summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ci/environments/multinode.yaml2
-rw-r--r--ci/environments/scenario003-multinode-containers.yaml10
-rw-r--r--docker/services/collectd.yaml20
-rw-r--r--docker/services/database/mysql-client.yaml66
-rw-r--r--docker/services/ironic-api.yaml9
-rw-r--r--docker/services/manila-api.yaml38
-rw-r--r--environments/docker.yaml1
-rw-r--r--extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml25
-rw-r--r--extraconfig/pre_network/config_then_reboot.yaml24
-rw-r--r--extraconfig/pre_network/host_config_and_reboot.role.j2.yaml23
-rw-r--r--extraconfig/pre_network/host_config_and_reboot.yaml23
-rw-r--r--extraconfig/tasks/ssh/host_public_key.yaml8
-rwxr-xr-xnetwork/scripts/run-os-net-config.sh2
-rw-r--r--network/service_net_map.j2.yaml2
-rw-r--r--puppet/blockstorage-role.yaml14
-rw-r--r--puppet/cephstorage-role.yaml17
-rw-r--r--puppet/compute-role.yaml17
-rw-r--r--puppet/controller-role.yaml17
-rw-r--r--puppet/deploy-artifacts.sh2
-rw-r--r--puppet/objectstorage-role.yaml14
-rw-r--r--puppet/role.role.j2.yaml17
-rw-r--r--puppet/services/database/mysql.yaml13
-rw-r--r--puppet/services/database/redis.yaml20
-rw-r--r--puppet/services/horizon.yaml1
-rw-r--r--puppet/services/ironic-api.yaml31
-rw-r--r--puppet/services/pacemaker/database/mysql.yaml7
-rw-r--r--releasenotes/notes/fix-glance-api-network-4f9d7c20475a5994.yaml3
27 files changed, 205 insertions, 221 deletions
diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml
index 20e37e37..102787a6 100644
--- a/ci/environments/multinode.yaml
+++ b/ci/environments/multinode.yaml
@@ -52,6 +52,8 @@ parameter_defaults:
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::Horizon
+ - OS::TripleO::Services::TripleoFirewall
- OS::TripleO::Services::Sshd
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
diff --git a/ci/environments/scenario003-multinode-containers.yaml b/ci/environments/scenario003-multinode-containers.yaml
index cfb05077..7b917aef 100644
--- a/ci/environments/scenario003-multinode-containers.yaml
+++ b/ci/environments/scenario003-multinode-containers.yaml
@@ -6,11 +6,11 @@
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
- OS::TripleO::Services::SaharaApi: ../../puppet/services/sahara-api.yaml
- OS::TripleO::Services::SaharaEngine: ../../puppet/services/sahara-engine.yaml
- OS::TripleO::Services::MistralApi: ../../puppet/services/mistral-api.yaml
- OS::TripleO::Services::MistralEngine: ../../puppet/services/mistral-engine.yaml
- OS::TripleO::Services::MistralExecutor: ../../puppet/services/mistral-executor.yaml
+ OS::TripleO::Services::SaharaApi: ../../docker/services/sahara-api.yaml
+ OS::TripleO::Services::SaharaEngine: ../../docker/services/sahara-engine.yaml
+ OS::TripleO::Services::MistralApi: ../../docker/services/mistral-api.yaml
+ OS::TripleO::Services::MistralEngine: ../../docker/services/mistral-engine.yaml
+ OS::TripleO::Services::MistralExecutor: ../../docker/services/mistral-executor.yaml
# NOTE: This is needed because of upgrades from Ocata to Pike. We
# deploy the initial environment with Ocata templates, and
# overcloud-resource-registry.yaml there doesn't have this Docker
diff --git a/docker/services/collectd.yaml b/docker/services/collectd.yaml
index 7354898b..6c58a589 100644
--- a/docker/services/collectd.yaml
+++ b/docker/services/collectd.yaml
@@ -55,7 +55,11 @@ outputs:
description: Role data for the collectd role.
value:
service_name: {get_attr: [CollectdBase, role_data, service_name]}
- config_settings: {get_attr: [CollectdBase, role_data, config_settings]}
+ config_settings:
+ map_merge:
+ - get_attr: [CollectdBase, role_data, config_settings]
+ - tripleo::profile::base::metrics::collectd::enable_file_logging: true
+ collectd::plugin::logfile::log_file: /var/log/collectd/collectd.log
step_config: &step_config
get_attr: [CollectdBase, role_data, step_config]
service_config_settings: {get_attr: [CollectdBase, role_data, service_config_settings]}
@@ -71,6 +75,10 @@ outputs:
kolla_config:
/var/lib/kolla/config_files/collectd.json:
command: /usr/sbin/collectd -f
+ permissions:
+ - path: /var/log/collectd
+ owner: collectd:collectd
+ recurse: true
docker_config:
step_3:
collectd:
@@ -84,11 +92,17 @@ outputs:
-
- /var/run/docker.sock:/var/run/docker.sock:rw
- /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/collectd/etc/collectd/:/etc/collectd/:ro
+ - /var/lib/config-data/collectd/etc/collectd.conf:/etc/collectd.conf:ro
+ - /var/lib/config-data/collectd/etc/collectd.d:/etc/collectd.d:ro
+ - /var/log/containers/collectd:/var/log/collectd:rw
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/collectd
+ state: directory
upgrade_tasks:
- name: Stop and disable collectd service
tags: step2
service: name=collectd.service state=stopped enabled=no
-
diff --git a/docker/services/database/mysql-client.yaml b/docker/services/database/mysql-client.yaml
new file mode 100644
index 00000000..b0ad3760
--- /dev/null
+++ b/docker/services/database/mysql-client.yaml
@@ -0,0 +1,66 @@
+heat_template_version: pike
+
+description: >
+ Configuration for containerized MySQL clients
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMysqlImage:
+ description: image
+ default: 'centos-binary-mariadb:latest'
+ type: string
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
+
+outputs:
+ role_data:
+ description: Role for setting mysql client parameters
+ value:
+ service_name: mysql_client
+ config_settings:
+ tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]}
+ tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS}
+ tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile}
+ # BEGIN DOCKER SETTINGS #
+ step_config: ""
+ puppet_config:
+ config_volume: mysql_client
+ puppet_tags: file # set this even though file is the default
+ step_config: "include ::tripleo::profile::base::database::mysql::client"
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ]
+ # no need for a docker config, this service only generates configuration files
+ docker_config: {}
diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml
index a32176af..1c8aa5bd 100644
--- a/docker/services/ironic-api.yaml
+++ b/docker/services/ironic-api.yaml
@@ -61,6 +61,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [IronicApiBase, role_data, config_settings]
+ - apache::default_vhost: false
step_config: &step_config
get_attr: [IronicApiBase, role_data, step_config]
service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]}
@@ -75,7 +76,7 @@ outputs:
- [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ]
kolla_config:
/var/lib/kolla/config_files/ironic_api.json:
- command: /usr/bin/ironic-api
+ command: /usr/sbin/httpd -DFOREGROUND
permissions:
- path: /var/log/ironic
owner: ironic:ironic
@@ -113,7 +114,7 @@ outputs:
start_order: 10
image: *ironic_image
net: host
- privileged: false
+ user: root
restart: always
volumes:
list_concat:
@@ -121,6 +122,10 @@ outputs:
-
- /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro
+ - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
+ - /var/lib/config-data/ironic/var/www/:/var/www/:ro
- /var/log/containers/ironic:/var/log/ironic
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml
index 47d0f579..a203d436 100644
--- a/docker/services/manila-api.yaml
+++ b/docker/services/manila-api.yaml
@@ -14,7 +14,8 @@ parameters:
type: string
DockerManilaConfigImage:
description: image
- default: 'centos-binary-manila-base:latest'
+ default: 'centos-binary-manila-api:latest'
+ type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -40,6 +41,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
ManilaApiPuppetBase:
type: ../../puppet/services/manila-api.yaml
properties:
@@ -73,20 +77,27 @@ outputs:
owner: manila:manila
recurse: true
docker_config:
- step_3:
- manila_api_db_sync:
- user: root
+ step_2:
+ manila_init_logs:
image: &manila_api_image
list_join:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerManilaApiImage} ]
+ user: root
+ volumes:
+ - /var/log/containers/manila:/var/log/manila
+ command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R manila:manila /var/log/manila']
+ step_3:
+ manila_api_db_sync:
+ user: root
+ image: *manila_api_image
net: host
detach: false
volumes:
- - /var/lib/config-data/manila/etc/manila/:/etc/manila:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - logs:/var/log
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
+ - /var/log/containers/manila:/var/log/manila
command: "/usr/bin/bootstrap_host_exec manila_api su manila -s /bin/bash -c '/usr/bin/manila-manage db sync'"
step_4:
manila_api:
@@ -94,11 +105,12 @@ outputs:
net: host
restart: always
volumes:
- - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /var/log/containers/manila:/var/log/manila
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro
+ - /var/log/containers/manila:/var/log/manila
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
diff --git a/environments/docker.yaml b/environments/docker.yaml
index 6a5ec87a..3ddc7e3a 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -30,6 +30,7 @@ resource_registry:
OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
+ OS::TripleO::Services::MySQLClient: ../docker/services/database/mysql-client.yaml
OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml
OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml
diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
index fb0d1699..96632bc2 100644
--- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
+++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
@@ -59,19 +59,6 @@ parameters:
description: |
When enabled, the system will perform a yum update after performing the
RHEL Registration process.
- deployment_actions:
- default: ['CREATE', 'UPDATE']
- type: comma_delimited_list
- description: >
- List of stack actions that will trigger any deployments in this
- templates. The actions will be an empty list of the server is in the
- toplevel DeploymentServerBlacklist parameter's value.
-
-conditions:
- deployment_actions_empty:
- equals:
- - {get_param: deployment_actions}
- - []
resources:
@@ -149,11 +136,7 @@ resources:
name: RHELUnregistrationDeployment
server: {get_param: server}
config: {get_resource: RHELUnregistration}
- actions:
- if:
- - deployment_actions_empty
- - []
- - ['DELETE'] # Only do this on DELETE
+ actions: ['DELETE'] # Only do this on DELETE
input_values:
REG_METHOD: {get_param: rhel_reg_method}
@@ -186,11 +169,7 @@ resources:
name: UpdateDeploymentAfterRHELRegistration
config: {get_resource: YumUpdateConfigurationAfterRHELRegistration}
server: {get_param: server}
- actions:
- if:
- - deployment_actions_empty
- - []
- - ['CREATE'] # Only do this on CREATE
+ actions: ['CREATE'] # Only do this on CREATE
outputs:
deploy_stdout:
diff --git a/extraconfig/pre_network/config_then_reboot.yaml b/extraconfig/pre_network/config_then_reboot.yaml
index 79cb7cbc..48ba5263 100644
--- a/extraconfig/pre_network/config_then_reboot.yaml
+++ b/extraconfig/pre_network/config_then_reboot.yaml
@@ -7,19 +7,6 @@ description: >
parameters:
server:
type: string
- deployment_actions:
- default: ['CREATE', 'UPDATE']
- type: comma_delimited_list
- description: >
- List of stack actions that will trigger any deployments in this
- templates. The actions will be an empty list of the server is in the
- toplevel DeploymentServerBlacklist parameter's value.
-
-conditions:
- deployment_actions_empty:
- equals:
- - {get_param: deployment_actions}
- - []
resources:
@@ -37,11 +24,6 @@ resources:
name: SomeDeployment
server: {get_param: server}
config: {get_resource: SomeConfig}
- actions:
- if:
- - deployment_actions_empty
- - []
- - ['CREATE'] # Only do this on CREATE
actions: ['CREATE'] # Only do this on CREATE
RebootConfig:
@@ -62,9 +44,5 @@ resources:
name: RebootDeployment
server: {get_param: server}
config: {get_resource: RebootConfig}
- actions:
- if:
- - deployment_actions_empty
- - []
- - ['CREATE'] # Only do this on CREATE
+ actions: ['CREATE'] # Only do this on CREATE
signal_transport: NO_SIGNAL
diff --git a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml
index fe52ef7e..41d8f4f6 100644
--- a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml
+++ b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml
@@ -19,13 +19,6 @@ parameters:
{{role}}HostCpusList:
type: string
default: ""
- deployment_actions:
- default: ['CREATE', 'UPDATE']
- type: comma_delimited_list
- description: >
- List of stack actions that will trigger any deployments in this
- templates. The actions will be an empty list of the server is in the
- toplevel DeploymentServerBlacklist parameter's value.
parameter_group:
- label: deprecated
@@ -45,10 +38,6 @@ conditions:
equals:
- get_param: {{role}}TunedProfileName
- ""
- deployment_actions_empty:
- equals:
- - {get_param: deployment_actions}
- - []
resources:
@@ -73,11 +62,7 @@ resources:
name: HostParametersDeployment
server: {get_param: server}
config: {get_resource: HostParametersConfig}
- actions:
- if:
- - deployment_actions_empty
- - []
- - ['CREATE'] # Only do this on CREATE
+ actions: ['CREATE'] # Only do this on CREATE
input_values:
_KERNEL_ARGS_: {get_param: {{role}}KernelArgs}
_TUNED_PROFILE_NAME_: {get_param: {{role}}TunedProfileName}
@@ -103,11 +88,7 @@ resources:
name: RebootDeployment
server: {get_param: server}
config: {get_resource: RebootConfig}
- actions:
- if:
- - deployment_actions_empty
- - []
- - ['CREATE'] # Only do this on CREATE
+ actions: ['CREATE'] # Only do this on CREATE
signal_transport: NO_SIGNAL
outputs:
diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml
index 21309dd5..74e716ad 100644
--- a/extraconfig/pre_network/host_config_and_reboot.yaml
+++ b/extraconfig/pre_network/host_config_and_reboot.yaml
@@ -11,20 +11,9 @@ parameters:
type: json
description: Role Specific parameters
default: {}
- deployment_actions:
- default: ['CREATE', 'UPDATE']
- type: comma_delimited_list
- description: >
- List of stack actions that will trigger any deployments in this
- templates. The actions will be an empty list of the server is in the
- toplevel DeploymentServerBlacklist parameter's value.
conditions:
is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}}
- deployment_actions_empty:
- equals:
- - {get_param: deployment_actions}
- - []
resources:
HostParametersConfig:
@@ -48,11 +37,7 @@ resources:
name: HostParametersDeployment
server: {get_param: server}
config: {get_resource: HostParametersConfig}
- actions:
- if:
- - deployment_actions_empty
- - []
- - ['CREATE'] # Only do this on CREATE
+ actions: ['CREATE'] # Only do this on CREATE
input_values:
_KERNEL_ARGS_: {get_param: [RoleParameters, KernelArgs]}
_TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]}
@@ -78,11 +63,7 @@ resources:
name: RebootDeployment
server: {get_param: server}
config: {get_resource: RebootConfig}
- actions:
- if:
- - deployment_actions_empty
- - []
- - ['CREATE'] # Only do this on CREATE
+ actions: ['CREATE'] # Only do this on CREATE
signal_transport: NO_SIGNAL
outputs:
diff --git a/extraconfig/tasks/ssh/host_public_key.yaml b/extraconfig/tasks/ssh/host_public_key.yaml
index 02fdbf1c..e4ba0cc4 100644
--- a/extraconfig/tasks/ssh/host_public_key.yaml
+++ b/extraconfig/tasks/ssh/host_public_key.yaml
@@ -7,13 +7,6 @@ parameters:
server:
description: ID of the node to apply this config to
type: string
- deployment_actions:
- default: ['CREATE', 'UPDATE']
- type: comma_delimited_list
- description: >
- List of stack actions that will trigger any deployments in this
- templates. The actions will be an empty list of the server is in the
- toplevel DeploymentServerBlacklist parameter's value.
resources:
SshHostPubKeyConfig:
@@ -35,7 +28,6 @@ resources:
properties:
config: {get_resource: SshHostPubKeyConfig}
server: {get_param: server}
- actions: {get_param: deployment_actions}
outputs:
diff --git a/network/scripts/run-os-net-config.sh b/network/scripts/run-os-net-config.sh
index 8fe2d270..864da24b 100755
--- a/network/scripts/run-os-net-config.sh
+++ b/network/scripts/run-os-net-config.sh
@@ -110,7 +110,7 @@ EOF_CAT
}
if [ -n '$network_config' ]; then
- if [ -z "${disable_configure_safe_defaults:-''}" ]; then
+ if [ -z "${disable_configure_safe_defaults:-}" ]; then
trap configure_safe_defaults EXIT
fi
diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml
index d3d8cbdb..ba8e5568 100644
--- a/network/service_net_map.j2.yaml
+++ b/network/service_net_map.j2.yaml
@@ -42,7 +42,7 @@ parameters:
CinderApiNetwork: internal_api
CinderIscsiNetwork: storage
CongressApiNetwork: internal_api
- GlanceApiNetwork: storage
+ GlanceApiNetwork: internal_api
IronicApiNetwork: ctlplane
IronicNetwork: ctlplane
IronicInspectorNetwork: ctlplane
diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml
index 95dcf0b5..551a88ca 100644
--- a/puppet/blockstorage-role.yaml
+++ b/puppet/blockstorage-role.yaml
@@ -377,7 +377,6 @@ resources:
properties:
server: {get_resource: BlockStorage}
RoleParameters: {get_param: RoleParameters}
- deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -486,9 +485,6 @@ resources:
NodeExtraConfig:
depends_on: NodeTLSCAData
type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
properties:
server: {get_resource: BlockStorage}
@@ -511,21 +507,11 @@ resources:
- ['CREATE', 'UPDATE']
- []
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: BlockStorageDeployment
properties:
server: {get_resource: BlockStorage}
- deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml
index 6674a8ac..4336f3e7 100644
--- a/puppet/cephstorage-role.yaml
+++ b/puppet/cephstorage-role.yaml
@@ -383,7 +383,6 @@ resources:
properties:
server: {get_resource: CephStorage}
RoleParameters: {get_param: RoleParameters}
- deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -490,9 +489,6 @@ resources:
CephStorageExtraConfigPre:
depends_on: CephStorageDeployment
type: OS::TripleO::CephStorageExtraConfigPre
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
properties:
server: {get_resource: CephStorage}
@@ -501,9 +497,6 @@ resources:
NodeExtraConfig:
depends_on: [CephStorageExtraConfigPre, NodeTLSCAData]
type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
properties:
server: {get_resource: CephStorage}
@@ -525,21 +518,11 @@ resources:
- ['CREATE', 'UPDATE']
- []
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: CephStorageDeployment
properties:
server: {get_resource: CephStorage}
- deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml
index 37eb98d1..7bcee47d 100644
--- a/puppet/compute-role.yaml
+++ b/puppet/compute-role.yaml
@@ -386,7 +386,6 @@ resources:
properties:
server: {get_resource: NovaCompute}
RoleParameters: {get_param: RoleParameters}
- deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkConfig:
type: OS::TripleO::Compute::Net::SoftwareConfig
@@ -513,9 +512,6 @@ resources:
ComputeExtraConfigPre:
depends_on: NovaComputeDeployment
type: OS::TripleO::ComputeExtraConfigPre
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
properties:
server: {get_resource: NovaCompute}
@@ -524,9 +520,6 @@ resources:
NodeExtraConfig:
depends_on: [ComputeExtraConfigPre, NodeTLSCAData]
type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
properties:
server: {get_resource: NovaCompute}
@@ -549,21 +542,11 @@ resources:
update_identifier:
get_param: UpdateIdentifier
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: NovaComputeDeployment
properties:
server: {get_resource: NovaCompute}
- deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml
index 01f54df0..6a032656 100644
--- a/puppet/controller-role.yaml
+++ b/puppet/controller-role.yaml
@@ -406,7 +406,6 @@ resources:
properties:
server: {get_resource: Controller}
RoleParameters: {get_param: RoleParameters}
- deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkConfig:
type: OS::TripleO::Controller::Net::SoftwareConfig
@@ -553,9 +552,6 @@ resources:
ControllerExtraConfigPre:
depends_on: ControllerDeployment
type: OS::TripleO::ControllerExtraConfigPre
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
properties:
server: {get_resource: Controller}
@@ -564,9 +560,6 @@ resources:
NodeExtraConfig:
depends_on: [ControllerExtraConfigPre, NodeTLSData]
type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
properties:
server: {get_resource: Controller}
@@ -589,21 +582,11 @@ resources:
update_identifier:
get_param: UpdateIdentifier
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: ControllerDeployment
properties:
server: {get_resource: Controller}
- deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/deploy-artifacts.sh b/puppet/deploy-artifacts.sh
index 4e1ad89f..6e7f0ec1 100644
--- a/puppet/deploy-artifacts.sh
+++ b/puppet/deploy-artifacts.sh
@@ -16,7 +16,7 @@ if [ -n "$artifact_urls" ]; then
tar xvzf $TMP_DATA/file_data
popd
else
- echo "ERROR: Unsupported file format."
+ echo "ERROR: Unsupported file format: $URL"
exit 1
fi
rm $TMP_DATA/file_data
diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml
index e6348420..40a5d441 100644
--- a/puppet/objectstorage-role.yaml
+++ b/puppet/objectstorage-role.yaml
@@ -377,7 +377,6 @@ resources:
properties:
server: {get_resource: SwiftStorage}
RoleParameters: {get_param: RoleParameters}
- deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -486,9 +485,6 @@ resources:
NodeExtraConfig:
depends_on: NodeTLSCAData
type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
properties:
server: {get_resource: SwiftStorage}
@@ -510,21 +506,11 @@ resources:
- ['CREATE', 'UPDATE']
- []
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: SwiftStorageHieraDeploy
properties:
server: {get_resource: SwiftStorage}
- deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index 3be2861c..320bf991 100644
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -399,7 +399,6 @@ resources:
properties:
server: {get_resource: {{role}}}
RoleParameters: {get_param: RoleParameters}
- deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
@@ -512,9 +511,6 @@ resources:
{{role}}ExtraConfigPre:
depends_on: {{role}}Deployment
type: OS::TripleO::{{role}}ExtraConfigPre
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
properties:
server: {get_resource: {{role}}}
@@ -523,9 +519,6 @@ resources:
NodeExtraConfig:
depends_on: [{{role}}ExtraConfigPre, NodeTLSCAData]
type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
properties:
server: {get_resource: {{role}}}
@@ -548,21 +541,11 @@ resources:
- ['CREATE', 'UPDATE']
- []
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: {{role}}Deployment
properties:
server: {get_resource: {{role}}}
- deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml
index 2bde9033..882ba299 100644
--- a/puppet/services/database/mysql.yaml
+++ b/puppet/services/database/mysql.yaml
@@ -118,6 +118,16 @@ outputs:
template: "%{hiera('cloud_name_NETWORK')}"
params:
NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ dnsnames:
+ - str_replace:
+ template: "%{hiera('cloud_name_NETWORK')}"
+ params:
+ NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
+ - str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, MysqlNetwork]}
principal:
str_replace:
template: "mysql/%{hiera('cloud_name_NETWORK')}"
@@ -132,6 +142,9 @@ outputs:
- service: mysql
network: {get_param: [ServiceNetMap, MysqlNetwork]}
type: vip
+ - service: mysql
+ network: {get_param: [ServiceNetMap, MysqlNetwork]}
+ type: node
- null
upgrade_tasks:
- name: Check for galera root password
diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml
index df406a8c..9567a73f 100644
--- a/puppet/services/database/redis.yaml
+++ b/puppet/services/database/redis.yaml
@@ -52,3 +52,23 @@ outputs:
- 26379
step_config: |
include ::tripleo::profile::base::database::redis
+ upgrade_tasks:
+ - name: Check if redis is deployed
+ command: systemctl is-enabled redis
+ tags: common
+ ignore_errors: True
+ register: redis_enabled
+ - name: "PreUpgrade step0,validation: Check if redis is running"
+ shell: >
+ /usr/bin/systemctl show 'redis' --property ActiveState |
+ grep '\bactive\b'
+ when: redis_enabled.rc == 0
+ tags: step0,validation
+ - name: Stop redis service
+ tags: step1
+ when: redis_enabled.rc == 0
+ service: name=redis state=stopped
+ - name: Install redis package if it was disabled
+ tags: step3
+ yum: name=redis state=latest
+ when: redis_enabled.rc != 0
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 092d0720..1f97b8ba 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -89,7 +89,6 @@ outputs:
horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache
horizon::django_session_engine: 'django.contrib.sessions.backends.cache'
horizon::vhost_extra_params:
- add_listen: false
priority: 10
access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
options: ['FollowSymLinks','MultiViews']
diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml
index 945033a1..0e8eacf1 100644
--- a/puppet/services/ironic-api.yaml
+++ b/puppet/services/ironic-api.yaml
@@ -43,8 +43,21 @@ parameters:
e.g. { ironic-context_is_admin: { key: context_is_admin, value: 'role:admin' } }
default: {}
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
resources:
+ ApacheServiceBase:
+ type: ./apache.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
+
IronicBase:
type: ./ironic-base.yaml
properties:
@@ -63,6 +76,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [IronicBase, role_data, config_settings]
+ - get_attr: [ApacheServiceBase, role_data, config_settings]
- ironic::api::authtoken::password: {get_param: IronicPassword}
ironic::api::authtoken::project_name: 'service'
ironic::api::authtoken::user_domain_name: 'Default'
@@ -80,7 +94,17 @@ outputs:
ironic::api::port: {get_param: [EndpointMap, IronicInternal, port]}
# This is used to build links in responses
ironic::api::public_endpoint: {get_param: [EndpointMap, IronicPublic, uri_no_suffix]}
+ ironic::api::service_name: 'httpd'
ironic::policy::policies: {get_param: IronicApiPolicies}
+ ironic::wsgi::apache::bind_host: {get_param: [ServiceNetMap, IronicApiNetwork]}
+ ironic::wsgi::apache::port: {get_param: [EndpointMap, IronicInternal, port]}
+ ironic::wsgi::apache::servername:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, IronicApiNetwork]}
+ ironic::wsgi::apache::ssl: {get_param: EnableInternalTLS}
tripleo.ironic_api.firewall_rules:
'133 ironic api':
dport:
@@ -106,6 +130,9 @@ outputs:
- '%'
- "%{hiera('mysql_bind_host')}"
upgrade_tasks:
- - name: Stop ironic_api service
+ - name: Stop ironic_api service (before httpd support)
+ tags: step1
+ service: name=openstack-ironic-api state=stopped enabled=no
+ - name: Stop ironic_api service (running under httpd)
tags: step1
- service: name=openstack-ironic-api state=stopped
+ service: name=httpd state=stopped
diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml
index d8e942d0..0a7659e0 100644
--- a/puppet/services/pacemaker/database/mysql.yaml
+++ b/puppet/services/pacemaker/database/mysql.yaml
@@ -27,6 +27,11 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
resources:
@@ -61,6 +66,8 @@ outputs:
# internal_api_subnet - > IP/CIDR
tripleo::profile::pacemaker::database::mysql::gmcast_listen_addr:
get_param: [ServiceNetMap, MysqlNetwork]
+ tripleo::profile::pacemaker::database::mysql::ca_file:
+ get_param: InternalTLSCAFile
step_config: |
include ::tripleo::profile::pacemaker::database::mysql
metadata_settings:
diff --git a/releasenotes/notes/fix-glance-api-network-4f9d7c20475a5994.yaml b/releasenotes/notes/fix-glance-api-network-4f9d7c20475a5994.yaml
new file mode 100644
index 00000000..18474cf3
--- /dev/null
+++ b/releasenotes/notes/fix-glance-api-network-4f9d7c20475a5994.yaml
@@ -0,0 +1,3 @@
+---
+fixes:
+ - Incorrect network used for Glance API service.