diff options
130 files changed, 3802 insertions, 533 deletions
@@ -54,6 +54,9 @@ A description of the directory layout in TripleO Heat Templates. * validation-scripts: validation scripts useful to all deployment configurations + * roles: example roles that can be used with the tripleoclient to generate + a roles_data.yaml for a deployment See the + `roles/README.rst <roles/README.rst>`_ for additional details. Service testing matrix ---------------------- diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml new file mode 100644 index 00000000..c142922a --- /dev/null +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -0,0 +1,134 @@ +# NOTE: This is an environment specific for containers CI. Mainly we +# deploy non-pacemakerized overcloud. Once we are able to deploy and +# upgrade pacemakerized and containerized overcloud, we should remove +# this file and use normal CI multinode environments/scenarios. + +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml + OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml + OS::TripleO::Services::PankoApi: ../../puppet/services/panko-api.yaml + OS::TripleO::Services::Collectd: ../../puppet/services/metrics/collectd.yaml + OS::TripleO::Services::Tacker: ../../puppet/services/tacker.yaml + OS::TripleO::Services::Congress: ../../puppet/services/congress.yaml + OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml + OS::TripleO::Services::SensuClient: ../../puppet/services/monitoring/sensu-client.yaml + # NOTE: This is needed because of upgrades from Ocata to Pike. We + # deploy the initial environment with Ocata templates, and + # overcloud-resource-registry.yaml there doesn't have this Docker + # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can + # remove this. + OS::TripleO::Services::Docker: OS::Heat::None + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::Redis + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentIpmi + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Tacker + - OS::TripleO::Services::Congress + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::SensuClient + + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true + #NOTE(gfidente): not great but we need this to deploy on ext4 + #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ + ExtraConfig: + ceph::profile::params::osd_max_object_name_len: 256 + ceph::profile::params::osd_max_object_namespace_len: 64 + #NOTE: These ID's and keys should be regenerated for + # a production deployment. What is here is suitable for + # developer and CI testing only. + CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' + CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' + CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + NovaEnableRbdBackend: true + CinderEnableRbdBackend: true + CinderBackupBackend: ceph + GlanceBackend: rbd + GnocchiBackend: rbd + CinderEnableIscsiBackend: false + BannerText: | + ****************************************************************** + * This system is for the use of authorized users only. Usage of * + * this system may be monitored and recorded by system personnel. * + * Anyone using this system expressly consents to such monitoring * + * and is advised that if such monitoring reveals possible * + * evidence of criminal activity, system personnel may provide * + * the evidence from such monitoring to law enforcement officials.* + ****************************************************************** + CollectdExtraPlugins: + - rrdtool + LoggingServers: + - host: 127.0.0.1 + port: 24224 + MonitoringRabbitHost: 127.0.0.1 + MonitoringRabbitPort: 5676 + MonitoringRabbitPassword: sensu + TtyValues: + - console + - tty1 + - tty2 + - tty3 + - tty4 + - tty5 + - tty6 diff --git a/ci/environments/multinode-container-upgrade.yaml b/ci/environments/scenario002-multinode-containers.yaml index 89970419..7191deae 100644 --- a/ci/environments/multinode-container-upgrade.yaml +++ b/ci/environments/scenario002-multinode-containers.yaml @@ -1,12 +1,14 @@ -# NOTE: This is an environment specific for containers upgrade -# CI. Mainly we deploy non-pacemakerized overcloud, as at the time -# being containerization of services managed by pacemaker is not -# complete, so we deploy and upgrade the non-HA services for now. +# NOTE: This is an environment specific for containers CI. Mainly we +# deploy non-pacemakerized overcloud. Once we are able to deploy and +# upgrade pacemakerized and containerized overcloud, we should remove +# this file and use normal CI multinode environments/scenarios. resource_registry: - OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml - OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml - + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml + OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml + OS::TripleO::Services::Ec2Api: ../../puppet/services/ec2-api.yaml # NOTE: This is needed because of upgrades from Ocata to Pike. We # deploy the initial environment with Ocata templates, and # overcloud-resource-registry.yaml there doesn't have this Docker @@ -16,11 +18,6 @@ resource_registry: parameter_defaults: ControllerServices: - - OS::TripleO::Services::CephMon - - OS::TripleO::Services::CephOSD - - OS::TripleO::Services::CinderApi - - OS::TripleO::Services::CinderScheduler - - OS::TripleO::Services::CinderVolume - OS::TripleO::Services::Docker - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone @@ -48,23 +45,26 @@ parameter_defaults: - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::Zaqar + - OS::TripleO::Services::Ec2Api + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu - # Required for Centos 7.3 and Qemu 2.6.0 - nova::compute::libvirt::libvirt_cpu_mode: 'none' - #NOTE(gfidente): not great but we need this to deploy on ext4 - #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ - ceph::profile::params::osd_max_object_name_len: 256 - ceph::profile::params::osd_max_object_namespace_len: 64 - SwiftCeilometerPipelineEnabled: False - Debug: True + Debug: true + SwiftCeilometerPipelineEnabled: false diff --git a/ci/environments/scenario003-multinode-containers.yaml b/ci/environments/scenario003-multinode-containers.yaml new file mode 100644 index 00000000..cfb05077 --- /dev/null +++ b/ci/environments/scenario003-multinode-containers.yaml @@ -0,0 +1,69 @@ +# NOTE: This is an environment specific for containers CI. Mainly we +# deploy non-pacemakerized overcloud. Once we are able to deploy and +# upgrade pacemakerized and containerized overcloud, we should remove +# this file and use normal CI multinode environments/scenarios. + +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml + OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml + OS::TripleO::Services::MistralApi: ../../puppet/services/mistral-api.yaml + OS::TripleO::Services::MistralEngine: ../../puppet/services/mistral-engine.yaml + OS::TripleO::Services::MistralExecutor: ../../puppet/services/mistral-executor.yaml + # NOTE: This is needed because of upgrades from Ocata to Pike. We + # deploy the initial environment with Ocata templates, and + # overcloud-resource-registry.yaml there doesn't have this Docker + # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can + # remove this. + OS::TripleO::Services::Docker: OS::Heat::None + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::MistralApi + - OS::TripleO::Services::MistralEngine + - OS::TripleO::Services::MistralExecutor + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::Sshd + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true + # we don't deploy Swift so we switch to file backend. + GlanceBackend: 'file' + KeystoneTokenProvider: 'fernet' + SwiftCeilometerPipelineEnabled: false diff --git a/ci/environments/scenario004-multinode-containers.yaml b/ci/environments/scenario004-multinode-containers.yaml new file mode 100644 index 00000000..7a6724de --- /dev/null +++ b/ci/environments/scenario004-multinode-containers.yaml @@ -0,0 +1,92 @@ +# NOTE: This is an environment specific for containers CI. Mainly we +# deploy non-pacemakerized overcloud. Once we are able to deploy and +# upgrade pacemakerized and containerized overcloud, we should remove +# this file and use normal CI multinode environments/scenarios. + +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::CephMds: ../../puppet/services/ceph-mds.yaml + OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml + OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml + OS::TripleO::Services::CephRgw: ../../puppet/services/ceph-rgw.yaml + OS::TripleO::Services::SwiftProxy: OS::Heat::None + OS::TripleO::Services::SwiftStorage: OS::Heat::None + OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None + OS::TripleO::Services::ManilaApi: ../../puppet/services/manila-api.yaml + OS::TripleO::Services::ManilaScheduler: ../../puppet/services/manila-scheduler.yaml + OS::TripleO::Services::ManilaShare: ../../puppet/services/manila-share.yaml + OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml + OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml + # NOTE: This is needed because of upgrades from Ocata to Pike. We + # deploy the initial environment with Ocata templates, and + # overcloud-resource-registry.yaml there doesn't have this Docker + # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can + # remove this. + OS::TripleO::Services::Docker: OS::Heat::None + + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::CephMds + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronBgpVpnApi + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::Sshd + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + Debug: true + #NOTE(gfidente): not great but we need this to deploy on ext4 + #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/ + ExtraConfig: + ceph::profile::params::osd_max_object_name_len: 256 + ceph::profile::params::osd_max_object_namespace_len: 64 + #NOTE: These ID's and keys should be regenerated for + # a production deployment. What is here is suitable for + # developer and CI testing only. + CephClusterFSID: '4b5c8c0a-ff60-454b-a1b4-9747aa737d19' + CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' + CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' + CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + SwiftCeilometerPipelineEnabled: false + NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin' + BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default' diff --git a/docker/deploy-steps-playbook.yaml b/docker/deploy-steps-playbook.yaml new file mode 100644 index 00000000..b3cb500f --- /dev/null +++ b/docker/deploy-steps-playbook.yaml @@ -0,0 +1,50 @@ +- hosts: localhost + connection: local + tasks: + ##################################################### + # Per step puppet configuration of the baremetal host + ##################################################### + - name: Write the config_step hieradata + copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true + - name: Run puppet host configuration for step {{step}} + # FIXME: modulepath requires ansible 2.4, our builds currently only have 2.3 + # puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp + ###################################### + # Generate config via docker-puppet.py + ###################################### + - name: Run docker-puppet tasks (generate config) + shell: python /var/lib/docker-puppet/docker-puppet.py + environment: + NET_HOST: 'true' + when: step == "1" + changed_when: false + check_mode: no + ################################################## + # Per step starting of the containers using paunch + ################################################## + - name: Check if /var/lib/hashed-tripleo-config/docker-container-startup-config-step_{{step}}.json exists + stat: + path: /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json + register: docker_config_json + # Note docker-puppet.py generates the hashed-*.json file, which is a copy of + # the *step_n.json with a hash of the generated external config added + # This acts as a salt to enable restarting the container if config changes + - name: Start containers for step {{step}} + command: paunch --debug apply --file /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}} + when: docker_config_json.stat.exists + changed_when: false + check_mode: no + ######################################################## + # Bootstrap tasks, only performed on bootstrap_server_id + ######################################################## + - name: Run docker-puppet tasks (bootstrap tasks) + shell: python /var/lib/docker-puppet/docker-puppet.py + environment: + CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json + NET_HOST: "true" + NO_ARCHIVE: "true" + STEP: "{{step}}" + when: deploy_server_id == bootstrap_server_id + changed_when: false + check_mode: no diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 49dd00cd..340a9e9f 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -18,9 +18,11 @@ # that can be used to generate config files or run ad-hoc puppet modules # inside of a container. +import glob import json import logging import os +import sys import subprocess import sys import tempfile @@ -55,6 +57,28 @@ def pull_image(name): log.debug(cmd_stderr) +def match_config_volume(prefix, config): + # Match the mounted config volume - we can't just use the + # key as e.g "novacomute" consumes config-data/nova + volumes = config.get('volumes', []) + config_volume=None + for v in volumes: + if v.startswith(prefix): + config_volume = os.path.relpath( + v.split(":")[0], prefix).split("/")[0] + break + return config_volume + + +def get_config_hash(prefix, config_volume): + hashfile = os.path.join(prefix, "%s.md5sum" % config_volume) + hash_data = None + if os.path.isfile(hashfile): + with open(hashfile) as f: + hash_data = f.read().rstrip() + return hash_data + + def rm_container(name): if os.environ.get('SHOW_DIFF', None): log.info('Diffing container: %s' % name) @@ -176,6 +200,10 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume mkdir -p /var/lib/config-data/${NAME}/etc cp -a /etc/* /var/lib/config-data/${NAME}/etc/ + # workaround LP1696283 + mkdir -p /var/lib/config-data/${NAME}/etc/ssh + touch /var/lib/config-data/${NAME}/etc/ssh/ssh_known_hosts + if [ -d /root/ ]; then cp -a /root/ /var/lib/config-data/${NAME}/root/ fi @@ -193,6 +221,10 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume mkdir -p /var/lib/config-data/${NAME}/var/www cp -a /var/www/* /var/lib/config-data/${NAME}/var/www/ fi + + # Write a checksum of the config-data dir, this is used as a + # salt to trigger container restart when the config changes + tar cf - /var/lib/config-data/${NAME} | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum fi """) @@ -293,5 +325,30 @@ for returncode, config_volume in zip(returncodes, config_volumes): log.error('ERROR configuring %s' % config_volume) success = False + +# Update the startup configs with the config hash we generated above +config_volume_prefix = os.environ.get('CONFIG_VOLUME_PREFIX', '/var/lib/config-data') +log.debug('CONFIG_VOLUME_PREFIX: %s' % config_volume_prefix) +startup_configs = os.environ.get('STARTUP_CONFIG_PATTERN', '/var/lib/tripleo-config/docker-container-startup-config-step_*.json') +log.debug('STARTUP_CONFIG_PATTERN: %s' % startup_configs) +infiles = glob.glob('/var/lib/tripleo-config/docker-container-startup-config-step_*.json') +for infile in infiles: + with open(infile) as f: + infile_data = json.load(f) + + for k, v in infile_data.iteritems(): + config_volume = match_config_volume(config_volume_prefix, v) + if config_volume: + config_hash = get_config_hash(config_volume_prefix, config_volume) + if config_hash: + env = v.get('environment', []) + env.append("TRIPLEO_CONFIG_HASH=%s" % config_hash) + log.debug("Updating config hash for %s, config_volume=%s hash=%s" % (k, config_volume, config_hash)) + infile_data[k]['environment'] = env + + outfile = os.path.join(os.path.dirname(infile), "hashed-" + os.path.basename(infile)) + with open(outfile, 'w') as out_f: + json.dump(infile_data, out_f) + if not success: sys.exit(1) diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index 86811b86..3dd963b9 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -55,39 +55,18 @@ resources: step_{{step}}: {} {%- endfor %} -# BEGIN primary_role_name docker-puppet-tasks (run only on a single node) -{% for step in range(1, deploy_steps_max) %} - - {{primary_role_name}}DockerPuppetTasksConfig{{step}}: + RoleConfig: type: OS::Heat::SoftwareConfig properties: - group: script - config: {get_file: docker-puppet.py} + group: ansible + options: + modulepath: /usr/share/ansible-modules inputs: - - name: CONFIG - - name: NET_HOST - - name: NO_ARCHIVE - - name: STEP - - {{primary_role_name}}DockerPuppetTasksDeployment{{step}}: - type: OS::Heat::SoftwareDeployment - depends_on: - {% for dep in roles %} - - {{dep.name}}Deployment_Step{{step}} - - {{dep.name}}ContainersDeployment_Step{{step}} - {% endfor %} - properties: - name: {{primary_role_name}}DockerPuppetTasksDeployment{{step}} - server: {get_param: [servers, {{primary_role_name}}, '0']} - config: {get_resource: {{primary_role_name}}DockerPuppetTasksConfig{{step}}} - input_values: - CONFIG: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json - NET_HOST: 'true' - NO_ARCHIVE: 'true' - STEP: {{step}} - -{% endfor %} -# END primary_role_name docker-puppet-tasks + - name: step + - name: role_name + - name: update_identifier + - name: bootstrap_server_id + config: {get_file: deploy-steps-playbook.yaml} {% for role in roles %} # Post deployment steps for all roles @@ -122,6 +101,7 @@ resources: docker_startup_configs: {get_attr: [{{role.name}}DockerConfig, value]} kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]} bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']} + puppet_step_config: {get_attr: [{{role.name}}PuppetStepConfig, value]} tasks: # Join host_prep_tasks with the other per-host configuration yaql: @@ -130,9 +110,11 @@ resources: host_prep_tasks: {get_param: [role_data, {{role.name}}, host_prep_tasks]} template_tasks: {%- raw %} - # This is where we stack puppet configuration (for now)... - - name: Create /var/lib/config-data - file: path=/var/lib/config-data state=directory + # Write the manifest for baremetal puppet configuration + - name: Create /var/lib/tripleo-config directory + file: path=/var/lib/tripleo-config state=directory + - name: Write the puppet step_config manifest + copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes # This is the docker-puppet configs end in - name: Create /var/lib/docker-puppet file: path=/var/lib/docker-puppet state=directory @@ -145,8 +127,13 @@ resources: # Here we are dumping all the docker container startup configuration data # so that we can have access to how they are started outside of heat # and docker-cmd. This lets us create command line tools to test containers. + # FIXME do we need the docker-container-startup-configs.json or is the new per-step + # data consumed by paunch enough? - name: Write docker-container-startup-configs copy: content="{{docker_startup_configs | to_json}}" dest=/var/lib/docker-container-startup-configs.json force=yes + - name: Write per-step docker-container-startup-configs + copy: content="{{item.value|to_json}}" dest="/var/lib/tripleo-config/docker-container-startup-config-{{item.key}}.json" force=yes + with_dict: "{{docker_startup_configs}}" - name: Create /var/lib/kolla/config_files directory file: path=/var/lib/kolla/config_files state=directory - name: Write kolla config json files @@ -167,24 +154,6 @@ resources: servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}HostPrepConfig} - {{role.name}}GenerateConfig: - type: OS::Heat::SoftwareConfig - properties: - group: script - config: {get_file: docker-puppet.py} - inputs: - - name: NET_HOST - - {{role.name}}GenerateConfigDeployment: - type: OS::Heat::SoftwareDeploymentGroup - depends_on: [{{role.name}}ArtifactsDeploy, {{role.name}}HostPrepDeployment] - properties: - name: {{role.name}}GenerateConfigDeployment - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}GenerateConfig} - input_values: - NET_HOST: 'true' - {{role.name}}PuppetStepConfig: type: OS::Heat::Value properties: @@ -212,20 +181,16 @@ resources: service_names: {get_param: [role_data, {{role.name}}, service_names]} docker_config: {get_param: [role_data, {{role.name}}, docker_config]} - # BEGIN BAREMETAL CONFIG STEPS + # BEGIN CONFIG STEPS {{role.name}}PreConfig: type: OS::TripleO::Tasks::{{role.name}}PreConfig + depends_on: {{role.name}}HostPrepDeployment properties: servers: {get_param: [servers, {{role.name}}]} input_values: update_identifier: {get_param: DeployIdentifier} - {{role.name}}Config: - type: OS::TripleO::{{role.name}}Config - properties: - StepConfig: {get_attr: [{{role.name}}PuppetStepConfig, value]} - {% for step in range(1, deploy_steps_max) %} {{role.name}}Deployment_Step{{step}}: @@ -236,79 +201,46 @@ resources: depends_on: {% for dep in roles %} - {{dep.name}}Deployment_Step{{step -1}} - - {{dep.name}}ContainersDeployment_Step{{step -1}} {% endfor %} - - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}} {% endif %} properties: name: {{role.name}}Deployment_Step{{step}} servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} + config: {get_resource: RoleConfig} input_values: step: {{step}} + role_name: {{role.name}} update_identifier: {get_param: DeployIdentifier} + bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']} {% endfor %} - # END BAREMETAL CONFIG STEPS - - # BEGIN CONTAINER CONFIG STEPS - {% for step in range(1, deploy_steps_max) %} + # END CONFIG STEPS - {{role.name}}ContainersConfig_Step{{step}}: - type: OS::Heat::StructuredConfig - properties: - group: docker-cmd - config: - {get_attr: [{{role.name}}DockerConfig, value, step_{{step}}]} - - {{role.name}}ContainersDeployment_Step{{step}}: - type: OS::Heat::StructuredDeploymentGroup - {% if step == 1 %} - depends_on: - {%- for dep in roles %} - - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first - {%- endfor %} - - {{role.name}}PreConfig - - {{role.name}}HostPrepDeployment - - {{role.name}}GenerateConfigDeployment - {% else %} + # Note, this should be the last step to execute configuration changes. + # Ensure that all {{role.name}}ExtraConfigPost steps are executed + # after all the previous deployment steps. + {{role.name}}ExtraConfigPost: depends_on: - {% for dep in roles %} - - {{dep.name}}ContainersDeployment_Step{{step -1}} - - {{dep.name}}Deployment_Step{{step}} # baremetal steps of the same level run first - - {{dep.name}}Deployment_Step{{step -1}} - {% endfor %} - - {{primary_role_name}}DockerPuppetTasksDeployment{{step -1}} - {% endif %} - properties: - name: {{role.name}}ContainersDeployment_Step{{step}} - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}ContainersConfig_Step{{step}}} - + {% for dep in roles %} + - {{dep.name}}Deployment_Step5 {% endfor %} - # END CONTAINER CONFIG STEPS + type: OS::TripleO::NodeExtraConfigPost + properties: + servers: {get_param: [servers, {{role.name}}]} + # The {{role.name}}PostConfig steps are in charge of + # quiescing all services, i.e. in the Controller case, + # we should run a full service reload. {{role.name}}PostConfig: type: OS::TripleO::Tasks::{{role.name}}PostConfig depends_on: {% for dep in roles %} - - {{dep.name}}Deployment_Step5 - - {{primary_role_name}}DockerPuppetTasksDeployment5 + - {{dep.name}}ExtraConfigPost {% endfor %} properties: servers: {get_param: servers} input_values: update_identifier: {get_param: DeployIdentifier} - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - {{role.name}}ExtraConfigPost: - depends_on: - {% for dep in roles %} - - {{dep.name}}PostConfig - {% endfor %} - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: [servers, {{role.name}}]} {% endfor %} diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index f802e4e6..4b93ddd7 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -78,7 +78,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ] kolla_config: - /var/lib/kolla/config_files/aodh-api.json: + /var/lib/kolla/config_files/aodh_api.json: command: /usr/sbin/httpd -DFOREGROUND permissions: - path: /var/log/aodh @@ -118,9 +118,11 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/aodh-api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/aodh_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - - /var/lib/config-data/aodh/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/aodh/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/aodh/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/aodh/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/lib/config-data/aodh/var/www/:/var/www/:ro - /var/log/containers/aodh:/var/log/aodh - diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index 9d514d0c..74ac635f 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -70,7 +70,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ] kolla_config: - /var/lib/kolla/config_files/aodh-evaluator.json: + /var/lib/kolla/config_files/aodh_evaluator.json: command: /usr/bin/aodh-evaluator permissions: - path: /var/log/aodh @@ -87,7 +87,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/aodh-evaluator.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/aodh_evaluator.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /var/log/containers/aodh:/var/log/aodh environment: diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index dac61087..0930f42e 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -70,7 +70,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ] kolla_config: - /var/lib/kolla/config_files/aodh-listener.json: + /var/lib/kolla/config_files/aodh_listener.json: command: /usr/bin/aodh-listener permissions: - path: /var/log/aodh @@ -87,7 +87,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/aodh-listener.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/aodh_listener.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /var/log/containers/aodh:/var/log/aodh environment: diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index a22ae85e..607d9997 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -70,7 +70,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ] kolla_config: - /var/lib/kolla/config_files/aodh-notifier.json: + /var/lib/kolla/config_files/aodh_notifier.json: command: /usr/bin/aodh-notifier permissions: - path: /var/log/aodh @@ -87,7 +87,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/aodh_notifier.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - /var/log/containers/aodh:/var/log/aodh environment: diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml index 94caded8..9cec4a61 100644 --- a/docker/services/ceilometer-agent-central.yaml +++ b/docker/services/ceilometer-agent-central.yaml @@ -68,7 +68,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ] kolla_config: - /var/lib/kolla/config_files/ceilometer-agent-central.json: + /var/lib/kolla/config_files/ceilometer_agent_central.json: command: /usr/bin/ceilometer-polling --polling-namespaces central docker_config: step_3: @@ -89,7 +89,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/ceilometer-agent-central.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/ceilometer_agent_central.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -110,4 +110,4 @@ outputs: upgrade_tasks: - name: Stop and disable ceilometer agent central service tags: step2 - service: name=openstack-ceilometer-agent-central state=stopped enabled=no + service: name=openstack-ceilometer-central state=stopped enabled=no diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml index 9033cf4a..8d06d094 100644 --- a/docker/services/ceilometer-agent-compute.yaml +++ b/docker/services/ceilometer-agent-compute.yaml @@ -68,11 +68,11 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ] kolla_config: - /var/lib/kolla/config_files/ceilometer-agent-compute.json: + /var/lib/kolla/config_files/ceilometer_agent_compute.json: command: /usr/bin/ceilometer-polling --polling-namespaces compute docker_config: step_4: - ceilometer_agent-compute: + ceilometer_agent_compute: image: *ceilometer_agent_compute_image net: host privileged: false @@ -81,11 +81,12 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/ceilometer-agent-compute.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/run/libvirt:/var/run/libvirt:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: - name: Stop and disable ceilometer-agent-compute service tags: step2 - service: name=openstack-ceilometer-agent-compute state=stopped enabled=no + service: name=openstack-ceilometer-compute state=stopped enabled=no diff --git a/docker/services/ceilometer-agent-notification.yaml b/docker/services/ceilometer-agent-notification.yaml index 79df3306..36424e91 100644 --- a/docker/services/ceilometer-agent-notification.yaml +++ b/docker/services/ceilometer-agent-notification.yaml @@ -68,7 +68,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ] kolla_config: - /var/lib/kolla/config_files/ceilometer-agent-notification.json: + /var/lib/kolla/config_files/ceilometer_agent_notification.json: command: /usr/bin/ceilometer-agent-notification docker_config: step_3: @@ -80,7 +80,7 @@ outputs: volumes: - /var/log/containers/ceilometer:/var/log/ceilometer step_4: - ceilometer_agent-notification: + ceilometer_agent_notification: image: *ceilometer_agent_notification_image net: host privileged: false @@ -89,7 +89,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/ceilometer-agent-notification.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/ceilometer_agent_notification.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/collectd.yaml b/docker/services/collectd.yaml new file mode 100644 index 00000000..7354898b --- /dev/null +++ b/docker/services/collectd.yaml @@ -0,0 +1,94 @@ +heat_template_version: pike + +description: > + Containerized collectd service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCollectdImage: + description: image + default: 'centos-binary-collectd:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CollectdBase: + type: ../../puppet/services/metrics/collectd.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the collectd role. + value: + service_name: {get_attr: [CollectdBase, role_data, service_name]} + config_settings: {get_attr: [CollectdBase, role_data, config_settings]} + step_config: &step_config + get_attr: [CollectdBase, role_data, step_config] + service_config_settings: {get_attr: [CollectdBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: collectd + puppet_tags: collectd_client_config + step_config: *step_config + config_image: &collectd_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCollectdImage} ] + kolla_config: + /var/lib/kolla/config_files/collectd.json: + command: /usr/sbin/collectd -f + docker_config: + step_3: + collectd: + image: *collectd_image + net: host + privileged: true + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/run/docker.sock:/var/run/docker.sock:rw + - /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/collectd/etc/collectd/:/etc/collectd/:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + upgrade_tasks: + - name: Stop and disable collectd service + tags: step2 + service: name=collectd.service state=stopped enabled=no + diff --git a/docker/services/congress-api.yaml b/docker/services/congress-api.yaml new file mode 100644 index 00000000..3ee1d91d --- /dev/null +++ b/docker/services/congress-api.yaml @@ -0,0 +1,135 @@ +heat_template_version: pike + +description: > + OpenStack containerized Congress API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerCongressApiImage: + description: image + default: 'centos-binary-congress-api:latest' + type: string + DockerCongressConfigImage: + description: image + default: 'centos-binary-congress-api:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + CongressApiBase: + type: ../../puppet/services/congress.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Congress API role. + value: + service_name: {get_attr: [CongressApiBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [CongressApiBase, role_data, config_settings] + step_config: &step_config + get_attr: [CongressApiBase, role_data, step_config] + service_config_settings: {get_attr: [CongressApiBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: congress + puppet_tags: congress_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCongressConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/congress_api.json: + command: /usr/bin/congress-server --config-file=/etc/congress/congress.conf --log-file=/var/log/congress/api.log + permissions: + - path: /var/log/congress + owner: congress:congress + recurse: true + docker_config: + # db sync runs before permissions set by kolla_config + step_3: + congress_init_logs: + start_order: 0 + image: &congress_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerCongressApiImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/congress:/var/log/congress + command: ['/bin/bash', '-c', 'chown -R congress:congress /var/log/congress'] + congress_db_sync: + start_order: 1 + image: *congress_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/congress/etc/:/etc/:ro + - /var/log/containers/congress:/var/log/congress + command: "/usr/bin/bootstrap_host_exec congress su congress -s /bin/bash -c 'congress-db-manage --config-file /etc/congress/congress.conf upgrade head'" + step_4: + congress_api: + start_order: 15 + image: *congress_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/congress_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/congress/etc/congress/:/etc/congress/:ro + - /var/log/containers/congress:/var/log/congress + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/congress + state: directory + upgrade_tasks: + - name: Stop and disable congress_api service + tags: step2 + service: name=openstack-congress-server state=stopped enabled=no diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml index a9912a1f..973d9994 100644 --- a/docker/services/containers-common.yaml +++ b/docker/services/containers-common.yaml @@ -18,3 +18,4 @@ outputs: - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro # Syslog socket - /dev/log:/dev/log + - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 96a02f9f..5d0eb79d 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -87,7 +87,8 @@ outputs: privileged: false volumes: &mongodb_volumes - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/mongodb/etc/:/etc/:ro + - /var/lib/config-data/mongodb/etc/mongod.conf:/etc/mongod.conf:ro + - /var/lib/config-data/mongodb/etc/mongos.conf:/etc/mongos.conf:ro - /etc/localtime:/etc/localtime:ro - /var/log/containers/mongodb:/var/log/mongodb - /var/lib/mongodb:/var/lib/mongodb diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml index 73578e13..c73db857 100644 --- a/docker/services/database/mysql.yaml +++ b/docker/services/database/mysql.yaml @@ -105,7 +105,7 @@ outputs: command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] volumes: &mysql_volumes - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/mysql/etc/:/etc/:ro + - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro - /etc/localtime:/etc/localtime:ro - /etc/hosts:/etc/hosts:ro - /var/lib/mysql:/var/lib/mysql diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml index 73df96c5..9e84dd5f 100644 --- a/docker/services/database/redis.yaml +++ b/docker/services/database/redis.yaml @@ -77,6 +77,14 @@ outputs: recurse: true docker_config: step_1: + redis_init_logs: + start_order: 0 + image: *redis_image + privileged: false + user: root + volumes: + - /var/log/containers/redis:/var/log/redis + command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis'] redis: image: *redis_image net: host @@ -85,16 +93,19 @@ outputs: volumes: - /run:/run - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/redis/etc/:/etc/:ro + - /var/lib/config-data/redis/etc/redis.conf:/etc/redis.conf:ro - /etc/localtime:/etc/localtime:ro - - logs:/var/log/kolla + - /var/log/containers/redis:/var/log/redis environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - - name: create /var/run/redis + - name: create persistent directories file: - path: /var/run/redis + path: "{{ item }}" state: directory + with_items: + - /var/log/containers/redis + - /var/run/redis upgrade_tasks: - name: Stop and disable redis service tags: step2 diff --git a/docker/services/etcd.yaml b/docker/services/etcd.yaml index e5a7096b..818bddd4 100644 --- a/docker/services/etcd.yaml +++ b/docker/services/etcd.yaml @@ -100,7 +100,7 @@ outputs: step_config: 'include ::tripleo::profile::base::etcd' config_image: *etcd_image volumes: - - /var/lib/config-data/etcd/etc/:/etc + - /var/lib/config-data/etcd/etc/etcd/:/etc/etcd:ro - /var/lib/etcd:/var/lib/etcd:ro host_prep_tasks: - name: create /var/lib/etcd diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index df8186da..c3af5231 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -79,7 +79,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ] kolla_config: - /var/lib/kolla/config_files/glance-api.json: + /var/lib/kolla/config_files/glance_api.json: command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf /var/lib/kolla/config_files/glance_api_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND @@ -105,7 +105,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json + - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json - /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro - /var/log/containers/glance:/var/log/glance environment: @@ -136,7 +136,9 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/glance_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/glance_api/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/glance_api/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/glance_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/glance_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index e59d6095..e3b72bc5 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -78,7 +78,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ] kolla_config: - /var/lib/kolla/config_files/gnocchi-api.json: + /var/lib/kolla/config_files/gnocchi_api.json: command: /usr/sbin/httpd -DFOREGROUND permissions: - path: /var/log/gnocchi @@ -118,9 +118,11 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/gnocchi-api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - - /var/lib/config-data/gnocchi/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/gnocchi/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/gnocchi/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/gnocchi/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/lib/config-data/gnocchi/var/www/:/var/www/:ro - /var/log/containers/gnocchi:/var/log/gnocchi - diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index 2724805b..ea26d838 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -68,7 +68,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ] kolla_config: - /var/lib/kolla/config_files/gnocchi-metricd.json: + /var/lib/kolla/config_files/gnocchi_metricd.json: command: /usr/bin/gnocchi-metricd permissions: - path: /var/log/gnocchi @@ -85,7 +85,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/gnocchi-metricd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/log/containers/gnocchi:/var/log/gnocchi environment: diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 305971f1..a8ae857d 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -68,7 +68,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ] kolla_config: - /var/lib/kolla/config_files/gnocchi-statsd.json: + /var/lib/kolla/config_files/gnocchi_statsd.json: command: /usr/bin/gnocchi-statsd permissions: - path: /var/log/gnocchi @@ -85,7 +85,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/gnocchi-statsd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/log/containers/gnocchi:/var/log/gnocchi environment: diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml new file mode 100644 index 00000000..1f8bcfad --- /dev/null +++ b/docker/services/haproxy.yaml @@ -0,0 +1,111 @@ +heat_template_version: pike + +description: > + OpenStack containerized HAproxy service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerHAProxyImage: + description: image + default: 'centos-binary-haproxy:latest' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + HAProxyStatsPassword: + description: Password for HAProxy stats endpoint + hidden: true + type: string + HAProxyStatsUser: + description: User for HAProxy stats endpoint + default: admin + type: string + HAProxySyslogAddress: + default: /dev/log + description: Syslog address where HAproxy will send its log + type: string + RedisPassword: + description: The password for Redis + type: string + hidden: true + MonitoringSubscriptionHaproxy: + default: 'overcloud-haproxy' + type: string + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + HAProxyBase: + type: ../../puppet/services/haproxy.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the HAproxy role. + value: + service_name: {get_attr: [HAProxyBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [HAProxyBase, role_data, config_settings] + - tripleo::haproxy::haproxy_daemon: false + step_config: &step_config + get_attr: [HAProxyBase, role_data, step_config] + service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: haproxy + puppet_tags: haproxy_config + step_config: *step_config + config_image: &haproxy_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ] + kolla_config: + /var/lib/kolla/config_files/haproxy.json: + command: haproxy -f /etc/haproxy/haproxy.cfg + docker_config: + step_1: + haproxy: + image: *haproxy_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/haproxy/etc/:/etc/:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + metadata_settings: + get_attr: [HAProxyBase, role_data, metadata_settings] diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index 37fa4c81..89ba8cbd 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -108,7 +108,9 @@ outputs: - - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/heat_api_cfn/etc/heat/:/etc/heat/:ro - - /var/lib/config-data/heat_api_cfn/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/heat_api_cfn/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro - /var/log/containers/heat:/var/log/heat - diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index 5043aed8..834f2a0b 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -108,7 +108,9 @@ outputs: - - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/heat_api/etc/heat/:/etc/heat/:ro - - /var/lib/config-data/heat_api/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/heat_api/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/heat_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/heat_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/lib/config-data/heat_api/var/www/:/var/www/:ro - /var/log/containers/heat:/var/log/heat - diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml new file mode 100644 index 00000000..022eb5dd --- /dev/null +++ b/docker/services/horizon.yaml @@ -0,0 +1,128 @@ +heat_template_version: pike + +description: > + OpenStack containerized Horizon service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerHorizonImage: + description: image + default: 'centos-binary-horizon:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + HorizonBase: + type: ../../puppet/services/horizon.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Horizon API role. + value: + service_name: {get_attr: [HorizonBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [HorizonBase, role_data, config_settings] + - horizon::vhost_extra_params: + add_listen: true + priority: 10 + access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' + options: ['FollowSymLinks','MultiViews'] + - horizon::secure_cookies: false + step_config: {get_attr: [HorizonBase, role_data, step_config]} + service_config_settings: {get_attr: [HorizonBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: horizon + puppet_tags: horizon_config + step_config: {get_attr: [HorizonBase, role_data, step_config]} + config_image: &horizon_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHorizonImage} ] + kolla_config: + /var/lib/kolla/config_files/horizon.json: + command: /usr/sbin/httpd -DFOREGROUND + permissions: + - path: /var/log/horizon/ + owner: apache:apache + recurse: true + # FIXME Apache tries to write a .lock file there + - path: /usr/share/openstack-dashboard/openstack_dashboard/local/ + owner: apache:apache + recurse: false + docker_config: + step_3: + horizon_fix_perms: + image: *horizon_image + user: root + # NOTE Set ownership for /var/log/horizon/horizon.log file here, + # otherwise it's created by root when generating django cache. + # FIXME Apache needs to read files in /etc/openstack-dashboard + # Need to set permissions to match the BM case, + # http://paste.openstack.org/show/609819/ + command: ['/bin/bash', '-c', 'touch /var/log/horizon/horizon.log && chown -R apache:apache /var/log/horizon && chmod -R a+rx /etc/openstack-dashboard'] + volumes: + - /var/log/containers/horizon:/var/log/horizon + - /var/lib/config-data/horizon/etc/:/etc/ + horizon: + start_order: 1 + image: *horizon_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/horizon/etc/httpd:/etc/httpd:ro + - /var/lib/config-data/horizon/etc/openstack-dashboard:/etc/openstack-dashboard:ro + - /var/log/containers/horizon:/var/log/horizon + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/horizon + state: directory + upgrade_tasks: + - name: Stop and disable horizon service (running under httpd) + tags: step2 + service: name=httpd state=stopped enabled=no + metadata_settings: + get_attr: [HorizonBase, role_data, metadata_settings] diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index c8978aa2..650ce4cf 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -105,7 +105,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/config-data/ironic/etc/:/etc/:ro + - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro - /var/log/containers/ironic:/var/log/ironic command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'" step_4: @@ -120,7 +120,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/:/etc/:ro + - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro - /var/log/containers/ironic:/var/log/ironic environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml index bc828e65..75c70828 100644 --- a/docker/services/ironic-pxe.yaml +++ b/docker/services/ironic-pxe.yaml @@ -113,7 +113,9 @@ outputs: - - /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro - - /var/lib/config-data/ironic/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/lib/config-data/ironic/var/www/:/var/www/:ro - /var/lib/ironic:/var/lib/ironic/ - /var/log/containers/ironic:/var/log/ironic diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 772859ee..5b253b46 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -116,7 +116,9 @@ outputs: - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/keystone/var/www/:/var/www/:ro - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro - - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/keystone/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/keystone/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/keystone/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/log/containers/keystone:/var/log/keystone - if: diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml new file mode 100644 index 00000000..47d0f579 --- /dev/null +++ b/docker/services/manila-api.yaml @@ -0,0 +1,112 @@ +heat_template_version: pike + +description: > + OpenStack containerized Manila API service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerManilaApiImage: + description: image + default: 'centos-binary-manila-api:latest' + type: string + DockerManilaConfigImage: + description: image + default: 'centos-binary-manila-base:latest' + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ManilaApiPuppetBase: + type: ../../puppet/services/manila-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + +outputs: + role_data: + description: Role data for the Manila API role. + value: + service_name: {get_attr: [ManilaApiPuppetBase, role_data, service_name]} + config_settings: {get_attr: [ManilaApiPuppetBase, role_data, config_settings]} + step_config: &step_config + {get_attr: [ManilaApiPuppetBase, role_data, step_config]} + service_config_settings: {get_attr: [ManilaApiPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: manila + puppet_tags: manila_config,manila_api_paste_ini + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/manila_api.json: + command: /usr/bin/manila-api --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + permissions: + - path: /var/log/manila + owner: manila:manila + recurse: true + docker_config: + step_3: + manila_api_db_sync: + user: root + image: &manila_api_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerManilaApiImage} ] + net: host + detach: false + volumes: + - /var/lib/config-data/manila/etc/manila/:/etc/manila:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - logs:/var/log + command: "/usr/bin/bootstrap_host_exec manila_api su manila -s /bin/bash -c '/usr/bin/manila-manage db sync'" + step_4: + manila_api: + image: *manila_api_image + net: host + restart: always + volumes: + - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /var/log/containers/manila:/var/log/manila + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: Create persistent manila logs directory + file: + path: /var/log/containers/manila + state: directory + upgrade_tasks: + - name: Stop and disable manila_api service + tags: step2 + service: name=openstack-manila-api state=stopped enabled=no diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index 5586d41b..cc7e613e 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -105,7 +105,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/config-data/mistral/etc/:/etc/:ro + - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro - /var/log/containers/mistral:/var/log/mistral command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'" mistral_db_populate: @@ -119,7 +119,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/config-data/mistral/etc/:/etc/:ro + - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro - /var/log/containers/mistral:/var/log/mistral # NOTE: dprince this requires that we install openstack-tripleo-common into # the Mistral API image so that we get tripleo* actions diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index 7ce47a14..fbdf75ab 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -150,7 +150,9 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/neutron/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/neutron/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/neutron/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml index 97901bc8..f3a284fe 100644 --- a/docker/services/neutron-l3.yaml +++ b/docker/services/neutron-l3.yaml @@ -71,7 +71,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: - /var/lib/kolla/config_files/neutron-l3-agent.json: + /var/lib/kolla/config_files/neutron_l3_agent.json: command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini permissions: - path: /var/log/neutron @@ -79,7 +79,7 @@ outputs: recurse: true docker_config: step_4: - neutronl3agent: + neutron_l3_agent: image: list_join: - '/' @@ -92,7 +92,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/neutron-l3-agent.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - /lib/modules:/lib/modules:ro - /run:/run @@ -104,3 +104,8 @@ outputs: file: path: /var/log/containers/neutron state: directory + upgrade_tasks: + - name: Stop and disable neutron_l3 service + tags: step2 + service: name=neutron-l3-agent state=stopped enabled=no + diff --git a/docker/services/neutron-metadata.yaml b/docker/services/neutron-metadata.yaml index 88b2ca5c..69bf0c4e 100644 --- a/docker/services/neutron-metadata.yaml +++ b/docker/services/neutron-metadata.yaml @@ -71,7 +71,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: - /var/lib/kolla/config_files/neutron-metadata-agent.json: + /var/lib/kolla/config_files/neutron_metadata_agent.json: command: /usr/bin/neutron-metadata-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-metadata-agent permissions: - path: /var/log/neutron @@ -92,7 +92,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/neutron-metadata-agent.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - /lib/modules:/lib/modules:ro - /run:/run diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index 89bf8663..65ad21ed 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -70,7 +70,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] kolla_config: - /var/lib/kolla/config_files/neutron-openvswitch-agent.json: + /var/lib/kolla/config_files/neutron_ovs_agent.json: command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini permissions: - path: /var/log/neutron @@ -78,7 +78,7 @@ outputs: recurse: true docker_config: step_4: - neutronovsagent: + neutron_ovs_agent: image: &neutron_ovs_agent_image list_join: - '/' @@ -91,7 +91,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro - /lib/modules:/lib/modules:ro - /run:/run diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 4f10a1a3..9f647eba 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -74,7 +74,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] kolla_config: - /var/lib/kolla/config_files/nova-compute.json: + /var/lib/kolla/config_files/nova_compute.json: command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf permissions: - path: /var/log/nova @@ -86,17 +86,17 @@ outputs: docker_config: # FIXME: run discover hosts here step_4: - novacompute: + nova_compute: image: *nova_compute_image net: host privileged: true - user: root + user: nova restart: always volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/nova-compute.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro - /dev:/dev - /etc/iscsi:/etc/iscsi diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index be0dd111..63780fe6 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -81,7 +81,7 @@ outputs: recurse: true docker_config: step_5: - novacompute: + nova_compute: image: list_join: - '/' diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 9779d676..6c871f14 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -44,6 +44,26 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + EnableInternalTLS: + type: boolean + default: false + UseTLSTransportForLiveMigration: + type: boolean + default: true + description: If set to true and if EnableInternalTLS is enabled, it will + set the libvirt URI's transport to tls and configure the + relevant keys for libvirt. + +conditions: + + use_tls_for_live_migration: + and: + - equals: + - {get_param: EnableInternalTLS} + - true + - equals: + - {get_param: UseTLSTransportForLiveMigration} + - true resources: @@ -84,8 +104,12 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] kolla_config: - /var/lib/kolla/config_files/nova-libvirt.json: - command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf + /var/lib/kolla/config_files/nova_libvirt.json: + command: + if: + - use_tls_for_live_migration + - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf + - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf permissions: - path: /var/log/nova owner: nova:nova @@ -105,7 +129,7 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/nova-libvirt.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro - /lib/modules:/lib/modules:ro - /dev:/dev diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index ae4ccf68..8f06f731 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -92,7 +92,9 @@ outputs: - - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro - - /var/lib/config-data/nova_placement/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/nova_placement/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/nova_placement/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/nova_placement/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/lib/config-data/nova_placement/var/www/:/var/www/:ro - /var/log/containers/nova:/var/log/nova environment: diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml new file mode 100644 index 00000000..bad2acf6 --- /dev/null +++ b/docker/services/pacemaker/clustercheck.yaml @@ -0,0 +1,103 @@ +heat_template_version: pike + +description: > + MySQL HA clustercheck service deployment using puppet + This service is used by HAProxy in a HA scenario to report whether + the local galera node is synced + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerClustercheckImage: + description: image + default: 'centos-binary-mariadb:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ../containers-common.yaml + + MysqlPuppetBase: + type: ../../../puppet/services/pacemaker/database/mysql.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Containerized service clustercheck using composable services. + value: + service_name: clustercheck + config_settings: {get_attr: [MysqlPuppetBase, role_data, config_settings]} + step_config: "include ::tripleo::profile::pacemaker::clustercheck" + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: clustercheck + puppet_tags: file # set this even though file is the default + step_config: "include ::tripleo::profile::pacemaker::clustercheck" + config_image: &clustercheck_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckImage} ] + kolla_config: + /var/lib/kolla/config_files/clustercheck.json: + command: /usr/sbin/xinetd -dontfork + config_files: + - dest: /etc/xinetd.conf + source: /var/lib/kolla/config_files/src/etc/xinetd.conf + owner: mysql + perm: '0644' + - dest: /etc/xinetd.d/galera-monitor + source: /var/lib/kolla/config_files/src/etc/xinetd.d/galera-monitor + owner: mysql + perm: '0644' + - dest: /etc/sysconfig/clustercheck + source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck + owner: mysql + perm: '0600' + docker_config: + step_2: + clustercheck: + start_order: 1 + image: *clustercheck_image + restart: always + net: host + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/clustercheck.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/clustercheck/:/var/lib/kolla/config_files/src:ro + - /var/lib/mysql:/var/lib/mysql + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + upgrade_tasks: diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml new file mode 100644 index 00000000..d64845f2 --- /dev/null +++ b/docker/services/pacemaker/database/mysql.yaml @@ -0,0 +1,180 @@ +heat_template_version: pike + +description: > + MySQL service deployment with pacemaker bundle + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerMysqlImage: + description: image + default: 'centos-binary-mariadb:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + MysqlRootPassword: + type: string + hidden: true + default: '' + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ../../containers-common.yaml + + MysqlPuppetBase: + type: ../../../../puppet/services/pacemaker/database/mysql.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Containerized service MySQL using composable services. + value: + service_name: {get_attr: [MysqlPuppetBase, role_data, service_name]} + config_settings: + map_merge: + - {get_attr: [MysqlPuppetBase, role_data, config_settings]} + - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image + list_join: + - '/' + - - {get_param: DockerNamespace} + - {get_param: DockerMysqlImage} + step_config: "" + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: mysql + puppet_tags: file # set this even though file is the default + step_config: + list_join: + - "\n" + - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }" + - "exec {'wait-for-settle': command => '/bin/true' }" + - "include ::tripleo::profile::pacemaker::database::mysql_bundle" + config_image: *mysql_image + kolla_config: + /var/lib/kolla/config_files/mysql.json: + command: /usr/sbin/pacemaker_remoted + config_files: + - dest: /etc/libqb/force-filesystem-sockets + source: /dev/null + owner: root + perm: '0644' + - dest: /etc/my.cnf + source: /var/lib/kolla/config_files/src/etc/my.cnf + owner: mysql + perm: '0644' + - dest: /etc/my.cnf.d/galera.cnf + source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf + owner: mysql + perm: '0644' + - dest: /etc/sysconfig/clustercheck + source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck + owner: root + perm: '0600' + docker_config: + step_1: + mysql_data_ownership: + start_order: 0 + detach: false + image: *mysql_image + net: host + user: root + # Kolla does only non-recursive chown + command: ['chown', '-R', 'mysql:', '/var/lib/mysql'] + volumes: + - /var/lib/mysql:/var/lib/mysql + mysql_bootstrap: + start_order: 1 + detach: false + image: *mysql_image + net: host + # Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done + command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] + volumes: &mysql_volumes + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro + - /var/lib/mysql:/var/lib/mysql + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - KOLLA_BOOTSTRAP=True + # NOTE(mandre) skip wsrep cluster status check + - KOLLA_KUBERNETES=True + - + list_join: + - '=' + - - 'DB_ROOT_PASSWORD' + - + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: MysqlRootPassword} + - {get_param: [DefaultPasswords, mysql_root_password]} + step_2: + mysql_init_bundle: + start_order: 1 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user' + CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle' + image: *mysql_image + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + - /var/lib/config-data/mysql/etc/my.cnf:/etc/my.cnf:ro + - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro + - /var/lib/mysql:/var/lib/mysql:rw + host_prep_tasks: + - name: create /var/lib/mysql + file: + path: /var/lib/mysql + state: directory + upgrade_tasks: + - name: Stop and disable mysql service + tags: step2 + service: name=mariadb state=stopped enabled=no diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml new file mode 100644 index 00000000..ef27f7e9 --- /dev/null +++ b/docker/services/pacemaker/database/redis.yaml @@ -0,0 +1,140 @@ +heat_template_version: pike + +description: > + OpenStack containerized Redis services + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerRedisImage: + description: image + default: 'centos-binary-redis:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + RedisBase: + type: ../../../../puppet/services/database/redis.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Redis API role. + value: + service_name: {get_attr: [RedisBase, role_data, service_name]} + config_settings: + map_merge: + - {get_attr: [RedisBase, role_data, config_settings]} + - redis::service_manage: false + redis::notify_service: false + redis::managed_by_cluster_manager: true + tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image + list_join: + - '/' + - - {get_param: DockerNamespace} + - {get_param: DockerRedisImage} + + step_config: "" + service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: 'redis' + # NOTE: we need the exec tag to copy /etc/redis.conf.puppet to + # /etc/redis.conf + # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763 + puppet_tags: 'exec' + step_config: + get_attr: [RedisBase, role_data, step_config] + config_image: *redis_image + kolla_config: + /var/lib/kolla/config_files/redis.json: + command: /usr/sbin/pacemaker_remoted + config_files: + - dest: /etc/libqb/force-filesystem-sockets + source: /dev/null + owner: root + perm: '0644' + permissions: + - path: /var/run/redis + owner: redis:redis + recurse: true + - path: /var/lib/redis + owner: redis:redis + recurse: true + - path: /var/log/redis + owner: redis:redis + recurse: true + docker_config: + step_2: + redis_init_bundle: + start_order: 2 + detach: false + net: host + user: root + config_volume: 'redis_init_bundle' + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' + CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle' + image: *redis_image + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + host_prep_tasks: + - name: create /var/run/redis + file: + path: /var/run/redis + state: directory + - name: create /var/log/redis + file: + path: /var/log/redis + state: directory + - name: create /var/lib/redis + file: + path: /var/lib/redis + state: directory + upgrade_tasks: + - name: Stop and disable redis service + tags: step2 + service: name=redis state=stopped enabled=no diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml new file mode 100644 index 00000000..ae19652e --- /dev/null +++ b/docker/services/pacemaker/haproxy.yaml @@ -0,0 +1,116 @@ +heat_template_version: pike + +description: > + OpenStack containerized HAproxy service for pacemaker + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerHAProxyImage: + description: image + default: 'centos-binary-haproxy:latest' + type: string + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + HAProxyBase: + type: ../../../puppet/services/pacemaker/haproxy.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the HAproxy role. + value: + service_name: {get_attr: [HAProxyBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [HAProxyBase, role_data, config_settings] + - tripleo::haproxy::haproxy_daemon: false + haproxy_docker: true + tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ] + step_config: + list_join: + - "\n" + - - &noop_pcmk "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }" + - 'include ::tripleo::profile::pacemaker::haproxy_bundle' + service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: haproxy + puppet_tags: haproxy_config + step_config: + list_join: + - "\n" + - - "exec {'wait-for-settle': command => '/bin/true' }" + - &noop_firewall "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}" + - *noop_pcmk + - 'include ::tripleo::profile::pacemaker::haproxy_bundle' + config_image: *haproxy_image + kolla_config: + /var/lib/kolla/config_files/haproxy.json: + command: haproxy -f /etc/haproxy/haproxy.cfg + docker_config: + step_2: + haproxy_init_bundle: + start_order: 3 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' + CONFIG: + list_join: + - ';' + - - *noop_firewall + - 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::haproxy_bundle' + image: *haproxy_image + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + metadata_settings: + get_attr: [HAProxyBase, role_data, metadata_settings] diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml new file mode 100644 index 00000000..7f6ac701 --- /dev/null +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -0,0 +1,159 @@ +heat_template_version: pike + +description: > + OpenStack containerized Rabbitmq service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerRabbitmqImage: + description: image + default: 'centos-binary-rabbitmq:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RabbitCookie: + type: string + default: '' + hidden: true + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + RabbitmqBase: + type: ../../../puppet/services/rabbitmq.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Rabbitmq API role. + value: + service_name: {get_attr: [RabbitmqBase, role_data, service_name]} + config_settings: + map_merge: + - {get_attr: [RabbitmqBase, role_data, config_settings]} + - rabbitmq::service_manage: false + tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image + list_join: + - '/' + - - {get_param: DockerNamespace} + - {get_param: DockerRabbitmqImage} + step_config: &step_config + get_attr: [RabbitmqBase, role_data, step_config] + service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: rabbitmq + puppet_tags: file + step_config: *step_config + config_image: *rabbitmq_image + kolla_config: + /var/lib/kolla/config_files/rabbitmq.json: + command: /usr/sbin/pacemaker_remoted + config_files: + - dest: /etc/libqb/force-filesystem-sockets + source: /dev/null + owner: root + perm: '0644' + permissions: + - path: /var/lib/rabbitmq + owner: rabbitmq:rabbitmq + recurse: true + - path: /var/log/rabbitmq + owner: rabbitmq:rabbitmq + recurse: true + # When using pacemaker we don't launch the container, instead that is done by pacemaker + # itself. + docker_config: + step_1: + rabbitmq_bootstrap: + start_order: 0 + image: *rabbitmq_image + net: host + privileged: false + volumes: + - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/rabbitmq/etc/rabbitmq:/etc/rabbitmq:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /var/lib/rabbitmq:/var/lib/rabbitmq + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - KOLLA_BOOTSTRAP=True + - + list_join: + - '=' + - - 'RABBITMQ_CLUSTER_COOKIE' + - + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: RabbitCookie} + - {get_param: [DefaultPasswords, rabbit_cookie]} + step_2: + rabbitmq_init_bundle: + start_order: 0 + detach: false + net: host + user: root + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'" + params: + TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' + CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle' + image: *rabbitmq_image + volumes: + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw + host_prep_tasks: + - name: create /var/lib/rabbitmq + file: + path: /var/lib/rabbitmq + state: directory + - name: stop the Erlang port mapper on the host and make sure it cannot bind to the port used by container + shell: | + echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf + echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf + for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done + upgrade_tasks: + - name: Stop and disable rabbitmq service + tags: step2 + service: name=rabbitmq-server state=stopped enabled=no diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index b9e6e93a..c381c0da 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -80,7 +80,7 @@ outputs: - '/' - [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ] kolla_config: - /var/lib/kolla/config_files/panko-api.json: + /var/lib/kolla/config_files/panko_api.json: command: /usr/sbin/httpd -DFOREGROUND permissions: - path: /var/log/panko @@ -88,7 +88,7 @@ outputs: recurse: true docker_config: step_3: - panko-init-log: + panko_init_log: start_order: 0 image: *panko_image user: root @@ -120,9 +120,11 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/panko-api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro - - /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/panko/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/panko/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/panko/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/lib/config-data/panko/var/www/:/var/www/:ro - /var/log/containers/panko:/var/log/panko - diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index e2f8228e..609aec06 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -146,7 +146,7 @@ outputs: step_config: 'include ::tripleo::profile::base::rabbitmq' config_image: *rabbitmq_image volumes: - - /var/lib/config-data/rabbitmq/etc/:/etc/ + - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro - /var/lib/rabbitmq:/var/lib/rabbitmq:ro host_prep_tasks: - name: create persistent directories diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml index 04c4ba1e..f1d0da77 100644 --- a/docker/services/swift-proxy.yaml +++ b/docker/services/swift-proxy.yaml @@ -117,7 +117,9 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/swift/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/swift/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/swift/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index 017fb123..55aea208 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -46,6 +46,11 @@ parameters: via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json + SwiftRawDisks: + default: {} + description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' + type: json + resources: @@ -66,7 +71,11 @@ outputs: description: Role data for the swift storage services. value: service_name: {get_attr: [SwiftStorageBase, role_data, service_name]} - config_settings: {get_attr: [SwiftStorageBase, role_data, config_settings]} + config_settings: + map_merge: + - {get_attr: [SwiftStorageBase, role_data, config_settings]} + # FIXME (cschwede): re-enable this once checks works inside containers + - swift::storage::all::mount_check: false step_config: &step_config get_attr: [SwiftStorageBase, role_data, step_config] service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]} @@ -348,6 +357,18 @@ outputs: with_items: - /var/log/containers/swift - /srv/node + - name: Format and mount devices defined in SwiftRawDisks + mount: + name: /srv/node/{{ item }} + src: /dev/{{ item }} + fstype: xfs + opts: noatime + state: mounted + with_items: + - repeat: + template: 'DEVICE' + for_each: + DEVICE: {get_param: SwiftRawDisks} upgrade_tasks: - name: Stop and disable swift storage services tags: step2 diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml new file mode 100644 index 00000000..2fc99d6f --- /dev/null +++ b/docker/services/tacker.yaml @@ -0,0 +1,134 @@ +heat_template_version: pike + +description: > + OpenStack containerized Tacker service + +parameters: + DockerNamespace: + description: namespace + default: 'tripleoupstream' + type: string + DockerTackerImage: + description: image + default: 'centos-binary-tacker:latest' + type: string + DockerTackerConfigImage: + description: image + default: 'centos-binary-tacker:latest' + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + TackerBase: + type: ../../puppet/services/tacker.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Tacker role. + value: + service_name: {get_attr: [TackerBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [TackerBase, role_data, config_settings] + step_config: &step_config + get_attr: [TackerBase, role_data, step_config] + service_config_settings: {get_attr: [TackerBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: tacker + puppet_tags: tacker_config + step_config: *step_config + config_image: + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerTackerConfigImage} ] + kolla_config: + /var/lib/kolla/config_files/tacker_api.json: + command: /usr/bin/tacker-server --config-file=/etc/tacker/tacker.conf --log-file=/var/log/tacker/api.log + permissions: + - path: /var/log/tacker + owner: tacker:tacker + recurse: true + docker_config: + # db sync runs before permissions set by kolla_config + step_3: + tacker_init_logs: + start_order: 0 + image: &tacker_image + list_join: + - '/' + - [ {get_param: DockerNamespace}, {get_param: DockerTackerImage} ] + privileged: false + user: root + volumes: + - /var/log/containers/tacker:/var/log/tacker + command: ['/bin/bash', '-c', 'chown -R tacker:tacker /var/log/tacker'] + tacker_db_sync: + start_order: 1 + image: *tacker_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/tacker/etc/:/etc/:ro + - /var/log/containers/tacker:/var/log/tacker + command: "/usr/bin/bootstrap_host_exec tacker su tacker -s /bin/bash -c 'tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head'" + step_4: + tacker_api: + image: *tacker_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/tacker_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/tacker/etc/tacker/:/etc/tacker/:ro + - /var/log/containers/tacker:/var/log/tacker + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/tacker + state: directory + upgrade_tasks: + - name: Stop and disable tacker-server service + tags: step2 + service: name=openstack-tacker-server state=stopped enabled=no diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 594df693..5ce324b9 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -93,7 +93,9 @@ outputs: - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro - /var/lib/config-data/zaqar/var/www/:/var/www/:ro - - /var/lib/config-data/zaqar/etc/httpd/:/etc/httpd/:ro + - /var/lib/config-data/zaqar/etc/httpd/conf/:/etc/httpd/conf/:ro + - /var/lib/config-data/zaqar/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro + - /var/lib/config-data/zaqar/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - /var/log/containers/zaqar:/var/log/zaqar environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index e37f2515..2740664c 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -50,3 +50,4 @@ parameter_defaults: - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker + - OS::TripleO::Services::Sshd diff --git a/environments/docker.yaml b/environments/docker.yaml index cbd5b687..b9f8cd75 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -45,6 +45,7 @@ resource_registry: OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml + OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::PostDeploySteps: ../docker/post.yaml OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml @@ -63,3 +64,4 @@ parameter_defaults: - OS::TripleO::Services::ComputeNeutronOvsAgent - OS::TripleO::Services::Docker - OS::TripleO::Services::CeilometerAgentCompute + - OS::TripleO::Services::Sshd diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 6fd71013..0f7e1143 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -19,6 +19,7 @@ parameter_defaults: - OS::TripleO::Services::Kernel - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::NeutronLinuxbridgeAgent - OS::TripleO::Services::ComputeCeilometerAgent - OS::TripleO::Services::ComputeNeutronL3Agent - OS::TripleO::Services::ComputeNeutronMetadataAgent diff --git a/environments/neutron-bgpvpn-opendaylight.yaml b/environments/neutron-bgpvpn-opendaylight.yaml new file mode 100644 index 00000000..1d2e0774 --- /dev/null +++ b/environments/neutron-bgpvpn-opendaylight.yaml @@ -0,0 +1,12 @@ +# A Heat environment file that can be used to deploy Neutron BGPVPN service +# +# This environment file deploys Neutron BGPVPN service and configures +# Opendaylight as its service provider. +# +# - OpenDaylight: BGPVPN:OpenDaylight:networking_bgpvpn.neutron.services.service_drivers.opendaylight.odl.OpenDaylightBgpvpnDriver:default +resource_registry: + OS::TripleO::Services::NeutronBgpVpnApi: ../puppet/services/neutron-bgpvpn-api.yaml + +parameter_defaults: + NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin' + BgpvpnServiceProvider: 'BGPVPN:OpenDaylight:networking_bgpvpn.neutron.services.service_drivers.opendaylight.odl.OpenDaylightBgpvpnDriver:default' diff --git a/environments/neutron-linuxbridge.yaml b/environments/neutron-linuxbridge.yaml new file mode 100644 index 00000000..c8045cc9 --- /dev/null +++ b/environments/neutron-linuxbridge.yaml @@ -0,0 +1,8 @@ +## A Heat environment that can be used to deploy linuxbridge +resource_registry: + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronLinuxbridgeAgent: ../puppet/services/neutron-linuxbridge-agent.yaml + +parameter_defaults: + NeutronMechanismDrivers: ['linuxbridge'] diff --git a/environments/neutron-ovs-dpdk.yaml b/environments/neutron-ovs-dpdk.yaml index 004b8ac0..6706bccc 100644 --- a/environments/neutron-ovs-dpdk.yaml +++ b/environments/neutron-ovs-dpdk.yaml @@ -9,7 +9,7 @@ parameter_defaults: #NeutronDpdkMemoryChannels: "" NeutronDatapathType: "netdev" - NeutronVhostuserSocketDir: "/var/run/openvswitch" + NeutronVhostuserSocketDir: "/var/lib/vhost_sockets" #NeutronDpdkSocketMemory: "" #NeutronDpdkDriverType: "vfio-pci" diff --git a/environments/puppet-ceph-devel.yaml b/environments/puppet-ceph-devel.yaml index 8fc4bf29..6a69914b 100644 --- a/environments/puppet-ceph-devel.yaml +++ b/environments/puppet-ceph-devel.yaml @@ -20,5 +20,5 @@ parameter_defaults: GlanceBackend: rbd GnocchiBackend: rbd CinderEnableIscsiBackend: false - CephPoolDefaultSite: 1 + CephPoolDefaultSize: 1 diff --git a/environments/services-docker/collectd.yaml b/environments/services-docker/collectd.yaml new file mode 100644 index 00000000..1623a888 --- /dev/null +++ b/environments/services-docker/collectd.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml diff --git a/environments/services-docker/congress.yaml b/environments/services-docker/congress.yaml new file mode 100644 index 00000000..5d4c7307 --- /dev/null +++ b/environments/services-docker/congress.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::Congress: ../../docker/services/congress-api.yaml diff --git a/environments/services-docker/manila.yaml b/environments/services-docker/manila.yaml new file mode 100644 index 00000000..6f7608c1 --- /dev/null +++ b/environments/services-docker/manila.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::ManilaApi: ../../docker/services/manila-api.yaml diff --git a/environments/services-docker/tacker.yaml b/environments/services-docker/tacker.yaml new file mode 100644 index 00000000..cba8d6b9 --- /dev/null +++ b/environments/services-docker/tacker.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml diff --git a/extraconfig/post_deploy/undercloud_post.sh b/extraconfig/post_deploy/undercloud_post.sh index 8bcae1d3..3c508d11 100755 --- a/extraconfig/post_deploy/undercloud_post.sh +++ b/extraconfig/post_deploy/undercloud_post.sh @@ -45,57 +45,61 @@ if ! grep "$(cat /root/.ssh/id_rsa.pub)" /root/.ssh/authorized_keys; then cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys fi -PHYSICAL_NETWORK=ctlplane - -ctlplane_id=$(openstack network list -f csv -c ID -c Name --quote none | tail -n +2 | grep ctlplane | cut -d, -f1) -subnet_ids=$(openstack subnet list -f csv -c ID --quote none | tail -n +2) -subnet_id= +if [ "$(hiera neutron_api_enabled)" = "true" ]; then + PHYSICAL_NETWORK=ctlplane + + ctlplane_id=$(openstack network list -f csv -c ID -c Name --quote none | tail -n +2 | grep ctlplane | cut -d, -f1) + subnet_ids=$(openstack subnet list -f csv -c ID --quote none | tail -n +2) + subnet_id= + + for subnet_id in $subnet_ids; do + network_id=$(openstack subnet show -f value -c network_id $subnet_id) + if [ "$network_id" = "$ctlplane_id" ]; then + break + fi + done -for subnet_id in $subnet_ids; do - network_id=$(openstack subnet show -f value -c network_id $subnet_id) - if [ "$network_id" = "$ctlplane_id" ]; then - break - fi -done - -net_create=1 -if [ -n "$subnet_id" ]; then - cidr=$(openstack subnet show $subnet_id -f value -c cidr) - if [ "$cidr" = "$undercloud_network_cidr" ]; then - net_create=0 - else - echo "New cidr $undercloud_network_cidr does not equal old cidr $cidr" - echo "Will attempt to delete and recreate subnet $subnet_id" + net_create=1 + if [ -n "$subnet_id" ]; then + cidr=$(openstack subnet show $subnet_id -f value -c cidr) + if [ "$cidr" = "$undercloud_network_cidr" ]; then + net_create=0 + else + echo "New cidr $undercloud_network_cidr does not equal old cidr $cidr" + echo "Will attempt to delete and recreate subnet $subnet_id" + fi fi -fi -if [ "$net_create" -eq "1" ]; then - # Delete the subnet and network to make sure it doesn't already exist - if openstack subnet list | grep start; then - openstack subnet delete $(openstack subnet list | grep start | awk '{print $4}') - fi - if openstack network show ctlplane; then - openstack network delete ctlplane + if [ "$net_create" -eq "1" ]; then + # Delete the subnet and network to make sure it doesn't already exist + if openstack subnet list | grep start; then + openstack subnet delete $(openstack subnet list | grep start | awk '{print $4}') + fi + if openstack network show ctlplane; then + openstack network delete ctlplane + fi + + + NETWORK_ID=$(openstack network create --provider-network-type=flat --provider-physical-network=ctlplane ctlplane | grep " id " | awk '{print $4}') + + NAMESERVER_ARG="" + if [ -n "${undercloud_nameserver:-}" ]; then + NAMESERVER_ARG="--dns-nameserver $undercloud_nameserver" + fi + + openstack subnet create --network=$NETWORK_ID \ + --gateway=$undercloud_network_gateway \ + --subnet-range=$undercloud_network_cidr \ + --allocation-pool start=$undercloud_dhcp_start,end=$undercloud_dhcp_end \ + --host-route destination=169.254.169.254/32,gateway=$local_ip \ + $NAMESERVER_ARG ctlplane fi - - - NETWORK_ID=$(openstack network create --provider-network-type=flat --provider-physical-network=ctlplane ctlplane | grep " id " | awk '{print $4}') - - NAMESERVER_ARG="" - if [ -n "${undercloud_nameserver:-}" ]; then - NAMESERVER_ARG="--dns-nameserver $undercloud_nameserver" - fi - - openstack subnet create --network=$NETWORK_ID \ - --gateway=$undercloud_network_gateway \ - --subnet-range=$undercloud_network_cidr \ - --allocation-pool start=$undercloud_dhcp_start,end=$undercloud_dhcp_end \ - --host-route destination=169.254.169.254/32,gateway=$local_ip \ - $NAMESERVER_ARG ctlplane fi -# Disable nova quotas -openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}') +if [ "$(hiera nova_api_enabled)" = "true" ]; then + # Disable nova quotas + openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}') +fi # MISTRAL WORKFLOW CONFIGURATION if [ "$(hiera mistral_api_enabled)" = "true" ]; then diff --git a/extraconfig/tasks/post_puppet_pacemaker.j2.yaml b/extraconfig/tasks/post_puppet_pacemaker.j2.yaml index 7fc258d6..6bf5afb0 100644 --- a/extraconfig/tasks/post_puppet_pacemaker.j2.yaml +++ b/extraconfig/tasks/post_puppet_pacemaker.j2.yaml @@ -10,8 +10,8 @@ parameters: resources: -{%- for role in roles -%} -{% if "controller" in role.tags %} +{%- for role in roles %} + {%- if 'controller' in role.tags %} {{role.name}}PostPuppetMaintenanceModeConfig: type: OS::Heat::SoftwareConfig properties: @@ -37,6 +37,6 @@ resources: properties: servers: {get_param: [servers, {{role.name}}]} input_values: {get_param: input_values} -{%- endif -%} -{% endfor %} + {%- endif %} +{%- endfor %} diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index c99fa3f1..d4c301bb 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -154,6 +154,7 @@ resource_registry: OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml + OS::TripleO::Services::NeutronLinuxbridgeAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml OS::TripleO::Services::Pacemaker: OS::Heat::None OS::TripleO::Services::PacemakerRemote: OS::Heat::None diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index cd9369f0..f8655b18 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -197,6 +197,12 @@ parameters: description: > Set to true to append per network Vips to /etc/hosts on each node. + DeploymentServerBlacklist: + default: [] + type: comma_delimited_list + description: > + List of server hostnames to blacklist from any triggered deployments. + conditions: add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]} @@ -318,14 +324,14 @@ resources: properties: name: {{role.name}}HostsDeployment config: {get_attr: [hostsConfig, config_id]} - servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} + servers: {get_attr: [{{role.name}}Servers, value]} {{role.name}}SshKnownHostsDeployment: type: OS::Heat::StructuredDeployments properties: name: {{role.name}}SshKnownHostsDeployment config: {get_resource: SshKnownHostsConfig} - servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} + servers: {get_attr: [{{role.name}}Servers, value]} {{role.name}}AllNodesDeployment: type: OS::Heat::StructuredDeployments @@ -336,7 +342,7 @@ resources: properties: name: {{role.name}}AllNodesDeployment config: {get_attr: [allNodesConfig, config_id]} - servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} + servers: {get_attr: [{{role.name}}Servers, value]} input_values: # Note we have to use yaql to look up the first hostname/ip in the # list because heat path based attributes operate on the attribute @@ -358,7 +364,7 @@ resources: properties: name: {{role.name}}AllNodesValidationDeployment config: {get_resource: AllNodesValidationConfig} - servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} + servers: {get_attr: [{{role.name}}Servers, value]} {{role.name}}IpListMap: type: OS::TripleO::Network::Ports::NetIpListMap @@ -439,8 +445,39 @@ resources: ServiceNames: {get_attr: [{{role.name}}ServiceNames, value]} MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChainRoleData, value, monitoring_subscriptions]} ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_metadata_settings]} + DeploymentServerBlacklistDict: {get_attr: [DeploymentServerBlacklistDict, value]} +{% endfor %} + +{% for role in roles %} + {{role.name}}Servers: + type: OS::Heat::Value + depends_on: {{role.name}} + properties: + type: json + value: + yaql: + expression: let(servers=>switch(isDict($.data.servers) => $.data.servers, true => {})) -> $servers.deleteAll($servers.keys().where($servers[$] = null)) + data: + servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} {% endfor %} + # This resource just creates a dict out of the DeploymentServerBlacklist, + # which is a list. The dict is used in the role templates to set a condition + # on whether to create the deployment resources. We can't use the list + # directly because there is no way to ask Heat if a list contains a specific + # value. + DeploymentServerBlacklistDict: + type: OS::Heat::Value + properties: + type: json + value: + map_merge: + repeat: + template: + hostname: 1 + for_each: + hostname: {get_param: DeploymentServerBlacklist} + hostsConfig: type: OS::TripleO::Hosts::SoftwareConfig properties: @@ -663,7 +700,7 @@ resources: properties: servers: {% for role in roles %} - {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]} + {{role.name}}: {get_attr: [{{role.name}}Servers, value]} {% endfor %} input_values: deploy_identifier: {get_param: DeployIdentifier} @@ -681,7 +718,7 @@ resources: properties: servers: {% for role in roles %} - {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]} + {{role.name}}: {get_attr: [{{role.name}}Servers, value]} {% endfor %} # Post deployment steps for all roles @@ -695,7 +732,7 @@ resources: properties: servers: {% for role in roles %} - {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]} + {{role.name}}: {get_attr: [{{role.name}}Servers, value]} {% endfor %} EndpointMap: {get_attr: [EndpointMap, endpoint_map]} role_data: diff --git a/plan-samples/README.rst b/plan-samples/README.rst new file mode 100644 index 00000000..44b9d0cd --- /dev/null +++ b/plan-samples/README.rst @@ -0,0 +1,22 @@ +================================= +Samples for plan-environment.yaml +================================= + +The ``plan-environment.yaml`` file provides the details of the plan to be +deployed by TripleO. Along with the details of the heat environments and +parameters, it is also possible to provide workflow specific parameters to the +TripleO mistral workflows. A new section ``workflow_parameters`` has been +added to provide workflow specific parameters. This provides a clear +separation of heat environment parameters and the workflow only parameters. +These customized plan environment files can be provided as with ``-p`` option +to the ``openstack overcloud deploy`` and ``openstack overcloud plan create`` +commands. The sample format to provide the workflow specific parameters:: + + workflow_parameters: + tripleo.derive_params.v1.derive_parameters: + # DPDK Parameters + number_of_pmd_cpu_threads_per_numa_node: 2 + + +All the parameters specified under the workflow name will be passed as +``user_input`` to the workflow, while invoking from the tripleoclient.
\ No newline at end of file diff --git a/plan-samples/plan-environment-derived-params.yaml b/plan-samples/plan-environment-derived-params.yaml new file mode 100644 index 00000000..964e57d2 --- /dev/null +++ b/plan-samples/plan-environment-derived-params.yaml @@ -0,0 +1,35 @@ +version: 1.0 + +name: overcloud +description: > + Default Deployment plan +template: overcloud.yaml +environments: + - path: overcloud-resource-registry-puppet.yaml +workflow_parameters: + tripleo.derive_params.v1.derive_parameters: + ######### DPDK Parameters ######### + # Specifices the minimum number of CPU threads to be allocated for DPDK + # PMD threads. The actual allocation will be based on network config, if + # the a DPDK port is associated with a numa node, then this configuration + # will be used, else 0. + number_of_pmd_cpu_threads_per_numa_node: 4 + # Amount of memory to be configured as huge pages in percentage. Ouf the + # total available memory (excluding the NovaReservedHostMemory), the + # specified percentage of the remaining is configured as huge pages. + huge_page_allocation_percentage: 90 + ######### HCI Parameters ######### + hci_profile: default + hci_profile_config: + default: + average_guest_memory_size_in_mb: 2048 + average_guest_cpu_utilization_percentage: 50 + many_small_vms: + average_guest_memory_size_in_mb: 1024 + average_guest_cpu_utilization_percentage: 20 + few_large_vms: + average_guest_memory_size_in_mb: 4096 + average_guest_cpu_utilization_percentage: 80 + nfv_default: + average_guest_memory_size_in_mb: 8192 + average_guest_cpu_utilization_percentage: 90 diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 3fc663fb..60ddeb8a 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -132,6 +132,20 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. + +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 resources: BlockStorage: @@ -366,7 +380,11 @@ resources: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: BlockStorage} - actions: {get_param: NetworkDeploymentActions} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] BlockStorageUpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -389,6 +407,11 @@ resources: name: BlockStorageUpgradeInitDeployment server: {get_resource: BlockStorage} config: {get_resource: BlockStorageUpgradeInitConfig} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] BlockStorageDeployment: type: OS::Heat::StructuredDeployment @@ -399,6 +422,11 @@ resources: config: {get_resource: BlockStorageConfig} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] # Map heat metadata into hiera datafiles BlockStorageConfig: @@ -409,6 +437,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - volume_extraconfig - extraconfig - service_names @@ -466,6 +495,11 @@ resources: input_values: update_identifier: get_param: UpdateIdentifier + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey @@ -555,6 +589,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" description: Heat resource handle for the block storage server value: {get_resource: BlockStorage} + condition: server_not_blacklisted external_ip_address: description: IP address of the server in the external network value: {get_attr: [ExternalPort, ip_address]} diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 295e64f5..9d30ab29 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -138,6 +138,20 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. + +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 resources: CephStorage: @@ -372,7 +386,11 @@ resources: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: CephStorage} - actions: {get_param: NetworkDeploymentActions} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] CephStorageUpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -395,6 +413,11 @@ resources: name: CephStorageUpgradeInitDeployment server: {get_resource: CephStorage} config: {get_resource: CephStorageUpgradeInitConfig} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] CephStorageDeployment: type: OS::Heat::StructuredDeployment @@ -405,6 +428,11 @@ resources: server: {get_resource: CephStorage} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] CephStorageConfig: type: OS::Heat::StructuredConfig @@ -414,6 +442,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - ceph_extraconfig - extraconfig - service_names @@ -477,6 +506,11 @@ resources: input_values: update_identifier: get_param: UpdateIdentifier + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey @@ -566,6 +600,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" description: Heat resource handle for the ceph storage server value: {get_resource: CephStorage} + condition: server_not_blacklisted external_ip_address: description: IP address of the server in the external network value: {get_attr: [ExternalPort, ip_address]} diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 05318f3f..06a31ec9 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -150,6 +150,20 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. + +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 resources: @@ -384,9 +398,13 @@ resources: depends_on: PreNetworkConfig properties: name: NetworkDeployment + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] config: {get_resource: NetworkConfig} server: {get_resource: NovaCompute} - actions: {get_param: NetworkDeploymentActions} input_values: bridge_name: {get_param: NeutronPhysicalBridge} interface_name: {get_param: NeutronPublicInterface} @@ -410,6 +428,11 @@ resources: depends_on: NetworkDeployment properties: name: NovaComputeUpgradeInitDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] server: {get_resource: NovaCompute} config: {get_resource: NovaComputeUpgradeInitConfig} @@ -421,6 +444,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - compute_extraconfig - extraconfig - service_names @@ -461,6 +485,11 @@ resources: depends_on: NovaComputeUpgradeInitDeployment properties: name: NovaComputeDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] config: {get_resource: NovaComputeConfig} server: {get_resource: NovaCompute} input_values: @@ -496,6 +525,11 @@ resources: depends_on: NetworkDeployment properties: name: UpdateDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] config: {get_resource: UpdateConfig} server: {get_resource: NovaCompute} input_values: @@ -609,4 +643,5 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" nova_server_resource: description: Heat resource handle for the Nova compute server value: - {get_resource: NovaCompute}
\ No newline at end of file + {get_resource: NovaCompute} + condition: server_not_blacklisted diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 163ba57b..cccfdef1 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -164,6 +164,13 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. parameter_groups: - label: deprecated @@ -171,6 +178,14 @@ parameter_groups: parameters: - controllerExtraConfig +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 + + resources: Controller: @@ -405,7 +420,11 @@ resources: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: Controller} - actions: {get_param: NetworkDeploymentActions} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] input_values: bridge_name: br-ex interface_name: {get_param: NeutronPublicInterface} @@ -444,6 +463,11 @@ resources: depends_on: NetworkDeployment properties: name: ControllerUpgradeInitDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] server: {get_resource: Controller} config: {get_resource: ControllerUpgradeInitConfig} @@ -452,6 +476,11 @@ resources: depends_on: ControllerUpgradeInitDeployment properties: name: ControllerDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] config: {get_resource: ControllerConfig} server: {get_resource: Controller} input_values: @@ -468,6 +497,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - controller_extraconfig - extraconfig - service_configs @@ -535,6 +565,11 @@ resources: depends_on: NetworkDeployment properties: name: UpdateDeployment + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] config: {get_resource: UpdateConfig} server: {get_resource: Controller} input_values: @@ -649,6 +684,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" description: Heat resource handle for the Nova compute server value: {get_resource: Controller} + condition: server_not_blacklisted tls_key_modulus_md5: description: MD5 checksum of the TLS Key Modulus value: {get_attr: [NodeTLSData, key_modulus_md5]} diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index 8420f99d..b44095bd 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -44,24 +44,6 @@ resources: - '' - - "#!/bin/bash\n\n" - "set -eu\n\n" - - "if hiera -c /etc/puppet/hiera.yaml service_names | grep nova_compute ; then\n\n" - - " crudini --set /etc/nova/nova.conf placement auth_type password\n\n" - - " crudini --set /etc/nova/nova.conf placement username placement\n\n" - - " crudini --set /etc/nova/nova.conf placement project_domain_name Default\n\n" - - " crudini --set /etc/nova/nova.conf placement user_domain_name Default\n\n" - - " crudini --set /etc/nova/nova.conf placement project_name service\n\n" - - " crudini --set /etc/nova/nova.conf placement os_interface internal\n\n" - - str_replace: - template: | - crudini --set /etc/nova/nova.conf placement password 'SERVICE_PASSWORD' - crudini --set /etc/nova/nova.conf placement os_region_name 'REGION_NAME' - crudini --set /etc/nova/nova.conf placement auth_url 'AUTH_URL' - params: - SERVICE_PASSWORD: { get_param: NovaPassword } - REGION_NAME: { get_param: KeystoneRegion } - AUTH_URL: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - - " systemctl restart openstack-nova-compute\n\n" - - "fi\n\n" - str_replace: template: | ROLE='ROLE_NAME' diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 7ee12b19..19ea1b65 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -132,6 +132,20 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. + +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 resources: @@ -366,7 +380,12 @@ resources: name: NetworkDeployment config: {get_resource: NetworkConfig} server: {get_resource: SwiftStorage} - actions: {get_param: NetworkDeploymentActions} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] + SwiftStorageUpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -389,6 +408,11 @@ resources: name: SwiftStorageUpgradeInitDeployment server: {get_resource: SwiftStorage} config: {get_resource: SwiftStorageUpgradeInitConfig} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SwiftStorageHieraConfig: type: OS::Heat::StructuredConfig @@ -398,6 +422,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - object_extraconfig - extraconfig - service_names @@ -436,6 +461,11 @@ resources: config: {get_resource: SwiftStorageHieraConfig} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] # Resource for site-specific injection of root certificate NodeTLSCAData: @@ -464,6 +494,11 @@ resources: input_values: update_identifier: get_param: UpdateIdentifier + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey @@ -553,6 +588,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" description: Heat resource handle for the swift storage server value: {get_resource: SwiftStorage} + condition: server_not_blacklisted external_ip_address: description: IP address of the server in the external network value: {get_attr: [ExternalPort, ip_address]} diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2 index 360c633a..5567d65d 100644 --- a/puppet/puppet-steps.j2 +++ b/puppet/puppet-steps.j2 @@ -44,26 +44,31 @@ update_identifier: {get_param: DeployIdentifier} {% endfor %} - {{role.name}}PostConfig: - type: OS::TripleO::Tasks::{{role.name}}PostConfig + # Note, this should be the last step to execute configuration changes. + # Ensure that all {{role.name}}ExtraConfigPost steps are executed + # after all the previous deployment steps. + {{role.name}}ExtraConfigPost: depends_on: {% for dep in roles %} - {{dep.name}}Deployment_Step5 {% endfor %} + type: OS::TripleO::NodeExtraConfigPost properties: - servers: {get_param: servers} - input_values: - update_identifier: {get_param: DeployIdentifier} + servers: {get_param: [servers, {{role.name}}]} - # Note, this should come last, so use depends_on to ensure - # this is created after any other resources. - {{role.name}}ExtraConfigPost: + # The {{role.name}}PostConfig steps are in charge of + # quiescing all services, i.e. in the Controller case, + # we should run a full service reload. + {{role.name}}PostConfig: + type: OS::TripleO::Tasks::{{role.name}}PostConfig depends_on: {% for dep in roles %} - - {{dep.name}}PostConfig + - {{dep.name}}ExtraConfigPost {% endfor %} - type: OS::TripleO::NodeExtraConfigPost properties: - servers: {get_param: [servers, {{role.name}}]} + servers: {get_param: servers} + input_values: + update_identifier: {get_param: DeployIdentifier} + {% endfor %} diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index dbb517f0..7af90e24 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -154,6 +154,20 @@ parameters: major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files. default: '' + DeploymentServerBlacklistDict: + default: {} + type: json + description: > + Map of server hostnames to blacklist from any triggered + deployments. If the value is 1, the server will be blacklisted. This + parameter is generated from the parent template. + +conditions: + server_not_blacklisted: + not: + equals: + - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} + - 1 resources: {{role}}: @@ -392,6 +406,11 @@ resources: input_values: bridge_name: br-ex interface_name: {get_param: NeutronPublicInterface} + actions: + if: + - server_not_blacklisted + - {get_param: NetworkDeploymentActions} + - [] {{role}}UpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -414,6 +433,11 @@ resources: name: {{role}}UpgradeInitDeployment server: {get_resource: {{role}}} config: {get_resource: {{role}}UpgradeInitConfig} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] {{role}}Deployment: type: OS::Heat::StructuredDeployment @@ -424,6 +448,11 @@ resources: server: {get_resource: {{role}}} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] {{role}}Config: type: OS::Heat::StructuredConfig @@ -433,6 +462,7 @@ resources: hierarchy: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} + - config_step - {{role.lower()}}_extraconfig - extraconfig - service_names @@ -499,6 +529,11 @@ resources: input_values: update_identifier: get_param: UpdateIdentifier + actions: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey @@ -588,6 +623,7 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" description: Heat resource handle for {{role}} server value: {get_resource: {{role}}} + condition: server_not_blacklisted external_ip_address: description: IP address of the server in the external network value: {get_attr: [ExternalPort, ip_address]} diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 331fe9a9..0563d08b 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -56,11 +56,18 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + AodhDebug: + default: '' + description: Set to True to enable debugging Aodh services. + type: string KeystoneRegion: type: string default: 'regionOne' description: Keystone region for endpoint +conditions: + service_debug_unset: {equals : [{get_param: AodhDebug}, '']} + outputs: role_data: description: Role data for the Aodh role. @@ -78,7 +85,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - aodh::debug: {get_param: Debug} + aodh::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: AodhDebug } aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } aodh::rabbit_userid: {get_param: RabbitUserName} aodh::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 53fba63e..51331242 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -38,6 +38,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + BarbicanDebug: + default: '' + description: Set to True to enable debugging Barbican service. + type: string KeystoneRegion: type: string default: 'regionOne' @@ -81,6 +85,9 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} +conditions: + service_debug_unset: {equals : [{get_param: BarbicanDebug}, '']} + outputs: role_data: description: Role data for the Barbican API role. @@ -97,7 +104,11 @@ outputs: barbican::api::host_href: {get_param: [EndpointMap, BarbicanPublic, uri]} barbican::api::db_auto_create: false barbican::api::enabled_certificate_plugins: ['simple_certificate'] - barbican::api::logging::debug: {get_param: Debug} + barbican::api::logging::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: BarbicanDebug } barbican::api::rabbit_use_ssl: {get_param: RabbitClientUseSSL} barbican::api::rabbit_userid: {get_param: RabbitUserName} barbican::api::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index b3e2c3a4..1d86369b 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -64,6 +64,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + CeilometerDebug: + default: '' + description: Set to True to enable debugging Ceilometer services. + type: string KeystoneRegion: type: string default: 'regionOne' @@ -100,13 +104,20 @@ parameters: type: string hidden: true +conditions: + service_debug_unset: {equals : [{get_param: CeilometerDebug}, '']} + outputs: role_data: description: Role data for the Ceilometer role. value: service_name: ceilometer_base config_settings: - ceilometer::debug: {get_param: Debug} + ceilometer::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: CeilometerDebug } ceilometer::keystone::authtoken::project_name: 'service' ceilometer::keystone::authtoken::user_domain_name: 'Default' ceilometer::keystone::authtoken::project_domain_name: 'Default' diff --git a/puppet/services/certmonger-user.yaml b/puppet/services/certmonger-user.yaml index 6ad451a8..0508c557 100644 --- a/puppet/services/certmonger-user.yaml +++ b/puppet/services/certmonger-user.yaml @@ -26,11 +26,28 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + EnableInternalTLS: + type: boolean + default: false + DefaultCRLURL: + default: 'http://ipa-ca/ipa/crl/MasterCRL.bin' + description: URI where to get the CRL to be configured in the nodes. + type: string + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} outputs: role_data: description: Role data for the certmonger-user service value: service_name: certmonger_user + config_settings: + tripleo::certmonger::ca::crl::crl_source: + if: + - internal_tls_enabled + - {get_param: DefaultCRLURL} + - null step_config: | include ::tripleo::profile::base::certmonger_user diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index 2ba5aa52..f7dfe5e1 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -12,6 +12,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + CinderDebug: + default: '' + description: Set to True to enable debugging on Cinder services. + type: string ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -93,6 +97,9 @@ parameters: Cron to move deleted instances to another table - Log destination default: '/var/log/cinder/cinder-rowsflush.log' +conditions: + service_debug_unset: {equals : [{get_param: CinderDebug}, '']} + outputs: role_data: description: Role data for the Cinder base service. @@ -109,7 +116,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - cinder::debug: {get_param: Debug} + cinder::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: CinderDebug } cinder::rabbit_use_ssl: {get_param: RabbitClientUseSSL} cinder::rabbit_userid: {get_param: RabbitUserName} cinder::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 8fbcd99d..5bca94d7 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -33,6 +33,10 @@ parameters: Debug: type: string default: '' + CongressDebug: + default: '' + description: Set to True to enable debugging Glance service. + type: string KeystoneRegion: type: string default: 'regionOne' @@ -62,6 +66,9 @@ parameters: default: {} type: json +conditions: + service_debug_unset: {equals : [{get_param: CongressDebug}, '']} + outputs: role_data: description: Role data for the Congress role. @@ -79,7 +86,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - congress::debug: {get_param: Debug} + congress::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: CongressDebug } congress::rpc_backend: rabbit congress::rabbit_userid: {get_param: RabbitUserName} congress::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/disabled/ceilometer-expirer-disabled.yaml b/puppet/services/disabled/ceilometer-expirer-disabled.yaml index 9b7b47ef..7be394b6 100644 --- a/puppet/services/disabled/ceilometer-expirer-disabled.yaml +++ b/puppet/services/disabled/ceilometer-expirer-disabled.yaml @@ -27,24 +27,12 @@ parameters: via parameter_defaults in the resource registry. type: json -resources: - CeilometerServiceBase: - type: ../ceilometer-base.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - outputs: role_data: description: Role data for the disabling Ceilometer Expirer role. value: service_name: ceilometer_expirer_disabled - config_settings: - map_merge: - - get_attr: [CeilometerServiceBase, role_data, config_settings] - - ceilometer::expirer::enable_cron: false - step_config: | - include ::tripleo::profile::base::ceilometer::expirer + upgrade_tasks: + - name: Remove ceilometer expirer cron tab on upgrade + tags: step1 + shell: '/usr/bin/crontab -u ceilometer -r' diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 28151744..7812c8e2 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -30,6 +30,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + GlanceDebug: + default: '' + description: Set to True to enable debugging Glance service. + type: string GlancePassword: description: The password for the glance service and db account, used by the glance services. type: string @@ -59,10 +63,6 @@ parameters: CephClientUserName: default: openstack type: string - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string GlanceNotifierStrategy: description: Strategy to use for Glance notification queue type: string @@ -128,6 +128,7 @@ parameters: conditions: use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']} + service_debug_unset: {equals : [{get_param: GlanceDebug}, '']} resources: @@ -170,7 +171,11 @@ outputs: glance::api::enable_v2_api: true glance::api::authtoken::password: {get_param: GlancePassword} glance::api::enable_proxy_headers_parsing: true - glance::api::debug: {get_param: Debug} + glance::api::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: GlanceDebug } glance::policy::policies: {get_param: GlanceApiPolicies} tripleo.glance_api.firewall_rules: '112 glance_api': diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index d62c349e..f4067ef6 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -31,7 +31,7 @@ parameters: description: The short name of the Gnocchi indexer backend to use. type: string MetricProcessingDelay: - default: 60 + default: 30 description: Delay between processing metrics. type: number GnocchiPassword: @@ -52,6 +52,13 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + GnocchiDebug: + default: '' + description: Set to True to enable debugging Gnocchi services. + type: string + +conditions: + service_debug_unset: {equals : [{get_param: GnocchiDebug}, '']} outputs: aux_parameters: @@ -65,7 +72,11 @@ outputs: config_settings: #Gnocchi engine gnocchi_redis_password: {get_param: RedisPassword} - gnocchi::debug: {get_param: Debug} + gnocchi::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: GnocchiDebug } gnocchi::db::database_connection: make_url: scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} @@ -76,7 +87,7 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - gnocchi::db::sync::extra_opts: '--skip-storage' + gnocchi::db::sync::extra_opts: '' gnocchi::storage::metric_processing_delay: {get_param: MetricProcessingDelay} gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 3 diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index a71491c0..619cf131 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -50,6 +50,11 @@ parameters: type: string description: Specifies the default CA cert to use if TLS is used for services in the internal network. + InternalTLSCRLPEMFile: + default: '/etc/pki/CA/crl/overcloud-crl.pem' + type: string + description: Specifies the default CRL PEM file to use for revocation if + TLS is used for services in the internal network. resources: @@ -89,6 +94,7 @@ outputs: tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword} tripleo::haproxy::redis_password: {get_param: RedisPassword} tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile} + tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile} tripleo::profile::base::haproxy::certificates_specs: map_merge: - get_attr: [HAProxyPublicTLS, role_data, certificates_specs] diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index dfd823db..d89fe46a 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -8,6 +8,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + HeatDebug: + default: '' + description: Set to True to enable debugging Heat services. + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -112,6 +116,9 @@ parameters: description: Maximum raw byte size of the Heat API JSON request body. type: number +conditions: + service_debug_unset: {equals : [{get_param: HeatDebug}, '']} + outputs: role_data: description: Shared role data for the Heat services. @@ -122,7 +129,11 @@ outputs: heat::rabbit_password: {get_param: RabbitPassword} heat::rabbit_use_ssl: {get_param: RabbitClientUseSSL} heat::rabbit_port: {get_param: RabbitClientPort} - heat::debug: {get_param: Debug} + heat::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: HeatDebug } heat::enable_proxy_headers_parsing: true heat::rpc_response_timeout: 600 # We need this because the default heat policy.json no longer works on TripleO diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 562afe16..93bced8b 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -14,6 +14,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + HorizonDebug: + default: false + description: Set to True to enable debugging Horizon service. + type: string DefaultPasswords: default: {} type: json @@ -62,7 +66,7 @@ parameters: conditions: - debug_empty: {equals : [{get_param: Debug}, '']} + debug_unset: {equals : [{get_param: Debug}, '']} outputs: role_data: @@ -104,9 +108,9 @@ outputs: memcached_ipv6: {get_param: MemcachedIPv6} - if: - - debug_empty - - {} - - horizon::django_debug: {get_param: Debug} + - debug_unset + - horizon::django_debug: { get_param: HorizonDebug } + - horizon::django_debug: { get_param: Debug } step_config: | include ::tripleo::profile::base::horizon # Ansible tasks to handle upgrade diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index da485161..41d6cedc 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -30,6 +30,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + IronicDebug: + default: '' + description: Set to True to enable debugging Ironic services. + type: string IronicPassword: description: The password for the Ironic service and db account, used by the Ironic services type: string @@ -53,6 +57,9 @@ parameters: an SSL connection to the RabbitMQ host. type: string +conditions: + service_debug_unset: {equals : [{get_param: IronicDebug}, '']} + outputs: role_data: description: Role data for the Ironic role. @@ -69,7 +76,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - ironic::debug: {get_param: Debug} + ironic::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: IronicDebug } ironic::rabbit_userid: {get_param: RabbitUserName} ironic::rabbit_password: {get_param: RabbitPassword} ironic::rabbit_port: {get_param: RabbitClientPort} diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index b1676715..0e8c8e12 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -164,6 +164,12 @@ outputs: ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]} ironic::pxe::common::http_port: {get_param: IronicIPXEPort} # Credentials to access other services + ironic::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + ironic::cinder::username: 'ironic' + ironic::cinder::password: {get_param: IronicPassword} + ironic::cinder::project_name: 'service' + ironic::cinder::user_domain_name: 'Default' + ironic::cinder::project_domain_name: 'Default' ironic::glance::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} ironic::glance::username: 'ironic' ironic::glance::password: {get_param: IronicPassword} diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 7262e478..f3a9cbc4 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -63,6 +63,10 @@ parameters: Debug: type: string default: '' + KeystoneDebug: + default: '' + description: Set to True to enable debugging Keystone service. + type: string AdminEmail: default: 'admin@example.com' description: The email for the keystone admin account. @@ -198,6 +202,7 @@ resources: conditions: keystone_fernet_tokens: {equals: [{get_param: KeystoneTokenProvider}, "fernet"]} keystone_ldap_domain_enabled: {equals: [{get_param: KeystoneLDAPDomainEnable}, True]} + service_debug_unset: {equals : [{get_param: KeystoneDebug}, '']} outputs: role_data: @@ -242,7 +247,11 @@ outputs: '/etc/keystone/fernet-keys/1': content: {get_param: KeystoneFernetKey1} keystone::fernet_replace_keys: false - keystone::debug: {get_param: Debug} + keystone::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: KeystoneDebug } keystone::rabbit_userid: {get_param: RabbitUserName} keystone::rabbit_password: {get_param: RabbitPassword} keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index a299fffa..d0ee2125 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -30,6 +30,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + ManilaDebug: + default: '' + description: Set to True to enable debugging Manila services. + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -53,6 +57,9 @@ parameters: type: string hidden: true +conditions: + service_debug_unset: {equals : [{get_param: ManilaDebug}, '']} + outputs: role_data: description: Role data for the Manila Base service. @@ -63,7 +70,11 @@ outputs: manila::rabbit_password: {get_param: RabbitPassword} manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL} manila::rabbit_port: {get_param: RabbitClientPort} - manila::debug: {get_param: Debug} + manila::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: ManilaDebug } manila::db::database_db_max_retries: -1 manila::db::database_max_retries: -1 manila::sql_connection: diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml index 2e708650..8b3655dd 100644 --- a/puppet/services/mistral-base.yaml +++ b/puppet/services/mistral-base.yaml @@ -31,6 +31,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + MistralDebug: + default: '' + description: Set to True to enable debugging Mistral services. + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -58,6 +62,9 @@ parameters: default: 'regionOne' description: Keystone region for endpoint +conditions: + service_debug_unset: {equals : [{get_param: MistralDebug}, '']} + outputs: role_data: description: Shared role data for the Mistral services. @@ -78,7 +85,11 @@ outputs: mistral::rabbit_password: {get_param: RabbitPassword} mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL} mistral::rabbit_port: {get_param: RabbitClientPort} - mistral::debug: {get_param: Debug} + mistral::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: MistralDebug } mistral::keystone_password: {get_param: MistralPassword} mistral::keystone_tenant: 'service' mistral::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 57581b58..3c7518b3 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -50,6 +50,10 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + NeutronDebug: + default: '' + description: Set to True to enable debugging Neutron services. + type: string EnableConfigPurge: type: boolean default: false @@ -90,6 +94,7 @@ parameters: conditions: dhcp_agents_zero: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]} + service_debug_unset: {equals : [{get_param: NeutronDebug}, '']} outputs: role_data: @@ -104,7 +109,11 @@ outputs: neutron::rabbit_port: {get_param: RabbitClientPort} neutron::core_plugin: {get_param: NeutronCorePlugin} neutron::service_plugins: {get_param: NeutronServicePlugins} - neutron::debug: {get_param: Debug} + neutron::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: NeutronDebug } neutron::purge_config: {get_param: EnableConfigPurge} neutron::allow_overlapping_ips: true neutron::dns_domain: {get_param: NeutronDnsDomain} diff --git a/puppet/services/neutron-linuxbridge-agent.yaml b/puppet/services/neutron-linuxbridge-agent.yaml new file mode 100644 index 00000000..f4324054 --- /dev/null +++ b/puppet/services/neutron-linuxbridge-agent.yaml @@ -0,0 +1,83 @@ +heat_template_version: ocata + +description: > + OpenStack Neutron Linuxbridge agent configured with Puppet. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + PhysicalInterfaceMapping: + description: List of <physical_network>:<physical_interface> tuples + mapping physical network names to agent's node-specific + physical network interfaces. Defaults to empty list. + type: comma_delimited_list + default: '' + NeutronLinuxbridgeFirewallDriver: + default: '' + description: Configure the classname of the firewall driver to use for + implementing security groups. Possible values depend on + system configuration. The default value of an empty string + will result in a default supported configuration. + type: string + NeutronEnableL2Pop: + type: string + description: Enable/disable the L2 population feature in the Neutron agents. + default: 'False' + NeutronTunnelTypes: + default: 'vxlan' + description: The tunnel types for the Neutron tenant network. + type: comma_delimited_list + +conditions: + no_firewall_driver: {equals : [{get_param: NeutronLinuxbridgeFirewallDriver}, '']} + +resources: + + NeutronBase: + type: ./neutron-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Neutron Linuxbridge agent service. + value: + service_name: neutron_linuxbridge_agent + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::ml2::linuxbridge::physical_interface_mappings: {get_param: PhysicalInterfaceMapping} + neutron::agents::ml2::linuxbridge::l2_population: {get_param: NeutronEnableL2Pop} + neutron::agents::ml2::linuxbridge::tunnel_types: {get_param: NeutronTunnelTypes} + neutron::agents::ml2::linuxbridge::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} + neutron::agents::dhcp::interface_driver: 'neutron.agent.linux.interface.BridgeInterfaceDriver' + neutron::agents::dhcp::dhcp_driver: 'neutron.agent.linux.dhcp.Dnsmasq' + - + if: + - no_firewall_driver + - {} + - neutron::agents::ml2::linuxbridge::firewall_driver: {get_param: NeutronLinuxbridgeFirewallDriver} + step_config: | + include ::tripleo::profile::base::neutron::linuxbridge diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index fec9e2a1..29c10469 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -27,17 +27,17 @@ parameters: via parameter_defaults in the resource registry. type: json HostCpusList: - default: "'0'" + default: "0" description: List of cores to be used for host process type: string constraints: - - allowed_pattern: "'[0-9,-]+'" + - allowed_pattern: "[0-9,-]+" NeutronDpdkCoreList: - default: "''" + default: "" description: List of cores to be used for DPDK Poll Mode Driver type: string constraints: - - allowed_pattern: "'[0-9,-]*'" + - allowed_pattern: "[0-9,-]*" NeutronDpdkMemoryChannels: default: "" description: Number of memory channels to be used for DPDK diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index ea21af8a..ea584932 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -68,6 +68,10 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + NovaDebug: + default: '' + description: Set to True to enable debugging Nova services. + type: string EnableConfigPurge: type: boolean default: false @@ -136,6 +140,7 @@ parameters: conditions: compute_upgrade_level_empty: {equals : [{get_param: UpgradeLevelNovaCompute}, '']} + service_debug_unset: {equals : [{get_param: NovaDebug}, '']} outputs: role_data: @@ -193,7 +198,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - nova::debug: {get_param: Debug} + nova::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: NovaDebug } nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' nova::network::neutron::neutron_username: 'neutron' diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index e39e997a..68a71e42 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -105,6 +105,22 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + # Merging role-specific parameters (RoleParameters) with the default parameters. + # RoleParameters will have the precedence over the default parameters. + RoleParametersValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - map_replace: + - nova::compute::vcpu_pin_set: NovaVcpuPinSet + nova::compute::reserved_host_memory: NovaReservedHostMemory + - values: {get_param: [RoleParameters]} + - values: + NovaVcpuPinSet: {get_param: NovaVcpuPinSet} + NovaReservedHostMemory: {get_param: NovaReservedHostMemory} + outputs: role_data: description: Role data for the Nova Compute service. @@ -117,14 +133,18 @@ outputs: config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] + - get_attr: [RoleParametersValue, value] - nova::compute::libvirt::manage_libvirt_services: false nova::compute::pci_passthrough: str_replace: template: "JSON_PARAM" params: - JSON_PARAM: {get_param: NovaPCIPassthrough} - nova::compute::vcpu_pin_set: {get_param: NovaVcpuPinSet} - nova::compute::reserved_host_memory: {get_param: NovaReservedHostMemory} + map_replace: + - map_replace: + - JSON_PARAM: NovaPCIPassthrough + - values: {get_param: [RoleParameters]} + - values: + NovaPCIPassthrough: {get_param: NovaPCIPassthrough} # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false tripleo::profile::base::nova::manage_migration: true diff --git a/puppet/services/octavia-base.yaml b/puppet/services/octavia-base.yaml index 19dc5b47..0809b3e4 100644 --- a/puppet/services/octavia-base.yaml +++ b/puppet/services/octavia-base.yaml @@ -30,6 +30,10 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + OctaviaDebug: + default: '' + description: Set to True to enable debugging Octavia services. + type: string EnableConfigPurge: type: boolean default: false @@ -55,13 +59,20 @@ parameters: description: Set rabbit subscriber port, change this if using SSL type: number +conditions: + service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']} + outputs: role_data: description: Base role data for Octavia services value: service_name: octavia_base config_settings: - octavia::debug: {get_param: Debug} + octavia::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: OctaviaDebug } octavia::purge_config: {get_param: EnableConfigPurge} octavia::rabbit_use_ssl: {get_param: RabbitClientUseSSL} octavia::rabbit_userid: {get_param: RabbitUserName} diff --git a/puppet/services/pacemaker_remote.yaml b/puppet/services/pacemaker_remote.yaml index 74aaf599..c49b0848 100644 --- a/puppet/services/pacemaker_remote.yaml +++ b/puppet/services/pacemaker_remote.yaml @@ -34,6 +34,42 @@ parameters: MonitoringSubscriptionPacemakerRemote: default: 'overcloud-pacemaker_remote' type: string + EnableFencing: + default: false + description: Whether to enable fencing in Pacemaker or not. + type: boolean + FencingConfig: + default: {} + description: | + Pacemaker fencing configuration. The JSON should have + the following structure: + { + "devices": [ + { + "agent": "AGENT_NAME", + "host_mac": "HOST_MAC_ADDRESS", + "params": {"PARAM_NAME": "PARAM_VALUE"} + } + ] + } + For instance: + { + "devices": [ + { + "agent": "fence_xvm", + "host_mac": "52:54:00:aa:bb:cc", + "params": { + "multicast_address": "225.0.0.12", + "port": "baremetal_0", + "manage_fw": true, + "manage_key_file": true, + "key_file": "/etc/fence_xvm.key", + "key_file_password": "abcdef" + } + } + ] + } + type: json PacemakerRemoteLoggingSource: type: json default: @@ -60,6 +96,8 @@ outputs: proto: 'tcp' dport: - 3121 + tripleo::fencing::config: {get_param: FencingConfig} + enable_fencing: {get_param: EnableFencing} tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey} step_config: | include ::tripleo::profile::base::pacemaker_remote diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml index 84817bcf..a94d4ea5 100644 --- a/puppet/services/panko-base.yaml +++ b/puppet/services/panko-base.yaml @@ -34,11 +34,18 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + PankoDebug: + default: '' + description: Set to True to enable debugging Panko services. + type: string KeystoneRegion: type: string default: 'regionOne' description: Keystone region for endpoint +conditions: + service_debug_unset: {equals : [{get_param: PankoDebug}, '']} + outputs: role_data: description: Role data for the Panko role. @@ -55,7 +62,11 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - panko::debug: {get_param: Debug} + panko::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: PankoDebug } panko::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } panko::keystone::authtoken::project_name: 'service' panko::keystone::authtoken::user_domain_name: 'Default' diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index 1ee6d175..c294e744 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -52,11 +52,18 @@ parameters: type: string default: '' description: Set to True to enable debugging on all services. + SaharaDebug: + default: '' + description: Set to True to enable debugging Sahara services. + type: string SaharaPlugins: default: ["ambari","cdh","mapr","vanilla","spark","storm"] description: Sahara enabled plugin list type: comma_delimited_list +conditions: + service_debug_unset: {equals : [{get_param: SaharaDebug}, '']} + outputs: role_data: description: Role data for the Sahara base service. @@ -77,7 +84,11 @@ outputs: sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} sahara::rabbit_port: {get_param: RabbitClientPort} - sahara::debug: {get_param: Debug} + sahara::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: SaharaDebug } # Remove admin_password when https://review.openstack.org/442619 is merged. sahara::admin_password: {get_param: SaharaPassword} sahara::use_neutron: true diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index e121feb3..5ced8c3c 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -33,6 +33,10 @@ parameters: Debug: type: string default: '' + TackerDebug: + default: '' + description: Set to True to enable debugging Tacker service. + type: string KeystoneRegion: type: string default: 'regionOne' @@ -62,6 +66,9 @@ parameters: default: {} type: json +conditions: + service_debug_unset: {equals : [{get_param: TackerDebug}, '']} + outputs: role_data: description: Role data for the Tacker role. @@ -80,7 +87,11 @@ outputs: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo - tacker::debug: {get_param: Debug} + tacker::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: TackerDebug } tacker::rpc_backend: rabbit tacker::rabbit_userid: {get_param: RabbitUserName} tacker::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index 6bc296a3..416d86df 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -30,6 +30,10 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string + ZaqarDebug: + default: '' + description: Set to True to enable debugging Zaqar service. + type: string ZaqarPassword: description: The password for Zaqar type: string @@ -54,6 +58,7 @@ parameters: conditions: zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]} + service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']} resources: @@ -78,7 +83,11 @@ outputs: zaqar::keystone::authtoken::project_name: 'service' zaqar::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} zaqar::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - zaqar::debug: {get_param: Debug} + zaqar::debug: + if: + - service_debug_unset + - {get_param: Debug } + - {get_param: ZaqarDebug } zaqar::server::service_name: 'httpd' zaqar::transport::websocket::bind: {get_param: [EndpointMap, ZaqarInternal, host]} zaqar::wsgi::apache::ssl: false diff --git a/releasenotes/notes/debug_per_service-54a260917c4a7e3a.yaml b/releasenotes/notes/debug_per_service-54a260917c4a7e3a.yaml new file mode 100644 index 00000000..da9af4a3 --- /dev/null +++ b/releasenotes/notes/debug_per_service-54a260917c4a7e3a.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + Allow to configure debug per service. + The feature is backward compatible with existing Debug parameter. + Adding a new parameter per service, e.g. GlanceDebug. Set to False, + it will disable debug for the service, even if Debug is set to True. + If Debug is set to False but GlanceDebug is set to True, Glance debug + will be enabled. diff --git a/releasenotes/notes/derive-params-custom-plan-env-3a810ff58a68e0ad.yaml b/releasenotes/notes/derive-params-custom-plan-env-3a810ff58a68e0ad.yaml new file mode 100644 index 00000000..d8fcbfec --- /dev/null +++ b/releasenotes/notes/derive-params-custom-plan-env-3a810ff58a68e0ad.yaml @@ -0,0 +1,4 @@ +--- +features: + - Added a custom plan-environment file for providing workflow specific + inputs for the derived parameters workflow. diff --git a/releasenotes/notes/example-roles-d27c748090f6a154.yaml b/releasenotes/notes/example-roles-d27c748090f6a154.yaml new file mode 100644 index 00000000..e27674da --- /dev/null +++ b/releasenotes/notes/example-roles-d27c748090f6a154.yaml @@ -0,0 +1,6 @@ +--- +features: + - | + A set of example roles has been created in the roles folder in + tripleo-heat-templates. Management of services for roles should occur + in these role files rather than in roles_data.yaml. diff --git a/releasenotes/notes/remove-ceilometer-cron-85362e197ba245a0.yaml b/releasenotes/notes/remove-ceilometer-cron-85362e197ba245a0.yaml new file mode 100644 index 00000000..7854fa5c --- /dev/null +++ b/releasenotes/notes/remove-ceilometer-cron-85362e197ba245a0.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - Ceilometer expirer is deprecated in pike. During upgrade, the crontab thats + configured with ceilometer user will be removed to ensure the expirer + script is not running. diff --git a/releasenotes/notes/server-blacklist-support-370c1a1f15a28a41.yaml b/releasenotes/notes/server-blacklist-support-370c1a1f15a28a41.yaml new file mode 100644 index 00000000..7ab253b6 --- /dev/null +++ b/releasenotes/notes/server-blacklist-support-370c1a1f15a28a41.yaml @@ -0,0 +1,6 @@ +--- +features: + - Added the ability to blacklist servers by name from being + associated with any Heat triggered SoftwareDeployment + resources. The servers are specified in the new + DeploymentServerBlacklist parameter. diff --git a/releasenotes/notes/update-metric-delay-default-963d073026e2cc15.yaml b/releasenotes/notes/update-metric-delay-default-963d073026e2cc15.yaml new file mode 100644 index 00000000..d74e3a18 --- /dev/null +++ b/releasenotes/notes/update-metric-delay-default-963d073026e2cc15.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - Update the default metric processing delay to 30. This will help reduce + the metric backlog and wont load up the storage backend. diff --git a/releasenotes/notes/vhost_default_dir-cac327a0ac05df90.yaml b/releasenotes/notes/vhost_default_dir-cac327a0ac05df90.yaml new file mode 100644 index 00000000..b9ddaec4 --- /dev/null +++ b/releasenotes/notes/vhost_default_dir-cac327a0ac05df90.yaml @@ -0,0 +1,6 @@ +--- +issues: + - Modify ``NeutronVhostuserSocketDir`` to a seprate directory in the DPDK + environment file. A different set of permission is required for creating + vhost sockets when the vhost type is dpdkvhostuserclient (which is default + from ocata). diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py index ec158ceb..72b89b10 100644 --- a/releasenotes/source/conf.py +++ b/releasenotes/source/conf.py @@ -52,7 +52,7 @@ copyright = u'2017, TripleO Developers' # built documents. # # The full version, including alpha/beta/rc tags. -release = '7.0.0.0b1' +release = '7.0.0.0b2' # The short X.Y version. version = '7.0.0' diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml new file mode 100644 index 00000000..d242a5bb --- /dev/null +++ b/roles/BlockStorage.yaml @@ -0,0 +1,24 @@ +############################################################################### +# Role: BlockStorage # +############################################################################### +- name: BlockStorage + description: | + Cinder Block Storage node role + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BlockStorageCinderVolume + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages diff --git a/roles/CephStorage.yaml b/roles/CephStorage.yaml new file mode 100644 index 00000000..d3de6bae --- /dev/null +++ b/roles/CephStorage.yaml @@ -0,0 +1,24 @@ +############################################################################### +# Role: CephStorage # +############################################################################### +- name: CephStorage + description: | + Ceph OSD Storage node role + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages diff --git a/roles/Compute.yaml b/roles/Compute.yaml new file mode 100644 index 00000000..73ec6595 --- /dev/null +++ b/roles/Compute.yaml @@ -0,0 +1,40 @@ +############################################################################### +# Role: Compute # +############################################################################### +- name: Compute + description: | + Basic Compute Node role + CountDefault: 1 + HostnameFormatDefault: '%stackname%-novacompute-%index%' + disable_upgrade_deployment: True + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::NeutronSriovAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Vpp diff --git a/roles/Controller.yaml b/roles/Controller.yaml new file mode 100644 index 00000000..7511d4c0 --- /dev/null +++ b/roles/Controller.yaml @@ -0,0 +1,120 @@ +############################################################################### +# Role: Controller # +############################################################################### +- name: Controller + description: | + Controller role that has all the controler services loaded and handles + Database, Messaging and Network functions. + CountDefault: 1 + tags: + - primary + - controller + HostnameFormatDefault: '%stackname%-controller-%index%' + ServicesDefault: + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + # FIXME: This service was disabled in Pike and this entry should be removed + # in Queens. + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephMds + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephRbdMirror + - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackendDellPs + - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendNetApp + - OS::TripleO::Services::CinderBackendScaleIO + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderHPELeftHandISCSI + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Congress + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Ec2Api + - OS::TripleO::Services::Etcd + - OS::TripleO::Services::ExternalSwiftProxy + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronBgpVpnApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL2gwAgent + - OS::TripleO::Services::NeutronL2gwApi + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronML2FujitsuCfab + - OS::TripleO::Services::NeutronML2FujitsuFossw + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaVncProxy + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OctaviaApi + - OS::TripleO::Services::OctaviaHealthManager + - OS::TripleO::Services::OctaviaHousekeeping + - OS::TripleO::Services::OctaviaWorker + - OS::TripleO::Services::OpenDaylightApi + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::Redis + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Tacker + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Vpp + - OS::TripleO::Services::Zaqar diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml new file mode 100644 index 00000000..2d1702e8 --- /dev/null +++ b/roles/ControllerOpenstack.yaml @@ -0,0 +1,98 @@ +############################################################################### +# Role: ControllerOpenstack # +############################################################################### +- name: ControllerOpenstack + description: | + Controller role that does not contain the database, messaging and networking + components. Use in combination with the Database, Messaging and Networker + roles. + tags: + - primary + - controller + HostnameFormatDefault: '%stackname%-controller-%index%' + ServicesDefault: + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephMds + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephRbdMirror + - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderHPELeftHandISCSI + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Congress + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Ec2Api + - OS::TripleO::Services::Etcd + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaVncProxy + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OctaviaApi + - OS::TripleO::Services::OctaviaHealthManager + - OS::TripleO::Services::OctaviaHousekeeping + - OS::TripleO::Services::OctaviaWorker + - OS::TripleO::Services::OpenDaylightApi + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::Redis + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Tacker + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Vpp + - OS::TripleO::Services::Zaqar + diff --git a/roles/Database.yaml b/roles/Database.yaml new file mode 100644 index 00000000..3ef751a7 --- /dev/null +++ b/roles/Database.yaml @@ -0,0 +1,23 @@ +############################################################################### +# Role: Database # +############################################################################### +- name: Database + description: | + Standalone database role with the database being managed via Pacemaker + HostnameFormatDefault: '%stackname%-database-%index%' + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + diff --git a/roles/Messaging.yaml b/roles/Messaging.yaml new file mode 100644 index 00000000..cbef61ab --- /dev/null +++ b/roles/Messaging.yaml @@ -0,0 +1,22 @@ +############################################################################### +# Role: Messaging # +############################################################################### +- name: Messaging + description: | + Standalone messaging role with RabbitMQ being managed via Pacemaker + HostnameFormatDefault: '%stackname%-messaging-%index%' + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + diff --git a/roles/Networker.yaml b/roles/Networker.yaml new file mode 100644 index 00000000..b393fa7b --- /dev/null +++ b/roles/Networker.yaml @@ -0,0 +1,36 @@ +############################################################################### +# Role: Networker # +############################################################################### +- name: Networker + description: | + Standalone networking role to run Neutron services their own. Includes + Pacemaker integration via PacemakerRemote + HostnameFormatDefault: '%stackname%-networker-%index%' + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronBgpvpnApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL2gwAgent + - OS::TripleO::Services::NeutronL2gwApi + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronML2FujitsuCfab + - OS::TripleO::Services::NeutronML2FujitsuFossw + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::PacemakerRemote + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + diff --git a/roles/ObjectStorage.yaml b/roles/ObjectStorage.yaml new file mode 100644 index 00000000..3741ca66 --- /dev/null +++ b/roles/ObjectStorage.yaml @@ -0,0 +1,26 @@ +############################################################################### +# Role: ObjectStorage # +############################################################################### +- name: ObjectStorage + description: | + Swift Object Storage node role + disable_upgrade_deployment: True + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages diff --git a/roles/README.rst b/roles/README.rst new file mode 100644 index 00000000..6c742332 --- /dev/null +++ b/roles/README.rst @@ -0,0 +1,206 @@ +Roles +===== + +The yaml files in this directory can be combined into a single roles_data.yaml +and be used with TripleO to create custom deployments. + +Use tripleoclient to build your own custom roles_data.yaml for your +environment. + +roles_data.yaml +--------------- + +The roles_data.yaml specifies which roles (groups of nodes) will be deployed. +Note this file is used as an input the the various \*.j2.yaml jinja2 templates, +so that they are converted into \*.yaml during the plan creation. This occurs +via a mistral action/workflow. The file format of this file is a yaml list. + +Role YAML files +=============== + +Each role yaml file should contain only a single role. The filename should +match the role name. The name of the role is mandatory and must be unique. + +The role files in this folder should contain at least a role name and the +default list of services for the role. + +Role Options +------------ + +* CountDefault: (number) optional, default number of nodes, defaults to 0 + sets the default for the {{role.name}}Count parameter in overcloud.yaml + +* HostnameFormatDefault: (string) optional default format string for hostname + defaults to '%stackname%-{{role.name.lower()}}-%index%' + sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml + +* disable_constraints: (boolean) optional, whether to disable Nova and Glance + constraints for each role specified in the templates. + +* disable_upgrade_deployment: (boolean) optional, whether to run the + ansible upgrade steps for all services that are deployed on the role. If set + to True, the operator will drive the upgrade for this role's nodes. + +* upgrade_batch_size: (number): batch size for upgrades where tasks are + specified by services to run in batches vs all nodes at once. + This defaults to 1, but larger batches may be specified here. + +* ServicesDefault: (list) optional default list of services to be deployed + on the role, defaults to an empty list. Sets the default for the + {{role.name}}Services parameter in overcloud.yaml + +* tags: (list) list of tags used by other parts of the deployment process to + find the role for a specific type of functionality. Currently a role + with both 'primary' and 'controller' is used as the primary role for the + deployment process. If no roles have have 'primary' and 'controller', the + first role in this file is used as the primary role. + +* description: (string) as few sentences describing the role and information + pertaining to the usage of the role. + +Working with Roles +================== +The tripleoclient provides a series of commands that can be used to view +roles and generate a roles_data.yaml file for deployment. + +Listing Available Roles +----------------------- +The ``openstack overcloud role list`` command can be used to view the list +of roles provided by tripleo-heat-templates. + +Usage +^^^^^ +.. code-block:: + + usage: openstack overcloud role list [-h] [--roles-path <roles directory>] + + List availables roles + + optional arguments: + -h, --help show this help message and exit + --roles-path <roles directory> + Filesystem path containing the role yaml files. By + default this is /usr/share/openstack-tripleo-heat- + templates/roles + +Example +^^^^^^^ +.. code-block:: + + [user@host ~]$ openstack overcloud role list + BlockStorage + CephStorage + Compute + Controller + ControllerOpenstack + Database + Messaging + Networker + ObjectStorage + Telemetry + Undercloud + +Viewing Role Details +-------------------- +The ``openstack overcloud role show`` command can be used as a quick way to +view some of the information about a role. + +Usage +^^^^^ +.. code-block:: + + usage: openstack overcloud role show [-h] [--roles-path <roles directory>] + <role> + + Show information about a given role + + positional arguments: + <role> Role to display more information about. + + optional arguments: + -h, --help show this help message and exit + --roles-path <roles directory> + Filesystem path containing the role yaml files. By + default this is /usr/share/openstack-tripleo-heat- + templates/roles + +Example +^^^^^^^ +.. code-block:: + + [user@host ~]$ openstack overcloud role show Compute + ############################################################################### + # Role Data for 'Compute' + ############################################################################### + HostnameFormatDefault: '%stackname%-novacompute-%index%' + ServicesDefault: + * OS::TripleO::Services::AuditD + * OS::TripleO::Services::CACerts + * OS::TripleO::Services::CephClient + * OS::TripleO::Services::CephExternal + * OS::TripleO::Services::CertmongerUser + * OS::TripleO::Services::Collectd + * OS::TripleO::Services::ComputeCeilometerAgent + * OS::TripleO::Services::ComputeNeutronCorePlugin + * OS::TripleO::Services::ComputeNeutronL3Agent + * OS::TripleO::Services::ComputeNeutronMetadataAgent + * OS::TripleO::Services::ComputeNeutronOvsAgent + * OS::TripleO::Services::Docker + * OS::TripleO::Services::FluentdClient + * OS::TripleO::Services::Kernel + * OS::TripleO::Services::MySQLClient + * OS::TripleO::Services::NeutronSriovAgent + * OS::TripleO::Services::NeutronVppAgent + * OS::TripleO::Services::NovaCompute + * OS::TripleO::Services::NovaLibvirt + * OS::TripleO::Services::Ntp + * OS::TripleO::Services::OpenDaylightOvs + * OS::TripleO::Services::Securetty + * OS::TripleO::Services::SensuClient + * OS::TripleO::Services::Snmp + * OS::TripleO::Services::Sshd + * OS::TripleO::Services::Timezone + * OS::TripleO::Services::TripleoFirewall + * OS::TripleO::Services::TripleoPackages + * OS::TripleO::Services::Vpp + name: 'Compute' + +Generate roles_data.yaml +------------------------ +The ``openstack overcloud roles generate`` command can be used to generate +a roles_data.yaml file for deployments. + +Usage +^^^^^ +.. code-block:: + + usage: openstack overcloud roles generate [-h] + [--roles-path <roles directory>] + [-o <output file>] + <role> [<role> ...] + + Generate roles_data.yaml file + + positional arguments: + <role> List of roles to use to generate the roles_data.yaml + file for the deployment. NOTE: Ordering is important + if no role has the "primary" and "controller" tags. If + no role is tagged then the first role listed will be + considered the primary role. This usually is the + controller role. + + optional arguments: + -h, --help show this help message and exit + --roles-path <roles directory> + Filesystem path containing the role yaml files. By + default this is /usr/share/openstack-tripleo-heat- + templates/roles + -o <output file>, --output-file <output file> + File to capture all output to. For example, + roles_data.yaml + +Example +^^^^^^^ +.. code-block:: + + [user@host ~]$ openstack overcloud roles generate -o roles_data.yaml Controller Compute BlockStorage ObjectStorage CephStorage diff --git a/roles/Telemetry.yaml b/roles/Telemetry.yaml new file mode 100644 index 00000000..0f60364b --- /dev/null +++ b/roles/Telemetry.yaml @@ -0,0 +1,30 @@ +############################################################################### +# Role: Telemetry # +############################################################################### +- name: Telemetry + description: | + Telemetry role that has all the telemetry services. + HostnameFormatDefault: '%stackname%-telemetry-%index%' + ServicesDefault: + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::Redis + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml new file mode 100644 index 00000000..0a9bcadf --- /dev/null +++ b/roles/Undercloud.yaml @@ -0,0 +1,55 @@ +############################################################################### +# Role: Undercloud # +############################################################################### +- name: Undercloud + description: | + EXPERIMENTAL. A role to deploy the undercloud via heat using the 'openstack + undercloud deploy' command. + CountDefault: 1 + disable_constraints: True + tags: + - primary + - controller + ServicesDefault: + - OS::TripleO::Services::Apache + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::IronicPxe + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MistralApi + - OS::TripleO::Services::MistralEngine + - OS::TripleO::Services::MistralExecutor + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::UndercloudAodhApi + - OS::TripleO::Services::UndercloudAodhEvaluator + - OS::TripleO::Services::UndercloudAodhListener + - OS::TripleO::Services::UndercloudAodhNotifier + - OS::TripleO::Services::UndercloudCeilometerAgentCentral + - OS::TripleO::Services::UndercloudCeilometerAgentNotification + - OS::TripleO::Services::UndercloudGnocchiApi + - OS::TripleO::Services::UndercloudGnocchiMetricd + - OS::TripleO::Services::UndercloudGnocchiStatsd + - OS::TripleO::Services::UndercloudPankoApi + - OS::TripleO::Services::Zaqar diff --git a/roles_data.yaml b/roles_data.yaml index 68d0b9e2..c536e834 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -1,246 +1,237 @@ -# Specifies which roles (groups of nodes) will be deployed -# Note this is used as an input to the various *.j2.yaml -# jinja2 templates, so that they are converted into *.yaml -# during the plan creation (via a mistral action/workflow). -# -# The format is a list, with the following format: -# -# * name: (string) mandatory, name of the role, must be unique -# -# CountDefault: (number) optional, default number of nodes, defaults to 0 -# sets the default for the {{role.name}}Count parameter in overcloud.yaml -# -# HostnameFormatDefault: (string) optional default format string for hostname -# defaults to '%stackname%-{{role.name.lower()}}-%index%' -# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml -# -# disable_constraints: (boolean) optional, whether to disable Nova and Glance -# constraints for each role specified in the templates. -# -# disable_upgrade_deployment: (boolean) optional, whether to run the -# ansible upgrade steps for all services that are deployed on the role. If set -# to True, the operator will drive the upgrade for this role's nodes. -# -# upgrade_batch_size: (number): batch size for upgrades where tasks are -# specified by services to run in batches vs all nodes at once. -# This defaults to 1, but larger batches may be specified here. -# -# ServicesDefault: (list) optional default list of services to be deployed -# on the role, defaults to an empty list. Sets the default for the -# {{role.name}}Services parameter in overcloud.yaml -# -# tags: (list) list of tags used by other parts of the deployment process to -# find the role for a specific type of functionality. Currently a role -# with both 'primary' and 'controller' is used as the primary role for the -# deployment process. If no roles have have 'primary' and 'controller', the -# first role in this file is used as the primary role. -# +############################################################################### +# File generated by tripleoclient +############################################################################### +############################################################################### +# Role: Controller # +############################################################################### - name: Controller + description: | + Controller role that has all the controler services loaded and handles + Database, Messaging and Network functions. CountDefault: 1 tags: - primary - controller + HostnameFormatDefault: '%stackname%-controller-%index%' ServicesDefault: + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BarbicanApi - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + # FIXME: This service was disabled in Pike and this entry should be removed + # in Queens. + - OS::TripleO::Services::CeilometerExpirer + - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephMds - OS::TripleO::Services::CephMon - - OS::TripleO::Services::CephExternal - OS::TripleO::Services::CephRbdMirror - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CinderApi - - OS::TripleO::Services::CinderBackup - - OS::TripleO::Services::CinderScheduler - - OS::TripleO::Services::CinderVolume - OS::TripleO::Services::CinderBackendDellPs - OS::TripleO::Services::CinderBackendDellSc - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderHPELeftHandISCSI + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Collectd - OS::TripleO::Services::Congress - - OS::TripleO::Services::Kernel - - OS::TripleO::Services::Keystone + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Ec2Api + - OS::TripleO::Services::Etcd + - OS::TripleO::Services::ExternalSwiftProxy + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::HAproxy - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronApi - OS::TripleO::Services::NeutronBgpVpnApi + - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL2gwAgent - OS::TripleO::Services::NeutronL2gwApi - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronLinuxbridgeAgent - OS::TripleO::Services::NeutronMetadataAgent - - OS::TripleO::Services::NeutronApi - - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronML2FujitsuCfab + - OS::TripleO::Services::NeutronML2FujitsuFossw - OS::TripleO::Services::NeutronOvsAgent - - OS::TripleO::Services::NeutronL2gwAgent - - OS::TripleO::Services::RabbitMQ - - OS::TripleO::Services::HAproxy - - OS::TripleO::Services::Keepalived - - OS::TripleO::Services::Memcached - - OS::TripleO::Services::Pacemaker - - OS::TripleO::Services::Redis - - OS::TripleO::Services::NovaConductor - - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::NovaApi - - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaIronic - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaScheduler - - OS::TripleO::Services::NovaConsoleauth - OS::TripleO::Services::NovaVncProxy - - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::ExternalSwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - - OS::TripleO::Services::Snmp - - OS::TripleO::Services::Sshd - - OS::TripleO::Services::Securetty - - OS::TripleO::Services::Timezone - # FIXME: This service was disabled in Pike and this entry should be removed - # in Queens. - - OS::TripleO::Services::CeilometerExpirer - - OS::TripleO::Services::CeilometerAgentCentral - - OS::TripleO::Services::CeilometerAgentNotification - - OS::TripleO::Services::Horizon - - OS::TripleO::Services::GnocchiApi - - OS::TripleO::Services::GnocchiMetricd - - OS::TripleO::Services::GnocchiStatsd - - OS::TripleO::Services::ManilaApi - - OS::TripleO::Services::ManilaScheduler - - OS::TripleO::Services::ManilaBackendGeneric - - OS::TripleO::Services::ManilaBackendNetapp - - OS::TripleO::Services::ManilaBackendCephFs - - OS::TripleO::Services::ManilaShare - - OS::TripleO::Services::AodhApi - - OS::TripleO::Services::AodhEvaluator - - OS::TripleO::Services::AodhNotifier - - OS::TripleO::Services::AodhListener - - OS::TripleO::Services::SaharaApi - - OS::TripleO::Services::SaharaEngine - - OS::TripleO::Services::IronicApi - - OS::TripleO::Services::IronicConductor - - OS::TripleO::Services::NovaIronic - - OS::TripleO::Services::TripleoPackages - - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::OpenDaylightApi - - OS::TripleO::Services::OpenDaylightOvs - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::Collectd - - OS::TripleO::Services::BarbicanApi - - OS::TripleO::Services::PankoApi - - OS::TripleO::Services::Tacker - - OS::TripleO::Services::Zaqar - - OS::TripleO::Services::OVNDBs - - OS::TripleO::Services::NeutronML2FujitsuCfab - - OS::TripleO::Services::NeutronML2FujitsuFossw - - OS::TripleO::Services::CinderHPELeftHandISCSI - - OS::TripleO::Services::Etcd - - OS::TripleO::Services::AuditD - OS::TripleO::Services::OctaviaApi - OS::TripleO::Services::OctaviaHealthManager - OS::TripleO::Services::OctaviaHousekeeping - OS::TripleO::Services::OctaviaWorker + - OS::TripleO::Services::OpenDaylightApi + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::Redis + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Tacker + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Vpp - - OS::TripleO::Services::NeutronVppAgent - - OS::TripleO::Services::Docker - + - OS::TripleO::Services::Zaqar +############################################################################### +# Role: Compute # +############################################################################### - name: Compute + description: | + Basic Compute Node role CountDefault: 1 HostnameFormatDefault: '%stackname%-novacompute-%index%' disable_upgrade_deployment: True ServicesDefault: + - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephClient - OS::TripleO::Services::CephExternal - - OS::TripleO::Services::Timezone - - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - - OS::TripleO::Services::Sshd - - OS::TripleO::Services::Securetty - - OS::TripleO::Services::NovaCompute - - OS::TripleO::Services::NovaLibvirt - - OS::TripleO::Services::Kernel - - OS::TripleO::Services::ComputeNeutronCorePlugin - - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronL3Agent - OS::TripleO::Services::ComputeNeutronMetadataAgent - - OS::TripleO::Services::TripleoPackages - - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronLinuxbridgeAgent - OS::TripleO::Services::NeutronSriovAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Ntp - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::AuditD - - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Vpp - - OS::TripleO::Services::NeutronVppAgent - - OS::TripleO::Services::MySQLClient - - OS::TripleO::Services::Docker - +############################################################################### +# Role: BlockStorage # +############################################################################### - name: BlockStorage + description: | + Cinder Block Storage node role ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser - - OS::TripleO::Services::BlockStorageCinderVolume + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - - OS::TripleO::Services::Securetty - - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::AuditD - - OS::TripleO::Services::Collectd - - OS::TripleO::Services::MySQLClient - - OS::TripleO::Services::Docker - + - OS::TripleO::Services::TripleoPackages +############################################################################### +# Role: ObjectStorage # +############################################################################### - name: ObjectStorage + description: | + Swift Object Storage node role disable_upgrade_deployment: True ServicesDefault: + - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::Timezone - - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::AuditD - - OS::TripleO::Services::Collectd - - OS::TripleO::Services::MySQLClient - - OS::TripleO::Services::Docker - + - OS::TripleO::Services::TripleoPackages +############################################################################### +# Role: CephStorage # +############################################################################### - name: CephStorage + description: | + Ceph OSD Storage node role ServicesDefault: + - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - - OS::TripleO::Services::Securetty - OS::TripleO::Services::Timezone - - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::AuditD - - OS::TripleO::Services::Collectd - - OS::TripleO::Services::MySQLClient - - OS::TripleO::Services::Docker + - OS::TripleO::Services::TripleoPackages diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index d57c8fc6..ad760fd6 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -1,49 +1,58 @@ +############################################################################### +# File generated by tripleoclient +############################################################################### +############################################################################### +# Role: Undercloud # +############################################################################### - name: Undercloud + description: | + EXPERIMENTAL. A role to deploy the undercloud via heat using the 'openstack + undercloud deploy' command. CountDefault: 1 disable_constraints: True tags: - primary - controller ServicesDefault: - - OS::TripleO::Services::Ntp - - OS::TripleO::Services::MySQL - - OS::TripleO::Services::MongoDb - - OS::TripleO::Services::Keystone - OS::TripleO::Services::Apache - - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::GlanceApi - - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder - - OS::TripleO::Services::Memcached - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatEngine - - OS::TripleO::Services::NovaApi - - OS::TripleO::Services::NovaPlacement - - OS::TripleO::Services::NovaMetadata - - OS::TripleO::Services::NovaScheduler - - OS::TripleO::Services::NovaConductor - - OS::TripleO::Services::MistralEngine - - OS::TripleO::Services::MistralApi - - OS::TripleO::Services::MistralExecutor - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor - OS::TripleO::Services::IronicPxe - - OS::TripleO::Services::NovaIronic - - OS::TripleO::Services::Zaqar - - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MistralApi + - OS::TripleO::Services::MistralEngine + - OS::TripleO::Services::MistralExecutor + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::MySQL - OS::TripleO::Services::NeutronApi - OS::TripleO::Services::NeutronCorePlugin - - OS::TripleO::Services::NeutronOvsAgent - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::UndercloudAodhApi - OS::TripleO::Services::UndercloudAodhEvaluator - - OS::TripleO::Services::UndercloudAodhNotifier - OS::TripleO::Services::UndercloudAodhListener + - OS::TripleO::Services::UndercloudAodhNotifier + - OS::TripleO::Services::UndercloudCeilometerAgentCentral + - OS::TripleO::Services::UndercloudCeilometerAgentNotification - OS::TripleO::Services::UndercloudGnocchiApi - OS::TripleO::Services::UndercloudGnocchiMetricd - OS::TripleO::Services::UndercloudGnocchiStatsd - OS::TripleO::Services::UndercloudPankoApi - - OS::TripleO::Services::UndercloudCeilometerAgentCentral - - OS::TripleO::Services::UndercloudCeilometerAgentNotification + - OS::TripleO::Services::Zaqar diff --git a/test-requirements.txt b/test-requirements.txt index c30101f2..76f03d75 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -6,4 +6,4 @@ Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause) six>=1.9.0 # MIT sphinx!=1.6.1,>=1.5.1 # BSD oslosphinx>=4.7.0 # Apache-2.0 -reno>=1.8.0 # Apache-2.0 +reno!=2.3.1,>=1.8.0 # Apache-2.0 |