCLOUD_ROLES:-"Controller Compute BlockStorage ObjectStorage CephStorage"} admin_user_id=$(openstack user show admin -c id -f value) admin_project_id=$(openstack project show admin -c id -f value) @@ -44,7 +52,7 @@ function check_stack { } -for role in $roles; do +for role in $OVERCLOUD_ROLES; do while ! check_stack overcloud; do sleep $SLEEP_TIME done @@ -71,24 +79,26 @@ for role in $roles; do server_stack=$(openstack stack resource show $stack $server_resource_name -c physical_resource_id -f value) done - deployed_server_stack=$(openstack stack resource show $server_stack deployed-server -c physical_resource_id -f value) + while true; do + deployed_server_metadata_url=$(openstack stack resource metadata $server_stack deployed-server | jq -r '.["os-collect-config"].request.metadata_url') + if [ "$deployed_server_metadata_url" = "null" ]; then + continue + else + break + fi + done echo "======================" echo "$role$i os-collect-config.conf configuration:" config=" [DEFAULT] -collectors=heat +collectors=request command=os-refresh-config polling_interval=30 -[heat] -user_id=$admin_user_id -password=$OS_PASSWORD -auth_url=$OS_AUTH_URL -project_id=$admin_project_id -stack_id=$deployed_server_stack -resource_name=deployed-server-config" +[request] +metadata_url=$deployed_server_metadata_url" echo "$config" echo "======================" diff --git a/docker/firstboot/install_docker_agents.yaml b/docker/firstboot/install_docker_agents.yaml index f6d61e2d..41a87406 100644 --- a/docker/firstboot/install_docker_agents.yaml +++ b/docker/firstboot/install_docker_agents.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata parameters: DockerAgentImage: diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh index acb44ce5..1c5cc18d 100644..100755 --- a/docker/firstboot/start_docker_agents.sh +++ b/docker/firstboot/start_docker_agents.sh @@ -1,72 +1,56 @@ #!/bin/bash set -eux -/sbin/setenforce 0 -/sbin/modprobe ebtables - -# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes -chmod 666 /dev/pts/ptmx - -# We need hostname -f to return in a centos container for the puppet hook -HOSTNAME=$(hostname) -echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts - -# update docker for local insecure registry(optional) -# Note: This is different for different docker versions -# For older docker versions < 1.4.x use commented line -#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker -#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker +# TODO remove this when built image includes docker +if [ ! -f "/usr/bin/docker" ]; then + yum -y install docker +fi # Local docker registry 1.8 # NOTE(mandre) $docker_namespace_is_registry is not a bash variable but is # a place holder for text replacement done via heat -if [ "$docker_namespace_is_registry" = True ]; then +if [ "$docker_namespace_is_registry" = "True" ]; then /usr/bin/systemctl stop docker.service # if namespace is used with local registry, trim all namespacing trim_var=$docker_registry registry_host="${trim_var%%/*}" /bin/sed -i -r "s/^[# ]*INSECURE_REGISTRY *=.+$/INSECURE_REGISTRY='--insecure-registry $registry_host'/" /etc/sysconfig/docker - /usr/bin/systemctl start --no-block docker.service fi -/usr/bin/docker pull $agent_image & -DOCKER_PULL_PID=$! - mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container # NOTE(flaper87): Heat Agent required mounts -AGENT_COMMAND_MOUNTS="-v /var/lib/etc-data:/var/lib/etc-data \ - -v /run:/run \ - -v /etc:/host/etc \ - -v /usr/bin/atomic:/usr/bin/atomic \ - -v /var/lib/dhclient:/var/lib/dhclient \ - -v /var/lib/cloud:/var/lib/cloud \ - -v /var/lib/heat-cfntools:/var/lib/heat-cfntools \ - -v /etc/sysconfig/docker:/etc/sysconfig/docker \ - -v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2" - - -# NOTE(flaper87): Some of these commands may not be present depending on the -# atomic version. -for docker_cmd in docker docker-current docker-latest; do - if [ -f "/usr/bin/$docker_cmd" ]; then - AGENT_COMMAND_MOUNTS+=" -v /usr/bin/$docker_cmd:/usr/bin/$docker_cmd" - fi -done +AGENT_COMMAND_MOUNTS="\ +-v /var/lib/etc-data:/var/lib/etc-data \ +-v /run:/run \ +-v /etc/hosts:/etc/hosts \ +-v /etc:/host/etc \ +-v /var/lib/dhclient:/var/lib/dhclient \ +-v /var/lib/cloud:/var/lib/cloud \ +-v /var/lib/heat-cfntools:/var/lib/heat-cfntools \ +-v /var/lib/os-collect-config:/var/lib/os-collect-config \ +-v /var/lib/os-apply-config-deployments:/var/lib/os-apply-config-deployments \ +-v /var/lib/heat-config:/var/lib/heat-config \ +-v /etc/sysconfig/docker:/etc/sysconfig/docker \ +-v /etc/sysconfig/network-scripts:/etc/sysconfig/network-scripts \ +-v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2 \ +-v /usr/bin/docker:/usr/bin/docker \ +-v /usr/bin/docker-current:/usr/bin/docker-current \ +-v /var/lib/os-collect-config:/var/lib/os-collect-config" # heat-docker-agents service cat <<EOF > /etc/systemd/system/heat-docker-agents.service - [Unit] Description=Heat Docker Agent Container After=docker.service Requires=docker.service +Before=os-collect-config.service +Conflicts=os-collect-config.service [Service] User=root -Restart=on-failure -ExecStartPre=-/usr/bin/docker kill heat-agents -ExecStartPre=-/usr/bin/docker rm heat-agents +Restart=always +ExecStartPre=-/usr/bin/docker rm -f heat-agents ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host \ $AGENT_COMMAND_MOUNTS \ --entrypoint=/usr/bin/os-collect-config $agent_image @@ -74,35 +58,12 @@ ExecStop=/usr/bin/docker stop heat-agents [Install] WantedBy=multi-user.target - EOF # enable and start heat-docker-agents -chmod 0640 /etc/systemd/system/heat-docker-agents.service /usr/bin/systemctl enable heat-docker-agents.service /usr/bin/systemctl start --no-block heat-docker-agents.service -# Disable NetworkManager and let the ifup/down scripts work properly. -/usr/bin/systemctl disable NetworkManager -/usr/bin/systemctl stop NetworkManager - -# Atomic's root partition & logical volume defaults to 3G. In order to launch -# larger VMs, we need to enlarge the root logical volume and scale down the -# docker_pool logical volume. We are allocating 80% of the disk space for -# vm data and the remaining 20% for docker images. -ATOMIC_ROOT='/dev/mapper/atomicos-root' -ROOT_DEVICE=`pvs -o vg_name,pv_name --no-headings | grep atomicos | awk '{ print $2}'` - -growpart $( echo "${ROOT_DEVICE}" | sed -r 's/([^0-9]*)([0-9]+)/\1 \2/' ) -pvresize "${ROOT_DEVICE}" -lvresize -l +80%FREE "${ATOMIC_ROOT}" -xfs_growfs "${ATOMIC_ROOT}" - -cat <<EOF > /etc/sysconfig/docker-storage-setup -GROWPART=true -AUTO_EXTEND_POOL=yes -POOL_AUTOEXTEND_PERCENT=30 -POOL_AUTOEXTEND_THRESHOLD=70 -EOF - -wait $DOCKER_PULL_PID +# Disable libvirtd +/usr/bin/systemctl disable libvirtd.service +/usr/bin/systemctl stop libvirtd.service diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml index de17cffe..1ba96e27 100644 --- a/docker/post.j2.yaml +++ b/docker/post.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > Post-deploy configuration steps via puppet for all roles, @@ -25,16 +25,6 @@ parameters: default: 'tripleoupstream' type: string - DockerOpenvswitchDBImage: - description: image - default: 'centos-binary-openvswitch-db-server' - type: string - - DockerOvsVswitchdImage: - description: image - default: 'centos-binary-openvswitch-vswitchd' - type: string - LibvirtConfig: type: string default: "/etc/libvirt/libvirtd.conf" @@ -45,7 +35,7 @@ parameters: NeutronOpenvswitchAgentConfig: type: string - default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini" + default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/ml2/openvswitch_agent.ini" resources: @@ -206,73 +196,6 @@ resources: nova_config: {get_param: NovaConfig} neutron_openvswitch_agent_config: {get_param: NeutronOpenvswitchAgentConfig} - NovaComputeContainersDeploymentOVS: - type: OS::Heat::StructuredDeploymentGroup - depends_on: CopyJsonDeployment - properties: - name: NovaComputeContainersDeploymentOVS - config: {get_resource: NovaComputeContainersConfigOVS} - servers: {get_param: [servers, {{role.name}}]} - - NovaComputeContainersConfigOVS: - type: OS::Heat::StructuredConfig - properties: - group: docker-cmd - config: - openvswitchdb: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchDBImage} ] - net: host - restart: always - volumes: - - /var/lib/etc-data/json-config/ovsdb-server.json:/var/lib/kolla/config_files/config.json - - /etc/localtime:/etc/localtime:ro - - /run:/run - - logs:/var/log/kolla/ - - openvswitch_db:/var/lib/openvswitch/ - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - - ovsvswitchd: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOvsVswitchdImage} ] - net: host - privileged: true - restart: always - volumes: - - /var/lib/etc-data/json-config/ovs-vswitchd.json:/var/lib/kolla/config_files/config.json - - /etc/localtime:/etc/localtime:ro - - /lib/modules:/lib/modules:ro - - /run:/run - - logs:/var/log/kolla/ - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - - NovaComputeContainersDeploymentNetconfig: - type: OS::Heat::SoftwareDeploymentGroup - depends_on: NovaComputeContainersDeploymentOVS - properties: - name: NovaComputeContainersDeploymentNetconfig - config: {get_resource: NovaComputeContainersConfigNetconfig} - servers: {get_param: [servers, {{role.name}}]} - - # We run os-net-config here because we depend on the ovs containers to be up - # and running before we configure the network. This allows explicit timing - # of the network configuration. - NovaComputeContainersConfigNetconfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - outputs: - - name: result - config: | - #!/bin/bash - /usr/local/bin/run-os-net-config - {{role.name}}ContainersConfig_Step1: type: OS::Heat::StructuredConfig depends_on: CopyJsonDeployment @@ -291,7 +214,7 @@ resources: {{role.name}}ContainersDeployment_Step1: type: OS::Heat::StructuredDeploymentGroup - depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy, NovaComputeContainersDeploymentNetconfig] + depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] properties: name: {{role.name}}ContainersDeployment_Step1 servers: {get_param: [servers, {{role.name}}]} diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index 8d092a34..1c9e60db 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > OpenStack Neutron openvswitch service @@ -12,12 +12,6 @@ parameters: description: image default: 'centos-binary-neutron-openvswitch-agent' type: string - NeutronOpenvswitchAgentPluginVolume: - type: string - default: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/ovs_neutron_plugin.ini:ro" - NeutronOpenvswitchAgentOvsVolume: - type: string - default: " " ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -64,8 +58,7 @@ outputs: - /var/lib/etc-data/json-config/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json - /var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro - /var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/var/lib/kolla/config_files/ml2_conf.ini:ro - - {get_param: NeutronOpenvswitchAgentPluginVolume} - - {get_param: NeutronOpenvswitchAgentOvsVolume} + - /var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/openvswitch_agent.ini:ro - /etc/localtime:/etc/localtime:ro - /lib/modules:/lib/modules:ro - /run:/run diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 5c56aeee..c695c94d 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > OpenStack containerized Nova Compute service diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 36511557..a40a21fd 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > OpenStack Libvirt Service @@ -55,6 +55,11 @@ outputs: volumes: - /var/lib/etc-data/json-config/nova-libvirt.json:/var/lib/kolla/config_files/config.json - /var/lib/etc-data/libvirt/libvirtd.conf:/var/lib/kolla/config_files/libvirtd.conf + # NOTE(mandre) Ideally the qemu.conf file is mounted in + # /var/lib/kolla/config_files and copied to the right place but + # copy-json.py doesn't allow us to do that without appending the + # file as an additional config on the CLI + - /var/lib/etc-data/libvirt/qemu.conf:/etc/libvirt/qemu.conf:ro - /etc/localtime:/etc/localtime:ro - /lib/modules:/lib/modules:ro - /run:/run diff --git a/docker/services/services.yaml b/docker/services/services.yaml index 37e7b655..3d51eb19 100644 --- a/docker/services/services.yaml +++ b/docker/services/services.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > Utility stack to convert an array of services into a set of combined diff --git a/environments/cinder-hpelefthand-config.yaml b/environments/cinder-hpelefthand-config.yaml new file mode 100644 index 00000000..90d0261e --- /dev/null +++ b/environments/cinder-hpelefthand-config.yaml @@ -0,0 +1,13 @@ +# A Heat environment file which can be used to enable a +# a Cinder HPELeftHandISCSI backend, configured via puppet +resource_registry: + OS::TripleO::Services::CinderHPELeftHandISCSI: ../puppet/services/cinder-hpelefthand-iscsi.yaml + +parameter_defaults: + CinderHPELeftHandISCSIApiUrl: '' + CinderHPELeftHandISCSIUserName: '' + CinderHPELeftHandISCSIPassword: '' + CinderHPELeftHandISCSIBackendName: 'tripleo_hpelefthand' + CinderHPELeftHandISCSIChapEnabled: false + CinderHPELeftHandClusterName: '' + CinderHPELeftHandDebug: false diff --git a/environments/deployed-server-bootstrap-environment-centos.yaml b/environments/deployed-server-bootstrap-environment-centos.yaml new file mode 100644 index 00000000..ebcdfc2b --- /dev/null +++ b/environments/deployed-server-bootstrap-environment-centos.yaml @@ -0,0 +1,7 @@ +# An environment that can be used with the deployed-server.yaml template to do +# initial bootstrapping of the deployed servers. +resource_registry: + OS::TripleO::DeployedServer::Bootstrap: ../deployed-server/deployed-server-bootstrap-centos.yaml + +parameter_defaults: + EnablePackageInstall: True diff --git a/environments/deployed-server-environment.yaml b/environments/deployed-server-environment.yaml index c63d399a..7bc1bd9b 100644 --- a/environments/deployed-server-environment.yaml +++ b/environments/deployed-server-environment.yaml @@ -1,4 +1,4 @@ resource_registry: OS::TripleO::Server: ../deployed-server/deployed-server.yaml - OS::TripleO::DeployedServerConfig: ../deployed-server/deployed-server-config.yaml - OS::TripleO::DeployedServer::ControlPlanePort: ../deployed-server/ctlplane-port.yaml + OS::TripleO::DeployedServer::ControlPlanePort: OS::Neutron::Port + OS::TripleO::DeployedServer::Bootstrap: OS::Heat::None diff --git a/environments/deployed-server-noop-ctlplane.yaml b/environments/deployed-server-noop-ctlplane.yaml index cfda314d..54f5e41d 100644 --- a/environments/deployed-server-noop-ctlplane.yaml +++ b/environments/deployed-server-noop-ctlplane.yaml @@ -1,4 +1,3 @@ resource_registry: OS::TripleO::Server: ../deployed-server/deployed-server.yaml - OS::TripleO::DeployedServerConfig: ../deployed-server/deployed-server-config.yaml - OS::TripleO::DeployedServer::ControlPlanePort: OS::Heat::None + OS::TripleO::DeployedServer::ControlPlanePort: ../deployed-server/deployed-neutron-port.yaml diff --git a/environments/docker-network-isolation.yaml b/environments/docker-network-isolation.yaml deleted file mode 100644 index 87c81d0b..00000000 --- a/environments/docker-network-isolation.yaml +++ /dev/null @@ -1,4 +0,0 @@ -parameter_defaults: - NeutronOpenvswitchAgentConfig: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/openvswitch_agent.ini" - NeutronOpenvswitchAgentPluginVolume: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/openvswitch_agent.ini:ro" - NeutronOpenvswitchAgentOvsVolume: "/var/lib/etc-data/neutron/conf.d/neutron-openvswitch-agent:/etc/neutron/conf.d/neutron-openvswitch-agent:ro" diff --git a/environments/docker.yaml b/environments/docker.yaml index 0755c61f..4f5b36b4 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -1,6 +1,6 @@ resource_registry: # Docker container with heat agents for containerized compute node. - OS::TripleO::NodeUserData: ../docker/firstboot/install_docker_agents.yaml + OS::TripleO::Compute::NodeUserData: ../docker/firstboot/install_docker_agents.yaml OS::TripleO::Services::NovaLibvirt: ../docker/services/nova-libvirt.yaml OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NovaCompute: ../docker/services/nova-compute.yaml @@ -13,7 +13,6 @@ resource_registry: OS::TripleO::Services: ../docker/services/services.yaml parameter_defaults: - NovaImage: atomic-image # Defaults to 'tripleoupstream'. Specify a local docker registry # Example: 192.0.2.1:8787/tripleoupstream DockerNamespace: tripleoupstream @@ -24,8 +23,6 @@ parameter_defaults: DockerNovaComputeImage: centos-binary-nova-compute:newton DockerLibvirtImage: centos-binary-nova-libvirt:newton DockerOpenvswitchImage: centos-binary-neutron-openvswitch-agent:newton - DockerOvsVswitchdImage: centos-binary-openvswitch-vswitchd:newton - DockerOpenvswitchDBImage: centos-binary-openvswitch-db-server:newton ComputeServices: - OS::TripleO::Services::NovaCompute diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml index c01b4888..6e912faa 100644 --- a/environments/enable-internal-tls.yaml +++ b/environments/enable-internal-tls.yaml @@ -3,5 +3,6 @@ parameter_defaults: EnableInternalTLS: true resource_registry: + OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml OS::TripleO::Services::ApacheTLS: ../puppet/services/apache-internal-tls-certmonger.yaml OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml diff --git a/environments/enable-swap-partition.yaml b/environments/enable-swap-partition.yaml new file mode 100644 index 00000000..71b70ec9 --- /dev/null +++ b/environments/enable-swap-partition.yaml @@ -0,0 +1,3 @@ +# Use this environment to create a swap partition in all Overcloud nodes +resource_registry: + OS::TripleO::AllNodesExtraConfig: ../extraconfig/all_nodes/swap-partition.yaml diff --git a/environments/enable-swap.yaml b/environments/enable-swap.yaml new file mode 100644 index 00000000..9ba08642 --- /dev/null +++ b/environments/enable-swap.yaml @@ -0,0 +1,3 @@ +# Use this environment to create a swap file in all Overcloud nodes +resource_registry: + OS::TripleO::AllNodesExtraConfig: ../extraconfig/all_nodes/swap.yaml diff --git a/environments/external-loadbalancer-vip-v6.yaml b/environments/external-loadbalancer-vip-v6.yaml index 5a2ef505..fbd1fb98 100644 --- a/environments/external-loadbalancer-vip-v6.yaml +++ b/environments/external-loadbalancer-vip-v6.yaml @@ -1,29 +1,24 @@ resource_registry: - OS::TripleO::Network::Ports::NetVipMap: ../network/ports/net_vip_map_external_v6.yaml - OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/from_service_v6.yaml OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_from_pool_v6.yaml OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_from_pool_v6.yaml OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_from_pool_v6.yaml OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool_v6.yaml # OVS doesn't support IPv6 endpoints for tunneling yet, so this remains IPv4 for now. OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant_from_pool.yaml + # Management network is optional and disabled by default + #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management_from_pool_v6.yaml parameter_defaults: # When using an external loadbalancer set the following in parameter_defaults # to control your VIPs (currently one per network) # NOTE: we will eventually move to one VIP per service # - ControlPlaneIP: 192.0.2.251 - ExternalNetworkVip: 2001:db8:fd00:1000:0000:0000:0000:0005 - InternalApiNetworkVip: fd00:fd00:fd00:2000:0000:0000:0000:0005 - StorageNetworkVip: fd00:fd00:fd00:3000:0000:0000:0000:0005 - StorageMgmtNetworkVip: fd00:fd00:fd00:4000:0000:0000:0000:0005 - ServiceVips: - redis: fd00:fd00:fd00:2000:0000:0000:0000:0006 + ControlFixedIPs: [{'ip_address':'192.0.2.251'}] + PublicVirtualFixedIPs: [{'ip_address':'2001:db8:fd00:1000:0000:0000:0000:0005'}] + InternalApiVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:2000:0000:0000:0000:0005'}] + StorageVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:3000:0000:0000:0000:0005'}] + StorageMgmtVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:4000:0000:0000:0000:0005'}] + RedisVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:2000:0000:0000:0000:0006'}] ControllerIPs: external: - 2001:db8:fd00:1000:0000:0000:0000:0007 diff --git a/environments/external-loadbalancer-vip.yaml b/environments/external-loadbalancer-vip.yaml index 8656ba1a..1759c04c 100644 --- a/environments/external-loadbalancer-vip.yaml +++ b/environments/external-loadbalancer-vip.yaml @@ -1,10 +1,4 @@ resource_registry: - OS::TripleO::Network::Ports::NetVipMap: ../network/ports/net_vip_map_external.yaml - OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/from_service.yaml OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_from_pool.yaml OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_from_pool.yaml OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_from_pool.yaml @@ -18,13 +12,12 @@ parameter_defaults: # to control your VIPs (currently one per network) # NOTE: we will eventually move to one VIP per service # - ControlPlaneIP: 192.0.2.251 - ExternalNetworkVip: 10.0.0.251 - InternalApiNetworkVip: 172.16.2.251 - StorageNetworkVip: 172.16.1.251 - StorageMgmtNetworkVip: 172.16.3.251 - ServiceVips: - redis: 172.16.2.252 + ControlFixedIPs: [{'ip_address':'192.0.2.251'}] + PublicVirtualFixedIPs: [{'ip_address':'10.0.0.251'}] + InternalApiVirtualFixedIPs: [{'ip_address':'172.16.2.251'}] + StorageVirtualFixedIPs: [{'ip_address':'172.16.1.251'}] + StorageMgmtVirtualFixedIPs: [{'ip_address':'172.16.3.251'}] + RedisVirtualFixedIPs: [{'ip_address':'172.16.2.252'}] ControllerIPs: external: - 10.0.0.253 diff --git a/environments/host-config-pre-network.j2.yaml b/environments/host-config-pre-network.j2.yaml new file mode 100644 index 00000000..fe1302b5 --- /dev/null +++ b/environments/host-config-pre-network.j2.yaml @@ -0,0 +1,16 @@ +resource_registry: +# Create the registry only for roles with the word "Compute" in it. Like ComputeOvsDpdk, ComputeSriov, etc., +{% for role in roles %} +{% if "Compute" in role.name %} + OS::TripleO::{{role.name}}::PreNetworkConfig: ../extraconfig/pre_network/{{role.name.lower()}}-host_config_and_reboot.yaml +{% endif %} +{% endfor %} + +parameter_defaults: + # Sample parameters for Compute and ComputeOvsDpdk roles + #ComputeKernelArgs: "" + #ComputeTunedProfileName: "" + #ComputeHostCpuList: "" + #ComputeOvsDpdkKernelArgs: "" + #ComputeOvsDpdkTunedProfileName: "" + #ComputeOvsDpdkHostCpuList: "" diff --git a/environments/major-upgrade-all-in-one.yaml b/environments/major-upgrade-all-in-one.yaml new file mode 100644 index 00000000..69d72edd --- /dev/null +++ b/environments/major-upgrade-all-in-one.yaml @@ -0,0 +1,8 @@ +# We run the upgrade steps without disabling the OS::TripleO::PostDeploySteps +# this means you can do a major upgrade in one pass, which may be useful +# e.g for all-in-one deployments where we can upgrade the compute services +# at the same time as the controlplane +# Note that it will be necessary to pass a mapping of OS::Heat::None again for +# any subsequent updates, or the upgrade steps will run again. +resource_registry: + OS::TripleO::UpgradeSteps: ../puppet/major_upgrade_steps.yaml diff --git a/environments/network-isolation-no-tunneling.yaml b/environments/network-isolation-no-tunneling.yaml index 5d2a915b..ff1d7887 100644 --- a/environments/network-isolation-no-tunneling.yaml +++ b/environments/network-isolation-no-tunneling.yaml @@ -8,30 +8,54 @@ resource_registry: OS::TripleO::Network::InternalApi: ../network/internal_api.yaml OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml OS::TripleO::Network::Storage: ../network/storage.yaml + OS::TripleO::Network::Tenant: ../network/noop.yaml + # Management network is optional and disabled by default. + # To enable it, include environments/network-management.yaml + #OS::TripleO::Network::Management: ../network/management.yaml + + # Port assignments for the VIPs + OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml + OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api.yaml + OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage.yaml + OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml + OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml # Port assignments for the controller role OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + OS::TripleO::Controller::Ports::TenantPort: ../network/ports/noop.yaml + #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management.yaml # Port assignments for the compute role + OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api.yaml OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml + OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml + OS::TripleO::Compute::Ports::TenantPort: ../network/ports/noop.yaml + #OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management.yaml # Port assignments for the ceph storage role + OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml + OS::TripleO::CephStorage::Ports::InternalApiPort: ../network/ports/noop.yaml OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml + #OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management.yaml # Port assignments for the swift storage role + OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml + OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml + #OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management.yaml # Port assignments for the block storage role + OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml - - # Port assignments for service virtual IPs for the controller role - OS::TripleO::Controller::Ports::RedisVipPort: ../network/ports/vip.yaml + OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml + #OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml diff --git a/environments/network-isolation.yaml b/environments/network-isolation.yaml index 737d7d36..a6b4b8ae 100644 --- a/environments/network-isolation.yaml +++ b/environments/network-isolation.yaml @@ -18,8 +18,6 @@ resource_registry: OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml - # Port assignments for service virtual IPs for the controller role - OS::TripleO::Controller::Ports::RedisVipPort: ../network/ports/vip.yaml # Port assignments for the controller role OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml @@ -59,4 +57,3 @@ resource_registry: OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml #OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml - diff --git a/environments/neutron-ml2-fujitsu-cfab.yaml b/environments/neutron-ml2-fujitsu-cfab.yaml new file mode 100644 index 00000000..f14f7ee2 --- /dev/null +++ b/environments/neutron-ml2-fujitsu-cfab.yaml @@ -0,0 +1,21 @@ +# A Heat environment file which can be used to enable Fujitsu C-Fabric +# plugin, configured via puppet +resource_registry: + OS::TripleO::Services::NeutronML2FujitsuCfab: ../puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml + +parameter_defaults: + # Fixed + NeutronMechanismDrivers: ['openvswitch','fujitsu_cfab'] + NeutronTypeDrivers: 'vlan' + NeutronNetworkType: 'vlan' + + # Required + NeutronFujitsuCfabAddress: '192.168.0.1' + NeutronFujitsuCfabUserName: 'admin' + NeutronFujitsuCfabPassword: + + # Optional + #NeutronFujitsuCfabPhysicalNetworks: + #NeutronFujitsuCfabSharePprofile: + #NeutronFujitsuCfabPprofilePrefix: + #NeutronFujitsuCfabSaveConfig: diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml index bafb2a73..3da560c8 100644 --- a/environments/neutron-ml2-ovn.yaml +++ b/environments/neutron-ml2-ovn.yaml @@ -8,10 +8,10 @@ resource_registry: # Disabling Neutron services that overlap with OVN OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml parameter_defaults: NeutronMechanismDrivers: ovn - OVNDbHost: '0.0.0.0' OVNSouthboundServerPort: 6642 OVNNorthboundServerPort: 6641 OVNDbConnectionTimeout: 60 @@ -19,3 +19,4 @@ parameter_defaults: OVNNeutronSyncMode: log OVNQosDriver: ovn-qos OVNTunnelEncapType: geneve + NeutronEnableDHCPAgent: false diff --git a/environments/neutron-opendaylight-l3.yaml b/environments/neutron-opendaylight-l3.yaml index 00be3048..6d5c7404 100644 --- a/environments/neutron-opendaylight-l3.yaml +++ b/environments/neutron-opendaylight-l3.yaml @@ -9,6 +9,6 @@ resource_registry: parameter_defaults: NeutronEnableForceMetadata: true - NeutronMechanismDrivers: 'opendaylight' - NeutronServicePlugins: "networking_odl.l3.l3_odl.OpenDaylightL3RouterPlugin" + NeutronMechanismDrivers: 'opendaylight_v2' + NeutronServicePlugins: 'odl-router_v2' OpenDaylightEnableL3: "'yes'" diff --git a/environments/neutron-opendaylight.yaml b/environments/neutron-opendaylight.yaml index 35c90aab..e08b2b27 100644 --- a/environments/neutron-opendaylight.yaml +++ b/environments/neutron-opendaylight.yaml @@ -1,11 +1,13 @@ -# A Heat environment that can be used to deploy OpenDaylight +# A Heat environment that can be used to deploy OpenDaylight with L3 DVR resource_registry: OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None parameter_defaults: NeutronEnableForceMetadata: true - NeutronMechanismDrivers: 'opendaylight' + NeutronMechanismDrivers: 'opendaylight_v2' + NeutronServicePlugins: 'odl-router_v2' diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml index 06e4f7aa..5f8b02ad 100644 --- a/environments/puppet-ceph-external.yaml +++ b/environments/puppet-ceph-external.yaml @@ -30,5 +30,8 @@ parameter_defaults: # finally we disable the Cinder LVM backend CinderEnableIscsiBackend: false + # Uncomment if connecting to a pre-Jewel or RHCS1.3 Ceph Cluster + # RbdDefaultFeatures: 1 + # Backward compatibility setting, will be removed in the future CephAdminKey: '' diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index b8e93f20..0b71dbd9 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -1,7 +1,6 @@ # An environment which enables configuration of an # Overcloud controller with Pacemaker. resource_registry: - OS::TripleO::ControllerConfig: ../puppet/controller-config-pacemaker.yaml OS::TripleO::Tasks::ControllerPrePuppet: ../extraconfig/tasks/pre_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppet: ../extraconfig/tasks/post_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml diff --git a/environments/services/ceph-mds.yaml b/environments/services/ceph-mds.yaml new file mode 100644 index 00000000..2b51374c --- /dev/null +++ b/environments/services/ceph-mds.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::CephMds: ../../puppet/services/ceph-mds.yaml
\ No newline at end of file diff --git a/environments/services/zaqar.yaml b/environments/services/zaqar.yaml new file mode 100644 index 00000000..ee137925 --- /dev/null +++ b/environments/services/zaqar.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index 70a0d31f..74c9f61d 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -20,7 +20,6 @@ parameter_defaults: GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} - GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} @@ -50,6 +49,9 @@ parameter_defaults: NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} @@ -62,3 +64,9 @@ parameter_defaults: SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index 21f8876a..17ff2feb 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -20,7 +20,6 @@ parameter_defaults: GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'} - GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'} @@ -50,6 +49,9 @@ parameter_defaults: NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'} + NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'} NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'} @@ -62,3 +64,9 @@ parameter_defaults: SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'} + ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'} + ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml index 6afb3a63..0aa2be08 100644 --- a/environments/tls-everywhere-endpoints-dns.yaml +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -20,7 +20,6 @@ parameter_defaults: GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} - GlanceRegistryInternal: {protocol: 'https', port: '9191', host: 'CLOUDNAME'} GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} @@ -50,6 +49,9 @@ parameter_defaults: NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} + NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} @@ -62,3 +64,9 @@ parameter_defaults: SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'} SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'} + ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} + ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml new file mode 100644 index 00000000..0fd01920 --- /dev/null +++ b/environments/undercloud.yaml @@ -0,0 +1,18 @@ +resource_registry: + OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/noop.yaml + OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml + OS::TripleO::Undercloud::Net::SoftwareConfig: ../net-config-undercloud.yaml + OS::TripleO::NodeExtraConfigPost: ../extraconfig/post_deploy/undercloud_post.yaml + +parameter_defaults: + StackAction: CREATE + SoftwareConfigTransport: POLL_SERVER_HEAT + NeutronTunnelTypes: [] + NeutronBridgeMappings: ctlplane:br-ctlplane + NeutronAgentExtensions: [] + NeutronFlatNetworks: '*' + NovaSchedulerAvailableFilters: 'tripleo_common.filters.list.tripleo_filters' + NovaSchedulerDefaultFilters: ['RetryFilter', 'TripleOCapabilitiesFilter', 'ComputeCapabilitiesFilter', 'AvailabilityZoneFilter', 'RamFilter', 'DiskFilter', 'ComputeFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter'] + NeutronDhcpAgentsPerNetwork: 2 + HeatConvergenceEngine: false + HeatMaxResourcesPerStack: -1 diff --git a/environments/updates/README.md b/environments/updates/README.md index 426d7329..93714ed8 100644 --- a/environments/updates/README.md +++ b/environments/updates/README.md @@ -10,3 +10,6 @@ Contents **update-from-publicvip-on-ctlplane.yaml** To be used if the PublicVirtualIP resource was deployed as an additional VIP on the 'ctlplane'. + +**update-from-deloyed-server-newton.yaml** + To be used when updating from the deployed-server template from Newton. diff --git a/environments/updates/update-from-deployed-server-newton.yaml b/environments/updates/update-from-deployed-server-newton.yaml new file mode 100644 index 00000000..6fe3a4cb --- /dev/null +++ b/environments/updates/update-from-deployed-server-newton.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::DeployedServer::ControlPlanePort: ../../deployed-server/ctlplane-port.yaml diff --git a/environments/updates/update-from-keystone-admin-internal-api.yaml b/environments/updates/update-from-keystone-admin-internal-api.yaml index a5075300..97687c6a 100644 --- a/environments/updates/update-from-keystone-admin-internal-api.yaml +++ b/environments/updates/update-from-keystone-admin-internal-api.yaml @@ -2,32 +2,5 @@ # Keystone Admin API service is running on the Internal API network parameter_defaults: - ServiceNetMapDefaults: - NeutronTenantNetwork: tenant - CeilometerApiNetwork: internal_api - MongodbNetwork: internal_api - CinderApiNetwork: internal_api - CinderIscsiNetwork: storage - GlanceApiNetwork: storage - GlanceRegistryNetwork: internal_api + ServiceNetMap: KeystoneAdminApiNetwork: internal_api - KeystonePublicApiNetwork: internal_api - NeutronApiNetwork: internal_api - HeatApiNetwork: internal_api - NovaApiNetwork: internal_api - NovaMetadataNetwork: internal_api - NovaVncProxyNetwork: internal_api - SwiftMgmtNetwork: storage_mgmt - SwiftProxyNetwork: storage - HorizonNetwork: internal_api - MemcachedNetwork: internal_api - RabbitmqNetwork: internal_api - RedisNetwork: internal_api - MysqlNetwork: internal_api - CephClusterNetwork: storage_mgmt - CephPublicNetwork: storage - ControllerHostnameResolveNetwork: internal_api - ComputeHostnameResolveNetwork: internal_api - BlockStorageHostnameResolveNetwork: internal_api - ObjectStorageHostnameResolveNetwork: internal_api - CephStorageHostnameResolveNetwork: storage diff --git a/extraconfig/all_nodes/mac_hostname.j2.yaml b/extraconfig/all_nodes/mac_hostname.j2.yaml index 75ffc9e6..fcf022ae 100644 --- a/extraconfig/all_nodes/mac_hostname.j2.yaml +++ b/extraconfig/all_nodes/mac_hostname.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: > Example extra config for cluster config diff --git a/extraconfig/all_nodes/random_string.j2.yaml b/extraconfig/all_nodes/random_string.j2.yaml index 9ce2ca8a..77d4b381 100644 --- a/extraconfig/all_nodes/random_string.j2.yaml +++ b/extraconfig/all_nodes/random_string.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: > Example extra config for cluster config diff --git a/extraconfig/all_nodes/swap-partition.j2.yaml b/extraconfig/all_nodes/swap-partition.j2.yaml index 36076b0c..b6fef79f 100644 --- a/extraconfig/all_nodes/swap-partition.j2.yaml +++ b/extraconfig/all_nodes/swap-partition.j2.yaml @@ -1,11 +1,7 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata -description: > - Extra config to add swap space to nodes. +description: Template file to add a swap partition to a node. -# Parameters passed from the parent template - note if you maintain -# out-of-tree templates they may require additional parameters if the -# in-tree templates add a new role. parameters: servers: type: json @@ -14,9 +10,7 @@ parameters: description: Swap partition label default: 'swap1' - resources: - SwapConfig: type: OS::Heat::SoftwareConfig properties: @@ -25,8 +19,13 @@ resources: #!/bin/bash set -eux swap_partition=$(realpath /dev/disk/by-label/$swap_partition_label) - swapon $swap_partition - echo "$swap_partition swap swap defaults 0 0" >> /etc/fstab + if [ -f "$swap_partition" ]; then + swapon $swap_partition + echo "$swap_partition swap swap defaults 0 0" >> /etc/fstab + else + echo "$swap_partition needs to be a valid path" + echo "Check that $swap_partition_label is a valid partition label" + fi inputs: - name: swap_partition_label description: Swap partition label diff --git a/extraconfig/all_nodes/swap.j2.yaml b/extraconfig/all_nodes/swap.j2.yaml index ce65dacb..044f817c 100644 --- a/extraconfig/all_nodes/swap.j2.yaml +++ b/extraconfig/all_nodes/swap.j2.yaml @@ -1,11 +1,7 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata -description: > - Extra config to add swap space to nodes. +description: Template file to add a swap file to a node. -# Parameters passed from the parent template - note if you maintain -# out-of-tree templates they may require additional parameters if the -# in-tree templates add a new role. parameters: servers: type: json @@ -18,9 +14,7 @@ parameters: description: Full path to location of swap file default: '/swap' - resources: - SwapConfig: type: OS::Heat::SoftwareConfig properties: diff --git a/extraconfig/post_deploy/default.yaml b/extraconfig/post_deploy/default.yaml index ddfe0243..4da54ead 100644 --- a/extraconfig/post_deploy/default.yaml +++ b/extraconfig/post_deploy/default.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: 'Extra Post Deployment Config' parameters: servers: diff --git a/extraconfig/post_deploy/example.yaml b/extraconfig/post_deploy/example.yaml index f83dff76..8ac7eb73 100644 --- a/extraconfig/post_deploy/example.yaml +++ b/extraconfig/post_deploy/example.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: > Example extra config for post-deployment diff --git a/extraconfig/post_deploy/example_run_on_update.yaml b/extraconfig/post_deploy/example_run_on_update.yaml index 234488af..738e263b 100644 --- a/extraconfig/post_deploy/example_run_on_update.yaml +++ b/extraconfig/post_deploy/example_run_on_update.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: > Example extra config for post-deployment, this re-runs every update diff --git a/extraconfig/post_deploy/undercloud_post.sh b/extraconfig/post_deploy/undercloud_post.sh new file mode 100755 index 00000000..8bcae1d3 --- /dev/null +++ b/extraconfig/post_deploy/undercloud_post.sh @@ -0,0 +1,126 @@ +#!/bin/bash +set -eux + +ln -sf /etc/puppet/hiera.yaml /etc/hiera.yaml + + +# WRITE OUT STACKRC +if [ ! -e /root/stackrc ]; then + touch /root/stackrc + chmod 0600 /root/stackrc + +cat >> /root/stackrc <<-EOF_CAT +export OS_PASSWORD=$admin_password +export OS_AUTH_URL=$auth_url +export OS_USERNAME=admin +export OS_TENANT_NAME=admin +export COMPUTE_API_VERSION=1.1 +export NOVA_VERSION=1.1 +export OS_BAREMETAL_API_VERSION=1.15 +export OS_NO_CACHE=True +export OS_CLOUDNAME=undercloud +EOF_CAT + + if [ -n "$ssl_certificate" ]; then +cat >> /root/stackrc <<-EOF_CAT +export PYTHONWARNINGS="ignore:Certificate has no, ignore:A true SSLContext object is not available" +EOF_CAT + fi +fi + +source /root/stackrc + +if [ ! -f /root/.ssh/authorized_keys ]; then + sudo mkdir -p /root/.ssh + sudo chmod 7000 /root/.ssh/ + sudo touch /root/.ssh/authorized_keys + sudo chmod 600 /root/.ssh/authorized_keys +fi + +if [ ! -f /root/.ssh/id_rsa ]; then + ssh-keygen -b 1024 -N '' -f /root/.ssh/id_rsa +fi + +if ! grep "$(cat /root/.ssh/id_rsa.pub)" /root/.ssh/authorized_keys; then + cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys +fi + +PHYSICAL_NETWORK=ctlplane + +ctlplane_id=$(openstack network list -f csv -c ID -c Name --quote none | tail -n +2 | grep ctlplane | cut -d, -f1) +subnet_ids=$(openstack subnet list -f csv -c ID --quote none | tail -n +2) +subnet_id= + +for subnet_id in $subnet_ids; do + network_id=$(openstack subnet show -f value -c network_id $subnet_id) + if [ "$network_id" = "$ctlplane_id" ]; then + break + fi +done + +net_create=1 +if [ -n "$subnet_id" ]; then + cidr=$(openstack subnet show $subnet_id -f value -c cidr) + if [ "$cidr" = "$undercloud_network_cidr" ]; then + net_create=0 + else + echo "New cidr $undercloud_network_cidr does not equal old cidr $cidr" + echo "Will attempt to delete and recreate subnet $subnet_id" + fi +fi + +if [ "$net_create" -eq "1" ]; then + # Delete the subnet and network to make sure it doesn't already exist + if openstack subnet list | grep start; then + openstack subnet delete $(openstack subnet list | grep start | awk '{print $4}') + fi + if openstack network show ctlplane; then + openstack network delete ctlplane + fi + + + NETWORK_ID=$(openstack network create --provider-network-type=flat --provider-physical-network=ctlplane ctlplane | grep " id " | awk '{print $4}') + + NAMESERVER_ARG="" + if [ -n "${undercloud_nameserver:-}" ]; then + NAMESERVER_ARG="--dns-nameserver $undercloud_nameserver" + fi + + openstack subnet create --network=$NETWORK_ID \ + --gateway=$undercloud_network_gateway \ + --subnet-range=$undercloud_network_cidr \ + --allocation-pool start=$undercloud_dhcp_start,end=$undercloud_dhcp_end \ + --host-route destination=169.254.169.254/32,gateway=$local_ip \ + $NAMESERVER_ARG ctlplane +fi + +# Disable nova quotas +openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}') + +# MISTRAL WORKFLOW CONFIGURATION +if [ "$(hiera mistral_api_enabled)" = "true" ]; then + # load workflows + for workbook in $(openstack workbook list | grep tripleo | cut -f 2 -d ' '); do + openstack workbook delete $workbook + done + for workflow in $(openstack workflow list | grep tripleo | cut -f 2 -d ' '); do + openstack workflow delete $workflow + done + for workbook in $(ls /usr/share/openstack-tripleo-common/workbooks/*); do + openstack workbook create $workbook + done + + # Store the SNMP password in a mistral environment + if ! openstack workflow env show tripleo.undercloud-config &>/dev/null; then + TMP_MISTRAL_ENV=$(mktemp) + echo "{\"name\": \"tripleo.undercloud-config\", \"variables\": {\"undercloud_ceilometer_snmpd_password\": \"$snmp_readonly_user_password\"}}" > $TMP_MISTRAL_ENV + openstack workflow env create $TMP_MISTRAL_ENV + fi + +fi + +# IP forwarding is needed to allow the overcloud nodes access to the outside +# internet in cases where they are on an isolated network. +sysctl -w net.ipv4.ip_forward=1 +# Make it persistent +echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/ip-forward.conf diff --git a/extraconfig/post_deploy/undercloud_post.yaml b/extraconfig/post_deploy/undercloud_post.yaml new file mode 100644 index 00000000..38a9181e --- /dev/null +++ b/extraconfig/post_deploy/undercloud_post.yaml @@ -0,0 +1,93 @@ +heat_template_version: ocata + +description: > + Post-deployment for the TripleO undercloud + +parameters: + servers: + type: json + DeployedServerPortMap: + default: {} + type: json + UndercloudDhcpRangeStart: + type: string + default: '192.168.24.5' + UndercloudDhcpRangeEnd: + type: string + default: '192.168.24.24' + UndercloudNetworkCidr: + type: string + default: '192.168.24.0/24' + UndercloudNetworkGateway: + type: string + default: '192.168.24.1' + UndercloudNameserver: + type: string + default: '' + AdminPassword: #supplied by tripleo-undercloud-passwords.yaml + type: string + description: The password for the keystone admin account, used for monitoring, querying neutron etc. + hidden: True + SSLCertificate: + description: > + The content of the SSL certificate (without Key) in PEM format. + type: string + default: "" + hidden: True + SnmpdReadonlyUserPassword: + description: The user password for SNMPd with readonly rights running on all Overcloud nodes + type: string + hidden: true + +conditions: + + ssl_disabled: {equals : [{get_param: SSLCertificate}, ""]} + +resources: + + UndercloudPostConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: deploy_identifier + - name: local_ip + - name: undercloud_dhcp_start + - name: undercloud_dhcp_end + - name: undercloud_network_cidr + - name: undercloud_network_gateway + - name: undercloud_nameserver + - name: admin_password + - name: auth_url + - name: snmp_readonly_user_password + config: {get_file: ./undercloud_post.sh} + + UndercloudPostDeployment: + type: OS::Heat::SoftwareDeployments + properties: + servers: {get_param: servers} + config: {get_resource: UndercloudPostConfig} + input_values: + local_ip: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]} + undercloud_dhcp_start: {get_param: UndercloudDhcpRangeStart} + undercloud_dhcp_end: {get_param: UndercloudDhcpRangeEnd} + undercloud_network_cidr: {get_param: UndercloudNetworkCidr} + undercloud_network_gateway: {get_param: UndercloudNetworkGateway} + undercloud_nameserver: {get_param: UndercloudNameserver} + ssl_certificate: {get_param: SSLCertificate} + admin_password: {get_param: AdminPassword} + snmp_readonly_user_password: {get_param: SnmpdReadonlyUserPassword} + # if SSL is enabled we use the public virtual ip as the stackrc endpoint + auth_url: + if: + - ssl_disabled + - list_join: + - '' + - - 'http://' + - {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]} + - ':5000/v2.0' + - list_join: + - '' + - - 'https://' + - {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]} + - ':13000/v2.0' diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml index 7c65bd8b..fdf2e957 100644 --- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml +++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: > RHEL Registration and unregistration software deployments. diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration index 71ab0767..2650a967 100644 --- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration @@ -11,6 +11,7 @@ if [ -e $OK ] ; then exit 0 fi +retryCount=0 opts= attach_opts= sat5_opts= @@ -96,12 +97,28 @@ if [ -n "${REG_TYPE:-}" ]; then opts="$opts --type=$REG_TYPE" fi +function retry() { + if [[ $retryCount < 3 ]]; then + $@ + if ! [[ $? == 0 ]]; then + retryCount=$(echo $retryCount + 1 | bc) + echo "WARN: Failed to connect when running '$@', retrying..." + retry $@ + else + retryCount=0 + fi + else + echo "ERROR: Failed to connect after 3 attempts when running '$@'" + exit 1 + fi +} + function detect_satellite_version { ping_api=$REG_SAT_URL/katello/api/ping - if curl -L -k -s -D - -o /dev/null $ping_api | grep "200 OK"; then + if curl --retry 3 --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $ping_api | grep "200 OK"; then echo Satellite 6 detected at $REG_SAT_URL satellite_version=6 - elif curl -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then + elif curl --retry 3 --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then echo Satellite 5 detected at $REG_SAT_URL satellite_version=5 else @@ -112,29 +129,29 @@ function detect_satellite_version { case "${REG_METHOD:-}" in portal) - subscription-manager register $opts + retry subscription-manager register $opts if [ -z "${REG_AUTO_ATTACH:-}" -a -z "${REG_ACTIVATION_KEY:-}" ]; then - subscription-manager attach $attach_opts + retry subscription-manager attach $attach_opts fi - subscription-manager repos --disable '*' - subscription-manager $repos + retry subscription-manager repos --disable '*' + retry subscription-manager $repos ;; satellite) detect_satellite_version if [ "$satellite_version" = "6" ]; then repos="$repos --enable ${satellite_repo}" - curl -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" + curl --retry 3 --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" rpm -Uvh katello-ca-consumer-latest.noarch.rpm || true - subscription-manager register $opts - subscription-manager $repos - yum install -y katello-agent || true # needed for errata reporting to satellite6 + retry subscription-manager register $opts + retry subscription-manager $repos + retry yum install -y katello-agent || true # needed for errata reporting to satellite6 katello-package-upload - subscription-manager repos --disable ${satellite_repo} + retry subscription-manager repos --disable ${satellite_repo} else pushd /usr/share/rhn/ - curl -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT + curl --retry 3 --retry-delay 10 --max-time 30 -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT popd - rhnreg_ks --serverUrl=$REG_SAT_URL/XMLRPC $sat5_opts + retry rhnreg_ks --serverUrl=$REG_SAT_URL/XMLRPC $sat5_opts fi ;; disable) diff --git a/extraconfig/pre_network/ansible_host_config.ansible b/extraconfig/pre_network/ansible_host_config.ansible new file mode 100644 index 00000000..c126c1a1 --- /dev/null +++ b/extraconfig/pre_network/ansible_host_config.ansible @@ -0,0 +1,58 @@ +--- +- name: Configuration to be applied before rebooting the node + connection: local + hosts: localhost + + tasks: + # Kernel Args Configuration + - block: + - name: Ensure the kernel args ( {{ _KERNEL_ARGS_ }} ) is present as TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS + lineinfile: + dest: /etc/default/grub + regexp: '^TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS.*' + insertafter: '^GRUB_CMDLINE_LINUX.*' + line: 'TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS=" {{ _KERNEL_ARGS_ }} "' + - name: Add TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS to the GRUB_CMDLINE_LINUX parameter + lineinfile: + dest: /etc/default/grub + line: 'GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX:+$GRUB_CMDLINE_LINUX }${TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS}"' + insertafter: '^TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS.*' + - name: Generate grub config file + command: grub2-mkconfig -o /boot/grub2/grub.cfg + become: true + when: _KERNEL_ARGS_|default("") != "" + + # Tune-d Configuration + - block: + - name: Tune-d Configuration + lineinfile: + dest: /etc/tuned/cpu-partitioning-variables.conf + regexp: '^isolated_cores=.*' + line: 'isolated_cores={{ _HOST_CPUS_LIST_ }}' + when: _HOST_CPUS_LIST_|default("") != "" + + - name: Tune-d provile activation + shell: tuned-adm profile {{ _TUNED_PROFILE_NAME_ }} + become: true + when: _TUNED_PROFILE_NAME_|default("") != "" + + # Provisioning Network workaround + # The script will be executed before os-net-config, in which case, only Provisioning network will have IP + # BOOTPROTO of all interface config files (except provisioning), will be set to "none" to avoid reboot failing to acquire IP on other networks + - block: + - find: + paths: /etc/sysconfig/network-scripts/ + patterns: ifcfg-* + register: ifcfg_files + + - replace: + dest: "{{ item.path }}" + regexp: '^BOOTPROTO=.*' + replace: 'BOOTPROTO=none' + when: + - item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') != "lo" + # This condition will list all the interfaces except the one with valid IP (which is Provisioning network at this stage) + # Simpler Version - hostvars[inventory_hostname]['ansible_' + iface_name ]['ipv4']['address'] is undefined + - hostvars[inventory_hostname]['ansible_' + item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') ]['ipv4']['address'] is undefined + with_items: + - "{{ ifcfg_files.files }}" diff --git a/extraconfig/pre_network/config_then_reboot.yaml b/extraconfig/pre_network/config_then_reboot.yaml new file mode 100644 index 00000000..ec4d2761 --- /dev/null +++ b/extraconfig/pre_network/config_then_reboot.yaml @@ -0,0 +1,48 @@ +heat_template_version: 2014-10-16 + +description: > + Do some configuration, then reboot - sometimes needed for early-boot + changes such as modifying kernel configuration + +parameters: + server: + type: string + +resources: + + SomeConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/bash + echo "did some config before reboot" > /root/pre-reboot-config + + SomeDeployment: + type: OS::Heat::SoftwareDeployment + properties: + name: SomeDeployment + server: {get_param: server} + config: {get_resource: SomeConfig} + actions: ['CREATE'] # Only do this on CREATE + + RebootConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/bash + # Stop os-collect-config to avoid any race collecting another + # deployment before reboot happens + systemctl stop os-collect-config.service + /sbin/reboot + + RebootDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: SomeDeployment + properties: + name: RebootDeployment + server: {get_param: server} + config: {get_resource: RebootConfig} + actions: ['CREATE'] # Only do this on CREATE + signal_transport: NO_SIGNAL diff --git a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml new file mode 100644 index 00000000..bba16a66 --- /dev/null +++ b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml @@ -0,0 +1,100 @@ +heat_template_version: 2016-10-14 + +description: > + Do some configuration, then reboot - sometimes needed for early-boot + changes such as modifying kernel configuration + +parameters: + server: + type: string + {{role}}KernelArgs: + type: string + default: "" + {{role}}TunedProfileName: + type: string + default: "" + {{role}}HostCpusList: + type: string + default: "" + +conditions: + param_exists: + or: + - not: + equals: + - get_param: {{role}}KernelArgs + - "" + - not: + equals: + - get_param: {{role}}TunedProfileName + - "" + +resources: + + HostParametersConfig: + type: OS::Heat::SoftwareConfig + condition: param_exists + properties: + group: ansible + inputs: + - name: _KERNEL_ARGS_ + - name: _TUNED_PROFILE_NAME_ + - name: _HOST_CPUS_LIST_ + outputs: + - name: result + config: + get_file: ansible_host_config.ansible + + HostParametersDeployment: + type: OS::Heat::SoftwareDeployment + condition: param_exists + properties: + name: HostParametersDeployment + server: {get_param: server} + config: {get_resource: HostParametersConfig} + actions: ['CREATE'] # Only do this on CREATE + input_values: + _KERNEL_ARGS_: {get_param: {{role}}KernelArgs} + _TUNED_PROFILE_NAME_: {get_param: {{role}}TunedProfileName} + _HOST_CPUS_LIST_: {get_param: {{role}}HostCpusList} + + RebootConfig: + type: OS::Heat::SoftwareConfig + condition: param_exists + properties: + group: script + config: | + #!/bin/bash + # Stop os-collect-config to avoid any race collecting another + # deployment before reboot happens + systemctl stop os-collect-config.service + /sbin/reboot + + RebootDeployment: + type: OS::Heat::SoftwareDeployment + condition: param_exists + depends_on: HostParametersDeployment + properties: + name: RebootDeployment + server: {get_param: server} + config: {get_resource: RebootConfig} + actions: ['CREATE'] # Only do this on CREATE + signal_transport: NO_SIGNAL + +outputs: + result: + value: + get_attr: [HostParametersDeployment, result] + condition: param_exists + stdout: + value: + get_attr: [HostParametersDeployment, deploy_stdout] + condition: param_exists + stderr: + value: + get_attr: [HostParametersDeployment, deploy_stderr] + condition: param_exists + status_code: + value: + get_attr: [HostParametersDeployment, deploy_status_code] + condition: param_exists diff --git a/extraconfig/tasks/major_upgrade_block_storage.sh b/extraconfig/tasks/major_upgrade_block_storage.sh index 39861826..64c4457e 100644 --- a/extraconfig/tasks/major_upgrade_block_storage.sh +++ b/extraconfig/tasks/major_upgrade_block_storage.sh @@ -5,18 +5,7 @@ set -eu # Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then - echo "Manual upgrade of openvswitch - restart in postun detected" - mkdir OVS_UPGRADE || true - pushd OVS_UPGRADE - echo "Attempting to downloading latest openvswitch with yumdownloader" - yumdownloader --resolve openvswitch - echo "Updating openvswitch with nopostun option" - rpm -U --replacepkgs --nopostun ./*.rpm - popd -else - echo "Skipping manual upgrade of openvswitch - no restart in postun detected" -fi +special_case_ovs_upgrade_if_needed yum -y install python-zaqarclient # needed for os-collect-config yum -y -q update diff --git a/extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml b/extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml index c87e6824..cf5d7a84 100644 --- a/extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml +++ b/extraconfig/tasks/major_upgrade_ceilometer_wsgi_mitaka_newton.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: > Software-config for ceilometer configuration under httpd during upgrades diff --git a/extraconfig/tasks/major_upgrade_ceph_storage.sh b/extraconfig/tasks/major_upgrade_ceph_storage.sh index d84cad45..a745e723 100644 --- a/extraconfig/tasks/major_upgrade_ceph_storage.sh +++ b/extraconfig/tasks/major_upgrade_ceph_storage.sh @@ -8,7 +8,9 @@ set -o pipefail UPGRADE_SCRIPT=/root/tripleo_upgrade_node.sh -cat > $UPGRADE_SCRIPT << 'ENDOFCAT' +declare -f special_case_ovs_upgrade_if_needed > $UPGRADE_SCRIPT +# use >> here so we don't lose the declaration we added above +cat >> $UPGRADE_SCRIPT << 'ENDOFCAT' #!/bin/bash ### DO NOT MODIFY THIS FILE ### This file is automatically delivered to the ceph-storage nodes as part of the @@ -49,19 +51,7 @@ timeout 60 bash -c "while kill -0 ${OSD_PIDS} 2> /dev/null; do sleep 2; done" -# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then - echo "Manual upgrade of openvswitch - restart in postun detected" - mkdir OVS_UPGRADE || true - pushd OVS_UPGRADE - echo "Attempting to downloading latest openvswitch with yumdownloader" - yumdownloader --resolve openvswitch - echo "Updating openvswitch with nopostun option" - rpm -U --replacepkgs --nopostun ./*.rpm - popd -else - echo "Skipping manual upgrade of openvswitch - no restart in postun detected" -fi +special_case_ovs_upgrade_if_needed # Update (Ceph to Jewel) yum -y install python-zaqarclient # needed for os-collect-config @@ -86,7 +76,7 @@ elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then # If on ext4, we need to enforce lower values for name and namespace len # or ceph-osd will refuse to start, see: http://tracker.ceph.com/issues/16187 for OSD_ID in $OSD_IDS; do - OSD_FS=$(findmnt -n -o FSTYPE -T /var/lib/ceph/osd/ceph-${OSD_ID}) + OSD_FS=$(df -l --output=fstype /var/lib/ceph/osd/ceph-${OSD_ID} | tail -n +2) if [ ${OSD_FS} = ext4 ]; then crudini --set /etc/ceph/ceph.conf global osd_max_object_name_len 256 crudini --set /etc/ceph/ceph.conf global osd_max_object_namespace_len 64 diff --git a/extraconfig/tasks/major_upgrade_compute.sh b/extraconfig/tasks/major_upgrade_compute.sh index b0d42806..7a3e1073 100644 --- a/extraconfig/tasks/major_upgrade_compute.sh +++ b/extraconfig/tasks/major_upgrade_compute.sh @@ -18,19 +18,8 @@ set -eu crudini --set /etc/nova/nova.conf upgrade_levels compute $upgrade_level_nova_compute -# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -if [[ -n \$(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then - echo "Manual upgrade of openvswitch - restart in postun detected" - mkdir OVS_UPGRADE || true - pushd OVS_UPGRADE - echo "Attempting to downloading latest openvswitch with yumdownloader" - yumdownloader --resolve openvswitch - echo "Updating openvswitch with nopostun option" - rpm -U --replacepkgs --nopostun ./*.rpm - popd -else - echo "Skipping manual upgrade of openvswitch - no restart in postun detected" -fi +$(declare -f special_case_ovs_upgrade_if_needed) +special_case_ovs_upgrade_if_needed yum -y install python-zaqarclient # needed for os-collect-config yum -y update diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh index 7cc6735f..6bfe1239 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh @@ -100,18 +100,7 @@ if [ $DO_MYSQL_UPGRADE -eq 1 ]; then fi # Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then - echo "Manual upgrade of openvswitch - restart in postun detected" - mkdir OVS_UPGRADE || true - pushd OVS_UPGRADE - echo "Attempting to downloading latest openvswitch with yumdownloader" - yumdownloader --resolve openvswitch - echo "Updating openvswitch with nopostun option" - rpm -U --replacepkgs --nopostun ./*.rpm - popd -else - echo "Skipping manual upgrade of openvswitch - no restart in postun detected" -fi +special_case_ovs_upgrade_if_needed yum -y install python-zaqarclient # needed for os-collect-config yum -y -q update diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh index 6748f891..a3ce393f 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh @@ -57,7 +57,7 @@ if [[ -n $(is_bootstrap_node) ]]; then # TODO: check if this can be triggered in puppet and removed from here ceilometer-upgrade --config-file=/etc/ceilometer/ceilometer.conf --skip-gnocchi-resource-types cinder-manage db sync - glance-manage --config-file=/etc/glance/glance-registry.conf db_sync + glance-manage db_sync heat-manage --config-file /etc/heat/heat.conf db_sync keystone-manage db_sync neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head diff --git a/extraconfig/tasks/major_upgrade_object_storage.sh b/extraconfig/tasks/major_upgrade_object_storage.sh index 2667bb16..d9d1b4d5 100644 --- a/extraconfig/tasks/major_upgrade_object_storage.sh +++ b/extraconfig/tasks/major_upgrade_object_storage.sh @@ -23,19 +23,8 @@ function systemctl_swift { done } -# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -if [[ -n \$(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then - echo "Manual upgrade of openvswitch - restart in postun detected" - mkdir OVS_UPGRADE || true - pushd OVS_UPGRADE - echo "Attempting to downloading latest openvswitch with yumdownloader" - yumdownloader --resolve openvswitch - echo "Updating openvswitch with nopostun option" - rpm -U --replacepkgs --nopostun ./*.rpm - popd -else - echo "Skipping manual upgrade of openvswitch - no restart in postun detected" -fi +$(declare -f special_case_ovs_upgrade_if_needed) +special_case_ovs_upgrade_if_needed systemctl_swift stop diff --git a/extraconfig/tasks/major_upgrade_pacemaker.yaml b/extraconfig/tasks/major_upgrade_pacemaker.yaml index b0418a56..b63aafbd 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: 'Upgrade for Pacemaker deployments' parameters: @@ -97,7 +97,11 @@ resources: depends_on: ControllerPacemakerUpgradeDeployment_Step1 properties: group: script - config: {get_file: major_upgrade_block_storage.sh} + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_block_storage.sh BlockStorageUpgradeDeployment: type: OS::Heat::SoftwareDeploymentGroup diff --git a/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml b/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml index f6aa3066..c308720b 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: 'Upgrade for Pacemaker deployments' parameters: @@ -54,19 +54,28 @@ resources: upgrade_level_nova_compute='UPGRADE_LEVEL_NOVA_COMPUTE' params: UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute} + - get_file: pacemaker_common_functions.sh - get_file: major_upgrade_compute.sh ObjectStorageDeliverUpgradeScriptConfig: type: OS::Heat::SoftwareConfig properties: group: script - config: {get_file: major_upgrade_object_storage.sh} + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_object_storage.sh CephStorageDeliverUpgradeScriptConfig: type: OS::Heat::SoftwareConfig properties: group: script - config: {get_file: major_upgrade_ceph_storage.sh} + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_ceph_storage.sh {% for role in roles %} UpgradeInit{{role.name}}Deployment: diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh index 6d02acc8..ae22a1e7 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh +++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh @@ -83,7 +83,6 @@ function services_to_migrate { openstack-cinder-api-clone openstack-cinder-scheduler-clone openstack-glance-api-clone - openstack-glance-registry-clone openstack-gnocchi-metricd-clone openstack-gnocchi-statsd-clone openstack-heat-api-cfn-clone diff --git a/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml b/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml index b9a87d33..45933fb7 100644 --- a/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml +++ b/extraconfig/tasks/mitaka_to_newton_aodh_data_migration.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: > Software-config for performing aodh data migration diff --git a/extraconfig/tasks/pacemaker_common_functions.sh b/extraconfig/tasks/pacemaker_common_functions.sh index 2c7dfc35..aae4a2de 100755 --- a/extraconfig/tasks/pacemaker_common_functions.sh +++ b/extraconfig/tasks/pacemaker_common_functions.sh @@ -297,3 +297,27 @@ function systemctl_swift { manage_systemd_service $action $service done } + +# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 +function special_case_ovs_upgrade_if_needed { + if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then + echo "Manual upgrade of openvswitch - restart in postun detected" + rm -rf OVS_UPGRADE + mkdir OVS_UPGRADE && pushd OVS_UPGRADE + echo "Attempting to downloading latest openvswitch with yumdownloader" + yumdownloader --resolve openvswitch + for pkg in $(ls -1 *.rpm); do + if rpm -U --test $pkg 2>&1 | grep "already installed" ; then + echo "Looks like newer version of $pkg is already installed, skipping" + else + echo "Updating $pkg with nopostun option" + rpm -U --replacepkgs --nopostun $pkg + fi + done + popd + else + echo "Skipping manual upgrade of openvswitch - no restart in postun detected" + fi + +} + diff --git a/extraconfig/tasks/post_puppet_pacemaker.yaml b/extraconfig/tasks/post_puppet_pacemaker.yaml index b62502f8..a63868c9 100644 --- a/extraconfig/tasks/post_puppet_pacemaker.yaml +++ b/extraconfig/tasks/post_puppet_pacemaker.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: 'Post-Puppet Config for Pacemaker deployments' parameters: diff --git a/extraconfig/tasks/post_puppet_pacemaker_restart.yaml b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml index 52760c87..475a6688 100644 --- a/extraconfig/tasks/post_puppet_pacemaker_restart.yaml +++ b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: 'Post-Puppet restart config for Pacemaker deployments' parameters: diff --git a/extraconfig/tasks/pre_puppet_pacemaker.yaml b/extraconfig/tasks/pre_puppet_pacemaker.yaml index 82546588..aa7514f9 100644 --- a/extraconfig/tasks/pre_puppet_pacemaker.yaml +++ b/extraconfig/tasks/pre_puppet_pacemaker.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: 'Pre-Puppet Config for Pacemaker deployments' parameters: diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh index 8a88ee64..74af7b02 100755 --- a/extraconfig/tasks/yum_update.sh +++ b/extraconfig/tasks/yum_update.sh @@ -63,18 +63,7 @@ if [[ "$pacemaker_status" == "active" && \ fi # Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then - echo "Manual upgrade of openvswitch - restart in postun detected" - mkdir OVS_UPGRADE || true - pushd OVS_UPGRADE - echo "Attempting to downloading latest openvswitch with yumdownloader" - yumdownloader --resolve openvswitch - echo "Updating openvswitch with nopostun option" - rpm -U --replacepkgs --nopostun ./*.rpm - popd -else - echo "Skipping manual upgrade of openvswitch - no restart in postun detected" -fi +special_case_ovs_upgrade_if_needed if [[ "$pacemaker_status" == "active" ]] ; then echo "Pacemaker running, stopping cluster node and doing full package update" diff --git a/extraconfig/tasks/yum_update.yaml b/extraconfig/tasks/yum_update.yaml index d313ca9f..8cff838e 100644 --- a/extraconfig/tasks/yum_update.yaml +++ b/extraconfig/tasks/yum_update.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: > Software-config for performing package updates using yum @@ -9,7 +9,12 @@ resources: type: OS::Heat::SoftwareConfig properties: group: script - config: {get_file: yum_update.sh} + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: yum_update.sh + inputs: - name: update_identifier description: yum will only run for previously unused values of update_identifier diff --git a/extraconfig/tasks/yum_update_noop.yaml b/extraconfig/tasks/yum_update_noop.yaml index b759d9c5..9400c1d2 100644 --- a/extraconfig/tasks/yum_update_noop.yaml +++ b/extraconfig/tasks/yum_update_noop.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: 'No-op yum update task' resources: diff --git a/firstboot/os-net-config-mappings.yaml b/firstboot/os-net-config-mappings.yaml index 833c3bc2..d7e0c524 100644 --- a/firstboot/os-net-config-mappings.yaml +++ b/firstboot/os-net-config-mappings.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Configure os-net-config mappings for specific nodes @@ -38,7 +38,7 @@ resources: str_replace: template: | #!/bin/sh - eth_addr=$(/sbin/ifconfig eth0 | grep ether | awk '{print $2}') + eth_addr=$(cat /sys/class/net/*/address | tr '\n' ',') mkdir -p /etc/os-net-config # Create an os-net-config mapping file, note this defaults to @@ -51,7 +51,7 @@ resources: input = sys.stdin.readline() or '{}' data = json.loads(input) for node in data: - if '${eth_addr}' in data[node].values(): + if any(x in '$eth_addr'.split(',') for x in data[node].values()): interface_mapping = {'interface_mapping': data[node]} with open('/etc/os-net-config/mapping.yaml', 'w') as f: yaml.safe_dump(interface_mapping, f, default_flow_style=False) diff --git a/firstboot/userdata_default.yaml b/firstboot/userdata_default.yaml index 140d2bf8..bc379f4c 100644 --- a/firstboot/userdata_default.yaml +++ b/firstboot/userdata_default.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: > This is a default no-op template which provides empty user-data diff --git a/firstboot/userdata_dev_rsync.yaml b/firstboot/userdata_dev_rsync.yaml index 7dc7bd4d..d412b93a 100644 --- a/firstboot/userdata_dev_rsync.yaml +++ b/firstboot/userdata_dev_rsync.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: > This is first boot configuration for development purposes. It allows diff --git a/firstboot/userdata_example.yaml b/firstboot/userdata_example.yaml index a0d8c7ac..a352093f 100644 --- a/firstboot/userdata_example.yaml +++ b/firstboot/userdata_example.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata # NOTE: You don't need to pass the parameter explicitly from the # parent template, it can be specified via the parameter_defaults diff --git a/firstboot/userdata_heat_admin.yaml b/firstboot/userdata_heat_admin.yaml index 63d5bbf8..ed8302dc 100644 --- a/firstboot/userdata_heat_admin.yaml +++ b/firstboot/userdata_heat_admin.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata parameters: # Can be overridden via parameter_defaults in the environment diff --git a/firstboot/userdata_root_password.yaml b/firstboot/userdata_root_password.yaml new file mode 100644 index 00000000..63dd5a9c --- /dev/null +++ b/firstboot/userdata_root_password.yaml @@ -0,0 +1,38 @@ +heat_template_version: ocata + +description: > + Uses cloud-init to enable root logins and set the root password. + Note this is less secure than the default configuration and may not be + appropriate for production environments, it's intended for illustration + and development/debugging only. + +parameters: + NodeRootPassword: + description: Root password for the nodes + hidden: true + type: string + +resources: + userdata: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: root_config} + + root_config: + type: OS::Heat::CloudConfig + properties: + cloud_config: + ssh_pwauth: true + disable_root: false + chpasswd: + list: + str_replace: + template: "root:PASSWORD" + params: + PASSWORD: {get_param: NodeRootPassword} + expire: False + +outputs: + OS::stack_id: + value: {get_resource: userdata} diff --git a/hosts-config.yaml b/hosts-config.yaml index a24b9bb4..5a211716 100644 --- a/hosts-config.yaml +++ b/hosts-config.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: 'All Hosts Config' parameters: diff --git a/net-config-bond.yaml b/net-config-bond.yaml index db6ff2c7..3ae09c98 100644 --- a/net-config-bond.yaml +++ b/net-config-bond.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config with 2 bonded nics on a bridge. parameters: diff --git a/net-config-bridge.yaml b/net-config-bridge.yaml index e7b96695..10d53880 100644 --- a/net-config-bridge.yaml +++ b/net-config-bridge.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config for a simple bridge. parameters: diff --git a/net-config-linux-bridge.yaml b/net-config-linux-bridge.yaml index d8274f3c..04664818 100644 --- a/net-config-linux-bridge.yaml +++ b/net-config-linux-bridge.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config for a simple bridge. parameters: diff --git a/net-config-noop.yaml b/net-config-noop.yaml index 94c492c6..be05cc11 100644 --- a/net-config-noop.yaml +++ b/net-config-noop.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Software Config to no-op for os-net-config. Using this will allow you @@ -38,8 +38,8 @@ resources: OsNetConfigImpl: type: OS::Heat::StructuredConfig properties: - group: os-apply-config - config: + group: apply-config + config: {} outputs: OS::stack_id: diff --git a/net-config-static-bridge-with-external-dhcp.yaml b/net-config-static-bridge-with-external-dhcp.yaml index a1d86728..12374a28 100644 --- a/net-config-static-bridge-with-external-dhcp.yaml +++ b/net-config-static-bridge-with-external-dhcp.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network. parameters: diff --git a/net-config-static-bridge.yaml b/net-config-static-bridge.yaml index 1e1498b3..50e541be 100644 --- a/net-config-static-bridge.yaml +++ b/net-config-static-bridge.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network. parameters: diff --git a/net-config-static.yaml b/net-config-static.yaml index c67b4e99..a52e22ba 100644 --- a/net-config-static.yaml +++ b/net-config-static.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config for a simple bridge. parameters: diff --git a/net-config-undercloud.yaml b/net-config-undercloud.yaml new file mode 100644 index 00000000..9be51c0f --- /dev/null +++ b/net-config-undercloud.yaml @@ -0,0 +1,77 @@ +heat_template_version: ocata +description: > + Software Config to drive os-net-config for a simple bridge configured with a static IP address for the ctlplane network. +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: + default: '' + description: IP address/subnet on the management network + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list +resources: + OsNetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: disable_configure_safe_defaults + default: true + config: + str_replace: + template: + get_file: network/scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: br-ctlplane + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: + list_join: + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + members: + - type: interface + name: eth1 + # force the MAC address of the bridge to this interface + primary: true +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/bond-with-vlans/ceph-storage.yaml b/network/config/bond-with-vlans/ceph-storage.yaml index 2f92f4b5..703fea08 100644 --- a/network/config/bond-with-vlans/ceph-storage.yaml +++ b/network/config/bond-with-vlans/ceph-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the ceph storage role. parameters: diff --git a/network/config/bond-with-vlans/cinder-storage.yaml b/network/config/bond-with-vlans/cinder-storage.yaml index 0e53e202..df15cd63 100644 --- a/network/config/bond-with-vlans/cinder-storage.yaml +++ b/network/config/bond-with-vlans/cinder-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the cinder storage role. parameters: diff --git a/network/config/bond-with-vlans/compute-dpdk.yaml b/network/config/bond-with-vlans/compute-dpdk.yaml index a9b314a4..4677241b 100644 --- a/network/config/bond-with-vlans/compute-dpdk.yaml +++ b/network/config/bond-with-vlans/compute-dpdk.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role. parameters: diff --git a/network/config/bond-with-vlans/compute.yaml b/network/config/bond-with-vlans/compute.yaml index 4cac448b..f9c926d3 100644 --- a/network/config/bond-with-vlans/compute.yaml +++ b/network/config/bond-with-vlans/compute.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the compute role. parameters: diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml index 46090974..ce1e8654 100644 --- a/network/config/bond-with-vlans/controller-no-external.yaml +++ b/network/config/bond-with-vlans/controller-no-external.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role. parameters: diff --git a/network/config/bond-with-vlans/controller-v6.yaml b/network/config/bond-with-vlans/controller-v6.yaml index d07a26ff..bb4ac274 100644 --- a/network/config/bond-with-vlans/controller-v6.yaml +++ b/network/config/bond-with-vlans/controller-v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role with IPv6 on the External network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml index e2973a72..91515385 100644 --- a/network/config/bond-with-vlans/controller.yaml +++ b/network/config/bond-with-vlans/controller.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the controller role. parameters: diff --git a/network/config/bond-with-vlans/swift-storage.yaml b/network/config/bond-with-vlans/swift-storage.yaml index 5bdba802..6d4e3681 100644 --- a/network/config/bond-with-vlans/swift-storage.yaml +++ b/network/config/bond-with-vlans/swift-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for the swift storage role. parameters: diff --git a/network/config/multiple-nics/ceph-storage.yaml b/network/config/multiple-nics/ceph-storage.yaml index e9c34213..6a788063 100644 --- a/network/config/multiple-nics/ceph-storage.yaml +++ b/network/config/multiple-nics/ceph-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure multiple interfaces for the ceph storage role. parameters: diff --git a/network/config/multiple-nics/cinder-storage.yaml b/network/config/multiple-nics/cinder-storage.yaml index f58f1168..d2384445 100644 --- a/network/config/multiple-nics/cinder-storage.yaml +++ b/network/config/multiple-nics/cinder-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure multiple interfaces for the cinder storage role. parameters: diff --git a/network/config/multiple-nics/compute-dvr.yaml b/network/config/multiple-nics/compute-dvr.yaml new file mode 100644 index 00000000..abfd323f --- /dev/null +++ b/network/config/multiple-nics/compute-dvr.yaml @@ -0,0 +1,162 @@ +heat_template_version: ocata +description: > + Software Config to drive os-net-config to configure multiple interfaces for the + compute role with external bridge for DVR. +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: 10.0.0.1 + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string +resources: + OsNetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: + list_join: + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: ovs_bridge + name: br-tenant + use_dhcp: false + addresses: + - ip_netmask: + get_param: TenantIpSubnet + members: + - type: interface + name: nic5 + use_dhcp: false + primary: true + # External bridge for DVR (no IP address required) + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + use_dhcp: false + members: + - type: interface + name: nic6 + primary: true + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the Control Plane. + #- + # type: interface + # name: nic7 + # use_dhcp: false + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml index 9b0c8c02..101a08d3 100644 --- a/network/config/multiple-nics/compute.yaml +++ b/network/config/multiple-nics/compute.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure multiple interfaces for the compute role. parameters: diff --git a/network/config/multiple-nics/controller-v6.yaml b/network/config/multiple-nics/controller-v6.yaml index a0ed9f78..4fae435a 100644 --- a/network/config/multiple-nics/controller-v6.yaml +++ b/network/config/multiple-nics/controller-v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure multiple interfaces for the controller role with IPv6 on the External network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane. diff --git a/network/config/multiple-nics/controller.yaml b/network/config/multiple-nics/controller.yaml index e38c545c..ba9f8fd4 100644 --- a/network/config/multiple-nics/controller.yaml +++ b/network/config/multiple-nics/controller.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure multiple interfaces for the controller role. parameters: diff --git a/network/config/multiple-nics/swift-storage.yaml b/network/config/multiple-nics/swift-storage.yaml index 1ad503a7..4019012a 100644 --- a/network/config/multiple-nics/swift-storage.yaml +++ b/network/config/multiple-nics/swift-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure multiple interfaces for the swift storage role. parameters: diff --git a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml index 0a6faa79..448df69c 100644 --- a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure VLANs for the ceph storage role. parameters: diff --git a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml index 5abaea66..465555d3 100644 --- a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure VLANs for the cinder storage role. parameters: diff --git a/network/config/single-nic-linux-bridge-vlans/compute.yaml b/network/config/single-nic-linux-bridge-vlans/compute.yaml index aa63dd3a..a21bc8f9 100644 --- a/network/config/single-nic-linux-bridge-vlans/compute.yaml +++ b/network/config/single-nic-linux-bridge-vlans/compute.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure VLANs for the compute role. parameters: diff --git a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml index 28cf6ced..bb8bb9c2 100644 --- a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml +++ b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure VLANs for the controller role with IPv6 on the External network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane. diff --git a/network/config/single-nic-linux-bridge-vlans/controller.yaml b/network/config/single-nic-linux-bridge-vlans/controller.yaml index 566f1feb..a9689ce9 100644 --- a/network/config/single-nic-linux-bridge-vlans/controller.yaml +++ b/network/config/single-nic-linux-bridge-vlans/controller.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure VLANs for the controller role. parameters: diff --git a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml index fe948ad1..c8e4db29 100644 --- a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml +++ b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure VLANs for the swift storage role. parameters: diff --git a/network/config/single-nic-vlans/ceph-storage.yaml b/network/config/single-nic-vlans/ceph-storage.yaml index 6e0a97da..0b5eb0c9 100644 --- a/network/config/single-nic-vlans/ceph-storage.yaml +++ b/network/config/single-nic-vlans/ceph-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure VLANs for the ceph storage role. parameters: diff --git a/network/config/single-nic-vlans/cinder-storage.yaml b/network/config/single-nic-vlans/cinder-storage.yaml index f58665f7..882d6ebc 100644 --- a/network/config/single-nic-vlans/cinder-storage.yaml +++ b/network/config/single-nic-vlans/cinder-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure VLANs for the cinder storage role. parameters: diff --git a/network/config/single-nic-vlans/compute.yaml b/network/config/single-nic-vlans/compute.yaml index 40264284..42cfd781 100644 --- a/network/config/single-nic-vlans/compute.yaml +++ b/network/config/single-nic-vlans/compute.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure VLANs for the compute role. parameters: diff --git a/network/config/single-nic-vlans/controller-no-external.yaml b/network/config/single-nic-vlans/controller-no-external.yaml index b9aec1ea..9e0680ea 100644 --- a/network/config/single-nic-vlans/controller-no-external.yaml +++ b/network/config/single-nic-vlans/controller-no-external.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure VLANs for the controller role. No external IP is configured. parameters: diff --git a/network/config/single-nic-vlans/controller-v6.yaml b/network/config/single-nic-vlans/controller-v6.yaml index 4f065d1e..1f9a67d6 100644 --- a/network/config/single-nic-vlans/controller-v6.yaml +++ b/network/config/single-nic-vlans/controller-v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure VLANs for the controller role with IPv6 on the External network. The IPv6 default route is on the External network, and the IPv4 default route is on the Control Plane. diff --git a/network/config/single-nic-vlans/controller.yaml b/network/config/single-nic-vlans/controller.yaml index 4a615d91..4ac18315 100644 --- a/network/config/single-nic-vlans/controller.yaml +++ b/network/config/single-nic-vlans/controller.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure VLANs for the controller role. parameters: diff --git a/network/config/single-nic-vlans/swift-storage.yaml b/network/config/single-nic-vlans/swift-storage.yaml index 88f69b4d..605b8ee4 100644 --- a/network/config/single-nic-vlans/swift-storage.yaml +++ b/network/config/single-nic-vlans/swift-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: '2016-10-14' +heat_template_version: ocata description: > Software Config to drive os-net-config to configure VLANs for the swift storage role. parameters: diff --git a/network/endpoints/build_endpoint_map.py b/network/endpoints/build_endpoint_map.py index 964f58f7..7e8088be 100755 --- a/network/endpoints/build_endpoint_map.py +++ b/network/endpoints/build_endpoint_map.py @@ -191,7 +191,7 @@ def template_endpoint_items(config): def generate_endpoint_map_template(config): return collections.OrderedDict([ - ('heat_template_version', '2015-04-30'), + ('heat_template_version', 'ocata'), ('description', 'A map of OpenStack endpoints. Since the endpoints ' 'are URLs, we need to have brackets around IPv6 IP addresses. The ' 'inputs to these parameters come from net_ip_uri_map, which will ' diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index aeda0a9f..23c1ce1e 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -76,11 +76,6 @@ Glance: net_param: GlanceApi port: 9292 -GlanceRegistry: - Internal: - net_param: GlanceRegistry - port: 9191 - Mysql: Internal: net_param: Mysql @@ -205,6 +200,21 @@ Nova: '': /v2.1 port: 8774 +NovaPlacement: + Internal: + net_param: NovaApi + uri_suffixes: + '': /placement + Public: + net_param: Public + uri_suffixes: + '': /placement + Admin: + net_param: NovaApi + uri_suffixes: + '': /placement + port: 8778 + NovaVNCProxy: Internal: net_param: NovaApi @@ -276,3 +286,22 @@ Ironic: uri_suffixes: '': /v1 port: 6385 + +Zaqar: + Internal: + net_param: ZaqarApi + Public: + net_param: Public + Admin: + net_param: ZaqarApi + port: 8888 + +ZaqarWebSocket: + Internal: + net_param: ZaqarApi + Public: + net_param: Public + Admin: + net_param: ZaqarApi + port: 9000 + protocol: ws diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index 5e582d41..a17f1c96 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -2,7 +2,7 @@ ### This file is automatically generated from endpoint_data.yaml ### by the script build_endpoint_map.py -heat_template_version: '2015-04-30' +heat_template_version: ocata description: A map of OpenStack endpoints. Since the endpoints are URLs, we need to have brackets around IPv6 IP addresses. The inputs to these parameters come from net_ip_uri_map, which will include these brackets @@ -37,7 +37,6 @@ parameters: GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS} GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS} GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS} - GlanceRegistryInternal: {protocol: http, port: '9191', host: IP_ADDRESS} GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS} GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS} GnocchiPublic: {protocol: http, port: '8041', host: IP_ADDRESS} @@ -67,6 +66,9 @@ parameters: NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS} NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS} NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS} + NovaPlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS} + NovaPlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS} + NovaPlacementPublic: {protocol: http, port: '8778', host: IP_ADDRESS} NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS} @@ -79,6 +81,12 @@ parameters: SwiftAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftInternal: {protocol: http, port: '8080', host: IP_ADDRESS} SwiftPublic: {protocol: http, port: '8080', host: IP_ADDRESS} + ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS} + ZaqarWebSocketAdmin: {protocol: ws, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketInternal: {protocol: ws, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: IP_ADDRESS} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. CloudEndpoints: @@ -2045,87 +2053,6 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, GlancePublic, port] - GlanceRegistryInternal: - host: - str_replace: - template: - get_param: [EndpointMap, GlanceRegistryInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, GlanceRegistryNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, GlanceRegistryNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, GlanceRegistryInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, GlanceRegistryNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, GlanceRegistryNetwork] - port: - get_param: [EndpointMap, GlanceRegistryInternal, port] - protocol: - get_param: [EndpointMap, GlanceRegistryInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, GlanceRegistryInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, GlanceRegistryInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, GlanceRegistryNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, GlanceRegistryNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, GlanceRegistryInternal, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, GlanceRegistryInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, GlanceRegistryInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, GlanceRegistryNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, GlanceRegistryNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, GlanceRegistryInternal, port] GnocchiAdmin: host: str_replace: @@ -5071,6 +4998,255 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaPublic, port] + NovaPlacementAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, NovaPlacementAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, NovaPlacementAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, NovaApiNetwork] + port: + get_param: [EndpointMap, NovaPlacementAdmin, port] + protocol: + get_param: [EndpointMap, NovaPlacementAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, NovaPlacementAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, NovaPlacementAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, NovaPlacementAdmin, port] + - /placement + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, NovaPlacementAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, NovaPlacementAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, NovaPlacementAdmin, port] + - /placement + NovaPlacementInternal: + host: + str_replace: + template: + get_param: [EndpointMap, NovaPlacementInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, NovaPlacementInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, NovaApiNetwork] + port: + get_param: [EndpointMap, NovaPlacementInternal, port] + protocol: + get_param: [EndpointMap, NovaPlacementInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, NovaPlacementInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, NovaPlacementInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, NovaPlacementInternal, port] + - /placement + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, NovaPlacementInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, NovaPlacementInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, NovaPlacementInternal, port] + - /placement + NovaPlacementPublic: + host: + str_replace: + template: + get_param: [EndpointMap, NovaPlacementPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, NovaPlacementPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, NovaPlacementPublic, port] + protocol: + get_param: [EndpointMap, NovaPlacementPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, NovaPlacementPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, NovaPlacementPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, NovaPlacementPublic, port] + - /placement + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, NovaPlacementPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, NovaPlacementPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, NovaPlacementPublic, port] + - /placement NovaVNCProxyAdmin: host: str_replace: @@ -6291,3 +6467,489 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, SwiftPublic, port] + ZaqarAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarAdmin, port] + protocol: + get_param: [EndpointMap, ZaqarAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarAdmin, port] + ZaqarInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarInternal, port] + protocol: + get_param: [EndpointMap, ZaqarInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarInternal, port] + ZaqarPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ZaqarPublic, port] + protocol: + get_param: [EndpointMap, ZaqarPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarPublic, port] + ZaqarWebSocketAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarWebSocketAdmin, port] + protocol: + get_param: [EndpointMap, ZaqarWebSocketAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketAdmin, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketAdmin, port] + ZaqarWebSocketInternal: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, ZaqarApiNetwork] + port: + get_param: [EndpointMap, ZaqarWebSocketInternal, port] + protocol: + get_param: [EndpointMap, ZaqarWebSocketInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketInternal, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, ZaqarApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, ZaqarApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketInternal, port] + ZaqarWebSocketPublic: + host: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, ZaqarWebSocketPublic, port] + protocol: + get_param: [EndpointMap, ZaqarWebSocketPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketPublic, port] + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, ZaqarWebSocketPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, ZaqarWebSocketPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, ZaqarWebSocketPublic, port] diff --git a/network/external.yaml b/network/external.yaml index 4dfbc77e..21260d3f 100644 --- a/network/external.yaml +++ b/network/external.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > External network. Public traffic, Neutron l3router for floating IPs/SNAT, etc. diff --git a/network/external_v6.yaml b/network/external_v6.yaml index e0736ab7..51000bb7 100644 --- a/network/external_v6.yaml +++ b/network/external_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > External network. Public traffic, Neutron l3router for floating IPs/SNAT, etc. diff --git a/network/internal_api.yaml b/network/internal_api.yaml index 090e38f7..793535c6 100644 --- a/network/internal_api.yaml +++ b/network/internal_api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Internal API network. Used for most APIs, Database, RPC. diff --git a/network/internal_api_v6.yaml b/network/internal_api_v6.yaml index 19d64b0a..53950656 100644 --- a/network/internal_api_v6.yaml +++ b/network/internal_api_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Internal API network. Used for most APIs, Database, RPC. diff --git a/network/management.yaml b/network/management.yaml index 6798e11e..77fcd4ea 100644 --- a/network/management.yaml +++ b/network/management.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Management network. System administration, SSH, DNS, NTP, etc. This network diff --git a/network/management_v6.yaml b/network/management_v6.yaml index a5e70667..e1391ad2 100644 --- a/network/management_v6.yaml +++ b/network/management_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Management network. System administration, SSH, DNS, NTP, etc. This network diff --git a/network/networks.yaml b/network/networks.yaml index d3ae482b..26033ee2 100644 --- a/network/networks.yaml +++ b/network/networks.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: Create networks to split out Overcloud traffic diff --git a/network/ports/ctlplane_vip.yaml b/network/ports/ctlplane_vip.yaml index 5ac7d344..0f21e3e8 100644 --- a/network/ports/ctlplane_vip.yaml +++ b/network/ports/ctlplane_vip.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Creates a port for a VIP on the undercloud ctlplane network. diff --git a/network/ports/external.yaml b/network/ports/external.yaml index c4f815fb..c33643e7 100644 --- a/network/ports/external.yaml +++ b/network/ports/external.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Creates a port on the external network. The IP address will be chosen diff --git a/network/ports/external_from_pool.yaml b/network/ports/external_from_pool.yaml index 867176e3..893b26d9 100644 --- a/network/ports/external_from_pool.yaml +++ b/network/ports/external_from_pool.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Returns an IP from a network mapped list of IPs diff --git a/network/ports/external_from_pool_v6.yaml b/network/ports/external_from_pool_v6.yaml index e541049d..c67789af 100644 --- a/network/ports/external_from_pool_v6.yaml +++ b/network/ports/external_from_pool_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Returns an IP from a network mapped list of IPs. This version is for IPv6 diff --git a/network/ports/external_v6.yaml b/network/ports/external_v6.yaml index bfe2686f..905974f5 100644 --- a/network/ports/external_v6.yaml +++ b/network/ports/external_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Creates a port on the external network. The IP address will be chosen diff --git a/network/ports/from_service.yaml b/network/ports/from_service.yaml index 782b6b07..69a887ea 100644 --- a/network/ports/from_service.yaml +++ b/network/ports/from_service.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Returns an IP from a service mapped list of IPs diff --git a/network/ports/from_service_v6.yaml b/network/ports/from_service_v6.yaml index 80060b57..c9673dd7 100644 --- a/network/ports/from_service_v6.yaml +++ b/network/ports/from_service_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Returns an IP from a service mapped list of IPv6 IPs diff --git a/network/ports/internal_api.yaml b/network/ports/internal_api.yaml index 1d521a8d..1f96e3f2 100644 --- a/network/ports/internal_api.yaml +++ b/network/ports/internal_api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Creates a port on the internal_api network. diff --git a/network/ports/internal_api_from_pool.yaml b/network/ports/internal_api_from_pool.yaml index d7b67e26..3f16f30c 100644 --- a/network/ports/internal_api_from_pool.yaml +++ b/network/ports/internal_api_from_pool.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Returns an IP from a network mapped list of IPs diff --git a/network/ports/internal_api_from_pool_v6.yaml b/network/ports/internal_api_from_pool_v6.yaml index afb144ba..b36ef235 100644 --- a/network/ports/internal_api_from_pool_v6.yaml +++ b/network/ports/internal_api_from_pool_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Returns an IP from a network mapped list of IPs. This version is for IPv6 diff --git a/network/ports/internal_api_v6.yaml b/network/ports/internal_api_v6.yaml index 14738b33..e236156d 100644 --- a/network/ports/internal_api_v6.yaml +++ b/network/ports/internal_api_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Creates a port on the internal_api network. diff --git a/network/ports/management.yaml b/network/ports/management.yaml index 967b66e1..b626bc20 100644 --- a/network/ports/management.yaml +++ b/network/ports/management.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Creates a port on the management network. The IP address will be chosen diff --git a/network/ports/management_from_pool.yaml b/network/ports/management_from_pool.yaml index 451677b2..05fedb90 100644 --- a/network/ports/management_from_pool.yaml +++ b/network/ports/management_from_pool.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Returns an IP from a network mapped list of IPs diff --git a/network/ports/management_from_pool_v6.yaml b/network/ports/management_from_pool_v6.yaml index 4c1cc216..64758bf9 100644 --- a/network/ports/management_from_pool_v6.yaml +++ b/network/ports/management_from_pool_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Returns an IP from a network mapped list of IPs. This version is for IPv6 diff --git a/network/ports/management_v6.yaml b/network/ports/management_v6.yaml index a94ebc7b..9e6a35b8 100644 --- a/network/ports/management_v6.yaml +++ b/network/ports/management_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Creates a port on the management network. The IP address will be chosen diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.yaml index d7863e02..5782bbe9 100644 --- a/network/ports/net_ip_list_map.yaml +++ b/network/ports/net_ip_list_map.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata parameters: ControlPlaneIpList: @@ -138,3 +138,20 @@ outputs: SERVICE_short_node_names: {get_param: ServiceHostnameList} for_each: SERVICE: {get_attr: [EnabledServicesValue, value]} + short_service_bootstrap_hostnames: + description: > + Map of enabled services to a list of hostnames where they're running regardless of the network + Used for bootstrap purposes + value: + yaql: + # If ServiceHostnameList is empty the role is deployed with zero nodes + # therefore we don't want to add any *_node_names to the map + expression: dict($.data.map.items().where(len($[1]) > 0)) + data: + map: + map_merge: + repeat: + template: + SERVICE_short_bootstrap_node_name: {get_param: ServiceHostnameList} + for_each: + SERVICE: {get_attr: [EnabledServicesValue, value]} diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml index fcf2eeee..c8cf733f 100644 --- a/network/ports/net_ip_map.yaml +++ b/network/ports/net_ip_map.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata parameters: ControlPlaneIp: diff --git a/network/ports/net_vip_map_external.yaml b/network/ports/net_vip_map_external.yaml index 71e6e811..58f96e65 100644 --- a/network/ports/net_vip_map_external.yaml +++ b/network/ports/net_vip_map_external.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata parameters: # Set these via parameter defaults to configure external VIPs diff --git a/network/ports/net_vip_map_external_v6.yaml b/network/ports/net_vip_map_external_v6.yaml index 8d054349..12db8d2d 100644 --- a/network/ports/net_vip_map_external_v6.yaml +++ b/network/ports/net_vip_map_external_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata parameters: # Set these via parameter defaults to configure external VIPs diff --git a/network/ports/noop.yaml b/network/ports/noop.yaml index 96c461e0..e2004cb0 100644 --- a/network/ports/noop.yaml +++ b/network/ports/noop.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Returns the control plane port (provisioning network) as the ip_address. diff --git a/network/ports/storage.yaml b/network/ports/storage.yaml index 1ed5cca1..80400412 100644 --- a/network/ports/storage.yaml +++ b/network/ports/storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Creates a port on the storage network. diff --git a/network/ports/storage_from_pool.yaml b/network/ports/storage_from_pool.yaml index 0a3d394c..dfab49ae 100644 --- a/network/ports/storage_from_pool.yaml +++ b/network/ports/storage_from_pool.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Returns an IP from a network mapped list of IPs diff --git a/network/ports/storage_from_pool_v6.yaml b/network/ports/storage_from_pool_v6.yaml index 18faf1bd..a6cde5fc 100644 --- a/network/ports/storage_from_pool_v6.yaml +++ b/network/ports/storage_from_pool_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Returns an IP from a network mapped list of IPs. This version is for IPv6 diff --git a/network/ports/storage_mgmt.yaml b/network/ports/storage_mgmt.yaml index 548d226a..b96fbd0e 100644 --- a/network/ports/storage_mgmt.yaml +++ b/network/ports/storage_mgmt.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Creates a port on the storage_mgmt API network. diff --git a/network/ports/storage_mgmt_from_pool.yaml b/network/ports/storage_mgmt_from_pool.yaml index c3f0f4e2..6ec3dbae 100644 --- a/network/ports/storage_mgmt_from_pool.yaml +++ b/network/ports/storage_mgmt_from_pool.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Returns an IP from a network mapped list of IPs diff --git a/network/ports/storage_mgmt_from_pool_v6.yaml b/network/ports/storage_mgmt_from_pool_v6.yaml index e1145a31..2f3ea196 100644 --- a/network/ports/storage_mgmt_from_pool_v6.yaml +++ b/network/ports/storage_mgmt_from_pool_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Returns an IP from a network mapped list of IPs This version is for IPv6 diff --git a/network/ports/storage_mgmt_v6.yaml b/network/ports/storage_mgmt_v6.yaml index 9db66964..01e4c31a 100644 --- a/network/ports/storage_mgmt_v6.yaml +++ b/network/ports/storage_mgmt_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Creates a port on the storage_mgmt API network. diff --git a/network/ports/storage_v6.yaml b/network/ports/storage_v6.yaml index adf3595a..1dd76199 100644 --- a/network/ports/storage_v6.yaml +++ b/network/ports/storage_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Creates a port on the storage network. diff --git a/network/ports/tenant.yaml b/network/ports/tenant.yaml index d8f78c49..f6929b81 100644 --- a/network/ports/tenant.yaml +++ b/network/ports/tenant.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Creates a port on the tenant network. diff --git a/network/ports/tenant_from_pool.yaml b/network/ports/tenant_from_pool.yaml index d5fd7080..c72b2278 100644 --- a/network/ports/tenant_from_pool.yaml +++ b/network/ports/tenant_from_pool.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Returns an IP from a network mapped list of IPs diff --git a/network/ports/tenant_from_pool_v6.yaml b/network/ports/tenant_from_pool_v6.yaml index d4f0d29c..bc056fa6 100644 --- a/network/ports/tenant_from_pool_v6.yaml +++ b/network/ports/tenant_from_pool_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Returns an IP from a network mapped list of IPs diff --git a/network/ports/tenant_v6.yaml b/network/ports/tenant_v6.yaml index 21ba1efa..84101828 100644 --- a/network/ports/tenant_v6.yaml +++ b/network/ports/tenant_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Creates a port on the tenant network. diff --git a/network/ports/vip.yaml b/network/ports/vip.yaml index 38322907..d996d03d 100644 --- a/network/ports/vip.yaml +++ b/network/ports/vip.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Creates a port for a VIP on the isolated network NetworkName. diff --git a/network/ports/vip_v6.yaml b/network/ports/vip_v6.yaml index 498e5d69..7a45756c 100644 --- a/network/ports/vip_v6.yaml +++ b/network/ports/vip_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: > Creates a port for a VIP on the isolated network NetworkName. diff --git a/network/scripts/run-os-net-config.sh b/network/scripts/run-os-net-config.sh index fc1e6d54..a7dbedc7 100755 --- a/network/scripts/run-os-net-config.sh +++ b/network/scripts/run-os-net-config.sh @@ -1,7 +1,7 @@ #!/bin/bash -# Note this script expects the following environment variables to be set -# normally these are provided by the calling SoftwareConfig resource, but -# they may also be set manually for testing +# The following environment variables may be set to substitute in a +# custom bridge or interface name. Normally these are provided by the calling +# SoftwareConfig resource, but they may also be set manually for testing. # $bridge_name : The bridge device name to apply # $interface_name : The interface name to apply # @@ -108,16 +108,24 @@ EOF_CAT } if [ -n '$network_config' ]; then - trap configure_safe_defaults EXIT + if [ -z "${disable_configure_safe_defaults:-''}" ]; then + trap configure_safe_defaults EXIT + fi mkdir -p /etc/os-net-config # Note these variables come from the calling heat SoftwareConfig echo '$network_config' > /etc/os-net-config/config.json - sed -i "s/bridge_name/$bridge_name/" /etc/os-net-config/config.json - sed -i "s/interface_name/$interface_name/" /etc/os-net-config/config.json + + if [ "$(type -t network_config_hook)" = "function" ]; then + network_config_hook + fi + + sed -i "s/bridge_name/${bridge_name:-''}/" /etc/os-net-config/config.json + sed -i "s/interface_name/${interface_name:-''}/" /etc/os-net-config/config.json os-net-config -c /etc/os-net-config/config.json -v --detailed-exit-codes RETVAL=$? + if [[ $RETVAL == 2 ]]; then ping_metadata_ip diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index 0cb6571f..8f1c4b45 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > Mapping of service_name_network -> network name @@ -32,7 +32,6 @@ parameters: CinderApiNetwork: internal_api CinderIscsiNetwork: storage GlanceApiNetwork: storage - GlanceRegistryNetwork: internal_api IronicApiNetwork: ctlplane IronicNetwork: ctlplane KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints @@ -58,7 +57,9 @@ parameters: CephRgwNetwork: storage PublicNetwork: external OpendaylightApiNetwork: internal_api + OvnDbsNetwork: internal_api MistralApiNetwork: internal_api + ZaqarApiNetwork: internal_api # We special-case the default ResolveNetwork for the CephStorage role # for backwards compatibility, all other roles default to internal_api CephStorageHostnameResolveNetwork: storage diff --git a/network/storage.yaml b/network/storage.yaml index 35dae17a..0a704ea3 100644 --- a/network/storage.yaml +++ b/network/storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Storage network. diff --git a/network/storage_mgmt.yaml b/network/storage_mgmt.yaml index 03cfd139..c7117165 100644 --- a/network/storage_mgmt.yaml +++ b/network/storage_mgmt.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Storage management network. Storage replication, etc. diff --git a/network/storage_mgmt_v6.yaml b/network/storage_mgmt_v6.yaml index 39c456db..2b065195 100644 --- a/network/storage_mgmt_v6.yaml +++ b/network/storage_mgmt_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Storage management network. Storage replication, etc. diff --git a/network/storage_v6.yaml b/network/storage_v6.yaml index 5c8af9e5..777e6167 100644 --- a/network/storage_v6.yaml +++ b/network/storage_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Storage network. diff --git a/network/tenant.yaml b/network/tenant.yaml index 1045b81b..33055fe8 100644 --- a/network/tenant.yaml +++ b/network/tenant.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Tenant network. diff --git a/network/tenant_v6.yaml b/network/tenant_v6.yaml index bf758a50..0bf5d2f0 100644 --- a/network/tenant_v6.yaml +++ b/network/tenant_v6.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Tenant IPv6 network. diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 21013bdc..7e0ecf04 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -11,6 +11,7 @@ resource_registry: OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml {% for role in roles %} + OS::TripleO::{{role.name}}::PreNetworkConfig: OS::Heat::None OS::TripleO::{{role.name}}PostDeploySteps: puppet/post.yaml OS::TripleO::{{role.name}}: puppet/{{role.name.lower()}}-role.yaml OS::TripleO::{{role.name}}Config: puppet/{{role.name.lower()}}-config.yaml @@ -41,6 +42,8 @@ resource_registry: # in the jinja loop OS::TripleO::Controller::Net::SoftwareConfig: net-config-bridge.yaml + OS::TripleO::ServiceServerMetadataHook: OS::Heat::None + OS::TripleO::Server: OS::Nova::Server # This creates the "heat-admin" user for all OS images by default @@ -49,10 +52,14 @@ resource_registry: # Hooks for operator extra config # NodeUserData == Cloud-init additional user-data, e.g cloud-config + # role::NodeUserData == Role specific cloud-init additional user-data # ControllerExtraConfigPre == Controller configuration pre service deployment # NodeExtraConfig == All nodes configuration pre service deployment # NodeExtraConfigPost == All nodes configuration post service deployment OS::TripleO::NodeUserData: firstboot/userdata_default.yaml +{% for role in roles %} + OS::TripleO::{{role.name}}::NodeUserData: firstboot/userdata_default.yaml +{% endfor %} OS::TripleO::NodeTLSCAData: OS::Heat::None OS::TripleO::NodeTLSData: OS::Heat::None OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml @@ -90,6 +97,7 @@ resource_registry: OS::TripleO::Network::Ports::StorageVipPort: network/ports/noop.yaml OS::TripleO::Network::Ports::StorageMgmtVipPort: network/ports/noop.yaml OS::TripleO::Network::Ports::RedisVipPort: network/ports/ctlplane_vip.yaml + OS::TripleO::Network::Ports::ControlPlaneVipPort: OS::Neutron::Port # Service to network Mappings OS::TripleO::ServiceNetMap: network/service_net_map.yaml @@ -109,6 +117,7 @@ resource_registry: OS::TripleO::Services::Apache: puppet/services/apache.yaml OS::TripleO::Services::ApacheTLS: OS::Heat::None OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml + OS::TripleO::Services::CephMds: OS::Heat::None OS::TripleO::Services::CephMon: OS::Heat::None OS::TripleO::Services::CephRgw: OS::Heat::None OS::TripleO::Services::CephOSD: OS::Heat::None @@ -119,10 +128,8 @@ resource_registry: OS::TripleO::Services::CinderScheduler: puppet/services/cinder-scheduler.yaml OS::TripleO::Services::CinderVolume: puppet/services/cinder-volume.yaml OS::TripleO::Services::BlockStorageCinderVolume: puppet/services/cinder-volume.yaml - OS::TripleO::Services::Core: OS::Heat::None OS::TripleO::Services::Keystone: puppet/services/keystone.yaml OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml - OS::TripleO::Services::GlanceRegistry: puppet/services/glance-registry.yaml OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml @@ -146,6 +153,8 @@ resource_registry: OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml OS::TripleO::Services::NeutronCorePluginOpencontrail: puppet/services/neutron-plugin-opencontrail.yaml + OS::TripleO::Services::OVNDBs: OS::Heat::None + OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml @@ -163,6 +172,7 @@ resource_registry: OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml OS::TripleO::Services::NovaApi: puppet/services/nova-api.yaml + OS::TripleO::Services::NovaPlacement: puppet/services/nova-placement.yaml OS::TripleO::Services::NovaMetadata: puppet/services/nova-metadata.yaml OS::TripleO::Services::NovaScheduler: puppet/services/nova-scheduler.yaml OS::TripleO::Services::NovaConsoleauth: puppet/services/nova-consoleauth.yaml @@ -219,6 +229,9 @@ resource_registry: OS::TripleO::Services::ContrailControl: puppet/services/network/contrail-control.yaml OS::TripleO::Services::ContrailDatabase: puppet/services/network/contrail-database.yaml OS::TripleO::Services::ContrailWebui: puppet/services/network/contrail-webui.yaml + OS::TripleO::Services::Zaqar: OS::Heat::None + OS::TripleO::Services::NeutronML2FujitsuCfab: OS::Heat::None + OS::TripleO::Services::CinderHPELeftHandISCSI: OS::Heat::None parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index 39a092b1..f93c19a3 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -1,4 +1,5 @@ -heat_template_version: 2016-10-14 +{% set primary_role_name = roles[0].name -%} +heat_template_version: ocata description: > Deploy an OpenStack environment, consisting of several node types (roles), @@ -363,6 +364,7 @@ resources: services: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} ServiceNames: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]} + ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChain, role_data, service_metadata_settings]} {% endfor %} hostsConfig: @@ -414,8 +416,8 @@ resources: {% for role in roles %} - {get_attr: [{{role.name}}ServiceChain, role_data, logging_sources]} {% endfor %} - controller_ips: {get_attr: [Controller, ip_address]} - controller_names: {get_attr: [Controller, hostname]} + controller_ips: {get_attr: [{{primary_role_name}}, ip_address]} + controller_names: {get_attr: [{{primary_role_name}}, hostname]} service_ips: # Note (shardy) this somewhat complex yaql may be replaced # with a map_deep_merge function in ocata. It merges the @@ -444,8 +446,16 @@ resources: {% for role in roles %} - {get_attr: [{{role.name}}IpListMap, short_service_hostnames]} {% endfor %} + short_service_bootstrap_node: + yaql: + expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten().first()])) + data: + l: +{% for role in roles %} + - {get_attr: [{{role.name}}IpListMap, short_service_bootstrap_hostnames]} +{% endfor %} # FIXME(shardy): These require further work to move into service_ips - memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} + memcache_node_ips: {get_attr: [{{primary_role_name}}IpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} NetVipMap: {get_attr: [VipMap, net_ip_map]} RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} @@ -477,7 +487,7 @@ resources: type: OS::TripleO::Network ControlVirtualIP: - type: OS::Neutron::Port + type: OS::TripleO::Network::Ports::ControlPlaneVipPort depends_on: Networks properties: name: control_virtual_ip @@ -551,12 +561,12 @@ resources: PingTestIps: list_join: - ' ' - - - {get_attr: [Controller, resource.0.external_ip_address]} - - {get_attr: [Controller, resource.0.internal_api_ip_address]} - - {get_attr: [Controller, resource.0.storage_ip_address]} - - {get_attr: [Controller, resource.0.storage_mgmt_ip_address]} - - {get_attr: [Controller, resource.0.tenant_ip_address]} - - {get_attr: [Controller, resource.0.management_ip_address]} + - - {get_attr: [{{primary_role_name}}, resource.0.external_ip_address]} + - {get_attr: [{{primary_role_name}}, resource.0.internal_api_ip_address]} + - {get_attr: [{{primary_role_name}}, resource.0.storage_ip_address]} + - {get_attr: [{{primary_role_name}}, resource.0.storage_mgmt_ip_address]} + - {get_attr: [{{primary_role_name}}, resource.0.tenant_ip_address]} + - {get_attr: [{{primary_role_name}}, resource.0.management_ip_address]} UpdateWorkflow: type: OS::TripleO::Tasks::UpdateWorkflow @@ -583,13 +593,14 @@ resources: - {{role.name}}AllNodesValidationDeployment {% endfor %} properties: + servers: {% for role in roles %} - servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} + {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]} {% endfor %} - # Post deployment steps for all roles - AllNodesDeploySteps: - type: OS::TripleO::PostDeploySteps + # Upgrade steps for all roles + AllNodesUpgradeSteps: + type: OS::TripleO::UpgradeSteps depends_on: {% for role in roles %} - {{role.name}}AllNodesDeployment @@ -604,10 +615,10 @@ resources: {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} {% endfor %} - # Upgrade steps for all roles - AllNodesUpgradeSteps: - type: OS::TripleO::UpgradeSteps - depends_on: AllNodesDeploySteps + # Post deployment steps for all roles + AllNodesDeploySteps: + type: OS::TripleO::PostDeploySteps + depends_on: AllNodesUpgradeSteps properties: servers: {% for role in roles %} @@ -618,7 +629,6 @@ resources: {{role.name}}: {get_attr: [{{role.name}}ServiceChain, role_data]} {% endfor %} - outputs: ManagedEndpoints: description: Asserts that the keystone endpoints have been provisioned. diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 0a8bec6e..ee43c3a5 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: 'All Nodes Config for Puppet' parameters: @@ -28,6 +28,8 @@ parameters: type: json short_service_node_names: type: json + short_service_bootstrap_node: + type: json controller_names: type: comma_delimited_list memcache_node_ips: @@ -125,6 +127,7 @@ resources: - {get_param: service_ips} - {get_param: service_node_names} - {get_param: short_service_node_names} + - {get_param: short_service_bootstrap_node} - controller_node_ips: list_join: - ',' diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index c9bf894f..e92de45f 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: 'OpenStack cinder storage configured by Puppet' parameters: BlockStorageImage: @@ -71,11 +71,20 @@ parameters: description: > The DNS domain used for the hosts. This should match the dhcp_domain configured in the Undercloud neutron. Defaults to localdomain. + BlockStorageServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. This option is + role-specific and is merged with the values given to the ServerMetadata + parameter. + type: json ServerMetadata: default: {} description: > Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. + the overcloud. It's accessible via the Nova metadata API. This applies to + all roles and is merged with a role-specific metadata parameter. type: json BlockStorageSchedulerHints: type: json @@ -93,10 +102,19 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' resources: BlockStorage: @@ -118,7 +136,11 @@ resources: template: {get_param: Hostname} params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} - metadata: {get_param: ServerMetadata} + metadata: + map_merge: + - {get_param: ServerMetadata} + - {get_param: BlockStorageServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: BlockStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -130,6 +152,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -141,6 +165,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::BlockStorage::NodeUserData + ExternalPort: type: OS::TripleO::BlockStorage::Ports::ExternalPort properties: @@ -217,17 +246,134 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [BlockStorage, name]} + - ctlplane + + PreNetworkConfig: + type: OS::TripleO::BlockStorage::PreNetworkConfig + properties: + server: {get_resource: BlockStorage} + NetworkDeployment: type: OS::TripleO::SoftwareDeployment + depends_on: PreNetworkConfig properties: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: BlockStorage} actions: {get_param: NetworkDeploymentActions} + BlockStorageUpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + + # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty + # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first + BlockStorageUpgradeInitDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment + properties: + name: BlockStorageUpgradeInitDeployment + server: {get_resource: BlockStorage} + config: {get_resource: BlockStorageUpgradeInitConfig} + BlockStorageDeployment: type: OS::Heat::StructuredDeployment - depends_on: NetworkDeployment + depends_on: BlockStorageUpgradeInitDeployment properties: name: BlockStorageDeployment server: {get_resource: BlockStorage} @@ -266,42 +412,12 @@ resources: extraconfig: {get_param: ExtraConfig} volume: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - internalapi - - {get_param: CloudDomain} - fqdn_storage: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storage - - {get_param: CloudDomain} - fqdn_storage_mgmt: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - fqdn_tenant: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - tenant - - {get_param: CloudDomain} - fqdn_management: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - management - - {get_param: CloudDomain} - fqdn_ctlplane: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - ctlplane - - {get_param: CloudDomain} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -341,48 +457,13 @@ outputs: hostname_map: description: Mapping of network names to hostnames value: - external: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - external - - {get_param: CloudDomain} - internal_api: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - internalapi - - {get_param: CloudDomain} - storage: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storage - - {get_param: CloudDomain} - storage_mgmt: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - tenant: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - tenant - - {get_param: CloudDomain} - management: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - management - - {get_param: CloudDomain} - ctlplane: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - ctlplane - - {get_param: CloudDomain} + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: value: str_replace: @@ -400,47 +481,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [BlockStorage, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [BlockStorage, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [BlockStorage, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for the block storage server value: diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 18787a21..892f91ef 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: 'OpenStack ceph storage node configured by Puppet' parameters: OvercloudCephStorageFlavor: @@ -77,11 +77,20 @@ parameters: description: > The DNS domain used for the hosts. This should match the dhcp_domain configured in the Undercloud neutron. Defaults to localdomain. + CephStorageServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. This option is + role-specific and is merged with the values given to the ServerMetadata + parameter. + type: json ServerMetadata: default: {} description: > Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. + the overcloud. It's accessible via the Nova metadata API. This applies to + all roles and is merged with a role-specific metadata parameter. type: json CephStorageSchedulerHints: type: json @@ -99,10 +108,19 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' resources: CephStorage: @@ -124,7 +142,11 @@ resources: template: {get_param: Hostname} params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} - metadata: {get_param: ServerMetadata} + metadata: + map_merge: + - {get_param: ServerMetadata} + - {get_param: CephStorageServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: CephStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -136,6 +158,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -147,6 +171,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::CephStorage::NodeUserData + ExternalPort: type: OS::TripleO::CephStorage::Ports::ExternalPort properties: @@ -223,17 +252,134 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [CephStorage, name]} + - ctlplane + + PreNetworkConfig: + type: OS::TripleO::CephStorage::PreNetworkConfig + properties: + server: {get_resource: CephStorage} + NetworkDeployment: type: OS::TripleO::SoftwareDeployment + depends_on: PreNetworkConfig properties: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: CephStorage} actions: {get_param: NetworkDeploymentActions} + CephStorageUpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + + # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty + # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first + CephStorageUpgradeInitDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment + properties: + name: CephStorageUpgradeInitDeployment + server: {get_resource: CephStorage} + config: {get_resource: CephStorageUpgradeInitConfig} + CephStorageDeployment: type: OS::Heat::StructuredDeployment - depends_on: NetworkDeployment + depends_on: CephStorageUpgradeInitDeployment properties: name: CephStorageDeployment config: {get_resource: CephStorageConfig} @@ -271,42 +417,12 @@ resources: extraconfig: {get_param: ExtraConfig} ceph: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - internalapi - - {get_param: CloudDomain} - fqdn_storage: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storage - - {get_param: CloudDomain} - fqdn_storage_mgmt: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - fqdn_tenant: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - tenant - - {get_param: CloudDomain} - fqdn_management: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - management - - {get_param: CloudDomain} - fqdn_ctlplane: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - ctlplane - - {get_param: CloudDomain} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -352,48 +468,13 @@ outputs: hostname_map: description: Mapping of network names to hostnames value: - external: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - external - - {get_param: CloudDomain} - internal_api: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - internalapi - - {get_param: CloudDomain} - storage: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storage - - {get_param: CloudDomain} - storage_mgmt: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - tenant: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - tenant - - {get_param: CloudDomain} - management: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - management - - {get_param: CloudDomain} - ctlplane: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - ctlplane - - {get_param: CloudDomain} + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: value: str_replace: @@ -411,47 +492,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [CephStorage, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [CephStorage, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for the ceph storage server value: diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index f359bf70..62adcd33 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > OpenStack hypervisor node configured via Puppet. @@ -92,11 +92,20 @@ parameters: description: > The DNS domain used for the hosts. This should match the dhcp_domain configured in the Undercloud neutron. Defaults to localdomain. + NovaComputeServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. This option is + role-specific and is merged with the values given to the ServerMetadata + parameter. + type: json ServerMetadata: default: {} description: > Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. + the overcloud. It's accessible via the Nova metadata API. This applies to + all roles and is merged with a role-specific metadata parameter. type: json NovaComputeSchedulerHints: type: json @@ -111,10 +120,19 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' resources: @@ -138,7 +156,11 @@ resources: template: {get_param: Hostname} params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} - metadata: {get_param: ServerMetadata} + metadata: + map_merge: + - {get_param: ServerMetadata} + - {get_param: NovaComputeServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: NovaComputeSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -150,6 +172,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -161,6 +185,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::Compute::NodeUserData + ExternalPort: type: OS::TripleO::Compute::Ports::ExternalPort properties: @@ -226,6 +255,101 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [NovaCompute, name]} + - ctlplane + + PreNetworkConfig: + type: OS::TripleO::Compute::PreNetworkConfig + properties: + server: {get_resource: NovaCompute} + NetworkConfig: type: OS::TripleO::Compute::Net::SoftwareConfig properties: @@ -239,6 +363,7 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment + depends_on: PreNetworkConfig properties: name: NetworkDeployment config: {get_resource: NetworkConfig} @@ -248,6 +373,27 @@ resources: bridge_name: {get_param: NeutronPhysicalBridge} interface_name: {get_param: NeutronPublicInterface} + NovaComputeUpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + + # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty + # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first + NovaComputeUpgradeInitDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment + properties: + name: NovaComputeUpgradeInitDeployment + server: {get_resource: NovaCompute} + config: {get_resource: NovaComputeUpgradeInitConfig} + NovaComputeConfig: type: OS::Heat::StructuredConfig properties: @@ -284,46 +430,16 @@ resources: extraconfig: {get_param: ExtraConfig} compute: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - internalapi - - {get_param: CloudDomain} - fqdn_storage: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storage - - {get_param: CloudDomain} - fqdn_storage_mgmt: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storagemgmt - - {get_param: CloudDomain} - fqdn_tenant: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - tenant - - {get_param: CloudDomain} - fqdn_management: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - management - - {get_param: CloudDomain} - fqdn_ctlplane: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - ctlplane - - {get_param: CloudDomain} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} NovaComputeDeployment: type: OS::TripleO::SoftwareDeployment - depends_on: NetworkDeployment + depends_on: NovaComputeUpgradeInitDeployment properties: name: NovaComputeDeployment config: {get_resource: NovaComputeConfig} @@ -394,48 +510,13 @@ outputs: hostname_map: description: Mapping of network names to hostnames value: - external: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - external - - {get_param: CloudDomain} - internal_api: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - internalapi - - {get_param: CloudDomain} - storage: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storage - - {get_param: CloudDomain} - storage_mgmt: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storagemgmt - - {get_param: CloudDomain} - tenant: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - tenant - - {get_param: CloudDomain} - management: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - management - - {get_param: CloudDomain} - ctlplane: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - ctlplane - - {get_param: CloudDomain} + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: description: > Server's IP address and hostname in the /etc/hosts format @@ -455,47 +536,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [NovaCompute, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [NovaCompute, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [NovaCompute, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for the Nova compute server value: diff --git a/puppet/config.role.j2.yaml b/puppet/config.role.j2.yaml index 552c59b2..7337d062 100644 --- a/puppet/config.role.j2.yaml +++ b/puppet/config.role.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > A software config which runs puppet on the {{role}} role diff --git a/puppet/controller-config-pacemaker.yaml b/puppet/controller-config-pacemaker.yaml deleted file mode 100644 index 24f31dc8..00000000 --- a/puppet/controller-config-pacemaker.yaml +++ /dev/null @@ -1,41 +0,0 @@ -heat_template_version: 2015-04-30 - -description: > - A software config which runs manifests/overcloud_controller_pacemaker.pp - -parameters: - ConfigDebug: - default: false - description: Whether to run config management (e.g. Puppet) in debug mode. - type: boolean - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - -resources: - - ControllerPuppetConfigImpl: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules - outputs: - - name: result - inputs: - - name: step - type: Number - config: - list_join: - - '' - - - get_file: manifests/overcloud_controller_pacemaker.pp - - {get_param: StepConfig} - -outputs: - OS::stack_id: - description: The software config which runs overcloud_controller_pacemaker.pp - value: {get_resource: ControllerPuppetConfigImpl} diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 77b54ff3..9e35af5f 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > OpenStack controller node configured by Puppet. @@ -106,11 +106,20 @@ parameters: description: > The DNS domain used for the hosts. This should match the dhcp_domain configured in the Undercloud neutron. Defaults to localdomain. + ControllerServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. This option is + role-specific and is merged with the values given to the ServerMetadata + parameter. + type: json ServerMetadata: default: {} description: > Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. + the overcloud. It's accessible via the Nova metadata API. This applies to + all roles and is merged with a role-specific metadata parameter. type: json ControllerSchedulerHints: type: json @@ -125,10 +134,19 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' parameter_groups: - label: deprecated @@ -157,7 +175,11 @@ resources: template: {get_param: Hostname} params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} - metadata: {get_param: ServerMetadata} + metadata: + map_merge: + - {get_param: ServerMetadata} + - {get_param: ControllerServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: ControllerSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -169,6 +191,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -180,6 +204,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::Controller::NodeUserData + ExternalPort: type: OS::TripleO::Controller::Ports::ExternalPort properties: @@ -245,6 +274,101 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [Controller, name]} + - ctlplane + + PreNetworkConfig: + type: OS::TripleO::Controller::PreNetworkConfig + properties: + server: {get_resource: Controller} + NetworkConfig: type: OS::TripleO::Controller::Net::SoftwareConfig properties: @@ -258,6 +382,7 @@ resources: NetworkDeployment: type: OS::TripleO::SoftwareDeployment + depends_on: PreNetworkConfig properties: name: NetworkDeployment config: {get_resource: NetworkConfig} @@ -282,10 +407,30 @@ resources: server: {get_resource: Controller} NodeIndex: {get_param: NodeIndex} + ControllerUpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + + # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty + # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first + ControllerUpgradeInitDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment + properties: + name: ControllerUpgradeInitDeployment + server: {get_resource: Controller} + config: {get_resource: ControllerUpgradeInitConfig} ControllerDeployment: type: OS::TripleO::SoftwareDeployment - depends_on: NetworkDeployment + depends_on: ControllerUpgradeInitDeployment properties: name: ControllerDeployment config: {get_resource: ControllerConfig} @@ -344,42 +489,12 @@ resources: # Misc tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - internalapi - - {get_param: CloudDomain} - fqdn_storage: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storage - - {get_param: CloudDomain} - fqdn_storage_mgmt: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storagemgmt - - {get_param: CloudDomain} - fqdn_tenant: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - tenant - - {get_param: CloudDomain} - fqdn_management: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - management - - {get_param: CloudDomain} - fqdn_ctlplane: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - ctlplane - - {get_param: CloudDomain} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} # Hook for site-specific additional pre-deployment config, e.g extra hieradata ControllerExtraConfigPre: @@ -437,48 +552,13 @@ outputs: hostname_map: description: Mapping of network names to hostnames value: - external: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - external - - {get_param: CloudDomain} - internal_api: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - internalapi - - {get_param: CloudDomain} - storage: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storage - - {get_param: CloudDomain} - storage_mgmt: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storagemgmt - - {get_param: CloudDomain} - tenant: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - tenant - - {get_param: CloudDomain} - management: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - management - - {get_param: CloudDomain} - ctlplane: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - ctlplane - - {get_param: CloudDomain} + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: description: > Server's IP address and hostname in the /etc/hosts format @@ -498,47 +578,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [Controller, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [Controller, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [Controller, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for the Nova compute server value: diff --git a/puppet/deploy-artifacts.sh b/puppet/deploy-artifacts.sh index 8bcbbf4c..4e1ad89f 100644 --- a/puppet/deploy-artifacts.sh +++ b/puppet/deploy-artifacts.sh @@ -8,7 +8,7 @@ trap cleanup EXIT if [ -n "$artifact_urls" ]; then for URL in $(echo $artifact_urls | sed -e "s| |\n|g" | sort -u); do - curl --globoff -o $TMP_DATA/file_data "$artifact_urls" + curl --globoff -o $TMP_DATA/file_data "$URL" if file -b $TMP_DATA/file_data | grep RPM &>/dev/null; then yum install -y $TMP_DATA/file_data elif file -b $TMP_DATA/file_data | grep 'gzip compressed data' &>/dev/null; then diff --git a/puppet/deploy-artifacts.yaml b/puppet/deploy-artifacts.yaml index 17f84163..5e89405b 100644 --- a/puppet/deploy-artifacts.yaml +++ b/puppet/deploy-artifacts.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > Software Config to install deployment artifacts (tarball's and/or diff --git a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml index 6a2ea4d5..3daf3fd3 100644 --- a/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml +++ b/puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: Configure hieradata for all MidoNet nodes diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml index 7bda0cd5..cb8d498c 100644 --- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: Configure hieradata for Network Cisco configuration diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml index 49c77190..7fe2a842 100644 --- a/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml +++ b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: Configure hieradata for Big Switch agents on compute node diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml index f5b1f0e6..66252f1f 100644 --- a/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml +++ b/puppet/extraconfig/pre_deploy/compute/neutron-opencontrail.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: Compute node hieradata for Neutron OpenContrail configuration diff --git a/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml b/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml index 5561c74a..47c782c7 100644 --- a/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml +++ b/puppet/extraconfig/pre_deploy/compute/nova-nuage.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: Configure hieradata for Nuage configuration on the Compute diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml index 9423208e..7d639883 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-dellsc.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: Configure hieradata for Cinder Dell Storage Center configuration diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml index c7af6f22..30509044 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-eqlx.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-10-15 +heat_template_version: ocata description: Configure hieradata for Cinder Eqlx configuration diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml index 48446e5a..763ae39a 100644 --- a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml +++ b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: Configure hieradata for Cinder Netapp configuration diff --git a/puppet/extraconfig/pre_deploy/controller/multiple.yaml b/puppet/extraconfig/pre_deploy/controller/multiple.yaml index f949a397..d3d546dd 100644 --- a/puppet/extraconfig/pre_deploy/controller/multiple.yaml +++ b/puppet/extraconfig/pre_deploy/controller/multiple.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: 'Extra Pre-Deployment Config, multiple' parameters: server: diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml index 467f57cc..0f4806db 100644 --- a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml +++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: Configure hieradata for Neutron Big Switch configuration diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml index cec885cd..6eae812f 100644 --- a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml +++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-cisco-n1kv.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: Configure hieradata for Cisco N1KV configuration diff --git a/puppet/extraconfig/pre_deploy/default.yaml b/puppet/extraconfig/pre_deploy/default.yaml index dcbc6811..5da07f87 100644 --- a/puppet/extraconfig/pre_deploy/default.yaml +++ b/puppet/extraconfig/pre_deploy/default.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: 'Noop Extra Pre-Deployment Config' parameters: server: diff --git a/puppet/extraconfig/pre_deploy/per_node.yaml b/puppet/extraconfig/pre_deploy/per_node.yaml index e236e336..65113f6a 100644 --- a/puppet/extraconfig/pre_deploy/per_node.yaml +++ b/puppet/extraconfig/pre_deploy/per_node.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: Configure hieradata overrides for specific nodes diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml index f955034d..04b5ccf6 100644 --- a/puppet/extraconfig/tls/ca-inject.yaml +++ b/puppet/extraconfig/tls/ca-inject.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > This is a template which will inject the trusted anchor. diff --git a/puppet/extraconfig/tls/freeipa-enroll.yaml b/puppet/extraconfig/tls/freeipa-enroll.yaml new file mode 100644 index 00000000..7ce15069 --- /dev/null +++ b/puppet/extraconfig/tls/freeipa-enroll.yaml @@ -0,0 +1,83 @@ +heat_template_version: ocata + +description: Enroll nodes to FreeIPA + +parameters: + server: + description: ID of the controller node to apply this config to + type: string + + CloudDomain: + description: > + The configured cloud domain; this will also be used as the kerberos realm + type: string + + FreeIPAOTP: + default: '' + description: 'OTP that will be used for FreeIPA enrollment' + type: string + hidden: true + FreeIPAServer: + default: '' + description: 'FreeIPA server DNS name' + type: string + FreeIPAIPAddress: + default: '' + description: 'FreeIPA server IP Address' + type: string + +resources: + FreeIPAEnrollmentConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: otp + - name: ipa_server + - name: ipa_domain + - name: ipa_ip + config: | + #!/bin/sh + # If no IPA server was given as a parameter, it will be assumed from + # DNS. + if [ -n "${ipa_server}" ]; then + sed -i "/${ipa_server}/d" /etc/hosts + # Optionally add the FreeIPA server IP to /etc/hosts + if [ -n "${ipa_ip}" ]; then + echo "${ipa_ip} ${ipa_server}" >> /etc/hosts + fi + fi + # Set the node's domain if needed + if [ ! $(hostname -f | grep "${ipa_domain}$") ]; then + hostnamectl set-hostname "$(hostname).${ipa_domain}" + fi + yum install -y ipa-client + # Enroll. If there is already keytab, we have already done this. If + # this node hasn't enrolled and the OTP is missing, fail. + if [ ! -f /etc/krb5.keytab ]; then + if [ -z "${otp}" ]; then + echo "OTP is missing" + exit 1 + fi + ipa-client-install --server ${ipa_server} -w ${otp} \ + --domain=${ipa_domain} -U + fi + # Get a TGT + kinit -k -t /etc/krb5.keytab + + FreeIPAControllerEnrollmentDeployment: + type: OS::Heat::SoftwareDeployment + properties: + name: FreeIPAEnrollmentDeployment + config: {get_resource: FreeIPAEnrollmentConfig} + server: {get_param: server} + input_values: + otp: {get_param: FreeIPAOTP} + ipa_server: {get_param: FreeIPAServer} + ipa_domain: {get_param: CloudDomain} + ipa_ip: {get_param: FreeIPAIPAddress} + +outputs: + deploy_stdout: + description: Output of the FreeIPA enrollment deployment + value: {get_attr: [FreeIPAControllerEnrollmentDeployment, deploy_stdout]} diff --git a/puppet/extraconfig/tls/tls-cert-inject.yaml b/puppet/extraconfig/tls/tls-cert-inject.yaml index 49d84574..2a61afc0 100644 --- a/puppet/extraconfig/tls/tls-cert-inject.yaml +++ b/puppet/extraconfig/tls/tls-cert-inject.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2015-04-30 +heat_template_version: ocata description: > This is a template which will build the TLS Certificates necessary diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index f8dad433..9430a704 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: 'Upgrade steps for all roles' parameters: @@ -15,39 +15,11 @@ parameters: Setting to a previously unused value during stack-update will trigger the Upgrade resources to re-run on all roles. - UpgradeInitCommand: - type: string - description: | - Command or script snippet to run on all overcloud nodes to - initialize the upgrade process. E.g. a repository switch. - default: '' - resources: - # For the UpgradeInit also rename /etc/resolv.conf.save for +bug/1567004 - UpgradeInitConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: - list_join: - - '' - - - "#!/bin/bash\n\n" - - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" - - get_param: UpgradeInitCommand - -{% for role in roles %} - {{role.name}}Upgrade_Init: - type: OS::Heat::StructuredDeploymentGroup - properties: - name: {{role.name}}Upgrade_Init - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: UpgradeInitConfig} -{% endfor %} - # Upgrade Steps for all roles # FIXME(shardy): would be nice to make the number of steps configurable -{% for step in range(1, 8) %} +{% for step in range(0, 8) %} {% for role in roles %} # Step {{step}} resources {{role.name}}UpgradeConfig_Step{{step}}: @@ -56,10 +28,8 @@ resources: # serialization, but the event output is easier to follow if we # do, and there should be minimal performance hit (creating the # config is cheap compared to the time to apply the deployment). + {% if step > 0 %} depends_on: - {% if step == 1 %} - - {{role.name}}Upgrade_Init - {% else %} {% for dep in roles %} - {{dep.name}}Upgrade_Step{{step -1}} {% endfor %} @@ -70,7 +40,7 @@ resources: {{role.name}}Upgrade_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup - {% if step > 1 %} + {% if step > 0 %} depends_on: {% for dep in roles %} - {{dep.name}}Upgrade_Step{{step -1}} diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp deleted file mode 100644 index d329d5fc..00000000 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if hiera('step') >= 4 { - hiera_include('controller_classes', []) -} - -$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')]) -package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_role.pp b/puppet/manifests/overcloud_role.pp index 1a59620c..e2bf5146 100644 --- a/puppet/manifests/overcloud_role.pp +++ b/puppet/manifests/overcloud_role.pp @@ -24,3 +24,7 @@ if hiera('step') >= 4 { $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud___ROLE__', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} + +# NOTE(gfidente): ensure deprecated package manifest is absent, can be removed after Pike +$absent_package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')]) +package_manifest{$absent_package_manifest_name: ensure => absent} diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 60c12c3b..1633134d 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: 'OpenStack swift storage node configured by Puppet' parameters: OvercloudSwiftStorageFlavor: @@ -71,11 +71,20 @@ parameters: description: > The DNS domain used for the hosts. This should match the dhcp_domain configured in the Undercloud neutron. Defaults to localdomain. + SwiftStorageServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. This option is + role-specific and is merged with the values given to the ServerMetadata + parameter. + type: json ServerMetadata: default: {} description: > Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. + the overcloud. It's accessible via the Nova metadata API. This applies to + all roles and is merged with a role-specific metadata parameter. type: json ObjectStorageSchedulerHints: type: json @@ -93,10 +102,19 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes default: os-refresh-config --timeout 14400 + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' resources: @@ -118,7 +136,11 @@ resources: template: {get_param: Hostname} params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} - metadata: {get_param: ServerMetadata} + metadata: + map_merge: + - {get_param: ServerMetadata} + - {get_param: SwiftStorageServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: ObjectStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -130,6 +152,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -141,6 +165,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::ObjectStorage::NodeUserData + ExternalPort: type: OS::TripleO::SwiftStorage::Ports::ExternalPort properties: @@ -217,14 +246,131 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [SwiftStorage, name]} + - ctlplane + + PreNetworkConfig: + type: OS::TripleO::ObjectStorage::PreNetworkConfig + properties: + server: {get_resource: SwiftStorage} + NetworkDeployment: type: OS::TripleO::SoftwareDeployment + depends_on: PreNetworkConfig properties: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: SwiftStorage} actions: {get_param: NetworkDeploymentActions} + SwiftStorageUpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + + # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty + # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first + SwiftStorageUpgradeInitDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment + properties: + name: SwiftStorageUpgradeInitDeployment + server: {get_resource: SwiftStorage} + config: {get_resource: SwiftStorageUpgradeInitConfig} + SwiftStorageHieraConfig: type: OS::Heat::StructuredConfig properties: @@ -255,47 +401,16 @@ resources: extraconfig: {get_param: ExtraConfig} object: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} - fqdn_internal_api: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - internalapi - - {get_param: CloudDomain} - fqdn_storage: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storage - - {get_param: CloudDomain} - fqdn_storage_mgmt: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - fqdn_tenant: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - tenant - - {get_param: CloudDomain} - fqdn_management: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - management - - {get_param: CloudDomain} - fqdn_ctlplane: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - ctlplane - - {get_param: CloudDomain} - + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} SwiftStorageHieraDeploy: type: OS::Heat::StructuredDeployment - depends_on: NetworkDeployment + depends_on: SwiftStorageUpgradeInitDeployment properties: name: SwiftStorageHieraDeploy server: {get_resource: SwiftStorage} @@ -340,48 +455,13 @@ outputs: hostname_map: description: Mapping of network names to hostnames value: - external: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - external - - {get_param: CloudDomain} - internal_api: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - internalapi - - {get_param: CloudDomain} - storage: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storage - - {get_param: CloudDomain} - storage_mgmt: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storagemgmt - - {get_param: CloudDomain} - tenant: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - tenant - - {get_param: CloudDomain} - management: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - management - - {get_param: CloudDomain} - ctlplane: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - ctlplane - - {get_param: CloudDomain} + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: value: str_replace: @@ -399,47 +479,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [SwiftStorage, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [SwiftStorage, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [SwiftStorage, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for the swift storage server value: diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml index 582eb28d..2a02ea19 100644 --- a/puppet/post.j2.yaml +++ b/puppet/post.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > Post-deploy configuration steps via puppet for all roles, diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 587ff58d..2f070da2 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: 'OpenStack {{role}} node configured by Puppet' parameters: Overcloud{{role}}Flavor: @@ -28,6 +28,10 @@ parameters: constraints: - custom_constraint: nova.keypair {% endif %} + NeutronPublicInterface: + default: nic1 + description: What interface to bridge onto br-ex for network nodes. + type: string ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -83,11 +87,20 @@ parameters: description: > The DNS domain used for the hosts. This should match the dhcp_domain configured in the Undercloud neutron. Defaults to localdomain. + {{role}}ServerMetadata: + default: {} + description: > + Extra properties or metadata passed to Nova for the created nodes in + the overcloud. It's accessible via the Nova metadata API. This option is + role-specific and is merged with the values given to the ServerMetadata + parameter. + type: json ServerMetadata: default: {} description: > Extra properties or metadata passed to Nova for the created nodes in - the overcloud. It's accessible via the Nova metadata API. + the overcloud. It's accessible via the Nova metadata API. This applies to + all roles and is merged with a role-specific metadata parameter. type: json {{role}}SchedulerHints: type: json @@ -105,6 +118,9 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -115,6 +131,13 @@ parameters: LoggingGroups: type: comma_delimited_list default: [] + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' + resources: {{role}}: @@ -136,7 +159,11 @@ resources: template: {get_param: Hostname} params: {get_param: HostnameMap} software_config_transport: {get_param: SoftwareConfigTransport} - metadata: {get_param: ServerMetadata} + metadata: + map_merge: + - {get_param: ServerMetadata} + - {get_param: {{role}}ServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: {{role}}SchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -148,6 +175,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -159,6 +188,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::{{role}}::NodeUserData + ExternalPort: type: OS::TripleO::{{role}}::Ports::ExternalPort properties: @@ -235,17 +269,137 @@ resources: ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + NetHostMap: + type: OS::Heat::Value + properties: + type: json + value: + external: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - external + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - external + internal_api: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - internalapi + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - internalapi + storage: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storage + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storage + storage_mgmt: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storagemgmt + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - storagemgmt + tenant: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - tenant + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - tenant + management: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - management + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - management + ctlplane: + fqdn: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - ctlplane + - {get_param: CloudDomain} + short: + list_join: + - '.' + - - {get_attr: [{{role}}, name]} + - ctlplane + + PreNetworkConfig: + type: OS::TripleO::{{role}}::PreNetworkConfig + properties: + server: {get_resource: {{role}}} + NetworkDeployment: type: OS::TripleO::SoftwareDeployment + depends_on: PreNetworkConfig properties: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: {{role}}} actions: {get_param: NetworkDeploymentActions} + input_values: + bridge_name: br-ex + interface_name: {get_param: NeutronPublicInterface} + + {{role}}UpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + + # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty + # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first + {{role}}UpgradeInitDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: NetworkDeployment + properties: + name: {{role}}UpgradeInitDeployment + server: {get_resource: {{role}}} + config: {get_resource: {{role}}UpgradeInitConfig} {{role}}Deployment: type: OS::Heat::StructuredDeployment - depends_on: NetworkDeployment + depends_on: {{role}}UpgradeInitDeployment properties: name: {{role}}Deployment config: {get_resource: {{role}}Config} @@ -285,42 +439,12 @@ resources: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} - fqdn_internal_api: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - internalapi - - {get_param: CloudDomain} - fqdn_storage: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - storage - - {get_param: CloudDomain} - fqdn_storage_mgmt: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - storagemgmt - - {get_param: CloudDomain} - fqdn_tenant: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - tenant - - {get_param: CloudDomain} - fqdn_management: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - management - - {get_param: CloudDomain} - fqdn_ctlplane: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - ctlplane - - {get_param: CloudDomain} + fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]} + fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} + fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -366,48 +490,13 @@ outputs: hostname_map: description: Mapping of network names to hostnames value: - external: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - external - - {get_param: CloudDomain} - internal_api: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - internalapi - - {get_param: CloudDomain} - storage: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - storage - - {get_param: CloudDomain} - storage_mgmt: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - storagemgmt - - {get_param: CloudDomain} - tenant: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - tenant - - {get_param: CloudDomain} - management: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - management - - {get_param: CloudDomain} - ctlplane: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - ctlplane - - {get_param: CloudDomain} + external: {get_attr: [NetHostMap, value, external, fqdn]} + internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} + storage: {get_attr: [NetHostMap, value, storage, fqdn]} + storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} + tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} + management: {get_attr: [NetHostMap, value, management, fqdn]} + ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: value: str_replace: @@ -425,47 +514,19 @@ outputs: DOMAIN: {get_param: CloudDomain} PRIMARYHOST: {get_attr: [{{role}}, name]} EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - external + EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - internalapi + INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - storage + STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - storagemgmt + STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - tenant + TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - management + MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} CTLPLANEIP: {get_attr: [{{role}}, networks, ctlplane, 0]} - CTLPLANEHOST: - list_join: - - '.' - - - {get_attr: [{{role}}, name]} - - ctlplane + CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} nova_server_resource: description: Heat resource handle for {{role}} server value: diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 856b306e..6e4e9c1d 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -74,3 +74,17 @@ step, "step2" for the second, etc. 6) Start control-plane services 7) Any additional online migration tasks (e.g data migrations) + +Nova Server Metadata Settings +----------------------------- + +One can use the hook of type `OS::TripleO::ServiceServerMetadataHook` to pass +entries to the nova instances' metadata. It is, however, disabled by default. +In order to overwrite it one needs to define it in the resource registry. An +implementation of this hook needs to conform to the following: + +* It needs to define an input called `RoleData` of json type. This gets as + input the contents of the `role_data` for each role's ServiceChain. + +* This needs to define an output called `metadata` which will be given to the + Nova Server resource as the instance's metadata. diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 347a8c13..4e735b45 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Aodh API service configured with Puppet @@ -55,9 +55,10 @@ outputs: aodh::wsgi::apache::servername: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} + aodh::wsgi::apache::wsgi_process_display_name: 'aodh_wsgi' aodh::api::service_name: 'httpd' aodh::api::enable_proxy_headers_parsing: true tripleo.aodh_api.firewall_rules: @@ -68,7 +69,7 @@ outputs: aodh::api::host: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, AodhApiNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 0e2410f7..8648a971 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Aodh service configured with Puppet @@ -69,6 +69,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/aodh' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" aodh::debug: {get_param: Debug} aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml index 405c500e..61f8c23f 100644 --- a/puppet/services/aodh-evaluator.yaml +++ b/puppet/services/aodh-evaluator.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Aodh Evaluator service configured with Puppet diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml index fc4e8b39..715165b3 100644 --- a/puppet/services/aodh-listener.yaml +++ b/puppet/services/aodh-listener.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Aodh Listener service configured with Puppet diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml index 2e51c639..da85581b 100644 --- a/puppet/services/aodh-notifier.yaml +++ b/puppet/services/aodh-notifier.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Aodh Notifier service configured with Puppet diff --git a/puppet/services/apache-internal-tls-certmonger.yaml b/puppet/services/apache-internal-tls-certmonger.yaml index 87e53f13..07ec1b3c 100644 --- a/puppet/services/apache-internal-tls-certmonger.yaml +++ b/puppet/services/apache-internal-tls-certmonger.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > Apache service TLS configurations. @@ -35,8 +35,8 @@ outputs: httpd-NETWORK: service_certificate: '/etc/pki/tls/certs/httpd-NETWORK.crt' service_key: '/etc/pki/tls/private/httpd-NETWORK.key' - hostname: "%{::fqdn_NETWORK}" - principal: "HTTP/%{::fqdn_NETWORK}" + hostname: "%{hiera('fqdn_NETWORK')}" + principal: "HTTP/%{hiera('fqdn_NETWORK')}" for_each: NETWORK: # NOTE(jaosorior) Get unique network names to create diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index 382e0ff9..2e95dcb0 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > Apache service configured with Puppet. Note this is typically included diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 1a5e9134..000a744c 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Barbican API service configured with Puppet @@ -93,7 +93,7 @@ outputs: barbican::wsgi::apache::servername: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, BarbicanApiNetwork]} barbican::db::database_connection: @@ -105,6 +105,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/barbican' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" tripleo.barbican_api.firewall_rules: '117 barbican': dport: diff --git a/puppet/services/ca-certs.yaml b/puppet/services/ca-certs.yaml index 1a534156..735e6dde 100644 --- a/puppet/services/ca-certs.yaml +++ b/puppet/services/ca-certs.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > HAproxy service configured with Puppet diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index c4abc307..b9d8966c 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Ceilometer Central Agent service configured with Puppet diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml index 5457539c..b1d36c94 100644 --- a/puppet/services/ceilometer-agent-compute.yaml +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Ceilometer Compute Agent service configured with Puppet diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml index ea403aa1..9c9a3bd9 100644 --- a/puppet/services/ceilometer-agent-notification.yaml +++ b/puppet/services/ceilometer-agent-notification.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Ceilometer Notification Agent service configured with Puppet diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index 2f34f248..63e02d4f 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Ceilometer API service configured with Puppet @@ -75,7 +75,7 @@ outputs: ceilometer::api::host: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} ceilometer::wsgi::apache::bind_host: {get_param: [ServiceNetMap, CeilometerApiNetwork]} @@ -83,7 +83,7 @@ outputs: ceilometer::wsgi::apache::servername: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CeilometerApiNetwork]} service_config_settings: diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index ded1bc03..0528368e 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Ceilometer service configured with Puppet @@ -31,9 +31,9 @@ parameters: type: string hidden: true CeilometerMeterDispatcher: - default: 'gnocchi' - description: Dispatcher to process meter data - type: string + default: ['gnocchi'] + description: Comma-seperated list of Dispatcher to process meter data + type: comma_delimited_list constraints: - allowed_values: ['gnocchi', 'database'] CeilometerEventDispatcher: @@ -50,6 +50,14 @@ parameters: default: false description: Whether to store events in ceilometer. type: boolean + EnableLegacyCeilometerApi: + default: false + description: Enable legacy ceilometer Api service if needed. + type: boolean + EventPipelinePublishers: + default: ['notifier://?topic=alarm.all'] + description: A list of publishers to put in event_pipeline.yaml. + type: comma_delimited_list Debug: default: '' description: Set to True to enable debugging on all services. @@ -93,6 +101,9 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ceilometer' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + enable_legacy_ceilometer_api: {get_param: EnableLegacyCeilometerApi} ceilometer_backend: {get_param: CeilometerBackend} ceilometer::metering_secret: {get_param: CeilometerMeteringSecret} # we include db_sync class in puppet-tripleo @@ -104,6 +115,7 @@ outputs: ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents} + ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers} ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion} ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_endpoint_type: 'internalURL' diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml index e3f1ef4e..88e7d781 100644 --- a/puppet/services/ceilometer-collector.yaml +++ b/puppet/services/ceilometer-collector.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Ceilometer Collector service configured with Puppet diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml index 3b811c4d..714434b1 100644 --- a/puppet/services/ceilometer-expirer.yaml +++ b/puppet/services/ceilometer-expirer.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Ceilometer Expirer service configured with Puppet diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index 8faf5640..033d3f77 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > Ceph base service. Shared by all Ceph services. diff --git a/puppet/services/ceph-client.yaml b/puppet/services/ceph-client.yaml index b482dd2e..f972e21b 100644 --- a/puppet/services/ceph-client.yaml +++ b/puppet/services/ceph-client.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Ceph Client service. diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index b708665f..aaa9b039 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > Ceph External service. @@ -61,6 +61,12 @@ parameters: MonitoringSubscriptionCephExternal: default: 'overcloud-ceph-external' type: string + RbdDefaultFeatures: + default: '' + description: The default features enabled when creating a block device + image. Only applies to format 2 images. Set to '1' for Jewel + clients using older Ceph servers. + type: string conditions: glance_multiple_locations: @@ -81,6 +87,7 @@ outputs: config_settings: tripleo::profile::base::ceph::ceph_mon_host: {get_param: CephExternalMonHost} ceph::profile::params::fsid: {get_param: CephClusterFSID} + ceph::profile::params::rbd_default_features: {get_param: RbdDefaultFeatures} ceph::profile::params::client_keys: str_replace: template: "{ diff --git a/puppet/services/pacemaker/gnocchi-api.yaml b/puppet/services/ceph-mds.yaml index 6a9161fa..b68567fb 100644 --- a/puppet/services/pacemaker/gnocchi-api.yaml +++ b/puppet/services/ceph-mds.yaml @@ -1,7 +1,7 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > - Gnocchi service configured with Puppet + Ceph MDS service. parameters: ServiceNetMap: @@ -18,13 +18,15 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - MonitoringSubscriptionGnocchiApi: - default: 'overcloud-gnocchi-api' + CephMdsKey: + description: The cephx key for the MDS service. Can be created + with ceph-authtool --gen-print-key. type: string + hidden: true resources: - GnocchiServiceBase: - type: ../gnocchi-api.yaml + CephBase: + type: ./ceph-base.yaml properties: ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} @@ -32,14 +34,16 @@ resources: outputs: role_data: - description: Role data for the Gnocchi role. + description: Role data for the Ceph MDS service. value: - service_name: gnocchi_api - monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiApi} + service_name: ceph_mds config_settings: map_merge: - - get_attr: [GnocchiServiceBase, role_data, config_settings] - - gnocchi::metricd::manage_service: false - gnocchi::metricd::enabled: false + - get_attr: [CephBase, role_data, config_settings] + - ceph::profile::params::mds_key: {get_param: CephMdsKey} + tripleo.ceph_mds.firewall_rules: + '112 ceph_mds': + dport: + - '6800-7300' step_config: | - include ::tripleo::profile::pacemaker::gnocchi::api + include ::tripleo::profile::base::ceph::mds diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index 79f5432d..68ad69b7 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Ceph Monitor service. diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml index f6378720..df0ee6c3 100644 --- a/puppet/services/ceph-osd.yaml +++ b/puppet/services/ceph-osd.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Ceph OSD service. diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index 4b85d28f..6448387c 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Ceph RadosGW service. diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 8d57418e..7d197831 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > OpenStack Cinder API service configured with Puppet @@ -101,7 +101,7 @@ outputs: cinder::api::bind_host: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]} cinder::wsgi::apache::ssl: {get_param: EnableInternalTLS} @@ -115,7 +115,7 @@ outputs: cinder::wsgi::apache::servername: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, CinderApiNetwork]} - @@ -147,3 +147,19 @@ outputs: cinder::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + upgrade_tasks: + - name: check for cinder running under apache (post upgrade) + tags: step2 + shell: "apachectl -t -D DUMP_VHOSTS | grep -q cinder" + register: cinder_apache + ignore_errors: true + - name: Stop cinder_api service (running under httpd) + tags: step2 + service: name=httpd state=stopped + when: "cinder_apache.rc == 0" + - name: Stop and disable cinder_api service (pre-upgrade not under httpd) + tags: step2 + service: name=openstack-cinder-api state=stopped enabled=no + - name: Start cinder_api service (running under httpd) + tags: step6 + service: name=httpd state=started diff --git a/puppet/services/cinder-backup.yaml b/puppet/services/cinder-backup.yaml index 80795457..14be07af 100644 --- a/puppet/services/cinder-backup.yaml +++ b/puppet/services/cinder-backup.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Cinder Backup service configured with Puppet diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index 59c9b844..be4b4af2 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Cinder base service. Shared by all Cinder services. @@ -60,6 +60,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/cinder' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" cinder::debug: {get_param: Debug} cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL} cinder::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/cinder-hpelefthand-iscsi.yaml b/puppet/services/cinder-hpelefthand-iscsi.yaml new file mode 100644 index 00000000..f22a3aeb --- /dev/null +++ b/puppet/services/cinder-hpelefthand-iscsi.yaml @@ -0,0 +1,56 @@ +heat_template_version: 2017-02-24 + +description: > + Configure Cinder HPELeftHandISCSIDriver + +parameters: + # Config specific parameters, to be provided via parameter_defaults + CinderHPELeftHandISCSIApiUrl: + type: string + CinderHPELeftHandISCSIUserName: + type: string + CinderHPELeftHandISCSIPassword: + type: string + hidden: true + CinderHPELeftHandISCSIBackendName: + type: string + default: 'tripleo_hpelefthand' + CinderHPELeftHandISCSIChapEnabled: + type: boolean + default: false + CinderHPELeftHandClusterName: + type: string + CinderHPELeftHandDebug: + type: boolean + default: false + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for Cinder HPELeftHandISCSIDriver + value: + service_name: cinder_hpelefthand_iscsi + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_hpelefthand_backend: true + cinder::backend::hpelefthand_iscsi::hpelefthand_api_url: {get_param: CinderHPELeftHandISCSIApiUrl} + cinder::backend::hpelefthand_iscsi::hpelefthand_username: {get_param: CinderHPELeftHandISCSIUserName} + cinder::backend::hpelefthand_iscsi::hpelefthand_password: {get_param: CinderHPELeftHandISCSIPassword} + cinder::backend::hpelefthand_iscsi::volume_backend_name: {get_param: CinderHPELeftHandISCSIBackendName} + cinder::backend::hpelefthand_iscsi::hpelefthand_iscsi_chap_enabled: {get_param: CinderHPELeftHandISCSIChapEnabled} + cinder::backend::hpelefthand_iscsi::hpelefthand_clustername: {get_param: CinderHPELeftHandClusterName} + cinder::backend::hpelefthand_iscsi::hpelefthand_debug: {get_param: CinderHPELeftHandDebug} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml index 94c263ea..e12af631 100644 --- a/puppet/services/cinder-scheduler.yaml +++ b/puppet/services/cinder-scheduler.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Cinder Scheduler service configured with Puppet @@ -51,3 +51,10 @@ outputs: - cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler step_config: | include ::tripleo::profile::base::cinder::scheduler + upgrade_tasks: + - name: Stop cinder_scheduler service + tags: step2 + service: name=openstack-cinder-scheduler state=stopped + - name: Start cinder_scheduler service + tags: step6 + service: name=openstack-cinder-scheduler state=started diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index 82e16f39..cc06d87b 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Cinder Volume service configured with Puppet @@ -110,3 +110,14 @@ outputs: tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]} step_config: | include ::tripleo::profile::base::cinder::volume + upgrade_tasks: + - name: Stop cinder_volume service + tags: step2 + service: name=openstack-cinder-volume state=stopped + - name: Sync cinder_volume DB + tags: step5 + command: cinder-manage db sync + - name: Start cinder_volume service + tags: step6 + service: name=openstack-cinder-volume state=started + diff --git a/puppet/services/database/mongodb-base.yaml b/puppet/services/database/mongodb-base.yaml index 3f4f106d..c27fcb7f 100644 --- a/puppet/services/database/mongodb-base.yaml +++ b/puppet/services/database/mongodb-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Configuration details for MongoDB service using composable roles diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml index 01daeafe..8290cae7 100644 --- a/puppet/services/database/mongodb.yaml +++ b/puppet/services/database/mongodb.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > MongoDb service deployment using puppet diff --git a/puppet/services/database/mysql-internal-tls-certmonger.yaml b/puppet/services/database/mysql-internal-tls-certmonger.yaml index 3ba51fb6..56d037e7 100644 --- a/puppet/services/database/mysql-internal-tls-certmonger.yaml +++ b/puppet/services/database/mysql-internal-tls-certmonger.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > MySQL configurations for using TLS via certmonger. diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index cacf6db0..7e12894f 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > MySQL service deployment using puppet @@ -87,12 +87,17 @@ outputs: tripleo::profile::base::database::mysql::bind_address: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} + tripleo::profile::base::database::mysql::client_bind_address: + {get_param: [ServiceNetMap, MysqlNetwork]} step_config: | include ::tripleo::profile::base::database::mysql upgrade_tasks: + - name: Check for galera root password + tags: step0 + file: path=/root/.my.cnf state=file - name: Stop service tags: step2 service: name=mariadb state=stopped diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index 2fab0eb6..2b7dd430 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Redis service configured with Puppet diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml index 1c333b97..5ea25ca8 100644 --- a/puppet/services/database/redis.yaml +++ b/puppet/services/database/redis.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Redis service configured with Puppet diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 33abdbf9..6d01bd48 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Glance API service configured with Puppet @@ -75,15 +75,13 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/glance' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - glance::api::registry_host: - str_replace: - template: "'REGISTRY_HOST'" - params: - REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]} - glance::api::registry_client_protocol: {get_param: [EndpointMap, GlanceRegistryInternal, protocol] } + glance::api::enable_v1_api: false + glance::api::enable_v2_api: true glance::api::authtoken::password: {get_param: GlancePassword} glance::api::enable_proxy_headers_parsing: true glance::api::debug: {get_param: Debug} @@ -107,3 +105,13 @@ outputs: include ::tripleo::profile::base::glance::api service_config_settings: get_attr: [GlanceBase, role_data, service_config_settings] + upgrade_tasks: + - name: Stop glance_api service + tags: step2 + service: name=openstack-glance-api state=stopped + - name: Sync glance_api DB + tags: step5 + command: glance-manage --config-file=/etc/glance/glance-api.conf db_sync + - name: Start glance_api service + tags: step6 + service: name=openstack-glance-api state=started diff --git a/puppet/services/glance-base.yaml b/puppet/services/glance-base.yaml index cc979af9..f5548982 100644 --- a/puppet/services/glance-base.yaml +++ b/puppet/services/glance-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > OpenStack Glance Common settings with Puppet @@ -105,8 +105,6 @@ outputs: glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} glance::notify::rabbitmq::notification_driver: messagingv2 - glance::registry::db::database_db_max_retries: -1 - glance::registry::db::database_max_retries: -1 tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled} tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare} tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions} diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml deleted file mode 100644 index c45582d4..00000000 --- a/puppet/services/glance-registry.yaml +++ /dev/null @@ -1,100 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Glance Registry service configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - GlancePassword: - description: The password for the glance service and db account, used by the glance services. - type: string - hidden: true - GlanceWorkers: - default: '' - description: | - Number of worker processes for glance registry. If left unset (empty - string), the default value will result in the configuration being left - unset and a system-dependent default value will be chosen (e.g.: number of - processors). Please note that this will create a large number of processes - on systems with a large number of CPUs resulting in excess memory - consumption. It is recommended that a suitable non-default value be - selected on such systems. - type: string - MonitoringSubscriptionGlanceRegistry: - default: 'overcloud-glance-registry' - type: string - GlanceRegistryLoggingSource: - type: json - default: - tag: openstack.glance.registry - path: /var/log/glance/registry.log - -resources: - GlanceBase: - type: ./glance-base.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Glance Registry role. - value: - service_name: glance_registry - monitoring_subscription: {get_param: MonitoringSubscriptionGlanceRegistry} - logging_source: {get_param: GlanceRegistryLoggingSource} - logging_groups: - - glance - config_settings: - map_merge: - - get_attr: [GlanceBase, role_data, config_settings] - - - glance::registry::database_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://glance:' - - {get_param: GlancePassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/glance' - glance::registry::authtoken::password: {get_param: GlancePassword} - glance::registry::authtoken::project_name: 'service' - glance::registry::pipeline: 'keystone' - glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - glance::registry::debug: {get_param: Debug} - glance::registry::workers: {get_param: GlanceWorkers} - tripleo.glance_registry.firewall_rules: - '112 glance_registry': - dport: - - 9191 - # NOTE: bind IP is found in Heat replacing the network name with the - # local node IP for the given network; replacement examples - # (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]} - step_config: | - include ::tripleo::profile::base::glance::registry - service_config_settings: - get_attr: [GlanceBase, role_data, config_settings] diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index d5f8e62d..3929e005 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Gnocchi service configured with Puppet @@ -91,7 +91,7 @@ outputs: gnocchi::wsgi::apache::servername: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} tripleo::profile::base::gnocchi::api::gnocchi_backend: {get_param: GnocchiBackend} @@ -102,10 +102,11 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR gnocchi::wsgi::apache::bind_host: {get_param: [ServiceNetMap, GnocchiApiNetwork]} + gnocchi::wsgi::apache::wsgi_process_display_name: 'gnocchi_wsgi' gnocchi::api::host: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, GnocchiApiNetwork]} diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index 556baae0..d92b1766 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Gnocchi service configured with Puppet @@ -67,6 +67,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/gnocchi' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" gnocchi::db::sync::extra_opts: '--skip-storage --create-legacy-resource-types' gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml index 1400bc98..e5f9a8e7 100644 --- a/puppet/services/gnocchi-metricd.yaml +++ b/puppet/services/gnocchi-metricd.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Gnocchi service configured with Puppet diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml index 983d6c91..df438b37 100644 --- a/puppet/services/gnocchi-statsd.yaml +++ b/puppet/services/gnocchi-statsd.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Gnocchi service configured with Puppet diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml index c6d53542..77457593 100644 --- a/puppet/services/haproxy-internal-tls-certmonger.yaml +++ b/puppet/services/haproxy-internal-tls-certmonger.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > HAProxy deployment with TLS enabled, powered by certmonger diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml index 1551d16a..227697b9 100644 --- a/puppet/services/haproxy-public-tls-certmonger.yaml +++ b/puppet/services/haproxy-public-tls-certmonger.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > HAProxy deployment with TLS enabled, powered by certmonger diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 675a79ec..9049c901 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > HAproxy service configured with Puppet diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 12d4a6a1..f4d3cad3 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Openstack Heat CloudFormation API service configured with Puppet @@ -84,3 +84,11 @@ outputs: heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} heat::keystone::auth_cfn::password: {get_param: HeatPassword} heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} + upgrade_tasks: + - name: Stop heat_api_cfn service + tags: step2 + service: name=openstack-heat-api-cfn state=stopped + - name: Start heat_api_cfn service + tags: step6 + service: name=openstack-heat-api-cfn state=started + diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index 6dfeaaf3..ba4a287a 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Openstack Heat CloudWatch API service configured with Puppet @@ -66,3 +66,10 @@ outputs: heat::api_cloudwatch::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api_cloudwatch + upgrade_tasks: + - name: Stop heat_api_cloudwatch service + tags: step2 + service: name=openstack-heat-api-cloudwatch state=stopped + - name: Start heat_api_cloudwatch service + tags: step6 + service: name=openstack-heat-api state=started diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index b0cd16dd..7ec9d6d4 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Openstack Heat API service configured with Puppet @@ -84,3 +84,10 @@ outputs: heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} heat::keystone::auth::password: {get_param: HeatPassword} heat::keystone::auth::region: {get_param: KeystoneRegion} + upgrade_tasks: + - name: Stop heat_api service + tags: step2 + service: name=openstack-heat-api state=stopped + - name: Start heat_api service + tags: step6 + service: name=openstack-heat-api state=started diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index a2a65d7d..a933a94b 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Openstack Heat base service. Shared for all Heat services. @@ -57,6 +57,7 @@ outputs: heat::rabbit_port: {get_param: RabbitClientPort} heat::debug: {get_param: Debug} heat::enable_proxy_headers_parsing: true + heat::rpc_response_timeout: 600 # We need this because the default heat policy.json no longer works on TripleO # https://git.openstack.org/cgit/openstack/heat/commit/?id=ac86702172ddf01f5bdc3f3cd99d2e32ad9b7024 heat::policy::policies: @@ -77,6 +78,8 @@ outputs: heat::cron::purge_deleted::destination: '/dev/null' heat::db::database_db_max_retries: -1 heat::db::database_max_retries: -1 + heat::yaql_memory_quota: 100000 + heat::yaql_limit_iterators: 1000 service_config_settings: keystone: tripleo::profile::base::keystone::heat_admin_domain: 'heat_stack' diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 3f0e4105..6efb0653 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > Openstack Heat Engine service configured with Puppet @@ -48,6 +48,15 @@ parameters: default: tag: openstack.heat.engine path: /var/log/heat/heat-engine.log + HeatConvergenceEngine: + type: boolean + default: true + description: Enables the heat engine with the convergence architecture. + HeatMaxResourcesPerStack: + type: number + default: 1000 + description: Maximum resources allowed per top-level stack. -1 stands for unlimited. + resources: HeatBase: @@ -72,6 +81,26 @@ outputs: - heat::engine::num_engine_workers: {get_param: HeatWorkers} heat::engine::configure_delegated_roles: false heat::engine::trusts_delegated_roles: [] + heat::engine::max_nested_stack_depth: 6 + heat::engine::max_resources_per_stack: {get_param: HeatMaxResourcesPerStack} + heat::engine::heat_metadata_server_url: + list_join: + - '' + - - {get_param: [EndpointMap, HeatCfnPublic, protocol]} + - '://' + - {get_param: [EndpointMap, HeatCfnPublic, host]} + - ':' + - {get_param: [EndpointMap, HeatCfnPublic, port]} + heat::engine::heat_waitcondition_server_url: + list_join: + - '' + - - {get_param: [EndpointMap, HeatCfnPublic, protocol]} + - '://' + - {get_param: [EndpointMap, HeatCfnPublic, host]} + - ':' + - {get_param: [EndpointMap, HeatCfnPublic, port]} + - '/v1/waitcondition' + heat::engine::convergence_engine: {get_param: HeatConvergenceEngine} tripleo::profile::base::heat::manage_db_purge: {get_param: HeatEnableDBPurge} heat::database_connection: list_join: @@ -82,6 +111,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/heat' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" heat::keystone_ec2_uri: {get_param: [EndpointMap, KeystoneEC2, uri]} heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} heat::engine::auth_encryption_key: @@ -106,3 +137,13 @@ outputs: keystone: # This is needed because the keystone profile handles creating the domain tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword} + upgrade_tasks: + - name: Stop heat_engine service + tags: step2 + service: name=openstack-heat-engine state=stopped + - name: Sync heat_engine DB + tags: step5 + command: heat-manage --config-file /etc/heat/heat.conf db_sync + - name: Start heat_engine service + tags: step6 + service: name=openstack-heat-engine state=started diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 8eaf4044..cf35d202 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > Horizon service configured with Puppet @@ -58,8 +58,10 @@ outputs: dport: - 80 - 443 + horizon::enable_secure_proxy_ssl_header: true horizon::disable_password_reveal: true horizon::enforce_password_check: true + horizon::disallow_iframe_embed: true horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache horizon::django_session_engine: 'django.contrib.sessions.backends.cache' horizon::vhost_extra_params: diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index c8a2e833..aebb37b2 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Ironic API configured with Puppet diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index 0ff393c6..ad7ef6ea 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Ironic services configured with Puppet @@ -60,6 +60,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ironic' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" ironic::debug: {get_param: Debug} ironic::rabbit_userid: {get_param: RabbitUserName} ironic::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index f173aa63..194afec7 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Ironic conductor configured with Puppet diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index b4f1a100..38f9f3be 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > Keepalived service configured with Puppet diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index 69898718..29157959 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Load kernel modules with kmod and configure kernel options with sysctl. diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index f021e18b..f69e20b4 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > OpenStack Keystone service configured with Puppet @@ -148,6 +148,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/keystone' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" keystone::admin_token: {get_param: AdminToken} keystone::admin_password: {get_param: AdminPassword} keystone::roles::admin::password: {get_param: AdminPassword} @@ -195,13 +197,13 @@ outputs: keystone::wsgi::apache::servername: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} keystone::wsgi::apache::servername_admin: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} keystone::wsgi::apache::workers: {get_param: KeystoneWorkers} @@ -219,13 +221,13 @@ outputs: keystone::admin_bind_host: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} keystone::public_bind_host: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the diff --git a/puppet/services/logging/fluentd-base.yaml b/puppet/services/logging/fluentd-base.yaml index c8f67556..65ad80ed 100644 --- a/puppet/services/logging/fluentd-base.yaml +++ b/puppet/services/logging/fluentd-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: Fluentd base service diff --git a/puppet/services/logging/fluentd-client.yaml b/puppet/services/logging/fluentd-client.yaml index 3ae7110f..769ab68f 100644 --- a/puppet/services/logging/fluentd-client.yaml +++ b/puppet/services/logging/fluentd-client.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: Fluentd client configured with Puppet diff --git a/puppet/services/logging/fluentd-config.yaml b/puppet/services/logging/fluentd-config.yaml index 58b423fd..68f98aff 100644 --- a/puppet/services/logging/fluentd-config.yaml +++ b/puppet/services/logging/fluentd-config.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: Fluentd logging configuration diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index b4b3d480..b7c64823 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Manila-api service configured with Puppet diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 1066700a..36ef1ea9 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Openstack Manila Cephfs backend diff --git a/puppet/services/manila-backend-generic.yaml b/puppet/services/manila-backend-generic.yaml index c527666e..23831a6a 100644 --- a/puppet/services/manila-backend-generic.yaml +++ b/puppet/services/manila-backend-generic.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Openstack Manila generic backend. diff --git a/puppet/services/manila-backend-netapp.yaml b/puppet/services/manila-backend-netapp.yaml index e6d2f250..1f6fcf4f 100644 --- a/puppet/services/manila-backend-netapp.yaml +++ b/puppet/services/manila-backend-netapp.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Openstack Manila netapp backend. diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index 844bd3a3..2a9745a2 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Openstack Manila base service. Shared by manila-api/scheduler/share services @@ -67,6 +67,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/manila' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" service_config_settings: mysql: manila::db::mysql::password: {get_param: ManilaPassword} diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml index d96b677b..c8114f2b 100644 --- a/puppet/services/manila-scheduler.yaml +++ b/puppet/services/manila-scheduler.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Manila-scheduler service configured with Puppet diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml index 49c69fc1..e38fe675 100644 --- a/puppet/services/manila-share.yaml +++ b/puppet/services/manila-share.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Manila-share service configured with Puppet diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml index 9e3f6375..ffa969e0 100644 --- a/puppet/services/memcached.yaml +++ b/puppet/services/memcached.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Memcached service configured with Puppet diff --git a/puppet/services/mistral-api.yaml b/puppet/services/mistral-api.yaml index 44d30358..daa1dc7c 100644 --- a/puppet/services/mistral-api.yaml +++ b/puppet/services/mistral-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Openstack Mistral API service configured with Puppet diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml index a11624c0..e678b14f 100644 --- a/puppet/services/mistral-base.yaml +++ b/puppet/services/mistral-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Openstack Mistral base service. Shared for all Mistral services. @@ -65,6 +65,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/mistral' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" mistral::rabbit_userid: {get_param: RabbitUserName} mistral::rabbit_password: {get_param: RabbitPassword} mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/mistral-engine.yaml b/puppet/services/mistral-engine.yaml index 10af670d..4a92b863 100644 --- a/puppet/services/mistral-engine.yaml +++ b/puppet/services/mistral-engine.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Openstack Mistral Engine service configured with Puppet diff --git a/puppet/services/mistral-executor.yaml b/puppet/services/mistral-executor.yaml index 7afaf0db..6e273b92 100644 --- a/puppet/services/mistral-executor.yaml +++ b/puppet/services/mistral-executor.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Openstack Mistral API service configured with Puppet diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml index ea23b8b6..a8303a59 100644 --- a/puppet/services/monitoring/sensu-base.yaml +++ b/puppet/services/monitoring/sensu-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: Sensu base service diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml index a26c7458..76ba59c1 100644 --- a/puppet/services/monitoring/sensu-client.yaml +++ b/puppet/services/monitoring/sensu-client.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: Sensu client configured with Puppet diff --git a/puppet/services/network/contrail-analytics.yaml b/puppet/services/network/contrail-analytics.yaml index 1c2331fa..ad14d315 100644 --- a/puppet/services/network/contrail-analytics.yaml +++ b/puppet/services/network/contrail-analytics.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Contrail Analytics service deployment using puppet, this YAML file diff --git a/puppet/services/network/contrail-base.yaml b/puppet/services/network/contrail-base.yaml index 03dbea5b..b49b2add 100644 --- a/puppet/services/network/contrail-base.yaml +++ b/puppet/services/network/contrail-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Base parameters for all Contrail Services. diff --git a/puppet/services/network/contrail-config.yaml b/puppet/services/network/contrail-config.yaml index 0987fc75..03774480 100644 --- a/puppet/services/network/contrail-config.yaml +++ b/puppet/services/network/contrail-config.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Contrail Config service deployment using puppet, this YAML file diff --git a/puppet/services/network/contrail-control.yaml b/puppet/services/network/contrail-control.yaml index 9356e9e9..7c28d283 100644 --- a/puppet/services/network/contrail-control.yaml +++ b/puppet/services/network/contrail-control.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Contrail Control service deployment using puppet, this YAML file diff --git a/puppet/services/network/contrail-database.yaml b/puppet/services/network/contrail-database.yaml index e5712618..c56b90a2 100644 --- a/puppet/services/network/contrail-database.yaml +++ b/puppet/services/network/contrail-database.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Contrail Database service deployment using puppet, this YAML file diff --git a/puppet/services/network/contrail-webui.yaml b/puppet/services/network/contrail-webui.yaml index 72b9e1c0..72cc6fa5 100644 --- a/puppet/services/network/contrail-webui.yaml +++ b/puppet/services/network/contrail-webui.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Contrail WebUI service deployment using puppet, this YAML file diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 5fd9d7a2..bbb79bba 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > OpenStack Neutron Server configured with Puppet @@ -112,6 +112,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" neutron::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } neutron::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} neutron::server::api_workers: {get_param: NeutronWorkers} @@ -158,3 +160,14 @@ outputs: neutron::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + upgrade_tasks: + - name: Stop neutron_api service + tags: step2 + service: name=neutron-server state=stopped + - name: Sync neutron_api DB + tags: step5 + command: neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head + - name: Start neutron_api service + tags: step6 + service: name=neutron-server state=started + diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 3d03c313..43657bd9 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron base service. Shared for all Neutron agents. diff --git a/puppet/services/neutron-compute-plugin-midonet.yaml b/puppet/services/neutron-compute-plugin-midonet.yaml index 26b6fa6b..5b6fcca6 100644 --- a/puppet/services/neutron-compute-plugin-midonet.yaml +++ b/puppet/services/neutron-compute-plugin-midonet.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron Compute Midonet plugin diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml index c4f8ad12..04431e28 100644 --- a/puppet/services/neutron-compute-plugin-nuage.yaml +++ b/puppet/services/neutron-compute-plugin-nuage.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron Compute Nuage plugin diff --git a/puppet/services/neutron-compute-plugin-opencontrail.yaml b/puppet/services/neutron-compute-plugin-opencontrail.yaml index 9f2fd13c..bbe4a051 100644 --- a/puppet/services/neutron-compute-plugin-opencontrail.yaml +++ b/puppet/services/neutron-compute-plugin-opencontrail.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron Compute OpenContrail plugin diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/neutron-compute-plugin-ovn.yaml index 95e05dd4..ce28b5c3 100644 --- a/puppet/services/neutron-compute-plugin-ovn.yaml +++ b/puppet/services/neutron-compute-plugin-ovn.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron Compute OVN agent diff --git a/puppet/services/neutron-compute-plugin-plumgrid.yaml b/puppet/services/neutron-compute-plugin-plumgrid.yaml index 31a0a08b..09aa6191 100644 --- a/puppet/services/neutron-compute-plugin-plumgrid.yaml +++ b/puppet/services/neutron-compute-plugin-plumgrid.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron Compute Plumgrid plugin diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index 2cd08f98..c7965a64 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron DHCP agent configured with Puppet @@ -74,3 +74,10 @@ outputs: dport: 68 step_config: | include tripleo::profile::base::neutron::dhcp + upgrade_tasks: + - name: Stop neutron_dhcp service + tags: step2 + service: name=neutron-dhcp-agent state=stopped + - name: Start neutron_dhcp service + tags: step6 + service: name=neutron-dhcp-agent state=started diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml index b6c29116..06927fe0 100644 --- a/puppet/services/neutron-l3-compute-dvr.yaml +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron L3 agent for DVR enabled compute nodes diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index a2157555..b3d7b3bf 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > OpenStack Neutron L3 agent configured with Puppet @@ -68,15 +68,21 @@ outputs: config_settings: map_merge: - get_attr: [NeutronBase, role_data, config_settings] - - neutron::agents::l3::router_delete_namespaces: True - neutron::agents::l3::agent_mode: {get_param: NeutronL3AgentMode} + - neutron::agents::l3::agent_mode: {get_param: NeutronL3AgentMode} tripleo.neutron_l3.firewall_rules: '106 neutron_l3 vrrp': proto: vrrp - - + - if: - external_network_bridge_empty - {} - neutron::agents::l3::external_network_bridge: {get_param: NeutronExternalNetworkBridge} step_config: | include tripleo::profile::base::neutron::l3 + upgrade_tasks: + - name: Stop neutron_l3 service + tags: step2 + service: name=neutron-l3-agent state=stopped + - name: Start neutron_l3 service + tags: step6 + service: name=neutron-l3-agent state=started diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index c87de285..68d7110a 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron Metadata agent configured with Puppet @@ -75,3 +75,10 @@ outputs: neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}" step_config: | include tripleo::profile::base::neutron::metadata + upgrade_tasks: + - name: Stop neutron_metadata service + tags: step2 + service: name=neutron-metadata-agent state=stopped + - name: Start neutron_metadata service + tags: step6 + service: name=neutron-metadata-agent state=started diff --git a/puppet/services/neutron-midonet.yaml b/puppet/services/neutron-midonet.yaml index 0de256c0..9198f352 100644 --- a/puppet/services/neutron-midonet.yaml +++ b/puppet/services/neutron-midonet.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron Midonet plugin and services diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index e2b90b7b..e24fae7c 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron OVS agent configured with Puppet @@ -70,6 +70,9 @@ parameters: tag: openstack.neutron.agent.openvswitch path: /var/log/neutron/openvswitch-agent.log +conditions: + no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']} + resources: NeutronBase: @@ -104,12 +107,24 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver} tripleo.neutron_ovs_agent.firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 '136 neutron gre networks': proto: 'gre' + - + if: + - no_firewall_driver + - {} + - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver} step_config: | include ::tripleo::profile::base::neutron::ovs + upgrade_tasks: + - name: Stop neutron_ovs_agent service + tags: step2 + service: name=neutron-openvswitch-agent state=stopped + - name: Start neutron_ovs_agent service + tags: step6 + service: name=neutron-openvswitch-agent state=started + diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index fdfa1c03..5c77e35d 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron OVS DPDK configured with Puppet for Compute Role diff --git a/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml b/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml new file mode 100644 index 00000000..afb8cf44 --- /dev/null +++ b/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml @@ -0,0 +1,73 @@ +heat_template_version: 2017-02-24 + +description: > + Configure hieradata for Fujitsu C-Fabric plugin configuration + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronFujitsuCfabAddress: + description: 'The address of the C-Fabric to telnet to.' + type: string + NeutronFujitsuCfabUserName: + description: 'The C-Fabric username to use.' + type: string + NeutronFujitsuCfabPassword: + description: 'The C-Fabric password to use.' + type: string + hidden: true + NeutronFujitsuCfabPhysicalNetworks: + description: 'List of <physical_network>:<vfab_id> tuples specifying physical_network names and corresponding vfab ids.' + type: comma_delimited_list + default: '' + NeutronFujitsuCfabSharePprofile: + description: '"Whether to share a C-Fabric pprofile among Neutron ports using the same VLAN ID.' + type: boolean + default: false + NeutronFujitsuCfabPprofilePrefix: + description: 'The prefix string for pprofile name.' + type: string + default: '' + NeutronFujitsuCfabSaveConfig: + description: 'Whether to save configuration.' + type: boolean + default: true + +resources: + + NeutronMl2Base: + type: ./neutron-plugin-ml2.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for Fujitsu Cfab ML2 Driver + value: + service_name: neutron_plugin_ml2_fujitsu_cfab + config_settings: + map_merge: + - get_attr: [NeutronMl2Base, role_data, config_settings] + - neutron::plugins::ml2::fujitsu::cfab::address: {get_param: NeutronFujitsuCfabAddress} + neutron::plugins::ml2::fujitsu::cfab::username: {get_param: NeutronFujitsuCfabUserName} + neutron::plugins::ml2::fujitsu::cfab::password: {get_param: NeutronFujitsuCfabPassword} + neutron::plugins::ml2::fujitsu::cfab::physical_networks: {get_param: NeutronFujitsuCfabPhysicalNetworks} + neutron::plugins::ml2::fujitsu::cfab::share_pprofile: {get_param: NeutronFujitsuCfabSharePprofile} + neutron::plugins::ml2::fujitsu::cfab::pprofile_prefix: {get_param: NeutronFujitsuCfabPprofilePrefix} + neutron::plugins::ml2::fujitsu::cfab::save_config: {get_param: NeutronFujitsuCfabSaveConfig} + step_config: | + include ::tripleo::profile::base::neutron::plugins::ml2 diff --git a/puppet/services/neutron-plugin-ml2-ovn.yaml b/puppet/services/neutron-plugin-ml2-ovn.yaml index e98ed497..59346edc 100644 --- a/puppet/services/neutron-plugin-ml2-ovn.yaml +++ b/puppet/services/neutron-plugin-ml2-ovn.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron ML2/OVN plugin configured with Puppet @@ -18,13 +18,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - OVNDbHost: - description: IP address on which the OVN DB servers are listening - type: string - OVNNorthboundServerPort: - description: Port of the OVN Northbound DB server - type: number - default: 6641 OVNDbConnectionTimeout: description: Timeout in seconds for the OVSDB connection transaction type: number @@ -68,9 +61,7 @@ outputs: config_settings: map_merge: - get_attr: [NeutronMl2Base, role_data, config_settings] - - ovn::northbound::port: {get_param: OVNNorthboundServerPort} - tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_db_host: {get_param: OVNDbHost} - neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout} + - neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout} neutron::plugins::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode} neutron::plugins::ovn::ovn_l3_mode: true neutron::plugins::ovn::vif_type: {get_param: OVNVifType} diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index 88b5064c..407ce6ba 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron ML2 Plugin configured with Puppet diff --git a/puppet/services/neutron-plugin-nuage.yaml b/puppet/services/neutron-plugin-nuage.yaml index 838ec5ea..e09cd704 100644 --- a/puppet/services/neutron-plugin-nuage.yaml +++ b/puppet/services/neutron-plugin-nuage.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron Nuage plugin diff --git a/puppet/services/neutron-plugin-opencontrail.yaml b/puppet/services/neutron-plugin-opencontrail.yaml index 098c9d05..976e5f19 100644 --- a/puppet/services/neutron-plugin-opencontrail.yaml +++ b/puppet/services/neutron-plugin-opencontrail.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron Opencontrail plugin diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml index 30af8a3f..bd078074 100644 --- a/puppet/services/neutron-plugin-plumgrid.yaml +++ b/puppet/services/neutron-plugin-plumgrid.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron Plumgrid plugin @@ -100,6 +100,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/ovs_neutron' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" neutron::plugins::plumgrid::controller_priv_host: {get_param: [EndpointMap, KeystoneAdmin, host]} neutron::plugins::plumgrid::admin_password: {get_param: AdminPassword} neutron::plugins::plumgrid::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml index 44f7f242..d3c82d88 100644 --- a/puppet/services/neutron-sriov-agent.yaml +++ b/puppet/services/neutron-sriov-agent.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Neutron SR-IOV nic agent configured with Puppet @@ -25,6 +25,7 @@ parameters: All physical networks listed in network_vlan_ranges on the server should have mappings to appropriate interfaces on each agent. + Example "tenant0:ens2f0,tenant1:ens2f1" type: comma_delimited_list default: "" NeutronExcludeDevices: @@ -40,8 +41,8 @@ parameters: NeutronSriovNumVFs: description: > Provide the list of VFs to be reserved for each SR-IOV interface. - Format "<interface_name1>:<numvfs1>","<interface_name2>:<numvfs2>" - Example "eth1:4096","eth2:128" + Format "<interface_name1>:<numvfs1>,<interface_name2>:<numvfs2>" + Example "eth1:4096,eth2:128" type: comma_delimited_list default: "" diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index c4d5c6bb..d2ca841f 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > OpenStack Nova API service configured with Puppet @@ -108,21 +108,21 @@ outputs: nova::api::api_bind_address: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::api::service_name: 'httpd' - nova::wsgi::apache::ssl: {get_param: EnableInternalTLS} + nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - nova::wsgi::apache::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} - nova::wsgi::apache::servername: + nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::wsgi::apache_api::servername: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} @@ -133,10 +133,27 @@ outputs: - nova_workers_zero - {} - nova::api::osapi_compute_workers: {get_param: NovaWorkers} - nova::wsgi::apache::workers: {get_param: NovaWorkers} + nova::wsgi::apache_api::workers: {get_param: NovaWorkers} step_config: | include tripleo::profile::base::nova::api service_config_settings: + mysql: + map_merge: + - {get_attr: [NovaBase, role_data, service_config_settings, mysql]} + - nova::db::mysql::password: {get_param: NovaPassword} + nova::db::mysql::user: nova + nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + nova::db::mysql::dbname: nova + nova::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + nova::db::mysql_api::password: {get_param: NovaPassword} + nova::db::mysql_api::user: nova_api + nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + nova::db::mysql_api::dbname: nova_api + nova::db::mysql_api::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" keystone: nova::keystone::auth::tenant: 'service' nova::keystone::auth::public_url: {get_param: [EndpointMap, NovaPublic, uri]} @@ -144,18 +161,3 @@ outputs: nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} nova::keystone::auth::password: {get_param: NovaPassword} nova::keystone::auth::region: {get_param: KeystoneRegion} - mysql: - nova::db::mysql::password: {get_param: NovaPassword} - nova::db::mysql::user: nova - nova::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - nova::db::mysql::dbname: nova - nova::db::mysql::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" - nova::db::mysql_api::password: {get_param: NovaPassword} - nova::db::mysql_api::user: nova_api - nova::db::mysql_api::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} - nova::db::mysql_api::dbname: nova_api - nova::db::mysql_api::allowed_hosts: - - '%' - - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 20bf2e42..d70e66a0 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > OpenStack Nova base service. Shared for all Nova services. @@ -90,6 +90,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" nova::api_database_connection: list_join: - '' @@ -99,6 +101,19 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/nova_api' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + nova::placement_database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://nova_placement:' + - {get_param: NovaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/nova_placement' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" nova::debug: {get_param: Debug} nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' @@ -123,3 +138,9 @@ outputs: - compute_upgrade_level_empty - {} - nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute} + service_config_settings: + mysql: + nova::rabbit_password: {get_param: RabbitPassword} + nova::rabbit_userid: {get_param: RabbitUserName} + nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + nova::rabbit_port: {get_param: RabbitClientPort} diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 908b676e..2312b635 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Nova Compute service configured with Puppet diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index a10d9560..b96bf6e6 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > OpenStack Nova Conductor service configured with Puppet diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml index 85e60420..79969ded 100644 --- a/puppet/services/nova-consoleauth.yaml +++ b/puppet/services/nova-consoleauth.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Nova Consoleauth service configured with Puppet diff --git a/puppet/services/nova-ironic.yaml b/puppet/services/nova-ironic.yaml index bf7639dd..306c6b6f 100644 --- a/puppet/services/nova-ironic.yaml +++ b/puppet/services/nova-ironic.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Nova Compute service configured with Puppet and using Ironic diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 70774bac..a9b2b3f9 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Libvirt service configured with Puppet @@ -21,6 +21,14 @@ parameters: NovaComputeLibvirtType: type: string default: kvm + LibvirtEnabledPerfEvents: + type: comma_delimited_list + default: [] + description: This is a performance event list which could be used as monitor. + For example - ``enabled_perf_events = cmt, mbml, mbmt`` + The supported events list can be found in + https://libvirt.org/html/libvirt-libvirt-domain.html , + which you may need to search key words ``VIR_PERF_PARAM_*`` MonitoringSubscriptionNovaLibvirt: default: 'overcloud-nova-libvirt' type: string @@ -50,6 +58,10 @@ outputs: tripleo::profile::base::nova::libvirt_enabled: true nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType} nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType} + nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents} + nova::compute::libvirt::qemu::configure_qemu: true + nova::compute::libvirt::qemu::max_files: 32768 + nova::compute::libvirt::qemu::max_processes: 131072 tripleo.nova_libvirt.firewall_rules: '200 nova_libvirt': dport: diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml index 40931da6..376f95b1 100644 --- a/puppet/services/nova-metadata.yaml +++ b/puppet/services/nova-metadata.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > OpenStack Nova API service configured with Puppet diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml new file mode 100644 index 00000000..9b7120d8 --- /dev/null +++ b/puppet/services/nova-placement.yaml @@ -0,0 +1,124 @@ +heat_template_version: ocata + +description: > + OpenStack Nova Placement API service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaWorkers: + default: 0 + description: Number of workers for Nova Placement API service. + type: number + NovaPassword: + description: The password for the nova service and db account, used by nova-placement. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + MonitoringSubscriptionNovaPlacement: + default: 'overcloud-nova-placement' + type: string + NovaPlacementLoggingSource: + type: json + default: + tag: openstack.nova.placement + path: /var/log/httpd/nova_placement_wsgi_error_ssl.log + EnableInternalTLS: + type: boolean + default: false + +conditions: + nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} + +resources: + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + + NovaBase: + type: ./nova-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Placement API service. + value: + service_name: nova_placement + monitoring_subscription: {get_param: MonitoringSubscriptionNovaPlacement} + logging_source: {get_param: NovaPlacementLoggingSource} + logging_groups: + - nova + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] + - tripleo.nova_placement.firewall_rules: + '138 nova_placement': + dport: + - 8778 + - 13778 + nova::placement::project_name: 'service' + nova::placement::password: {get_param: NovaPassword} + nova::placement::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + nova::placement::os_region_name: {get_param: KeystoneRegion} + nova::wsgi::apache_placement::api_port: '8778' + nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::wsgi::apache_placement::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} + - + if: + - nova_workers_zero + - {} + - nova::wsgi::apache_placement::workers: {get_param: NovaWorkers} + step_config: | + include tripleo::profile::base::nova::placement + service_config_settings: + keystone: + nova::keystone::auth_placement::tenant: 'service' + nova::keystone::auth_placement::public_url: {get_param: [EndpointMap, NovaPlacementPublic, uri]} + nova::keystone::auth_placement::internal_url: {get_param: [EndpointMap, NovaPlacementInternal, uri]} + nova::keystone::auth_placement::admin_url: {get_param: [EndpointMap, NovaPlacementAdmin, uri]} + nova::keystone::auth_placement::password: {get_param: NovaPassword} + nova::keystone::auth_placement::region: {get_param: KeystoneRegion} + mysql: + map_merge: + - {get_attr: [NovaBase, role_data, service_config_settings, mysql]} + - nova::db::mysql_placement::password: {get_param: NovaPassword} + nova::db::mysql_placement::user: nova_placement + nova::db::mysql_placement::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + nova::db::mysql_placement::dbname: nova_placement + nova::db::mysql_placement::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index d4e5fff6..353a75ac 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Nova Scheduler service configured with Puppet diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml index e6b0703f..bf244943 100644 --- a/puppet/services/nova-vnc-proxy.yaml +++ b/puppet/services/nova-vnc-proxy.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Nova Vncproxy service configured with Puppet diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index 253d63ef..0ed9d206 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenDaylight SDN Controller. @@ -17,10 +17,6 @@ parameters: type: string description: The password for the opendaylight server. hidden: true - OpenDaylightEnableL3: - description: Knob to enable/disable ODL L3 - type: string - default: 'no' OpenDaylightEnableDHCP: description: Knob to enable/disable ODL DHCP Server type: boolean @@ -56,9 +52,14 @@ outputs: opendaylight::odl_rest_port: {get_param: OpenDaylightPort} opendaylight::username: {get_param: OpenDaylightUsername} opendaylight::password: {get_param: OpenDaylightPassword} - opendaylight::enable_l3: {get_param: OpenDaylightEnableL3} opendaylight::extra_features: {get_param: OpenDaylightFeatures} opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP} opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} + tripleo.opendaylight_api.firewall_rules: + '137 opendaylight api': + dport: + - {get_param: OpenDaylightPort} + - 6640 + - 6653 step_config: | include tripleo::profile::base::neutron::opendaylight diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 907ecddc..cfec3c48 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenDaylight OVS Configuration. @@ -8,6 +8,15 @@ parameters: default: 8081 description: Set opendaylight service port type: number + OpenDaylightUsername: + default: 'admin' + description: The username for the opendaylight server. + type: string + OpenDaylightPassword: + default: 'admin' + type: string + description: The password for the opendaylight server. + hidden: true OpenDaylightConnectionProtocol: description: L7 protocol used for REST access type: string @@ -46,6 +55,8 @@ outputs: service_name: opendaylight_ovs config_settings: opendaylight::odl_rest_port: {get_param: OpenDaylightPort} + opendaylight::username: {get_param: OpenDaylightUsername} + opendaylight::password: {get_param: OpenDaylightPassword} opendaylight_check_url: {get_param: OpenDaylightCheckURL} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml new file mode 100644 index 00000000..302628d4 --- /dev/null +++ b/puppet/services/ovn-dbs.yaml @@ -0,0 +1,40 @@ +heat_template_version: 2016-04-08 + +description: > + OVN databases configured with puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + OVNNorthboundServerPort: + description: Port of the OVN Northbound DB server + type: number + default: 6641 + OVNSouthboundServerPort: + description: Port of the OVN Southbound DB server + type: number + default: 6642 + +outputs: + role_data: + description: Role data for the OVN northd service + value: + service_name: ovn_dbs + config_settings: + ovn::northbound::port: {get_param: OVNNorthboundServerPort} + ovn::southbound::port: {get_param: OVNSouthboundServerPort} + ovn::northd::dbs_listen_ip: {get_param: [ServiceNetMap, OvnDbsNetwork]} + step_config: | + include ::tripleo::profile::base::neutron::ovn_northd diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index abfb9c80..9adf1bdb 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > Pacemaker service configured with Puppet diff --git a/puppet/services/pacemaker/ceilometer-agent-central.yaml b/puppet/services/pacemaker/ceilometer-agent-central.yaml deleted file mode 100644 index 5dcb62ca..00000000 --- a/puppet/services/pacemaker/ceilometer-agent-central.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Ceilometer Central Agent service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - MonitoringSubscriptionCeilometerCentral: - default: 'overcloud-ceilometer-agent-central' - type: string - -resources: - CeilometerServiceBase: - type: ../ceilometer-agent-central.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer Central Agent pacemaker role. - value: - service_name: ceilometer_agent_central - monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCentral} - config_settings: - map_merge: - - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::agent::central::manage_service: false - ceilometer::agent::central::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::ceilometer::agent::central diff --git a/puppet/services/pacemaker/ceilometer-agent-notification.yaml b/puppet/services/pacemaker/ceilometer-agent-notification.yaml deleted file mode 100644 index dbe14499..00000000 --- a/puppet/services/pacemaker/ceilometer-agent-notification.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Ceilometer Notification Agent service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - MonitoringSubscriptionCeilometerNotification: - default: 'overcloud-ceilometer-agent-notification' - type: string - -resources: - CeilometerServiceBase: - type: ../ceilometer-agent-notification.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer Notification Agent pacemaker role. - value: - service_name: ceilometer_agent_notification - monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerNotification} - config_settings: - map_merge: - - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::agent::notification::manage_service: false - ceilometer::agent::notification::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::ceilometer::agent::notification diff --git a/puppet/services/pacemaker/ceilometer-api.yaml b/puppet/services/pacemaker/ceilometer-api.yaml deleted file mode 100644 index 4b6c18f6..00000000 --- a/puppet/services/pacemaker/ceilometer-api.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Ceilometer API service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - MonitoringSubscriptionCeilometerApi: - default: 'overcloud-ceilometer-api' - type: string - -resources: - CeilometerServiceBase: - type: ../ceilometer-api.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer API pacemaker role. - value: - service_name: ceilometer_api - monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerApi} - config_settings: - map_merge: - - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::api::manage_service: false - ceilometer::api::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::ceilometer::api diff --git a/puppet/services/pacemaker/ceilometer-collector.yaml b/puppet/services/pacemaker/ceilometer-collector.yaml deleted file mode 100644 index 4c919515..00000000 --- a/puppet/services/pacemaker/ceilometer-collector.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Ceilometer Collector service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - MonitoringSubscriptionCeilometerCollector: - default: 'overcloud-ceilometer-collector' - type: string - -resources: - CeilometerServiceBase: - type: ../ceilometer-collector.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Ceilometer Collector pacemaker role. - value: - service_name: ceilometer_collector - monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCollector} - config_settings: - map_merge: - - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::collector::manage_service: false - ceilometer::collector::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::ceilometer::collector diff --git a/puppet/services/pacemaker/cinder-api.yaml b/puppet/services/pacemaker/cinder-api.yaml deleted file mode 100644 index 6823789e..00000000 --- a/puppet/services/pacemaker/cinder-api.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Cinder API service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - CinderApiBase: - type: ../cinder-api.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Cinder API role. - value: - service_name: cinder_api - monitoring_subscription: {get_attr: [CinderApiBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [CinderApiBase, role_data, logging_source]} - logging_groups: {get_attr: [CinderApiBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [CinderApiBase, role_data, config_settings] - - cinder::api::manage_service: false - cinder::api::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::cinder::api diff --git a/puppet/services/pacemaker/cinder-backup.yaml b/puppet/services/pacemaker/cinder-backup.yaml index 2ebc7680..e75ac973 100644 --- a/puppet/services/pacemaker/cinder-backup.yaml +++ b/puppet/services/pacemaker/cinder-backup.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Cinder Backup service with Pacemaker configured with Puppet diff --git a/puppet/services/pacemaker/cinder-scheduler.yaml b/puppet/services/pacemaker/cinder-scheduler.yaml deleted file mode 100644 index 15e44be2..00000000 --- a/puppet/services/pacemaker/cinder-scheduler.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Cinder Scheduler service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - CinderSchedulerBase: - type: ../cinder-scheduler.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Cinder Scheduler role. - value: - service_name: cinder_scheduler - monitoring_subscription: {get_attr: [CinderSchedulerBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [CinderSchedulerBase, role_data, logging_source]} - logging_groups: {get_attr: [CinderSchedulerBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [CinderSchedulerBase, role_data, config_settings] - - cinder::scheduler::manage_service: false - cinder::scheduler::enabled: false - step_config: - include ::tripleo::profile::pacemaker::cinder::scheduler diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index d91a0181..bef47a57 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Cinder Volume service with Pacemaker configured with Puppet diff --git a/puppet/services/pacemaker/core.yaml b/puppet/services/pacemaker/core.yaml deleted file mode 100644 index 9eca1de3..00000000 --- a/puppet/services/pacemaker/core.yaml +++ /dev/null @@ -1,29 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Core (fake) service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -outputs: - role_data: - description: Role data for the Core role. - value: - service_name: core - config_settings: {} - step_config: | - include ::tripleo::profile::pacemaker::core
\ No newline at end of file diff --git a/puppet/services/pacemaker/database/mongodb.yaml b/puppet/services/pacemaker/database/mongodb.yaml deleted file mode 100644 index 982b6064..00000000 --- a/puppet/services/pacemaker/database/mongodb.yaml +++ /dev/null @@ -1,42 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - MongoDb service deployment using puppet - -parameters: - #Parameters not used EndpointMap - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - MongoDbBase: - type: ../../database/mongodb.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Service mongodb using composable services. - value: - service_name: mongodb - config_settings: - map_merge: - - get_attr: [MongoDbBase, role_data, config_settings] - - tripleo::profile::pacemaker::database::mongodb::mongodb_replset: {get_attr: [MongoDbBase, aux_parameters, rplset_name]} - mongodb::server::service_manage: False - step_config: | - include ::tripleo::profile::pacemaker::database::mongodb diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index ea3d8abd..511a01ab 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > MySQL with Pacemaker service deployment using puppet @@ -40,7 +40,7 @@ outputs: - tripleo::profile::pacemaker::database::mysql::bind_address: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the @@ -53,3 +53,7 @@ outputs: get_param: [ServiceNetMap, MysqlNetwork] step_config: | include ::tripleo::profile::pacemaker::database::mysql + upgrade_tasks: + - name: Check for galera root password + tags: step0 + file: path=/root/.my.cnf state=file diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml index 196754eb..e702d28b 100644 --- a/puppet/services/pacemaker/database/redis.yaml +++ b/puppet/services/pacemaker/database/redis.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Redis service configured with Puppet diff --git a/puppet/services/pacemaker/glance-api.yaml b/puppet/services/pacemaker/glance-api.yaml deleted file mode 100644 index 20a439f6..00000000 --- a/puppet/services/pacemaker/glance-api.yaml +++ /dev/null @@ -1,74 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Glance API service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - GlanceFilePcmkDevice: - default: '' - description: > - An exported storage device that should be mounted by Pacemaker - as Glance storage. Effective when GlanceFilePcmkManage is true. - type: string - GlanceFilePcmkFstype: - default: 'nfs' - description: > - Filesystem type for Pacemaker mount used as Glance storage. - Effective when GlanceFilePcmkManage is true. - type: string - GlanceFilePcmkManage: - default: false - description: > - Whether to make Glance file backend a mount managed by Pacemaker. - Effective when GlanceBackend is 'file'. - type: boolean - GlanceFilePcmkOptions: - default: '' - description: > - Mount options for Pacemaker mount used as Glance storage. - Effective when GlanceFilePcmkManage is true. - type: string - -resources: - - GlanceApiBase: - type: ../glance-api.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Glance role. - value: - service_name: glance_api - monitoring_subscription: {get_attr: [GlanceApiBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [GlanceApiBase, role_data, logging_source]} - logging_groups: {get_attr: [GlanceApiBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [GlanceApiBase, role_data, config_settings] - - glance_file_pcmk_device: {get_param: GlanceFilePcmkDevice} - glance_file_pcmk_fstype: {get_param: GlanceFilePcmkFstype} - glance_file_pcmk_manage: {get_param: GlanceFilePcmkManage} - glance_file_pcmk_options: {get_param: GlanceFilePcmkOptions} - glance_file_pcmk_directory: '/var/lib/glance/images' - glance::api::manage_service: false - glance::api::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::glance diff --git a/puppet/services/pacemaker/glance-registry.yaml b/puppet/services/pacemaker/glance-registry.yaml deleted file mode 100644 index 41f89fdd..00000000 --- a/puppet/services/pacemaker/glance-registry.yaml +++ /dev/null @@ -1,47 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Glance Registry service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - GlanceRegistryBase: - type: ../glance-registry.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Glance role. - value: - service_name: glance_registry - monitoring_subscription: {get_attr: [GlanceRegistryBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [GlanceRegistryBase, role_data, logging_source]} - logging_groups: {get_attr: [GlanceRegistryBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [GlanceRegistryBase, role_data, config_settings] - - glance::registry::manage_service: false - glance::registry::enabled: false - # No puppet manifests since glance-registry is included in - # ::tripleo::profile::pacemaker::glance which is maintained alongside of - # pacemaker/glance-api.yaml. - step_config: diff --git a/puppet/services/pacemaker/gnocchi-metricd.yaml b/puppet/services/pacemaker/gnocchi-metricd.yaml deleted file mode 100644 index 0f36b5d5..00000000 --- a/puppet/services/pacemaker/gnocchi-metricd.yaml +++ /dev/null @@ -1,47 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - Gnocchi service configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - MonitoringSubscriptionGnocchiMetricd: - default: 'overcloud-gnocchi-metricd' - type: string - -resources: - GnocchiServiceBase: - type: ../gnocchi-metricd.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Gnocchi role. - value: - service_name: gnocchi_metricd - monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiMetricd} - config_settings: - map_merge: - - get_attr: [GnocchiServiceBase, role_data, config_settings] - - gnocchi::metricd::manage_service: false - gnocchi::metricd::enabled: false - tripleo::profile::pacemaker::gnocchi::gnocchi_indexer_backend: {get_attr: [GnocchiServiceBase, aux_parameters, gnocchi_indexer_backend]} - - step_config: | - include ::tripleo::profile::pacemaker::gnocchi::metricd diff --git a/puppet/services/pacemaker/gnocchi-statsd.yaml b/puppet/services/pacemaker/gnocchi-statsd.yaml deleted file mode 100644 index b9afc590..00000000 --- a/puppet/services/pacemaker/gnocchi-statsd.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - Gnocchi service configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - MonitoringSubscriptionGnocchiStatsd: - default: 'overcloud-gnocchi-statsd' - type: string - -resources: - GnocchiServiceBase: - type: ../gnocchi-statsd.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Gnocchi role. - value: - service_name: gnocchi_statsd - monitoring_subscription: {get_param: MonitoringSubscriptionGnocchiStatsd} - config_settings: - map_merge: - - get_attr: [GnocchiServiceBase, role_data, config_settings] - - gnocchi::statsd::manage_service: false - gnocchi::statsd::enabled: false - tripleo::profile::pacemaker::gnocchi::gnocchi_indexer_backend: {get_attr: [GnocchiServiceBase, aux_parameters, gnocchi_indexer_backend]} - step_config: | - include ::tripleo::profile::pacemaker::gnocchi::statsd diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml index e4115d64..50da4119 100644 --- a/puppet/services/pacemaker/haproxy.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > HAproxy service with Pacemaker configured with Puppet diff --git a/puppet/services/pacemaker/heat-api-cfn.yaml b/puppet/services/pacemaker/heat-api-cfn.yaml deleted file mode 100644 index dd25905b..00000000 --- a/puppet/services/pacemaker/heat-api-cfn.yaml +++ /dev/null @@ -1,44 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - Openstack Heat CloudFormation API service configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - HeatApiCfnBase: - type: ../heat-api-cfn.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Heat CloudFormation API role. - value: - service_name: heat_api_cfn - monitoring_subscription: {get_attr: [HeatApiCfnBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [HeatApiCfnBase, role_data, logging_source]} - logging_groups: {get_attr: [HeatApiCfnBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [HeatApiCfnBase, role_data, config_settings] - - heat::api_cfn::manage_service: false - heat::api_cfn::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::heat::api_cfn diff --git a/puppet/services/pacemaker/heat-api-cloudwatch.yaml b/puppet/services/pacemaker/heat-api-cloudwatch.yaml deleted file mode 100644 index 18d2a0d5..00000000 --- a/puppet/services/pacemaker/heat-api-cloudwatch.yaml +++ /dev/null @@ -1,44 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - Openstack Heat CloudWatch API service configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - HeatApiCloudwatchBase: - type: ../heat-api-cloudwatch.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Heat Cloudwatch API role. - value: - service_name: heat_api_cloudwatch - monitoring_subscription: {get_attr: [HeatApiCloudwatchBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [HeatApiCloudwatchBase, role_data, logging_source]} - logging_groups: {get_attr: [HeatApiCloudwatchBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [HeatApiCloudwatchBase, role_data, config_settings] - - heat::api_cloudwatch::manage_service: false - heat::api_cloudwatch::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::heat::api_cloudwatch diff --git a/puppet/services/pacemaker/heat-api.yaml b/puppet/services/pacemaker/heat-api.yaml deleted file mode 100644 index 43122cb0..00000000 --- a/puppet/services/pacemaker/heat-api.yaml +++ /dev/null @@ -1,44 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - Openstack Heat API service configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - HeatApiBase: - type: ../heat-api.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Heat API role. - value: - service_name: heat_api - monitoring_subscription: {get_attr: [HeatApiBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [HeatApiBase, role_data, logging_source]} - logging_groups: {get_attr: [HeatApiBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [HeatApiBase, role_data, config_settings] - - heat::api::manage_service: false - heat::api::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::heat::api diff --git a/puppet/services/pacemaker/heat-engine.yaml b/puppet/services/pacemaker/heat-engine.yaml deleted file mode 100644 index 54bfdad2..00000000 --- a/puppet/services/pacemaker/heat-engine.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - Openstack Heat Engine service configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - HeatEngineBase: - type: ../heat-engine.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - - -outputs: - role_data: - description: Role data for the Heat engine role. - value: - service_name: heat_engine - monitoring_subscription: {get_attr: [HeatEngineBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [HeatEngineBase, role_data, logging_source]} - logging_groups: {get_attr: [HeatEngineBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [HeatEngineBase, role_data, config_settings] - - heat::engine::manage_service: false - heat::engine::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::heat::engine diff --git a/puppet/services/pacemaker/horizon.yaml b/puppet/services/pacemaker/horizon.yaml deleted file mode 100644 index 18de23ae..00000000 --- a/puppet/services/pacemaker/horizon.yaml +++ /dev/null @@ -1,41 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - Horizon service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - HorizonBase: - type: ../horizon.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Horizon role. - value: - service_name: horizon - monitoring_subscription: {get_attr: [HorizonBase, role_data, monitoring_subscription]} - config_settings: - get_attr: [HorizonBase, role_data, config_settings] - step_config: | - include ::tripleo::profile::base::horizon - include ::tripleo::profile::pacemaker::apache diff --git a/puppet/services/pacemaker/keystone.yaml b/puppet/services/pacemaker/keystone.yaml deleted file mode 100644 index 908b9bbd..00000000 --- a/puppet/services/pacemaker/keystone.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Keystone service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - KeystoneServiceBase: - type: ../keystone.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Keystone pacemaker role. - value: - service_name: keystone - monitoring_subscription: {get_attr: [KeystoneServiceBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [KeystoneServiceBase, role_data, logging_source]} - logging_groups: {get_attr: [KeystoneServiceBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [KeystoneServiceBase, role_data, config_settings] - - keystone::manage_service: false - keystone::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::keystone diff --git a/puppet/services/pacemaker/manila-share.yaml b/puppet/services/pacemaker/manila-share.yaml index cabc31a0..ddc13df3 100644 --- a/puppet/services/pacemaker/manila-share.yaml +++ b/puppet/services/pacemaker/manila-share.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > The manila-share service with Pacemaker configured with Puppet diff --git a/puppet/services/pacemaker/memcached.yaml b/puppet/services/pacemaker/memcached.yaml deleted file mode 100644 index 04b895b6..00000000 --- a/puppet/services/pacemaker/memcached.yaml +++ /dev/null @@ -1,42 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - Mecached service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - MemcachedServiceBase: - type: ../memcached.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Memcached pacemaker role. - value: - service_name: memcached - monitoring_subscription: {get_attr: [MemcachedServiceBase, role_data, monitoring_subscription]} - config_settings: - map_merge: - - get_attr: [MemcachedServiceBase, role_data, config_settings] - - memcached::service_manage: false - step_config: | - include ::tripleo::profile::pacemaker::memcached diff --git a/puppet/services/pacemaker/neutron-dhcp.yaml b/puppet/services/pacemaker/neutron-dhcp.yaml deleted file mode 100644 index 7fca73d6..00000000 --- a/puppet/services/pacemaker/neutron-dhcp.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Neutron DHCP service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronDhcpBase: - type: ../neutron-dhcp.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron DHCP role. - value: - service_name: neutron_dhcp - monitoring_subscription: {get_attr: [NeutronDhcpBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [NeutronDhcpBase, role_data, logging_source]} - logging_groups: {get_attr: [NeutronDhcpBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [NeutronDhcpBase, role_data, config_settings] - - tripleo::profile::pacemaker::neutron::enable_dhcp: True - neutron::agents::dhcp::enabled: false - neutron::agents::dhcp::manage_service: false - step_config: | - include ::tripleo::profile::pacemaker::neutron::dhcp diff --git a/puppet/services/pacemaker/neutron-l3.yaml b/puppet/services/pacemaker/neutron-l3.yaml deleted file mode 100644 index cdb87f50..00000000 --- a/puppet/services/pacemaker/neutron-l3.yaml +++ /dev/null @@ -1,46 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Neutron L3 service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronL3Base: - type: ../neutron-l3.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron L3 role. - value: - service_name: neutron_l3 - monitoring_subscription: {get_attr: [NeutronL3Base, role_data, monitoring_subscription]} - logging_source: {get_attr: [NeutronL3Base, role_data, logging_source]} - logging_groups: {get_attr: [NeutronL3Base, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [NeutronL3Base, role_data, config_settings] - - tripleo::profile::pacemaker::neutron::enable_l3: True - neutron::agents::l3::enabled: false - neutron::agents::l3::manage_service: false - step_config: | - include ::tripleo::profile::pacemaker::neutron::l3 diff --git a/puppet/services/pacemaker/neutron-metadata.yaml b/puppet/services/pacemaker/neutron-metadata.yaml deleted file mode 100644 index 49a31eb5..00000000 --- a/puppet/services/pacemaker/neutron-metadata.yaml +++ /dev/null @@ -1,44 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Neutron Metadata service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronMetadataBase: - type: ../neutron-metadata.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron Metadata role. - value: - service_name: neutron_metadata - monitoring_subscription: {get_attr: [NeutronMetadataBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [NeutronMetadataBase, role_data, logging_source]} - logging_groups: {get_attr: [NeutronMetadataBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [NeutronMetadataBase, role_data, config_settings] - - tripleo::profile::pacemaker::neutron::enable_metadata: True - step_config: | - include ::tripleo::profile::pacemaker::neutron::metadata diff --git a/puppet/services/pacemaker/neutron-midonet.yaml b/puppet/services/pacemaker/neutron-midonet.yaml deleted file mode 100644 index fdd5dafb..00000000 --- a/puppet/services/pacemaker/neutron-midonet.yaml +++ /dev/null @@ -1,41 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Neutron Midonet with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronMidonetBase: - type: ../neutron-midonet.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron Midonet plugin. - value: - service_name: neutron_midonet - monitoring_subscription: {get_attr: [NeutronMidonetBase, role_data, monitoring_subscription]} - config_settings: - map_merge: - - get_attr: [NeutronMidonetBase, role_data, config_settings] - step_config: | - include ::tripleo::profile::pacemaker::neutron::plugins::midonet diff --git a/puppet/services/pacemaker/neutron-ovs-agent.yaml b/puppet/services/pacemaker/neutron-ovs-agent.yaml deleted file mode 100644 index a2bd7c83..00000000 --- a/puppet/services/pacemaker/neutron-ovs-agent.yaml +++ /dev/null @@ -1,42 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Neutron OVS agent with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronOvsBase: - type: ../neutron-ovs-agent.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron OVS agent service. - value: - service_name: neutron_ovs_agent - monitoring_subscription: {get_attr: [NeutronOvsBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [NeutronOvsBase, role_data, logging_source]} - logging_groups: {get_attr: [NeutronOvsBase, role_data, logging_groups]} - config_settings: - get_attr: [NeutronOvsBase, role_data, config_settings] - step_config: | - include ::tripleo::profile::pacemaker::neutron::ovs diff --git a/puppet/services/pacemaker/neutron-plugin-ml2.yaml b/puppet/services/pacemaker/neutron-plugin-ml2.yaml deleted file mode 100644 index 234f116e..00000000 --- a/puppet/services/pacemaker/neutron-plugin-ml2.yaml +++ /dev/null @@ -1,42 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Neutron ML2 Plugin with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronMl2Base: - type: ../neutron-plugin-ml2.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron ML2 plugin. - value: - service_name: neutron_plugin_ml2 - config_settings: - map_merge: - - get_attr: [NeutronMl2Base, role_data, config_settings] - - neutron::agents::ml2::ovs::enabled: false - neutron::agents::ml2::ovs::manage_service: false - step_config: | - include ::tripleo::profile::pacemaker::neutron::plugins::ml2 diff --git a/puppet/services/pacemaker/neutron-plugin-nuage.yaml b/puppet/services/pacemaker/neutron-plugin-nuage.yaml deleted file mode 100644 index 9fca2cc3..00000000 --- a/puppet/services/pacemaker/neutron-plugin-nuage.yaml +++ /dev/null @@ -1,40 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Neutron Nuage Plugin with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronPluginNuageBase: - type: ../neutron-plugin-nuage.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron Nuage plugin. - value: - service_name: neutron_plugin_nuage - config_settings: - map_merge: - - get_attr: [NeutronPluginNuageBase, role_data, config_settings] - step_config: | - include ::tripleo::profile::pacemaker::neutron::plugins::nuage diff --git a/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml b/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml deleted file mode 100644 index 80d6ed92..00000000 --- a/puppet/services/pacemaker/neutron-plugin-opencontrail.yaml +++ /dev/null @@ -1,40 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Neutron OpenContrail Plugin with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronPluginOpenContrail: - type: ../neutron-plugin-nuage.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron OpenContrail plugin. - value: - service_name: neutron_plugin_opencontrail - config_settings: - map_merge: - - get_attr: [NeutronPluginOpenContrail, role_data, config_settings] - step_config: | - include ::tripleo::profile::pacemaker::neutron::plugins::opencontrail diff --git a/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml b/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml deleted file mode 100644 index 5dd4e588..00000000 --- a/puppet/services/pacemaker/neutron-plugin-plumgrid.yaml +++ /dev/null @@ -1,40 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Neutron PLUMgrid Plugin with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NeutronPluginPlumgridBase: - type: ../neutron-plugin-ml2.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron PLUMgrid plugin. - value: - service_name: neutron_plugin_plumgrid - config_settings: - map_merge: - - get_attr: [NeutronPluginPlumgridBase, role_data, config_settings] - step_config: | - include ::tripleo::profile::pacemaker::neutron::plugins::plumgrid diff --git a/puppet/services/pacemaker/neutron-server.yaml b/puppet/services/pacemaker/neutron-server.yaml deleted file mode 100644 index 33bc2d99..00000000 --- a/puppet/services/pacemaker/neutron-server.yaml +++ /dev/null @@ -1,48 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Neutron Server with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - NeutronL3HA: - default: true - description: Whether to enable HA for virtual routers - type: boolean - -resources: - - NeutronServerBase: - type: ../neutron-server.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Neutron Server. - value: - service_name: neutron_server - monitoring_subscription: {get_attr: [NeutronServerBase, role_data, monitoring_subscription]} - config_settings: - map_merge: - - get_attr: [NeutronServerBase, role_data, config_settings] - - neutron::server::enabled: false - neutron::server::manage_service: false - neutron::server::l3_ha: {get_param: NeutronL3HA} - step_config: | - include ::tripleo::profile::pacemaker::neutron::server diff --git a/puppet/services/pacemaker/nova-api.yaml b/puppet/services/pacemaker/nova-api.yaml deleted file mode 100644 index b86e438a..00000000 --- a/puppet/services/pacemaker/nova-api.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Nova API service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NovaApiBase: - type: ../nova-api.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Nova API role. - value: - service_name: nova_api - monitoring_subscription: {get_attr: [NovaApiBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [NovaApiBase, role_data, logging_source]} - logging_groups: {get_attr: [NovaApiBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [NovaApiBase, role_data, config_settings] - - nova::api::manage_service: false - nova::api::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::nova::api diff --git a/puppet/services/pacemaker/nova-conductor.yaml b/puppet/services/pacemaker/nova-conductor.yaml deleted file mode 100644 index a0a766ec..00000000 --- a/puppet/services/pacemaker/nova-conductor.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Nova Conductor service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NovaConductorBase: - type: ../nova-conductor.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Nova Conductor role. - value: - service_name: nova_conductor - monitoring_subscription: {get_attr: [NovaConductorBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [NovaConductorBase, role_data, logging_source]} - logging_groups: {get_attr: [NovaConductorBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [NovaConductorBase, role_data, config_settings] - - nova::conductor::manage_service: false - nova::conductor::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::nova::conductor diff --git a/puppet/services/pacemaker/nova-consoleauth.yaml b/puppet/services/pacemaker/nova-consoleauth.yaml deleted file mode 100644 index 5d51eb47..00000000 --- a/puppet/services/pacemaker/nova-consoleauth.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Nova Consoleauth service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NovaConsoleauthBase: - type: ../nova-consoleauth.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Nova Consoleauth role. - value: - service_name: nova_consoleauth - monitoring_subscription: {get_attr: [NovaConsoleauthBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [NovaConsoleauthBase, role_data, logging_source]} - logging_groups: {get_attr: [NovaConsoleauthBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [NovaConsoleauthBase, role_data, config_settings] - - nova::consoleauth::manage_service: false - nova::consoleauth::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::nova::consoleauth diff --git a/puppet/services/pacemaker/nova-scheduler.yaml b/puppet/services/pacemaker/nova-scheduler.yaml deleted file mode 100644 index 8828ee11..00000000 --- a/puppet/services/pacemaker/nova-scheduler.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Nova Scheduler service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NovaSchedulerBase: - type: ../nova-scheduler.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Nova Scheduler role. - value: - service_name: nova_scheduler - monitoring_subscription: {get_attr: [NovaSchedulerBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [NovaSchedulerBase, role_data, logging_source]} - logging_groups: {get_attr: [NovaSchedulerBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [NovaSchedulerBase, role_data, config_settings] - - nova::scheduler::manage_service: false - nova::scheduler::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::nova::scheduler diff --git a/puppet/services/pacemaker/nova-vnc-proxy.yaml b/puppet/services/pacemaker/nova-vnc-proxy.yaml deleted file mode 100644 index ebe84a03..00000000 --- a/puppet/services/pacemaker/nova-vnc-proxy.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Nova Vncproxy service with Pacemaker configured with Puppet. - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - NovaVncproxyBase: - type: ../nova-vnc-proxy.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Nova Vncproxy role. - value: - service_name: nova_vnc_proxy - monitoring_subscription: {get_attr: [NovaVncproxyBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [NovaVncproxyBase, role_data, logging_source]} - logging_groups: {get_attr: [NovaVncproxyBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [NovaVncproxyBase, role_data, config_settings] - - nova::vncproxy::manage_service: false - nova::vncproxy::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::nova::vncproxy diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml index f3fa2d28..03c2c83f 100644 --- a/puppet/services/pacemaker/rabbitmq.yaml +++ b/puppet/services/pacemaker/rabbitmq.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > RabbitMQ service with Pacemaker configured with Puppet diff --git a/puppet/services/pacemaker/sahara-api.yaml b/puppet/services/pacemaker/sahara-api.yaml deleted file mode 100644 index 3dfb7d94..00000000 --- a/puppet/services/pacemaker/sahara-api.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Sahara API service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - SaharaApiBase: - type: ../sahara-api.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Sahara API role. - value: - service_name: sahara_api - monitoring_subscription: {get_attr: [SaharaApiBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [SaharaApiBase, role_data, logging_source]} - logging_groups: {get_attr: [SaharaApiBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [SaharaApiBase, role_data, config_settings] - - sahara::service::api::manage_service: false - sahara::service::api::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::sahara::api diff --git a/puppet/services/pacemaker/sahara-engine.yaml b/puppet/services/pacemaker/sahara-engine.yaml deleted file mode 100644 index a06d11b3..00000000 --- a/puppet/services/pacemaker/sahara-engine.yaml +++ /dev/null @@ -1,45 +0,0 @@ -heat_template_version: 2016-04-08 - -description: > - OpenStack Sahara Engine service with Pacemaker configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - -resources: - - SaharaEngineBase: - type: ../sahara-engine.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Sahara Engine role. - value: - service_name: sahara_engine - monitoring_subscription: {get_attr: [SaharaEngineBase, role_data, monitoring_subscription]} - logging_source: {get_attr: [SaharaEngineBase, role_data, logging_source]} - logging_groups: {get_attr: [SaharaEngineBase, role_data, logging_groups]} - config_settings: - map_merge: - - get_attr: [SaharaEngineBase, role_data, config_settings] - - sahara::service::engine::manage_service: false - sahara::service::engine::enabled: false - step_config: | - include ::tripleo::profile::pacemaker::sahara::engine diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml index 700edc7f..06284fb2 100644 --- a/puppet/services/panko-api.yaml +++ b/puppet/services/panko-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Panko API service configured with Puppet @@ -55,7 +55,7 @@ outputs: panko::wsgi::apache::servername: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} panko::api::service_name: 'httpd' @@ -68,7 +68,7 @@ outputs: panko::api::host: str_replace: template: - '%{::fqdn_$NETWORK}' + "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, PankoApiNetwork]} # NOTE: bind IP is found in Heat replacing the network name with the diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml index 32754a55..6e25d796 100644 --- a/puppet/services/panko-base.yaml +++ b/puppet/services/panko-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Panko service configured with Puppet @@ -37,7 +37,6 @@ outputs: value: service_name: panko_base config_settings: - panko_redis_password: {get_param: RedisPassword} panko::db::database_connection: list_join: - '' @@ -47,6 +46,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/panko' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" panko::debug: {get_param: Debug} panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } panko::keystone::authtoken::project_name: 'service' diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index b77e0a91..ab9dad46 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > RabbitMQ service configured with Puppet @@ -69,10 +69,13 @@ outputs: rabbitmq::delete_guest_user: false rabbitmq::wipe_db_on_cookie_change: true rabbitmq::port: '5672' + rabbitmq::package_provider: yum rabbitmq::package_source: undef rabbitmq::repos_ensure: false rabbitmq::tcp_keepalive: true rabbitmq_environment: + NODE_PORT: '' + NODE_IP_ADDRESS: '' RABBITMQ_NODENAME: "rabbit@%{::hostname}" RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' rabbitmq_kernel_variables: @@ -95,7 +98,7 @@ outputs: # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - rabbitmq::node_ip_address: {get_param: [ServiceNetMap, RabbitmqNetwork]} + rabbitmq::interface: {get_param: [ServiceNetMap, RabbitmqNetwork]} rabbitmq::nr_ha_queues: {get_param: RabbitHAQueues} step_config: | include ::tripleo::profile::base::rabbitmq @@ -104,6 +107,6 @@ outputs: tags: step2 service: name=rabbitmq-server state=stopped - name: Start rabbitmq service - tags: step6 + tags: step4 service: name=rabbitmq-server state=started diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 54e63df4..9e494385 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Sahara API service configured with Puppet diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index 4072a150..b4307053 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Sahara base service. Shared for all Sahara services. @@ -64,6 +64,8 @@ outputs: - '@' - {get_param: [EndpointMap, MysqlInternal, host]} - '/sahara' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index 287c1c05..a1521c28 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Sahara Engine service configured with Puppet diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index 13df5bbe..90268c78 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > Utility stack to convert an array of services into a set of combined @@ -42,6 +42,11 @@ resources: LoggingConfiguration: type: OS::TripleO::LoggingConfiguration + ServiceServerMetadataHook: + type: OS::TripleO::ServiceServerMetadataHook + properties: + RoleData: {get_attr: [ServiceChain, role_data]} + outputs: role_data: description: Combined Role data for this set of services. @@ -113,3 +118,4 @@ outputs: # Note we use distinct() here to filter any identical tasks, e.g yum update for all services expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() data: {get_attr: [ServiceChain, role_data]} + service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]} diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml index 4d01632d..be9d143e 100644 --- a/puppet/services/snmp.yaml +++ b/puppet/services/snmp.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > SNMP client configured with Puppet, to facilitate Ceilometer Hardware diff --git a/puppet/services/swift-base.yaml b/puppet/services/swift-base.yaml index 741adb4d..6046d5e8 100644 --- a/puppet/services/swift-base.yaml +++ b/puppet/services/swift-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Swift Proxy service configured with Puppet diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index ba184ab0..6ccfe7a2 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Swift Proxy service configured with Puppet @@ -49,6 +49,18 @@ parameters: default: guest description: The username for RabbitMQ type: string + SwiftCeilometerPipelineEnabled: + description: Set to False to disable the swift proxy ceilometer pipeline. + default: True + type: boolean + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +conditions: + + ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]} resources: SwiftBase: @@ -78,6 +90,8 @@ outputs: swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} swift::proxy::ceilometer::nonblocking_notify: true + tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort} + tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled} tripleo.swift_proxy.firewall_rules: '122 swift proxy': dport: @@ -89,26 +103,34 @@ outputs: - ResellerAdmin swift::proxy::versioned_writes::allow_versioned_writes: true swift::proxy::pipeline: - - 'catch_errors' - - 'healthcheck' - - 'proxy-logging' - - 'cache' - - 'ratelimit' - - 'bulk' - - 'tempurl' - - 'formpost' - - 'authtoken' - - 'keystone' - - 'staticweb' - - 'copy' - - 'container-quotas' - - 'account-quotas' - - 'slo' - - 'dlo' - - 'versioned_writes' - - 'ceilometer' - - 'proxy-logging' - - 'proxy-server' + yaql: + expression: $.data.pipeline.where($ != '') + data: + pipeline: + - 'catch_errors' + - 'healthcheck' + - 'proxy-logging' + - 'cache' + - 'ratelimit' + - 'bulk' + - 'tempurl' + - 'formpost' + - 'authtoken' + - 'keystone' + - 'staticweb' + - 'copy' + - 'container-quotas' + - 'account-quotas' + - 'slo' + - 'dlo' + - 'versioned_writes' + - + if: + - ceilometer_pipeline_enabled + - 'ceilometer' + - '' + - 'proxy-logging' + - 'proxy-server' swift::proxy::account_autocreate: true # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples diff --git a/puppet/services/swift-ringbuilder.yaml b/puppet/services/swift-ringbuilder.yaml index 5c70b6ab..a7ba7bad 100644 --- a/puppet/services/swift-ringbuilder.yaml +++ b/puppet/services/swift-ringbuilder.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > OpenStack Swift Ringbuilder diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index cffe78f5..00ae9c35 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OpenStack Swift Storage service configured with Puppet diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml index eb5237fe..7c3a19a9 100644 --- a/puppet/services/time/ntp.yaml +++ b/puppet/services/time/ntp.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > NTP service deployment using puppet, this YAML file diff --git a/puppet/services/time/timezone.yaml b/puppet/services/time/timezone.yaml index 384b5191..5d0eeae3 100644 --- a/puppet/services/time/timezone.yaml +++ b/puppet/services/time/timezone.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > Composable Timezone service diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml index 7eb39905..67e14d9c 100644 --- a/puppet/services/tripleo-firewall.yaml +++ b/puppet/services/tripleo-firewall.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > TripleO Firewall settings diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index 69912fa5..737be829 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > TripleO Package installation settings @@ -33,6 +33,14 @@ outputs: step_config: | include ::tripleo::packages upgrade_tasks: + - name: Check yum for rpm-python present + tags: step0 + yum: "name=rpm-python state=present" + register: rpm_python_check + - name: Fail when rpm-python wasn't present + fail: msg="rpm-python package was not present before this run! Check environment before re-running" + when: rpm_python_check.changed != false + tags: step0 - name: Update all packages tags: step3 yum: name=* state=latest diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml new file mode 100644 index 00000000..0224ac13 --- /dev/null +++ b/puppet/services/zaqar.yaml @@ -0,0 +1,66 @@ +heat_template_version: ocata + +description: > + Openstack Zaqar service. Shared for all Heat services. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + type: json + Debug: + default: '' + description: Set to True to enable debugging on all services. + type: string + ZaqarPassword: + description: The password for Zaqar + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + + +outputs: + role_data: + description: Shared role data for the Heat services. + value: + service_name: zaqar + config_settings: + zaqar::keystone::authtoken::password: {get_param: ZaqarPassword} + zaqar::keystone::authtoken::project_name: 'service' + zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + zaqar::debug: {get_param: Debug} + zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} + zaqar::transport::wsgi::bind: {get_param: [ServiceNetMap, ZaqarApiNetwork]} + zaqar::message_pipeline: 'zaqar.notification.notifier' + zaqar::unreliable: true + service_config_settings: + keystone: + zaqar::keystone::auth::password: {get_param: ZaqarPassword} + zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} + zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} + zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} + zaqar::keystone::auth::region: {get_param: KeystoneRegion} + zaqar::keystone::auth::tenant: 'service' + zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} + zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} + zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} + zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} + zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} + zaqar::keystone::auth_websocket::tenant: 'service' + + step_config: | + include ::tripleo::profile::base::zaqar diff --git a/puppet/upgrade_config.yaml b/puppet/upgrade_config.yaml index c67e10b3..e892d813 100644 --- a/puppet/upgrade_config.yaml +++ b/puppet/upgrade_config.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: 'Upgrade for via ansible by applying a step related tag' parameters: @@ -35,6 +35,7 @@ resources: template: "stepSTEP" params: STEP: {get_param: step} + modulepath: /usr/share/ansible-modules inputs: - name: role config: {get_attr: [AnsibleConfig, value]} diff --git a/releasenotes/source/_static/.placeholder b/releasenotes/source/_static/.placeholder new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/releasenotes/source/_static/.placeholder diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py new file mode 100644 index 00000000..8da995b0 --- /dev/null +++ b/releasenotes/source/conf.py @@ -0,0 +1,264 @@ +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +#sys.path.insert(0, os.path.abspath('.')) + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +#needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'oslosphinx', + 'reno.sphinxext', +] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The encoding of source files. +#source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = u'tripleo-heat-templates Release Notes' +copyright = u'2017, TripleO Developers' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The full version, including alpha/beta/rc tags. +release = '6.0.0.0b3' +# The short X.Y version. +version = '6.0.0' + +# The full version, including alpha/beta/rc tags. + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +#language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +#today = '' +# Else, today_fmt is used as the format for a strftime call. +#today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = [] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +#default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +#add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +#add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +#show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +#modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +#keep_warnings = False + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'default' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +#html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +#html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# "<project> v<release> documentation". +#html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +#html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +#html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +#html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +#html_extra_path = [] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +#html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +#html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +#html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +#html_additional_pages = {} + +# If false, no module index is generated. +#html_domain_indices = True + +# If false, no index is generated. +#html_use_index = True + +# If true, the index is split into individual pages for each letter. +#html_split_index = False + +# If true, links to the reST sources are added to the pages. +#html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +#html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +#html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a <link> tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +#html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +#html_file_suffix = None + +# Output file base name for HTML help builder. +htmlhelp_basename = 'tripleo-heat-templatesReleaseNotesdoc' + + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { +# The paper size ('letterpaper' or 'a4paper'). +#'papersize': 'letterpaper', + +# The font size ('10pt', '11pt' or '12pt'). +#'pointsize': '10pt', + +# Additional stuff for the LaTeX preamble. +#'preamble': '', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + ('index', 'tripleo-heat-templatesReleaseNotes.tex', u'tripleo-heat-templates Release Notes Documentation', + u'2016, TripleO Developers', 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +#latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +#latex_use_parts = False + +# If true, show page references after internal links. +#latex_show_pagerefs = False + +# If true, show URL addresses after external links. +#latex_show_urls = False + +# Documents to append as an appendix to all manuals. +#latex_appendices = [] + +# If false, no module index is generated. +#latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + ('index', 'tripleo-heat-templatesreleasenotes', u'tripleo-heat-templates Release Notes Documentation', + [u'2016, TripleO Developers'], 1) +] + +# If true, show URL addresses after external links. +#man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + ('index', 'tripleo-heat-templatesReleaseNotes', u'tripleo-heat-templates Release Notes Documentation', + u'2016, TripleO Developers', 'tripleo-heat-templatesReleaseNotes', 'One line description of project.', + 'Miscellaneous'), +] + +# Documents to append as an appendix to all manuals. +#texinfo_appendices = [] + +# If false, no module index is generated. +#texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +#texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +#texinfo_no_detailmenu = False + +# -- Options for Internationalization output ------------------------------ +locale_dirs = ['locale/'] diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst new file mode 100644 index 00000000..9767dad2 --- /dev/null +++ b/releasenotes/source/index.rst @@ -0,0 +1,18 @@ +================================================ +Welcome to tripleo-heat-templates Release Notes! +================================================ + +Contents +======== + +.. toctree:: + :maxdepth: 2 + + unreleased + + +Indices and tables +================== + +* :ref:`genindex` +* :ref:`search` diff --git a/releasenotes/source/unreleased.rst b/releasenotes/source/unreleased.rst new file mode 100644 index 00000000..2334dd5c --- /dev/null +++ b/releasenotes/source/unreleased.rst @@ -0,0 +1,5 @@ +============================== + Current Series Release Notes +============================== + + .. release-notes:: diff --git a/requirements.txt b/requirements.txt index 9c4a708a..057aa287 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,6 @@ -pbr>=0.5.21,<1.0 -Jinja2>=2.8 # BSD License (3 clause) +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. +pbr>=1.8 # Apache-2.0 +Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause) +six>=1.9.0 # MIT diff --git a/roles_data.yaml b/roles_data.yaml index d7ed80c5..bbb1ab7a 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -14,14 +14,18 @@ # defaults to '%stackname%-{{role.name.lower()}}-%index%' # sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml # +# disable_constraints: (boolean) optional, whether to disable Nova and Glance +# constraints for each role specified in the templates. +# # ServicesDefault: (list) optional default list of services to be deployed # on the role, defaults to an empty list. Sets the default for the # {{role.name}}Services parameter in overcloud.yaml -- name: Controller +- name: Controller # the 'primary' role goes first CountDefault: 1 ServicesDefault: - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephMds - OS::TripleO::Services::CephMon - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephRgw @@ -29,11 +33,9 @@ - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderScheduler - OS::TripleO::Services::CinderVolume - - OS::TripleO::Services::Core - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi - - OS::TripleO::Services::GlanceRegistry - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch @@ -54,6 +56,7 @@ - OS::TripleO::Services::NovaConductor - OS::TripleO::Services::MongoDb - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaConsoleauth @@ -96,6 +99,10 @@ - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::BarbicanApi - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::Zaqar + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::NeutronML2FujitsuCfab + - OS::TripleO::Services::CinderHPELeftHandISCSI - name: Compute CountDefault: 1 diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml new file mode 100644 index 00000000..2759429c --- /dev/null +++ b/roles_data_undercloud.yaml @@ -0,0 +1,35 @@ +- name: Undercloud # the 'primary' role goes first + CountDefault: 1 + disable_constraints: True + ServicesDefault: + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::Apache + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::MistralEngine + - OS::TripleO::Services::MistralApi + - OS::TripleO::Services::MistralExecutor + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::Zaqar + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronDhcpAgent diff --git a/scripts/hosts-config.sh b/scripts/hosts-config.sh index 4826d615..f456b316 100755 --- a/scripts/hosts-config.sh +++ b/scripts/hosts-config.sh @@ -30,17 +30,9 @@ write_entries() { } if [ ! -z "$hosts" ]; then - # cloud-init files are /etc/cloud/templates/hosts.OSNAME.tmpl - DIST=$(lsb_release -is | tr -s [A-Z] [a-z]) - case $DIST in - fedora|redhatenterpriseserver) - name="redhat" - ;; - *) - name="$DIST" - ;; - esac - write_entries "/etc/cloud/templates/hosts.${name}.tmpl" "$hosts" + for tmpl in /etc/cloud/templates/hosts.*.tmpl ; do + write_entries "$tmpl" "$hosts" + done write_entries "/etc/hosts" "$hosts" else echo "No hosts in Heat, nothing written." @@ -1,4 +1,3 @@ -#!/usr/bin/env python # Copyright (c) 2013 Hewlett-Packard Development Company, L.P. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,6 +16,14 @@ # THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT import setuptools +# In python < 2.7.4, a lazy loading of package `pbr` will break +# setuptools if some other modules registered functions in `atexit`. +# solution from: http://bugs.python.org/issue15881#msg170215 +try: + import multiprocessing # noqa +except ImportError: + pass + setuptools.setup( - setup_requires=['pbr'], + setup_requires=['pbr>=1.8'], pbr=True) diff --git a/test-requirements.txt b/test-requirements.txt index c3726e8b..06bce5a2 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1 +1,9 @@ -pyyaml +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. +PyYAML>=3.10.0 # MIT +Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause) +six>=1.9.0 # MIT +sphinx!=1.3b1,<1.4,>=1.2.1 # BSD +oslosphinx>=4.7.0 # Apache-2.0 +reno>=1.8.0 # Apache-2.0 diff --git a/tools/process-templates.py b/tools/process-templates.py index a15b00e2..9a06812b 100755 --- a/tools/process-templates.py +++ b/tools/process-templates.py @@ -14,6 +14,7 @@ import argparse import jinja2 import os +import six import sys import yaml diff --git a/tools/releasenotes_tox.sh b/tools/releasenotes_tox.sh new file mode 100755 index 00000000..4fecfd92 --- /dev/null +++ b/tools/releasenotes_tox.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash + +rm -rf releasenotes/build + +sphinx-build -a -E -W \ + -d releasenotes/build/doctrees \ + -b html \ + releasenotes/source releasenotes/build/html +BUILD_RESULT=$? + +UNCOMMITTED_NOTES=$(git status --porcelain | \ + awk '$1 == "M" && $2 ~ /releasenotes\/notes/ {print $2}') + +if [ "${UNCOMMITTED_NOTES}" ] +then + cat <<EOF + +REMINDER: The following changes to release notes have not been committed: + +${UNCOMMITTED_NOTES} + +While that may be intentional, keep in mind that release notes are built from +committed changes, not the working directory. + +EOF +fi + +exit ${BUILD_RESULT} diff --git a/tools/tox_install.sh b/tools/tox_install.sh new file mode 100755 index 00000000..e61b63a8 --- /dev/null +++ b/tools/tox_install.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +# Client constraint file contains this client version pin that is in conflict +# with installing the client from source. We should remove the version pin in +# the constraints file before applying it for from-source installation. + +CONSTRAINTS_FILE="$1" +shift 1 + +set -e + +# NOTE(tonyb): Place this in the tox enviroment's log dir so it will get +# published to logs.openstack.org for easy debugging. +localfile="$VIRTUAL_ENV/log/upper-constraints.txt" + +if [[ "$CONSTRAINTS_FILE" != http* ]]; then + CONSTRAINTS_FILE="file://$CONSTRAINTS_FILE" +fi +# NOTE(tonyb): need to add curl to bindep.txt if the project supports bindep +curl "$CONSTRAINTS_FILE" --insecure --progress-bar --output "$localfile" + +pip install -c"$localfile" openstack-requirements + +# This is the main purpose of the script: Allow local installation of +# the current repo. It is listed in constraints file and thus any +# install will be constrained and we need to unconstrain it. +edit-constraints "$localfile" -- "$CLIENT_NAME" + +pip install -c"$localfile" -U "$@" +exit $? diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 95c7d025..f2359af6 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -19,11 +19,80 @@ import yaml required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords'] +envs_containing_endpoint_map = ['tls-endpoints-public-dns.yaml', + 'tls-endpoints-public-ip.yaml', + 'tls-everywhere-endpoints-dns.yaml'] +ENDPOINT_MAP_FILE = 'endpoint_map.yaml' + def exit_usage(): print('Usage %s <yaml file or directory>' % sys.argv[0]) sys.exit(1) +def get_base_endpoint_map(filename): + try: + tpl = yaml.load(open(filename).read()) + return tpl['parameters']['EndpointMap']['default'] + except Exception: + print(traceback.format_exc()) + return None + + +def get_endpoint_map_from_env(filename): + try: + tpl = yaml.load(open(filename).read()) + return { + 'file': filename, + 'map': tpl['parameter_defaults']['EndpointMap'] + } + except Exception: + print(traceback.format_exc()) + return None + + +def validate_endpoint_map(base_map, env_map): + return sorted(base_map.keys()) == sorted(env_map.keys()) + + +def validate_mysql_connection(settings): + no_op = lambda *args: False + error_status = [0] + + def mysql_protocol(items): + return items == ['EndpointMap', 'MysqlInternal', 'protocol'] + + def client_bind_address(item): + return 'bind_address' in item + + def validate_mysql_uri(key, items): + # Only consider a connection if it targets mysql + if key.endswith('connection') and \ + search(items, mysql_protocol, no_op): + # Assume the "bind_address" option is one of + # the token that made up the uri + if not search(items, client_bind_address, no_op): + error_status[0] = 1 + return False + + def search(item, check_item, check_key): + if check_item(item): + return True + elif isinstance(item, list): + for i in item: + if search(i, check_item, check_key): + return True + elif isinstance(item, dict): + for k in item.keys(): + if check_key(k, item[k]): + return True + elif search(item[k], check_item, check_key): + return True + return False + + search(settings, no_op, validate_mysql_uri) + return error_status[0] + + def validate_service(filename, tpl): if 'outputs' in tpl and 'role_data' in tpl['outputs']: if 'value' not in tpl['outputs']['role_data']: @@ -41,6 +110,12 @@ def validate_service(filename, tpl): print('ERROR: service_name should match file name for service: %s.' % filename) return 1 + # if service connects to mysql, the uri should use option + # bind_address to avoid issues with VIP failover + if 'config_settings' in role_data and \ + validate_mysql_connection(role_data['config_settings']): + print('ERROR: mysql connection uri should use option bind_address') + return 1 if 'parameters' in tpl: for param in required_params: if param not in tpl['parameters']: @@ -83,6 +158,8 @@ if len(sys.argv) < 2: path_args = sys.argv[1:] exit_val = 0 failed_files = [] +base_endpoint_map = None +env_endpoint_maps = list() for base_path in path_args: if os.path.isdir(base_path): @@ -94,6 +171,12 @@ for base_path in path_args: if failed: failed_files.append(file_path) exit_val |= failed + if f == ENDPOINT_MAP_FILE: + base_endpoint_map = get_base_endpoint_map(file_path) + if f in envs_containing_endpoint_map: + env_endpoint_map = get_endpoint_map_from_env(file_path) + if env_endpoint_map: + env_endpoint_maps.append(env_endpoint_map) elif os.path.isfile(base_path) and base_path.endswith('.yaml'): failed = validate(base_path) if failed: @@ -103,6 +186,30 @@ for base_path in path_args: print('Unexpected argument %s' % base_path) exit_usage() +if base_endpoint_map and \ + len(env_endpoint_maps) == len(envs_containing_endpoint_map): + for env_endpoint_map in env_endpoint_maps: + matches = validate_endpoint_map(base_endpoint_map, + env_endpoint_map['map']) + if not matches: + print("ERROR: %s doesn't match base endpoint map" % + env_endpoint_map['file']) + failed_files.append(env_endpoint_map['file']) + exit_val |= 1 + else: + print("%s matches base endpoint map" % env_endpoint_map['file']) +else: + print("ERROR: Can't validate endpoint maps since a file is missing. " + "If you meant to delete one of these files you should update this " + "tool as well.") + if not base_endpoint_map: + failed_files.append(ENDPOINT_MAP_FILE) + if len(env_endpoint_maps) != len(envs_containing_endpoint_map): + matched_files = set(os.path.basename(matched_env_file['file']) + for matched_env_file in env_endpoint_maps) + failed_files.extend(set(envs_containing_endpoint_map) - matched_files) + exit_val |= 1 + if failed_files: print('Validation failed on:') for f in failed_files: @@ -17,3 +17,6 @@ commands = [testenv:templates] commands = python ./tools/process-templates.py + +[testenv:releasenotes] +commands = bash -c tools/releasenotes_tox.sh |