diff options
75 files changed, 881 insertions, 344 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index 330832e5..59d47ee0 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -160,6 +160,16 @@ topics: description: Deploy Mistral service requires: - overcloud-resource-registry-puppet.yaml + - title: Ceilometer Api + description: + environments: + - file: environments/services/disable-ceilometer-api.yaml + title: Ceilometer Api + description: Disable Ceilometer Api service. This service is + deprecated and will be removed in future releases. Please move + to using gnocchi/aodh/panko apis instead. + requires: + - overcloud-resource-registry-puppet.yaml # - title: Network Interface Configuration # description: @@ -404,6 +414,13 @@ topics: via puppet requires: - overcloud-resource-registry-puppet.yaml + - file: environments/cinder-hpelefthand-config.yaml + title: Cinder HPELeftHandISCSI backend + description: > + Enables a Cinder HPELeftHandISCSI backend, configured + via puppet + requires: + - overcloud-resource-registry-puppet.yaml - file: environments/cinder-eqlx-config.yaml title: Cinder EQLX backend description: > diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index 0e9c1c7a..db6967e0 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -11,7 +11,6 @@ parameter_defaults: - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi - - OS::TripleO::Services::GlanceRegistry - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch @@ -30,6 +29,7 @@ parameter_defaults: - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::NovaConductor - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index 7875ef4e..636b3a26 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -9,7 +9,6 @@ parameter_defaults: - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi - - OS::TripleO::Services::GlanceRegistry - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch @@ -28,6 +27,7 @@ parameter_defaults: - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::NovaConductor - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml index 26f94d03..08e4d19f 100644 --- a/ci/environments/scenario003-multinode.yaml +++ b/ci/environments/scenario003-multinode.yaml @@ -12,7 +12,6 @@ parameter_defaults: - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi - - OS::TripleO::Services::GlanceRegistry - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch @@ -31,6 +30,7 @@ parameter_defaults: - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::NovaConductor - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml index 0d94cea0..e97113b0 100644 --- a/ci/environments/scenario004-multinode.yaml +++ b/ci/environments/scenario004-multinode.yaml @@ -14,7 +14,6 @@ parameter_defaults: - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi - - OS::TripleO::Services::GlanceRegistry - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch @@ -33,6 +32,7 @@ parameter_defaults: - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::NovaConductor - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp diff --git a/ci/scripts/freeipa_setup.sh b/ci/scripts/freeipa_setup.sh index 6906a2dd..a36493a1 100644 --- a/ci/scripts/freeipa_setup.sh +++ b/ci/scripts/freeipa_setup.sh @@ -8,6 +8,8 @@ # - AdminPassword # - UndercloudFQDN # - HostsSecret +# - ProvisioningCIDR: If set, it adds the given CIDR to the provisioning +# interface (which is hardcoded to eth1) # set -eux @@ -17,6 +19,12 @@ elif [ -f "/tmp/freeipa-setup.env" ]; then source /tmp/freeipa-setup.env fi +if [ -n "$ProvisioningCIDR" ]; then + # Add address to provisioning network interface + ip link set dev eth1 up + ip addr add $ProvisioningCIDR dev eth1 +fi + # Set DNS servers echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf diff --git a/deployed-server/README.rst b/deployed-server/README.rst index f269b6a4..e4d8299b 100644 --- a/deployed-server/README.rst +++ b/deployed-server/README.rst @@ -119,7 +119,7 @@ from the deployment command, the script should be ready to run: [NovaCompute]: CREATE_IN_PROGRESS state changed The user running the script must be able to ssh as root to each server. Define -the the names of your custom roles (if applicable) and hostnames of the deployed +the names of your custom roles (if applicable) and hostnames of the deployed servers you intend to use for each role type. For each role name, a corresponding <role-name>_hosts variable should also be defined, e.g.:: diff --git a/deployed-server/ctlplane-port.yaml b/deployed-server/ctlplane-port.yaml new file mode 100644 index 00000000..7b5cdf11 --- /dev/null +++ b/deployed-server/ctlplane-port.yaml @@ -0,0 +1,28 @@ +heat_template_version: ocata + +parameters: + network: + type: string + default: ctlplane + name: + type: string + replacement_policy: + type: string + default: AUTO + +resources: + + ControlPlanePort: + type: OS::Neutron::Port + properties: + network: ctlplane + name: + list_join: + - '-' + - - {get_param: name} + - port + replacement_policy: AUTO + +outputs: + fixed_ips: + value: {get_attr: [ControlPlanePort, fixed_ips]} diff --git a/deployed-server/deployed-neutron-port.yaml b/deployed-server/deployed-neutron-port.yaml index 5ce63770..bddf8bc1 100644 --- a/deployed-server/deployed-neutron-port.yaml +++ b/deployed-server/deployed-neutron-port.yaml @@ -8,7 +8,7 @@ description: " Example: parameter_defaults: DeployedServerPortMap: - gatsby_ctlplane: + gatsby-ctlplane: fixed_ips: - ip_address: 127.0.0.1 subnets: diff --git a/deployed-server/deployed-server-bootstrap-centos.sh b/deployed-server/deployed-server-bootstrap-centos.sh new file mode 100644 index 00000000..7266ca57 --- /dev/null +++ b/deployed-server/deployed-server-bootstrap-centos.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +set -eux + +yum install -y \ + jq \ + python-ipaddr \ + openstack-puppet-modules \ + os-net-config \ + openvswitch \ + python-heat-agent* + +ln -s -f /usr/share/openstack-puppet/modules/* /etc/puppet/modules + +setenforce 0 +sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config diff --git a/deployed-server/deployed-server-bootstrap-centos.yaml b/deployed-server/deployed-server-bootstrap-centos.yaml new file mode 100644 index 00000000..c1740d78 --- /dev/null +++ b/deployed-server/deployed-server-bootstrap-centos.yaml @@ -0,0 +1,22 @@ +heat_template_version: ocata + +description: 'Deployed Server Bootstrap Config' + +parameters: + + server: + type: string + +resources: + + DeployedServerBootstrapConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: {get_file: deployed-server-bootstrap-centos.sh} + + DeployedServerBootstrapDeployment: + type: OS::Heat::SoftwareDeployment + properties: + config: {get_resource: DeployedServerBootstrapConfig} + server: {get_param: server} diff --git a/deployed-server/deployed-server-roles-data.yaml b/deployed-server/deployed-server-roles-data.yaml index 40a15189..9795a00f 100644 --- a/deployed-server/deployed-server-roles-data.yaml +++ b/deployed-server/deployed-server-roles-data.yaml @@ -21,7 +21,7 @@ # on the role, defaults to an empty list. Sets the default for the # {{role.name}}Services parameter in overcloud.yaml -- name: Controller +- name: ControllerDeployedServer CountDefault: 1 disable_constraints: True ServicesDefault: @@ -33,11 +33,9 @@ - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderScheduler - OS::TripleO::Services::CinderVolume - - OS::TripleO::Services::Core - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi - - OS::TripleO::Services::GlanceRegistry - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch @@ -59,6 +57,7 @@ - OS::TripleO::Services::MongoDb - OS::TripleO::Services::NovaApi - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaConsoleauth - OS::TripleO::Services::NovaVncProxy @@ -103,7 +102,7 @@ - OS::TripleO::Services::Zaqar - OS::TripleO::Services::OVNDBs -- name: Compute +- name: ComputeDeployedServer CountDefault: 1 HostnameFormatDefault: '%stackname%-novacompute-%index%' disable_constraints: True @@ -129,7 +128,7 @@ - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient -- name: BlockStorage +- name: BlockStorageDeployedServer disable_constraints: True ServicesDefault: - OS::TripleO::Services::CACerts @@ -143,7 +142,7 @@ - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient -- name: ObjectStorage +- name: ObjectStorageDeployedServer disable_constraints: True ServicesDefault: - OS::TripleO::Services::CACerts @@ -158,7 +157,7 @@ - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient -- name: CephStorage +- name: CephStorageDeployedServer disable_constraints: True ServicesDefault: - OS::TripleO::Services::CACerts diff --git a/deployed-server/deployed-server.yaml b/deployed-server/deployed-server.yaml index 2929c5eb..1e8afb25 100644 --- a/deployed-server/deployed-server.yaml +++ b/deployed-server/deployed-server.yaml @@ -38,6 +38,12 @@ parameters: type: json description: Optional scheduler hints to pass to nova default: {} + UpgradeInitCommand: + type: string + description: | + Command or script snippet to run on all overcloud nodes to + initialize the upgrade process. E.g. a repository switch. + default: '' resources: deployed-server: @@ -46,6 +52,25 @@ resources: name: {get_param: name} software_config_transport: {get_param: software_config_transport} + UpgradeInitConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + list_join: + - '' + - - "#!/bin/bash\n\n" + - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n" + - get_param: UpgradeInitCommand + + UpgradeInitDeployment: + type: OS::Heat::SoftwareDeployment + properties: + name: UpgradeInitDeployment + server: {get_resource: deployed-server} + config: {get_resource: UpgradeInitConfig} + + InstanceIdConfig: type: OS::Heat::StructuredConfig properties: @@ -58,6 +83,7 @@ resources: properties: config: {get_resource: InstanceIdConfig} server: {get_resource: deployed-server} + depends_on: UpgradeInitDeployment HostsEntryConfig: type: OS::Heat::SoftwareConfig @@ -80,7 +106,12 @@ resources: config: {get_resource: HostsEntryConfig} server: {get_resource: deployed-server} - ControlPlanePortImpl: + DeployedServerBootstrapConfig: + type: OS::TripleO::DeployedServer::Bootstrap + properties: + server: {get_resource: deployed-server} + + ControlPlanePort: type: OS::TripleO::DeployedServer::ControlPlanePort properties: network: ctlplane @@ -97,6 +128,6 @@ outputs: networks: value: ctlplane: - - {get_attr: [ControlPlanePortImpl, fixed_ips, 0, ip_address]} + - {get_attr: [ControlPlanePort, fixed_ips, 0, ip_address]} name: value: {get_attr: [HostsEntryDeployment, hostname]} diff --git a/deployed-server/scripts/get-occ-config.sh b/deployed-server/scripts/get-occ-config.sh index 404244b1..6c196f97 100755 --- a/deployed-server/scripts/get-occ-config.sh +++ b/deployed-server/scripts/get-occ-config.sh @@ -79,7 +79,14 @@ for role in $OVERCLOUD_ROLES; do server_stack=$(openstack stack resource show $stack $server_resource_name -c physical_resource_id -f value) done - deployed_server_metadata_url=$(openstack stack resource metadata $server_stack deployed-server | jq -r '.["os-collect-config"].request.metadata_url') + while true; do + deployed_server_metadata_url=$(openstack stack resource metadata $server_stack deployed-server | jq -r '.["os-collect-config"].request.metadata_url') + if [ "$deployed_server_metadata_url" = "null" ]; then + continue + else + break + fi + done echo "======================" echo "$role$i os-collect-config.conf configuration:" diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml index 41d33895..1ba96e27 100644 --- a/docker/post.j2.yaml +++ b/docker/post.j2.yaml @@ -35,7 +35,7 @@ parameters: NeutronOpenvswitchAgentConfig: type: string - default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini" + default: "/etc/neutron/neutron.conf,/etc/neutron/plugins/ml2/openvswitch_agent.ini" resources: diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index 56bd073e..1c9e60db 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -12,12 +12,6 @@ parameters: description: image default: 'centos-binary-neutron-openvswitch-agent' type: string - NeutronOpenvswitchAgentPluginVolume: - type: string - default: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/ovs_neutron_plugin.ini:ro" - NeutronOpenvswitchAgentOvsVolume: - type: string - default: " " ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -64,8 +58,7 @@ outputs: - /var/lib/etc-data/json-config/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json - /var/lib/etc-data/neutron/neutron.conf:/var/lib/kolla/config_files/neutron.conf:ro - /var/lib/etc-data/neutron/plugins/ml2/ml2_conf.ini:/var/lib/kolla/config_files/ml2_conf.ini:ro - - {get_param: NeutronOpenvswitchAgentPluginVolume} - - {get_param: NeutronOpenvswitchAgentOvsVolume} + - /var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/openvswitch_agent.ini:ro - /etc/localtime:/etc/localtime:ro - /lib/modules:/lib/modules:ro - /run:/run diff --git a/environments/cinder-hpelefthand-config.yaml b/environments/cinder-hpelefthand-config.yaml new file mode 100644 index 00000000..90d0261e --- /dev/null +++ b/environments/cinder-hpelefthand-config.yaml @@ -0,0 +1,13 @@ +# A Heat environment file which can be used to enable a +# a Cinder HPELeftHandISCSI backend, configured via puppet +resource_registry: + OS::TripleO::Services::CinderHPELeftHandISCSI: ../puppet/services/cinder-hpelefthand-iscsi.yaml + +parameter_defaults: + CinderHPELeftHandISCSIApiUrl: '' + CinderHPELeftHandISCSIUserName: '' + CinderHPELeftHandISCSIPassword: '' + CinderHPELeftHandISCSIBackendName: 'tripleo_hpelefthand' + CinderHPELeftHandISCSIChapEnabled: false + CinderHPELeftHandClusterName: '' + CinderHPELeftHandDebug: false diff --git a/environments/deployed-server-bootstrap-environment-centos.yaml b/environments/deployed-server-bootstrap-environment-centos.yaml new file mode 100644 index 00000000..ebcdfc2b --- /dev/null +++ b/environments/deployed-server-bootstrap-environment-centos.yaml @@ -0,0 +1,7 @@ +# An environment that can be used with the deployed-server.yaml template to do +# initial bootstrapping of the deployed servers. +resource_registry: + OS::TripleO::DeployedServer::Bootstrap: ../deployed-server/deployed-server-bootstrap-centos.yaml + +parameter_defaults: + EnablePackageInstall: True diff --git a/environments/deployed-server-environment.yaml b/environments/deployed-server-environment.yaml index 7a6639f9..7bc1bd9b 100644 --- a/environments/deployed-server-environment.yaml +++ b/environments/deployed-server-environment.yaml @@ -1,3 +1,4 @@ resource_registry: OS::TripleO::Server: ../deployed-server/deployed-server.yaml OS::TripleO::DeployedServer::ControlPlanePort: OS::Neutron::Port + OS::TripleO::DeployedServer::Bootstrap: OS::Heat::None diff --git a/environments/deployed-server-noop-ctlplane.yaml b/environments/deployed-server-noop-ctlplane.yaml index 54f5e41d..8835d5b1 100644 --- a/environments/deployed-server-noop-ctlplane.yaml +++ b/environments/deployed-server-noop-ctlplane.yaml @@ -1,3 +1,4 @@ resource_registry: + OS::TripleO::DeployedServer::Bootstrap: OS::Heat::None OS::TripleO::Server: ../deployed-server/deployed-server.yaml OS::TripleO::DeployedServer::ControlPlanePort: ../deployed-server/deployed-neutron-port.yaml diff --git a/environments/docker-network-isolation.yaml b/environments/docker-network-isolation.yaml deleted file mode 100644 index 87c81d0b..00000000 --- a/environments/docker-network-isolation.yaml +++ /dev/null @@ -1,4 +0,0 @@ -parameter_defaults: - NeutronOpenvswitchAgentConfig: "/etc/neutron/neutron.conf,/etc/neutron/plugins/openvswitch/openvswitch_agent.ini" - NeutronOpenvswitchAgentPluginVolume: "/var/lib/etc-data/neutron/plugins/ml2/openvswitch_agent.ini:/var/lib/kolla/config_files/openvswitch_agent.ini:ro" - NeutronOpenvswitchAgentOvsVolume: "/var/lib/etc-data/neutron/conf.d/neutron-openvswitch-agent:/etc/neutron/conf.d/neutron-openvswitch-agent:ro" diff --git a/environments/enable-swap-partition.yaml b/environments/enable-swap-partition.yaml new file mode 100644 index 00000000..71b70ec9 --- /dev/null +++ b/environments/enable-swap-partition.yaml @@ -0,0 +1,3 @@ +# Use this environment to create a swap partition in all Overcloud nodes +resource_registry: + OS::TripleO::AllNodesExtraConfig: ../extraconfig/all_nodes/swap-partition.yaml diff --git a/environments/enable-swap.yaml b/environments/enable-swap.yaml new file mode 100644 index 00000000..9ba08642 --- /dev/null +++ b/environments/enable-swap.yaml @@ -0,0 +1,3 @@ +# Use this environment to create a swap file in all Overcloud nodes +resource_registry: + OS::TripleO::AllNodesExtraConfig: ../extraconfig/all_nodes/swap.yaml diff --git a/environments/network-environment.yaml b/environments/network-environment.yaml index b02fc198..796eb806 100644 --- a/environments/network-environment.yaml +++ b/environments/network-environment.yaml @@ -43,7 +43,7 @@ parameter_defaults: ExternalInterfaceDefaultRoute: 10.0.0.1 # Uncomment if using the Management Network (see network-management.yaml) # ManagementNetCidr: 10.0.1.0/24 - # ManagementAllocationPools: [{'start': '10.0.1.10', 'end', '10.0.1.50'}] + # ManagementAllocationPools: [{'start': '10.0.1.10', 'end': '10.0.1.50'}] # Use either this parameter or ControlPlaneDefaultRoute in the NIC templates # ManagementInterfaceDefaultRoute: 10.0.1.1 # Define the DNS servers (maximum 2) for the overcloud nodes diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml index 06e4f7aa..5f8b02ad 100644 --- a/environments/puppet-ceph-external.yaml +++ b/environments/puppet-ceph-external.yaml @@ -30,5 +30,8 @@ parameter_defaults: # finally we disable the Cinder LVM backend CinderEnableIscsiBackend: false + # Uncomment if connecting to a pre-Jewel or RHCS1.3 Ceph Cluster + # RbdDefaultFeatures: 1 + # Backward compatibility setting, will be removed in the future CephAdminKey: '' diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index b8e93f20..0b71dbd9 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -1,7 +1,6 @@ # An environment which enables configuration of an # Overcloud controller with Pacemaker. resource_registry: - OS::TripleO::ControllerConfig: ../puppet/controller-config-pacemaker.yaml OS::TripleO::Tasks::ControllerPrePuppet: ../extraconfig/tasks/pre_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppet: ../extraconfig/tasks/post_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppetRestart: ../extraconfig/tasks/post_puppet_pacemaker_restart.yaml diff --git a/environments/services/disable-ceilometer-api.yaml b/environments/services/disable-ceilometer-api.yaml new file mode 100644 index 00000000..94cd8d5d --- /dev/null +++ b/environments/services/disable-ceilometer-api.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::CeilometerApi: OS::Heat::None diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index fb66b38a..74c9f61d 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -20,7 +20,6 @@ parameter_defaults: GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} - GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} @@ -50,6 +49,9 @@ parameter_defaults: NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index 6586a547..17ff2feb 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -20,7 +20,6 @@ parameter_defaults: GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'} GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'} - GlanceRegistryInternal: {protocol: 'http', port: '9191', host: 'IP_ADDRESS'} GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'} GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'} @@ -50,6 +49,9 @@ parameter_defaults: NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'} NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'} + NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'} NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml index ebb491f0..0aa2be08 100644 --- a/environments/tls-everywhere-endpoints-dns.yaml +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -20,7 +20,6 @@ parameter_defaults: GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'} GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'} - GlanceRegistryInternal: {protocol: 'https', port: '9191', host: 'CLOUDNAME'} GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'} GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'} @@ -50,6 +49,9 @@ parameter_defaults: NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'} NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'} + NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} + NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'} + NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'} NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'} NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'} diff --git a/environments/updates/README.md b/environments/updates/README.md index 426d7329..93714ed8 100644 --- a/environments/updates/README.md +++ b/environments/updates/README.md @@ -10,3 +10,6 @@ Contents **update-from-publicvip-on-ctlplane.yaml** To be used if the PublicVirtualIP resource was deployed as an additional VIP on the 'ctlplane'. + +**update-from-deloyed-server-newton.yaml** + To be used when updating from the deployed-server template from Newton. diff --git a/environments/updates/update-from-deployed-server-newton.yaml b/environments/updates/update-from-deployed-server-newton.yaml new file mode 100644 index 00000000..6fe3a4cb --- /dev/null +++ b/environments/updates/update-from-deployed-server-newton.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::DeployedServer::ControlPlanePort: ../../deployed-server/ctlplane-port.yaml diff --git a/extraconfig/all_nodes/swap-partition.j2.yaml b/extraconfig/all_nodes/swap-partition.j2.yaml index ffd30327..b6fef79f 100644 --- a/extraconfig/all_nodes/swap-partition.j2.yaml +++ b/extraconfig/all_nodes/swap-partition.j2.yaml @@ -1,11 +1,7 @@ heat_template_version: ocata -description: > - Extra config to add swap space to nodes. +description: Template file to add a swap partition to a node. -# Parameters passed from the parent template - note if you maintain -# out-of-tree templates they may require additional parameters if the -# in-tree templates add a new role. parameters: servers: type: json @@ -14,9 +10,7 @@ parameters: description: Swap partition label default: 'swap1' - resources: - SwapConfig: type: OS::Heat::SoftwareConfig properties: @@ -25,8 +19,13 @@ resources: #!/bin/bash set -eux swap_partition=$(realpath /dev/disk/by-label/$swap_partition_label) - swapon $swap_partition - echo "$swap_partition swap swap defaults 0 0" >> /etc/fstab + if [ -f "$swap_partition" ]; then + swapon $swap_partition + echo "$swap_partition swap swap defaults 0 0" >> /etc/fstab + else + echo "$swap_partition needs to be a valid path" + echo "Check that $swap_partition_label is a valid partition label" + fi inputs: - name: swap_partition_label description: Swap partition label diff --git a/extraconfig/all_nodes/swap.j2.yaml b/extraconfig/all_nodes/swap.j2.yaml index e8cd4c90..044f817c 100644 --- a/extraconfig/all_nodes/swap.j2.yaml +++ b/extraconfig/all_nodes/swap.j2.yaml @@ -1,11 +1,7 @@ heat_template_version: ocata -description: > - Extra config to add swap space to nodes. +description: Template file to add a swap file to a node. -# Parameters passed from the parent template - note if you maintain -# out-of-tree templates they may require additional parameters if the -# in-tree templates add a new role. parameters: servers: type: json @@ -18,9 +14,7 @@ parameters: description: Full path to location of swap file default: '/swap' - resources: - SwapConfig: type: OS::Heat::SoftwareConfig properties: diff --git a/extraconfig/pre_network/config_then_reboot.yaml b/extraconfig/pre_network/config_then_reboot.yaml index ec4d2761..bb0b9511 100644 --- a/extraconfig/pre_network/config_then_reboot.yaml +++ b/extraconfig/pre_network/config_then_reboot.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2014-10-16 +heat_template_version: ocata description: > Do some configuration, then reboot - sometimes needed for early-boot diff --git a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml index bba16a66..4ad53cb8 100644 --- a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-10-14 +heat_template_version: ocata description: > Do some configuration, then reboot - sometimes needed for early-boot diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh index 6748f891..a3cbd945 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh @@ -57,10 +57,10 @@ if [[ -n $(is_bootstrap_node) ]]; then # TODO: check if this can be triggered in puppet and removed from here ceilometer-upgrade --config-file=/etc/ceilometer/ceilometer.conf --skip-gnocchi-resource-types cinder-manage db sync - glance-manage --config-file=/etc/glance/glance-registry.conf db_sync + glance-manage db_sync heat-manage --config-file /etc/heat/heat.conf db_sync keystone-manage db_sync - neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head + neutron-db-manage upgrade heads nova-manage db sync nova-manage api_db sync nova-manage db online_data_migrations diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh index 6d02acc8..ae22a1e7 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh +++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh @@ -83,7 +83,6 @@ function services_to_migrate { openstack-cinder-api-clone openstack-cinder-scheduler-clone openstack-glance-api-clone - openstack-glance-registry-clone openstack-gnocchi-metricd-clone openstack-gnocchi-statsd-clone openstack-heat-api-cfn-clone diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index 9975df22..23c1ce1e 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -76,11 +76,6 @@ Glance: net_param: GlanceApi port: 9292 -GlanceRegistry: - Internal: - net_param: GlanceRegistry - port: 9191 - Mysql: Internal: net_param: Mysql @@ -205,6 +200,21 @@ Nova: '': /v2.1 port: 8774 +NovaPlacement: + Internal: + net_param: NovaApi + uri_suffixes: + '': /placement + Public: + net_param: Public + uri_suffixes: + '': /placement + Admin: + net_param: NovaApi + uri_suffixes: + '': /placement + port: 8778 + NovaVNCProxy: Internal: net_param: NovaApi diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index af89d0b7..a17f1c96 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -37,7 +37,6 @@ parameters: GlanceAdmin: {protocol: http, port: '9292', host: IP_ADDRESS} GlanceInternal: {protocol: http, port: '9292', host: IP_ADDRESS} GlancePublic: {protocol: http, port: '9292', host: IP_ADDRESS} - GlanceRegistryInternal: {protocol: http, port: '9191', host: IP_ADDRESS} GnocchiAdmin: {protocol: http, port: '8041', host: IP_ADDRESS} GnocchiInternal: {protocol: http, port: '8041', host: IP_ADDRESS} GnocchiPublic: {protocol: http, port: '8041', host: IP_ADDRESS} @@ -67,6 +66,9 @@ parameters: NovaAdmin: {protocol: http, port: '8774', host: IP_ADDRESS} NovaInternal: {protocol: http, port: '8774', host: IP_ADDRESS} NovaPublic: {protocol: http, port: '8774', host: IP_ADDRESS} + NovaPlacementAdmin: {protocol: http, port: '8778', host: IP_ADDRESS} + NovaPlacementInternal: {protocol: http, port: '8778', host: IP_ADDRESS} + NovaPlacementPublic: {protocol: http, port: '8778', host: IP_ADDRESS} NovaVNCProxyAdmin: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyInternal: {protocol: http, port: '6080', host: IP_ADDRESS} NovaVNCProxyPublic: {protocol: http, port: '6080', host: IP_ADDRESS} @@ -2051,87 +2053,6 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, GlancePublic, port] - GlanceRegistryInternal: - host: - str_replace: - template: - get_param: [EndpointMap, GlanceRegistryInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, GlanceRegistryNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, GlanceRegistryNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, GlanceRegistryInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, GlanceRegistryNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, GlanceRegistryNetwork] - port: - get_param: [EndpointMap, GlanceRegistryInternal, port] - protocol: - get_param: [EndpointMap, GlanceRegistryInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, GlanceRegistryInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, GlanceRegistryInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, GlanceRegistryNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, GlanceRegistryNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, GlanceRegistryInternal, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, GlanceRegistryInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, GlanceRegistryInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, GlanceRegistryNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, GlanceRegistryNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, GlanceRegistryInternal, port] GnocchiAdmin: host: str_replace: @@ -5077,6 +4998,255 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaPublic, port] + NovaPlacementAdmin: + host: + str_replace: + template: + get_param: [EndpointMap, NovaPlacementAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, NovaPlacementAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, NovaApiNetwork] + port: + get_param: [EndpointMap, NovaPlacementAdmin, port] + protocol: + get_param: [EndpointMap, NovaPlacementAdmin, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, NovaPlacementAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, NovaPlacementAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, NovaPlacementAdmin, port] + - /placement + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, NovaPlacementAdmin, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, NovaPlacementAdmin, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, NovaPlacementAdmin, port] + - /placement + NovaPlacementInternal: + host: + str_replace: + template: + get_param: [EndpointMap, NovaPlacementInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, NovaPlacementInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, NovaApiNetwork] + port: + get_param: [EndpointMap, NovaPlacementInternal, port] + protocol: + get_param: [EndpointMap, NovaPlacementInternal, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, NovaPlacementInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, NovaPlacementInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, NovaPlacementInternal, port] + - /placement + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, NovaPlacementInternal, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, NovaPlacementInternal, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, NovaApiNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, NovaApiNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, NovaPlacementInternal, port] + - /placement + NovaPlacementPublic: + host: + str_replace: + template: + get_param: [EndpointMap, NovaPlacementPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + host_nobrackets: + str_replace: + template: + get_param: [EndpointMap, NovaPlacementPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - get_param: [ServiceNetMap, PublicNetwork] + port: + get_param: [EndpointMap, NovaPlacementPublic, port] + protocol: + get_param: [EndpointMap, NovaPlacementPublic, protocol] + uri: + list_join: + - '' + - - get_param: [EndpointMap, NovaPlacementPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, NovaPlacementPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, NovaPlacementPublic, port] + - /placement + uri_no_suffix: + list_join: + - '' + - - get_param: [EndpointMap, NovaPlacementPublic, protocol] + - :// + - str_replace: + template: + get_param: [EndpointMap, NovaPlacementPublic, host] + params: + CLOUDNAME: + get_param: + - CloudEndpoints + - get_param: [ServiceNetMap, PublicNetwork] + IP_ADDRESS: + get_param: + - NetIpMap + - str_replace: + params: + NETWORK: + get_param: [ServiceNetMap, PublicNetwork] + template: NETWORK_uri + - ':' + - get_param: [EndpointMap, NovaPlacementPublic, port] + - /placement NovaVNCProxyAdmin: host: str_replace: diff --git a/network/scripts/run-os-net-config.sh b/network/scripts/run-os-net-config.sh index a7dbedc7..8fe2d270 100755 --- a/network/scripts/run-os-net-config.sh +++ b/network/scripts/run-os-net-config.sh @@ -10,7 +10,7 @@ # a deployment input via input_values # $network_config : the json serialized os-net-config config to apply # -set -ux +set -eux function get_metadata_ip() { @@ -98,8 +98,10 @@ EOF_CAT fi fi done + set +e os-net-config -c /etc/os-net-config/dhcp_all_interfaces.yaml -v --detailed-exit-codes --cleanup RETVAL=$? + set -e if [[ $RETVAL == 2 ]]; then ping_metadata_ip elif [[ $RETVAL != 0 ]]; then @@ -123,8 +125,10 @@ if [ -n '$network_config' ]; then sed -i "s/bridge_name/${bridge_name:-''}/" /etc/os-net-config/config.json sed -i "s/interface_name/${interface_name:-''}/" /etc/os-net-config/config.json + set +e os-net-config -c /etc/os-net-config/config.json -v --detailed-exit-codes RETVAL=$? + set -e if [[ $RETVAL == 2 ]]; then ping_metadata_ip diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index b2201452..8f1c4b45 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -32,7 +32,6 @@ parameters: CinderApiNetwork: internal_api CinderIscsiNetwork: storage GlanceApiNetwork: storage - GlanceRegistryNetwork: internal_api IronicApiNetwork: ctlplane IronicNetwork: ctlplane KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index fcc2dd2f..7e0ecf04 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -130,7 +130,6 @@ resource_registry: OS::TripleO::Services::BlockStorageCinderVolume: puppet/services/cinder-volume.yaml OS::TripleO::Services::Keystone: puppet/services/keystone.yaml OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml - OS::TripleO::Services::GlanceRegistry: puppet/services/glance-registry.yaml OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml @@ -173,6 +172,7 @@ resource_registry: OS::TripleO::Services::NovaConductor: puppet/services/nova-conductor.yaml OS::TripleO::Services::MongoDb: puppet/services/database/mongodb.yaml OS::TripleO::Services::NovaApi: puppet/services/nova-api.yaml + OS::TripleO::Services::NovaPlacement: puppet/services/nova-placement.yaml OS::TripleO::Services::NovaMetadata: puppet/services/nova-metadata.yaml OS::TripleO::Services::NovaScheduler: puppet/services/nova-scheduler.yaml OS::TripleO::Services::NovaConsoleauth: puppet/services/nova-consoleauth.yaml @@ -231,6 +231,7 @@ resource_registry: OS::TripleO::Services::ContrailWebui: puppet/services/network/contrail-webui.yaml OS::TripleO::Services::Zaqar: OS::Heat::None OS::TripleO::Services::NeutronML2FujitsuCfab: OS::Heat::None + OS::TripleO::Services::CinderHPELeftHandISCSI: OS::Heat::None parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index 4a3e4cd0..f93c19a3 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -593,8 +593,9 @@ resources: - {{role.name}}AllNodesValidationDeployment {% endfor %} properties: + servers: {% for role in roles %} - servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} + {{role.name}}: {get_attr: [{{role.name}}, attributes, nova_server_resource]} {% endfor %} # Upgrade steps for all roles diff --git a/puppet/controller-config-pacemaker.yaml b/puppet/controller-config-pacemaker.yaml deleted file mode 100644 index 1b719839..00000000 --- a/puppet/controller-config-pacemaker.yaml +++ /dev/null @@ -1,41 +0,0 @@ -heat_template_version: ocata - -description: > - A software config which runs manifests/overcloud_controller_pacemaker.pp - -parameters: - ConfigDebug: - default: false - description: Whether to run config management (e.g. Puppet) in debug mode. - type: boolean - StepConfig: - type: string - description: Config manifests that will be used to step through the deployment. - default: '' - -resources: - - ControllerPuppetConfigImpl: - type: OS::Heat::SoftwareConfig - properties: - group: puppet - options: - enable_debug: {get_param: ConfigDebug} - enable_hiera: True - enable_facter: False - modulepath: /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules - outputs: - - name: result - inputs: - - name: step - type: Number - config: - list_join: - - '' - - - get_file: manifests/overcloud_controller_pacemaker.pp - - {get_param: StepConfig} - -outputs: - OS::stack_id: - description: The software config which runs overcloud_controller_pacemaker.pp - value: {get_resource: ControllerPuppetConfigImpl} diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index b70f5c71..9430a704 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -19,7 +19,7 @@ resources: # Upgrade Steps for all roles # FIXME(shardy): would be nice to make the number of steps configurable -{% for step in range(1, 8) %} +{% for step in range(0, 8) %} {% for role in roles %} # Step {{step}} resources {{role.name}}UpgradeConfig_Step{{step}}: @@ -28,7 +28,7 @@ resources: # serialization, but the event output is easier to follow if we # do, and there should be minimal performance hit (creating the # config is cheap compared to the time to apply the deployment). - {% if step > 1 %} + {% if step > 0 %} depends_on: {% for dep in roles %} - {{dep.name}}Upgrade_Step{{step -1}} @@ -40,7 +40,7 @@ resources: {{role.name}}Upgrade_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup - {% if step > 1 %} + {% if step > 0 %} depends_on: {% for dep in roles %} - {{dep.name}}Upgrade_Step{{step -1}} diff --git a/puppet/manifests/overcloud_controller_pacemaker.pp b/puppet/manifests/overcloud_controller_pacemaker.pp deleted file mode 100644 index d329d5fc..00000000 --- a/puppet/manifests/overcloud_controller_pacemaker.pp +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -if hiera('step') >= 4 { - hiera_include('controller_classes', []) -} - -$package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')]) -package_manifest{$package_manifest_name: ensure => present} diff --git a/puppet/manifests/overcloud_role.pp b/puppet/manifests/overcloud_role.pp index 1a59620c..e2bf5146 100644 --- a/puppet/manifests/overcloud_role.pp +++ b/puppet/manifests/overcloud_role.pp @@ -24,3 +24,7 @@ if hiera('step') >= 4 { $package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud___ROLE__', hiera('step')]) package_manifest{$package_manifest_name: ensure => present} + +# NOTE(gfidente): ensure deprecated package manifest is absent, can be removed after Pike +$absent_package_manifest_name = join(['/var/lib/tripleo/installed-packages/overcloud_controller_pacemaker', hiera('step')]) +package_manifest{$absent_package_manifest_name: ensure => absent} diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 0528368e..a86a0cdf 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -46,14 +46,6 @@ parameters: default: 0 description: Number of workers for Ceilometer service. type: number - CeilometerStoreEvents: - default: false - description: Whether to store events in ceilometer. - type: boolean - EnableLegacyCeilometerApi: - default: false - description: Enable legacy ceilometer Api service if needed. - type: boolean EventPipelinePublishers: default: ['notifier://?topic=alarm.all'] description: A list of publishers to put in event_pipeline.yaml. @@ -103,7 +95,6 @@ outputs: - '/ceilometer' - '?bind_address=' - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" - enable_legacy_ceilometer_api: {get_param: EnableLegacyCeilometerApi} ceilometer_backend: {get_param: CeilometerBackend} ceilometer::metering_secret: {get_param: CeilometerMeteringSecret} # we include db_sync class in puppet-tripleo @@ -114,7 +105,6 @@ outputs: ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } - ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents} ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers} ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion} ceilometer::agent::auth::auth_tenant_name: 'service' diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index b898d0bf..aaa9b039 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -61,6 +61,12 @@ parameters: MonitoringSubscriptionCephExternal: default: 'overcloud-ceph-external' type: string + RbdDefaultFeatures: + default: '' + description: The default features enabled when creating a block device + image. Only applies to format 2 images. Set to '1' for Jewel + clients using older Ceph servers. + type: string conditions: glance_multiple_locations: @@ -81,6 +87,7 @@ outputs: config_settings: tripleo::profile::base::ceph::ceph_mon_host: {get_param: CephExternalMonHost} ceph::profile::params::fsid: {get_param: CephClusterFSID} + ceph::profile::params::rbd_default_features: {get_param: RbdDefaultFeatures} ceph::profile::params::client_keys: str_replace: template: "{ diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index f32bdd2b..68ad69b7 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -28,6 +28,12 @@ parameters: CinderRbdPoolName: default: volumes type: string + ManilaCephFSDataPoolName: + default: manila_data + type: string + ManilaCephFSMetadataPoolName: + default: manila_metadata + type: string CinderBackupRbdPoolName: default: backups type: string @@ -87,6 +93,8 @@ outputs: for_each: <%pool%>: - {get_param: CinderRbdPoolName} + - {get_param: ManilaCephFSDataPoolName} + - {get_param: ManilaCephFSMetadataPoolName} - {get_param: CinderBackupRbdPoolName} - {get_param: NovaRbdPoolName} - {get_param: GlanceRbdPoolName} diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 376ea2c5..7d197831 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -147,3 +147,19 @@ outputs: cinder::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + upgrade_tasks: + - name: check for cinder running under apache (post upgrade) + tags: step2 + shell: "apachectl -t -D DUMP_VHOSTS | grep -q cinder" + register: cinder_apache + ignore_errors: true + - name: Stop cinder_api service (running under httpd) + tags: step2 + service: name=httpd state=stopped + when: "cinder_apache.rc == 0" + - name: Stop and disable cinder_api service (pre-upgrade not under httpd) + tags: step2 + service: name=openstack-cinder-api state=stopped enabled=no + - name: Start cinder_api service (running under httpd) + tags: step6 + service: name=httpd state=started diff --git a/puppet/services/cinder-hpelefthand-iscsi.yaml b/puppet/services/cinder-hpelefthand-iscsi.yaml new file mode 100644 index 00000000..ca7d2838 --- /dev/null +++ b/puppet/services/cinder-hpelefthand-iscsi.yaml @@ -0,0 +1,56 @@ +heat_template_version: ocata + +description: > + Configure Cinder HPELeftHandISCSIDriver + +parameters: + # Config specific parameters, to be provided via parameter_defaults + CinderHPELeftHandISCSIApiUrl: + type: string + CinderHPELeftHandISCSIUserName: + type: string + CinderHPELeftHandISCSIPassword: + type: string + hidden: true + CinderHPELeftHandISCSIBackendName: + type: string + default: 'tripleo_hpelefthand' + CinderHPELeftHandISCSIChapEnabled: + type: boolean + default: false + CinderHPELeftHandClusterName: + type: string + CinderHPELeftHandDebug: + type: boolean + default: false + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for Cinder HPELeftHandISCSIDriver + value: + service_name: cinder_hpelefthand_iscsi + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_hpelefthand_backend: true + cinder::backend::hpelefthand_iscsi::hpelefthand_api_url: {get_param: CinderHPELeftHandISCSIApiUrl} + cinder::backend::hpelefthand_iscsi::hpelefthand_username: {get_param: CinderHPELeftHandISCSIUserName} + cinder::backend::hpelefthand_iscsi::hpelefthand_password: {get_param: CinderHPELeftHandISCSIPassword} + cinder::backend::hpelefthand_iscsi::volume_backend_name: {get_param: CinderHPELeftHandISCSIBackendName} + cinder::backend::hpelefthand_iscsi::hpelefthand_iscsi_chap_enabled: {get_param: CinderHPELeftHandISCSIChapEnabled} + cinder::backend::hpelefthand_iscsi::hpelefthand_clustername: {get_param: CinderHPELeftHandClusterName} + cinder::backend::hpelefthand_iscsi::hpelefthand_debug: {get_param: CinderHPELeftHandDebug} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml index 3dd3f64e..e12af631 100644 --- a/puppet/services/cinder-scheduler.yaml +++ b/puppet/services/cinder-scheduler.yaml @@ -51,3 +51,10 @@ outputs: - cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler step_config: | include ::tripleo::profile::base::cinder::scheduler + upgrade_tasks: + - name: Stop cinder_scheduler service + tags: step2 + service: name=openstack-cinder-scheduler state=stopped + - name: Start cinder_scheduler service + tags: step6 + service: name=openstack-cinder-scheduler state=started diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index 66706bc4..cc06d87b 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -110,3 +110,14 @@ outputs: tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: {get_param: [ServiceNetMap, CinderIscsiNetwork]} step_config: | include ::tripleo::profile::base::cinder::volume + upgrade_tasks: + - name: Stop cinder_volume service + tags: step2 + service: name=openstack-cinder-volume state=stopped + - name: Sync cinder_volume DB + tags: step5 + command: cinder-manage db sync + - name: Start cinder_volume service + tags: step6 + service: name=openstack-cinder-volume state=started + diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 5eefe6bd..7e12894f 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -95,6 +95,9 @@ outputs: step_config: | include ::tripleo::profile::base::database::mysql upgrade_tasks: + - name: Check for galera root password + tags: step0 + file: path=/root/.my.cnf state=file - name: Stop service tags: step2 service: name=mariadb state=stopped diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 0a7c90e1..6d01bd48 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -80,12 +80,8 @@ outputs: glance::api::bind_port: {get_param: [EndpointMap, GlanceInternal, port]} glance::api::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } glance::api::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - glance::api::registry_host: - str_replace: - template: "'REGISTRY_HOST'" - params: - REGISTRY_HOST: {get_param: [EndpointMap, GlanceRegistryInternal, host]} - glance::api::registry_client_protocol: {get_param: [EndpointMap, GlanceRegistryInternal, protocol] } + glance::api::enable_v1_api: false + glance::api::enable_v2_api: true glance::api::authtoken::password: {get_param: GlancePassword} glance::api::enable_proxy_headers_parsing: true glance::api::debug: {get_param: Debug} diff --git a/puppet/services/glance-base.yaml b/puppet/services/glance-base.yaml index d715ac02..f5548982 100644 --- a/puppet/services/glance-base.yaml +++ b/puppet/services/glance-base.yaml @@ -105,8 +105,6 @@ outputs: glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} glance::notify::rabbitmq::notification_driver: messagingv2 - glance::registry::db::database_db_max_retries: -1 - glance::registry::db::database_max_retries: -1 tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled} tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare} tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions} diff --git a/puppet/services/glance-registry.yaml b/puppet/services/glance-registry.yaml deleted file mode 100644 index 914c1584..00000000 --- a/puppet/services/glance-registry.yaml +++ /dev/null @@ -1,109 +0,0 @@ -heat_template_version: ocata - -description: > - OpenStack Glance Registry service configured with Puppet - -parameters: - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - Debug: - default: '' - description: Set to True to enable debugging on all services. - type: string - GlancePassword: - description: The password for the glance service and db account, used by the glance services. - type: string - hidden: true - GlanceWorkers: - default: '' - description: | - Number of worker processes for glance registry. If left unset (empty - string), the default value will result in the configuration being left - unset and a system-dependent default value will be chosen (e.g.: number of - processors). Please note that this will create a large number of processes - on systems with a large number of CPUs resulting in excess memory - consumption. It is recommended that a suitable non-default value be - selected on such systems. - type: string - MonitoringSubscriptionGlanceRegistry: - default: 'overcloud-glance-registry' - type: string - GlanceRegistryLoggingSource: - type: json - default: - tag: openstack.glance.registry - path: /var/log/glance/registry.log - -resources: - GlanceBase: - type: ./glance-base.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - -outputs: - role_data: - description: Role data for the Glance Registry role. - value: - service_name: glance_registry - monitoring_subscription: {get_param: MonitoringSubscriptionGlanceRegistry} - logging_source: {get_param: GlanceRegistryLoggingSource} - logging_groups: - - glance - config_settings: - map_merge: - - get_attr: [GlanceBase, role_data, config_settings] - - - glance::registry::database_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://glance:' - - {get_param: GlancePassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/glance' - - '?bind_address=' - - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" - glance::registry::authtoken::password: {get_param: GlancePassword} - glance::registry::authtoken::project_name: 'service' - glance::registry::pipeline: 'keystone' - glance::registry::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } - glance::registry::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } - glance::registry::debug: {get_param: Debug} - glance::registry::workers: {get_param: GlanceWorkers} - tripleo.glance_registry.firewall_rules: - '112 glance_registry': - dport: - - 9191 - # NOTE: bind IP is found in Heat replacing the network name with the - # local node IP for the given network; replacement examples - # (eg. for internal_api): - # internal_api -> IP - # internal_api_uri -> [IP] - # internal_api_subnet - > IP/CIDR - glance::registry::bind_host: {get_param: [ServiceNetMap, GlanceRegistryNetwork]} - step_config: | - include ::tripleo::profile::base::glance::registry - service_config_settings: - get_attr: [GlanceBase, role_data, config_settings] - upgrade_tasks: - - name: Stop glance_registry service - tags: step2 - service: name=openstack-glance-registry state=stopped - - name: Start glance_registry service - tags: step6 - service: name=openstack-glance-registry state=started diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 10a7780b..f4d3cad3 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -84,3 +84,11 @@ outputs: heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} heat::keystone::auth_cfn::password: {get_param: HeatPassword} heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} + upgrade_tasks: + - name: Stop heat_api_cfn service + tags: step2 + service: name=openstack-heat-api-cfn state=stopped + - name: Start heat_api_cfn service + tags: step6 + service: name=openstack-heat-api-cfn state=started + diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index 1178d62b..ba4a287a 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -66,3 +66,10 @@ outputs: heat::api_cloudwatch::bind_host: {get_param: [ServiceNetMap, HeatApiNetwork]} step_config: | include ::tripleo::profile::base::heat::api_cloudwatch + upgrade_tasks: + - name: Stop heat_api_cloudwatch service + tags: step2 + service: name=openstack-heat-api-cloudwatch state=stopped + - name: Start heat_api_cloudwatch service + tags: step6 + service: name=openstack-heat-api state=started diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index a32521c7..7ec9d6d4 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -84,3 +84,10 @@ outputs: heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} heat::keystone::auth::password: {get_param: HeatPassword} heat::keystone::auth::region: {get_param: KeystoneRegion} + upgrade_tasks: + - name: Stop heat_api service + tags: step2 + service: name=openstack-heat-api state=stopped + - name: Start heat_api service + tags: step6 + service: name=openstack-heat-api state=started diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 8faccd2b..6efb0653 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -137,3 +137,13 @@ outputs: keystone: # This is needed because the keystone profile handles creating the domain tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword} + upgrade_tasks: + - name: Stop heat_engine service + tags: step2 + service: name=openstack-heat-engine state=stopped + - name: Sync heat_engine DB + tags: step5 + command: heat-manage --config-file /etc/heat/heat.conf db_sync + - name: Start heat_engine service + tags: step6 + service: name=openstack-heat-engine state=started diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index 91369a99..36ef1ea9 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -40,6 +40,20 @@ parameters: ManilaCephFSNativeCephFSEnableSnapshots: type: boolean default: true + ManilaCephFSDataPoolName: + default: manila_data + type: string + ManilaCephFSMetadataPoolName: + default: manila_metadata + type: string + # (jprovazn) default value is set to assure this templates works with an + # external ceph too (user/key is created only when ceph is deployed by + # TripleO) + CephManilaClientKey: + default: '' + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. + type: string + hidden: true outputs: role_data: @@ -54,4 +68,8 @@ outputs: manila::backend::cephfsnative::cephfs_auth_id: {get_param: ManilaCephFSNativeCephFSAuthId} manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName} manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots} + manila::backend::cephfsnative::ceph_client_key: {get_param: CephManilaClientKey} + ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName} + ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName} + ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName} step_config: diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 0eb16e6a..e24fae7c 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -70,6 +70,9 @@ parameters: tag: openstack.neutron.agent.openvswitch path: /var/log/neutron/openvswitch-agent.log +conditions: + no_firewall_driver: {equals : [{get_param: NeutronOVSFirewallDriver}, '']} + resources: NeutronBase: @@ -104,13 +107,17 @@ outputs: # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver} tripleo.neutron_ovs_agent.firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 '136 neutron gre networks': proto: 'gre' + - + if: + - no_firewall_driver + - {} + - neutron::agents::ml2::ovs::firewall_driver: {get_param: NeutronOVSFirewallDriver} step_config: | include ::tripleo::profile::base::neutron::ovs upgrade_tasks: diff --git a/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml b/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml index afb8cf44..becd25c9 100644 --- a/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml +++ b/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2017-02-24 +heat_template_version: ocata description: > Configure hieradata for Fujitsu C-Fabric plugin configuration diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index d2ca841f..36ac3e08 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -54,6 +54,10 @@ parameters: EnableInternalTLS: type: boolean default: false + NovaDefaultFloatingPool: + default: 'public' + description: Default pool for floating IP addresses + type: string conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} @@ -102,7 +106,7 @@ outputs: nova::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] } nova::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} nova::api::enabled: true - nova::api::default_floating_pool: 'public' + nova::api::default_floating_pool: {get_param: NovaDefaultFloatingPool} nova::api::sync_db_api: true nova::api::enable_proxy_headers_parsing: true nova::api::api_bind_address: diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 1c56fe57..9a5f27c7 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -145,6 +145,17 @@ outputs: - '/nova_api' - '?bind_address=' - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" + nova::placement_database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://nova_placement:' + - {get_param: NovaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/nova_placement' + - '?bind_address=' + - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" nova::debug: {get_param: Debug} nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml new file mode 100644 index 00000000..9b7120d8 --- /dev/null +++ b/puppet/services/nova-placement.yaml @@ -0,0 +1,124 @@ +heat_template_version: ocata + +description: > + OpenStack Nova Placement API service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NovaWorkers: + default: 0 + description: Number of workers for Nova Placement API service. + type: number + NovaPassword: + description: The password for the nova service and db account, used by nova-placement. + type: string + hidden: true + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint + MonitoringSubscriptionNovaPlacement: + default: 'overcloud-nova-placement' + type: string + NovaPlacementLoggingSource: + type: json + default: + tag: openstack.nova.placement + path: /var/log/httpd/nova_placement_wsgi_error_ssl.log + EnableInternalTLS: + type: boolean + default: false + +conditions: + nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} + +resources: + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + + NovaBase: + type: ./nova-base.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for the Nova Placement API service. + value: + service_name: nova_placement + monitoring_subscription: {get_param: MonitoringSubscriptionNovaPlacement} + logging_source: {get_param: NovaPlacementLoggingSource} + logging_groups: + - nova + config_settings: + map_merge: + - get_attr: [NovaBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] + - tripleo.nova_placement.firewall_rules: + '138 nova_placement': + dport: + - 8778 + - 13778 + nova::placement::project_name: 'service' + nova::placement::password: {get_param: NovaPassword} + nova::placement::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + nova::placement::os_region_name: {get_param: KeystoneRegion} + nova::wsgi::apache_placement::api_port: '8778' + nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::wsgi::apache_placement::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} + - + if: + - nova_workers_zero + - {} + - nova::wsgi::apache_placement::workers: {get_param: NovaWorkers} + step_config: | + include tripleo::profile::base::nova::placement + service_config_settings: + keystone: + nova::keystone::auth_placement::tenant: 'service' + nova::keystone::auth_placement::public_url: {get_param: [EndpointMap, NovaPlacementPublic, uri]} + nova::keystone::auth_placement::internal_url: {get_param: [EndpointMap, NovaPlacementInternal, uri]} + nova::keystone::auth_placement::admin_url: {get_param: [EndpointMap, NovaPlacementAdmin, uri]} + nova::keystone::auth_placement::password: {get_param: NovaPassword} + nova::keystone::auth_placement::region: {get_param: KeystoneRegion} + mysql: + map_merge: + - {get_attr: [NovaBase, role_data, service_config_settings, mysql]} + - nova::db::mysql_placement::password: {get_param: NovaPassword} + nova::db::mysql_placement::user: nova_placement + nova::db::mysql_placement::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + nova::db::mysql_placement::dbname: nova_placement + nova::db::mysql_placement::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml index 302628d4..7f81afde 100644 --- a/puppet/services/ovn-dbs.yaml +++ b/puppet/services/ovn-dbs.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: ocata description: > OVN databases configured with puppet diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index af95dbd1..511a01ab 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -53,3 +53,7 @@ outputs: get_param: [ServiceNetMap, MysqlNetwork] step_config: | include ::tripleo::profile::pacemaker::database::mysql + upgrade_tasks: + - name: Check for galera root password + tags: step0 + file: path=/root/.my.cnf state=file diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index da6e3083..737be829 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -33,6 +33,14 @@ outputs: step_config: | include ::tripleo::packages upgrade_tasks: + - name: Check yum for rpm-python present + tags: step0 + yum: "name=rpm-python state=present" + register: rpm_python_check + - name: Fail when rpm-python wasn't present + fail: msg="rpm-python package was not present before this run! Check environment before re-running" + when: rpm_python_check.changed != false + tags: step0 - name: Update all packages tags: step3 yum: name=* state=latest diff --git a/roles_data.yaml b/roles_data.yaml index 8b820665..bbb1ab7a 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -36,7 +36,6 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone - OS::TripleO::Services::GlanceApi - - OS::TripleO::Services::GlanceRegistry - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch @@ -57,6 +56,7 @@ - OS::TripleO::Services::NovaConductor - OS::TripleO::Services::MongoDb - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaConsoleauth @@ -102,6 +102,7 @@ - OS::TripleO::Services::Zaqar - OS::TripleO::Services::OVNDBs - OS::TripleO::Services::NeutronML2FujitsuCfab + - OS::TripleO::Services::CinderHPELeftHandISCSI - name: Compute CountDefault: 1 diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index 08213b68..2759429c 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -9,7 +9,6 @@ - OS::TripleO::Services::Apache - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::GlanceApi - - OS::TripleO::Services::GlanceRegistry - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder @@ -18,6 +17,7 @@ - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaConductor diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index fd1f47de..63e3ce51 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -19,11 +19,41 @@ import yaml required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords'] +envs_containing_endpoint_map = ['tls-endpoints-public-dns.yaml', + 'tls-endpoints-public-ip.yaml', + 'tls-everywhere-endpoints-dns.yaml'] +ENDPOINT_MAP_FILE = 'endpoint_map.yaml' + def exit_usage(): print('Usage %s <yaml file or directory>' % sys.argv[0]) sys.exit(1) +def get_base_endpoint_map(filename): + try: + tpl = yaml.load(open(filename).read()) + return tpl['parameters']['EndpointMap']['default'] + except Exception: + print(traceback.format_exc()) + return None + + +def get_endpoint_map_from_env(filename): + try: + tpl = yaml.load(open(filename).read()) + return { + 'file': filename, + 'map': tpl['parameter_defaults']['EndpointMap'] + } + except Exception: + print(traceback.format_exc()) + return None + + +def validate_endpoint_map(base_map, env_map): + return sorted(base_map.keys()) == sorted(env_map.keys()) + + def validate_mysql_connection(settings): no_op = lambda *args: False error_status = [0] @@ -64,6 +94,10 @@ def validate_mysql_connection(settings): def validate_service(filename, tpl): + if 'heat_template_version' in tpl and not str(tpl['heat_template_version']).isalpha(): + print('ERROR: heat_template_version needs to be the release alias not a date: %s' + % filename) + return 1 if 'outputs' in tpl and 'role_data' in tpl['outputs']: if 'value' not in tpl['outputs']['role_data']: print('ERROR: invalid role_data for filename: %s' @@ -128,6 +162,8 @@ if len(sys.argv) < 2: path_args = sys.argv[1:] exit_val = 0 failed_files = [] +base_endpoint_map = None +env_endpoint_maps = list() for base_path in path_args: if os.path.isdir(base_path): @@ -139,6 +175,12 @@ for base_path in path_args: if failed: failed_files.append(file_path) exit_val |= failed + if f == ENDPOINT_MAP_FILE: + base_endpoint_map = get_base_endpoint_map(file_path) + if f in envs_containing_endpoint_map: + env_endpoint_map = get_endpoint_map_from_env(file_path) + if env_endpoint_map: + env_endpoint_maps.append(env_endpoint_map) elif os.path.isfile(base_path) and base_path.endswith('.yaml'): failed = validate(base_path) if failed: @@ -148,6 +190,30 @@ for base_path in path_args: print('Unexpected argument %s' % base_path) exit_usage() +if base_endpoint_map and \ + len(env_endpoint_maps) == len(envs_containing_endpoint_map): + for env_endpoint_map in env_endpoint_maps: + matches = validate_endpoint_map(base_endpoint_map, + env_endpoint_map['map']) + if not matches: + print("ERROR: %s doesn't match base endpoint map" % + env_endpoint_map['file']) + failed_files.append(env_endpoint_map['file']) + exit_val |= 1 + else: + print("%s matches base endpoint map" % env_endpoint_map['file']) +else: + print("ERROR: Can't validate endpoint maps since a file is missing. " + "If you meant to delete one of these files you should update this " + "tool as well.") + if not base_endpoint_map: + failed_files.append(ENDPOINT_MAP_FILE) + if len(env_endpoint_maps) != len(envs_containing_endpoint_map): + matched_files = set(os.path.basename(matched_env_file['file']) + for matched_env_file in env_endpoint_maps) + failed_files.extend(set(envs_containing_endpoint_map) - matched_files) + exit_val |= 1 + if failed_files: print('Validation failed on:') for f in failed_files: |