diff options
450 files changed, 9573 insertions, 5274 deletions
@@ -64,80 +64,82 @@ Service testing matrix The configuration for the CI scenarios will be defined in `tripleo-heat-templates/ci/` and should be executed according to the following table: -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| - | scenario001 | scenario002 | scenario003 | scenario004 | multinode-nonha | -+================+=============+=============+=============+=============+=================+ -| keystone | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| glance | rbd | swift | file | swift + rbd | swift | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| cinder | rbd | iscsi | | | iscsi | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| heat | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| mysql | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| neutron | ovs | ovs | ovs | ovs | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| neutron-bgpvpn | | | | X | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| neutron-l2gw | | | | X | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| rabbitmq | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| mongodb | X | X | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| redis | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| haproxy | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| keepalived | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| memcached | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| pacemaker | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| nova | qemu | qemu | qemu | qemu | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| ntp | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| snmp | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| timezone | X | X | X | X | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| sahara | | | X | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| mistral | | | X | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| swift | | X | | | X | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| aodh | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| ceilometer | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| gnocchi | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| panko | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| barbican | | X | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| zaqar | | X | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| ec2api | | X | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| cephrgw | | X | | X | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| tacker | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| congress | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| cephmds | | | | X | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| manila | | | | X | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| collectd | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| fluentd | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ -| sensu-client | X | | | | | -+----------------+-------------+-------------+-------------+-------------+-----------------+ ++----------------+-------------+-------------+-------------+-------------+-----------------++-------------+ +| - | scenario001 | scenario002 | scenario003 | scenario004 | multinode-nonha | scenario007 | ++================+=============+=============+=============+=============+=================+==============+ +| keystone | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| glance | rbd | swift | file | swift + rbd | swift | file | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| cinder | rbd | iscsi | | | iscsi | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| heat | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| mysql | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| neutron | ovs | ovs | ovs | ovs | X | ovn | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| neutron-bgpvpn | | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| ovn | | | | | | X | ++---------------------------------------------------------------------------------------------------------+ +| neutron-l2gw | | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| rabbitmq | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| mongodb | X | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| redis | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| haproxy | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| keepalived | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| memcached | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| pacemaker | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| nova | qemu | qemu | qemu | qemu | X | qemu | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| ntp | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| snmp | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| timezone | X | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| sahara | | | X | | | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| mistral | | | X | | | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| swift | | X | | | X | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| aodh | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| ceilometer | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| gnocchi | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| panko | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| barbican | | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| zaqar | | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| ec2api | | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| cephrgw | | X | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| tacker | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| congress | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| cephmds | | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| manila | | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| collectd | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| fluentd | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ +| sensu-client | X | | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+ @@ -1,2 +1,4 @@ # This is a cross-platform list tracking distribution packages needed by tests; # see http://docs.openstack.org/infra/bindep/ for additional information. +libssl-dev [platform:dpkg] +openssl-devel [platform:rpm] diff --git a/capabilities-map.yaml b/capabilities-map.yaml index 1fe7790d..decac6bb 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -305,6 +305,11 @@ topics: description: Enables Neutron BGPVPN Service Plugin requires: - overcloud-resource-registry-puppet.yaml + - file: environments/services/neutron-lbaasv2.yaml + title: Neutron LBaaSv2 Service Plugin + description: Enables Neutron LBaaSv2 Service Plugin and Agent + requires: + - overcloud-resource-registry-puppet.yaml - file: environments/neutron-ml2-bigswitch.yaml title: BigSwitch Extensions description: > @@ -446,6 +451,13 @@ topics: configured via puppet requires: - overcloud-resource-registry-puppet.yaml + - file: environments/cinder-veritas-hyperscale-config.yaml + title: Cinder Veritas HyperScale backend + description: > + Enables a Cinder Veritas HyperScale backend, + configured via puppet + requires: + - overcloud-resource-registry-puppet.yaml - title: Ceph description: > Enable the use of Ceph in the overcloud diff --git a/ci/common/all-nodes-validation-disabled.yaml b/ci/common/all-nodes-validation-disabled.yaml new file mode 100644 index 00000000..5b676420 --- /dev/null +++ b/ci/common/all-nodes-validation-disabled.yaml @@ -0,0 +1,43 @@ +heat_template_version: pike + +description: > + Software Config to drive validations that occur on all nodes. + Note, you need the heat-config-script element built into your + images, due to the script group below. + + This implementation of the validations is a noop that always reports success. + +parameters: + PingTestIps: + default: '' + description: A string containing a space separated list of IP addresses used to ping test each available network interface. + type: string + ValidateFqdn: + default: false + description: Optional validation to ensure FQDN as set by Nova matches the name set in /etc/hosts. + type: boolean + ValidateNtp: + default: true + description: Validation to ensure at least one time source is accessible. + type: boolean + +resources: + AllNodesValidationsImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: ping_test_ips + default: {get_param: PingTestIps} + - name: validate_fqdn + default: {get_param: ValidateFqdn} + - name: validate_ntp + default: {get_param: ValidateNtp} + config: | + #!/bin/bash + exit 0 + +outputs: + OS::stack_id: + description: The ID of the AllNodesValidationsImpl resource. + value: {get_resource: AllNodesValidationsImpl} diff --git a/ci/environments/README.rst b/ci/environments/README.rst new file mode 100644 index 00000000..4a3cb9d9 --- /dev/null +++ b/ci/environments/README.rst @@ -0,0 +1,4 @@ +This directory contains environments that are used in tripleo-ci. They may change from +release to release or within a release, and should not be relied upon in a production +environment. The top-level ``environments`` directory in tripleo-heat-templates +contains the production-ready environment files. diff --git a/ci/environments/ceph-min-osds.yaml b/ci/environments/ceph-min-osds.yaml new file mode 100644 index 00000000..4e72d313 --- /dev/null +++ b/ci/environments/ceph-min-osds.yaml @@ -0,0 +1,2 @@ +parameter_defaults: + CephPoolDefaultSize: 1 diff --git a/ci/environments/multinode-3nodes.yaml b/ci/environments/multinode-3nodes.yaml index ef51a779..e040b015 100644 --- a/ci/environments/multinode-3nodes.yaml +++ b/ci/environments/multinode-3nodes.yaml @@ -55,8 +55,10 @@ - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid - name: Controller CountDefault: 1 @@ -79,3 +81,4 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml index 89970419..7768c4f0 100644 --- a/ci/environments/multinode-containers.yaml +++ b/ci/environments/multinode-containers.yaml @@ -13,6 +13,10 @@ resource_registry: # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can # remove this. OS::TripleO::Services::Docker: OS::Heat::None + # Some infra instances don't pass the ping test but are otherwise working. + # Since the OVB jobs also test this functionality we can shut it off here. + OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml + OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None parameter_defaults: ControllerServices: @@ -56,7 +60,9 @@ parameter_defaults: - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu @@ -68,3 +74,4 @@ parameter_defaults: ceph::profile::params::osd_max_object_namespace_len: 64 SwiftCeilometerPipelineEnabled: False Debug: True + NotificationDriver: 'noop' diff --git a/ci/environments/multinode-core.yaml b/ci/environments/multinode-core.yaml index b5316f1b..0dd59e96 100644 --- a/ci/environments/multinode-core.yaml +++ b/ci/environments/multinode-core.yaml @@ -21,6 +21,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. resources: diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml index 102787a6..2b25e58e 100644 --- a/ci/environments/multinode.yaml +++ b/ci/environments/multinode.yaml @@ -10,6 +10,9 @@ resource_registry: OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml + # Some infra instances don't pass the ping test but are otherwise working. + # Since the OVB jobs also test this functionality we can shut it off here. + OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml parameter_defaults: ControllerServices: @@ -54,7 +57,9 @@ parameter_defaults: - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::Horizon - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu @@ -66,3 +71,4 @@ parameter_defaults: ceph::profile::params::osd_max_object_namespace_len: 64 SwiftCeilometerPipelineEnabled: False Debug: True + NotificationDriver: 'noop' diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml index 609e06ff..d8f71414 100644 --- a/ci/environments/multinode_major_upgrade.yaml +++ b/ci/environments/multinode_major_upgrade.yaml @@ -54,9 +54,11 @@ parameter_defaults: - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::Horizon - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu @@ -65,3 +67,4 @@ parameter_defaults: heat::rpc_response_timeout: 600 SwiftCeilometerPipelineEnabled: False Debug: True + NotificationDriver: 'noop' diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index c142922a..73dc5b14 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -6,21 +6,27 @@ resource_registry: OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + # TODO deploy ceph with ceph-ansible: https://review.openstack.org/#/c/465066/ OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml - OS::TripleO::Services::PankoApi: ../../puppet/services/panko-api.yaml - OS::TripleO::Services::Collectd: ../../puppet/services/metrics/collectd.yaml - OS::TripleO::Services::Tacker: ../../puppet/services/tacker.yaml - OS::TripleO::Services::Congress: ../../puppet/services/congress.yaml + OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml + OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml + OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml + OS::TripleO::Services::Congress: ../../docker/services/congress.yaml + # TODO fluentd is being containerized: https://review.openstack.org/#/c/467072/ OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml - OS::TripleO::Services::SensuClient: ../../puppet/services/monitoring/sensu-client.yaml + OS::TripleO::Services::SensuClient: ../../docker/services/sensu-client.yaml # NOTE: This is needed because of upgrades from Ocata to Pike. We # deploy the initial environment with Ocata templates, and # overcloud-resource-registry.yaml there doesn't have this Docker # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can # remove this. OS::TripleO::Services::Docker: OS::Heat::None + # Some infra instances don't pass the ping test but are otherwise working. + # Since the OVB jobs also test this functionality we can shut it off here. + OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml + OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None parameter_defaults: ControllerServices: @@ -57,6 +63,7 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::MongoDb - OS::TripleO::Services::Redis - OS::TripleO::Services::AodhApi @@ -84,6 +91,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index ad4fa10f..54eef744 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -21,6 +21,9 @@ resource_registry: OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml OS::TripleO::Services::SensuClient: ../../puppet/services/monitoring/sensu-client.yaml + # Some infra instances don't pass the ping test but are otherwise working. + # Since the OVB jobs also test this functionality we can shut it off here. + OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml parameter_defaults: ControllerServices: @@ -57,6 +60,7 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::MongoDb - OS::TripleO::Services::Redis - OS::TripleO::Services::AodhApi @@ -84,6 +88,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml index 92c834b6..d300f773 100644 --- a/ci/environments/scenario002-multinode-containers.yaml +++ b/ci/environments/scenario002-multinode-containers.yaml @@ -16,6 +16,10 @@ resource_registry: # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can # remove this. OS::TripleO::Services::Docker: OS::Heat::None + # Some infra instances don't pass the ping test but are otherwise working. + # Since the OVB jobs also test this functionality we can shut it off here. + OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml + OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None parameter_defaults: ControllerServices: @@ -50,6 +54,7 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderScheduler @@ -64,8 +69,10 @@ parameter_defaults: - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu Debug: true SwiftCeilometerPipelineEnabled: false + NotificationDriver: 'noop' diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index ed0f7e25..cdbcbfd6 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -15,6 +15,9 @@ resource_registry: OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml + # Some infra instances don't pass the ping test but are otherwise working. + # Since the OVB jobs also test this functionality we can shut it off here. + OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml parameter_defaults: ControllerServices: @@ -49,6 +52,7 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::CinderApi - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderScheduler @@ -63,8 +67,10 @@ parameter_defaults: - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu Debug: true SwiftCeilometerPipelineEnabled: false + NotificationDriver: 'noop' diff --git a/ci/environments/scenario003-multinode-containers.yaml b/ci/environments/scenario003-multinode-containers.yaml index 7b917aef..e3789ea8 100644 --- a/ci/environments/scenario003-multinode-containers.yaml +++ b/ci/environments/scenario003-multinode-containers.yaml @@ -17,6 +17,10 @@ resource_registry: # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can # remove this. OS::TripleO::Services::Docker: OS::Heat::None + # Some infra instances don't pass the ping test but are otherwise working. + # Since the OVB jobs also test this functionality we can shut it off here. + OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml + OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None parameter_defaults: ControllerServices: @@ -59,6 +63,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu @@ -67,3 +72,4 @@ parameter_defaults: GlanceBackend: 'file' KeystoneTokenProvider: 'fernet' SwiftCeilometerPipelineEnabled: false + NotificationDriver: 'noop' diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml index d1c8bc15..5e797b40 100644 --- a/ci/environments/scenario003-multinode.yaml +++ b/ci/environments/scenario003-multinode.yaml @@ -14,6 +14,9 @@ resource_registry: OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml + # Some infra instances don't pass the ping test but are otherwise working. + # Since the OVB jobs also test this functionality we can shut it off here. + OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml parameter_defaults: ControllerServices: @@ -47,6 +50,7 @@ parameter_defaults: - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::NovaLibvirt - OS::TripleO::Services::SaharaApi - OS::TripleO::Services::SaharaEngine @@ -56,6 +60,7 @@ parameter_defaults: - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu @@ -64,3 +69,4 @@ parameter_defaults: GlanceBackend: 'file' KeystoneTokenProvider: 'fernet' SwiftCeilometerPipelineEnabled: false + NotificationDriver: 'noop' diff --git a/ci/environments/scenario004-multinode-containers.yaml b/ci/environments/scenario004-multinode-containers.yaml index 1d6d5917..6d795f97 100644 --- a/ci/environments/scenario004-multinode-containers.yaml +++ b/ci/environments/scenario004-multinode-containers.yaml @@ -16,8 +16,7 @@ resource_registry: OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None OS::TripleO::Services::ManilaApi: ../../docker/services/manila-api.yaml OS::TripleO::Services::ManilaScheduler: ../../docker/services/manila-scheduler.yaml - # NOTE: being containerized here: https://review.openstack.org/#/c/471527/ - OS::TripleO::Services::ManilaShare: ../../puppet/services/manila-share.yaml + OS::TripleO::Services::ManilaShare: ../../docker/services/manila-share.yaml OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml # TODO: containerize NeutronBgpVpnApi OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml @@ -27,6 +26,10 @@ resource_registry: # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can # remove this. OS::TripleO::Services::Docker: OS::Heat::None + # Some infra instances don't pass the ping test but are otherwise working. + # Since the OVB jobs also test this functionality we can shut it off here. + OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml + OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None parameter_defaults: @@ -71,9 +74,11 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu @@ -93,3 +98,4 @@ parameter_defaults: SwiftCeilometerPipelineEnabled: false NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin' BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default' + NotificationDriver: 'noop' diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml index e473d0bb..bd30347a 100644 --- a/ci/environments/scenario004-multinode.yaml +++ b/ci/environments/scenario004-multinode.yaml @@ -25,6 +25,9 @@ resource_registry: OS::TripleO::Services::Redis: ../../puppet/services/pacemaker/database/redis.yaml OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml OS::TripleO::Services::Keepalived: OS::Heat::None + # Some infra instances don't pass the ping test but are otherwise working. + # Since the OVB jobs also test this functionality we can shut it off here. + OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml parameter_defaults: @@ -71,9 +74,11 @@ parameter_defaults: - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Iscsid ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu @@ -95,3 +100,4 @@ parameter_defaults: NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin, networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin' BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default' L2gwServiceProvider: ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default'] + NotificationDriver: 'noop' diff --git a/ci/environments/scenario006-multinode-containers.yaml b/ci/environments/scenario006-multinode-containers.yaml new file mode 100644 index 00000000..4715e339 --- /dev/null +++ b/ci/environments/scenario006-multinode-containers.yaml @@ -0,0 +1,61 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::NovaIronic: ../docker/services/nova-ironic.yaml + OS::TripleO::Services::IronicApi: ../docker/services/ironic-api.yaml + OS::TripleO::Services::IronicConductor: ../docker/services/ironic-conductor.yaml + OS::TripleO::Services::IronicPxe: ../docker/services/ironic-pxe.yaml + OS::TripleO::Services::Docker: OS::Heat::None + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::IronicPxe + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::Redis + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + + Debug: true + BannerText: | + ****************************************************************** + * This system is for the use of authorized users only. Usage of * + * this system may be monitored and recorded by system personnel. * + * Anyone using this system expressly consents to such monitoring * + * and is advised that if such monitoring reveals possible * + * evidence of criminal activity, system personnel may provide * + * the evidence from such monitoring to law enforcement officials.* + ****************************************************************** + # we don't deploy Swift so we switch to file backend. + GlanceBackend: 'file' + IronicCleaningDiskErase: 'metadata' + NotificationDriver: 'noop' diff --git a/ci/environments/scenario007-multinode.yaml b/ci/environments/scenario007-multinode.yaml new file mode 100644 index 00000000..6db00ef1 --- /dev/null +++ b/ci/environments/scenario007-multinode.yaml @@ -0,0 +1,75 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Services::RabbitMQ: ../../puppet/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml + OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml + OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml + OS::TripleO::Services::Keepalived: OS::Heat::None + OS::TripleO::Tasks::ControllerPreConfig: ../../extraconfig/tasks/pre_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostConfig: ../../extraconfig/tasks/post_puppet_pacemaker.yaml + OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml + # Disable neutron services not required for OVN and enable services required for OVN. + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN + OS::TripleO::Services::ComputeNeutronCorePlugin: ../../puppet/services/neutron-compute-plugin-ovn.yaml + OS::TripleO::Services::OVNDBs: ../../puppet/services/ovn-dbs.yaml + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::Sshd + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + # For OVN. + NeutronMechanismDrivers: ovn + OVNVifType: ovs + OVNNeutronSyncMode: log + OVNQosDriver: ovn-qos + OVNTunnelEncapType: geneve + NeutronEnableDHCPAgent: false + NeutronTypeDrivers: 'geneve,vlan,flat,vxlan' + NeutronNetworkType: 'geneve' + NeutronServicePlugins: 'qos,networking_ovn.l3.l3_ovn.OVNL3RouterPlugin' + NeutronVniRanges: ['1:65536', ] + OVNBridgeMappings: 'datacentre:br-ex' + Debug: true + # we don't deploy Swift so we switch to file backend. + GlanceBackend: 'file' + KeystoneTokenProvider: 'fernet' + SwiftCeilometerPipelineEnabled: false diff --git a/ci/pingtests/scenario007-multinode.yaml b/ci/pingtests/scenario007-multinode.yaml new file mode 100644 index 00000000..b7d6213b --- /dev/null +++ b/ci/pingtests/scenario007-multinode.yaml @@ -0,0 +1,127 @@ +heat_template_version: pike + +description: > + HOT template to created resources deployed by scenario007. +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + server1: + type: OS::Nova::Server + properties: + name: Server1 + flavor: { get_resource: test_flavor } + image: { get_param: image } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } diff --git a/common/README b/common/README deleted file mode 100644 index 6a523118..00000000 --- a/common/README +++ /dev/null @@ -1 +0,0 @@ -This will contain some common templates but it needs to be added to the RPM spec first diff --git a/common/services.yaml b/common/services.yaml new file mode 100644 index 00000000..350026cc --- /dev/null +++ b/common/services.yaml @@ -0,0 +1,264 @@ +heat_template_version: pike + +description: > + Utility stack to convert an array of services into a set of combined + role configs. + +parameters: + Services: + default: [] + description: | + List nested stack service templates. + type: comma_delimited_list + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DefaultPasswords: + default: {} + description: Mapping of service -> default password. Used to help + pass top level passwords managed by Heat into services. + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + description: Role Specific parameters to be provided to service + default: {} + type: json + +resources: + + ServiceChain: + type: OS::Heat::ResourceChain + properties: + resources: {get_param: Services} + concurrent: true + resource_properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + EndpointMap: {get_param: EndpointMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + + LoggingConfiguration: + type: OS::TripleO::LoggingConfiguration + + ServiceServerMetadataHook: + type: OS::TripleO::ServiceServerMetadataHook + properties: + RoleData: {get_attr: [ServiceChain, role_data]} + + PuppetStepConfig: + type: OS::Heat::Value + properties: + type: string + value: + yaql: + expression: + # select 'step_config' only from services that do not have a docker_config + coalesce($.data.service_names, []).zip(coalesce($.data.step_config, []), coalesce($.data.docker_config, [])).where($[2] = null).where($[1] != null).select($[1]).join("\n") + data: + service_names: {get_attr: [ServiceChain, role_data, service_name]} + step_config: {get_attr: [ServiceChain, role_data, step_config]} + docker_config: {get_attr: [ServiceChain, role_data, docker_config]} + + DockerConfig: + type: OS::Heat::Value + properties: + type: json + value: + yaql: + expression: + # select 'docker_config' only from services that have it + coalesce($.data.service_names, []).zip(coalesce($.data.docker_config, [])).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {}) + data: + service_names: {get_attr: [ServiceChain, role_data, service_names]} + docker_config: {get_attr: [ServiceChain, role_data, docker_config]} + + LoggingSourcesConfig: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + # Transform the individual logging_source configuration from + # each service in the chain into a global list, adding some + # default configuration at the same time. + yaql: + expression: > + let( + default_format => coalesce($.data.default_format, ''), + pos_file_path => coalesce($.data.pos_file_path, ''), + sources => coalesce($.data.sources, {}).flatten() + ) -> + $sources.where($ != null).select({ + 'type' => 'tail', + 'tag' => $.tag, + 'path' => $.path, + 'format' => $.get('format', $default_format), + 'pos_file' => $.get('pos_file', $pos_file_path + '/' + $.tag + '.pos') + }) + data: + sources: + - {get_attr: [LoggingConfiguration, LoggingDefaultSources]} + - yaql: + expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('logging_source')).where($ != null)) + data: {role_data: {get_attr: [ServiceChain, role_data]}} + + - {get_attr: [LoggingConfiguration, LoggingExtraSources]} + default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]} + pos_file_path: {get_attr: [LoggingConfiguration, LoggingPosFilePath]} + + LoggingGroupsConfig: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + # Build a list of unique groups to which we should add the + # fluentd user. + yaql: + expression: > + set((coalesce($.data.default, []) + coalesce($.data.extra, []) + coalesce($.data.role_data, []).where($ != null).select($.get('logging_groups'))).flatten()).where($) + data: + default: {get_attr: [LoggingConfiguration, LoggingDefaultGroups]} + extra: {get_attr: [LoggingConfiguration, LoggingExtraGroups]} + role_data: {get_attr: [ServiceChain, role_data]} + + MonitoringSubscriptionsConfig: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + yaql: + expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('monitoring_subscription')).where($ != null)) + data: {role_data: {get_attr: [ServiceChain, role_data]}} + + ServiceNames: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + filter: + - [null] + - {get_attr: [ServiceChain, role_data, service_name]} + + GlobalConfigSettings: + type: OS::Heat::Value + properties: + type: json + value: + map_merge: + yaql: + expression: list(coalesce($.data.role_data, []).where($ != null).select($.get('global_config_settings')).where($ != null)) + data: {role_data: {get_attr: [ServiceChain, role_data]}} + + ServiceConfigSettings: + type: OS::Heat::Value + properties: + type: json + value: + yaql: + expression: coalesce($.data.role_data, []).where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) + data: {role_data: {get_attr: [ServiceChain, role_data]}} + + ServiceWorkflowTasks: + type: OS::Heat::Value + properties: + type: json + value: + yaql: + expression: coalesce($.data.role_data, []).where($ != null).select($.get('service_workflow_tasks')).where($ != null).reduce($1.mergeWith($2), {}) + data: {role_data: {get_attr: [ServiceChain, role_data]}} + + UpgradeTasks: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + yaql: + # Note we use distinct() here to filter any identical tasks, e.g yum update for all services + expression: coalesce($.data, []).where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() + data: {get_attr: [ServiceChain, role_data]} + + UpgradeBatchTasks: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + yaql: + expression: coalesce($.data, []).where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct() + data: {get_attr: [ServiceChain, role_data]} + + PuppetConfig: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + yaql: + expression: coalesce($.data, []).where($ != null).select($.get('puppet_config')).where($ != null).distinct() + data: {get_attr: [ServiceChain, role_data]} + + KollaConfig: + type: OS::Heat::Value + properties: + type: json + value: + yaql: + expression: coalesce($.data.role_data, []).where($ != null).select($.get('kolla_config')).where($ != null).reduce($1.mergeWith($2), {}) + data: {role_data: {get_attr: [ServiceChain, role_data]}} + + DockerPuppetTasks: + type: OS::Heat::Value + properties: + type: json + value: + yaql: + expression: dict(coalesce($.data, []).where($ != null).select($.get('docker_puppet_tasks')).where($ != null).selectMany($.items()).groupBy($[0], $[1])) + data: {get_attr: [ServiceChain, role_data]} + + HostPrepTasks: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + yaql: + # Note we use distinct() here to filter any identical tasks + expression: coalesce($.data, []).where($ != null).select($.get('host_prep_tasks')).where($ != null).flatten().distinct() + data: {get_attr: [ServiceChain, role_data]} + +outputs: + role_data: + description: Combined Role data for this set of services. + value: + service_names: {get_attr: [ServiceNames, value]} + monitoring_subscriptions: {get_attr: [MonitoringSubscriptionsConfig, value]} + logging_sources: {get_attr: [LoggingSourcesConfig, value]} + logging_groups: {get_attr: [LoggingGroupsConfig, value]} + config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} + global_config_settings: {get_attr: [GlobalConfigSettings, value]} + service_config_settings: {get_attr: [ServiceConfigSettings, value]} + service_workflow_tasks: {get_attr: [ServiceWorkflowTasks, value]} + step_config: {get_attr: [PuppetStepConfig, value]} + upgrade_tasks: {get_attr: [UpgradeTasks, value]} + upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]} + service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]} + + # Keys to support docker/services + puppet_config: {get_attr: [PuppetConfig, value]} + kolla_config: {get_attr: [KollaConfig, value]} + docker_config: {get_attr: [DockerConfig, value]} + docker_puppet_tasks: {get_attr: [DockerPuppetTasks, value]} + host_prep_tasks: {get_attr: [HostPrepTasks, value]} diff --git a/deployed-server/deployed-server-bootstrap-centos.yaml b/deployed-server/deployed-server-bootstrap-centos.yaml index 5b268234..d57ea9fc 100644 --- a/deployed-server/deployed-server-bootstrap-centos.yaml +++ b/deployed-server/deployed-server-bootstrap-centos.yaml @@ -18,5 +18,6 @@ resources: DeployedServerBootstrapDeployment: type: OS::Heat::SoftwareDeployment properties: + name: DeployedServerBootstrapDeployment config: {get_resource: DeployedServerBootstrapConfig} server: {get_param: server} diff --git a/deployed-server/deployed-server-bootstrap-rhel.yaml b/deployed-server/deployed-server-bootstrap-rhel.yaml index a9018515..554bff3e 100644 --- a/deployed-server/deployed-server-bootstrap-rhel.yaml +++ b/deployed-server/deployed-server-bootstrap-rhel.yaml @@ -18,5 +18,6 @@ resources: DeployedServerBootstrapDeployment: type: OS::Heat::SoftwareDeployment properties: + name: DeployedServerBootstrapDeployment config: {get_resource: DeployedServerBootstrapConfig} server: {get_param: server} diff --git a/deployed-server/deployed-server-environment-output.yaml b/deployed-server/deployed-server-environment-output.yaml new file mode 100644 index 00000000..89c3886d --- /dev/null +++ b/deployed-server/deployed-server-environment-output.yaml @@ -0,0 +1,55 @@ +heat_template_version: pike + +parameters: + RoleCounts: + type: json + default: {} + VipMap: + type: json + default: {} + DeployedServerPortMap: + type: json + default: {} + DeployedServerDeploymentSwiftDataMap: + type: json + default: {} + DefaultRouteIp: + type: string + default: 192.168.24.1 + +resources: + + DeployedServerPortMapParameter: + type: OS::Heat::Value + properties: + type: json + value: + DeployedServerPortMap: + map_merge: + - {get_param: DeployedServerPortMap} + - control_virtual_ip: + fixed_ips: + - ip_address: {get_param: [VipMap, ctlplane]} + - redis_virtual_ip: + fixed_ips: + - ip_address: {get_param: [VipMap, redis]} + + DeployedServerEnvironment: + type: OS::Heat::Value + properties: + type: json + value: + parameter_defaults: + map_merge: + - {get_attr: [DeployedServerPortMapParameter, value]} + - DeploymentSwiftDataMap: {get_param: DeployedServerDeploymentSwiftDataMap} + - EC2MetadataIp: {get_param: DefaultRouteIp} + - ControlPlaneDefaultRoute: {get_param: DefaultRouteIp} + - {get_param: RoleCounts} + +outputs: + deployed_server_environment: + description: + Environment data that can be used as input into the services stack when + using split-stack. + value: {get_attr: [DeployedServerEnvironment, value]} diff --git a/deployed-server/deployed-server-roles-data.yaml b/deployed-server/deployed-server-roles-data.yaml index 084c2f8f..4a305c68 100644 --- a/deployed-server/deployed-server-roles-data.yaml +++ b/deployed-server/deployed-server-roles-data.yaml @@ -41,6 +41,7 @@ - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Iscsid - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronDhcpAgent @@ -118,6 +119,7 @@ - OS::TripleO::Services::Snmp - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Kernel - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronOvsAgent @@ -130,6 +132,7 @@ - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid - name: BlockStorageDeployedServer disable_constraints: True diff --git a/deployed-server/deployed-server.yaml b/deployed-server/deployed-server.yaml index 0847bfbf..16deb7d6 100644 --- a/deployed-server/deployed-server.yaml +++ b/deployed-server/deployed-server.yaml @@ -44,6 +44,9 @@ parameters: Command or script snippet to run on all overcloud nodes to initialize the upgrade process. E.g. a repository switch. default: '' + deployment_swift_data: + type: json + default: {} resources: deployed-server: @@ -51,6 +54,7 @@ resources: properties: name: {get_param: name} software_config_transport: {get_param: software_config_transport} + deployment_swift_data: {get_param: deployment_swift_data} UpgradeInitConfig: type: OS::Heat::SoftwareConfig @@ -133,3 +137,5 @@ outputs: - {get_attr: [ControlPlanePort, fixed_ips, 0, ip_address]} name: value: {get_attr: [HostsEntryDeployment, hostname]} + os_collect_config: + value: {get_attr: [deployed-server, os_collect_config]} diff --git a/docker/README-containers.md b/docker/README-containers.md index 5a9f6f3c..376af3ec 100644 --- a/docker/README-containers.md +++ b/docker/README-containers.md @@ -1,58 +1,3 @@ -# Using Docker Containers With TripleO +# Containers based OpenStack deployment -## Configuring TripleO with to use a container based compute node. - -Steps include: -- Adding a base OS image to glance -- Deploy an overcloud configured to use the docker compute heat templates - -## Getting base OS image working. - -Download the fedora atomic image into glance: - -``` -wget https://download.fedoraproject.org/pub/fedora/linux/releases/22/Cloud/x86_64/Images/Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 -glance image-create --name atomic-image --file Fedora-Cloud-Atomic-22-20150521.x86_64.qcow2 --disk-format qcow2 --container-format bare -``` - -## Configuring TripleO - -You can use the tripleo.sh script up until the point of running the Overcloud. -https://github.com/openstack/tripleo-common/blob/master/scripts/tripleo.sh - -You will want to set up the runtime puppet script delivery system described here: -http://hardysteven.blogspot.ca/2016/08/tripleo-deploy-artifacts-and-puppet.html - -Create the Overcloud: -``` -$ openstack overcloud deploy --templates=tripleo-heat-templates -e tripleo-heat-templates/environments/docker.yaml -e tripleo-heat-templates/environments/docker-network.yaml --libvirt-type=qemu -``` - -Using Network Isolation in the Overcloud: -``` -$ openstack overcloud deploy --templates=tripleo-heat-templates -e tripleo-heat-templates/environments/docker.yaml -e tripleo-heat-templates/environments/docker-network-isolation.yaml --libvirt-type=qemu -``` - -Source the overcloudrc and then you can use the overcloud. - -## Debugging - -You can ssh into the controller/compute nodes by using the heat key, eg: -``` -nova list -ssh heat-admin@<compute_node_ip> -``` - -You can check to see what docker containers are running: -``` -sudo docker ps -a -``` - -To enter a container that doesn't seem to be working right: -``` -sudo docker exec -ti <container name> /bin/bash -``` - -Then you can check logs etc. - -You can also just do a 'docker logs' on a given container. +https://docs.openstack.org/tripleo-docs/latest/install/containers_deployment/ diff --git a/docker/deploy-steps-playbook.yaml b/docker/deploy-steps-playbook.yaml index b3cb500f..cd7d5b55 100644 --- a/docker/deploy-steps-playbook.yaml +++ b/docker/deploy-steps-playbook.yaml @@ -7,9 +7,19 @@ - name: Write the config_step hieradata copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true - name: Run puppet host configuration for step {{step}} - # FIXME: modulepath requires ansible 2.4, our builds currently only have 2.3 - # puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules - puppet: manifest=/var/lib/tripleo-config/puppet_step_config.pp + command: >- + puppet apply + --modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules + --logdest syslog --color=false + /var/lib/tripleo-config/puppet_step_config.pp + changed_when: false + check_mode: no + register: outputs + failed_when: false + no_log: true + - debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([])) + when: outputs is defined + failed_when: outputs|failed ###################################### # Generate config via docker-puppet.py ###################################### @@ -17,9 +27,16 @@ shell: python /var/lib/docker-puppet/docker-puppet.py environment: NET_HOST: 'true' + DEBUG: '{{docker_puppet_debug}}' when: step == "1" changed_when: false check_mode: no + register: outputs + failed_when: false + no_log: true + - debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([])) + when: outputs is defined + failed_when: outputs|failed ################################################## # Per step starting of the containers using paunch ################################################## @@ -31,13 +48,26 @@ # the *step_n.json with a hash of the generated external config added # This acts as a salt to enable restarting the container if config changes - name: Start containers for step {{step}} - command: paunch --debug apply --file /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}} + command: >- + paunch --debug apply + --file /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json + --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}} when: docker_config_json.stat.exists changed_when: false check_mode: no + register: outputs + failed_when: false + no_log: true + - debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([])) + when: outputs is defined + failed_when: outputs|failed ######################################################## # Bootstrap tasks, only performed on bootstrap_server_id ######################################################## + - name: Check if /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json exists + stat: + path: /var/lib/docker-puppet/docker-puppet-tasks{{step}}.json + register: docker_puppet_tasks_json - name: Run docker-puppet tasks (bootstrap tasks) shell: python /var/lib/docker-puppet/docker-puppet.py environment: @@ -45,6 +75,12 @@ NET_HOST: "true" NO_ARCHIVE: "true" STEP: "{{step}}" - when: deploy_server_id == bootstrap_server_id + when: deploy_server_id == bootstrap_server_id and docker_puppet_tasks_json.stat.exists changed_when: false check_mode: no + register: outputs + failed_when: false + no_log: true + - debug: var=(outputs.stderr|default('')).split('\n')|union(outputs.stdout_lines|default([])) + when: outputs is defined + failed_when: outputs|failed diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index 13211676..36c63887 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -28,13 +28,25 @@ import sys import tempfile import multiprocessing -log = logging.getLogger() -log.setLevel(logging.DEBUG) -ch = logging.StreamHandler(sys.stdout) -ch.setLevel(logging.DEBUG) -formatter = logging.Formatter('%(asctime)s %(levelname)s: %(message)s') -ch.setFormatter(formatter) -log.addHandler(ch) +logger = None + +def get_logger(): + global logger + if logger is None: + logger = logging.getLogger() + ch = logging.StreamHandler(sys.stdout) + if os.environ.get('DEBUG', False): + logger.setLevel(logging.DEBUG) + ch.setLevel(logging.DEBUG) + else: + logger.setLevel(logging.INFO) + ch.setLevel(logging.INFO) + formatter = logging.Formatter('%(asctime)s %(levelname)s: ' + '%(process)s -- %(message)s') + ch.setFormatter(formatter) + logger.addHandler(ch) + return logger + # this is to match what we do in deployed-server def short_hostname(): @@ -105,7 +117,7 @@ def rm_container(name): process_count = int(os.environ.get('PROCESS_COUNT', multiprocessing.cpu_count())) - +log = get_logger() log.info('Running docker-puppet') config_file = os.environ.get('CONFIG', '/var/lib/docker-puppet/docker-puppet.json') log.debug('CONFIG: %s' % config_file) @@ -145,11 +157,11 @@ for service in (json_data or []): if not manifest or not config_image: continue - log.debug('config_volume %s' % config_volume) - log.debug('puppet_tags %s' % puppet_tags) - log.debug('manifest %s' % manifest) - log.debug('config_image %s' % config_image) - log.debug('volumes %s' % volumes) + log.info('config_volume %s' % config_volume) + log.info('puppet_tags %s' % puppet_tags) + log.info('manifest %s' % manifest) + log.info('config_image %s' % config_image) + log.info('volumes %s' % volumes) # We key off of config volume for all configs. if config_volume in configs: # Append puppet tags and manifest. @@ -170,7 +182,8 @@ for service in (json_data or []): log.info('Service compilation completed.') def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volumes)): - + log = get_logger() + log.info('Started processing puppet configs') log.debug('config_volume %s' % config_volume) log.debug('puppet_tags %s' % puppet_tags) log.debug('manifest %s' % manifest) @@ -191,15 +204,18 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume TAGS="--tags \"$PUPPET_TAGS\"" fi - # workaround LP1696283 - mkdir -p /etc/ssh - touch /etc/ssh/ssh_known_hosts + # Create a reference timestamp to easily find all files touched by + # puppet. The sync ensures we get all the files we want due to + # different timestamp. + touch /tmp/the_origin_of_time + sync - FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply --verbose $TAGS /etc/config.pp + FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply \ + --color=false --logdest syslog $TAGS /etc/config.pp # Disables archiving if [ -z "$NO_ARCHIVE" ]; then - archivedirs=("/etc" "/root" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www") + archivedirs=("/etc" "/root" "/opt" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www" "/var/spool/cron" "/var/lib/nova/.ssh") rsync_srcs="" for d in "${archivedirs[@]}"; do if [ -d "$d" ]; then @@ -212,12 +228,12 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume # This is useful for debugging mkdir -p /var/lib/config-data/puppet-generated/${NAME} rsync -a -R -0 --delay-updates --delete-after \ - --files-from=<(find $rsync_srcs -newer /etc/ssh/ssh_known_hosts -print0) \ + --files-from=<(find $rsync_srcs -newer /tmp/the_origin_of_time -not -path '/etc/puppet*' -print0) \ / /var/lib/config-data/puppet-generated/${NAME} # Write a checksum of the config-data dir, this is used as a # salt to trigger container restart when the config changes - tar cf - /var/lib/config-data/${NAME} | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum + tar -c -f - /var/lib/config-data/${NAME} --mtime='1970-01-01' | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum fi """) @@ -242,6 +258,8 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume '--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro', '--volume', '/var/lib/config-data/:/var/lib/config-data/:rw', '--volume', 'tripleo_logs:/var/log/tripleo/', + # Syslog socket for puppet logs + '--volume', '/dev/log:/dev/log', # OpenSSL trusted CA injection '--volume', '/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro', '--volume', '/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro', @@ -272,15 +290,21 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume subproc = subprocess.Popen(dcmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=env) cmd_stdout, cmd_stderr = subproc.communicate() - if cmd_stdout: - log.debug(cmd_stdout) - if cmd_stderr: - log.debug(cmd_stderr) if subproc.returncode != 0: log.error('Failed running docker-puppet.py for %s' % config_volume) + if cmd_stdout: + log.error(cmd_stdout) + if cmd_stderr: + log.error(cmd_stderr) else: + if cmd_stdout: + log.debug(cmd_stdout) + if cmd_stderr: + log.debug(cmd_stderr) # only delete successful runs, for debugging rm_container('docker-puppet-%s' % config_volume) + + log.info('Finished processing puppet configs') return subproc.returncode # Holds all the information for each process to consume. @@ -298,9 +322,9 @@ for config_volume in configs: volumes = service[4] if len(service) > 4 else [] if puppet_tags: - puppet_tags = "file,file_line,concat,augeas,%s" % puppet_tags + puppet_tags = "file,file_line,concat,augeas,cron,%s" % puppet_tags else: - puppet_tags = "file,file_line,concat,augeas" + puppet_tags = "file,file_line,concat,augeas,cron" process_map.append([config_volume, puppet_tags, manifest, config_image, volumes]) diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2 index 3dd963b9..05ff7945 100644 --- a/docker/docker-steps.j2 +++ b/docker/docker-steps.j2 @@ -21,6 +21,9 @@ parameters: servers: type: json description: Mapping of Role name e.g Controller to a list of servers + stack_name: + type: string + description: Name of the topmost stack role_data: type: json description: Mapping of Role name e.g Controller to the per-role data @@ -35,25 +38,27 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + DockerPuppetDebug: + type: string + default: '' + description: Set to True to enable debug logging with docker-puppet.py + ctlplane_service_ips: + type: json -resources: +conditions: +{% for step in range(1, deploy_steps_max) %} + WorkflowTasks_Step{{step}}_Enabled: + or: + {%- for role in roles %} + - not: + equals: + - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}] + - '' + - False + {%- endfor %} +{% endfor %} - # These utility tasks use docker-puppet.py to execute tasks via puppet - # We only execute these on the first node in the primary role - {{primary_role_name}}DockerPuppetTasks: - type: OS::Heat::Value - properties: - type: json - value: - yaql: - expression: - $.data.default_tasks + dict($.data.docker_puppet_tasks.where($1 != null).selectMany($.items()).groupBy($[0], $[1])) - data: - docker_puppet_tasks: {get_param: [role_data, {{primary_role_name}}, docker_puppet_tasks]} - default_tasks: -{%- for step in range(1, deploy_steps_max) %} - step_{{step}}: {} -{%- endfor %} +resources: RoleConfig: type: OS::Heat::SoftwareConfig @@ -66,8 +71,66 @@ resources: - name: role_name - name: update_identifier - name: bootstrap_server_id + - name: docker_puppet_debug config: {get_file: deploy-steps-playbook.yaml} +{%- for step in range(1, deploy_steps_max) %} +# BEGIN service_workflow_tasks handling + WorkflowTasks_Step{{step}}: + type: OS::Mistral::Workflow + condition: WorkflowTasks_Step{{step}}_Enabled + depends_on: + {%- if step == 1 %} + {%- for dep in roles %} + - {{dep.name}}PreConfig + - {{dep.name}}ArtifactsDeploy + {%- endfor %} + {%- else %} + {%- for dep in roles %} + - {{dep.name}}Deployment_Step{{step -1}} + {%- endfor %} + {%- endif %} + properties: + name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]} + type: direct + tasks: + yaql: + expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten() + data: + {%- for role in roles %} + - get_param: [role_data, {{role.name}}, service_workflow_tasks] + {%- endfor %} + + WorkflowTasks_Step{{step}}_Execution: + type: OS::Mistral::ExternalResource + condition: WorkflowTasks_Step{{step}}_Enabled + depends_on: WorkflowTasks_Step{{step}} + properties: + actions: + CREATE: + workflow: { get_resource: WorkflowTasks_Step{{step}} } + params: + env: + service_ips: { get_param: ctlplane_service_ips } + role_merged_configs: + {%- for r in roles %} + {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} + {%- endfor %} + evaluate_env: false + UPDATE: + workflow: { get_resource: WorkflowTasks_Step{{step}} } + params: + env: + service_ips: { get_param: ctlplane_service_ips } + role_merged_configs: + {%- for r in roles %} + {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} + {%- endfor %} + evaluate_env: false + always_update: true +# END service_workflow_tasks handling +{% endfor %} + {% for role in roles %} # Post deployment steps for all roles # A single config is re-applied with an incrementing step number @@ -97,11 +160,11 @@ resources: vars: puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]} docker_puppet_script: {get_file: docker-puppet.py} - docker_puppet_tasks: {get_attr: [{{primary_role_name}}DockerPuppetTasks, value]} - docker_startup_configs: {get_attr: [{{role.name}}DockerConfig, value]} + docker_puppet_tasks: {get_param: [role_data, {{role.name}}, docker_puppet_tasks]} + docker_startup_configs: {get_param: [role_data, {{role.name}}, docker_config]} kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]} bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']} - puppet_step_config: {get_attr: [{{role.name}}PuppetStepConfig, value]} + puppet_step_config: {get_param: [role_data, {{role.name}}, step_config]} tasks: # Join host_prep_tasks with the other per-host configuration yaql: @@ -115,10 +178,9 @@ resources: file: path=/var/lib/tripleo-config state=directory - name: Write the puppet step_config manifest copy: content="{{puppet_step_config}}" dest=/var/lib/tripleo-config/puppet_step_config.pp force=yes - # This is the docker-puppet configs end in + # this creates a JSON config file for our docker-puppet.py script - name: Create /var/lib/docker-puppet file: path=/var/lib/docker-puppet state=directory - # this creates a JSON config file for our docker-puppet.py script - name: Write docker-puppet-tasks json files copy: content="{{puppet_config | to_json}}" dest=/var/lib/docker-puppet/docker-puppet.json force=yes # FIXME: can we move docker-puppet somewhere so it's installed via a package? @@ -142,6 +204,13 @@ resources: ######################################################## # Bootstrap tasks, only performed on bootstrap_server_id ######################################################## + - name: Clean /var/lib/docker-puppet/docker-puppet-tasks*.json files + file: + path: "{{item}}" + state: absent + with_fileglob: + - /var/lib/docker-puppet/docker-puppet-tasks*.json + when: deploy_server_id == bootstrap_server_id - name: Write docker-puppet-tasks json files copy: content="{{item.value|to_json}}" dest=/var/lib/docker-puppet/docker-puppet-tasks{{item.key.replace("step_", "")}}.json force=yes with_dict: "{{docker_puppet_tasks}}" @@ -154,33 +223,6 @@ resources: servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}HostPrepConfig} - {{role.name}}PuppetStepConfig: - type: OS::Heat::Value - properties: - type: string - value: - yaql: - expression: - # select 'step_config' only from services that do not have a docker_config - $.data.service_names.zip($.data.step_config, $.data.docker_config).where($[2] = null).where($[1] != null).select($[1]).join("\n") - data: - service_names: {get_param: [role_data, {{role.name}}, service_names]} - step_config: {get_param: [role_data, {{role.name}}, step_config]} - docker_config: {get_param: [role_data, {{role.name}}, docker_config]} - - {{role.name}}DockerConfig: - type: OS::Heat::Value - properties: - type: json - value: - yaql: - expression: - # select 'docker_config' only from services that have it - $.data.service_names.zip($.data.docker_config).where($[1] != null).select($[1]).reduce($1.mergeWith($2), {}) - data: - service_names: {get_param: [role_data, {{role.name}}, service_names]} - docker_config: {get_param: [role_data, {{role.name}}, docker_config]} - # BEGIN CONFIG STEPS {{role.name}}PreConfig: @@ -192,17 +234,25 @@ resources: update_identifier: {get_param: DeployIdentifier} {% for step in range(1, deploy_steps_max) %} - {{role.name}}Deployment_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup - {% if step == 1 %} - depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] - {% else %} depends_on: - {% for dep in roles %} + - WorkflowTasks_Step{{step}}_Execution + # TODO(gfidente): the following if/else condition + # replicates what is already defined for the + # WorkflowTasks_StepX resource and can be remove + # if https://bugs.launchpad.net/heat/+bug/1700569 + # is fixed. + {%- if step == 1 %} + {%- for dep in roles %} + - {{dep.name}}PreConfig + - {{dep.name}}ArtifactsDeploy + {%- endfor %} + {%- else %} + {%- for dep in roles %} - {{dep.name}}Deployment_Step{{step -1}} - {% endfor %} - {% endif %} + {%- endfor %} + {%- endif %} properties: name: {{role.name}}Deployment_Step{{step}} servers: {get_param: [servers, {{role.name}}]} @@ -212,7 +262,7 @@ resources: role_name: {{role.name}} update_identifier: {get_param: DeployIdentifier} bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']} - + docker_puppet_debug: {get_param: DockerPuppetDebug} {% endfor %} # END CONFIG STEPS @@ -221,9 +271,9 @@ resources: # after all the previous deployment steps. {{role.name}}ExtraConfigPost: depends_on: - {% for dep in roles %} + {%- for dep in roles %} - {{dep.name}}Deployment_Step5 - {% endfor %} + {%- endfor %} type: OS::TripleO::NodeExtraConfigPost properties: servers: {get_param: [servers, {{role.name}}]} @@ -234,9 +284,9 @@ resources: {{role.name}}PostConfig: type: OS::TripleO::Tasks::{{role.name}}PostConfig depends_on: - {% for dep in roles %} + {%- for dep in roles %} - {{dep.name}}ExtraConfigPost - {% endfor %} + {%- endfor %} properties: servers: {get_param: servers} input_values: diff --git a/docker/docker-toool b/docker/docker-toool index 0b87ea92..a1ffe34c 100755 --- a/docker/docker-toool +++ b/docker/docker-toool @@ -69,10 +69,15 @@ def parse_opts(argv): action='store_true', help="""Start docker container interactively (-ti).""", default=False) + parser.add_argument('-d', '--detach', + action='store_true', + help="""Start container detached.""", + default=False) opts = parser.parse_args(argv[1:]) return opts + def docker_arg_map(key, value): value = str(value).encode('ascii', 'ignore') if len(value) == 0: @@ -84,12 +89,12 @@ def docker_arg_map(key, value): 'net': "--net=%s" % value, 'pid': "--pid=%s" % value, 'privileged': "--privileged=%s" % value.lower(), - #'restart': "--restart=%s" % "false", 'user': "--user=%s" % value, 'volumes': "--volume=%s" % value, 'volumes_from': "--volumes-from=%s" % value, }.get(key, None) + def run_docker_container(opts, container_name): container_found = False @@ -142,13 +147,15 @@ def run_docker_container(opts, container_name): if opts.user: continue arg = docker_arg_map(container_data, - json_data[step][container][container_data]) + json_data[step][container][container_data]) if arg: cmd.append(arg) if opts.user: cmd.append('--user') cmd.append(opts.user) + if opts.detach: + cmd.append('--detach') if opts.interactive: cmd.append('-ti') # May as well remove it when we're done too @@ -167,19 +174,17 @@ def run_docker_container(opts, container_name): if not container_found: print("Container '%s' not found!" % container_name) + def list_docker_containers(opts): - print opts with open(opts.config) as f: json_data = json.load(f) for step in (json_data or []): if step is None: continue - print step for container in (json_data[step] or []): print('\tcontainer: %s' % container) for container_data in (json_data[step][container] or []): - #print('\t\tcontainer_data: %s' % container_data) if container_data == "start_order": print('\t\tstart_order: %s' % json_data[step][container][container_data]) @@ -189,4 +194,3 @@ if opts.container: run_docker_container(opts, opts.container) else: list_docker_containers(opts) - diff --git a/docker/firstboot/setup_docker_host.yaml b/docker/firstboot/setup_docker_host.yaml index 4b061e1c..ddfa8802 100644 --- a/docker/firstboot/setup_docker_host.yaml +++ b/docker/firstboot/setup_docker_host.yaml @@ -1,13 +1,5 @@ heat_template_version: pike -parameters: - DockerNamespace: - type: string - default: tripleoupstream - DockerNamespaceIsRegistry: - type: boolean - default: false - resources: userdata: @@ -20,12 +12,7 @@ resources: type: OS::Heat::SoftwareConfig properties: group: script - config: - str_replace: - params: - $docker_registry: {get_param: DockerNamespace} - $docker_namespace_is_registry: {get_param: DockerNamespaceIsRegistry} - template: {get_file: ./setup_docker_host.sh} + config: {get_file: ./setup_docker_host.sh} outputs: OS::stack_id: diff --git a/docker/services/README.rst b/docker/services/README.rst index 84ac842e..ce255ba8 100644 --- a/docker/services/README.rst +++ b/docker/services/README.rst @@ -74,7 +74,7 @@ are re-asserted when applying latter ones. * puppet_tags: Puppet resource tag names that are used to generate config files with puppet. Only the named config resources are used to generate a config file. Any service that specifies tags will have the default - tags of 'file,concat,file_line,augeas' appended to the setting. + tags of 'file,concat,file_line,augeas,cron' appended to the setting. Example: keystone_config * config_volume: The name of the volume (directory) where config files diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index bda5469a..70b43eb1 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized aodh service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerAodhApiImage: description: image - default: 'centos-binary-aodh-api:latest' + type: string + DockerAodhConfigImage: + description: The container image to use for the aodh config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -73,13 +75,15 @@ outputs: config_volume: aodh puppet_tags: aodh_api_paste_ini,aodh_config step_config: *step_config - config_image: &aodh_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ] + config_image: {get_param: DockerAodhConfigImage} kolla_config: /var/lib/kolla/config_files/aodh_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/aodh owner: aodh:aodh @@ -88,14 +92,14 @@ outputs: # db sync runs before permissions set by kolla_config step_2: aodh_init_log: - image: *aodh_image + image: &aodh_api_image {get_param: DockerAodhApiImage} user: root volumes: - /var/log/containers/aodh:/var/log/aodh command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R aodh:aodh /var/log/aodh'] step_3: aodh_db_sync: - image: *aodh_image + image: *aodh_api_image net: host privileged: false detach: false @@ -109,7 +113,7 @@ outputs: command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync" step_4: aodh_api: - image: *aodh_image + image: *aodh_api_image net: host privileged: false restart: always @@ -118,11 +122,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/aodh_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro - - /var/lib/config-data/aodh/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/aodh/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/aodh/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/aodh/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro - /var/log/containers/aodh:/var/log/aodh - if: diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index 74ac635f..f75c57b3 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Aodh Evaluator service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerAodhEvaluatorImage: description: image - default: 'centos-binary-aodh-evaluator:latest' + type: string + DockerAodhConfigImage: + description: The container image to use for the aodh config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,6 +46,7 @@ resources: type: ../../puppet/services/aodh-evaluator.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -65,13 +68,15 @@ outputs: config_volume: aodh puppet_tags: aodh_config step_config: *step_config - config_image: &aodh_evaluator_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ] + config_image: {get_param: DockerAodhConfigImage} kolla_config: /var/lib/kolla/config_files/aodh_evaluator.json: command: /usr/bin/aodh-evaluator + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/aodh owner: aodh:aodh @@ -79,7 +84,7 @@ outputs: docker_config: step_4: aodh_evaluator: - image: *aodh_evaluator_image + image: {get_param: DockerAodhEvaluatorImage} net: host privileged: false restart: always @@ -88,7 +93,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/aodh_evaluator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro + - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro - /var/log/containers/aodh:/var/log/aodh environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index 0930f42e..9db2ffbe 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Aodh Listener service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerAodhListenerImage: description: image - default: 'centos-binary-aodh-listener:latest' + type: string + DockerAodhConfigImage: + description: The container image to use for the aodh config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,6 +46,7 @@ resources: type: ../../puppet/services/aodh-listener.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -65,13 +68,15 @@ outputs: config_volume: aodh puppet_tags: aodh_config step_config: *step_config - config_image: &aodh_listener_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ] + config_image: {get_param: DockerAodhConfigImage} kolla_config: /var/lib/kolla/config_files/aodh_listener.json: command: /usr/bin/aodh-listener + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/aodh owner: aodh:aodh @@ -79,7 +84,7 @@ outputs: docker_config: step_4: aodh_listener: - image: *aodh_listener_image + image: {get_param: DockerAodhListenerImage} net: host privileged: false restart: always @@ -88,7 +93,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/aodh_listener.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro + - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro - /var/log/containers/aodh:/var/log/aodh environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index 607d9997..c16c0161 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Aodh Notifier service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerAodhNotifierImage: description: image - default: 'centos-binary-aodh-notifier:latest' + type: string + DockerAodhConfigImage: + description: The container image to use for the aodh config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,6 +46,7 @@ resources: type: ../../puppet/services/aodh-notifier.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -65,13 +68,15 @@ outputs: config_volume: aodh puppet_tags: aodh_config step_config: *step_config - config_image: &aodh_notifier_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ] + config_image: {get_param: DockerAodhConfigImage} kolla_config: /var/lib/kolla/config_files/aodh_notifier.json: command: /usr/bin/aodh-notifier + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/aodh owner: aodh:aodh @@ -79,7 +84,7 @@ outputs: docker_config: step_4: aodh_notifier: - image: *aodh_notifier_image + image: {get_param: DockerAodhNotifierImage} net: host privileged: false restart: always @@ -88,7 +93,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/aodh_notifier.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro + - /var/lib/config-data/puppet-generated/aodh/:/var/lib/kolla/config_files/src:ro - /var/log/containers/aodh:/var/log/aodh environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml index 9cec4a61..6caffd15 100644 --- a/docker/services/ceilometer-agent-central.yaml +++ b/docker/services/ceilometer-agent-central.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Ceilometer Agent Central service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCeilometerCentralImage: description: image - default: 'centos-binary-ceilometer-central:latest' + type: string + DockerCeilometerConfigImage: + description: The container image to use for the ceilometer config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,6 +46,7 @@ resources: type: ../../puppet/services/ceilometer-agent-central.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -63,18 +66,20 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: &ceilometer_agent_central_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ] + config_image: {get_param: DockerCeilometerConfigImage} kolla_config: /var/lib/kolla/config_files/ceilometer_agent_central.json: command: /usr/bin/ceilometer-polling --polling-namespaces central + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: ceilometer_init_log: start_order: 0 - image: *ceilometer_agent_central_image + image: &ceilometer_agent_central_image {get_param: DockerCeilometerCentralImage} user: root command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] volumes: @@ -90,7 +95,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ceilometer_agent_central.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS step_5: @@ -100,13 +105,17 @@ outputs: net: host detach: false privileged: false + user: root volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro - /var/log/containers/ceilometer:/var/log/ceilometer - command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"] + command: + - '/usr/bin/bootstrap_host_exec' + - 'ceilometer_agent_central' + - "su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'" upgrade_tasks: - name: Stop and disable ceilometer agent central service tags: step2 diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml index 8d06d094..09677c64 100644 --- a/docker/services/ceilometer-agent-compute.yaml +++ b/docker/services/ceilometer-agent-compute.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Ceilometer Agent Compute service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCeilometerComputeImage: description: image - default: 'centos-binary-ceilometer-compute:latest' + type: string + DockerCeilometerConfigImage: + description: The container image to use for the ceilometer config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,6 +46,7 @@ resources: type: ../../puppet/services/ceilometer-agent-compute.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -63,17 +66,19 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: &ceilometer_agent_compute_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ] + config_image: {get_param: DockerCeilometerConfigImage} kolla_config: /var/lib/kolla/config_files/ceilometer_agent_compute.json: command: /usr/bin/ceilometer-polling --polling-namespaces compute + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_4: ceilometer_agent_compute: - image: *ceilometer_agent_compute_image + image: {get_param: DockerCeilometerComputeImage} net: host privileged: false restart: always @@ -82,7 +87,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro - /var/run/libvirt:/var/run/libvirt:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ceilometer-agent-ipmi.yaml b/docker/services/ceilometer-agent-ipmi.yaml index 02793e48..82d55be2 100644 --- a/docker/services/ceilometer-agent-ipmi.yaml +++ b/docker/services/ceilometer-agent-ipmi.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Ceilometer Agent Ipmi service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCeilometerIpmiImage: description: image - default: 'centos-binary-ceilometer-ipmi:latest' + type: string + DockerCeilometerConfigImage: + description: The container image to use for the ceilometer config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,6 +46,7 @@ resources: type: ../../puppet/services/ceilometer-agent-ipmi.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -63,18 +66,20 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: &ceilometer_agent_ipmi_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerIpmiImage} ] + config_image: {get_param: DockerCeilometerConfigImage} kolla_config: /var/lib/kolla/config_files/ceilometer-agent-ipmi.json: command: /usr/bin/ceilometer-polling --polling-namespaces ipmi + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: ceilometer_init_log: start_order: 0 - image: *ceilometer_agent_ipmi_image + image: &ceilometer_agent_ipmi_image {get_param: DockerCeilometerIpmiImage} user: root command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] volumes: @@ -90,23 +95,9 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ceilometer-agent-ipmi.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - step_5: - ceilometer_gnocchi_upgrade: - start_order: 1 - image: *ceilometer_agent_ipmi_image - net: host - detach: false - privileged: false - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro - - /var/log/containers/ceilometer:/var/log/ceilometer - command: "/usr/bin/bootstrap_host_exec ceilometer su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'" upgrade_tasks: - name: Stop and disable ceilometer agent ipmi service tags: step2 diff --git a/docker/services/ceilometer-agent-notification.yaml b/docker/services/ceilometer-agent-notification.yaml index 36424e91..7f1d442a 100644 --- a/docker/services/ceilometer-agent-notification.yaml +++ b/docker/services/ceilometer-agent-notification.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Ceilometer Agent Notification service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCeilometerNotificationImage: description: image - default: 'centos-binary-ceilometer-notification:latest' + type: string + DockerCeilometerConfigImage: + description: The container image to use for the ceilometer config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,6 +46,7 @@ resources: type: ../../puppet/services/ceilometer-agent-notification.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -63,18 +66,20 @@ outputs: config_volume: ceilometer puppet_tags: ceilometer_config step_config: *step_config - config_image: &ceilometer_agent_notification_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ] + config_image: {get_param: DockerCeilometerConfigImage} kolla_config: /var/lib/kolla/config_files/ceilometer_agent_notification.json: command: /usr/bin/ceilometer-agent-notification + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: ceilometer_init_log: start_order: 0 - image: *ceilometer_agent_notification_image + image: &ceilometer_agent_notification_image {get_param: DockerCeilometerNotificationImage} user: root command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer'] volumes: @@ -90,23 +95,9 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ceilometer_agent_notification.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro + - /var/lib/config-data/puppet-generated/ceilometer/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - step_5: - ceilometer_gnocchi_upgrade: - start_order: 1 - image: *ceilometer_agent_notification_image - net: host - detach: false - privileged: false - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro - - /var/log/containers/ceilometer:/var/log/ceilometer - command: ["/usr/bin/ceilometer-upgrade", "--skip-metering-database"] upgrade_tasks: - name: Stop and disable ceilometer agent notification service tags: step2 diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 94bd66d8..7804fdb2 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -4,24 +4,21 @@ description: > OpenStack containerized Cinder API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCinderApiImage: description: image - default: 'centos-binary-cinder-api:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image - default: 'centos-binary-cinder-api:latest' + description: The container image to use for the cinder config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -56,6 +53,7 @@ resources: type: ../../puppet/services/cinder-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -75,13 +73,26 @@ outputs: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/cinder + owner: cinder:cinder + recurse: true + /var/lib/kolla/config_files/cinder_api_cron.json: + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/cinder owner: cinder:cinder @@ -89,10 +100,7 @@ outputs: docker_config: step_2: cinder_api_init_logs: - image: &cinder_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderApiImage} ] + image: &cinder_api_image {get_param: DockerCinderApiImage} privileged: false user: root volumes: @@ -129,9 +137,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro - - /var/lib/config-data/cinder/etc/httpd/:/etc/httpd/:ro - - /var/lib/config-data/cinder/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/log/containers/cinder:/var/log/cinder - if: @@ -145,6 +151,21 @@ outputs: - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + cinder_api_cron: + image: *cinder_api_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/cinder_api_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/cinder:/var/log/cinder + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml index 0958a7e8..dc7580a3 100644 --- a/docker/services/cinder-backup.yaml +++ b/docker/services/cinder-backup.yaml @@ -4,24 +4,21 @@ description: > OpenStack containerized Cinder Backup service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCinderBackupImage: description: image - default: 'centos-binary-cinder-backup:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image - default: 'centos-binary-cinder-api:latest' + description: The container image to use for the cinder config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -50,6 +47,7 @@ resources: type: ../../puppet/services/cinder-backup.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -69,13 +67,27 @@ outputs: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_backup.json: command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + config_files: + # NOTE(mandre): the copy of ceph conf will need to go once we + # generate a ceph.conf for cinder in puppet + # Copy ceph config files before cinder ones as a precaution, for + # the later one to take precendence in case of duplicate files. + - source: "/var/lib/kolla/config_files/src-ceph/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/cinder owner: cinder:cinder @@ -87,10 +99,7 @@ outputs: step_3: cinder_backup_init_logs: start_order: 0 - image: &cinder_backup_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ] + image: &cinder_backup_image {get_param: DockerCinderBackupImage} privileged: false user: root volumes: @@ -107,13 +116,14 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro - - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro + # FIXME: we need to generate a ceph.conf with puppet for this + - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys - /lib/modules:/lib/modules:ro - - /etc/iscsi:/etc/iscsi - /var/lib/cinder:/var/lib/cinder - /var/log/containers/cinder:/var/log/cinder environment: diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml index 8199c34b..1bae005c 100644 --- a/docker/services/cinder-scheduler.yaml +++ b/docker/services/cinder-scheduler.yaml @@ -4,24 +4,21 @@ description: > OpenStack containerized Cinder Scheduler service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCinderSchedulerImage: description: image - default: 'centos-binary-cinder-scheduler:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image - default: 'centos-binary-cinder-api:latest' + description: The container image to use for the cinder config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -50,6 +47,7 @@ resources: type: ../../puppet/services/cinder-scheduler.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -69,13 +67,15 @@ outputs: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_scheduler.json: command: /usr/bin/cinder-scheduler --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/cinder owner: cinder:cinder @@ -83,10 +83,7 @@ outputs: docker_config: step_2: cinder_scheduler_init_logs: - image: &cinder_scheduler_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderSchedulerImage} ] + image: &cinder_scheduler_image {get_param: DockerCinderSchedulerImage} privileged: false user: root volumes: @@ -103,7 +100,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/cinder_scheduler.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/log/containers/cinder:/var/log/cinder environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml index 26eb10e7..3030019c 100644 --- a/docker/services/cinder-volume.yaml +++ b/docker/services/cinder-volume.yaml @@ -4,24 +4,21 @@ description: > OpenStack containerized Cinder Volume service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCinderVolumeImage: description: image - default: 'centos-binary-cinder-volume:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image - default: 'centos-binary-cinder-api:latest' + description: The container image to use for the cinder config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -58,6 +55,7 @@ resources: type: ../../puppet/services/cinder-volume.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -68,22 +66,42 @@ outputs: description: Role data for the Cinder Volume role. value: service_name: {get_attr: [CinderBase, role_data, service_name]} - config_settings: {get_attr: [CinderBase, role_data, config_settings]} + config_settings: + map_merge: + - get_attr: [CinderBase, role_data, config_settings] + - tripleo::profile::base::lvm::enable_udev: false step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - "include ::tripleo::profile::base::lvm" + - get_attr: [CinderBase, role_data, step_config] service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_volume.json: command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf + config_files: + # NOTE(mandre): the copy of ceph conf will need to go once we + # generate a ceph.conf for cinder in puppet + # Copy ceph config files before cinder ones as a precaution, for + # the later one to take precendence in case of duplicate files. + - source: "/var/lib/kolla/config_files/src-ceph/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/cinder owner: cinder:cinder @@ -92,10 +110,7 @@ outputs: step_3: cinder_volume_init_logs: start_order: 0 - image: &cinder_volume_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ] + image: &cinder_volume_image {get_param: DockerCinderVolumeImage} privileged: false user: root volumes: @@ -112,12 +127,14 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro - - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this + - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro + # FIXME: we need to generate a ceph.conf with puppet for this + - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro + - /lib/modules:/lib/modules:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys - - /etc/iscsi:/etc/iscsi - /var/lib/cinder:/var/lib/cinder - /var/log/containers/cinder:/var/log/cinder environment: diff --git a/docker/services/collectd.yaml b/docker/services/collectd.yaml index 6c58a589..2989729c 100644 --- a/docker/services/collectd.yaml +++ b/docker/services/collectd.yaml @@ -4,19 +4,21 @@ description: > Containerized collectd service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCollectdImage: description: image - default: 'centos-binary-collectd:latest' + type: string + DockerCollectdConfigImage: + description: The container image to use for the collectd config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -45,6 +47,7 @@ resources: type: ../../puppet/services/metrics/collectd.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -68,13 +71,15 @@ outputs: config_volume: collectd puppet_tags: collectd_client_config step_config: *step_config - config_image: &collectd_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCollectdImage} ] + config_image: {get_param: DockerCollectdConfigImage} kolla_config: /var/lib/kolla/config_files/collectd.json: command: /usr/sbin/collectd -f + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/collectd owner: collectd:collectd @@ -82,7 +87,7 @@ outputs: docker_config: step_3: collectd: - image: *collectd_image + image: {get_param: DockerCollectdImage} net: host privileged: true restart: always @@ -92,9 +97,7 @@ outputs: - - /var/run/docker.sock:/var/run/docker.sock:rw - /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/collectd/etc/collectd.conf:/etc/collectd.conf:ro - - /var/lib/config-data/collectd/etc/collectd.d:/etc/collectd.d:ro - - /var/log/containers/collectd:/var/log/collectd:rw + - /var/lib/config-data/puppet-generated/collectd/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/congress-api.yaml b/docker/services/congress.yaml index 92b0eeb9..e49682f9 100644 --- a/docker/services/congress-api.yaml +++ b/docker/services/congress.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Congress API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCongressApiImage: description: image - default: 'centos-binary-congress-api:latest' type: string DockerCongressConfigImage: - description: image - default: 'centos-binary-congress-api:latest' + description: The container image to use for the congress config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,10 +42,11 @@ resources: ContainersCommon: type: ./containers-common.yaml - CongressApiBase: + CongressBase: type: ../../puppet/services/congress.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -57,25 +56,27 @@ outputs: role_data: description: Role data for the Congress API role. value: - service_name: {get_attr: [CongressApiBase, role_data, service_name]} + service_name: {get_attr: [CongressBase, role_data, service_name]} config_settings: map_merge: - - get_attr: [CongressApiBase, role_data, config_settings] + - get_attr: [CongressBase, role_data, config_settings] step_config: &step_config - get_attr: [CongressApiBase, role_data, step_config] - service_config_settings: {get_attr: [CongressApiBase, role_data, service_config_settings]} + get_attr: [CongressBase, role_data, step_config] + service_config_settings: {get_attr: [CongressBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: congress puppet_tags: congress_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCongressConfigImage} ] + config_image: {get_param: DockerCongressConfigImage} kolla_config: /var/lib/kolla/config_files/congress_api.json: command: /usr/bin/congress-server --config-file=/etc/congress/congress.conf --log-file=/var/log/congress/api.log + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/congress owner: congress:congress @@ -84,10 +85,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: congress_init_logs: - image: &congress_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCongressApiImage} ] + image: &congress_api_image {get_param: DockerCongressApiImage} privileged: false user: root volumes: @@ -95,7 +93,7 @@ outputs: command: ['/bin/bash', '-c', 'chown -R congress:congress /var/log/congress'] step_3: congress_db_sync: - image: *congress_image + image: *congress_api_image net: host privileged: false detach: false @@ -104,13 +102,16 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/config-data/congress/etc/:/etc/:ro + # FIXME(mandre) mounting /etc rw to workaround LP1696283 + # This should go away anyway and mount the exact files it + # needs or use kolla set_configs.py + - /var/lib/config-data/congress/etc/:/etc/ - /var/log/containers/congress:/var/log/congress command: "/usr/bin/bootstrap_host_exec congress su congress -s /bin/bash -c 'congress-db-manage --config-file /etc/congress/congress.conf upgrade head'" step_4: congress_api: start_order: 15 - image: *congress_image + image: *congress_api_image net: host privileged: false restart: always @@ -119,7 +120,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/congress_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/congress/etc/congress/:/etc/congress/:ro + - /var/lib/config-data/puppet-generated/congress/:/var/lib/kolla/config_files/src:ro - /var/log/containers/congress:/var/log/congress environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml index d104853f..71ea8d1f 100644 --- a/docker/services/containers-common.yaml +++ b/docker/services/containers-common.yaml @@ -11,6 +11,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 5d0eb79d..5ba79b31 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -4,19 +4,21 @@ description: > MongoDB service deployment using puppet and docker parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMongodbImage: description: image - default: 'centos-binary-mongodb:latest' + type: string + DockerMongodbConfigImage: + description: The container image to use for the mongodb config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -41,6 +43,7 @@ resources: type: ../../../puppet/services/database/mongodb.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -65,13 +68,15 @@ outputs: config_volume: mongodb puppet_tags: file # set this even though file is the default step_config: *step_config - config_image: &mongodb_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMongodbImage} ] + config_image: &mongodb_config_image {get_param: DockerMongodbConfigImage} kolla_config: /var/lib/kolla/config_files/mongodb.json: command: /usr/bin/mongod --unixSocketPrefix=/var/run/mongodb --config /etc/mongod.conf run + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/mongodb owner: mongodb:mongodb @@ -82,13 +87,12 @@ outputs: docker_config: step_2: mongodb: - image: *mongodb_image + image: {get_param: DockerMongodbImage} net: host privileged: false volumes: &mongodb_volumes - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/mongodb/etc/mongod.conf:/etc/mongod.conf:ro - - /var/lib/config-data/mongodb/etc/mongos.conf:/etc/mongos.conf:ro + - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro - /etc/localtime:/etc/localtime:ro - /var/log/containers/mongodb:/var/log/mongodb - /var/lib/mongodb:/var/lib/mongodb @@ -100,7 +104,7 @@ outputs: config_volume: 'mongodb_init_tasks' puppet_tags: 'mongodb_database,mongodb_user,mongodb_replset' step_config: 'include ::tripleo::profile::base::database::mongodb' - config_image: *mongodb_image + config_image: *mongodb_config_image volumes: - /var/lib/mongodb:/var/lib/mongodb - /var/log/containers/mongodb:/var/log/mongodb diff --git a/docker/services/database/mysql-client.yaml b/docker/services/database/mysql-client.yaml index b0ad3760..d45d58e1 100644 --- a/docker/services/database/mysql-client.yaml +++ b/docker/services/database/mysql-client.yaml @@ -4,14 +4,13 @@ description: > Configuration for containerized MySQL clients parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string - DockerMysqlImage: - description: image - default: 'centos-binary-mariadb:latest' + DockerMysqlClientConfigImage: + description: The container image to use for the mysql_client config_volume type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -58,9 +57,6 @@ outputs: config_volume: mysql_client puppet_tags: file # set this even though file is the default step_config: "include ::tripleo::profile::base::database::mysql::client" - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + config_image: {get_param: DockerMysqlClientConfigImage} # no need for a docker config, this service only generates configuration files docker_config: {} diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml index 9eabb719..54331415 100644 --- a/docker/services/database/mysql.yaml +++ b/docker/services/database/mysql.yaml @@ -4,19 +4,21 @@ description: > MySQL service deployment using puppet parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMysqlImage: description: image - default: 'centos-binary-mariadb:latest' + type: string + DockerMysqlConfigImage: + description: The container image to use for the mysql config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -45,6 +47,7 @@ resources: type: ../../../puppet/services/database/mysql.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -74,13 +77,15 @@ outputs: config_volume: mysql puppet_tags: file # set this even though file is the default step_config: *step_config - config_image: &mysql_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMysqlImage} ] + config_image: &mysql_config_image {get_param: DockerMysqlConfigImage} kolla_config: /var/lib/kolla/config_files/mysql.json: command: /usr/bin/mysqld_safe + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/mysql owner: mysql:mysql @@ -89,7 +94,7 @@ outputs: # Kolla_bootstrap runs before permissions set by kolla_config step_1: mysql_init_logs: - image: *mysql_image + image: &mysql_image {get_param: DockerMysqlImage} privileged: false user: root volumes: @@ -104,7 +109,7 @@ outputs: command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start'] volumes: &mysql_volumes - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro + - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro - /etc/localtime:/etc/localtime:ro - /etc/hosts:/etc/hosts:ro - /var/lib/mysql:/var/lib/mysql @@ -139,7 +144,7 @@ outputs: config_volume: 'mysql_init_tasks' puppet_tags: 'mysql_database,mysql_grant,mysql_user' step_config: 'include ::tripleo::profile::base::database::mysql' - config_image: *mysql_image + config_image: *mysql_config_image volumes: - /var/lib/mysql:/var/lib/mysql/:ro - /var/log/containers/mysql:/var/log/mariadb diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml index 9d0d30c8..980a8c6d 100644 --- a/docker/services/database/redis.yaml +++ b/docker/services/database/redis.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Redis services parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerRedisImage: description: image - default: 'centos-binary-redis:latest' + type: string + DockerRedisConfigImage: + description: The container image to use for the redis config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -41,6 +43,7 @@ resources: type: ../../../puppet/services/database/redis.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} @@ -64,13 +67,15 @@ outputs: # https://github.com/arioch/puppet-redis/commit/1c004143223e660cbd433422ff8194508aab9763 puppet_tags: 'exec' step_config: *step_config - config_image: &redis_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerRedisImage} ] + config_image: {get_param: DockerRedisConfigImage} kolla_config: /var/lib/kolla/config_files/redis.json: command: /usr/bin/redis-server /etc/redis.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/run/redis owner: redis:redis @@ -80,7 +85,7 @@ outputs: redis_init_logs: start_order: 0 detach: false - image: *redis_image + image: &redis_image {get_param: DockerRedisImage} privileged: false user: root volumes: @@ -95,7 +100,7 @@ outputs: volumes: - /run:/run - /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/redis/etc/redis.conf:/etc/redis.conf:ro + - /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro - /etc/localtime:/etc/localtime:ro - /var/log/containers/redis:/var/log/redis environment: diff --git a/docker/services/ec2-api.yaml b/docker/services/ec2-api.yaml index bc3654b0..9f1ecbc1 100644 --- a/docker/services/ec2-api.yaml +++ b/docker/services/ec2-api.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized EC2 API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerEc2ApiImage: description: image - default: 'centos-binary-ec2-api:latest' + type: string + DockerEc2ApiConfigImage: + description: The container image to use for the ec2_api config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -60,22 +62,29 @@ outputs: service_config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: - config_volume: ec2api + config_volume: ec2_api puppet_tags: ec2api_api_paste_ini,ec2api_config step_config: *step_config - config_image: &ec2_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerEc2ApiImage} ] + config_image: {get_param: DockerEc2ApiConfigImage} kolla_config: /var/lib/kolla/config_files/ec2_api.json: command: /usr/bin/ec2-api + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/ec2api owner: ec2api:ec2api recurse: true /var/lib/kolla/config_files/ec2_api_metadata.json: command: /usr/bin/ec2-api-metadata + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/ec2api # default log dir for metadata service as well owner: ec2api:ec2api @@ -84,7 +93,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: ec2_api_init_logs: - image: *ec2_api_image + image: &ec2_api_image {get_param: DockerEc2ApiImage} privileged: false user: root volumes: @@ -118,7 +127,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ec2_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro + - /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/ec2_api:/var/log/ec2api environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -132,7 +141,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ec2_api_metadata.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro + - /var/lib/config-data/puppet-generated/ec2_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/ec2_api_metadata:/var/log/ec2api environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/etcd.yaml b/docker/services/etcd.yaml index 818bddd4..42c9f2d3 100644 --- a/docker/services/etcd.yaml +++ b/docker/services/etcd.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized etcd services parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerEtcdImage: description: image - default: 'centos-binary-etcd:latest' + type: string + DockerEtcdConfigImage: + description: The container image to use for the etcd config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -45,6 +47,7 @@ resources: type: ../../puppet/services/etcd.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EtcdInitialClusterToken: {get_param: EtcdInitialClusterToken} @@ -67,13 +70,15 @@ outputs: puppet_config: config_volume: etcd step_config: *step_config - config_image: &etcd_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerEtcdImage} ] + config_image: &etcd_config_image {get_param: DockerEtcdConfigImage} kolla_config: /var/lib/kolla/config_files/etcd.json: command: /usr/bin/etcd --config-file /etc/etcd/etcd.yml + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/etcd owner: etcd:etcd @@ -81,7 +86,7 @@ outputs: docker_config: step_2: etcd: - image: *etcd_image + image: {get_param: DockerEtcdImage} net: host privileged: false restart: always @@ -89,7 +94,7 @@ outputs: - /var/lib/etcd:/var/lib/etcd - /etc/localtime:/etc/localtime:ro - /var/lib/kolla/config_files/etcd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/etcd/etc/etcd/etcd.yml:/etc/etcd/etcd.yml:ro + - /var/lib/config-data/puppet-generated/etcd/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: @@ -98,7 +103,7 @@ outputs: config_volume: 'etcd_init_tasks' puppet_tags: 'etcd_key' step_config: 'include ::tripleo::profile::base::etcd' - config_image: *etcd_image + config_image: *etcd_config_image volumes: - /var/lib/config-data/etcd/etc/etcd/:/etc/etcd:ro - /var/lib/etcd:/var/lib/etcd:ro diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index 5c244012..d88c64b5 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -4,19 +4,21 @@ description: > OpenStack Glance service configured with Puppet parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerGlanceApiImage: description: image - default: 'centos-binary-glance-api:latest' + type: string + DockerGlanceApiConfigImage: + description: The container image to use for the glance_api config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -52,6 +54,7 @@ resources: type: ../../puppet/services/glance-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -74,20 +77,27 @@ outputs: config_volume: glance_api puppet_tags: glance_api_config,glance_api_paste_ini,glance_swift_config,glance_cache_config step_config: *step_config - config_image: &glance_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ] + config_image: {get_param: DockerGlanceApiConfigImage} kolla_config: /var/lib/kolla/config_files/glance_api.json: command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/glance_api_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: # Kolla_bootstrap/db_sync runs before permissions set by kolla_config step_2: glance_init_logs: - image: *glance_image + image: &glance_api_image {get_param: DockerGlanceApiImage} privileged: false user: root volumes: @@ -95,7 +105,7 @@ outputs: command: ['/bin/bash', '-c', 'chown -R glance:glance /var/log/glance'] step_3: glance_api_db_sync: - image: *glance_image + image: *glance_api_image net: host privileged: false detach: false @@ -105,7 +115,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro + - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/glance:/var/log/glance environment: - KOLLA_BOOTSTRAP=True @@ -115,7 +125,7 @@ outputs: map_merge: - glance_api: start_order: 2 - image: *glance_image + image: *glance_api_image net: host privileged: false restart: always @@ -126,7 +136,7 @@ outputs: - internal_tls_enabled - glance_api_tls_proxy: start_order: 2 - image: *glance_image + image: *glance_api_image net: host user: root restart: always @@ -135,9 +145,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/glance_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/glance_api/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/glance_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/glance_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index bd1c3168..5129b89f 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized gnocchi service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerGnocchiApiImage: description: image - default: 'centos-binary-gnocchi-api:latest' + type: string + DockerGnocchiConfigImage: + description: The container image to use for the gnocchi config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -73,13 +75,15 @@ outputs: config_volume: gnocchi puppet_tags: gnocchi_api_paste_ini,gnocchi_config step_config: *step_config - config_image: &gnocchi_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ] + config_image: {get_param: DockerGnocchiConfigImage} kolla_config: /var/lib/kolla/config_files/gnocchi_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -88,14 +92,14 @@ outputs: # db sync runs before permissions set by kolla_config step_2: gnocchi_init_log: - image: *gnocchi_image + image: &gnocchi_api_image {get_param: DockerGnocchiApiImage} user: root volumes: - /var/log/containers/gnocchi:/var/log/gnocchi command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi'] step_3: gnocchi_db_sync: - image: *gnocchi_image + image: *gnocchi_api_image net: host detach: false privileged: false @@ -109,7 +113,7 @@ outputs: command: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --skip-storage'" step_4: gnocchi_api: - image: *gnocchi_image + image: *gnocchi_api_image net: host privileged: false restart: always @@ -118,11 +122,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - - /var/lib/config-data/gnocchi/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/gnocchi/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/gnocchi/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/gnocchi/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi - if: diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index ea26d838..1a0a1ddb 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Gnocchi Metricd service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerGnocchiMetricdImage: description: image - default: 'centos-binary-gnocchi-metricd:latest' + type: string + DockerGnocchiConfigImage: + description: The container image to use for the gnocchi config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,6 +46,7 @@ resources: type: ../../puppet/services/gnocchi-metricd.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -63,13 +66,15 @@ outputs: config_volume: gnocchi puppet_tags: gnocchi_config step_config: *step_config - config_image: &gnocchi_metricd_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ] + config_image: {get_param: DockerGnocchiConfigImage} kolla_config: /var/lib/kolla/config_files/gnocchi_metricd.json: command: /usr/bin/gnocchi-metricd + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -77,7 +82,7 @@ outputs: docker_config: step_4: gnocchi_metricd: - image: *gnocchi_metricd_image + image: {get_param: DockerGnocchiMetricdImage} net: host privileged: false restart: always @@ -86,7 +91,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro + - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index a8ae857d..00d218d2 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Gnocchi Statsd service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerGnocchiStatsdImage: description: image - default: 'centos-binary-gnocchi-statsd:latest' + type: string + DockerGnocchiConfigImage: + description: The container image to use for the gnocchi config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,6 +46,7 @@ resources: type: ../../puppet/services/gnocchi-statsd.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -63,13 +66,15 @@ outputs: config_volume: gnocchi puppet_tags: gnocchi_config step_config: *step_config - config_image: &gnocchi_statsd_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ] + config_image: {get_param: DockerGnocchiConfigImage} kolla_config: /var/lib/kolla/config_files/gnocchi_statsd.json: command: /usr/bin/gnocchi-statsd + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -77,7 +82,7 @@ outputs: docker_config: step_4: gnocchi_statsd: - image: *gnocchi_statsd_image + image: {get_param: DockerGnocchiStatsdImage} net: host privileged: false restart: always @@ -86,7 +91,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro + - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index 1f8bcfad..f080dcb2 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -4,14 +4,16 @@ description: > OpenStack containerized HAproxy service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerHAProxyImage: description: image - default: 'centos-binary-haproxy:latest' type: string + DockerHAProxyConfigImage: + description: The container image to use for the haproxy config_volume + type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -38,8 +40,13 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string RedisPassword: - description: The password for Redis + description: The password for the redis service account. type: string hidden: true MonitoringSubscriptionHaproxy: @@ -63,6 +70,7 @@ resources: type: ../../puppet/services/haproxy.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -85,26 +93,35 @@ outputs: config_volume: haproxy puppet_tags: haproxy_config step_config: *step_config - config_image: &haproxy_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ] + config_image: {get_param: DockerHAProxyConfigImage} + volumes: &deployed_cert_mount + - list_join: + - ':' + - - {get_param: DeployedSSLCertificatePath} + - {get_param: DeployedSSLCertificatePath} + - 'ro' kolla_config: /var/lib/kolla/config_files/haproxy.json: command: haproxy -f /etc/haproxy/haproxy.cfg + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_1: haproxy: - image: *haproxy_image + image: {get_param: DockerHAProxyImage} net: host privileged: false restart: always volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} + - *deployed_cert_mount - - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/haproxy/etc/:/etc/:ro + - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS metadata_settings: diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml index 89ba8cbd..aff0f1a1 100644 --- a/docker/services/heat-api-cfn.yaml +++ b/docker/services/heat-api-cfn.yaml @@ -4,24 +4,22 @@ description: > OpenStack containerized Heat API CFN service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerHeatApiCfnImage: description: image - default: 'centos-binary-heat-api-cfn:latest' type: string # puppet needs the heat-wsgi-api-cfn binary from centos-binary-heat-api-cfn - DockerHeatConfigImage: - description: image - default: 'centos-binary-heat-api-cfn:latest' + DockerHeatApiCfnConfigImage: + description: The container image to use for the heat_api_cfn config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -56,6 +54,7 @@ resources: type: ../../puppet/services/heat-api-cfn.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -78,13 +77,15 @@ outputs: config_volume: heat_api_cfn puppet_tags: heat_config,file,concat,file_line step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ] + config_image: {get_param: DockerHeatApiCfnConfigImage} kolla_config: /var/lib/kolla/config_files/heat_api_cfn.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/heat owner: heat:heat @@ -92,10 +93,7 @@ outputs: docker_config: step_4: heat_api_cfn: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiCfnImage} ] + image: {get_param: DockerHeatApiCfnImage} net: host privileged: false restart: always @@ -107,11 +105,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/heat_api_cfn/etc/heat/:/etc/heat/:ro - - /var/lib/config-data/heat_api_cfn/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/heat_api_cfn/:/var/lib/kolla/config_files/src:ro - /var/log/containers/heat:/var/log/heat - if: diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index 834f2a0b..ba8fc75f 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -4,24 +4,22 @@ description: > OpenStack containerized Heat API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerHeatApiImage: description: image - default: 'centos-binary-heat-api:latest' type: string # puppet needs the heat-wsgi-api binary from centos-binary-heat-api - DockerHeatConfigImage: - description: image - default: 'centos-binary-heat-api:latest' + DockerHeatApiConfigImage: + description: The container image to use for the heat_api config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -56,6 +54,7 @@ resources: type: ../../puppet/services/heat-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -78,13 +77,26 @@ outputs: config_volume: heat_api puppet_tags: heat_config,file,concat,file_line step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatConfigImage} ] + config_image: {get_param: DockerHeatApiConfigImage} kolla_config: /var/lib/kolla/config_files/heat_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/heat + owner: heat:heat + recurse: true + /var/lib/kolla/config_files/heat_api_cron.json: + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/heat owner: heat:heat @@ -92,10 +104,7 @@ outputs: docker_config: step_4: heat_api: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatApiImage} ] + image: {get_param: DockerHeatApiImage} net: host privileged: false restart: always @@ -107,11 +116,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/heat_api/etc/heat/:/etc/heat/:ro - - /var/lib/config-data/heat_api/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/heat_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/heat_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/heat_api/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/heat:/var/log/heat - if: @@ -125,6 +130,20 @@ outputs: - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + heat_api_cron: + image: {get_param: DockerHeatApiImage} + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/heat_api_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/heat_api/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/heat:/var/log/heat + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index 7a3312dd..789f3f9d 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Heat Engine service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerHeatEngineImage: description: image - default: 'centos-binary-heat-engine:latest' + type: string + DockerHeatConfigImage: + description: The container image to use for the heat config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -45,6 +47,7 @@ resources: type: ../../puppet/services/heat-engine.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,13 +70,15 @@ outputs: config_volume: heat puppet_tags: heat_config,file,concat,file_line step_config: *step_config - config_image: &heat_engine_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHeatEngineImage} ] + config_image: {get_param: DockerHeatConfigImage} kolla_config: /var/lib/kolla/config_files/heat_engine.json: command: /usr/bin/heat-engine --config-file /usr/share/heat/heat-dist.conf --config-file /etc/heat/heat.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/heat owner: heat:heat @@ -82,7 +87,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: heat_init_log: - image: *heat_engine_image + image: &heat_engine_image {get_param: DockerHeatEngineImage} user: root volumes: - /var/log/containers/heat:/var/log/heat @@ -112,7 +117,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/heat_engine.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro + - /var/lib/config-data/puppet-generated/heat/:/var/lib/kolla/config_files/src:ro - /var/log/containers/heat:/var/log/heat environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index 13bd091c..3d3bc7c3 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Horizon service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerHorizonImage: description: image - default: 'centos-binary-horizon:latest' + type: string + DockerHorizonConfigImage: + description: The container image to use for the horizon config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,6 +46,7 @@ resources: type: ../../puppet/services/horizon.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -70,13 +73,15 @@ outputs: config_volume: horizon puppet_tags: horizon_config step_config: {get_attr: [HorizonBase, role_data, step_config]} - config_image: &horizon_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHorizonImage} ] + config_image: {get_param: DockerHorizonConfigImage} kolla_config: /var/lib/kolla/config_files/horizon.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/horizon/ owner: apache:apache @@ -88,7 +93,7 @@ outputs: docker_config: step_2: horizon_fix_perms: - image: *horizon_image + image: &horizon_image {get_param: DockerHorizonImage} user: root # NOTE Set ownership for /var/log/horizon/horizon.log file here, # otherwise it's created by root when generating django cache. @@ -110,8 +115,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/horizon/etc/httpd:/etc/httpd:ro - - /var/lib/config-data/horizon/etc/openstack-dashboard:/etc/openstack-dashboard:ro + - /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro - /var/log/containers/horizon:/var/log/horizon environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index 1c8aa5bd..90978f3e 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Ironic API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerIronicApiImage: description: image - default: 'centos-binary-ironic-api:latest' type: string - DockerIronicConfigImage: - description: image - default: 'centos-binary-ironic-pxe:latest' + DockerIronicApiConfigImage: + description: The container image to use for the ironic_api config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/ironic-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,16 +66,18 @@ outputs: service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: - config_volume: ironic + config_volume: ironic_api puppet_tags: ironic_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] + config_image: {get_param: DockerIronicApiConfigImage} kolla_config: /var/lib/kolla/config_files/ironic_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/ironic owner: ironic:ironic @@ -85,10 +86,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: ironic_init_logs: - image: &ironic_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIronicApiImage} ] + image: &ironic_api_image {get_param: DockerIronicApiImage} privileged: false user: root volumes: @@ -97,7 +95,7 @@ outputs: step_3: ironic_db_sync: start_order: 1 - image: *ironic_image + image: *ironic_api_image net: host privileged: false detach: false @@ -106,13 +104,13 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro + - /var/lib/config-data/ironic_api/etc/ironic:/etc/ironic:ro - /var/log/containers/ironic:/var/log/ironic command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'" step_4: ironic_api: start_order: 10 - image: *ironic_image + image: *ironic_api_image net: host user: root restart: always @@ -121,11 +119,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro - - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/ironic/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/ironic_api/:/var/lib/kolla/config_files/src:ro - /var/log/containers/ironic:/var/log/ironic environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml index 360eb669..6368bd23 100644 --- a/docker/services/ironic-conductor.yaml +++ b/docker/services/ironic-conductor.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Ironic Conductor service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerIronicConductorImage: description: image - default: 'centos-binary-ironic-conductor:latest' type: string DockerIronicConfigImage: - description: image - default: 'centos-binary-ironic-pxe:latest' + description: The container image to use for the ironic config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/ironic-conductor.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -77,13 +76,15 @@ outputs: config_volume: ironic puppet_tags: ironic_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] + config_image: {get_param: DockerIronicConfigImage} kolla_config: /var/lib/kolla/config_files/ironic_conductor.json: command: /usr/bin/ironic-conductor + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/ironic owner: ironic:ironic @@ -95,10 +96,7 @@ outputs: step_4: ironic_conductor: start_order: 80 - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIronicConductorImage} ] + image: {get_param: DockerIronicConductorImage} net: host privileged: true restart: always @@ -107,7 +105,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ironic_conductor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro + - /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /sys:/sys - /dev:/dev diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml index 75c70828..48d2e1ee 100644 --- a/docker/services/ironic-pxe.yaml +++ b/docker/services/ironic-pxe.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Ironic PXE service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerIronicPxeImage: description: image - default: 'centos-binary-ironic-pxe:latest' type: string DockerIronicConfigImage: - description: image - default: 'centos-binary-ironic-pxe:latest' + description: The container image to use for the ironic config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -57,15 +55,22 @@ outputs: config_volume: ironic puppet_tags: ironic_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIronicConfigImage} ] + config_image: {get_param: DockerIronicConfigImage} kolla_config: /var/lib/kolla/config_files/ironic_pxe_http.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/ironic_pxe_tftp.json: command: /usr/sbin/in.tftpd --foreground --user root --address 0.0.0.0:69 --map-file /var/lib/ironic/tftpboot/map-file /var/lib/ironic/tftpboot + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/ironic owner: ironic:ironic @@ -74,10 +79,7 @@ outputs: step_4: ironic_pxe_tftp: start_order: 90 - image: &ironic_pxe_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIronicPxeImage} ] + image: &ironic_pxe_image {get_param: DockerIronicPxeImage} net: host privileged: false restart: always @@ -86,17 +88,8 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ironic_pxe_tftp.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro - # TODO(mandre) check how docker like mounting in a bind-mounted tree - # This directory may contain migrated data from BM + - /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro - /var/lib/ironic:/var/lib/ironic/ - # These files were generated by puppet inside the config container - # TODO(mandre) check the mount permission (ro/rw) - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/chain.c32:/var/lib/ironic/tftpboot/chain.c32 - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/pxelinux.0:/var/lib/ironic/tftpboot/pxelinux.0 - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/ipxe.efi:/var/lib/ironic/tftpboot/ipxe.efi - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/undionly.kpxe:/var/lib/ironic/tftpboot/undionly.kpxe - - /var/lib/config-data/ironic/var/lib/ironic/tftpboot/map-file:/var/lib/ironic/tftpboot/map-file - /dev/log:/dev/log - /var/log/containers/ironic:/var/log/ironic environment: @@ -112,11 +105,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro - - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/ironic/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/ironic/:/var/lib/kolla/config_files/src:ro - /var/lib/ironic:/var/lib/ironic/ - /var/log/containers/ironic:/var/log/ironic environment: diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml index 53f5aff2..f6b348c7 100644 --- a/docker/services/iscsid.yaml +++ b/docker/services/iscsid.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Iscsid service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerIscsidImage: description: image - default: 'centos-binary-iscsid:latest' + type: string + DockerIscsidConfigImage: + description: The container image to use for the iscsid config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -40,31 +42,43 @@ resources: ContainersCommon: type: ./containers-common.yaml + IscsidBase: + type: ../../puppet/services/iscsid.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + outputs: role_data: - description: Role data for the Iscsid API role. + description: Role data for the Iscsid role. value: - service_name: iscsid - config_settings: {} - step_config: '' - service_config_settings: {} + service_name: {get_attr: [IscsidBase, role_data, service_name]} + config_settings: {get_attr: [IscsidBase, role_data, config_settings]} + step_config: &step_config + {get_attr: [IscsidBase, role_data, step_config]} + service_config_settings: {get_attr: [IscsidBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: config_volume: iscsid - #puppet_tags: file - step_config: '' - config_image: &iscsid_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerIscsidImage} ] + puppet_tags: iscsid_config + step_config: *step_config + config_image: {get_param: DockerIscsidConfigImage} kolla_config: /var/lib/kolla/config_files/iscsid.json: command: /usr/sbin/iscsid -f + config_files: + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: iscsid: start_order: 2 - image: *iscsid_image + image: {get_param: DockerIscsidImage} net: host privileged: true restart: always @@ -77,14 +91,10 @@ outputs: - /run/:/run/ - /sys:/sys - /lib/modules:/lib/modules:ro - - /etc/iscsi:/etc/iscsi + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - - name: create /etc/iscsi - file: - path: /etc/iscsi - state: directory - name: stat /lib/systemd/system/iscsid.socket stat: path=/lib/systemd/system/iscsid.socket register: stat_iscsid_socket @@ -93,6 +103,7 @@ outputs: when: stat_iscsid_socket.stat.exists upgrade_tasks: - name: stat /lib/systemd/system/iscsid.service + tags: step2 stat: path=/lib/systemd/system/iscsid.service register: stat_iscsid_service - name: Stop and disable iscsid service @@ -100,6 +111,7 @@ outputs: service: name=iscsid state=stopped enabled=no when: stat_iscsid_service.stat.exists - name: stat /lib/systemd/system/iscsid.socket + tags: step2 stat: path=/lib/systemd/system/iscsid.socket register: stat_iscsid_socket - name: Stop and disable iscsid.socket service diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 4cd44f21..7ecfc329 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Keystone service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerKeystoneImage: description: image - default: 'centos-binary-keystone:latest' + type: string + DockerKeystoneConfigImage: + description: The container image to use for the keystone config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -57,6 +59,7 @@ resources: type: ../../puppet/services/keystone.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -86,18 +89,31 @@ outputs: config_volume: keystone puppet_tags: keystone_config step_config: *step_config - config_image: &keystone_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerKeystoneImage} ] + config_image: &keystone_config_image {get_param: DockerKeystoneConfigImage} kolla_config: /var/lib/kolla/config_files/keystone.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + /var/lib/kolla/config_files/keystone_cron.json: + command: /usr/sbin/cron -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/keystone + owner: keystone:keystone + recurse: true docker_config: # Kolla_bootstrap/db sync runs before permissions set by kolla_config step_2: keystone_init_log: - image: *keystone_image + image: &keystone_image {get_param: DockerKeystoneImage} user: root command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R keystone:keystone /var/log/keystone'] volumes: @@ -106,6 +122,7 @@ outputs: keystone_db_sync: image: *keystone_image net: host + user: root privileged: false detach: false volumes: &keystone_volumes @@ -113,11 +130,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/keystone/var/www/:/var/www/:ro - - /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro - - /var/lib/config-data/keystone/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/keystone/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/keystone/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro - /var/log/containers/keystone:/var/log/keystone - if: @@ -145,15 +158,31 @@ outputs: keystone_bootstrap: start_order: 3 action: exec + user: root command: [ 'keystone', '/usr/bin/bootstrap_host_exec', 'keystone' ,'keystone-manage', 'bootstrap', '--bootstrap-password', {get_param: AdminPassword} ] + keystone_cron: + start_order: 4 + image: *keystone_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/keystone_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/keystone/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/keystone:/var/log/keystone + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS docker_puppet_tasks: # Keystone endpoint creation occurs only on single node step_3: config_volume: 'keystone_init_tasks' puppet_tags: 'keystone_config,keystone_domain_config,keystone_endpoint,keystone_identity_provider,keystone_paste_ini,keystone_role,keystone_service,keystone_tenant,keystone_user,keystone_user_role,keystone_domain' step_config: 'include ::tripleo::profile::base::keystone' - config_image: *keystone_image + config_image: *keystone_config_image host_prep_tasks: - name: create persistent logs directory file: diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml index 62fdaaf0..c33f4094 100644 --- a/docker/services/manila-api.yaml +++ b/docker/services/manila-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Manila API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerManilaApiImage: description: image - default: 'centos-binary-manila-api:latest' type: string DockerManilaConfigImage: - description: image - default: 'centos-binary-manila-api:latest' + description: The container image to use for the manila config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/manila-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} @@ -65,13 +64,15 @@ outputs: config_volume: manila puppet_tags: manila_config,manila_api_paste_ini step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ] + config_image: {get_param: DockerManilaConfigImage} kolla_config: /var/lib/kolla/config_files/manila_api.json: command: /usr/bin/manila-api --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/manila owner: manila:manila @@ -79,10 +80,7 @@ outputs: docker_config: step_2: manila_init_logs: - image: &manila_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerManilaApiImage} ] + image: &manila_api_image {get_param: DockerManilaApiImage} user: root volumes: - /var/log/containers/manila:/var/log/manila @@ -110,7 +108,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/manila_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro + - /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro - /var/log/containers/manila:/var/log/manila environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/manila-scheduler.yaml b/docker/services/manila-scheduler.yaml index fbc80fc5..730d33f6 100644 --- a/docker/services/manila-scheduler.yaml +++ b/docker/services/manila-scheduler.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Manila Scheduler service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerManilaSchedulerImage: description: image - default: 'centos-binary-manila-scheduler:latest' type: string DockerManilaConfigImage: - description: image - default: 'centos-binary-manila-api:latest' + description: The container image to use for the manila config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/manila-scheduler.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} @@ -65,13 +64,15 @@ outputs: config_volume: manila puppet_tags: manila_config,manila_scheduler_paste_ini step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerManilaConfigImage} ] + config_image: {get_param: DockerManilaConfigImage} kolla_config: /var/lib/kolla/config_files/manila_scheduler.json: command: /usr/bin/manila-scheduler --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/manila owner: manila:manila @@ -79,10 +80,7 @@ outputs: docker_config: step_4: manila_scheduler: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerManilaSchedulerImage} ] + image: {get_param: DockerManilaSchedulerImage} net: host restart: always volumes: @@ -90,7 +88,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/manila_scheduler.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/manila/etc/manila/:/etc/manila/:ro + - /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro - /var/log/containers/manila:/var/log/manila environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/manila-share.yaml b/docker/services/manila-share.yaml new file mode 100644 index 00000000..09d1a574 --- /dev/null +++ b/docker/services/manila-share.yaml @@ -0,0 +1,111 @@ +heat_template_version: pike + +description: > + OpenStack containerized Manila Share service + +parameters: + DockerManilaShareImage: + description: image + type: string + DockerManilaConfigImage: + description: image + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + ManilaBase: + type: ../../puppet/services/manila-share.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Manila Share role. + value: + service_name: {get_attr: [ManilaBase, role_data, service_name]} + config_settings: {get_attr: [ManilaBase, role_data, config_settings]} + step_config: &step_config + get_attr: [ManilaBase, role_data, step_config] + service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: manila + puppet_tags: manila_config + step_config: *step_config + config_image: {get_param: DockerManilaConfigImage} + kolla_config: + /var/lib/kolla/config_files/manila_share.json: + command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + # NOTE(gfidente): ceph-ansible generated + - source: "/var/lib/kolla/config_files/src-ceph/*" + dest: "/etc/ceph" + merge: true + preserve_properties: true + permissions: + - path: /var/log/manila + owner: manila:manila + recurse: true + docker_config: + step_4: + manila_share: + image: &manila_share_image {get_param: DockerManilaShareImage} + net: host + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/manila_share.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/manila/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/manila:/var/log/manila + - /etc/ceph/:/var/lib/kolla/config_files/src-ceph:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent directories + file: + path: /var/log/containers/manila + state: directory + upgrade_tasks: + - name: Stop and disable manila_share service + tags: step2 + service: name=openstack-manila-share state=stopped enabled=no diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml index d4539649..7e28bdc1 100644 --- a/docker/services/memcached.yaml +++ b/docker/services/memcached.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Memcached services parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMemcachedImage: description: image - default: 'centos-binary-memcached:latest' + type: string + DockerMemcachedConfigImage: + description: The container image to use for the memcached config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,6 +46,7 @@ resources: type: ../../puppet/services/memcached.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -63,17 +66,14 @@ outputs: config_volume: 'memcached' puppet_tags: 'file' step_config: *step_config - config_image: &memcached_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMemcachedImage} ] + config_image: {get_param: DockerMemcachedConfigImage} kolla_config: {} docker_config: step_1: memcached_init_logs: start_order: 0 detach: false - image: *memcached_image + image: &memcached_image {get_param: DockerMemcachedImage} privileged: false user: root volumes: @@ -93,8 +93,6 @@ outputs: - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro # TODO(bogdando) capture memcached syslog logs from a container command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS'] - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS upgrade_tasks: - name: Stop and disable memcached service tags: step2 diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index 30c3cde1..73db3742 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Mistral API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMistralApiImage: description: image - default: 'centos-binary-mistral-api:latest' type: string DockerMistralConfigImage: - description: image - default: 'centos-binary-mistral-api:latest' + description: The container image to use for the mistral config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/mistral-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -69,13 +68,15 @@ outputs: config_volume: mistral puppet_tags: mistral_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ] + config_image: {get_param: DockerMistralConfigImage} kolla_config: /var/lib/kolla/config_files/mistral_api.json: command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/api.log --server=api + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/mistral owner: mistral:mistral @@ -84,10 +85,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: mistral_init_logs: - image: &mistral_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMistralApiImage} ] + image: &mistral_api_image {get_param: DockerMistralApiImage} privileged: false user: root volumes: @@ -96,7 +94,7 @@ outputs: step_3: mistral_db_sync: start_order: 0 - image: *mistral_image + image: *mistral_api_image net: host privileged: false detach: false @@ -110,7 +108,7 @@ outputs: command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'" mistral_db_populate: start_order: 1 - image: *mistral_image + image: *mistral_api_image net: host privileged: false detach: false @@ -127,7 +125,7 @@ outputs: step_4: mistral_api: start_order: 15 - image: *mistral_image + image: *mistral_api_image net: host privileged: false restart: always @@ -136,7 +134,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/mistral_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro + - /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro - /var/log/containers/mistral:/var/log/mistral environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml index d60d847b..4c6b300d 100644 --- a/docker/services/mistral-engine.yaml +++ b/docker/services/mistral-engine.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Mistral Engine service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMistralEngineImage: description: image - default: 'centos-binary-mistral-engine:latest' type: string DockerMistralConfigImage: - description: image - default: 'centos-binary-mistral-api:latest' + description: The container image to use for the mistral config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +47,7 @@ resources: type: ../../puppet/services/mistral-engine.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -70,13 +69,15 @@ outputs: config_volume: mistral puppet_tags: mistral_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ] + config_image: {get_param: DockerMistralConfigImage} kolla_config: /var/lib/kolla/config_files/mistral_engine.json: command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/engine.log --server=engine + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/mistral owner: mistral:mistral @@ -84,10 +85,7 @@ outputs: docker_config: step_4: mistral_engine: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMistralEngineImage} ] + image: {get_param: DockerMistralEngineImage} net: host privileged: false restart: always @@ -97,7 +95,7 @@ outputs: - - /run:/run - /var/lib/kolla/config_files/mistral_engine.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro + - /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro - /var/log/containers/mistral:/var/log/mistral environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml index 76ae052b..ea54c574 100644 --- a/docker/services/mistral-executor.yaml +++ b/docker/services/mistral-executor.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Mistral Executor service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMistralExecutorImage: description: image - default: 'centos-binary-mistral-executor:latest' type: string DockerMistralConfigImage: - description: image - default: 'centos-binary-mistral-api:latest' + description: The container image to use for the mistral config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +47,7 @@ resources: type: ../../puppet/services/mistral-executor.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -70,13 +69,15 @@ outputs: config_volume: mistral puppet_tags: mistral_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMistralConfigImage} ] + config_image: {get_param: DockerMistralConfigImage} kolla_config: /var/lib/kolla/config_files/mistral_executor.json: command: /usr/bin/mistral-server --config-file=/etc/mistral/mistral.conf --log-file=/var/log/mistral/executor.log --server=executor + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/mistral owner: mistral:mistral @@ -84,10 +85,7 @@ outputs: docker_config: step_4: mistral_executor: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMistralExecutorImage} ] + image: {get_param: DockerMistralExecutorImage} net: host privileged: false restart: always @@ -96,7 +94,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/mistral_executor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro + - /var/lib/config-data/puppet-generated/mistral/:/var/lib/kolla/config_files/src:ro - /run:/run # FIXME: this is required in order for Nova cells # initialization workflows on the Undercloud. Need to @@ -111,6 +109,18 @@ outputs: path: /var/log/containers/mistral state: directory upgrade_tasks: + - name: Check if mistral executor is deployed + command: systemctl is-enabled openstack-mistral-executor + tags: common + ignore_errors: True + register: mistral_executor_enabled + - name: "PreUpgrade step0,validation: Check if openstack-mistral-executor is running" + shell: > + /usr/bin/systemctl show 'openstack-mistral-executor' --property ActiveState | + grep '\bactive\b' + when: mistral_executor_enabled.rc == 0 + tags: step0,validation - name: Stop and disable mistral_executor service tags: step2 + when: mistral_executor_enabled.rc == 0 service: name=openstack-mistral-executor state=stopped enabled=no diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml index d8927d4b..a0c02f30 100644 --- a/docker/services/multipathd.yaml +++ b/docker/services/multipathd.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Multipathd service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMultipathdImage: description: image - default: 'centos-binary-multipathd:latest' + type: string + DockerMultipathdConfigImage: + description: The container image to use for the multipathd config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -53,18 +55,20 @@ outputs: config_volume: multipathd #puppet_tags: file step_config: '' - config_image: &multipathd_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerMultipathdImage} ] + config_image: {get_param: DockerMultipathdConfigImage} kolla_config: /var/lib/kolla/config_files/multipathd.json: command: /usr/sbin/multipathd -d + config_files: + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: multipathd: start_order: 1 - image: *multipathd_image + image: {get_param: DockerMultipathdImage} net: host privileged: true restart: always @@ -73,11 +77,11 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/multipathd.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - /dev/:/dev/ - /run/:/run/ - /sys:/sys - /lib/modules:/lib/modules:ro - - /etc/iscsi:/etc/iscsi - /var/lib/cinder:/var/lib/cinder environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index 6c2d4cae..a9125c8c 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -4,24 +4,21 @@ description: > OpenStack containerized Neutron API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNeutronApiImage: description: image - default: 'centos-binary-neutron-server:latest' type: string - # we configure all neutron services in the same neutron DockerNeutronConfigImage: - description: image - default: 'centos-binary-neutron-server:latest' + description: The container image to use for the neutron config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -56,6 +53,7 @@ resources: type: ../../puppet/services/neutron-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -77,27 +75,31 @@ outputs: config_volume: neutron puppet_tags: neutron_config,neutron_api_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + config_image: {get_param: DockerNeutronConfigImage} kolla_config: /var/lib/kolla/config_files/neutron_api.json: - command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini + command: /usr/bin/neutron-server --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-server + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/neutron owner: neutron:neutron recurse: true /var/lib/kolla/config_files/neutron_server_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: # db sync runs before permissions set by kolla_config step_2: neutron_init_logs: - image: &neutron_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronApiImage} ] + image: &neutron_api_image {get_param: DockerNeutronApiImage} privileged: false user: root volumes: @@ -133,7 +135,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -149,9 +151,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/neutron/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/neutron/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: @@ -163,8 +163,18 @@ outputs: path: /var/log/containers/neutron state: directory upgrade_tasks: + - name: Check if neutron_server is deployed + command: systemctl is-enabled neutron-server + tags: common + ignore_errors: True + register: neutron_server_enabled + - name: "PreUpgrade step0,validation: Check service neutron-server is running" + shell: /usr/bin/systemctl show 'neutron-server' --property ActiveState | grep '\bactive\b' + when: neutron_server_enabled.rc == 0 + tags: step0,validation - name: Stop and disable neutron_api service tags: step2 + when: neutron_server_enabled.rc == 0 service: name=neutron-server state=stopped enabled=no metadata_settings: get_attr: [NeutronBase, role_data, metadata_settings] diff --git a/docker/services/neutron-dhcp.yaml b/docker/services/neutron-dhcp.yaml index d14f5251..4b75d542 100644 --- a/docker/services/neutron-dhcp.yaml +++ b/docker/services/neutron-dhcp.yaml @@ -4,24 +4,21 @@ description: > OpenStack containerized Neutron DHCP service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNeutronDHCPImage: description: image - default: 'centos-binary-neutron-dhcp-agent:latest' type: string - # we configure all neutron services in the same neutron DockerNeutronConfigImage: - description: image - default: 'centos-binary-neutron-server:latest' + description: The container image to use for the neutron config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +46,7 @@ resources: type: ../../puppet/services/neutron-dhcp.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -70,24 +68,26 @@ outputs: config_volume: neutron puppet_tags: neutron_config,neutron_dhcp_agent_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + config_image: {get_param: DockerNeutronConfigImage} kolla_config: /var/lib/kolla/config_files/neutron_dhcp.json: - command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log + command: /usr/bin/neutron-dhcp-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/dhcp_agent.ini --log-file /var/log/neutron/dhcp-agent.log --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-dhcp-agent + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/neutron owner: neutron:neutron recurse: true + - path: /var/lib/neutron + owner: neutron:neutron + recurse: true docker_config: step_4: neutron_dhcp: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronDHCPImage} ] + image: {get_param: DockerNeutronDHCPImage} net: host pid: host privileged: true @@ -97,18 +97,33 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_dhcp.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run/:/run + - /var/lib/neutron:/var/lib/neutron - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: + - name: create /var/lib/neutron + file: + path: /var/lib/neutron + state: directory - name: create persistent logs directory file: path: /var/log/containers/neutron state: directory upgrade_tasks: + - name: Check if neutron_dhcp_agent is deployed + command: systemctl is-enabled neutron-dhcp-agent + tags: common + ignore_errors: True + register: neutron_dhcp_agent_enabled + - name: "PreUpgrade step0,validation: Check service neutron-dhcp-agent is running" + shell: /usr/bin/systemctl show 'neutron-dhcp-agent' --property ActiveState | grep '\bactive\b' + when: neutron_dhcp_agent_enabled.rc == 0 + tags: step0,validation - name: Stop and disable neutron_dhcp service tags: step2 + when: neutron_dhcp_agent_enabled.rc == 0 service: name=neutron-dhcp-agent state=stopped enabled=no diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml index f3a284fe..06470c05 100644 --- a/docker/services/neutron-l3.yaml +++ b/docker/services/neutron-l3.yaml @@ -4,19 +4,16 @@ description: > OpenStack containerized Neutron L3 agent parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNeutronL3AgentImage: description: image - default: 'centos-binary-neutron-l3-agent:latest' type: string - # we configure all neutron services in the same neutron DockerNeutronConfigImage: - description: image - default: 'centos-binary-neutron-server:latest' + description: The container image to use for the neutron config_volume type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +46,7 @@ resources: type: ../../puppet/services/neutron-l3.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -66,24 +64,26 @@ outputs: puppet_tags: neutron_config,neutron_l3_agent_config config_volume: neutron step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + config_image: {get_param: DockerNeutronConfigImage} kolla_config: /var/lib/kolla/config_files/neutron_l3_agent.json: - command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini + command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-l3-agent + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/neutron owner: neutron:neutron recurse: true + - path: /var/lib/neutron + owner: neutron:neutron + recurse: true docker_config: step_4: neutron_l3_agent: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronL3AgentImage} ] + image: {get_param: DockerNeutronL3AgentImage} net: host pid: host privileged: true @@ -93,13 +93,18 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run + - /var/lib/neutron:/var/lib/neutron - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: + - name: create /var/lib/neutron + file: + path: /var/lib/neutron + state: directory - name: create persistent logs directory file: path: /var/log/containers/neutron diff --git a/docker/services/neutron-metadata.yaml b/docker/services/neutron-metadata.yaml index 69bf0c4e..a5a7c34b 100644 --- a/docker/services/neutron-metadata.yaml +++ b/docker/services/neutron-metadata.yaml @@ -4,19 +4,16 @@ description: > OpenStack containerized Neutron Metadata agent parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNeutronMetadataImage: description: image - default: 'centos-binary-neutron-metadata-agent:latest' type: string - # we configure all neutron services in the same neutron DockerNeutronConfigImage: - description: image - default: 'centos-binary-neutron-server:latest' + description: The container image to use for the neutron config_volume type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +46,7 @@ resources: type: ../../puppet/services/neutron-metadata.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -66,24 +64,26 @@ outputs: puppet_tags: neutron_config,neutron_metadata_agent_config config_volume: neutron step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + config_image: {get_param: DockerNeutronConfigImage} kolla_config: /var/lib/kolla/config_files/neutron_metadata_agent.json: command: /usr/bin/neutron-metadata-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-metadata-agent + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/neutron owner: neutron:neutron recurse: true + - path: /var/lib/neutron + owner: neutron:neutron + recurse: true docker_config: step_4: neutron_metadata_agent: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronMetadataImage} ] + image: {get_param: DockerNeutronMetadataImage} net: host pid: host privileged: true @@ -93,18 +93,33 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run + - /var/lib/neutron:/var/lib/neutron - /var/log/containers/neutron:/var/log/neutron environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: + - name: create /var/lib/neutron + file: + path: /var/lib/neutron + state: directory - name: create persistent logs directory file: path: /var/log/containers/neutron state: directory upgrade_tasks: + - name: Check if neutron_metadata_agent is deployed + command: systemctl is-enabled neutron-metadata-agent + tags: common + ignore_errors: True + register: neutron_metadata_agent_enabled + - name: "PreUpgrade step0,validation: Check service neutron-metadata-agent is running" + shell: /usr/bin/systemctl show 'neutron-metadata-agent' --property ActiveState | grep '\bactive\b' + when: neutron_metadata_agent_enabled.rc == 0 + tags: step0,validation - name: Stop and disable neutron_metadata service tags: step2 + when: neutron_metadata_agent_enabled.rc == 0 service: name=neutron-metadata-agent state=stopped enabled=no diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index 65ad21ed..4cce23d9 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -4,18 +4,16 @@ description: > OpenStack Neutron openvswitch service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerOpenvswitchImage: description: image - default: 'centos-binary-neutron-openvswitch-agent:latest' type: string DockerNeutronConfigImage: - description: image - default: 'centos-binary-neutron-server:latest' + description: The container image to use for the neutron config_volume type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/neutron-ovs-agent.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -65,13 +64,15 @@ outputs: config_volume: neutron puppet_tags: neutron_config,neutron_agent_ovs,neutron_plugin_ml2 step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + config_image: {get_param: DockerNeutronConfigImage} kolla_config: /var/lib/kolla/config_files/neutron_ovs_agent.json: - command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini + command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --config-dir /etc/neutron/conf.d/common + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/neutron owner: neutron:neutron @@ -79,10 +80,7 @@ outputs: docker_config: step_4: neutron_ovs_agent: - image: &neutron_ovs_agent_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchImage} ] + image: {get_param: DockerOpenvswitchImage} net: host pid: host privileged: true @@ -92,7 +90,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro + - /var/lib/config-data/puppet-generated/neutron/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /run:/run - /var/log/containers/neutron:/var/log/neutron diff --git a/docker/services/neutron-plugin-ml2.yaml b/docker/services/neutron-plugin-ml2.yaml index 1739a5b9..8d12e0de 100644 --- a/docker/services/neutron-plugin-ml2.yaml +++ b/docker/services/neutron-plugin-ml2.yaml @@ -9,22 +9,20 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set via parameter_defaults in the resource registry. This mapping overrides those in ServiceNetMapDefaults. type: json - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNeutronConfigImage: - description: image - default: 'centos-binary-neutron-server:latest' + description: The container image to use for the neutron config_volume type: string DefaultPasswords: - default: {} type: json RoleName: default: '' @@ -38,9 +36,10 @@ parameters: resources: NeutronBase: - type: ../../puppet/services/neutron-plugin-ml2.yaml + type: OS::TripleO::Docker::NeutronMl2PluginBase properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -60,11 +59,8 @@ outputs: # BEGIN DOCKER SETTINGS puppet_config: config_volume: 'neutron' - puppet_tags: '' + puppet_tags: neutron_plugin_ml2 step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ] + config_image: {get_param: DockerNeutronConfigImage} kolla_config: {} docker_config: {} diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index c97f45de..4bec8035 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Nova API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNovaApiImage: description: image - default: 'centos-binary-nova-api:latest' type: string DockerNovaConfigImage: - description: image - default: 'centos-binary-nova-base:latest' + description: The container image to use for the nova config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/nova-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -62,6 +61,9 @@ outputs: map_merge: - get_attr: [NovaApiBase, role_data, config_settings] - apache::default_vhost: false + nova_wsgi_enabled: false + nova::api::service_name: '%{::nova::params::api_service_name}' + nova::wsgi::apache_api::ssl: false step_config: &step_config list_join: - "\n" @@ -73,13 +75,26 @@ outputs: config_volume: nova puppet_tags: nova_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_api.json: command: /usr/bin/nova-api + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /var/log/nova + owner: nova:nova + recurse: true + /var/lib/kolla/config_files/nova_api_cron.json: + command: /usr/sbin/crond -n + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -88,10 +103,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: nova_init_logs: - image: &nova_api_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaApiImage} ] + image: &nova_api_image {get_param: DockerNovaApiImage} privileged: false user: root volumes: @@ -104,11 +116,10 @@ outputs: net: host detach: false user: root - volumes: &nova_api_volumes + volumes: &nova_api_bootstrap_volumes list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro - /var/log/containers/nova:/var/log/nova command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'" @@ -121,14 +132,14 @@ outputs: net: host detach: false user: root - volumes: *nova_api_volumes + volumes: *nova_api_bootstrap_volumes command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'" nova_api_create_default_cell: start_order: 2 image: *nova_api_image net: host detach: false - volumes: *nova_api_volumes + volumes: *nova_api_bootstrap_volumes # NOTE: allowing the exit code 2 is a dirty way of making # this idempotent (if the resource already exists a conflict # is raised) @@ -140,7 +151,7 @@ outputs: image: *nova_api_image net: host detach: false - volumes: *nova_api_volumes + volumes: *nova_api_bootstrap_volumes user: root command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage db sync'" step_4: @@ -151,7 +162,28 @@ outputs: user: nova privileged: true restart: always - volumes: *nova_api_volumes + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/nova:/var/log/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + nova_api_cron: + image: *nova_api_image + net: host + user: root + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova_api_cron.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS step_5: @@ -160,7 +192,7 @@ outputs: image: *nova_api_image net: host detach: false - volumes: *nova_api_volumes + volumes: *nova_api_bootstrap_volumes user: root command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'" host_prep_tasks: diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index 9f647eba..0426eaec 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -4,14 +4,16 @@ description: > OpenStack containerized Nova Compute service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNovaComputeImage: description: image - default: 'centos-binary-nova-compute:latest' type: string + DockerNovaLibvirtConfigImage: + description: The container image to use for the nova_libvirt config_volume + type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -34,6 +36,11 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + DockerNovaMigrationSshdPort: + default: 2022 + description: Port that dockerized nova migration target sshd service + binds to. + type: number resources: @@ -44,10 +51,12 @@ resources: type: ../../puppet/services/nova-compute.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + MigrationSshPort: {get_param: DockerNovaMigrationSshdPort} outputs: role_data: @@ -55,27 +64,26 @@ outputs: value: service_name: {get_attr: [NovaComputeBase, role_data, service_name]} config_settings: - map_merge: - - get_attr: [NovaComputeBase, role_data, config_settings] - # FIXME: we need to disable migration for now as the - # hieradata is common for all services, and this means nova - # and nova_placement puppet runs also try to configure - # libvirt, and they fail. We can remove this override when - # we have hieradata separation between containers. - - tripleo::profile::base::nova::manage_migration: false + get_attr: [NovaComputeBase, role_data, config_settings] step_config: &step_config get_attr: [NovaComputeBase, role_data, step_config] puppet_config: config_volume: nova_libvirt puppet_tags: nova_config,nova_paste_api_ini step_config: *step_config - config_image: &nova_compute_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + config_image: {get_param: DockerNovaLibvirtConfigImage} kolla_config: /var/lib/kolla/config_files/nova_compute.json: command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -87,7 +95,7 @@ outputs: # FIXME: run discover hosts here step_4: nova_compute: - image: *nova_compute_image + image: &nova_compute_image {get_param: DockerNovaComputeImage} net: host privileged: true user: nova @@ -97,9 +105,9 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - /dev:/dev - - /etc/iscsi:/etc/iscsi - /lib/modules:/lib/modules:ro - /run:/run - /var/lib/nova:/var/lib/nova diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml index 131355d7..9f666577 100644 --- a/docker/services/nova-conductor.yaml +++ b/docker/services/nova-conductor.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Nova Conductor service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNovaConductorImage: description: image - default: 'centos-binary-nova-conductor:latest' type: string DockerNovaConfigImage: - description: image - default: 'centos-binary-nova-base:latest' + description: The container image to use for the nova config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,6 +47,7 @@ resources: type: ../../puppet/services/nova-conductor.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -68,13 +67,15 @@ outputs: config_volume: nova puppet_tags: nova_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_conductor.json: command: /usr/bin/nova-conductor + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -82,10 +83,7 @@ outputs: docker_config: step_4: nova_conductor: - image: &nova_conductor_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConductorImage} ] + image: {get_param: DockerNovaConductorImage} net: host privileged: false restart: always @@ -94,7 +92,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_conductor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-consoleauth.yaml b/docker/services/nova-consoleauth.yaml index 19f25d8e..0d3d1ec9 100644 --- a/docker/services/nova-consoleauth.yaml +++ b/docker/services/nova-consoleauth.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Nova Consoleauth service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNovaConsoleauthImage: description: image - default: 'centos-binary-nova-consoleauth:latest' type: string DockerNovaConfigImage: - description: image - default: 'centos-binary-nova-base:latest' + description: The container image to use for the nova config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/nova-consoleauth.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,13 +66,15 @@ outputs: config_volume: nova puppet_tags: nova_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_consoleauth.json: command: /usr/bin/nova-consoleauth + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -81,10 +82,7 @@ outputs: docker_config: step_4: nova_consoleauth: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConsoleauthImage} ] + image: {get_param: DockerNovaConsoleauthImage} net: host privileged: false restart: always @@ -93,7 +91,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_consoleauth.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index 63780fe6..17068b41 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -4,18 +4,16 @@ description: > OpenStack containerized Nova Ironic Compute service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string - DockerNovaComputeImage: + DockerNovaComputeIronicImage: description: image - default: 'centos-binary-nova-compute-ironic:latest' type: string DockerNovaConfigImage: - description: image - default: 'centos-binary-nova-base:latest' + description: The container image to use for the nova config_volume type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -47,6 +45,7 @@ resources: NovaIronicBase: type: ../../puppet/services/nova-ironic.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -65,13 +64,19 @@ outputs: config_volume: nova puppet_tags: nova_config,nova_paste_api_ini step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_ironic.json: command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: "/var/lib/kolla/config_files/src-iscsid/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -82,10 +87,7 @@ outputs: docker_config: step_5: nova_compute: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ] + image: {get_param: DockerNovaComputeIronicImage} net: host privileged: true user: root @@ -95,10 +97,10 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_ironic.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - /run:/run - /dev:/dev - - /etc/iscsi:/etc/iscsi - /var/lib/nova/:/var/lib/nova - /var/log/containers/nova:/var/log/nova environment: diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 6c871f14..5fc7939a 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -4,24 +4,22 @@ description: > OpenStack Libvirt Service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string - DockerLibvirtImage: + DockerNovaLibvirtImage: description: image - default: 'centos-binary-nova-libvirt:latest' type: string # we configure libvirt via the nova-compute container due to coupling # in the puppet modules - DockerNovaConfigImage: - description: image - default: 'centos-binary-nova-compute:latest' + DockerNovaLibvirtConfigImage: + description: The container image to use for the nova_libvirt config_volume type: string EnablePackageInstall: default: 'false' - description: Set to true to enable package installation + description: Set to true to enable package installation at deploy time type: boolean + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -53,6 +51,12 @@ parameters: description: If set to true and if EnableInternalTLS is enabled, it will set the libvirt URI's transport to tls and configure the relevant keys for libvirt. + DockerNovaMigrationSshdPort: + default: 2022 + description: Port that dockerized nova migration target sshd service + binds to. + type: number + conditions: @@ -74,10 +78,12 @@ resources: type: ../../puppet/services/nova-libvirt.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + MigrationSshPort: {get_param: DockerNovaMigrationSshdPort} outputs: role_data: @@ -85,24 +91,14 @@ outputs: value: service_name: {get_attr: [NovaLibvirtBase, role_data, service_name]} config_settings: - map_merge: - - get_attr: [NovaLibvirtBase, role_data, config_settings] - # FIXME: we need to disable migration for now as the - # hieradata is common for all services, and this means nova - # and nova_placement puppet runs also try to configure - # libvirt, and they fail. We can remove this override when - # we have hieradata separation between containers. - - tripleo::profile::base::nova::manage_migration: false + get_attr: [NovaLibvirtBase, role_data, config_settings] step_config: &step_config get_attr: [NovaLibvirtBase, role_data, step_config] puppet_config: config_volume: nova_libvirt - puppet_tags: nova_config + puppet_tags: nova_config,file,exec step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + config_image: {get_param: DockerNovaLibvirtConfigImage} kolla_config: /var/lib/kolla/config_files/nova_libvirt.json: command: @@ -110,6 +106,11 @@ outputs: - use_tls_for_live_migration - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -117,10 +118,7 @@ outputs: docker_config: step_3: nova_libvirt: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerLibvirtImage} ] + image: {get_param: DockerNovaLibvirtImage} net: host pid: host privileged: true @@ -130,12 +128,13 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro + - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro - /lib/modules:/lib/modules:ro - /dev:/dev - /run:/run - /sys/fs/cgroup:/sys/fs/cgroup - /var/lib/nova:/var/lib/nova + - /etc/libvirt/secrets:/etc/libvirt/secrets # Needed to use host's virtlogd - /var/run/libvirt:/var/run/libvirt - /var/lib/libvirt:/var/lib/libvirt @@ -150,6 +149,7 @@ outputs: path: "{{ item }}" state: directory with_items: + - /etc/libvirt/secrets - /etc/libvirt/qemu - /var/lib/libvirt - /var/log/containers/nova diff --git a/docker/services/nova-metadata.yaml b/docker/services/nova-metadata.yaml index e158d3bc..0a8a74cd 100644 --- a/docker/services/nova-metadata.yaml +++ b/docker/services/nova-metadata.yaml @@ -9,6 +9,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -33,6 +37,7 @@ resources: type: ../../puppet/services/nova-metadata.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} diff --git a/docker/services/nova-migration-target.yaml b/docker/services/nova-migration-target.yaml new file mode 100644 index 00000000..385343a0 --- /dev/null +++ b/docker/services/nova-migration-target.yaml @@ -0,0 +1,124 @@ +heat_template_version: pike + +description: > + OpenStack containerized Nova Migration Target service + +parameters: + DockerNovaComputeImage: + description: image + type: string + DockerNovaLibvirtConfigImage: + description: The container image to use for the nova_libvirt config_volume + type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + DockerNovaMigrationSshdPort: + default: 2022 + description: Port that dockerized nova migration target sshd service + binds to. + type: number + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + SshdBase: + type: ../../puppet/services/sshd.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + + NovaMigrationTargetBase: + type: ../../puppet/services/nova-migration-target.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Nova Migration Target service. + value: + service_name: nova_migration_target + config_settings: + map_merge: + - get_attr: [SshdBase, role_data, config_settings] + - get_attr: [NovaMigrationTargetBase, role_data, config_settings] + - tripleo.nova_migration_target.firewall_rules: + '113 nova_migration_target': + dport: + - {get_param: DockerNovaMigrationSshdPort} + step_config: &step_config + list_join: + - "\n" + - - get_attr: [SshdBase, role_data, step_config] + - get_attr: [NovaMigrationTargetBase, role_data, step_config] + puppet_config: + config_volume: nova_libvirt + step_config: *step_config + config_image: {get_param: DockerNovaLibvirtConfigImage} + kolla_config: + /var/lib/kolla/config_files/nova-migration-target.json: + command: + str_replace: + template: "/usr/sbin/sshd -D -p SSHDPORT" + params: + SSHDPORT: {get_param: DockerNovaMigrationSshdPort} + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + - source: /host-ssh/ssh_host_*_key + dest: /etc/ssh/ + owner: "root" + perm: "0600" + docker_config: + step_4: + nova_migration_target: + image: {get_param: DockerNovaComputeImage} + net: host + privileged: true + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/nova-migration-target.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro + - /etc/ssh/:/host-ssh/:ro + - /run:/run + - /var/lib/nova:/var/lib/nova + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index 8f06f731..7350db20 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Nova Placement API service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNovaPlacementImage: description: image - default: 'centos-binary-nova-placement-api:latest' + type: string + DockerNovaPlacementConfigImage: + description: The container image to use for the nova_placement config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,6 +46,7 @@ resources: type: ../../puppet/services/nova-placement.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -66,13 +69,15 @@ outputs: config_volume: nova_placement puppet_tags: nova_config step_config: *step_config - config_image: &nova_placement_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaPlacementImage} ] + config_image: {get_param: DockerNovaPlacementConfigImage} kolla_config: /var/lib/kolla/config_files/nova_placement.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -82,7 +87,7 @@ outputs: step_3: nova_placement: start_order: 1 - image: *nova_placement_image + image: {get_param: DockerNovaPlacementImage} net: host user: root restart: always @@ -91,11 +96,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro - - /var/lib/config-data/nova_placement/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/nova_placement/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/nova_placement/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/nova_placement/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml index 6285e98e..5c1aa308 100644 --- a/docker/services/nova-scheduler.yaml +++ b/docker/services/nova-scheduler.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Nova Scheduler service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNovaSchedulerImage: description: image - default: 'centos-binary-nova-scheduler:latest' type: string DockerNovaConfigImage: - description: image - default: 'centos-binary-nova-base:latest' + description: The container image to use for the nova config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/nova-scheduler.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,13 +66,15 @@ outputs: config_volume: nova puppet_tags: nova_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_scheduler.json: command: /usr/bin/nova-scheduler + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -81,10 +82,7 @@ outputs: docker_config: step_4: nova_scheduler: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaSchedulerImage} ] + image: {get_param: DockerNovaSchedulerImage} net: host privileged: false restart: always @@ -93,7 +91,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_scheduler.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /run:/run - /var/log/containers/nova:/var/log/nova environment: diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml index 97d2d154..37831ff7 100644 --- a/docker/services/nova-vnc-proxy.yaml +++ b/docker/services/nova-vnc-proxy.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Nova Vncproxy service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerNovaVncProxyImage: description: image - default: 'centos-binary-nova-novncproxy:latest' type: string DockerNovaConfigImage: - description: image - default: 'centos-binary-nova-base:latest' + description: The container image to use for the nova config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/nova-vnc-proxy.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -67,13 +66,15 @@ outputs: config_volume: nova puppet_tags: nova_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ] + config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_vnc_proxy.json: command: /usr/bin/nova-novncproxy --web /usr/share/novnc/ + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/nova owner: nova:nova @@ -81,10 +82,7 @@ outputs: docker_config: step_4: nova_vnc_proxy: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerNovaVncProxyImage} ] + image: {get_param: DockerNovaVncProxyImage} net: host privileged: false restart: always @@ -93,7 +91,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/nova_vnc_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro + - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/octavia-api.yaml b/docker/services/octavia-api.yaml new file mode 100644 index 00000000..f5b4baec --- /dev/null +++ b/docker/services/octavia-api.yaml @@ -0,0 +1,168 @@ +heat_template_version: pike + +description: > + OpenStack Octavia service configured with Puppet + +parameters: + DockerOctaviaApiImage: + description: image + type: string + DockerOctaviaConfigImage: + description: The container image to use for the octavia config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OctaviaApiPuppetBase: + type: ../../puppet/services/octavia-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Octavia API role. + value: + service_name: {get_attr: [OctaviaApiPuppetBase, role_data, service_name]} + config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [OctaviaApiPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: octavia + puppet_tags: octavia_config + step_config: *step_config + config_image: {get_param: DockerOctaviaConfigImage} + kolla_config: + /var/lib/kolla/config_files/octavia_api.json: + command: /usr/bin/octavia-api --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/api.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-api + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + /var/lib/kolla/config_files/octavia_api_tls_proxy.json: + command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + docker_config: + # Kolla_bootstrap/db_sync runs before permissions set by kolla_config + step_2: + octavia_api_init_dirs: + start_order: 0 + image: &octavia_api_image {get_param: DockerOctaviaApiImage} + user: root + volumes: + # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d + # It is normally created as part of the RPM install, but it is + # missing here because we use the same config_volume for all + # octavia services, hence the same container image to generate + # configuration. + - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/ + - /var/log/containers/octavia:/var/log/octavia + command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /etc/octavia/conf.d/octavia-api; chown -R octavia:octavia /var/log/octavia'] + step_3: + octavia_db_sync: + start_order: 0 + image: *octavia_api_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/octavia/etc/octavia/:/etc/octavia/:ro + - /var/log/containers/octavia:/var/log/octavia + command: "/usr/bin/bootstrap_host_exec octavia_api su octavia -s /bin/bash -c '/usr/bin/octavia-db-manage upgrade head'" + step_4: + map_merge: + - octavia_api: + start_order: 2 + image: *octavia_api_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/octavia:/var/log/octavia + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - if: + - internal_tls_enabled + - octavia_api_tls_proxy: + start_order: 2 + image: *octavia_api_image + net: host + user: root + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + - {} + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/octavia + state: directory + upgrade_tasks: + - name: Stop and disable octavia_api service + tags: step2 + service: name=openstack-octavia-api state=stopped enabled=no diff --git a/docker/services/octavia-health-manager.yaml b/docker/services/octavia-health-manager.yaml new file mode 100644 index 00000000..f5e1eda5 --- /dev/null +++ b/docker/services/octavia-health-manager.yaml @@ -0,0 +1,117 @@ +heat_template_version: pike + +description: > + OpenStack Octavia health-manager service configured with Puppet + +parameters: + DockerOctaviaHealthManagerImage: + description: image + type: string + DockerOctaviaConfigImage: + description: The container image to use for the octavia config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OctaviaHealthManagerPuppetBase: + type: ../../puppet/services/octavia-health-manager.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Octavia health-manager role. + value: + service_name: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, service_name]} + config_settings: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [OctaviaHealthManagerPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [OctaviaHealthManagerPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: octavia + puppet_tags: octavia_config + step_config: *step_config + config_image: {get_param: DockerOctaviaConfigImage} + kolla_config: + /var/lib/kolla/config_files/octavia_health_manager.json: + command: /usr/bin/octavia-health-manager --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/health-manager.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-health-manager + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + docker_config: + step_2: + octavia_health_manager_init_dirs: + start_order: 0 + image: &octavia_health_manager_image {get_param: DockerOctaviaHealthManagerImage} + user: root + volumes: + # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d + # It is normally created as part of the RPM install, but it is + # missing here because we use the same config_volume for all + # octavia services, hence the same container image to generate + # configuration. + - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/ + command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-health-manager; chown -R octavia:octavia /etc/octavia/conf.d/octavia-health-manager'] + step_4: + octavia_health_manager: + start_order: 2 + image: *octavia_health_manager_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_health_manager.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/octavia:/var/log/octavia + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/octavia + state: directory + upgrade_tasks: + - name: Stop and disable octavia_health_manager service + tags: step2 + service: name=openstack-octavia-health-manager state=stopped enabled=no diff --git a/docker/services/octavia-housekeeping.yaml b/docker/services/octavia-housekeeping.yaml new file mode 100644 index 00000000..1dc0db37 --- /dev/null +++ b/docker/services/octavia-housekeeping.yaml @@ -0,0 +1,117 @@ +heat_template_version: pike + +description: > + OpenStack Octavia service configured with Puppet + +parameters: + DockerOctaviaHousekeepingImage: + description: image + type: string + DockerOctaviaConfigImage: + description: The container image to use for the octavia config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OctaviaHousekeepingPuppetBase: + type: ../../puppet/services/octavia-housekeeping.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Octavia housekeeping role. + value: + service_name: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, service_name]} + config_settings: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [OctaviaHousekeepingPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [OctaviaHousekeepingPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: octavia + puppet_tags: octavia_config + step_config: *step_config + config_image: {get_param: DockerOctaviaConfigImage} + kolla_config: + /var/lib/kolla/config_files/octavia_housekeeping.json: + command: /usr/bin/octavia-housekeeping --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/housekeeping.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-housekeeping + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + docker_config: + step_2: + octavia_housekeeping_init_dirs: + start_order: 0 + image: &octavia_housekeeping_image {get_param: DockerOctaviaHousekeepingImage} + user: root + volumes: + # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d + # It is normally created as part of the RPM install, but it is + # missing here because we use the same config_volume for all + # octavia services, hence the same container image to generate + # configuration. + - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/ + command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-housekeeping; chown -R octavia:octavia /etc/octavia/conf.d/octavia-housekeeping'] + step_4: + octavia_housekeeping: + start_order: 2 + image: *octavia_housekeeping_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_housekeeping.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/octavia:/var/log/octavia + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/octavia + state: directory + upgrade_tasks: + - name: Stop and disable octavia_housekeeping service + tags: step2 + service: name=openstack-octavia-housekeeping state=stopped enabled=no diff --git a/docker/services/octavia-worker.yaml b/docker/services/octavia-worker.yaml new file mode 100644 index 00000000..d29e1a3a --- /dev/null +++ b/docker/services/octavia-worker.yaml @@ -0,0 +1,117 @@ +heat_template_version: pike + +description: > + OpenStack Octavia worker service configured with Puppet + +parameters: + DockerOctaviaWorkerImage: + description: image + type: string + DockerOctaviaConfigImage: + description: The container image to use for the octavia config_volume + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OctaviaWorkerPuppetBase: + type: ../../puppet/services/octavia-worker.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Octavia worker role. + value: + service_name: {get_attr: [OctaviaWorkerPuppetBase, role_data, service_name]} + config_settings: {get_attr: [OctaviaWorkerPuppetBase, role_data, config_settings]} + step_config: &step_config + get_attr: [OctaviaWorkerPuppetBase, role_data, step_config] + service_config_settings: {get_attr: [OctaviaWorkerPuppetBase, role_data, service_config_settings]} + # BEGIN DOCKER SETTINGS # + puppet_config: + config_volume: octavia + puppet_tags: octavia_config + step_config: *step_config + config_image: {get_param: DockerOctaviaConfigImage} + kolla_config: + /var/lib/kolla/config_files/octavia_worker.json: + command: /usr/bin/octavia-worker --config-file /usr/share/octavia/octavia-dist.conf --config-file /etc/octavia/octavia.conf --log-file /var/log/octavia/worker.log --config-dir /etc/octavia/conf.d/common --config-dir /etc/octavia/conf.d/octavia-worker + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + docker_config: + step_2: + octavia_worker_init_dirs: + start_order: 0 + image: &octavia_worker_image {get_param: DockerOctaviaWorkerImage} + user: root + volumes: + # NOTE(mandre) we need extra dir for the service in /etc/octavia/conf.d + # It is normally created as part of the RPM install, but it is + # missing here because we use the same config_volume for all + # octavia services, hence the same container image to generate + # configuration. + - /var/lib/config-data/puppet-generated/octavia/etc/octavia:/etc/octavia/ + command: ['/bin/bash', '-c', 'mkdir -p /etc/octavia/conf.d/octavia-worker; chown -R octavia:octavia /etc/octavia/conf.d/octavia-worker'] + step_4: + octavia_worker: + start_order: 2 + image: *octavia_worker_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/octavia_worker.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/octavia/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/octavia:/var/log/octavia + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + host_prep_tasks: + - name: create persistent logs directory + file: + path: /var/log/containers/octavia + state: directory + upgrade_tasks: + - name: Stop and disable octavia_worker service + tags: step2 + service: name=openstack-octavia-worker state=stopped enabled=no diff --git a/docker/services/opendaylight-api.yaml b/docker/services/opendaylight-api.yaml new file mode 100644 index 00000000..6a62f65e --- /dev/null +++ b/docker/services/opendaylight-api.yaml @@ -0,0 +1,106 @@ +heat_template_version: pike + +description: > + OpenStack containerized OpenDaylight API service + +parameters: + DockerOpendaylightApiImage: + description: image + type: string + DockerOpendaylightConfigImage: + description: image + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + +resources: + + ContainersCommon: + type: ./containers-common.yaml + + OpenDaylightBase: + type: ../../puppet/services/opendaylight-api.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the OpenDaylight API role. + value: + service_name: {get_attr: [OpenDaylightBase, role_data, service_name]} + config_settings: + map_merge: + - get_attr: [OpenDaylightBase, role_data, config_settings] + step_config: &step_config + get_attr: [OpenDaylightBase, role_data, step_config] + # BEGIN DOCKER SETTINGS + puppet_config: + config_volume: opendaylight + # 'file,concat,file_line,augeas' are included by default + puppet_tags: odl_user + step_config: *step_config + config_image: {get_param: DockerOpendaylightConfigImage} + kolla_config: + /var/lib/kolla/config_files/opendaylight_api.json: + command: /opt/opendaylight/bin/karaf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + permissions: + - path: /opt/opendaylight + owner: odl:odl + recurse: true + docker_config: + step_1: + opendaylight_api: + start_order: 0 + image: &odl_api_image {get_param: DockerOpendaylightApiImage} + privileged: false + net: host + detach: true + user: odl + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/opendaylight_api.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/opendaylight/:/var/lib/kolla/config_files/src:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + + upgrade_tasks: + - name: Stop and disable opendaylight_api service + tags: step2 + service: name=opendaylight state=stopped enabled=no diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index 7cac9d48..26ae9bca 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -4,18 +4,11 @@ description: > OpenStack containerized Cinder Backup service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCinderBackupImage: description: image - default: 'centos-binary-cinder-backup:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image - default: 'centos-binary-cinder-api:latest' + description: The container image to use for the cinder config_volume type: string CinderBackupBackend: default: swift @@ -34,6 +27,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -59,6 +56,7 @@ resources: type: ../../../puppet/services/cinder-backup.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -75,10 +73,7 @@ outputs: config_settings: map_merge: - get_attr: [CinderBackupBase, role_data, config_settings] - - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ] + - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image {get_param: DockerCinderBackupImage} cinder::backup::manage_service: false cinder::backup::enabled: false step_config: "" @@ -88,10 +83,7 @@ outputs: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line step_config: {get_attr: [CinderBackupBase, role_data, step_config]} - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_backup.json: command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf @@ -147,6 +139,27 @@ outputs: - /var/lib/cinder - /var/log/containers/cinder upgrade_tasks: - - name: Stop and disable cinder_backup service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the openstack-cinder-backup cluster resource + tags: step2 + pacemaker_resource: + resource: openstack-cinder-backup + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped openstack-cinder-backup cluster resource. + tags: step2 + pacemaker_resource: + resource: openstack-cinder-backup + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable cinder_backup service tags: step2 - service: name=openstack-cinder-backup state=stopped enabled=no + service: name=openstack-cinder-backup enabled=no diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index 987ebaf0..262e999d 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -4,24 +4,21 @@ description: > OpenStack containerized Cinder Volume service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerCinderVolumeImage: description: image - default: 'centos-binary-cinder-volume:latest' type: string - # we configure all cinder services in the same cinder base container DockerCinderConfigImage: - description: image - default: 'centos-binary-cinder-api:latest' + description: The container image to use for the cinder config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -55,6 +52,7 @@ resources: type: ../../../puppet/services/cinder-volume.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -68,10 +66,7 @@ outputs: config_settings: map_merge: - get_attr: [CinderBase, role_data, config_settings] - - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ] + - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image {get_param: DockerCinderVolumeImage} cinder::volume::manage_service: false cinder::volume::enabled: false cinder::host: hostgroup @@ -82,10 +77,7 @@ outputs: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line step_config: {get_attr: [CinderBase, role_data, step_config]} - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ] + config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_volume.json: command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf @@ -165,6 +157,30 @@ outputs: executable: /bin/bash creates: /dev/loop2 upgrade_tasks: - - name: Stop and disable cinder_volume service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the openstack-cinder-volume cluster resource + tags: step2 + pacemaker_resource: + resource: openstack-cinder-volume + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped openstack-cinder-volume cluster resource. tags: step2 - service: name=openstack-cinder-volume state=stopped enabled=no + pacemaker_resource: + resource: openstack-cinder-volume + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable cinder_volume service from boot + tags: step2 + service: name=openstack-cinder-volume enabled=no + + + diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml index bad2acf6..c7c316a4 100644 --- a/docker/services/pacemaker/clustercheck.yaml +++ b/docker/services/pacemaker/clustercheck.yaml @@ -6,19 +6,21 @@ description: > the local galera node is synced parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerClustercheckImage: description: image - default: 'centos-binary-mariadb:latest' + type: string + DockerClustercheckConfigImage: + description: The container image to use for the clustercheck config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -46,6 +48,7 @@ resources: type: ../../../puppet/services/pacemaker/database/mysql.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -63,31 +66,20 @@ outputs: config_volume: clustercheck puppet_tags: file # set this even though file is the default step_config: "include ::tripleo::profile::pacemaker::clustercheck" - config_image: &clustercheck_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerClustercheckImage} ] + config_image: {get_param: DockerClustercheckConfigImage} kolla_config: /var/lib/kolla/config_files/clustercheck.json: command: /usr/sbin/xinetd -dontfork config_files: - - dest: /etc/xinetd.conf - source: /var/lib/kolla/config_files/src/etc/xinetd.conf - owner: mysql - perm: '0644' - - dest: /etc/xinetd.d/galera-monitor - source: /var/lib/kolla/config_files/src/etc/xinetd.d/galera-monitor - owner: mysql - perm: '0644' - - dest: /etc/sysconfig/clustercheck - source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck - owner: mysql - perm: '0600' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_2: clustercheck: start_order: 1 - image: *clustercheck_image + image: {get_param: DockerClustercheckImage} restart: always net: host volumes: @@ -95,7 +87,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/clustercheck.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/clustercheck/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/clustercheck/:/var/lib/kolla/config_files/src:ro - /var/lib/mysql:/var/lib/mysql environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index d64845f2..f12852f8 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -4,19 +4,21 @@ description: > MySQL service deployment with pacemaker bundle parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerMysqlImage: description: image - default: 'centos-binary-mariadb:latest' + type: string + DockerMysqlConfigImage: + description: The container image to use for the mysql config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +50,7 @@ resources: type: ../../../../puppet/services/pacemaker/database/mysql.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -61,11 +64,18 @@ outputs: config_settings: map_merge: - {get_attr: [MysqlPuppetBase, role_data, config_settings]} - - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image - list_join: - - '/' - - - {get_param: DockerNamespace} - - {get_param: DockerMysqlImage} + - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage} + tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123 + tripleo.mysql.firewall_rules: + '104 mysql galera-bundle': + dport: + - 873 + - 3123 + - 3306 + - 4444 + - 4567 + - 4568 + - 9200 step_config: "" # BEGIN DOCKER SETTINGS # puppet_config: @@ -77,27 +87,19 @@ outputs: - - "['Mysql_datadir', 'Mysql_user', 'Mysql_database', 'Mysql_grant', 'Mysql_plugin'].each |String $val| { noop_resource($val) }" - "exec {'wait-for-settle': command => '/bin/true' }" - "include ::tripleo::profile::pacemaker::database::mysql_bundle" - config_image: *mysql_image + config_image: {get_param: DockerMysqlConfigImage} kolla_config: /var/lib/kolla/config_files/mysql.json: command: /usr/sbin/pacemaker_remoted config_files: - - dest: /etc/libqb/force-filesystem-sockets - source: /dev/null - owner: root - perm: '0644' - - dest: /etc/my.cnf - source: /var/lib/kolla/config_files/src/etc/my.cnf - owner: mysql - perm: '0644' - - dest: /etc/my.cnf.d/galera.cnf - source: /var/lib/kolla/config_files/src/etc/my.cnf.d/galera.cnf - owner: mysql - perm: '0644' - - dest: /etc/sysconfig/clustercheck - source: /var/lib/kolla/config_files/src/etc/sysconfig/clustercheck - owner: root - perm: '0600' + - dest: /etc/libqb/force-filesystem-sockets + source: /dev/null + owner: root + perm: '0644' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_1: mysql_data_ownership: @@ -122,7 +124,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/mysql/:/var/lib/kolla/config_files/src:ro + - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro - /var/lib/mysql:/var/lib/mysql environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS @@ -166,8 +168,6 @@ outputs: - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro - /dev/shm:/dev/shm:rw - - /var/lib/config-data/mysql/etc/my.cnf:/etc/my.cnf:ro - - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro - /var/lib/mysql:/var/lib/mysql:rw host_prep_tasks: - name: create /var/lib/mysql @@ -175,6 +175,27 @@ outputs: path: /var/lib/mysql state: directory upgrade_tasks: - - name: Stop and disable mysql service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the galera cluster resource + tags: step2 + pacemaker_resource: + resource: galera + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped galera cluster resource. + tags: step2 + pacemaker_resource: + resource: galera + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable mysql service tags: step2 - service: name=mariadb state=stopped enabled=no + service: name=mariadb enabled=no diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index ef27f7e9..75b6d650 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Redis services parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerRedisImage: description: image - default: 'centos-binary-redis:latest' + type: string + DockerRedisConfigImage: + description: The container image to use for the redis config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -41,6 +43,7 @@ resources: type: ../../../../puppet/services/database/redis.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -57,12 +60,14 @@ outputs: - redis::service_manage: false redis::notify_service: false redis::managed_by_cluster_manager: true - tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image - list_join: - - '/' - - - {get_param: DockerNamespace} - - {get_param: DockerRedisImage} - + tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage} + tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124 + tripleo.redis.firewall_rules: + '108 redis-bundle': + dport: + - 3124 + - 6379 + - 26379 step_config: "" service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS @@ -74,7 +79,7 @@ outputs: puppet_tags: 'exec' step_config: get_attr: [RedisBase, role_data, step_config] - config_image: *redis_image + config_image: &redis_config_image {get_param: DockerRedisConfigImage} kolla_config: /var/lib/kolla/config_files/redis.json: command: /usr/sbin/pacemaker_remoted @@ -83,6 +88,11 @@ outputs: source: /dev/null owner: root perm: '0644' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + optional: true permissions: - path: /var/run/redis owner: redis:redis @@ -113,7 +123,7 @@ outputs: params: TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation' CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle' - image: *redis_image + image: *redis_config_image volumes: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro @@ -135,6 +145,27 @@ outputs: path: /var/lib/redis state: directory upgrade_tasks: - - name: Stop and disable redis service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the redis cluster resource + tags: step2 + pacemaker_resource: + resource: {get_attr: [RedisBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped redis cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [RedisBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable redis service tags: step2 - service: name=redis state=stopped enabled=no + service: name=redis enabled=no diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index 7557afd6..24155912 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -4,14 +4,16 @@ description: > OpenStack containerized HAproxy service for pacemaker parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerHAProxyImage: description: image - default: 'centos-binary-haproxy:latest' type: string + DockerHAProxyConfigImage: + description: The container image to use for the haproxy config_volume + type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -26,6 +28,11 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + DeployedSSLCertificatePath: + default: '/etc/pki/tls/private/overcloud_endpoint.pem' + description: > + The filepath of the certificate as it will be stored in the controller. + type: string RoleName: default: '' description: Role name on which the service is applied @@ -41,6 +48,7 @@ resources: type: ../../../puppet/services/pacemaker/haproxy.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -56,10 +64,7 @@ outputs: - get_attr: [HAProxyBase, role_data, config_settings] - tripleo::haproxy::haproxy_daemon: false haproxy_docker: true - tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ] + tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image {get_param: DockerHAProxyImage} step_config: "" service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS @@ -73,10 +78,22 @@ outputs: - "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}" - "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }" - 'include ::tripleo::profile::pacemaker::haproxy_bundle' - config_image: *haproxy_image + config_image: {get_param: DockerHAProxyConfigImage} + volumes: &deployed_cert_mount + - list_join: + - ':' + - - {get_param: DeployedSSLCertificatePath} + - {get_param: DeployedSSLCertificatePath} + - 'ro' kolla_config: /var/lib/kolla/config_files/haproxy.json: command: haproxy -f /etc/haproxy/haproxy.cfg + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true + optional: true docker_config: step_2: haproxy_init_bundle: @@ -103,17 +120,42 @@ outputs: - 'include ::tripleo::profile::pacemaker::haproxy_bundle' image: *haproxy_image volumes: - # puppet saves iptables rules in /etc/sysconfig - - /etc/sysconfig:/etc/sysconfig:rw - # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount - # the necessary bit and prevent systemd to try to reload the service in the container - - /usr/libexec/iptables:/usr/libexec/iptables:ro - - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro - - /etc/hosts:/etc/hosts:ro - - /etc/localtime:/etc/localtime:ro - - /etc/puppet:/tmp/puppet-etc:ro - - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro - - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro - - /dev/shm:/dev/shm:rw + list_concat: + - *deployed_cert_mount + - + # puppet saves iptables rules in /etc/sysconfig + - /etc/sysconfig:/etc/sysconfig:rw + # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount + # the necessary bit and prevent systemd to try to reload the service in the container + - /usr/libexec/iptables:/usr/libexec/iptables:ro + - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro + - /etc/hosts:/etc/hosts:ro + - /etc/localtime:/etc/localtime:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro + - /dev/shm:/dev/shm:rw metadata_settings: get_attr: [HAProxyBase, role_data, metadata_settings] + upgrade_tasks: + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the haproxy cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [HAProxyBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped haproxy cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [HAProxyBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index 7f6ac701..de53ceee 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Rabbitmq service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerRabbitmqImage: description: image - default: 'centos-binary-rabbitmq:latest' + type: string + DockerRabbitmqConfigImage: + description: The container image to use for the rabbitmq config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -45,6 +47,7 @@ resources: type: ../../../puppet/services/rabbitmq.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -59,11 +62,15 @@ outputs: map_merge: - {get_attr: [RabbitmqBase, role_data, config_settings]} - rabbitmq::service_manage: false - tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image - list_join: - - '/' - - - {get_param: DockerNamespace} - - {get_param: DockerRabbitmqImage} + tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage} + tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122 + tripleo.rabbitmq.firewall_rules: + '109 rabbitmq-bundle': + dport: + - 3122 + - 4369 + - 5672 + - 25672 step_config: &step_config get_attr: [RabbitmqBase, role_data, step_config] service_config_settings: {get_attr: [RabbitmqBase, role_data, service_config_settings]} @@ -72,7 +79,7 @@ outputs: config_volume: rabbitmq puppet_tags: file step_config: *step_config - config_image: *rabbitmq_image + config_image: {get_param: DockerRabbitmqConfigImage} kolla_config: /var/lib/kolla/config_files/rabbitmq.json: command: /usr/sbin/pacemaker_remoted @@ -81,6 +88,10 @@ outputs: source: /dev/null owner: root perm: '0644' + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/rabbitmq owner: rabbitmq:rabbitmq @@ -99,7 +110,7 @@ outputs: privileged: false volumes: - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/rabbitmq/etc/rabbitmq:/etc/rabbitmq:ro + - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /var/lib/rabbitmq:/var/lib/rabbitmq @@ -154,6 +165,27 @@ outputs: echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done upgrade_tasks: - - name: Stop and disable rabbitmq service + - name: get bootstrap nodeid + tags: common + command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Disable the rabbitmq cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: disable + wait_for_resource: true + when: is_bootstrap_node + - name: Delete the stopped rabbitmq cluster resource. + tags: step2 + pacemaker_resource: + resource: {get_attr: [RabbitmqBase, role_data, service_name]} + state: delete + wait_for_resource: true + when: is_bootstrap_node + - name: Disable rabbitmq service tags: step2 - service: name=rabbitmq-server state=stopped enabled=no + service: name=rabbitmq-server enabled=no diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index 585148e5..ad2fa0f6 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -6,19 +6,21 @@ description: > will be disabled in future releases. parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerPankoApiImage: description: image - default: 'centos-binary-panko-api:latest' + type: string + DockerPankoConfigImage: + description: The container image to use for the panko config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -53,6 +55,7 @@ resources: type: ../../puppet/services/panko-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -75,13 +78,15 @@ outputs: config_volume: panko puppet_tags: panko_api_paste_ini,panko_config step_config: *step_config - config_image: &panko_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ] + config_image: {get_param: DockerPankoConfigImage} kolla_config: /var/lib/kolla/config_files/panko_api.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/panko owner: panko:panko @@ -89,14 +94,14 @@ outputs: docker_config: step_2: panko_init_log: - image: *panko_image + image: &panko_api_image {get_param: DockerPankoApiImage} user: root volumes: - /var/log/containers/panko:/var/log/panko command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R panko:panko /var/log/panko'] step_3: panko_db_sync: - image: *panko_image + image: *panko_api_image net: host detach: false privileged: false @@ -111,7 +116,7 @@ outputs: step_4: panko_api: start_order: 2 - image: *panko_image + image: *panko_api_image net: host privileged: false restart: always @@ -120,11 +125,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro - - /var/lib/config-data/panko/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/panko/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/panko/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/lib/config-data/panko/var/www/:/var/www/:ro + - /var/lib/config-data/puppet-generated/panko/:/var/lib/kolla/config_files/src:ro - /var/log/containers/panko:/var/log/panko - if: diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index 06d663c9..418c60d2 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized Rabbitmq service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerRabbitmqImage: description: image - default: 'centos-binary-rabbitmq:latest' + type: string + DockerRabbitmqConfigImage: + description: The container image to use for the rabbitmq config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +50,7 @@ resources: type: ../../puppet/services/rabbitmq.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -73,13 +76,15 @@ outputs: puppet_config: config_volume: rabbitmq step_config: *step_config - config_image: &rabbitmq_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerRabbitmqImage} ] + config_image: &rabbitmq_config_image {get_param: DockerRabbitmqConfigImage} kolla_config: /var/lib/kolla/config_files/rabbitmq.json: command: /usr/lib/rabbitmq/bin/rabbitmq-server + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/rabbitmq owner: rabbitmq:rabbitmq @@ -90,7 +95,7 @@ outputs: rabbitmq_init_logs: start_order: 0 detach: false - image: *rabbitmq_image + image: &rabbitmq_image {get_param: DockerRabbitmqImage} privileged: false user: root volumes: @@ -107,7 +112,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro + - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq environment: @@ -135,7 +140,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/rabbitmq.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro + - /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro - /var/lib/rabbitmq:/var/lib/rabbitmq - /var/log/containers/rabbitmq:/var/log/rabbitmq environment: @@ -146,7 +151,7 @@ outputs: config_volume: 'rabbit_init_tasks' puppet_tags: 'rabbitmq_policy,rabbitmq_user' step_config: 'include ::tripleo::profile::base::rabbitmq' - config_image: *rabbitmq_image + config_image: *rabbitmq_config_image volumes: - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro - /var/lib/rabbitmq:/var/lib/rabbitmq:ro diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml index 10670796..bff2fdac 100644 --- a/docker/services/sahara-api.yaml +++ b/docker/services/sahara-api.yaml @@ -4,19 +4,21 @@ description: > OpenStack Sahara service configured with Puppet parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerSaharaApiImage: description: image - default: 'centos-binary-sahara-api:latest' + type: string + DockerSaharaConfigImage: + description: The container image to use for the sahara config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,6 +46,7 @@ resources: type: ../../puppet/services/sahara-api.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} @@ -64,13 +67,15 @@ outputs: config_volume: sahara puppet_tags: sahara_api_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template step_config: *step_config - config_image: &sahara_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSaharaApiImage} ] + config_image: {get_param: DockerSaharaConfigImage} kolla_config: /var/lib/kolla/config_files/sahara-api.json: command: /usr/bin/sahara-api --config-file /etc/sahara/sahara.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/sahara owner: sahara:sahara @@ -81,15 +86,15 @@ outputs: docker_config: step_3: sahara_db_sync: - image: *sahara_image + image: &sahara_api_image {get_param: DockerSaharaApiImage} net: host privileged: false detach: false - volumes: &sahara_volumes + user: root + volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/kolla/config_files/sahara-api.json:/var/lib/kolla/config_files/config.json - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro - /lib/modules:/lib/modules:ro - /var/lib/sahara:/var/lib/sahara @@ -97,11 +102,19 @@ outputs: command: "/usr/bin/bootstrap_host_exec sahara_api su sahara -s /bin/bash -c 'sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head'" step_4: sahara_api: - image: *sahara_image + image: *sahara_api_image net: host privileged: false restart: always - volumes: *sahara_volumes + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/sahara-api.json:/var/lib/kolla/config_files/config.json + - /var/lib/config-data/puppet-generated/sahara/:/var/lib/kolla/config_files/src:ro + - /lib/modules:/lib/modules:ro + - /var/lib/sahara:/var/lib/sahara + - /var/log/containers/sahara:/var/log/sahara environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml index 41b5790b..01d4bb9c 100644 --- a/docker/services/sahara-engine.yaml +++ b/docker/services/sahara-engine.yaml @@ -4,19 +4,21 @@ description: > OpenStack Sahara service configured with Puppet parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerSaharaEngineImage: description: image - default: 'centos-binary-sahara-engine:latest' + type: string + DockerSaharaConfigImage: + description: The container image to use for the sahara config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,6 +46,7 @@ resources: type: ../../puppet/services/sahara-engine.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} @@ -64,13 +67,15 @@ outputs: config_volume: sahara puppet_tags: sahara_engine_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template step_config: *step_config - config_image: &sahara_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSaharaEngineImage} ] + config_image: {get_param: DockerSaharaConfigImage} kolla_config: /var/lib/kolla/config_files/sahara-engine.json: command: /usr/bin/sahara-engine --config-file /etc/sahara/sahara.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/lib/sahara owner: sahara:sahara @@ -81,16 +86,16 @@ outputs: docker_config: step_4: sahara_engine: - image: *sahara_image + image: {get_param: DockerSaharaEngineImage} net: host privileged: false restart: always - volumes: &sahara_volumes + volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/sahara-engine.json:/var/lib/kolla/config_files/config.json - - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro + - /var/lib/config-data/puppet-generated/sahara/:/var/lib/kolla/config_files/src:ro - /var/lib/sahara:/var/lib/sahara - /var/log/containers/sahara:/var/log/sahara environment: diff --git a/docker/services/sensu-client.yaml b/docker/services/sensu-client.yaml index db6daf99..b64231cd 100644 --- a/docker/services/sensu-client.yaml +++ b/docker/services/sensu-client.yaml @@ -4,19 +4,21 @@ description: > Containerized Sensu client service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerSensuClientImage: description: image - default: 'centos-binary-sensu-client:latest' + type: string + DockerSensuConfigImage: + description: The container image to use for the sensu config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -71,6 +73,7 @@ resources: type: ../../puppet/services/monitoring/sensu-client.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} @@ -98,13 +101,15 @@ outputs: config_volume: sensu puppet_tags: sensu_rabbitmq_config,sensu_client_config,sensu_check_config,sensu_check step_config: *step_config - config_image: &sensu_client_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSensuClientImage} ] + config_image: {get_param: DockerSensuConfigImage} kolla_config: /var/lib/kolla/config_files/sensu-client.json: command: /usr/bin/sensu-client -d /etc/sensu/conf.d/ -l /var/log/sensu/sensu-client.log + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/sensu owner: sensu:sensu @@ -112,7 +117,7 @@ outputs: docker_config: step_3: sensu_client: - image: *sensu_client_image + image: {get_param: DockerSensuClientImage} net: host privileged: true # NOTE(mmagr) kolla image changes the user to 'sensu', we need it @@ -126,7 +131,7 @@ outputs: - - /var/run/docker.sock:/var/run/docker.sock:rw - /var/lib/kolla/config_files/sensu-client.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/sensu/etc/sensu/:/etc/sensu/:ro + - /var/lib/config-data/puppet-generated/sensu/:/var/lib/kolla/config_files/src:ro - /var/log/containers/sensu:/var/log/sensu:rw environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml index f1d0da77..374db250 100644 --- a/docker/services/swift-proxy.yaml +++ b/docker/services/swift-proxy.yaml @@ -4,19 +4,21 @@ description: > OpenStack containerized swift proxy service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerSwiftProxyImage: description: image - default: 'centos-binary-swift-proxy-server:latest' + type: string + DockerSwiftConfigImage: + description: The container image to use for the swift config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -51,6 +53,7 @@ resources: type: ../../puppet/services/swift-proxy.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -70,24 +73,31 @@ outputs: config_volume: swift puppet_tags: swift_proxy_config step_config: *step_config - config_image: &swift_proxy_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + config_image: {get_param: DockerSwiftConfigImage} kolla_config: /var/lib/kolla/config_files/swift_proxy.json: command: /usr/bin/swift-proxy-server /etc/swift/proxy-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/swift owner: swift:swift recurse: true /var/lib/kolla/config_files/swift_proxy_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_4: map_merge: - swift_proxy: - image: *swift_proxy_image + image: &swift_proxy_image {get_param: DockerSwiftProxyImage} net: host user: swift restart: always @@ -96,9 +106,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_proxy.json:/var/lib/kolla/config_files/config.json:ro - # FIXME I'm mounting /etc/swift as rw. Are the rings written to - # at all during runtime? - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -117,9 +125,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/swift/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/swift/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro environment: diff --git a/docker/services/swift-ringbuilder.yaml b/docker/services/swift-ringbuilder.yaml index 075d8d7c..e4e2c7d2 100644 --- a/docker/services/swift-ringbuilder.yaml +++ b/docker/services/swift-ringbuilder.yaml @@ -4,14 +4,13 @@ description: > OpenStack Swift Ringbuilder parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string - DockerSwiftProxyImage: - description: image - default: 'centos-binary-swift-proxy-server:latest' + DockerSwiftConfigImage: + description: The container image to use for the swift config_volume type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -73,6 +72,7 @@ resources: type: ../../puppet/services/swift-ringbuilder.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -95,9 +95,6 @@ outputs: config_volume: 'swift' puppet_tags: exec,fetch_swift_ring_tarball,extract_swift_ring_tarball,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance,create_swift_ring_tarball,upload_swift_ring_tarball step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + config_image: {get_param: DockerSwiftConfigImage} kolla_config: {} docker_config: {} diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index 55aea208..e879b25d 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -4,25 +4,21 @@ description: > OpenStack containerized Swift Storage services. parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerSwiftProxyImage: description: image - default: 'centos-binary-swift-proxy-server:latest' type: string DockerSwiftAccountImage: description: image - default: 'centos-binary-swift-account:latest' type: string DockerSwiftContainerImage: description: image - default: 'centos-binary-swift-container:latest' type: string DockerSwiftObjectImage: description: image - default: 'centos-binary-swift-object:latest' + type: string + DockerSwiftConfigImage: + description: The container image to use for the swift config_volume + default: 'centos-binary-swift-proxy-server:latest' type: string EndpointMap: default: {} @@ -40,6 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -61,6 +61,7 @@ resources: type: ../../puppet/services/swift-storage.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -82,53 +83,119 @@ outputs: # BEGIN DOCKER SETTINGS puppet_config: config_volume: swift - puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config + puppet_tags: swift_config,swift_container_config,swift_container_sync_realms_config,swift_account_config,swift_object_config,swift_object_expirer_config,rsync::server step_config: *step_config - config_image: &swift_proxy_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftProxyImage} ] + config_image: {get_param: DockerSwiftConfigImage} kolla_config: /var/lib/kolla/config_files/swift_account_auditor.json: command: /usr/bin/swift-account-auditor /etc/swift/account-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_account_reaper.json: command: /usr/bin/swift-account-reaper /etc/swift/account-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_account_replicator.json: command: /usr/bin/swift-account-replicator /etc/swift/account-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_account_server.json: command: /usr/bin/swift-account-server /etc/swift/account-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_container_auditor.json: command: /usr/bin/swift-container-auditor /etc/swift/container-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_container_replicator.json: command: /usr/bin/swift-container-replicator /etc/swift/container-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_container_updater.json: command: /usr/bin/swift-container-updater /etc/swift/container-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_container_server.json: command: /usr/bin/swift-container-server /etc/swift/container-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_object_auditor.json: command: /usr/bin/swift-object-auditor /etc/swift/object-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_object_expirer.json: command: /usr/bin/swift-object-expirer /etc/swift/object-expirer.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_object_replicator.json: command: /usr/bin/swift-object-replicator /etc/swift/object-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_object_updater.json: command: /usr/bin/swift-object-updater /etc/swift/object-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/swift_object_server.json: command: /usr/bin/swift-object-server /etc/swift/object-server.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/swift owner: swift:swift recurse: true + /var/lib/kolla/config_files/swift_rsync.json: + command: /usr/bin/rsync --daemon --no-detach --config=/etc/rsyncd.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true docker_config: step_3: # The puppet config sets this up but we don't have a way to mount the named # volume during the configuration stage. We just need to create this # directory and make sure it's owned by swift. swift_setup_srv: - image: &swift_account_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftAccountImage} ] + image: &swift_account_image {get_param: DockerSwiftAccountImage} user: root command: ['chown', '-R', 'swift:', '/srv/node'] volumes: @@ -144,7 +211,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_account_auditor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -161,7 +228,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_account_reaper.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -177,7 +244,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_account_replicator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -193,17 +260,14 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_account_server.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev - /var/log/containers/swift:/var/log/swift environment: *kolla_env swift_container_auditor: - image: &swift_container_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftContainerImage} ] + image: &swift_container_image {get_param: DockerSwiftContainerImage} net: host user: swift restart: always @@ -212,7 +276,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_container_auditor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -228,7 +292,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_container_replicator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -244,7 +308,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_container_updater.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -260,17 +324,14 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_container_server.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev - /var/log/containers/swift:/var/log/swift environment: *kolla_env swift_object_auditor: - image: &swift_object_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerSwiftObjectImage} ] + image: &swift_object_image {get_param: DockerSwiftObjectImage} net: host user: swift restart: always @@ -279,14 +340,14 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_object_auditor.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev - /var/log/containers/swift:/var/log/swift environment: *kolla_env swift_object_expirer: - image: *swift_proxy_image + image: &swift_proxy_image {get_param: DockerSwiftProxyImage} net: host user: swift restart: always @@ -295,7 +356,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_object_expirer.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -311,7 +372,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_object_replicator.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -327,7 +388,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_object_updater.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev @@ -343,12 +404,30 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/swift_object_server.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/swift/etc/swift:/etc/swift:rw + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro + - /run:/run + - /srv/node:/srv/node + - /dev:/dev + - /var/log/containers/swift:/var/log/swift + environment: *kolla_env + swift_rsync: + image: *swift_object_image + net: host + user: root + restart: always + privileged: true + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/swift_rsync.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/swift/:/var/lib/kolla/config_files/src:ro - /run:/run - /srv/node:/srv/node - /dev:/dev - /var/log/containers/swift:/var/log/swift environment: *kolla_env + host_prep_tasks: - name: create persistent directories file: @@ -383,6 +462,7 @@ outputs: - openstack-swift-container-updater - openstack-swift-container - openstack-swift-object-auditor + - openstack-swift-object-expirer - openstack-swift-object-replicator - openstack-swift-object-updater - openstack-swift-object diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml index df9750c9..cdcb4d2a 100644 --- a/docker/services/tacker.yaml +++ b/docker/services/tacker.yaml @@ -4,23 +4,21 @@ description: > OpenStack containerized Tacker service parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerTackerImage: description: image - default: 'centos-binary-tacker:latest' type: string DockerTackerConfigImage: - description: image - default: 'centos-binary-tacker:latest' + description: The container image to use for the tacker config_volume type: string EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +46,7 @@ resources: type: ../../puppet/services/tacker.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -69,13 +68,15 @@ outputs: config_volume: tacker puppet_tags: tacker_config step_config: *step_config - config_image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerTackerConfigImage} ] + config_image: {get_param: DockerTackerConfigImage} kolla_config: /var/lib/kolla/config_files/tacker_api.json: command: /usr/bin/tacker-server --config-file=/etc/tacker/tacker.conf --log-file=/var/log/tacker/api.log + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/tacker owner: tacker:tacker @@ -84,10 +85,7 @@ outputs: # db sync runs before permissions set by kolla_config step_2: tacker_init_logs: - image: &tacker_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerTackerImage} ] + image: &tacker_image {get_param: DockerTackerImage} privileged: false user: root volumes: @@ -104,7 +102,10 @@ outputs: list_concat: - {get_attr: [ContainersCommon, volumes]} - - - /var/lib/config-data/tacker/etc/:/etc/:ro + # FIXME(mandre) mounting /etc rw to workaround LP1696283 + # This should go away anyway and mount the exact files it + # needs or use kolla set_configs.py + - /var/lib/config-data/tacker/etc/:/etc/ - /var/log/containers/tacker:/var/log/tacker command: "/usr/bin/bootstrap_host_exec tacker su tacker -s /bin/bash -c 'tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head'" step_4: @@ -118,7 +119,7 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/kolla/config_files/tacker_api.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/tacker/etc/tacker/:/etc/tacker/:ro + - /var/lib/config-data/puppet-generated/tacker/:/var/lib/kolla/config_files/src:ro - /var/log/containers/tacker:/var/log/tacker environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index 5ce324b9..061a4a70 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -4,19 +4,25 @@ description: > OpenStack containerized Zaqar services parameters: - DockerNamespace: - description: namespace - default: 'tripleoupstream' - type: string DockerZaqarImage: description: image - default: 'centos-binary-zaqar:latest' type: string + DockerZaqarConfigImage: + description: The container image to use for the zaqar config_volume + type: string + ZaqarManagementStore: + type: string + description: The management store for Zaqar + default: mongodb EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -35,6 +41,9 @@ parameters: description: Parameters specific to the role type: json +conditions: + zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']} + resources: ContainersCommon: @@ -44,6 +53,7 @@ resources: type: ../../puppet/services/zaqar.yaml properties: EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} RoleName: {get_param: RoleName} @@ -63,58 +73,86 @@ outputs: config_volume: zaqar puppet_tags: zaqar_config step_config: *step_config - config_image: &zaqar_image - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerZaqarImage} ] + config_image: {get_param: DockerZaqarConfigImage} kolla_config: /var/lib/kolla/config_files/zaqar.json: command: /usr/sbin/httpd -DFOREGROUND + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true /var/lib/kolla/config_files/zaqar_websocket.json: command: /usr/bin/zaqar-server --config-file /etc/zaqar/zaqar.conf --config-file /etc/zaqar/1.conf + config_files: + - source: "/var/lib/kolla/config_files/src/*" + dest: "/" + merge: true + preserve_properties: true permissions: - path: /var/log/zaqar owner: zaqar:zaqar recurse: true docker_config: - step_4: - zaqar: - image: *zaqar_image - net: host - privileged: false - restart: always - # NOTE(mandre) kolla image changes the user to 'zaqar', we need it - # to be root to run httpd - user: root - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro - - /var/lib/config-data/zaqar/var/www/:/var/www/:ro - - /var/lib/config-data/zaqar/etc/httpd/conf/:/etc/httpd/conf/:ro - - /var/lib/config-data/zaqar/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro - - /var/lib/config-data/zaqar/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro - - /var/log/containers/zaqar:/var/log/zaqar - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - zaqar_websocket: - image: *zaqar_image - net: host - privileged: false - restart: always - volumes: - list_concat: - - {get_attr: [ContainersCommon, volumes]} - - - - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro - - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro - - /var/lib/config-data/zaqar/var/www/:/var/www/:ro - - /var/lib/config-data/zaqar/etc/httpd/:/etc/httpd/:ro - - /var/log/containers/zaqar:/var/log/zaqar - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + map_merge: + - + if: + - zaqar_management_store_sqlalchemy + - + step_2: + zaqar_init_log: + image: &zaqar_image {get_param: DockerZaqarImage} + user: root + volumes: + - /var/log/containers/zaqar:/var/log/zaqar + command: ['/bin/bash', '-c', 'chown -R zaqar:zaqar /var/log/zaqar'] + step_3: + zaqar_db_sync: + image: *zaqar_image + net: host + privileged: false + detach: false + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro + - /var/log/containers/zaqar:/var/log/zaqar + command: "/usr/bin/bootstrap_host_exec zaqar su zaqar -s /bin/bash -c 'zaqar-sql-db-manage upgrade head'" + - {} + - step_4: + zaqar: + image: *zaqar_image + net: host + privileged: false + restart: always + # NOTE(mandre) kolla image changes the user to 'zaqar', we need it + # to be root to run httpd + user: root + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/zaqar:/var/log/zaqar + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS + zaqar_websocket: + image: *zaqar_image + net: host + privileged: false + restart: always + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - + - /var/lib/kolla/config_files/zaqar_websocket.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/zaqar/:/var/lib/kolla/config_files/src:ro + - /var/log/containers/zaqar:/var/log/zaqar + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: - name: create persistent logs directory file: diff --git a/environments/contrail/contrail-net-storage-mgmt.yaml b/environments/contrail/contrail-net-storage-mgmt.yaml new file mode 100644 index 00000000..b382732c --- /dev/null +++ b/environments/contrail/contrail-net-storage-mgmt.yaml @@ -0,0 +1,37 @@ +resource_registry: + OS::TripleO::Compute::Net::SoftwareConfig: contrail-nic-config-compute-storage-mgmt.yaml + OS::TripleO::ContrailDpdk::Net::SoftwareConfig: contrail-nic-config-compute-storage-mgmt.yaml + OS::TripleO::Controller::Net::SoftwareConfig: contrail-nic-config-storage-mgmt.yaml + OS::TripleO::ContrailController::Net::SoftwareConfig: contrail-nic-config-storage-mgmt.yaml + OS::TripleO::ContrailAnalytics::Net::SoftwareConfig: contrail-nic-config-storage-mgmt.yaml + OS::TripleO::ContrailAnalyticsDatabase::Net::SoftwareConfig: contrail-nic-config-storage-mgmt.yaml + OS::TripleO::ContrailTsn::Net::SoftwareConfig: contrail-nic-config-compute-storage-mgmt.yaml + +parameter_defaults: + ContrailConfigVIP: 10.0.0.10 + ContrailAnalyticsVIP: 10.0.0.10 + ContrailWebuiVIP: 10.0.0.10 + ContrailVIP: 10.0.0.10 + ControlPlaneSubnetCidr: '24' + ControlPlaneDefaultRoute: 192.168.24.254 + InternalApiNetCidr: 10.3.0.0/24 + InternalApiAllocationPools: [{'start': '10.3.0.10', 'end': '10.3.0.200'}] + InternalApiDefaultRoute: 10.3.0.1 + StorageMgmtNetCidr: 10.0.0.0/24 + StorageMgmtAllocationPools: [{'start': '10.0.0.10', 'end': '10.0.0.200'}] + StorageMgmtDefaultRoute: 10.0.0.1 + StorageMgmtInterfaceDefaultRoute: 10.0.0.1 + StorageMgmtVirtualIP: 10.0.0.10 + ManagementNetCidr: 10.1.0.0/24 + ManagementAllocationPools: [{'start': '10.1.0.10', 'end': '10.1.0.200'}] + ManagementInterfaceDefaultRoute: 10.1.0.1 + ExternalNetCidr: 10.2.0.0/24 + ExternalAllocationPools: [{'start': '10.2.0.10', 'end': '10.2.0.200'}] + EC2MetadataIp: 192.168.24.1 # Generally the IP of the Undercloud + DnsServers: ["10.87.64.101"] + VrouterPhysicalInterface: eth1 + VrouterGateway: 10.0.0.1 + VrouterNetmask: 255.255.255.0 + ControlVirtualInterface: eth0 + PublicVirtualInterface: vlan10 +# VlanParentInterface: eth1 # If VrouterPhysicalInterface is a vlan interface using vlanX notation diff --git a/environments/contrail/contrail-net.yaml b/environments/contrail/contrail-net.yaml index cca9beac..a1862c36 100644 --- a/environments/contrail/contrail-net.yaml +++ b/environments/contrail/contrail-net.yaml @@ -1,10 +1,10 @@ resource_registry: - OS::TripleO::Compute::Net::SoftwareConfig: contrail-nic-config-compute.yaml - OS::TripleO::Controller::Net::SoftwareConfig: contrail-nic-config.yaml - OS::TripleO::ContrailController::Net::SoftwareConfig: contrail-nic-config.yaml - OS::TripleO::ContrailAnalytics::Net::SoftwareConfig: contrail-nic-config.yaml - OS::TripleO::ContrailAnalyticsDatabase::Net::SoftwareConfig: contrail-nic-config.yaml - OS::TripleO::ContrailTsn::Net::SoftwareConfig: contrail-nic-config-compute.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../../network/config/contrail/contrail-nic-config-compute.yaml + OS::TripleO::Controller::Net::SoftwareConfig: ../../network/config/contrail/contrail-nic-config.yaml + OS::TripleO::ContrailController::Net::SoftwareConfig: ../../network/config/contrail/contrail-nic-config.yaml + OS::TripleO::ContrailAnalytics::Net::SoftwareConfig: ../../network/config/contrail/contrail-nic-config.yaml + OS::TripleO::ContrailAnalyticsDatabase::Net::SoftwareConfig: ../../network/config/contrail/contrail-nic-config.yaml + OS::TripleO::ContrailTsn::Net::SoftwareConfig: ../../network/config/contrail/contrail-nic-config-compute.yaml parameter_defaults: ControlPlaneSubnetCidr: '24' @@ -18,9 +18,16 @@ parameter_defaults: ExternalNetCidr: 10.2.0.0/24 ExternalAllocationPools: [{'start': '10.2.0.10', 'end': '10.2.0.200'}] EC2MetadataIp: 192.168.24.1 # Generally the IP of the Undercloud - DnsServers: ["8.8.8.8","8.8.4.4"] - VrouterPhysicalInterface: eth1 - VrouterGateway: 10.0.0.1 - VrouterNetmask: 255.255.255.0 + DnsServers: ["8.8.8.8"] + NtpServer: 10.0.0.1 + ContrailVrouterPhysicalInterface: eth1 + ContrailVrouterGateway: 10.0.0.1 + ContrailVrouterNetmask: 255.255.255.0 ControlVirtualInterface: eth0 PublicVirtualInterface: vlan10 +## If vhost0 is linked to a vlan interface: +# ContrailVlanParentInterface: eth1 # If VrouterPhysicalInterface is a vlan interface using vlanX notation +## If vhost0 is linked to a bonded vlan interface: +# ContrailVlanParentInterface: bond0 +# ContrailBondInterface: bond0 +# ContrailBondInterfaceMembers: 'eth1,eth2' diff --git a/environments/contrail/contrail-services.yaml b/environments/contrail/contrail-services.yaml index 80ef9d3a..1cf4bc0a 100644 --- a/environments/contrail/contrail-services.yaml +++ b/environments/contrail/contrail-services.yaml @@ -8,7 +8,6 @@ resource_registry: OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginContrail OS::TripleO::Services::ComputeNeutronCorePlugin: OS::TripleO::Services::ComputeNeutronCorePluginContrail - OS::TripleO::NodeUserData: ../../firstboot/install_vrouter_kmod.yaml OS::TripleO::Services::ContrailHeat: ../../puppet/services/network/contrail-heat.yaml OS::TripleO::Services::ContrailAnalytics: ../../puppet/services/network/contrail-analytics.yaml OS::TripleO::Services::ContrailAnalyticsDatabase: ../../puppet/services/network/contrail-analytics-database.yaml @@ -17,10 +16,26 @@ resource_registry: OS::TripleO::Services::ContrailDatabase: ../../puppet/services/network/contrail-database.yaml OS::TripleO::Services::ContrailWebUI: ../../puppet/services/network/contrail-webui.yaml OS::TripleO::Services::ContrailTsn: ../../puppet/services/network/contrail-tsn.yaml + OS::TripleO::Services::ContrailDpdk: ../../puppet/services/network/contrail-dpdk.yaml OS::TripleO::Services::ComputeNeutronCorePluginContrail: ../../puppet/services/network/contrail-vrouter.yaml OS::TripleO::Services::NeutronCorePluginContrail: ../../puppet/services/network/contrail-neutron-plugin.yaml + OS::TripleO::NodeUserData: ../../extraconfig/all_nodes/contrail/enable_contrail_repo.yaml + OS::TripleO::ContrailTsn::PreNetworkConfig: ../../extraconfig/pre_network/contrail/compute_pre_network.yaml + OS::TripleO::ContrailDpdk::PreNetworkConfig: ../../extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml + OS::TripleO::Compute::PreNetworkConfig: ../../extraconfig/pre_network/contrail/compute_pre_network.yaml parameter_defaults: - ContrailRepo: http://192.168.24.1/contrail-3.2.0.0-19 + ServiceNetMap: + ContrailAnalyticsNetwork: internal_api + ContrailAnalyticsDatabaseNetwork: internal_api + ContrailConfigNetwork: internal_api + ContrailControlNetwork: internal_api + ContrailDatabaseNetwork: internal_api + ContrailWebuiNetwork: internal_api + ContrailTsnNetwork: internal_api + ContrailVrouterNetwork: internal_api + ContrailDpdkNetwork: internal_api + ContrailRepo: http://192.168.24.1/contrail + ContrailControlManageNamed: true EnablePackageInstall: true # ContrailConfigIfmapUserName: api-server # ContrailConfigIfmapUserPassword: api-server @@ -30,16 +45,16 @@ parameter_defaults: OvercloudContrailAnalyticsDatabaseFlavor: contrail-analytics-database OvercloudContrailTsnFlavor: contrail-tsn OvercloudComputeFlavor: compute + OvercloudContrailDpdkFlavor: compute-dpdk ControllerCount: 3 ContrailControllerCount: 3 ContrailAnalyticsCount: 3 ContrailAnalyticsDatabaseCount: 3 - ContrailTsnCount: 1 + ContrailTsnCount: 0 ComputeCount: 3 - DnsServers: ["8.8.8.8","8.8.4.4"] - NtpServer: 10.0.0.1 + ContrailDpdkCount: 0 NeutronCorePlugin: neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2 - NeutronServicePlugins: '' + NeutronServicePlugins: 'neutron_plugin_contrail.plugins.opencontrail.loadbalancer.v2.plugin.LoadBalancerPluginV2' NeutronTunnelTypes: '' # NeutronMetadataProxySharedSecret: # ContrailControlRNDCSecret: # sda1/256 hmac key, e.g. echo -n "values" | openssl dgst -sha256 -hmac key -binary | base64 diff --git a/environments/contrail/roles_data_contrail.yaml b/environments/contrail/roles_data_contrail.yaml index d6d6f291..eae809a5 100644 --- a/environments/contrail/roles_data_contrail.yaml +++ b/environments/contrail/roles_data_contrail.yaml @@ -109,6 +109,7 @@ - OS::TripleO::Services::CinderHPELeftHandISCSI - OS::TripleO::Services::Etcd - OS::TripleO::Services::AuditD + - OS::TripleO::Services::Iscsid - name: Compute CountDefault: 1 @@ -125,6 +126,7 @@ - OS::TripleO::Services::Sshd - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Kernel - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronOvsAgent @@ -138,6 +140,7 @@ - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::AuditD + - OS::TripleO::Services::Iscsid - name: BlockStorage ServicesDefault: @@ -205,6 +208,7 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid - name: ContrailAnalytics ServicesDefault: @@ -244,3 +248,16 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::SensuClient - OS::TripleO::Services::FluentdClient + +- name: ContrailDpdk + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::ContrailTsn + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::FluentdClient diff --git a/environments/deployed-server-deployed-neutron-ports.yaml b/environments/deployed-server-deployed-neutron-ports.yaml new file mode 100644 index 00000000..1464f4be --- /dev/null +++ b/environments/deployed-server-deployed-neutron-ports.yaml @@ -0,0 +1,4 @@ +resource_registry: + OS::TripleO::Network::Ports::ControlPlaneVipPort: ../deployed-server/deployed-neutron-port.yaml + OS::TripleO::DeployedServer::ControlPlanePort: ../deployed-server/deployed-neutron-port.yaml + diff --git a/environments/disable-telemetry.yaml b/environments/disable-telemetry.yaml index 6249c286..52d0d27b 100644 --- a/environments/disable-telemetry.yaml +++ b/environments/disable-telemetry.yaml @@ -18,3 +18,6 @@ resource_registry: OS::TripleO::Services::AodhNotifier: OS::Heat::None OS::TripleO::Services::AodhListener: OS::Heat::None OS::TripleO::Services::PankoApi: OS::Heat::None + +parameter_defaults: + NotificationDriver: 'noop' diff --git a/environments/docker-centos-tripleoupstream.yaml b/environments/docker-centos-tripleoupstream.yaml new file mode 100644 index 00000000..47f8e528 --- /dev/null +++ b/environments/docker-centos-tripleoupstream.yaml @@ -0,0 +1,125 @@ +# Generated with the following on 2017-07-12T11:40:50.219622 +# +# overcloud container image prepare --env-file environments/docker-centos-tripleoupstream.yaml +# + +parameter_defaults: + DockerAodhApiImage: tripleoupstream/centos-binary-aodh-api:latest + DockerAodhConfigImage: tripleoupstream/centos-binary-aodh-api:latest + DockerAodhEvaluatorImage: tripleoupstream/centos-binary-aodh-evaluator:latest + DockerAodhListenerImage: tripleoupstream/centos-binary-aodh-listener:latest + DockerAodhNotifierImage: tripleoupstream/centos-binary-aodh-notifier:latest + DockerCeilometerCentralImage: tripleoupstream/centos-binary-ceilometer-central:latest + DockerCeilometerComputeImage: tripleoupstream/centos-binary-ceilometer-compute:latest + DockerCeilometerConfigImage: tripleoupstream/centos-binary-ceilometer-central:latest + DockerCeilometerIpmiImage: tripleoupstream/centos-binary-ceilometer-ipmi:latest + DockerCeilometerNotificationImage: tripleoupstream/centos-binary-ceilometer-notification:latest + DockerCinderApiImage: tripleoupstream/centos-binary-cinder-api:latest + DockerCinderBackupImage: tripleoupstream/centos-binary-cinder-backup:latest + DockerCinderConfigImage: tripleoupstream/centos-binary-cinder-api:latest + DockerCinderSchedulerImage: tripleoupstream/centos-binary-cinder-scheduler:latest + DockerCinderVolumeImage: tripleoupstream/centos-binary-cinder-volume:latest + DockerClustercheckConfigImage: tripleoupstream/centos-binary-mariadb:latest + DockerClustercheckImage: tripleoupstream/centos-binary-mariadb:latest + DockerCollectdConfigImage: tripleoupstream/centos-binary-collectd:latest + DockerCollectdImage: tripleoupstream/centos-binary-collectd:latest + DockerCongressApiImage: tripleoupstream/centos-binary-congress-api:latest + DockerCongressConfigImage: tripleoupstream/centos-binary-congress-api:latest + DockerEc2ApiConfigImage: tripleoupstream/centos-binary-ec2-api:latest + DockerEc2ApiImage: tripleoupstream/centos-binary-ec2-api:latest + DockerEtcdConfigImage: tripleoupstream/centos-binary-etcd:latest + DockerEtcdImage: tripleoupstream/centos-binary-etcd:latest + DockerGlanceApiConfigImage: tripleoupstream/centos-binary-glance-api:latest + DockerGlanceApiImage: tripleoupstream/centos-binary-glance-api:latest + DockerGnocchiApiImage: tripleoupstream/centos-binary-gnocchi-api:latest + DockerGnocchiConfigImage: tripleoupstream/centos-binary-gnocchi-api:latest + DockerGnocchiMetricdImage: tripleoupstream/centos-binary-gnocchi-metricd:latest + DockerGnocchiStatsdImage: tripleoupstream/centos-binary-gnocchi-statsd:latest + DockerHAProxyConfigImage: tripleoupstream/centos-binary-haproxy:latest + DockerHAProxyImage: tripleoupstream/centos-binary-haproxy:latest + DockerHeatApiCfnConfigImage: tripleoupstream/centos-binary-heat-api-cfn:latest + DockerHeatApiCfnImage: tripleoupstream/centos-binary-heat-api-cfn:latest + DockerHeatApiConfigImage: tripleoupstream/centos-binary-heat-api:latest + DockerHeatApiImage: tripleoupstream/centos-binary-heat-api:latest + DockerHeatConfigImage: tripleoupstream/centos-binary-heat-api:latest + DockerHeatEngineImage: tripleoupstream/centos-binary-heat-engine:latest + DockerHorizonConfigImage: tripleoupstream/centos-binary-horizon:latest + DockerHorizonImage: tripleoupstream/centos-binary-horizon:latest + DockerIronicApiImage: tripleoupstream/centos-binary-ironic-api:latest + DockerIronicApiConfigImage: tripleoupstream/centos-binary-ironic-api:latest + DockerIronicConductorImage: tripleoupstream/centos-binary-ironic-conductor:latest + DockerIronicConfigImage: tripleoupstream/centos-binary-ironic-pxe:latest + DockerIronicInspectorConfigImage: tripleoupstream/centos-binary-ironic-inspector:latest + DockerIronicInspectorImage: tripleoupstream/centos-binary-ironic-inspector:latest + DockerIronicPxeImage: tripleoupstream/centos-binary-ironic-pxe:latest + DockerIscsidConfigImage: tripleoupstream/centos-binary-iscsid:latest + DockerIscsidImage: tripleoupstream/centos-binary-iscsid:latest + DockerKeystoneConfigImage: tripleoupstream/centos-binary-keystone:latest + DockerKeystoneImage: tripleoupstream/centos-binary-keystone:latest + DockerManilaApiImage: tripleoupstream/centos-binary-manila-api:latest + DockerManilaConfigImage: tripleoupstream/centos-binary-manila-api:latest + DockerManilaSchedulerImage: tripleoupstream/centos-binary-manila-scheduler:latest + DockerManilaShareImage: tripleoupstream/centos-binary-manila-share:latest + DockerMemcachedConfigImage: tripleoupstream/centos-binary-memcached:latest + DockerMemcachedImage: tripleoupstream/centos-binary-memcached:latest + DockerMistralApiImage: tripleoupstream/centos-binary-mistral-api:latest + DockerMistralConfigImage: tripleoupstream/centos-binary-mistral-api:latest + DockerMistralEngineImage: tripleoupstream/centos-binary-mistral-engine:latest + DockerMistralExecutorImage: tripleoupstream/centos-binary-mistral-executor:latest + DockerMongodbConfigImage: tripleoupstream/centos-binary-mongodb:latest + DockerMongodbImage: tripleoupstream/centos-binary-mongodb:latest + DockerMultipathdConfigImage: tripleoupstream/centos-binary-multipathd:latest + DockerMultipathdImage: tripleoupstream/centos-binary-multipathd:latest + DockerMysqlClientConfigImage: tripleoupstream/centos-binary-mariadb:latest + DockerMysqlConfigImage: tripleoupstream/centos-binary-mariadb:latest + DockerMysqlImage: tripleoupstream/centos-binary-mariadb:latest + DockerNeutronApiImage: tripleoupstream/centos-binary-neutron-server:latest + DockerNeutronConfigImage: tripleoupstream/centos-binary-neutron-server:latest + DockerNeutronDHCPImage: tripleoupstream/centos-binary-neutron-dhcp-agent:latest + DockerNeutronL3AgentImage: tripleoupstream/centos-binary-neutron-l3-agent:latest + DockerNeutronMetadataImage: tripleoupstream/centos-binary-neutron-metadata-agent:latest + DockerNovaApiImage: tripleoupstream/centos-binary-nova-api:latest + DockerNovaComputeImage: tripleoupstream/centos-binary-nova-compute:latest + DockerNovaComputeIronicImage: tripleoupstream/centos-binary-nova-compute-ironic:latest + DockerNovaConductorImage: tripleoupstream/centos-binary-nova-conductor:latest + DockerNovaConfigImage: tripleoupstream/centos-binary-nova-base:latest + DockerNovaConsoleauthImage: tripleoupstream/centos-binary-nova-consoleauth:latest + DockerNovaLibvirtConfigImage: tripleoupstream/centos-binary-nova-compute:latest + DockerNovaLibvirtImage: tripleoupstream/centos-binary-nova-libvirt:latest + DockerNovaPlacementConfigImage: tripleoupstream/centos-binary-nova-placement-api:latest + DockerNovaPlacementImage: tripleoupstream/centos-binary-nova-placement-api:latest + DockerNovaSchedulerImage: tripleoupstream/centos-binary-nova-scheduler:latest + DockerNovaVncProxyImage: tripleoupstream/centos-binary-nova-novncproxy:latest + DockerOVNControllerConfigImage: tripleoupstream/centos-binary-ovn-controller:latest + DockerOVNControllerImage: tripleoupstream/centos-binary-ovn-controller:latest + DockerOVNNbDbImage: tripleoupstream/centos-binary-ovn-nb-db-server:latest + DockerOVNNorthdImage: tripleoupstream/centos-binary-ovn-northd:latest + DockerOVNSbDbImage: tripleoupstream/centos-binary-ovn-sb-db-server:latest + DockerOctaviaApiImage: tripleoupstream/centos-binary-octavia-api:latest + DockerOctaviaConfigImage: tripleoupstream/centos-binary-octavia-api:latest + DockerOctaviaHealthManagerImage: tripleoupstream/centos-binary-octavia-health-manager:latest + DockerOctaviaHousekeepingImage: tripleoupstream/centos-binary-octavia-housekeeping:latest + DockerOctaviaWorkerImage: tripleoupstream/centos-binary-octavia-worker:latest + DockerOpendaylightApiImage: tripleoupstream/centos-binary-opendaylight:latest + DockerOpendaylightConfigImage: tripleoupstream/centos-binary-opendaylight:latest + DockerOpenvswitchImage: tripleoupstream/centos-binary-neutron-openvswitch-agent:latest + DockerPankoApiImage: tripleoupstream/centos-binary-panko-api:latest + DockerPankoConfigImage: tripleoupstream/centos-binary-panko-api:latest + DockerRabbitmqConfigImage: tripleoupstream/centos-binary-rabbitmq:latest + DockerRabbitmqImage: tripleoupstream/centos-binary-rabbitmq:latest + DockerRedisConfigImage: tripleoupstream/centos-binary-redis:latest + DockerRedisImage: tripleoupstream/centos-binary-redis:latest + DockerSaharaApiImage: tripleoupstream/centos-binary-sahara-api:latest + DockerSaharaConfigImage: tripleoupstream/centos-binary-sahara-api:latest + DockerSaharaEngineImage: tripleoupstream/centos-binary-sahara-engine:latest + DockerSensuClientImage: tripleoupstream/centos-binary-sensu-client:latest + DockerSensuConfigImage: tripleoupstream/centos-binary-sensu-client:latest + DockerSwiftAccountImage: tripleoupstream/centos-binary-swift-account:latest + DockerSwiftConfigImage: tripleoupstream/centos-binary-swift-proxy-server:latest + DockerSwiftContainerImage: tripleoupstream/centos-binary-swift-container:latest + DockerSwiftObjectImage: tripleoupstream/centos-binary-swift-object:latest + DockerSwiftProxyImage: tripleoupstream/centos-binary-swift-proxy-server:latest + DockerTackerConfigImage: tripleoupstream/centos-binary-tacker:latest + DockerTackerImage: tripleoupstream/centos-binary-tacker:latest + DockerZaqarConfigImage: tripleoupstream/centos-binary-zaqar:latest + DockerZaqarImage: tripleoupstream/centos-binary-zaqar:latest diff --git a/environments/docker-ha.yaml b/environments/docker-ha.yaml new file mode 100644 index 00000000..474e9966 --- /dev/null +++ b/environments/docker-ha.yaml @@ -0,0 +1,20 @@ +# Environment file to deploy the HA services via docker +# Add it *after* -e docker.yaml: +# ...deploy..-e docker.yaml -e docker-ha.yaml +resource_registry: + # Pacemaker runs on the host + OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml + OS::TripleO::Services::PacemakerRemote: ../puppet/services/pacemaker_remote.yaml + + # Services that are disabled for HA deployments with pacemaker + OS::TripleO::Services::Keepalived: OS::Heat::None + + # HA Containers managed by pacemaker + # FIXME: enable those Cinder services once their non-HA counterpart are enabled + # OS::TripleO::Services::CinderVolume: ../docker/services/pacemaker/cinder-volume.yaml + # OS::TripleO::Services::CinderBackup: ../docker/services/pacemaker/cinder-backup.yaml + OS::TripleO::Services::Clustercheck: ../docker/services/pacemaker/clustercheck.yaml + OS::TripleO::Services::HAproxy: ../docker/services/pacemaker/haproxy.yaml + OS::TripleO::Services::MySQL: ../docker/services/pacemaker/database/mysql.yaml + OS::TripleO::Services::RabbitMQ: ../docker/services/pacemaker/rabbitmq.yaml + OS::TripleO::Services::Redis: ../docker/services/pacemaker/database/redis.yaml diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index 3ca04697..255726a1 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -20,7 +20,9 @@ resource_registry: OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml + OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml + OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml @@ -34,18 +36,3 @@ resource_registry: OS::TripleO::PostDeploySteps: ../docker/post.yaml OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml - -parameter_defaults: - # To specify a local docker registry, enable these - # where 192.168.24.1 is the host running docker-distribution - #DockerNamespace: 192.168.24.1:8787/tripleoupstream - #DockerNamespaceIsRegistry: true - - ComputeServices: - - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CertmongerUser - - OS::TripleO::Services::NovaCompute - - OS::TripleO::Services::NovaLibvirt - - OS::TripleO::Services::ComputeNeutronOvsAgent - - OS::TripleO::Services::Docker - - OS::TripleO::Services::Sshd diff --git a/environments/docker.yaml b/environments/docker.yaml index 03713e83..a7504611 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -6,6 +6,8 @@ resource_registry: OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml OS::TripleO::Services::Docker: ../puppet/services/docker.yaml + # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2 + OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml #NOTE (dprince) add roles to be docker enabled as we support them OS::TripleO::Services::NovaLibvirt: ../docker/services/nova-libvirt.yaml @@ -20,6 +22,7 @@ resource_registry: OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml + OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml @@ -61,17 +64,3 @@ resource_registry: OS::TripleO::PostDeploySteps: ../docker/post.yaml OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml - -parameter_defaults: - # To specify a local docker registry, enable these - # where 192.168.24.1 is the host running docker-distribution - #DockerNamespace: 192.168.24.1:8787/tripleoupstream - #DockerNamespaceIsRegistry: true - - ComputeServices: - - OS::TripleO::Services::NovaCompute - - OS::TripleO::Services::NovaLibvirt - - OS::TripleO::Services::ComputeNeutronOvsAgent - - OS::TripleO::Services::Docker - - OS::TripleO::Services::CeilometerAgentCompute - - OS::TripleO::Services::Sshd diff --git a/environments/host-config-and-reboot.j2.yaml b/environments/host-config-and-reboot.j2.yaml index d5f69ec5..c16627db 100644 --- a/environments/host-config-and-reboot.j2.yaml +++ b/environments/host-config-and-reboot.j2.yaml @@ -11,8 +11,8 @@ resource_registry: #ComputeParameters: #KernelArgs: "" #TunedProfileName: "" - #HostIsolatedCoreList: "" + #IsolCpusList: "" #ComputeOvsDpdkParameters: - #KernelArgs: "" - #TunedProfileName: "" - #HostIsolatedCoreList: "" + #KernelArgs: "intel_iommu=on iommu=pt default_hugepagesz=1GB hugepagesz=1G hugepages=60" + #TunedProfileName: "cpu-partitioning" + #IsolCpusList: "" diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index 05a3a391..872a1d99 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -16,6 +16,7 @@ parameter_defaults: - OS::TripleO::Services::Securetty - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Kernel - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronOvsAgent diff --git a/environments/major-upgrade-composable-steps-docker.yaml b/environments/major-upgrade-composable-steps-docker.yaml index 24eedf83..20340c78 100644 --- a/environments/major-upgrade-composable-steps-docker.yaml +++ b/environments/major-upgrade-composable-steps-docker.yaml @@ -9,4 +9,6 @@ parameter_defaults: UpgradeLevelNovaCompute: auto UpgradeInitCommonCommand: | #!/bin/bash + set -eu # Ocata to Pike, put any needed host-level workarounds here + yum install -y ansible-pacemaker diff --git a/environments/neutron-ml2-bigswitch.yaml b/environments/neutron-ml2-bigswitch.yaml index 8a4a144c..c0ba906e 100644 --- a/environments/neutron-ml2-bigswitch.yaml +++ b/environments/neutron-ml2-bigswitch.yaml @@ -13,7 +13,6 @@ parameter_defaults: NeutronBigswitchRestproxyServerAuth: NeutronMechanismDrivers: openvswitch,bsn_ml2 NeutronServicePlugins: bsn_l3,bsn_service_plugin - KeystoneNotificationDriver: messaging # Optional: # NeutronBigswitchRestproxyAutoSyncOnFailure: diff --git a/environments/neutron-ml2-cisco-nexus-ucsm.yaml b/environments/neutron-ml2-cisco-nexus-ucsm.yaml index f5a0a399..2c87470b 100644 --- a/environments/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/environments/neutron-ml2-cisco-nexus-ucsm.yaml @@ -2,7 +2,6 @@ # a Cisco Neutron plugin. resource_registry: OS::TripleO::AllNodesExtraConfig: ../puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml - OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None parameter_defaults: diff --git a/environments/neutron-opendaylight-dpdk.yaml b/environments/neutron-opendaylight-dpdk.yaml new file mode 100644 index 00000000..d675252d --- /dev/null +++ b/environments/neutron-opendaylight-dpdk.yaml @@ -0,0 +1,45 @@ +# A Heat environment that can be used to deploy OpenDaylight with L3 DVR and DPDK +resource_registry: + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None + OS::TripleO::Services::OpenDaylightApi: ../puppet/services/opendaylight-api.yaml + OS::TripleO::Services::OpenDaylightOvs: ../puppet/services/opendaylight-ovs.yaml + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + +parameter_defaults: + NeutronEnableForceMetadata: true + NeutronMechanismDrivers: 'opendaylight_v2' + NeutronServicePlugins: 'odl-router_v2' + NovaSchedulerDefaultFilters: "RamFilter,ComputeFilter,AvailabilityZoneFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,NUMATopologyFilter" + + ComputeOvsDpdkParameters: + OvsEnableDpdk: True + + ## Host configuration Parameters + #TunedProfileName: "cpu-partitioning" + #IsolCpusList: "" # Logical CPUs list to be isolated from the host process (applied via cpu-partitioning tuned). + # It is mandatory to provide isolated cpus for tuned to achive optimal performance. + # Example: "3-8,12-15,18" + #KernelArgs: "" # Space separated kernel args to configure hugepage and IOMMU. + # Deploying DPDK requires enabling hugepages for the overcloud compute nodes. + # It also requires enabling IOMMU when using the VFIO (vfio-pci) OvsDpdkDriverType. + # This should be done by configuring parameters via host-config-and-reboot.yaml environment file. + + ## Attempting to deploy DPDK without appropriate values for the below parameters may lead to unstable deployments + ## due to CPU contention of DPDK PMD threads. + ## It is highly recommended to to enable isolcpus (via KernelArgs) on compute overcloud nodes and set the following parameters: + #OvsDpdkSocketMemory: "" # Sets the amount of hugepage memory to assign per NUMA node. + # It is recommended to use the socket closest to the PCIe slot used for the + # desired DPDK NIC. Format should be comma separated per socket string such as: + # "<socket 0 mem MB>,<socket 1 mem MB>", for example: "1024,0". + #OvsDpdkDriverType: "vfio-pci" # Ensure the Overcloud NIC to be used for DPDK supports this UIO/PMD driver. + #OvsPmdCoreList: "" # List or range of CPU cores for PMD threads to be pinned to. Note, NIC + # location to cores on socket, number of hyper-threaded logical cores, and + # desired number of PMD threads can all play a role in configuring this setting. + # These cores should be on the same socket where OvsDpdkSocketMemory is assigned. + # If using hyperthreading then specify both logical cores that would equal the + # physical core. Also, specifying more than one core will trigger multiple PMD + # threads to be spawned, which may improve dataplane performance. + #NovaVcpuPinSet: "" # Cores to pin Nova instances to. For maximum performance, select cores + # on the same NUMA node(s) selected for previous settings. diff --git a/environments/neutron-ovs-dpdk.yaml b/environments/neutron-ovs-dpdk.yaml index 6706bccc..029a198e 100644 --- a/environments/neutron-ovs-dpdk.yaml +++ b/environments/neutron-ovs-dpdk.yaml @@ -1,18 +1,38 @@ -## A Heat environment that can be used to deploy DPDK with OVS +# A Heat environment that can be used to deploy DPDK with OVS +# Deploying DPDK requires enabling hugepages for the overcloud nodes resource_registry: - OS::TripleO::Services::ComputeNeutronOvsAgent: ../puppet/services/neutron-ovs-dpdk-agent.yaml + OS::TripleO::Services::ComputeNeutronOvsDpdk: ../puppet/services/neutron-ovs-dpdk-agent.yaml parameter_defaults: - ## NeutronDpdkCoreList and NeutronDpdkMemoryChannels are REQUIRED settings. - ## Attempting to deploy DPDK without appropriate values will cause deployment to fail or lead to unstable deployments. - #NeutronDpdkCoreList: "" - #NeutronDpdkMemoryChannels: "" - NeutronDatapathType: "netdev" NeutronVhostuserSocketDir: "/var/lib/vhost_sockets" + NovaSchedulerDefaultFilters: "RamFilter,ComputeFilter,AvailabilityZoneFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,NUMATopologyFilter" + OvsDpdkDriverType: "vfio-pci" - #NeutronDpdkSocketMemory: "" - #NeutronDpdkDriverType: "vfio-pci" - #NovaReservedHostMemory: 4096 - #NovaVcpuPinSet: "" + #ComputeOvsDpdkParameters: + ## Host configuration Parameters + #TunedProfileName: "cpu-partitioning" + #IsolCpusList: "" # Logical CPUs list to be isolated from the host process (applied via cpu-partitioning tuned). + # It is mandatory to provide isolated cpus for tuned to achive optimal performance. + # Example: "3-8,12-15,18" + #KernelArgs: "" # Space separated kernel args to configure hugepage and IOMMU. + # Deploying DPDK requires enabling hugepages for the overcloud compute nodes. + # It also requires enabling IOMMU when using the VFIO (vfio-pci) OvsDpdkDriverType. + # This should be done by configuring parameters via host-config-and-reboot.yaml environment file. + ## Attempting to deploy DPDK without appropriate values for the below parameters may lead to unstable deployments + ## due to CPU contention of DPDK PMD threads. + ## It is highly recommended to to enable isolcpus (via KernelArgs) on compute overcloud nodes and set the following parameters: + #OvsDpdkSocketMemory: "" # Sets the amount of hugepage memory to assign per NUMA node. + # It is recommended to use the socket closest to the PCIe slot used for the + # desired DPDK NIC. Format should be comma separated per socket string such as: + # "<socket 0 mem MB>,<socket 1 mem MB>", for example: "1024,0". + #OvsPmdCoreList: "" # List or range of CPU cores for PMD threads to be pinned to. Note, NIC + # location to cores on socket, number of hyper-threaded logical cores, and + # desired number of PMD threads can all play a role in configuring this setting. + # These cores should be on the same socket where OvsDpdkSocketMemory is assigned. + # If using hyperthreading then specify both logical cores that would equal the + # physical core. Also, specifying more than one core will trigger multiple PMD + # threads to be spawned, which may improve dataplane performance. + #NovaVcpuPinSet: "" # Cores to pin Nova instances to. For maximum performance, select cores + # on the same NUMA node(s) selected for previous settings. diff --git a/environments/nonha-arch.yaml b/environments/nonha-arch.yaml new file mode 100644 index 00000000..7fdcc100 --- /dev/null +++ b/environments/nonha-arch.yaml @@ -0,0 +1,16 @@ +# An environment which creates an Overcloud without the use of pacemaker +# (i.e. only with keepalived and systemd for all resources) +resource_registry: + OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None + OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None + OS::TripleO::Tasks::ControllerPostPuppetRestart: OS::Heat::None + + OS::TripleO::Services::CinderVolume: ../puppet/services/cinder-volume.yaml + OS::TripleO::Services::RabbitMQ: ../puppet/services/rabbitmq.yaml + OS::TripleO::Services::HAproxy: ../puppet/services/haproxy.yaml + OS::TripleO::Services::Redis: ../puppet/services/database/redis.yaml + OS::TripleO::Services::MySQL: ../puppet/services/database/mysql.yaml + OS::TripleO::Services::Keepalived: OS::Heat::None + OS::TripleO::Services::Pacemaker: OS::Heat::None + OS::TripleO::Services::PacemakerRemote: OS::Heat::None + diff --git a/environments/overcloud-baremetal.j2.yaml b/environments/overcloud-baremetal.j2.yaml new file mode 100644 index 00000000..8d7bc8d9 --- /dev/null +++ b/environments/overcloud-baremetal.j2.yaml @@ -0,0 +1,20 @@ +resource_registry: + OS::TripleO::AllNodes::SoftwareConfig: OS::Heat::None + OS::TripleO::PostDeploySteps: OS::Heat::None + OS::TripleO::DefaultPasswords: OS::Heat::None + OS::TripleO::RandomString: OS::Heat::None + OS::TripleO::AllNodesDeployment: OS::Heat::None + OS::TripleO::DeployedServerEnvironment: ../deployed-server/deployed-server-environment-output.yaml + +parameter_defaults: + # Deploy no services +{% for role in roles %} + {{role.name}}Services: [] +{% endfor %} + + # Consistent Hostname format + ControllerHostnameFormat: overcloud-controller-%index% + ComputeHostnameFormat: overcloud-novacompute-%index% + ObjectStorageHostnameFormat: overcloud-objectstorage-%index% + CephStorageHostnameFormat: overcloud-cephstorage-%index% + BlockStorageHostnameFormat: overcloud-blockstorage-%index% diff --git a/environments/overcloud-services.yaml b/environments/overcloud-services.yaml new file mode 100644 index 00000000..1d01cb3c --- /dev/null +++ b/environments/overcloud-services.yaml @@ -0,0 +1,10 @@ +resource_registry: + OS::TripleO::DeployedServerEnvironment: ../deployed-server/deployed-server-environment-output.yaml + +parameter_defaults: + # Consistent Hostname format + ControllerDeployedServerHostnameFormat: overcloud-controller-%index% + ComputeDeployedServerHostnameFormat: overcloud-novacompute-%index% + ObjectStorageDeployedServerHostnameFormat: overcloud-objectstorage-%index% + CephStorageDeployedServerHostnameFormat: overcloud-cephstorage-%index% + BlockStorageDeployedServerHostnameFormat: overcloud-blockstorage-%index% diff --git a/environments/services-docker/congress.yaml b/environments/services-docker/congress.yaml index 5d4c7307..e1edd352 100644 --- a/environments/services-docker/congress.yaml +++ b/environments/services-docker/congress.yaml @@ -1,2 +1,2 @@ resource_registry: - OS::TripleO::Services::Congress: ../../docker/services/congress-api.yaml + OS::TripleO::Services::Congress: ../../docker/services/congress.yaml diff --git a/environments/services-docker/manila.yaml b/environments/services-docker/manila.yaml index 795309f6..eacdb1a1 100644 --- a/environments/services-docker/manila.yaml +++ b/environments/services-docker/manila.yaml @@ -1,3 +1,4 @@ resource_registry: OS::TripleO::Services::ManilaApi: ../../docker/services/manila-api.yaml OS::TripleO::Services::ManilaScheduler: ../../docker/services/manila-scheduler.yaml + OS::TripleO::Services::ManilaShare: ../../docker/services/manila-share.yaml diff --git a/environments/services-docker/neutron-opendaylight.yaml b/environments/services-docker/neutron-opendaylight.yaml new file mode 100644 index 00000000..b749cb69 --- /dev/null +++ b/environments/services-docker/neutron-opendaylight.yaml @@ -0,0 +1,16 @@ +# A Heat environment that can be used to deploy OpenDaylight with L3 DVR using Docker containers +resource_registry: + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None + OS::TripleO::Services::OpenDaylightApi: ../../docker/services/opendaylight-api.yaml + OS::TripleO::Services::OpenDaylightOvs: ../../puppet/services/opendaylight-ovs.yaml + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Docker::NeutronMl2PluginBase: ../../puppet/services/neutron-plugin-ml2-odl.yaml + +parameter_defaults: + NeutronEnableForceMetadata: true + NeutronMechanismDrivers: 'opendaylight_v2' + NeutronServicePlugins: 'odl-router_v2,trunk' + DockerNeutronApiImage: 'centos-binary-neutron-server-opendaylight:latest' + DockerNeutronConfigImage: 'centos-binary-neutron-server-opendaylight:latest' diff --git a/environments/services-docker/octavia.yaml b/environments/services-docker/octavia.yaml new file mode 100644 index 00000000..b677a4f6 --- /dev/null +++ b/environments/services-docker/octavia.yaml @@ -0,0 +1,5 @@ +resource_registry: + OS::TripleO::Services::OctaviaApi: ../../docker/services/octavia-api.yaml + OS::TripleO::Services::OctaviaHousekeeping: ../../docker/services/octavia-housekeeping.yaml + OS::TripleO::Services::OctaviaHealthManager: ../../docker/services/octavia-health-manager.yaml + OS::TripleO::Services::OctaviaWorker: ../../docker/services/octavia-worker.yaml diff --git a/environments/services/neutron-lbaasv2.yaml b/environments/services/neutron-lbaasv2.yaml new file mode 100644 index 00000000..385bb2fe --- /dev/null +++ b/environments/services/neutron-lbaasv2.yaml @@ -0,0 +1,18 @@ +# A Heat environment file that can be used to deploy Neutron LBaaSv2 service +# +# Currently there are only two interface drivers for Neutron LBaaSv2 +# The default option is the standard OVS driver the other option is to be used +# when linux bridges are used instead of OVS +# In order to enable other backend, replace the content of NeutronLbaasInterfaceDriver +# +# - OVS: neutron.agent.linux.interface.OVSInterfaceDriver +# - LinuxBridges: neutron.agent.linux.interface.BridgeInterfaceDriver +resource_registry: + OS::TripleO::Services::NeutronLbaasv2Agent: ../puppet/services/neutron-lbaas.yaml + +parameter_defaults: + NeutronLbaasInterfaceDriver: "neutron.agent.linux.interface.OVSInterfaceDriver" + NeutronLbaasDeviceDriver: "neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver" + NeutronServiceProviders: ['LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default'] + NeutronServicePlugins: "qos,router,trunk,lbaasv2" + diff --git a/environments/ssl/tls-endpoints-public-dns.yaml b/environments/ssl/tls-endpoints-public-dns.yaml index 216afece..3b3ddc16 100644 --- a/environments/ssl/tls-endpoints-public-dns.yaml +++ b/environments/ssl/tls-endpoints-public-dns.yaml @@ -30,39 +30,6 @@ parameter_defaults: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} - ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} diff --git a/environments/ssl/tls-endpoints-public-ip.yaml b/environments/ssl/tls-endpoints-public-ip.yaml index d216ab7f..bca6a891 100644 --- a/environments/ssl/tls-endpoints-public-ip.yaml +++ b/environments/ssl/tls-endpoints-public-ip.yaml @@ -30,39 +30,6 @@ parameter_defaults: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} - ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'} diff --git a/environments/ssl/tls-everywhere-endpoints-dns.yaml b/environments/ssl/tls-everywhere-endpoints-dns.yaml index 63157ddd..e3fe608b 100644 --- a/environments/ssl/tls-everywhere-endpoints-dns.yaml +++ b/environments/ssl/tls-everywhere-endpoints-dns.yaml @@ -30,39 +30,6 @@ parameter_defaults: CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} - ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} diff --git a/environments/storage/cinder-netapp-config.yaml b/environments/storage/cinder-netapp-config.yaml index 4cdba09b..c118fe7b 100644 --- a/environments/storage/cinder-netapp-config.yaml +++ b/environments/storage/cinder-netapp-config.yaml @@ -36,6 +36,14 @@ parameter_defaults: # # Type: string + CinderNetappNasSecureFileOperations: false + + # + # Type: string + CinderNetappNasSecureFilePermissions: false + + # + # Type: string CinderNetappNfsMountOptions: '' # diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index 83b32495..38942899 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -24,39 +24,6 @@ parameter_defaults: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} - ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index 8e502972..b6613f42 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -24,39 +24,6 @@ parameter_defaults: CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'} CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'} - ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml index 84cabf10..074fae73 100644 --- a/environments/tls-everywhere-endpoints-dns.yaml +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -20,39 +20,6 @@ parameter_defaults: CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'} CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'} - ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086', - host: 'IP_ADDRESS'} - ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'} - ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'} - ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'} - ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'} - ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} - ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'} Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'} Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'} diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml index 559d81df..4bc16f8c 100644 --- a/environments/undercloud.yaml +++ b/environments/undercloud.yaml @@ -20,3 +20,5 @@ parameter_defaults: HeatMaxJsonBodySize: 2097152 IronicInspectorInterface: br-ctlplane IronicInspectorIpRange: '192.168.24.100,192.168.24.200' + ZaqarMessageStore: 'swift' + ZaqarManagementStore: 'sqlalchemy' diff --git a/environments/veritas-hyperscale/cinder-veritas-hyperscale-config.yaml b/environments/veritas-hyperscale/cinder-veritas-hyperscale-config.yaml new file mode 100644 index 00000000..eaa6cf7f --- /dev/null +++ b/environments/veritas-hyperscale/cinder-veritas-hyperscale-config.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2017 Veritas Technologies LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# A Heat environment file which can be used to enable a +# a Veritas HyperScale backend, configured via puppet +resource_registry: + OS::TripleO::Services::CinderBackendVRTSHyperScale: ../../puppet/services/cinder-backend-veritas-hyperscale.yaml diff --git a/environments/veritas-hyperscale/veritas-hyperscale-config.yaml b/environments/veritas-hyperscale/veritas-hyperscale-config.yaml new file mode 100644 index 00000000..f6633539 --- /dev/null +++ b/environments/veritas-hyperscale/veritas-hyperscale-config.yaml @@ -0,0 +1,31 @@ +# Copyright (c) 2017 Veritas Technologies LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# A Heat environment file which can be used to install +# Veritas HyperScale packages for controller. +resource_registry: + OS::TripleO::Services::VRTSHyperScale: ../../puppet/services/veritas-hyperscale-controller.yaml + +parameter_defaults: + EnablePackageInstall: true + VrtsRabbitPassword: '' + VrtsKeystonePassword: '' + VrtsMysqlPassword: '' + VrtsCtrlMgmtIP: '' + VrtsDashboardIP: '' + VrtsZookeeperIP: '' + VrtsSSHPassword: '' + VrtsConfigParam1: '' + VrtsConfigParam2: '' + VrtsConfigParam3: '' diff --git a/extraconfig/all_nodes/contrail/enable_contrail_repo.yaml b/extraconfig/all_nodes/contrail/enable_contrail_repo.yaml new file mode 100644 index 00000000..51da6f65 --- /dev/null +++ b/extraconfig/all_nodes/contrail/enable_contrail_repo.yaml @@ -0,0 +1,43 @@ +heat_template_version: pike + +parameters: + ContrailRepo: + type: string + default: '' + +resources: + userdata: + type: OS::Heat::MultipartMime + properties: + parts: + - config: {get_resource: EnableContrailRepoConfig} + + EnableContrailRepoConfig: + type: OS::Heat::SoftwareConfig + properties: + config: + str_replace: + template: | + #!/bin/bash + contrail_repo=$contrail_repo + if [[ ${contrail_repo} ]]; then + cat <<EOF > /etc/yum.repos.d/contrail.repo + [Contrail] + name=Contrail Repo + baseurl=${contrail_repo} + enabled=1 + gpgcheck=0 + protect=1 + metadata_expire=30 + EOF + fi + params: + $contrail_repo: {get_param: ContrailRepo} + +outputs: + # This means get_resource from the parent template will get the userdata, see: + # http://docs.openstack.org/developer/heat/template_guide/composition.html#making-your-template-resource-more-transparent + # Note this is new-for-kilo, an alternative is returning a value then using + # get_attr in the parent template instead. + OS::stack_id: + value: {get_resource: userdata} diff --git a/extraconfig/post_deploy/example_run_on_update.yaml b/extraconfig/post_deploy/example_run_on_update.yaml index 346a1d77..4e378b14 100644 --- a/extraconfig/post_deploy/example_run_on_update.yaml +++ b/extraconfig/post_deploy/example_run_on_update.yaml @@ -14,6 +14,9 @@ parameters: # otherwise unchanged DeployIdentifier: type: string + default: '' + description: > + Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. resources: diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml index 96632bc2..fb0d1699 100644 --- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml +++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml @@ -59,6 +59,19 @@ parameters: description: | When enabled, the system will perform a yum update after performing the RHEL Registration process. + deployment_actions: + default: ['CREATE', 'UPDATE'] + type: comma_delimited_list + description: > + List of stack actions that will trigger any deployments in this + templates. The actions will be an empty list of the server is in the + toplevel DeploymentServerBlacklist parameter's value. + +conditions: + deployment_actions_empty: + equals: + - {get_param: deployment_actions} + - [] resources: @@ -136,7 +149,11 @@ resources: name: RHELUnregistrationDeployment server: {get_param: server} config: {get_resource: RHELUnregistration} - actions: ['DELETE'] # Only do this on DELETE + actions: + if: + - deployment_actions_empty + - [] + - ['DELETE'] # Only do this on DELETE input_values: REG_METHOD: {get_param: rhel_reg_method} @@ -169,7 +186,11 @@ resources: name: UpdateDeploymentAfterRHELRegistration config: {get_resource: YumUpdateConfigurationAfterRHELRegistration} server: {get_param: server} - actions: ['CREATE'] # Only do this on CREATE + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE outputs: deploy_stdout: diff --git a/extraconfig/pre_network/ansible_host_config.yaml b/extraconfig/pre_network/ansible_host_config.yaml index f4f1a14a..2d862613 100644 --- a/extraconfig/pre_network/ansible_host_config.yaml +++ b/extraconfig/pre_network/ansible_host_config.yaml @@ -31,7 +31,7 @@ line: 'isolated_cores={{ _TUNED_CORES_ }}' when: _TUNED_CORES_|default("") != "" - - name: Tune-d provile activation + - name: Tune-d profile activation shell: tuned-adm profile {{ _TUNED_PROFILE_NAME_ }} become: true when: _TUNED_PROFILE_NAME_|default("") != "" diff --git a/extraconfig/pre_network/config_then_reboot.yaml b/extraconfig/pre_network/config_then_reboot.yaml index 48ba5263..79cb7cbc 100644 --- a/extraconfig/pre_network/config_then_reboot.yaml +++ b/extraconfig/pre_network/config_then_reboot.yaml @@ -7,6 +7,19 @@ description: > parameters: server: type: string + deployment_actions: + default: ['CREATE', 'UPDATE'] + type: comma_delimited_list + description: > + List of stack actions that will trigger any deployments in this + templates. The actions will be an empty list of the server is in the + toplevel DeploymentServerBlacklist parameter's value. + +conditions: + deployment_actions_empty: + equals: + - {get_param: deployment_actions} + - [] resources: @@ -24,6 +37,11 @@ resources: name: SomeDeployment server: {get_param: server} config: {get_resource: SomeConfig} + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE actions: ['CREATE'] # Only do this on CREATE RebootConfig: @@ -44,5 +62,9 @@ resources: name: RebootDeployment server: {get_param: server} config: {get_resource: RebootConfig} - actions: ['CREATE'] # Only do this on CREATE + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE signal_transport: NO_SIGNAL diff --git a/extraconfig/pre_network/contrail/compute_pre_network.yaml b/extraconfig/pre_network/contrail/compute_pre_network.yaml new file mode 100644 index 00000000..a30330f9 --- /dev/null +++ b/extraconfig/pre_network/contrail/compute_pre_network.yaml @@ -0,0 +1,162 @@ +heat_template_version: pike + +# NOTE: You don't need to pass the parameter explicitly from the +# parent template, it can be specified via the parameter_defaults +# in the resource_registry instead, if you want to override the default +# and/or share values with other templates in the tree. +parameters: + ContrailRepo: + type: string + default: '' + ContrailVrouterPhysicalInterface: + default: 'eth0' + description: vRouter physical interface + type: string + ContrailVlanParentInterface: + default: '' + description: Parent interface of vlan interface + type: string + ContrailBondInterface: + default: '' + description: Bond interface name + type: string + ContrailBondInterfaceMembers: + default: '' + description: Bond interface members + type: string + ContrailBondMode: + default: '4' + description: Bond Mode + type: string + ContrailBondPolicy: + default: '1' + description: Bond Policy + type: string + RoleParameters: + type: json + description: Role Specific parameters + default: {} + ServiceNames: + type: comma_delimited_list + default: [] + server: + type: string + +description: > + This template installs the Contrail kernel module packages in order + to bring vhost0 interface up. Vhost0 interface must be up before + os-net-config takes over. + +resources: + + ContrailVrouterModuleDeployment: + type: OS::Heat::SoftwareDeployment + properties: + name: ContrailVrouterModuleDeployment + server: {get_param: server} + config: {get_resource: ContrailVrouterModuleConfig} + input_values: + phy_int: {get_param: ContrailVrouterPhysicalInterface} + bond_int: {get_param: ContrailBondInterface} + bond_int_members: {get_param: ContrailBondInterfaceMembers} + vlan_parent: {get_param: ContrailVlanParentInterface} + contrail_repo: {get_param: ContrailRepo} + bond_mode: {get_param: ContrailBondMode} + bond_policy: {get_param: ContrailBondPolicy} + actions: ['CREATE'] # Only do this on CREATE + + ContrailVrouterModuleConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + inputs: + - name: phy_int + - name: bond_int + - name: bond_int_members + - name: vlan_parent + - name: contrail_repo + - name: bond_mode + - name: bond_policy + config: | + #!/bin/bash + phy_int=$phy_int + bond_int=$bond_int + bond_int_members=$bond_int_members + bond_mode=$bond_mode + bond_policy=$bond_policy + vlan_parent=$vlan_parent + contrail_repo=$contrail_repo + if [[ ${contrail_repo} ]]; then + yum install -y contrail-vrouter-utils + fi + function pkt_setup () { + for f in /sys/class/net/$1/queues/rx-* + do + q="$(echo $f | cut -d '-' -f2)" + r=$(($q%32)) + s=$(($q/32)) + ((mask=1<<$r)) + str=(`printf "%x" $mask`) + if [ $s -gt 0 ]; then + for ((i=0; i < $s; i++)) + do + str+=,00000000 + done + fi + echo $str > $f/rps_cpus + done + ifconfig $1 up + } + function insert_vrouter() { + if [ -f /sys/class/net/pkt1/queues/rx-0/rps_cpus ]; then + pkt_setup pkt1 + fi + if [ -f /sys/class/net/pkt2/queues/rx-0/rps_cpus ]; then + pkt_setup pkt2 + fi + if [ -f /sys/class/net/pkt3/queues/rx-0/rps_cpus ]; then + pkt_setup pkt3 + fi + DEV_MAC=$(cat /sys/class/net/${phy_int}/address) + vif --create vhost0 --mac $DEV_MAC + vif --add ${phy_int} --mac $DEV_MAC --vrf 0 --vhost-phys --type physical + vif --add vhost0 --mac $DEV_MAC --vrf 0 --type vhost --xconnect ${phy_int} + ip link set vhost0 up + return 0 + } + if [[ ${bond_int} ]]; then + bond_int_member_list=$(echo ${bond_int_members} | tr "," "\n") + ip link add name ${bond_int} type bond + echo ${bond_mode} > /sys/class/net/${bond_int}/bonding/mode + echo ${bond_policy} > /sys/class/net/${bond_int}/bonding/xmit_hash_policy + for member in ${bond_int_member_list}; do + ip link set dev $member master ${bond_int} + done + fi + if [[ ${vlan_parent} ]]; then + vlanId=`echo ${phy_int} | awk -F"vlan" '{print $2}'` + ip link add name ${phy_int} link ${vlan_parent} type vlan id ${vlanId} + fi + if [[ ${contrail_repo} ]]; then + yumdownloader contrail-vrouter --destdir /tmp + cd /tmp + rpm2cpio /tmp/contrail-vrouter*.rpm | cpio -idmv + cp `find /tmp/lib/modules -name vrouter.ko |tail -1` /tmp + insmod /tmp/vrouter.ko + else + modprobe vrouter + fi + insert_vrouter + if [[ `ifconfig ${phy_int} |grep "inet "` ]]; then + def_gw='' + if [[ `ip route show |grep default|grep ${phy_int}` ]]; then + def_gw=`ip route show |grep default|grep ${phy_int}|awk '{print $3}'` + fi + ip=`ifconfig ${phy_int} |grep "inet "|awk '{print $2}'` + mask=`ifconfig ${phy_int} |grep "inet "|awk '{print $4}'` + ip address delete $ip/$mask dev ${phy_int} + ip address add $ip/$mask dev vhost0 + if [[ $def_gw ]]; then + ip route add default via $def_gw + fi + fi diff --git a/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml b/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml new file mode 100644 index 00000000..623eb7e0 --- /dev/null +++ b/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml @@ -0,0 +1,168 @@ +heat_template_version: pike + +# NOTE: You don't need to pass the parameter explicitly from the +# parent template, it can be specified via the parameter_defaults +# in the resource_registry instead, if you want to override the default +# and/or share values with other templates in the tree. +parameters: + ContrailRepo: + type: string + default: '' + ContrailVrouterPhysicalInterface: + default: 'eth0' + description: vRouter physical interface + type: string + ContrailVlanParentInterface: + default: '' + description: Parent interface of vlan interface + type: string + ContrailBondInterface: + default: '' + description: Bond interface name + type: string + ContrailBondInterfaceMembers: + default: '' + description: Bond interface members + type: string + ContrailBondMode: + default: '4' + description: Bond Mode + type: string + ContrailBondPolicy: + default: '1' + description: Bond Policy + type: string + ContrailDpdkHugePages: + default: '2048' + description: DPDK Hugepages setting + type: string + RoleParameters: + type: json + description: Role Specific parameters + default: {} + ServiceNames: + type: comma_delimited_list + default: [] + server: + type: string + +description: > + This template installs the Contrail dpdk packages in order + to bring vhost0 interface up. Vhost0 interface must be up before + os-net-config takes over. + +resources: + + ContrailVrouterDpdkDeployment: + type: OS::Heat::SoftwareDeployment + properties: + name: ContrailVrouterDpdkDeployment + server: {get_param: server} + config: {get_resource: ContrailVrouterDpdkConfig} + input_values: + phy_int: {get_param: ContrailVrouterPhysicalInterface} + bond_int: {get_param: ContrailBondInterface} + bond_int_members: {get_param: ContrailBondInterfaceMembers} + vlan_parent: {get_param: ContrailVlanParentInterface} + contrail_repo: {get_param: ContrailRepo} + bond_mode: {get_param: ContrailBondMode} + bond_policy: {get_param: ContrailBondPolicy} + dpdk_hugepages: {get_param: ContrailDpdkHugePages} + actions: ['CREATE'] # Only do this on CREATE + + ContrailVrouterDpdkConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/bash + phy_int=$phy_int + bond_int=$bond_int + bond_int_members=$bond_int_members + bond_mode=$bond_mode + bond_policy=$bond_policy + vlan_parent=$vlan_parent + contrail_repo=$contrail_repo + dpdk_hugepages=$dpdk_hugepages + echo "vm.nr_hugepages = $dpdk_hugepages" >> /etc/sysctl.conf + echo "vm.max_map_count = 128960" >> /etc/sysctl.conf + echo "kernel.core_pattern = /var/crashes/core.%e.%p.%h.%t" >> /etc/sysctl.conf + echo "net.ipv4.tcp_keepalive_time = 5" >> /etc/sysctl.conf + echo "net.ipv4.tcp_keepalive_probes = 5" >> /etc/sysctl.conf + echo "net.ipv4.tcp_keepalive_intvl = 1" >> /etc/sysctl.conf + /sbin/sysctl --system + modprobe uio + if [[ ${contrail_repo} ]]; then + yum install -y contrail-vrouter-utils contrail-vrouter-dpdk contrail-vrouter-dpdk-init + fi + pci_address=`ethtool -i ${phy_int} |grep bus-info| awk '{print $2}' |tr -d ' '` + if [[ ${vlan_parent} ]]; then + pci_address=`ethtool -i ${vlan_parent} |grep bus-info| awk '{print $2}' |tr -d ' '` + fi + if [[ ${bond_int} ]]; then + bond_int_member_list=$(echo ${bond_int_members} | tr "," "\n") + cat <<EOF> /etc/sysconfig/network-scripts/ifcfg-${bond_int} + DEVICE=${bond_int} + BOOTPROTO=none + ONBOOT=yes + USERCTL=no + BONDING_OPTS="mode=${bond_mode} xmit_hash_policy=${bond_policy}" + EOF + for member in ${bond_int_member_list}; do + cat <<EOF> /etc/sysconfig/network-scripts/ifcfg-${member} + DEVICE=${member} + BOOTPROTO=none + ONBOOT=yes + MASTER=${bond_int} + SLAVE=yes + USERCTL=no + EOF + ip link set dev ${member} down + done + ifup ${bond_int} + pci_address=0000:00:00.0 + fi + if [[ ${vlan_parent} ]]; then + echo ${vlan_parent} >> /tmp/vlan_parent + vlanId=`echo ${phy_int} | awk -F"vlan" '{print $2}'` + ip link add name ${phy_int} link ${vlan_parent} type vlan id ${vlanId} + fi + cat <<EOF > /etc/contrail/agent_param + LOG=/var/log/contrail.log + CONFIG=/etc/contrail/contrail-vrouter-agent.conf + prog=/usr/bin/contrail-vrouter-agent + pname=contrail-vrouter-agent + LIBDIR=/usr/lib64 + DEVICE=vhost0 + dev=${phy_int} + vgw_subnet_ip=__VGW_SUBNET_IP__ + vgw_intf=__VGW_INTF_LIST__ + LOGFILE=--log-file=/var/log/contrail/vrouter.log + EOF + mac=`ip link sh dev ${phy_int} | grep link/ether|awk '{print $2}' | tr -d ' '` + cat <<EOF > /etc/contrail/contrail-vrouter-agent.conf + [DEFAULT] + platform=dpdk + physical_interface_address=$pci_address + physical_interface_mac=$mac + physical_uio_driver=uio_pci_generic + [VIRTUAL-HOST-INTERFACE] + physical_interface=${phy_int} + name=vhost0 + EOF + echo $pci_address > /etc/contrail/dpdk_pci + echo $mac > /etc/contrail/dpdk_mac + systemctl start supervisor-vrouter + if [[ `ifconfig ${phy_int} |grep "inet "` ]]; then + def_gw='' + if [[ `ip route show |grep default|grep ${phy_int}` ]]; then + def_gw=`ip route show |grep default|grep ${phy_int}|awk '{print $3}'` + fi + ip=`ifconfig ${phy_int} |grep "inet "|awk '{print $2}'` + mask=`ifconfig ${phy_int} |grep "inet "|awk '{print $4}'` + ip address delete $ip/$mask dev ${phy_int} + ip address add $ip/$mask dev vhost0 + if [[ $def_gw ]]; then + ip route add default via $def_gw + fi + fi diff --git a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml index 41d8f4f6..fe52ef7e 100644 --- a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml @@ -19,6 +19,13 @@ parameters: {{role}}HostCpusList: type: string default: "" + deployment_actions: + default: ['CREATE', 'UPDATE'] + type: comma_delimited_list + description: > + List of stack actions that will trigger any deployments in this + templates. The actions will be an empty list of the server is in the + toplevel DeploymentServerBlacklist parameter's value. parameter_group: - label: deprecated @@ -38,6 +45,10 @@ conditions: equals: - get_param: {{role}}TunedProfileName - "" + deployment_actions_empty: + equals: + - {get_param: deployment_actions} + - [] resources: @@ -62,7 +73,11 @@ resources: name: HostParametersDeployment server: {get_param: server} config: {get_resource: HostParametersConfig} - actions: ['CREATE'] # Only do this on CREATE + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE input_values: _KERNEL_ARGS_: {get_param: {{role}}KernelArgs} _TUNED_PROFILE_NAME_: {get_param: {{role}}TunedProfileName} @@ -88,7 +103,11 @@ resources: name: RebootDeployment server: {get_param: server} config: {get_resource: RebootConfig} - actions: ['CREATE'] # Only do this on CREATE + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE signal_transport: NO_SIGNAL outputs: diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml index 74e716ad..2f5fcdf7 100644 --- a/extraconfig/pre_network/host_config_and_reboot.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.yaml @@ -11,11 +11,123 @@ parameters: type: json description: Role Specific parameters default: {} + ServiceNames: + type: comma_delimited_list + default: [] + OvsEnableDpdk: + default: false + description: Whether or not to configure enable DPDK in OVS + type: boolean + OvsDpdkCoreList: + description: > + List of cores to be used for DPDK lcore threads. Note, these threads + are used by the OVS control path for validator and handling functions. + type: string + constraints: + - allowed_pattern: "[0-9,-]*" + default: "" + OvsDpdkMemoryChannels: + description: Number of memory channels per socket to be used for DPDK + type: string + constraints: + - allowed_pattern: "[0-9]*" + default: "" + OvsDpdkSocketMemory: + default: "" + description: > + Sets the amount of hugepage memory to assign per NUMA node. It is + recommended to use the socket closest to the PCIe slot used for the + desired DPDK NIC. The format should be in "<socket 0 mem>, <socket 1 + mem>, <socket n mem>", where the value is specified in MB. For example: + "1024,0". + type: string + OvsPmdCoreList: + description: > + A list or range of CPU cores for PMD threads to be pinned to. Note, NIC + location to cores on socket, number of hyper-threaded logical cores, and + desired number of PMD threads can all play a role in configuring this + setting. These cores should be on the same socket where + OvsDpdkSocketMemory is assigned. If using hyperthreading then specify + both logical cores that would equal the physical core. Also, specifying + more than one core will trigger multiple PMD threads to be spawned which + may improve dataplane performance. + constraints: + - allowed_pattern: "[0-9,-]*" + type: string + default: "" + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Queens cycle. + HostCpusList: + description: List of cores to be used for host process + type: string + constraints: + - allowed_pattern: "[0-9,-]+" + default: '0' + NeutronDpdkCoreList: + description: List of cores to be used for DPDK Poll Mode Driver + type: string + constraints: + - allowed_pattern: "[0-9,-]*" + default: '' + NeutronDpdkMemoryChannels: + description: Number of memory channels to be used for DPDK + type: string + constraints: + - allowed_pattern: "[0-9]*" + default: '' + NeutronDpdkSocketMemory: + default: '' + description: Memory allocated for each socket + type: string + deployment_actions: + default: ['CREATE', 'UPDATE'] + type: comma_delimited_list + description: > + List of stack actions that will trigger any deployments in this + templates. The actions will be an empty list of the server is in the + toplevel DeploymentServerBlacklist parameter's value. conditions: is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}} + is_dpdk_config_required: + or: + - yaql: + expression: $.data.service_names.contains('neutron_ovs_dpdk_agent') + data: + service_names: {get_param: ServiceNames} + - {equals: [{get_param: [RoleParameters, OvsEnableDpdk]}, true]} + is_reboot_config_required: + or: + - is_host_config_required + - is_dpdk_config_required + l_cores_empty: {equals: [{get_param: OvsDpdkCoreList}, '']} + pmd_cores_empty: {equals: [{get_param: OvsPmdCoreList}, '']} + mem_channels_empty: {equals: [{get_param: OvsDpdkMemoryChannels}, '']} + socket_mem_empty: {equals: [{get_param: OvsDpdkSocketMemory}, '']} + deployment_actions_empty: + equals: + - {get_param: deployment_actions} + - [] resources: + RoleParametersValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - map_replace: + - OvsDpdkCoreList: OvsDpdkCoreList + OvsDpdkMemoryChannels: OvsDpdkMemoryChannels + OvsDpdkSocketMemory: OvsDpdkSocketMemory + OvsPmdCoreList: OvsPmdCoreList + - values: {get_param: [RoleParameters]} + - values: + OvsDpdkCoreList: {if: [l_cores_empty, {get_param: HostCpusList}, {get_param: OvsDpdkCoreList}]} + OvsDpdkMemoryChannels: {if: [mem_channels_empty, {get_param: NeutronDpdkMemoryChannels}, {get_param: OvsDpdkMemoryChannels}]} + OvsDpdkSocketMemory: {if: [socket_mem_empty, {get_param: NeutronDpdkSocketMemory}, {get_param: OvsDpdkSocketMemory}]} + OvsPmdCoreList: {if: [pmd_cores_empty, {get_param: NeutronDpdkCoreList}, {get_param: OvsPmdCoreList}]} + HostParametersConfig: type: OS::Heat::SoftwareConfig condition: is_host_config_required @@ -37,15 +149,85 @@ resources: name: HostParametersDeployment server: {get_param: server} config: {get_resource: HostParametersConfig} - actions: ['CREATE'] # Only do this on CREATE + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE input_values: _KERNEL_ARGS_: {get_param: [RoleParameters, KernelArgs]} _TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]} - _TUNED_CORES_: {get_param: [RoleParameters, HostIsolatedCoreList]} + _TUNED_CORES_: {get_param: [RoleParameters, IsolCpusList]} + + EnableDpdkConfig: + type: OS::Heat::SoftwareConfig + condition: is_dpdk_config_required + properties: + group: script + config: + str_replace: + template: | + #!/bin/bash + set -x + + # OvS Permission issue temporary workaround + # https://bugzilla.redhat.com/show_bug.cgi?id=1459436 + # Actual solution from openvswitch - https://mail.openvswitch.org/pipermail/ovs-dev/2017-June/333423.html + ovs_service_path="/usr/lib/systemd/system/ovs-vswitchd.service" + + if grep -q 'RuntimeDirectoryMode' $ovs_service_path; then + sed -i 's/RuntimeDirectoryMode=.*/RuntimeDirectoryMode=0775/' $ovs_service_path + else + echo "RuntimeDirectoryMode=0775" >> $ovs_service_path + fi + + if ! grep -Fxq "Group=qemu" $ovs_service_path ; then + echo "Group=qemu" >> $ovs_service_path + fi + + if ! grep -Fxq "UMask=0002" $ovs_service_path ; then + echo "UMask=0002" >> $ovs_service_path + fi + + ovs_ctl_path='/usr/share/openvswitch/scripts/ovs-ctl' + if ! grep -q "umask 0002 \&\& start_daemon \"\$OVS_VSWITCHD_PRIORITY\"" $ovs_ctl_path ; then + sed -i 's/start_daemon \"\$OVS_VSWITCHD_PRIORITY\"/umask 0002 \&\& start_daemon \"$OVS_VSWITCHD_PRIORITY\"/' $ovs_ctl_path + fi + + + # DO NOT use --detailed-exitcodes + puppet apply --logdest console \ + --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules \ + -e ' + class {"vswitch::dpdk": + host_core_list => "$HOST_CORES", + pmd_core_list => "$PMD_CORES", + memory_channels => "$MEMORY_CHANNELS", + socket_mem => "$SOCKET_MEMORY", + } + ' + params: + $HOST_CORES: {get_attr: [RoleParametersValue, value, OvsDpdkCoreList]} + $PMD_CORES: {get_attr: [RoleParametersValue, value, OvsPmdCoreList]} + $MEMORY_CHANNELS: {get_attr: [RoleParametersValue, value, OvsDpdkMemoryChannels]} + $SOCKET_MEMORY: {get_attr: [RoleParametersValue, value, OvsDpdkSocketMemory]} + + EnableDpdkDeployment: + type: OS::Heat::SoftwareDeployment + condition: is_dpdk_config_required + properties: + name: EnableDpdkDeployment + server: {get_param: server} + config: {get_resource: EnableDpdkConfig} + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE RebootConfig: type: OS::Heat::SoftwareConfig - condition: is_host_config_required + condition: is_reboot_config_required properties: group: script config: | @@ -58,12 +240,16 @@ resources: RebootDeployment: type: OS::Heat::SoftwareDeployment depends_on: HostParametersDeployment - condition: is_host_config_required + condition: is_reboot_config_required properties: name: RebootDeployment server: {get_param: server} config: {get_resource: RebootConfig} - actions: ['CREATE'] # Only do this on CREATE + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE signal_transport: NO_SIGNAL outputs: diff --git a/extraconfig/tasks/pacemaker_common_functions.sh b/extraconfig/tasks/pacemaker_common_functions.sh index d1dd5d1d..367f50d7 100755 --- a/extraconfig/tasks/pacemaker_common_functions.sh +++ b/extraconfig/tasks/pacemaker_common_functions.sh @@ -371,3 +371,15 @@ function fixup_wrong_ipv6_vip { fi ) } + +# https://bugs.launchpad.net/tripleo/+bug/1704131 guard against yum update +# waiting for an existing process until the heat stack time out +function check_for_yum_lock { + if [[ -f /var/run/yum.pid ]] ; then + ERR="ERROR existing yum.pid detected - can't continue! Please ensure +there is no other package update process for the duration of the minor update +worfklow. Exiting." + echo $ERR + exit 1 + fi +} diff --git a/extraconfig/tasks/post_puppet_pacemaker.j2.yaml b/extraconfig/tasks/post_puppet_pacemaker.j2.yaml index 6bf5afb0..4d34aedf 100644 --- a/extraconfig/tasks/post_puppet_pacemaker.j2.yaml +++ b/extraconfig/tasks/post_puppet_pacemaker.j2.yaml @@ -27,6 +27,7 @@ resources: {{role.name}}PostPuppetMaintenanceModeDeployment: type: OS::Heat::SoftwareDeployments properties: + name: {{role.name}}PostPuppetMaintenanceModeDeployment servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}PostPuppetMaintenanceModeConfig} input_values: {get_param: input_values} diff --git a/extraconfig/tasks/post_puppet_pacemaker_restart.yaml b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml index 203ca1f8..102be8a8 100644 --- a/extraconfig/tasks/post_puppet_pacemaker_restart.yaml +++ b/extraconfig/tasks/post_puppet_pacemaker_restart.yaml @@ -23,6 +23,7 @@ resources: ControllerPostPuppetRestartDeployment: type: OS::Heat::SoftwareDeployments properties: + name: ControllerPostPuppetRestartDeployment servers: {get_param: servers} config: {get_resource: ControllerPostPuppetRestartConfig} input_values: {get_param: input_values} diff --git a/extraconfig/tasks/ssh/host_public_key.yaml b/extraconfig/tasks/ssh/host_public_key.yaml index e4ba0cc4..ee06f0a9 100644 --- a/extraconfig/tasks/ssh/host_public_key.yaml +++ b/extraconfig/tasks/ssh/host_public_key.yaml @@ -7,6 +7,13 @@ parameters: server: description: ID of the node to apply this config to type: string + deployment_actions: + default: ['CREATE', 'UPDATE'] + type: comma_delimited_list + description: > + List of stack actions that will trigger any deployments in this + templates. The actions will be an empty list of the server is in the + toplevel DeploymentServerBlacklist parameter's value. resources: SshHostPubKeyConfig: @@ -28,6 +35,8 @@ resources: properties: config: {get_resource: SshHostPubKeyConfig} server: {get_param: server} + actions: {get_param: deployment_actions} + name: SshHostPubKeyDeployment outputs: diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh index 0c4a7928..a2a04e8e 100755 --- a/extraconfig/tasks/yum_update.sh +++ b/extraconfig/tasks/yum_update.sh @@ -64,6 +64,9 @@ fi command_arguments=${command_arguments:-} +# Always ensure yum has full cache +yum makecache || echo "Yum makecache failed. This can cause failure later on." + # yum check-update exits 100 if updates are available set +e check_update=$(yum check-update 2>&1) @@ -93,6 +96,7 @@ if [[ "$pacemaker_status" == "active" ]] ; then fi else echo "Upgrading openstack-puppet-modules and its dependencies" + check_for_yum_lock yum -q -y update openstack-puppet-modules yum deplist openstack-puppet-modules | awk '/dependency/{print $2}' | xargs yum -q -y update echo "Upgrading other packages is handled by config management tooling" @@ -102,8 +106,9 @@ fi command=${command:-update} full_command="yum -q -y $command $command_arguments" -echo "Running: $full_command" +echo "Running: $full_command" +check_for_yum_lock result=$($full_command) return_code=$? echo "$result" diff --git a/firstboot/install_vrouter_kmod.yaml b/firstboot/install_vrouter_kmod.yaml deleted file mode 100644 index 65e93fe3..00000000 --- a/firstboot/install_vrouter_kmod.yaml +++ /dev/null @@ -1,105 +0,0 @@ -heat_template_version: pike - -parameters: - ContrailRepo: - type: string - default: http://192.168.24.1/contrail - VrouterPhysicalInterface: - default: 'eth0' - description: vRouter physical interface - type: string - -description: > - Prepares vhost0 interface to be used by os-net-config - -resources: - userdata: - type: OS::Heat::MultipartMime - properties: - parts: - - config: {get_resource: vrouter_module_config} - - vrouter_module_config: - type: OS::Heat::SoftwareConfig - properties: - config: - str_replace: - template: | - #!/bin/bash - sed -i '/\[main\]/a \ \ \ \ \parser = future' /etc/puppet/puppet.conf - cat <<EOF > /etc/yum.repos.d/contrail.repo - [Contrail] - name=Contrail Repo - baseurl=$contrail_repo - enabled=1 - gpgcheck=0 - protect=1 - EOF - if [[ `hostname |awk -F"-" '{print $2}'` == "novacompute" || `hostname |awk -F"-" '{print $2}'` == "contrailtsn" ]]; then - yum install -y contrail-vrouter-utils - function pkt_setup () { - for f in /sys/class/net/$1/queues/rx-* - do - q="$(echo $f | cut -d '-' -f2)" - r=$(($q%32)) - s=$(($q/32)) - ((mask=1<<$r)) - str=(`printf "%x" $mask`) - if [ $s -gt 0 ]; then - for ((i=0; i < $s; i++)) - do - str+=,00000000 - done - fi - echo $str > $f/rps_cpus - done - ifconfig $1 up - } - function insert_vrouter() { - insmod /tmp/vrouter.ko - if [ -f /sys/class/net/pkt1/queues/rx-0/rps_cpus ]; then - pkt_setup pkt1 - fi - if [ -f /sys/class/net/pkt2/queues/rx-0/rps_cpus ]; then - pkt_setup pkt2 - fi - if [ -f /sys/class/net/pkt3/queues/rx-0/rps_cpus ]; then - pkt_setup pkt3 - fi - DEV_MAC=$(cat /sys/class/net/$phy_int/address) - vif --create vhost0 --mac $DEV_MAC - vif --add $phy_int --mac $DEV_MAC --vrf 0 --vhost-phys --type physical - vif --add vhost0 --mac $DEV_MAC --vrf 0 --type vhost --xconnect $phy_int - ip link set vhost0 up - return 0 - } - yumdownloader contrail-vrouter --destdir /tmp - cd /tmp - rpm2cpio /tmp/contrail-vrouter*.rpm | cpio -idmv - cp `find /tmp/lib/modules -name vrouter.ko |tail -1` /tmp - insert_vrouter - if [[ `ifconfig $dev |grep "inet "` ]]; then - def_gw='' - if [[ `ip route show |grep default|grep $dev` ]]; then - def_gw=`ip route show |grep default|grep $dev|awk '{print $3}'` - fi - ip=`ifconfig $dev |grep "inet "|awk '{print $2}'` - mask=`ifconfig $dev |grep "inet "|awk '{print $4}'` - ip address delete $ip/$mask dev $dev - ip address add $ip/$mask dev vhost0 - if [[ $def_gw ]]; then - ip route add default via $def_gw - fi - fi - fi - params: - $phy_int: {get_param: VrouterPhysicalInterface} - $contrail_repo: {get_param: ContrailRepo} - -outputs: - # This means get_resource from the parent template will get the userdata, see: - # http://docs.openstack.org/developer/heat/template_guide/composition.html#making-your-template-resource-more-transparent - # Note this is new-for-kilo, an alternative is returning a value then using - # get_attr in the parent template instead. - OS::stack_id: - value: {get_resource: userdata} diff --git a/network/config/bond-with-vlans/compute.yaml b/network/config/bond-with-vlans/compute.yaml index 8fff1378..882402af 100644 --- a/network/config/bond-with-vlans/compute.yaml +++ b/network/config/bond-with-vlans/compute.yaml @@ -143,6 +143,12 @@ resources: addresses: - ip_netmask: get_param: StorageIpSubnet + # Uncomment when including environments/hyperconverged-ceph.yaml + #- type: vlan + # device: bond1 + # vlan_id: {get_param: StorageMgmtNetworkVlanID} + # addresses: + # - ip_netmask: {get_param: StorageMgmtIpSubnet} - type: vlan device: bond1 vlan_id: @@ -153,16 +159,13 @@ resources: # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. - #- - # type: vlan + #- type: vlan # device: bond1 # vlan_id: {get_param: ManagementNetworkVlanID} # addresses: - # - - # ip_netmask: {get_param: ManagementIpSubnet} + # - ip_netmask: {get_param: ManagementIpSubnet} # routes: - # - - # default: true + # - default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/bond-with-vlans/networker.yaml b/network/config/bond-with-vlans/networker.yaml new file mode 100644 index 00000000..aa6e9da6 --- /dev/null +++ b/network/config/bond-with-vlans/networker.yaml @@ -0,0 +1,174 @@ +heat_template_version: pike +description: > + Software Config to drive os-net-config with 2 bonded nics on a bridge with VLANs attached for a dedicated Neutron networker role. +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + BondInterfaceOvsOptions: + default: bond_mode=active-backup + description: The ovs_options string for the bond interface. Set things like lacp=active and/or bond_mode=balance-slb using + this option. + type: string + constraints: + - allowed_pattern: ^((?!balance.tcp).)*$ + description: 'The balance-tcp bond mode is known to cause packet loss and + should not be used in BondInterfaceOvsOptions. + ' + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + ExternalInterfaceDefaultRoute: + default: 10.0.0.1 + description: default route for the external network + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string +resources: + OsNetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + addresses: + - ip_netmask: + list_join: + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + members: + - type: ovs_bond + name: bond1 + ovs_options: + get_param: BondInterfaceOvsOptions + members: + - type: interface + name: nic2 + primary: true + - type: interface + name: nic3 + - type: vlan + device: bond1 + vlan_id: + get_param: ExternalNetworkVlanID + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + routes: + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan + device: bond1 + vlan_id: + get_param: InternalApiNetworkVlanID + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + device: bond1 + vlan_id: + get_param: TenantNetworkVlanID + addresses: + - ip_netmask: + get_param: TenantIpSubnet + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. + #- + # type: vlan + # device: bond1 + # vlan_id: {get_param: ManagementNetworkVlanID} + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: + get_resource: OsNetConfigImpl + diff --git a/environments/contrail/contrail-nic-config-compute.yaml b/network/config/contrail/contrail-nic-config-compute.yaml index a5f0ecab..a5f0ecab 100644 --- a/environments/contrail/contrail-nic-config-compute.yaml +++ b/network/config/contrail/contrail-nic-config-compute.yaml diff --git a/network/config/contrail/contrail-nic-config.yaml b/network/config/contrail/contrail-nic-config.yaml new file mode 100644 index 00000000..595f34d1 --- /dev/null +++ b/network/config/contrail/contrail-nic-config.yaml @@ -0,0 +1,164 @@ +heat_template_version: pike + +description: > + Software Config to drive os-net-config to configure multiple interfaces + for the compute role. This is an example for a Nova compute node using + Contrail vrouter and the vhost0 interface. + +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + InternalApiDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the internal api network. + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + ExternalInterfaceDefaultRoute: # Not used by default in this template + default: '10.0.0.1' + description: The default route of the external network. + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string + +resources: + OsNetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: + list_join: + - '/' + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - type: interface + name: nic2 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + routes: + - default: true + next_hop: + get_param: InternalApiDefaultRoute + - type: linux_bridge + name: br0 + use_dhcp: false + members: + - type: interface + name: nic3 + - type: vlan + vlan_id: + get_param: ManagementNetworkVlanID + device: br0 + addresses: + - ip_netmask: + get_param: ManagementIpSubnet + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID + device: br0 + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + - type: vlan + vlan_id: + get_param: StorageNetworkVlanID + device: br0 + addresses: + - ip_netmask: + get_param: StorageIpSubnet + - type: vlan + vlan_id: + get_param: StorageMgmtNetworkVlanID + device: br0 + addresses: + - ip_netmask: + get_param: StorageMgmtIpSubnet + +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: + get_resource: OsNetConfigImpl diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml index 5549368e..d1dc06a3 100644 --- a/network/config/multiple-nics/compute.yaml +++ b/network/config/multiple-nics/compute.yaml @@ -112,6 +112,12 @@ resources: addresses: - ip_netmask: get_param: StorageIpSubnet + # Uncomment when including environments/hyperconverged-ceph.yaml + #- type: interface + # name: nic3 + # use_dhcp: false + # addresses: + # - ip_netmask: {get_param: StorageMgmtIpSubnet} - type: interface name: nic4 use_dhcp: false @@ -132,16 +138,13 @@ resources: # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. - #- - # type: interface + #- type: interface # name: nic7 # use_dhcp: false # addresses: - # - - # ip_netmask: {get_param: ManagementIpSubnet} + # - ip_netmask: {get_param: ManagementIpSubnet} # routes: - # - - # default: true + # - default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/multiple-nics/networker.yaml b/network/config/multiple-nics/networker.yaml new file mode 100644 index 00000000..b251fb9c --- /dev/null +++ b/network/config/multiple-nics/networker.yaml @@ -0,0 +1,159 @@ +heat_template_version: pike +description: > + Software Config to drive os-net-config to configure multiple interfaces for a dedicated Neutron networker role. +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + ExternalInterfaceDefaultRoute: + default: 10.0.0.1 + description: default route for the external network + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string +resources: + OsNetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: interface + name: nic1 + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: + list_join: + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: ovs_bridge + name: br-tenant + use_dhcp: false + addresses: + - ip_netmask: + get_param: TenantIpSubnet + members: + - type: interface + name: nic5 + use_dhcp: false + primary: true + - type: ovs_bridge + name: bridge_name + dns_servers: + get_param: DnsServers + use_dhcp: false + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + routes: + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + members: + - type: interface + name: nic6 + primary: true + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. + #- + # type: interface + # name: nic7 + # use_dhcp: false + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-linux-bridge-vlans/compute.yaml b/network/config/single-nic-linux-bridge-vlans/compute.yaml index e36afd33..a637ef00 100644 --- a/network/config/single-nic-linux-bridge-vlans/compute.yaml +++ b/network/config/single-nic-linux-bridge-vlans/compute.yaml @@ -125,6 +125,12 @@ resources: addresses: - ip_netmask: get_param: StorageIpSubnet + # Uncomment when including environments/hyperconverged-ceph.yaml + #- type: vlan + # vlan_id: {get_param: StorageMgmtNetworkVlanID} + # device: bridge_name + # addresses: + # - ip_netmask: {get_param: StorageMgmtIpSubnet} - type: vlan vlan_id: get_param: TenantNetworkVlanID @@ -135,16 +141,13 @@ resources: # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. - #- - # type: vlan + #- type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} # device: bridge_name # addresses: - # - - # ip_netmask: {get_param: ManagementIpSubnet} + # - ip_netmask: {get_param: ManagementIpSubnet} # routes: - # - - # default: true + # - default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-linux-bridge-vlans/networker.yaml b/network/config/single-nic-linux-bridge-vlans/networker.yaml new file mode 100644 index 00000000..b1733dec --- /dev/null +++ b/network/config/single-nic-linux-bridge-vlans/networker.yaml @@ -0,0 +1,160 @@ +heat_template_version: pike +description: > + Software Config to drive os-net-config to configure VLANs for a dedicated Neutron networker role. +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + ExternalInterfaceDefaultRoute: + default: 10.0.0.1 + description: default route for the external network + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string +resources: + OsNetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: linux_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: + list_join: + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + - default: true + next_hop: + get_param: ControlPlaneDefaultRoute + members: + - type: interface + # NOTE: "interface_name" will be replaced by the value of NeutronPublicInterface, + # default is "nic1". Set this value via parameter_defaults in an environment file. + name: interface_name + primary: true + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + routes: + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID + device: bridge_name + addresses: + - ip_netmask: + get_param: TenantIpSubnet + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. + #- + # type: vlan + # vlan_id: {get_param: ManagementNetworkVlanID} + # device: bridge_name + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: + get_resource: OsNetConfigImpl + diff --git a/network/config/single-nic-vlans/compute.yaml b/network/config/single-nic-vlans/compute.yaml index 2201b0b9..d2559d2c 100644 --- a/network/config/single-nic-vlans/compute.yaml +++ b/network/config/single-nic-vlans/compute.yaml @@ -38,6 +38,10 @@ parameters: default: 30 description: Vlan ID for the storage network traffic. type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number TenantNetworkVlanID: default: 50 description: Vlan ID for the tenant network traffic. @@ -115,6 +119,11 @@ resources: addresses: - ip_netmask: get_param: StorageIpSubnet + # Uncomment when including environments/hyperconverged-ceph.yaml + #- type: vlan + # vlan_id: {get_param: StorageMgmtNetworkVlanID} + # addresses: + # - ip_netmask: {get_param: StorageMgmtIpSubnet} - type: vlan vlan_id: get_param: TenantNetworkVlanID @@ -124,15 +133,12 @@ resources: # Uncomment when including environments/network-management.yaml # If setting default route on the Management interface, comment # out the default route on the Control Plane. - #- - # type: vlan + #- type: vlan # vlan_id: {get_param: ManagementNetworkVlanID} # addresses: - # - - # ip_netmask: {get_param: ManagementIpSubnet} + # - ip_netmask: {get_param: ManagementIpSubnet} # routes: - # - - # default: true + # - default: true # next_hop: {get_param: ManagementInterfaceDefaultRoute} outputs: OS::stack_id: diff --git a/network/config/single-nic-vlans/networker.yaml b/network/config/single-nic-vlans/networker.yaml new file mode 100644 index 00000000..54a17e46 --- /dev/null +++ b/network/config/single-nic-vlans/networker.yaml @@ -0,0 +1,152 @@ +heat_template_version: pike +description: > + Software Config to drive os-net-config to configure VLANs for a dedicated Neutron networker role. +parameters: + ControlPlaneIp: + default: '' + description: IP address/subnet on the ctlplane network + type: string + ExternalIpSubnet: + default: '' + description: IP address/subnet on the external network + type: string + InternalApiIpSubnet: + default: '' + description: IP address/subnet on the internal API network + type: string + StorageIpSubnet: + default: '' + description: IP address/subnet on the storage network + type: string + StorageMgmtIpSubnet: + default: '' + description: IP address/subnet on the storage mgmt network + type: string + TenantIpSubnet: + default: '' + description: IP address/subnet on the tenant network + type: string + ManagementIpSubnet: # Only populated when including environments/network-management.yaml + default: '' + description: IP address/subnet on the management network + type: string + ExternalNetworkVlanID: + default: 10 + description: Vlan ID for the external network traffic. + type: number + InternalApiNetworkVlanID: + default: 20 + description: Vlan ID for the internal_api network traffic. + type: number + StorageNetworkVlanID: + default: 30 + description: Vlan ID for the storage network traffic. + type: number + StorageMgmtNetworkVlanID: + default: 40 + description: Vlan ID for the storage mgmt network traffic. + type: number + TenantNetworkVlanID: + default: 50 + description: Vlan ID for the tenant network traffic. + type: number + ManagementNetworkVlanID: + default: 60 + description: Vlan ID for the management network traffic. + type: number + ControlPlaneDefaultRoute: # Override this via parameter_defaults + description: The default route of the control plane network. + type: string + ExternalInterfaceDefaultRoute: + default: 10.0.0.1 + description: default route for the external network + type: string + ManagementInterfaceDefaultRoute: # Commented out by default in this template + default: unset + description: The default route of the management network. + type: string + ControlPlaneSubnetCidr: # Override this via parameter_defaults + default: '24' + description: The subnet CIDR of the control plane network. + type: string + DnsServers: # Override this via parameter_defaults + default: [] + description: A list of DNS servers (2 max for some implementations) that will be added to resolv.conf. + type: comma_delimited_list + EC2MetadataIp: # Override this via parameter_defaults + description: The IP address of the EC2 metadata server. + type: string +resources: + OsNetConfigImpl: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: + str_replace: + template: + get_file: ../../scripts/run-os-net-config.sh + params: + $network_config: + network_config: + - type: ovs_bridge + name: bridge_name + use_dhcp: false + dns_servers: + get_param: DnsServers + addresses: + - ip_netmask: + list_join: + - / + - - get_param: ControlPlaneIp + - get_param: ControlPlaneSubnetCidr + routes: + - ip_netmask: 169.254.169.254/32 + next_hop: + get_param: EC2MetadataIp + members: + - type: interface + name: nic1 + # force the MAC address of the bridge to this interface + primary: true + - type: vlan + vlan_id: + get_param: ExternalNetworkVlanID + addresses: + - ip_netmask: + get_param: ExternalIpSubnet + routes: + - default: true + next_hop: + get_param: ExternalInterfaceDefaultRoute + - type: vlan + vlan_id: + get_param: InternalApiNetworkVlanID + addresses: + - ip_netmask: + get_param: InternalApiIpSubnet + - type: vlan + vlan_id: + get_param: TenantNetworkVlanID + addresses: + - ip_netmask: + get_param: TenantIpSubnet + # Uncomment when including environments/network-management.yaml + # If setting default route on the Management interface, comment + # out the default route on the External interface. This will + # make the External API unreachable from remote subnets. + #- + # type: vlan + # vlan_id: {get_param: ManagementNetworkVlanID} + # addresses: + # - + # ip_netmask: {get_param: ManagementIpSubnet} + # routes: + # - + # default: true + # next_hop: {get_param: ManagementInterfaceDefaultRoute} +outputs: + OS::stack_id: + description: The OsNetConfigImpl resource. + value: + get_resource: OsNetConfigImpl + diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index ece40085..bed9c700 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -28,87 +28,6 @@ Ceilometer: net_param: CeilometerApi port: 8777 -ContrailConfig: - Internal: - net_param: ContrailConfig - Public: - net_param: Public - Admin: - net_param: ContrailConfig - port: 8082 - -ContrailDiscovery: - Internal: - net_param: ContrailConfig - Public: - net_param: Public - Admin: - net_param: ContrailConfig - port: 5998 - -ContrailAnalyticsCollectorHttp: - Internal: - net_param: ContrailAnalytics - Public: - net_param: Public - Admin: - net_param: ContrailAnalytics - port: 8089 - -ContrailAnalyticsApi: - Internal: - net_param: ContrailAnalytics - Public: - net_param: Public - Admin: - net_param: ContrailAnalytics - port: 8081 - -ContrailAnalyticsHttp: - Internal: - net_param: ContrailAnalytics - Public: - net_param: Public - Admin: - net_param: ContrailAnalytics - port: 8090 - -ContrailAnalyticsCollectorSandesh: - Internal: - net_param: ContrailAnalytics - Public: - net_param: Public - Admin: - net_param: ContrailAnalytics - port: 8086 - -ContrailAnalyticsRedis: - Internal: - net_param: ContrailAnalytics - Public: - net_param: Public - Admin: - net_param: ContrailAnalytics - port: 6379 - -ContrailWebuiHttp: - Internal: - net_param: ContrailConfig - Public: - net_param: Public - Admin: - net_param: ContrailConfig - port: 8080 - -ContrailWebuiHttps: - Internal: - net_param: ContrailConfig - Public: - net_param: Public - Admin: - net_param: ContrailConfig - port: 8143 - Ec2Api: Internal: net_param: Ec2Api diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index 42d1fbd0..1ba7b6fa 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -37,39 +37,6 @@ parameters: CongressAdmin: {protocol: http, port: '1789', host: IP_ADDRESS} CongressInternal: {protocol: http, port: '1789', host: IP_ADDRESS} CongressPublic: {protocol: http, port: '1789', host: IP_ADDRESS} - ContrailAnalyticsApiAdmin: {protocol: http, port: '8081', host: IP_ADDRESS} - ContrailAnalyticsApiInternal: {protocol: http, port: '8081', host: IP_ADDRESS} - ContrailAnalyticsApiPublic: {protocol: http, port: '8081', host: IP_ADDRESS} - ContrailAnalyticsCollectorHttpAdmin: {protocol: http, port: '8089', - host: IP_ADDRESS} - ContrailAnalyticsCollectorHttpInternal: {protocol: http, port: '8089', - host: IP_ADDRESS} - ContrailAnalyticsCollectorHttpPublic: {protocol: http, port: '8089', - host: IP_ADDRESS} - ContrailAnalyticsCollectorSandeshAdmin: {protocol: http, port: '8086', - host: IP_ADDRESS} - ContrailAnalyticsCollectorSandeshInternal: {protocol: http, port: '8086', - host: IP_ADDRESS} - ContrailAnalyticsCollectorSandeshPublic: {protocol: http, port: '8086', - host: IP_ADDRESS} - ContrailAnalyticsHttpAdmin: {protocol: http, port: '8090', host: IP_ADDRESS} - ContrailAnalyticsHttpInternal: {protocol: http, port: '8090', host: IP_ADDRESS} - ContrailAnalyticsHttpPublic: {protocol: http, port: '8090', host: IP_ADDRESS} - ContrailAnalyticsRedisAdmin: {protocol: http, port: '6379', host: IP_ADDRESS} - ContrailAnalyticsRedisInternal: {protocol: http, port: '6379', host: IP_ADDRESS} - ContrailAnalyticsRedisPublic: {protocol: http, port: '6379', host: IP_ADDRESS} - ContrailConfigAdmin: {protocol: http, port: '8082', host: IP_ADDRESS} - ContrailConfigInternal: {protocol: http, port: '8082', host: IP_ADDRESS} - ContrailConfigPublic: {protocol: http, port: '8082', host: IP_ADDRESS} - ContrailDiscoveryAdmin: {protocol: http, port: '5998', host: IP_ADDRESS} - ContrailDiscoveryInternal: {protocol: http, port: '5998', host: IP_ADDRESS} - ContrailDiscoveryPublic: {protocol: http, port: '5998', host: IP_ADDRESS} - ContrailWebuiHttpAdmin: {protocol: http, port: '8080', host: IP_ADDRESS} - ContrailWebuiHttpInternal: {protocol: http, port: '8080', host: IP_ADDRESS} - ContrailWebuiHttpPublic: {protocol: http, port: '8080', host: IP_ADDRESS} - ContrailWebuiHttpsAdmin: {protocol: http, port: '8143', host: IP_ADDRESS} - ContrailWebuiHttpsInternal: {protocol: http, port: '8143', host: IP_ADDRESS} - ContrailWebuiHttpsPublic: {protocol: http, port: '8143', host: IP_ADDRESS} Ec2ApiAdmin: {protocol: http, port: '8788', host: IP_ADDRESS} Ec2ApiInternal: {protocol: http, port: '8788', host: IP_ADDRESS} Ec2ApiPublic: {protocol: http, port: '8788', host: IP_ADDRESS} @@ -2101,2289 +2068,6 @@ outputs: template: NETWORK_uri - ':' - get_param: [EndpointMap, CongressPublic, port] - ContrailAnalyticsApiAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsApiAdmin, port] - ContrailAnalyticsApiInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsApiInternal, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsApiInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsApiInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsApiInternal, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsApiInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsApiInternal, port] - ContrailAnalyticsApiPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsApiPublic, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsApiPublic, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsApiPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsApiPublic, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsApiPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsApiPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsApiPublic, port] - ContrailAnalyticsCollectorHttpAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpAdmin, - port] - ContrailAnalyticsCollectorHttpInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, - port] - ContrailAnalyticsCollectorHttpPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorHttpPublic, - port] - ContrailAnalyticsCollectorSandeshAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshAdmin, - port] - ContrailAnalyticsCollectorSandeshInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, - port] - ContrailAnalyticsCollectorSandeshPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshPublic, - port] - ContrailAnalyticsHttpAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsHttpAdmin, port] - ContrailAnalyticsHttpInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, - port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsHttpInternal, - port] - ContrailAnalyticsHttpPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsHttpPublic, port] - ContrailAnalyticsRedisAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsRedisAdmin, port] - ContrailAnalyticsRedisInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, - port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, - protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailAnalyticsNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsRedisInternal, - port] - ContrailAnalyticsRedisPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, port] - protocol: - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailAnalyticsRedisPublic, port] - ContrailConfigAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailConfigAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailConfigAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailConfigNetwork] - port: - get_param: [EndpointMap, ContrailConfigAdmin, port] - protocol: - get_param: [EndpointMap, ContrailConfigAdmin, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailConfigAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailConfigAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailConfigAdmin, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailConfigAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailConfigAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailConfigAdmin, port] - ContrailConfigInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailConfigInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailConfigInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailConfigNetwork] - port: - get_param: [EndpointMap, ContrailConfigInternal, port] - protocol: - get_param: [EndpointMap, ContrailConfigInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailConfigInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailConfigInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailConfigInternal, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailConfigInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailConfigInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailConfigInternal, port] - ContrailConfigPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailConfigPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailConfigPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailConfigPublic, port] - protocol: - get_param: [EndpointMap, ContrailConfigPublic, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailConfigPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailConfigPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailConfigPublic, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailConfigPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailConfigPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailConfigPublic, port] - ContrailDiscoveryAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailConfigNetwork] - port: - get_param: [EndpointMap, ContrailDiscoveryAdmin, port] - protocol: - get_param: [EndpointMap, ContrailDiscoveryAdmin, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailDiscoveryAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailDiscoveryAdmin, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailDiscoveryAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailDiscoveryAdmin, port] - ContrailDiscoveryInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailConfigNetwork] - port: - get_param: [EndpointMap, ContrailDiscoveryInternal, port] - protocol: - get_param: [EndpointMap, ContrailDiscoveryInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailDiscoveryInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailDiscoveryInternal, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailDiscoveryInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailDiscoveryInternal, port] - ContrailDiscoveryPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailDiscoveryPublic, port] - protocol: - get_param: [EndpointMap, ContrailDiscoveryPublic, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailDiscoveryPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailDiscoveryPublic, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailDiscoveryPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailDiscoveryPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailDiscoveryPublic, port] - ContrailWebuiHttpAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailConfigNetwork] - port: - get_param: [EndpointMap, ContrailWebuiHttpAdmin, port] - protocol: - get_param: [EndpointMap, ContrailWebuiHttpAdmin, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpAdmin, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpAdmin, port] - ContrailWebuiHttpInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailConfigNetwork] - port: - get_param: [EndpointMap, ContrailWebuiHttpInternal, port] - protocol: - get_param: [EndpointMap, ContrailWebuiHttpInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpInternal, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpInternal, port] - ContrailWebuiHttpPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailWebuiHttpPublic, port] - protocol: - get_param: [EndpointMap, ContrailWebuiHttpPublic, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpPublic, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpPublic, port] - ContrailWebuiHttpsAdmin: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailConfigNetwork] - port: - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, port] - protocol: - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpsAdmin, port] - ContrailWebuiHttpsInternal: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsInternal, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, ContrailConfigNetwork] - port: - get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] - protocol: - get_param: [EndpointMap, ContrailWebuiHttpsInternal, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpsInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpsInternal, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsInternal, - host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, ContrailConfigNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, ContrailConfigNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] - ContrailWebuiHttpsPublic: - host: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - host_nobrackets: - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - get_param: [ServiceNetMap, PublicNetwork] - port: - get_param: [EndpointMap, ContrailWebuiHttpsPublic, port] - protocol: - get_param: [EndpointMap, ContrailWebuiHttpsPublic, protocol] - uri: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpsPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpsPublic, port] - uri_no_suffix: - list_join: - - '' - - - get_param: [EndpointMap, ContrailWebuiHttpsPublic, protocol] - - :// - - str_replace: - template: - get_param: [EndpointMap, ContrailWebuiHttpsPublic, host] - params: - CLOUDNAME: - get_param: - - CloudEndpoints - - get_param: [ServiceNetMap, PublicNetwork] - IP_ADDRESS: - get_param: - - NetIpMap - - str_replace: - params: - NETWORK: - get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri - - ':' - - get_param: [EndpointMap, ContrailWebuiHttpsPublic, port] Ec2ApiAdmin: host: str_replace: diff --git a/network/external.yaml b/network/external.yaml index 277c7614..8dbe3e20 100644 --- a/network/external.yaml +++ b/network/external.yaml @@ -15,7 +15,7 @@ parameters: type: json ExternalNetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean ExternalNetEnableDHCP: default: false @@ -65,3 +65,5 @@ outputs: OS::stack_id: description: Neutron external network value: {get_resource: ExternalNetwork} + subnet_cidr: + value: {get_attr: ExternalSubnet, cidr} diff --git a/network/external_v6.yaml b/network/external_v6.yaml index e577c1ca..3266932a 100644 --- a/network/external_v6.yaml +++ b/network/external_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json ExternalNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean ExternalNetShared: default: false @@ -72,3 +72,5 @@ outputs: OS::stack_id: description: Neutron external network value: {get_resource: ExternalNetwork} + subnet_cidr: + value: {get_attr: ExternalSubnet, cidr} diff --git a/network/internal_api.yaml b/network/internal_api.yaml index 563e6d41..7ff0dafd 100644 --- a/network/internal_api.yaml +++ b/network/internal_api.yaml @@ -15,7 +15,7 @@ parameters: type: json InternalApiNetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean InternalApiNetEnableDHCP: default: false @@ -61,3 +61,5 @@ outputs: OS::stack_id: description: Neutron internal network value: {get_resource: InternalApiNetwork} + subnet_cidr: + value: {get_attr: InternalApiSubnet, cidr} diff --git a/network/internal_api_v6.yaml b/network/internal_api_v6.yaml index 05a740b3..0688f138 100644 --- a/network/internal_api_v6.yaml +++ b/network/internal_api_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json InternalApiNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean InternalApiNetShared: default: false @@ -68,3 +68,5 @@ outputs: OS::stack_id: description: Neutron internal network value: {get_resource: InternalApiNetwork} + subnet_cidr: + value: {get_attr: InternalApiSubnet, cidr} diff --git a/network/management.yaml b/network/management.yaml index 41ede5cd..f54794c3 100644 --- a/network/management.yaml +++ b/network/management.yaml @@ -66,4 +66,5 @@ outputs: OS::stack_id: description: Neutron management network value: {get_resource: ManagementNetwork} - + subnet_cidr: + value: {get_attr: ManagementSubnet, cidr} diff --git a/network/management_v6.yaml b/network/management_v6.yaml index a44d34d3..bf715513 100644 --- a/network/management_v6.yaml +++ b/network/management_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json ManagementNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean ManagementNetShared: default: false @@ -67,3 +67,5 @@ outputs: OS::stack_id: description: Neutron management network value: {get_resource: ManagementNetwork} + subnet_cidr: + value: {get_attr: ManagementSubnet, cidr} diff --git a/network/networks.j2.yaml b/network/networks.j2.yaml index f19e2c09..5aec597a 100644 --- a/network/networks.j2.yaml +++ b/network/networks.j2.yaml @@ -15,3 +15,23 @@ resources: NetworkExtraConfig: type: OS::TripleO::Network::ExtraConfig + + +outputs: + net_cidr_map: + value: + # NOTE(gfidente): we need to replace the null value with a + # string to work around https://bugs.launchpad.net/heat/+bug/1700025 + {%- for network in networks %} + {%- if network.name != 'InternalApi' %} + {{network.name_lower}}: + yaql: + data: {get_attr: [{{network.name}}Network, subnet_cidr]} + expression: str($.data).replace('null', 'disabled') + {%- else %} + {{network.name_lower}}: + yaql: + data: {get_attr: [InternalNetwork, subnet_cidr]} + expression: str($.data).replace('null', 'disabled') + {%- endif %} + {%- endfor %} diff --git a/network/ports/ctlplane_vip.yaml b/network/ports/ctlplane_vip.yaml index 386520cf..bb54ca62 100644 --- a/network/ports/ctlplane_vip.yaml +++ b/network/ports/ctlplane_vip.yaml @@ -34,7 +34,7 @@ parameters: resources: VipPort: - type: OS::Neutron::Port + type: OS::TripleO::Network::Ports::ControlPlaneVipPort properties: network: {get_param: ControlPlaneNetwork} name: {get_param: PortName} diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.yaml index c3734afe..a9111ed9 100644 --- a/network/ports/net_ip_list_map.yaml +++ b/network/ports/net_ip_list_map.yaml @@ -133,6 +133,20 @@ outputs: SERVICE: {get_attr: [EnabledServicesValue, value]} - values: {get_param: ServiceNetMap} - values: {get_attr: [NetIpMapValue, value]} + ctlplane_service_ips: + description: > + Map of enabled services to a list of their ctlplane IP addresses + value: + yaql: + expression: dict($.data.map.items().where(len($[1]) > 0)) + data: + map: + map_merge: + repeat: + template: + SERVICE_ctlplane_node_ips: {get_param: ControlPlaneIpList} + for_each: + SERVICE: {get_attr: [EnabledServicesValue, value]} service_hostnames: description: > Map of enabled services to a list of hostnames where they're running diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml index 75818bf0..a6971b0f 100644 --- a/network/ports/net_ip_map.yaml +++ b/network/ports/net_ip_map.yaml @@ -64,6 +64,7 @@ parameters: ManagementIpSubnet: default: '' type: string + description: IP address/subnet on the management network ManagementIpUri: default: '' type: string diff --git a/network/storage.yaml b/network/storage.yaml index 0fb9cc00..00316c51 100644 --- a/network/storage.yaml +++ b/network/storage.yaml @@ -15,7 +15,7 @@ parameters: type: json StorageNetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean StorageNetEnableDHCP: default: false @@ -61,3 +61,5 @@ outputs: OS::stack_id: description: Neutron storage network value: {get_resource: StorageNetwork} + subnet_cidr: + value: {get_attr: StorageSubnet, cidr} diff --git a/network/storage_mgmt.yaml b/network/storage_mgmt.yaml index 9869f0da..bc4347c2 100644 --- a/network/storage_mgmt.yaml +++ b/network/storage_mgmt.yaml @@ -15,7 +15,7 @@ parameters: type: json StorageMgmtNetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean StorageMgmtNetEnableDHCP: default: false @@ -61,3 +61,5 @@ outputs: OS::stack_id: description: Neutron storage management network value: {get_resource: StorageMgmtNetwork} + subnet_cidr: + value: {get_attr: StorageMgmtSubnet, cidr} diff --git a/network/storage_mgmt_v6.yaml b/network/storage_mgmt_v6.yaml index d6b1652a..0d6614f9 100644 --- a/network/storage_mgmt_v6.yaml +++ b/network/storage_mgmt_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json StorageMgmtNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean StorageMgmtNetShared: default: false @@ -68,3 +68,5 @@ outputs: OS::stack_id: description: Neutron storage management network value: {get_resource: StorageMgmtNetwork} + subnet_cidr: + value: {get_attr: StorageMgmtSubnet, cidr} diff --git a/network/storage_v6.yaml b/network/storage_v6.yaml index 0ec34add..bf796b2b 100644 --- a/network/storage_v6.yaml +++ b/network/storage_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json StorageNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean StorageNetShared: default: false @@ -68,3 +68,5 @@ outputs: OS::stack_id: description: Neutron storage network value: {get_resource: StorageNetwork} + subnet_cidr: + value: {get_attr: StorageSubnet, cidr} diff --git a/network/tenant.yaml b/network/tenant.yaml index 4881308d..2104f0bd 100644 --- a/network/tenant.yaml +++ b/network/tenant.yaml @@ -15,7 +15,7 @@ parameters: type: json TenantNetAdminStateUp: default: false - description: This admin state of the network. + description: The admin state of the network. type: boolean TenantNetEnableDHCP: default: false @@ -61,3 +61,5 @@ outputs: OS::stack_id: description: Neutron tenant network value: {get_resource: TenantNetwork} + subnet_cidr: + value: {get_attr: TenantSubnet, cidr} diff --git a/network/tenant_v6.yaml b/network/tenant_v6.yaml index bbc2b6bf..9993eec9 100644 --- a/network/tenant_v6.yaml +++ b/network/tenant_v6.yaml @@ -16,7 +16,7 @@ parameters: type: json TenantNetAdminStateUp: default: false - description: This admin state of of the network. + description: The admin state of the network. type: boolean TenantNetShared: default: false @@ -68,3 +68,5 @@ outputs: OS::stack_id: description: Neutron tenant network value: {get_resource: TenantNetwork} + subnet_cidr: + value: {get_attr: TenantSubnet, cidr} diff --git a/network_data.yaml b/network_data.yaml index 6d62605b..23c231f9 100644 --- a/network_data.yaml +++ b/network_data.yaml @@ -14,17 +14,21 @@ # - name: External vip: true + name_lower: external - name: InternalApi name_lower: internal_api vip: true - name: Storage vip: true + name_lower: storage - name: StorageMgmt name_lower: storage_mgmt vip: true - name: Tenant vip: false # Tenant network does not use VIPs + name_lower: tenant - name: Management # Management network is disabled by default enabled: false vip: false # Management network does not use VIPs + name_lower: management diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 4aee571e..bb458961 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -4,10 +4,12 @@ resource_registry: OS::TripleO::PostDeploySteps: puppet/post.yaml OS::TripleO::PostUpgradeSteps: puppet/post-upgrade.yaml OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml + OS::TripleO::AllNodesDeployment: OS::Heat::StructuredDeployments OS::TripleO::Hosts::SoftwareConfig: hosts-config.yaml OS::TripleO::Ssh::HostPubKey: extraconfig/tasks/ssh/host_public_key.yaml OS::TripleO::Ssh::KnownHostsConfig: extraconfig/tasks/ssh/known_hosts_config.yaml OS::TripleO::DefaultPasswords: default_passwords.yaml + OS::TripleO::RandomString: OS::Heat::RandomString # Tasks (for internal TripleO usage) OS::TripleO::Tasks::UpdateWorkflow: OS::Heat::None @@ -105,8 +107,10 @@ resource_registry: # Upgrade resources OS::TripleO::UpgradeConfig: puppet/upgrade_config.yaml + OS::TripleO::DeployedServerEnvironment: OS::Heat::None + # services - OS::TripleO::Services: services.yaml + OS::TripleO::Services: common/services.yaml OS::TripleO::Services::Apache: puppet/services/apache.yaml OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml OS::TripleO::Services::CephMds: OS::Heat::None @@ -136,6 +140,7 @@ resource_registry: OS::TripleO::Services::NeutronL2gwApi: OS::Heat::None OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml OS::TripleO::Services::NeutronL2gwAgent: OS::Heat::None + OS::TripleO::Services::NeutronLbaasv2Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml # FIXME(shardy) the duplicate NeutronServer line can be removed when we've updated # the multinode job ControllerServices after this patch merges @@ -156,6 +161,7 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml OS::TripleO::Services::NeutronLinuxbridgeAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml + OS::TripleO::Services::ComputeNeutronOvsDpdk: OS::Heat::None OS::TripleO::Services::Pacemaker: OS::Heat::None OS::TripleO::Services::PacemakerRemote: OS::Heat::None OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None @@ -164,6 +170,7 @@ resource_registry: OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml OS::TripleO::Services::HAProxyPublicTLS: OS::Heat::None OS::TripleO::Services::HAProxyInternalTLS: OS::Heat::None + OS::TripleO::Services::Iscsid: puppet/services/iscsid.yaml OS::TripleO::Services::Keepalived: puppet/services/keepalived.yaml OS::TripleO::Services::Memcached: puppet/services/memcached.yaml OS::TripleO::Services::SaharaApi: OS::Heat::None @@ -181,6 +188,7 @@ resource_registry: OS::TripleO::Services::NovaVncProxy: puppet/services/nova-vnc-proxy.yaml OS::TripleO::Services::NovaCompute: puppet/services/nova-compute.yaml OS::TripleO::Services::NovaLibvirt: puppet/services/nova-libvirt.yaml + OS::TripleO::Services::NovaMigrationTarget: puppet/services/nova-migration-target.yaml OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None @@ -189,7 +197,7 @@ resource_registry: OS::TripleO::Services::Snmp: puppet/services/snmp.yaml OS::TripleO::Services::Tacker: OS::Heat::None OS::TripleO::Services::Timezone: puppet/services/time/timezone.yaml - OS::TripleO::Services::CeilometerApi: puppet/services/ceilometer-api.yaml + OS::TripleO::Services::CeilometerApi: puppet/services/disabled/ceilometer-api-disabled.yaml OS::TripleO::Services::CeilometerCollector: puppet/services/disabled/ceilometer-collector-disabled.yaml OS::TripleO::Services::CeilometerExpirer: puppet/services/disabled/ceilometer-expirer-disabled.yaml OS::TripleO::Services::CeilometerAgentCentral: puppet/services/ceilometer-agent-central.yaml @@ -252,6 +260,7 @@ resource_registry: OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None OS::TripleO::Services::CinderBackendScaleIO: OS::Heat::None + OS::TripleO::Services::CinderBackendVRTSHyperScale: OS::Heat::None OS::TripleO::Services::CinderHPELeftHandISCSI: OS::Heat::None OS::TripleO::Services::Etcd: OS::Heat::None OS::TripleO::Services::Ec2Api: OS::Heat::None @@ -266,6 +275,8 @@ resource_registry: OS::TripleO::Services::Docker: OS::Heat::None OS::TripleO::Services::CertmongerUser: OS::Heat::None OS::TripleO::Services::Iscsid: OS::Heat::None + OS::TripleO::Services::Clustercheck: OS::Heat::None + OS::TripleO::Services::VRTSHyperScale: OS::Heat::None parameter_defaults: EnablePackageInstall: false diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index e4c04b4e..ddf2701a 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -55,6 +55,28 @@ parameters: Control the IP allocation for the ControlVirtualIP port. E.g. [{'ip_address':'1.2.3.4'}] type: json + ExtraConfig: + default: {} + description: | + Additional hiera configuration to inject into the cluster. + type: json +{%- for role in roles %} + {{role.name}}ExtraConfig: + default: {} + description: | + Role specific additional hiera configuration to inject into the cluster. + type: json +{%- endfor %} + controllerExtraConfig: + default: {} + description: | + DEPRECATED use ControllerExtraConfig instead + type: json + NovaComputeExtraConfig: + default: {} + description: | + DEPRECATED use ComputeExtraConfig instead + type: json InternalApiVirtualFixedIPs: default: [] description: > @@ -154,7 +176,6 @@ parameters: {% else %} default: "%stackname%-{{role.name.lower()}}-%index%" {% endif %} - {{role.name}}RemovalPolicies: default: [] type: json @@ -203,6 +224,13 @@ parameters: description: > List of server hostnames to blacklist from any triggered deployments. +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - controllerExtraConfig + - NovaComputeExtraConfig + conditions: add_vips_to_etc_hosts: {equals : [{get_param: AddVipsToEtcHosts}, True]} @@ -242,18 +270,32 @@ resources: HOST: {get_param: CloudNameStorageManagement} HeatAuthEncryptionKey: - type: OS::Heat::RandomString + type: OS::TripleO::RandomString PcsdPassword: - type: OS::Heat::RandomString + type: OS::TripleO::RandomString properties: length: 16 HorizonSecret: - type: OS::Heat::RandomString + type: OS::TripleO::RandomString properties: length: 10 + NetCidrMapValue: + type: OS::Heat::Value + properties: + type: json + value: + map_replace: + - map_merge: + - {get_attr: [Networks, net_cidr_map]} + - ctlplane: {get_attr: [ControlVirtualIP, subnets, 0, cidr]} + - keys: + ctlplane: {get_param: NeutronControlPlaneID} + values: + disabled: {get_attr: [ControlVirtualIP, subnets, 0, cidr]} + ServiceNetMap: type: OS::TripleO::ServiceNetMap @@ -294,6 +336,8 @@ resources: Services: get_param: {{role.name}}Services ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]} + ServiceData: + net_cidr_map: {get_attr: [NetCidrMapValue, value]} EndpointMap: {get_attr: [EndpointMap, endpoint_map]} DefaultPasswords: {get_attr: [DefaultPasswords, passwords]} RoleName: {{role.name}} @@ -307,6 +351,56 @@ resources: type: json value: {get_attr: [{{role.name}}ServiceChain, role_data]} + {{role.name}}ServiceConfigSettings: + type: OS::Heat::Value + properties: + type: json + value: + map_merge: + - get_attr: [{{role.name}}ServiceChainRoleData, value, config_settings] + {% for r in roles %} + - get_attr: [{{r.name}}ServiceChainRoleData, value, global_config_settings] + {% endfor %} + # This next step combines two yaql passes: + # - The inner one does a deep merge on the service_config_settings for all roles + # - The outer one filters the map based on the services enabled for the role + # then merges the result into one map. + - yaql: + expression: let(root => $) -> $.data.map.items().where($[0] in coalesce($root.data.services, [])).select($[1]).reduce($1.mergeWith($2), {}) + data: + map: + yaql: + expression: $.data.where($ != null).reduce($1.mergeWith($2), {}) + data: + {% for r in roles %} + - get_attr: [{{r.name}}ServiceChainRoleData, value, service_config_settings] + {% endfor %} + services: {get_attr: [{{role.name}}ServiceNames, value]} + + {{role.name}}MergedConfigSettings: + type: OS::Heat::Value + properties: + type: json + value: + config_settings: {} + global_config_settings: {} + service_config_settings: {} + merged_config_settings: + map_merge: + - get_attr: [{{role.name}}ServiceConfigSettings, value] + - get_param: ExtraConfig + {%- if role.name == 'Controller' %} + - map_merge: + - get_param: controllerExtraConfig + - get_param: {{role.name}}ExtraConfig + {%- elif role.name == 'Compute' %} + - map_merge: + - get_param: NovaComputeExtraConfig + - get_param: {{role.name}}ExtraConfig + {%- else %} + - get_param: {{role.name}}ExtraConfig + {%- endif %} + # Filter any null/None service_names which may be present due to mapping # of services to OS::Heat::None {{role.name}}ServiceNames: @@ -334,7 +428,7 @@ resources: servers: {get_attr: [{{role.name}}Servers, value]} {{role.name}}AllNodesDeployment: - type: OS::Heat::StructuredDeployments + type: OS::TripleO::AllNodesDeployment depends_on: {% for role_inner in roles %} - {{role_inner.name}}HostsDeployment @@ -421,27 +515,7 @@ resources: {% else %} NovaComputeSchedulerHints: {get_param: NovaComputeSchedulerHints} {% endif %} - ServiceConfigSettings: - map_merge: - - get_attr: [{{role.name}}ServiceChainRoleData, value, config_settings] - {% for r in roles %} - - get_attr: [{{r.name}}ServiceChain, role_data, global_config_settings] - {% endfor %} - # This next step combines two yaql passes: - # - The inner one does a deep merge on the service_config_settings for all roles - # - The outer one filters the map based on the services enabled for the role - # then merges the result into one map. - - yaql: - expression: let(root => $) -> $.data.map.items().where($[0] in coalesce($root.data.services, [])).select($[1]).reduce($1.mergeWith($2), {}) - data: - map: - yaql: - expression: $.data.where($ != null).reduce($1.mergeWith($2), {}) - data: - {% for r in roles %} - - get_attr: [{{r.name}}ServiceChain, role_data, service_config_settings] - {% endfor %} - services: {get_attr: [{{role.name}}ServiceNames, value]} + ServiceConfigSettings: {get_attr: [{{role.name}}ServiceConfigSettings, value]} ServiceNames: {get_attr: [{{role.name}}ServiceNames, value]} MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChainRoleData, value, monitoring_subscriptions]} ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_metadata_settings]} @@ -462,6 +536,21 @@ resources: servers: {get_attr: [{{role.name}}, attributes, nova_server_resource]} {% endfor %} + # This is a different format to *Servers, as it creates a map of lists + # whereas *Servers creates a map of maps with keys of the nested resource names + ServerIdMap: + type: OS::Heat::Value + properties: + value: + server_ids: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}, nova_server_resource]} +{% endfor %} + bootstrap_server_id: + yaql: + expression: coalesce($.data, []).first(null) + data: {get_attr: [{{primary_role_name}}, nova_server_resource]} + # This resource just creates a dict out of the DeploymentServerBlacklist, # which is a list. The dict is used in the role templates to set a condition # on whether to create the deployment resources. We can't use the list @@ -566,8 +655,6 @@ resources: {% for role in roles %} - {get_attr: [{{role.name}}IpListMap, short_service_bootstrap_hostnames]} {% endfor %} - # FIXME(shardy): These require further work to move into service_ips - memcache_node_ips: {get_attr: [{{primary_role_name}}IpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} NetVipMap: {get_attr: [VipMap, net_ip_map]} RedisVirtualIP: {get_attr: [RedisVirtualIP, ip_address]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} @@ -575,12 +662,12 @@ resources: UpdateIdentifier: {get_param: UpdateIdentifier} MysqlRootPassword: - type: OS::Heat::RandomString + type: OS::TripleO::RandomString properties: length: 10 RabbitCookie: - type: OS::Heat::RandomString + type: OS::TripleO::RandomString properties: length: 20 salt: {get_param: RabbitCookieSalt} @@ -665,6 +752,10 @@ resources: StorageMgmtIp: {get_attr: [StorageMgmtVirtualIP, ip_address]} StorageMgmtIpUri: {get_attr: [StorageMgmtVirtualIP, ip_address_uri]} # No tenant or management VIP required + # Because of nested get_attr functions in the KeystoneAdminVip output, we + # can't determine which attributes of VipMap are used until after + # ServiceNetMap's attribute values are available. + depends_on: ServiceNetMap # All Nodes Validations AllNodesValidationConfig: @@ -735,12 +826,69 @@ resources: {% for role in roles %} {{role.name}}: {get_attr: [{{role.name}}Servers, value]} {% endfor %} + stack_name: {get_param: 'OS::stack_name'} EndpointMap: {get_attr: [EndpointMap, endpoint_map]} + ctlplane_service_ips: + # Note (shardy) this somewhat complex yaql may be replaced + # with a map_deep_merge function in ocata. It merges the + # list of maps, but appends to colliding lists when a service + # is deployed on more than one role + yaql: + expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten()])) + data: + l: +{% for role in roles %} + - {get_attr: [{{role.name}}IpListMap, ctlplane_service_ips]} +{% endfor %} role_data: {% for role in roles %} - {{role.name}}: {get_attr: [{{role.name}}ServiceChainRoleData, value]} + {{role.name}}: + map_merge: + - {get_attr: [{{role.name}}ServiceChainRoleData, value]} + - {get_attr: [{{role.name}}MergedConfigSettings, value]} {% endfor %} + ServerOsCollectConfigData: + type: OS::Heat::Value + properties: + type: json + value: +{% for role in roles %} + {{role.name}}: {get_attr: [{{role.name}}, attributes, os_collect_config]} +{% endfor %} + + DeployedServerEnvironment: + type: OS::TripleO::DeployedServerEnvironment + properties: + RoleCounts: +{% for role in roles %} + {{role.name}}DeployedServerCount: {get_param: {{role.name}}Count} +{% endfor %} + VipMap: + map_merge: + - {get_attr: [VipMap, net_ip_map]} + - redis: {get_attr: [RedisVirtualIP, ip_address]} + DeployedServerPortMap: + map_merge: + list_concat: +{% for role in roles %} + - {get_attr: [{{role.name}}, deployed_server_port_map]} +{% endfor %} + DeployedServerDeploymentSwiftDataMap: + map_merge: + list_concat: +{% for role in roles %} + - {get_attr: [{{role.name}}, deployed_server_deployment_swift_data_map]} +{% endfor %} + DefaultRouteIp: + str_split: + - ':' + - str_split: + - '/' + - {get_attr: [ServerOsCollectConfigData, value, {{primary_role_name}}, '0', request, metadata_url]} + - 2 + - 0 + outputs: ManagedEndpoints: description: Asserts that the keystone endpoints have been provisioned. @@ -750,6 +898,11 @@ outputs: value: {get_attr: [EndpointMapData, value, KeystonePublic, uri]} KeystoneAdminVip: description: Keystone Admin VIP endpoint + # Note that these nested get_attr functions require a dependency + # relationship between VipMap and ServiceNetMap, since we can't determine + # which attributes of VipMap are used until after ServiceNetMap's attribute + # values are available. If this is ever reworked to not use nested + # get_attr, that dependency can be removed. value: {get_attr: [VipMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, KeystoneAdminApiNetwork]}]} EndpointMap: description: | @@ -777,7 +930,10 @@ outputs: description: The configuration data associated with each role value: {% for role in roles %} - {{role.name}}: {get_attr: [{{role.name}}ServiceChainRoleData, value]} + {{role.name}}: + map_merge: + - {get_attr: [{{role.name}}ServiceChainRoleData, value]} + - {get_attr: [{{role.name}}MergedConfigSettings, value]} {% endfor %} RoleNetIpMap: description: Mapping of each network to a list of IPs for each role @@ -791,3 +947,20 @@ outputs: {% for role in roles %} {{role.name}}: {get_attr: [{{role.name}}NetworkHostnameMap, value]} {% endfor %} + ServerOsCollectConfigData: + description: The os-collect-config configuration associated with each server resource + value: {get_attr: [ServerOsCollectConfigData, value]} + VipMap: + description: Mapping of each network to VIP addresses. Also includes the Redis VIP. + value: + map_merge: + - {get_attr: [VipMap, net_ip_map]} + - redis: {get_attr: [RedisVirtualIP, ip_address]} + ServerIdData: + description: Mapping of each role to a list of nova server IDs and the bootstrap ID + value: {get_attr: [ServerIdMap, value]} + DeployedServerEnvironment: + description: + Environment data that can be used as input into the services stack when + using split-stack. + value: {get_attr: [DeployedServerEnvironment, deployed_server_environment]} diff --git a/plan-samples/README.rst b/plan-samples/README.rst index 44b9d0cd..b3c2d1df 100644 --- a/plan-samples/README.rst +++ b/plan-samples/README.rst @@ -15,8 +15,8 @@ commands. The sample format to provide the workflow specific parameters:: workflow_parameters: tripleo.derive_params.v1.derive_parameters: # DPDK Parameters - number_of_pmd_cpu_threads_per_numa_node: 2 + num_phy_cores_per_numa_node_for_pmd: 2 All the parameters specified under the workflow name will be passed as -``user_input`` to the workflow, while invoking from the tripleoclient.
\ No newline at end of file +``user_input`` to the workflow, while invoking from the tripleoclient. diff --git a/plan-samples/plan-environment-derived-params.yaml b/plan-samples/plan-environment-derived-params.yaml index 964e57d2..8f250716 100644 --- a/plan-samples/plan-environment-derived-params.yaml +++ b/plan-samples/plan-environment-derived-params.yaml @@ -9,11 +9,11 @@ environments: workflow_parameters: tripleo.derive_params.v1.derive_parameters: ######### DPDK Parameters ######### - # Specifices the minimum number of CPU threads to be allocated for DPDK + # Specifices the minimum number of CPU physical cores to be allocated for DPDK # PMD threads. The actual allocation will be based on network config, if # the a DPDK port is associated with a numa node, then this configuration - # will be used, else 0. - number_of_pmd_cpu_threads_per_numa_node: 4 + # will be used, else 1. + num_phy_cores_per_numa_node_for_pmd: 2 # Amount of memory to be configured as huge pages in percentage. Ouf the # total available memory (excluding the NovaReservedHostMemory), the # specified percentage of the remaining is configured as huge pages. diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index b1284452..24aa1525 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -30,8 +30,6 @@ parameters: type: json controller_names: type: comma_delimited_list - memcache_node_ips: - type: comma_delimited_list NetVipMap: type: json RedisVirtualIP: @@ -47,6 +45,7 @@ parameters: perform configuration on a Heat stack-update. UpdateIdentifier: type: string + default: '' description: > Setting to a previously unused value during stack-update will trigger package update on all nodes @@ -170,11 +169,6 @@ resources: list_join: - ',' - {get_param: controller_names} - memcached_node_ips_v6: - repeat: - template: "inet6:[NAME]" - for_each: - NAME: {get_param: memcache_node_ips} deploy_identifier: {get_param: DeployIdentifier} update_identifier: {get_param: UpdateIdentifier} stack_action: {get_param: StackAction} diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 551a88ca..7d58d1da 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -143,6 +143,25 @@ parameters: type: json description: Role Specific Parameters default: {} + DeploymentSwiftDataMap: + type: json + description: | + Map of servers to Swift container and object for storing deployment data. + The keys are the Heat assigned hostnames, and the value is a map of the + container/object name in Swift. Example value: + overcloud-controller-0: + container: overcloud-controller + object: 0 + overcloud-controller-1: + container: overcloud-controller + object: 1 + overcloud-controller-2: + container: overcloud-controller + object: 2 + overcloud-novacompute-0: + container: overcloud-compute + object: 0 + default: {} conditions: server_not_blacklisted: @@ -150,6 +169,12 @@ conditions: equals: - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - 1 + deployment_swift_data_map_unset: + equals: + - get_param: + - DeploymentSwiftDataMap + - {get_param: Hostname} + - "" resources: BlockStorage: @@ -178,6 +203,12 @@ resources: - {get_param: BlockStorageServerMetadata} - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: BlockStorageSchedulerHints} + deployment_swift_data: + if: + - deployment_swift_data_map_unset + - {} + - {get_param: [DeploymentSwiftDataMap, + {get_param: Hostname}]} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -377,6 +408,8 @@ resources: properties: server: {get_resource: BlockStorage} RoleParameters: {get_param: RoleParameters} + ServiceNames: {get_param: ServiceNames} + deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -485,6 +518,9 @@ resources: NodeExtraConfig: depends_on: NodeTLSCAData type: OS::TripleO::NodeExtraConfig + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: BlockStorage} @@ -507,11 +543,21 @@ resources: - ['CREATE', 'UPDATE'] - [] + DeploymentActions: + type: OS::Heat::Value + properties: + value: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] + SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: BlockStorageDeployment properties: server: {get_resource: BlockStorage} + deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: @@ -614,3 +660,45 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" management_ip_address: description: IP address of the server in the management network value: {get_attr: [ManagementPort, ip_address]} + deployed_server_port_map: + description: | + Map of Heat created hostname of the server to ip address. This is the + hostname before it has been mapped with the HostnameMap parameter, and + the IP address from the ctlplane network. This map can be used to construct + the DeployedServerPortMap parameter when using split-stack. + value: + map_replace: + - hostname: + fixed_ips: + - ip_address: {get_attr: [BlockStorage, networks, ctlplane, 0]} + - keys: + hostname: + list_join: + - '-' + - - {get_param: Hostname} + - ctlplane + deployed_server_deployment_swift_data_map: + description: + Map of Heat created hostname of the server to the Swift container and object + used to created the temporary url for metadata polling with + os-collect-config. + value: + map_replace: + - hostname: + container: + str_split: + - '/' + - {get_attr: [BlockStorage, os_collect_config, request, metadata_url]} + - 5 + object: + str_split: + - '?' + - str_split: + - '/' + - {get_attr: [BlockStorage, os_collect_config, request, metadata_url]} + - 6 + - 0 + - keys: {hostname: {get_param: Hostname}} + os_collect_config: + description: The os-collect-config configuration associated with this server resource + value: {get_attr: [BlockStorage, os_collect_config]} diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 4336f3e7..48e5b97a 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -149,6 +149,25 @@ parameters: type: json description: Role Specific Parameters default: {} + DeploymentSwiftDataMap: + type: json + description: | + Map of servers to Swift container and object for storing deployment data. + The keys are the Heat assigned hostnames, and the value is a map of the + container/object name in Swift. Example value: + overcloud-controller-0: + container: overcloud-controller + object: 0 + overcloud-controller-1: + container: overcloud-controller + object: 1 + overcloud-controller-2: + container: overcloud-controller + object: 2 + overcloud-novacompute-0: + container: overcloud-compute + object: 0 + default: {} conditions: server_not_blacklisted: @@ -156,6 +175,12 @@ conditions: equals: - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - 1 + deployment_swift_data_map_unset: + equals: + - get_param: + - DeploymentSwiftDataMap + - {get_param: Hostname} + - "" resources: CephStorage: @@ -184,6 +209,12 @@ resources: - {get_param: CephStorageServerMetadata} - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: CephStorageSchedulerHints} + deployment_swift_data: + if: + - deployment_swift_data_map_unset + - {} + - {get_param: [DeploymentSwiftDataMap, + {get_param: Hostname}]} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -383,6 +414,8 @@ resources: properties: server: {get_resource: CephStorage} RoleParameters: {get_param: RoleParameters} + ServiceNames: {get_param: ServiceNames} + deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -489,6 +522,9 @@ resources: CephStorageExtraConfigPre: depends_on: CephStorageDeployment type: OS::TripleO::CephStorageExtraConfigPre + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: CephStorage} @@ -497,6 +533,9 @@ resources: NodeExtraConfig: depends_on: [CephStorageExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: CephStorage} @@ -518,11 +557,21 @@ resources: - ['CREATE', 'UPDATE'] - [] + DeploymentActions: + type: OS::Heat::Value + properties: + value: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] + SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: CephStorageDeployment properties: server: {get_resource: CephStorage} + deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: @@ -625,3 +674,45 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" management_ip_address: description: IP address of the server in the management network value: {get_attr: [ManagementPort, ip_address]} + deployed_server_port_map: + description: | + Map of Heat created hostname of the server to ip address. This is the + hostname before it has been mapped with the HostnameMap parameter, and + the IP address from the ctlplane network. This map can be used to construct + the DeployedServerPortMap parameter when using split-stack. + value: + map_replace: + - hostname: + fixed_ips: + - ip_address: {get_attr: [CephStorage, networks, ctlplane, 0]} + - keys: + hostname: + list_join: + - '-' + - - {get_param: Hostname} + - ctlplane + deployed_server_deployment_swift_data_map: + description: + Map of Heat created hostname of the server to the Swift container and object + used to created the temporary url for metadata polling with + os-collect-config. + value: + map_replace: + - hostname: + container: + str_split: + - '/' + - {get_attr: [CephStorage, os_collect_config, request, metadata_url]} + - 5 + object: + str_split: + - '?' + - str_split: + - '/' + - {get_attr: [CephStorage, os_collect_config, request, metadata_url]} + - 6 + - 0 + - keys: {hostname: {get_param: Hostname}} + os_collect_config: + description: The os-collect-config configuration associated with this server resource + value: {get_attr: [CephStorage, os_collect_config]} diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index e2cce5fb..3ad6f745 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -161,8 +161,33 @@ parameters: type: json description: Role Specific Parameters default: {} + DeploymentSwiftDataMap: + type: json + description: | + Map of servers to Swift container and object for storing deployment data. + The keys are the Heat assigned hostnames, and the value is a map of the + container/object name in Swift. Example value: + overcloud-controller-0: + container: overcloud-controller + object: 0 + overcloud-controller-1: + container: overcloud-controller + object: 1 + overcloud-controller-2: + container: overcloud-controller + object: 2 + overcloud-novacompute-0: + container: overcloud-compute + object: 0 + default: {} conditions: + deployment_swift_data_map_unset: + equals: + - get_param: + - DeploymentSwiftDataMap + - {get_param: Hostname} + - "" server_not_blacklisted: not: equals: @@ -198,6 +223,12 @@ resources: - {get_param: NovaComputeServerMetadata} - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: NovaComputeSchedulerHints} + deployment_swift_data: + if: + - deployment_swift_data_map_unset + - {} + - {get_param: [DeploymentSwiftDataMap, + {get_param: Hostname}]} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -386,6 +417,8 @@ resources: properties: server: {get_resource: NovaCompute} RoleParameters: {get_param: RoleParameters} + ServiceNames: {get_param: ServiceNames} + deployment_actions: {get_attr: [DeploymentActions, value]} NetworkConfig: type: OS::TripleO::Compute::Net::SoftwareConfig @@ -512,6 +545,9 @@ resources: ComputeExtraConfigPre: depends_on: NovaComputeDeployment type: OS::TripleO::ComputeExtraConfigPre + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: NovaCompute} @@ -520,6 +556,9 @@ resources: NodeExtraConfig: depends_on: [ComputeExtraConfigPre, NodeTLSCAData] type: OS::TripleO::NodeExtraConfig + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: NovaCompute} @@ -542,11 +581,21 @@ resources: update_identifier: get_param: UpdateIdentifier + DeploymentActions: + type: OS::Heat::Value + properties: + value: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] + SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: NovaComputeDeployment properties: server: {get_resource: NovaCompute} + deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: @@ -570,6 +619,45 @@ outputs: management_ip_address: description: IP address of the server in the management network value: {get_attr: [ManagementPort, ip_address]} + deployed_server_port_map: + description: | + Map of Heat created hostname of the server to ip address. This is the + hostname before it has been mapped with the HostnameMap parameter, and + the IP address from the ctlplane network. This map can be used to construct + the DeployedServerPortMap parameter when using split-stack. + value: + map_replace: + - hostname: + fixed_ips: + - ip_address: {get_attr: [NovaCompute, networks, ctlplane, 0]} + - keys: + hostname: + list_join: + - '-' + - - {get_param: Hostname} + - ctlplane + deployed_server_deployment_swift_data_map: + description: + Map of Heat created hostname of the server to the Swift container and object + used to created the temporary url for metadata polling with + os-collect-config. + value: + map_replace: + - hostname: + container: + str_split: + - '/' + - {get_attr: [NovaCompute, os_collect_config, request, metadata_url]} + - 5 + object: + str_split: + - '?' + - str_split: + - '/' + - {get_attr: [NovaCompute, os_collect_config, request, metadata_url]} + - 6 + - 0 + - keys: {hostname: {get_param: Hostname}} hostname: description: Hostname of the server value: {get_attr: [NovaCompute, name]} @@ -651,3 +739,6 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" value: {get_resource: NovaCompute} condition: server_not_blacklisted + os_collect_config: + description: The os-collect-config configuration associated with this server resource + value: {get_attr: [NovaCompute, os_collect_config]} diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 10cfac79..933b5e60 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -27,10 +27,6 @@ parameters: default: '' description: Set to True to enable debugging on all services. type: string - EnableLoadBalancer: - default: true - description: Whether to deploy a LoadBalancer on the Controller - type: boolean ExtraConfig: default: {} description: | @@ -179,6 +175,25 @@ parameters: type: json description: Role Specific Parameters default: {} + DeploymentSwiftDataMap: + type: json + description: | + Map of servers to Swift container and object for storing deployment data. + The keys are the Heat assigned hostnames, and the value is a map of the + container/object name in Swift. Example value: + overcloud-controller-0: + container: overcloud-controller + object: 0 + overcloud-controller-1: + container: overcloud-controller + object: 1 + overcloud-controller-2: + container: overcloud-controller + object: 2 + overcloud-novacompute-0: + container: overcloud-compute + object: 0 + default: {} parameter_groups: - label: deprecated @@ -192,7 +207,12 @@ conditions: equals: - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - 1 - + deployment_swift_data_map_unset: + equals: + - get_param: + - DeploymentSwiftDataMap + - {get_param: Hostname} + - "" resources: @@ -222,6 +242,12 @@ resources: - {get_param: ControllerServerMetadata} - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: ControllerSchedulerHints} + deployment_swift_data: + if: + - deployment_swift_data_map_unset + - {} + - {get_param: [DeploymentSwiftDataMap, + {get_param: Hostname}]} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -410,6 +436,8 @@ resources: properties: server: {get_resource: Controller} RoleParameters: {get_param: RoleParameters} + ServiceNames: {get_param: ServiceNames} + deployment_actions: {get_attr: [DeploymentActions, value]} NetworkConfig: type: OS::TripleO::Controller::Net::SoftwareConfig @@ -493,8 +521,6 @@ resources: config: {get_resource: ControllerConfig} server: {get_resource: Controller} input_values: - bootstack_nodeid: {get_attr: [Controller, name]} - enable_load_balancer: {get_param: EnableLoadBalancer} enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} # Map heat metadata into hiera datafiles @@ -536,11 +562,6 @@ resources: - {get_param: ControllerExtraConfig} extraconfig: {get_param: ExtraConfig} controller: - # data supplied directly to this deployment configuration, etc - bootstack_nodeid: {get_input: bootstack_nodeid} - # Pacemaker - enable_load_balancer: {get_input: enable_load_balancer} - # Misc tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} @@ -556,6 +577,9 @@ resources: ControllerExtraConfigPre: depends_on: ControllerDeployment type: OS::TripleO::ControllerExtraConfigPre + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: Controller} @@ -564,6 +588,9 @@ resources: NodeExtraConfig: depends_on: [ControllerExtraConfigPre, NodeTLSData] type: OS::TripleO::NodeExtraConfig + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: Controller} @@ -586,11 +613,21 @@ resources: update_identifier: get_param: UpdateIdentifier + DeploymentActions: + type: OS::Heat::Value + properties: + value: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] + SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: ControllerDeployment properties: server: {get_resource: Controller} + deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: @@ -614,6 +651,45 @@ outputs: management_ip_address: description: IP address of the server in the management network value: {get_attr: [ManagementPort, ip_address]} + deployed_server_port_map: + description: + Map of Heat created hostname of the server to ip address. This is the + hostname before it has been mapped with the HostnameMap parameter, and + the IP address from the ctlplane network. This map can be used to construct + the DeployedServerPortMap parameter when using split-stack. + value: + map_replace: + - hostname: + fixed_ips: + - ip_address: {get_attr: [Controller, networks, ctlplane, 0]} + - keys: + hostname: + list_join: + - '-' + - - {get_param: Hostname} + - ctlplane + deployed_server_deployment_swift_data_map: + description: + Map of Heat created hostname of the server to the Swift container and object + used to created the temporary url for metadata polling with + os-collect-config. + value: + map_replace: + - hostname: + container: + str_split: + - '/' + - {get_attr: [Controller, os_collect_config, request, metadata_url]} + - 5 + object: + str_split: + - '?' + - str_split: + - '/' + - {get_attr: [Controller, os_collect_config, request, metadata_url]} + - 6 + - 0 + - keys: {hostname: {get_param: Hostname}} hostname: description: Hostname of the server value: {get_attr: [Controller, name]} @@ -701,3 +777,6 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" tls_cert_modulus_md5: description: MD5 checksum of the TLS Certificate Modulus value: {get_attr: [NodeTLSData, cert_modulus_md5]} + os_collect_config: + description: The os-collect-config configuration associated with this server resource + value: {get_attr: [Controller, os_collect_config]} diff --git a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.j2.yaml index 313c1261..3b7bf40c 100644 --- a/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.yaml +++ b/puppet/extraconfig/all_nodes/neutron-ml2-cisco-nexus-ucsm.j2.yaml @@ -174,45 +174,15 @@ resources: echo "$HOST_FQDN $MACS" fi - CollectMacDeploymentsController: +{% for role in roles %} + CollectMacDeployments{{role.name}}: type: OS::Heat::SoftwareDeployments properties: - name: CollectMacDeploymentsController - servers: {get_param: [servers, Controller]} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsCompute: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsCompute - servers: {get_param: [servers, Compute]} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsBlockStorage: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsBlockStorage - servers: {get_param: [servers, BlockStorage]} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsObjectStorage: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsObjectStorage - servers: {get_param: [servers, ObjectStorage]} - config: {get_resource: CollectMacConfig} - actions: ['CREATE'] # Only do this on CREATE - - CollectMacDeploymentsCephStorage: - type: OS::Heat::SoftwareDeployments - properties: - name: CollectMacDeploymentsCephStorage - servers: {get_param: [servers, CephStorage]} + name: CollectMacDeployments{{role.name}} + servers: {get_param: [servers, {{role.name}}]} config: {get_resource: CollectMacConfig} actions: ['CREATE'] # Only do this on CREATE +{% endfor %} # Now we calculate the additional nexus config based on the mappings MappingToNexusConfig: @@ -220,11 +190,9 @@ resources: properties: group: script inputs: - - name: controller_mappings - - name: compute_mappings - - name: blockstorage_mappings - - name: objectstorage_mappings - - name: cephstorage_mappings + {%- for role in roles %} + - name: {{role.name}}_mappings + {%- endfor %} - name: nexus_config config: | #!/bin/python @@ -233,11 +201,9 @@ resources: import os from copy import deepcopy - mappings = ['controller_mappings', - 'compute_mappings', - 'blockstorage_mappings', - 'objectstorage_mappings', - 'cephstorage_mappings', + mappings = [{%- for role in roles %} + '{{role.name}}_mappings', + {%- endfor %} 'nexus_config'] mapdict_list = [] nexus = {} @@ -295,11 +261,9 @@ resources: # FIXME(shardy): It'd be more convenient if we could join these # items together but because the returned format is a map (not a list) # we can't use list_join or str_replace. Possible Heat TODO. - controller_mappings: {get_attr: [CollectMacDeploymentsController, deploy_stdouts]} - compute_mappings: {get_attr: [CollectMacDeploymentsCompute, deploy_stdouts]} - blockstorage_mappings: {get_attr: [CollectMacDeploymentsBlockStorage, deploy_stdouts]} - objectstorage_mappings: {get_attr: [CollectMacDeploymentsObjectStorage, deploy_stdouts]} - cephstorage_mappings: {get_attr: [CollectMacDeploymentsCephStorage, deploy_stdouts]} + {%- for role in roles %} + {{role.name}}_mappings: {get_attr: [CollectMacDeployments{{role.name}}, deploy_stdouts]} + {%- endfor %} nexus_config: {get_param: NetworkNexusConfig} actions: ['CREATE'] # Only do this on CREATE diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index b44095bd..11113eec 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -8,13 +8,17 @@ description: 'Upgrade steps for all roles' parameters: servers: type: json - + stack_name: + type: string + description: Name of the topmost stack role_data: type: json description: Mapping of Role name e.g Controller to the per-role data - + ctlplane_service_ips: + type: json UpdateIdentifier: type: string + default: '' description: > Setting to a previously unused value during stack-update will trigger the Upgrade resources to re-run on all roles. @@ -28,7 +32,7 @@ parameters: default: 'regionOne' description: Keystone region for endpoint NovaPassword: - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true @@ -206,7 +210,9 @@ resources: {%- endfor %} properties: servers: {get_param: servers} + stack_name: {get_param: stack_name} role_data: {get_param: role_data} + ctlplane_service_ips: {get_param: ctlplane_service_ips} outputs: # Output the config for each role, just use Step1 as the config should be diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 40a5d441..a03a9da5 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -143,6 +143,25 @@ parameters: type: json description: Role Specific Parameters default: {} + DeploymentSwiftDataMap: + type: json + description: | + Map of servers to Swift container and object for storing deployment data. + The keys are the Heat assigned hostnames, and the value is a map of the + container/object name in Swift. Example value: + overcloud-controller-0: + container: overcloud-controller + object: 0 + overcloud-controller-1: + container: overcloud-controller + object: 1 + overcloud-controller-2: + container: overcloud-controller + object: 2 + overcloud-novacompute-0: + container: overcloud-compute + object: 0 + default: {} conditions: server_not_blacklisted: @@ -150,6 +169,12 @@ conditions: equals: - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - 1 + deployment_swift_data_map_unset: + equals: + - get_param: + - DeploymentSwiftDataMap + - {get_param: Hostname} + - "" resources: @@ -178,6 +203,12 @@ resources: - {get_param: SwiftStorageServerMetadata} - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: ObjectStorageSchedulerHints} + deployment_swift_data: + if: + - deployment_swift_data_map_unset + - {} + - {get_param: [DeploymentSwiftDataMap, + {get_param: Hostname}]} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -377,6 +408,8 @@ resources: properties: server: {get_resource: SwiftStorage} RoleParameters: {get_param: RoleParameters} + ServiceNames: {get_param: ServiceNames} + deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -485,6 +518,9 @@ resources: NodeExtraConfig: depends_on: NodeTLSCAData type: OS::TripleO::NodeExtraConfig + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: server: {get_resource: SwiftStorage} @@ -506,11 +542,21 @@ resources: - ['CREATE', 'UPDATE'] - [] + DeploymentActions: + type: OS::Heat::Value + properties: + value: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] + SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey depends_on: SwiftStorageHieraDeploy properties: server: {get_resource: SwiftStorage} + deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: @@ -613,3 +659,45 @@ CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" management_ip_address: description: IP address of the server in the management network value: {get_attr: [ManagementPort, ip_address]} + deployed_server_port_map: + description: | + Map of Heat created hostname of the server to ip address. This is the + hostname before it has been mapped with the HostnameMap parameter, and + the IP address from the ctlplane network. This map can be used to construct + the DeployedServerPortMap parameter when using split-stack. + value: + map_replace: + - hostname: + fixed_ips: + - ip_address: {get_attr: [SwiftStorage, networks, ctlplane, 0]} + - keys: + hostname: + list_join: + - '-' + - - {get_param: Hostname} + - ctlplane + deployed_server_deployment_swift_data_map: + description: + Map of Heat created hostname of the server to the Swift container and object + used to created the temporary url for metadata polling with + os-collect-config. + value: + map_replace: + - hostname: + container: + str_split: + - '/' + - {get_attr: [SwiftStorage, os_collect_config, request, metadata_url]} + - 5 + object: + str_split: + - '?' + - str_split: + - '/' + - {get_attr: [SwiftStorage, os_collect_config, request, metadata_url]} + - 6 + - 0 + - keys: {hostname: {get_param: Hostname}} + os_collect_config: + description: The os-collect-config configuration associated with this server resource + value: {get_attr: [SwiftStorage, os_collect_config]} diff --git a/puppet/post-upgrade.j2.yaml b/puppet/post-upgrade.j2.yaml index c51b6e1b..bdd1e613 100644 --- a/puppet/post-upgrade.j2.yaml +++ b/puppet/post-upgrade.j2.yaml @@ -8,17 +8,20 @@ parameters: servers: type: json description: Mapping of Role name e.g Controller to a list of servers - + stack_name: + type: string + description: Name of the topmost stack role_data: type: json description: Mapping of Role name e.g Controller to the per-role data - DeployIdentifier: default: '' type: string description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. + ctlplane_service_ips: + type: json resources: # Note the include here is the same as post.j2.yaml but the data used at diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml index 3a15cec6..67e1ecfd 100644 --- a/puppet/post.j2.yaml +++ b/puppet/post.j2.yaml @@ -8,7 +8,9 @@ parameters: servers: type: json description: Mapping of Role name e.g Controller to a list of servers - + stack_name: + type: string + description: Name of the topmost stack role_data: type: json description: Mapping of Role name e.g Controller to the per-role data @@ -23,6 +25,7 @@ parameters: description: > Setting this to a unique value will re-run any deployment tasks which perform configuration on a Heat stack-update. + ctlplane_service_ips: + type: json -resources: {% include 'puppet-steps.j2' %} diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2 index 5567d65d..f7651a57 100644 --- a/puppet/puppet-steps.j2 +++ b/puppet/puppet-steps.j2 @@ -1,3 +1,18 @@ +{% set deploy_steps_max = 6 %} +conditions: +{% for step in range(1, deploy_steps_max) %} + WorkflowTasks_Step{{step}}_Enabled: + or: + {%- for role in roles %} + - not: + equals: + - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}] + - '' + - False + {%- endfor %} +{% endfor %} + +resources: # Post deployment steps for all roles # A single config is re-applied with an incrementing step number {% for role in roles %} @@ -8,6 +23,7 @@ {{role.name}}ArtifactsDeploy: type: OS::Heat::StructuredDeployments properties: + name: {{role.name}}ArtifactsDeploy servers: {get_param: [servers, {{role.name}}]} config: {get_resource: {{role.name}}ArtifactsConfig} @@ -21,20 +37,29 @@ {{role.name}}Config: type: OS::TripleO::{{role.name}}Config properties: - StepConfig: {list_join: ["\n", {get_param: [role_data, {{role.name}}, step_config]}]} + StepConfig: {get_param: [role_data, {{role.name}}, step_config]} # Step through a series of configuration steps -{% for step in range(1, 6) %} +{% for step in range(1, deploy_steps_max) %} {{role.name}}Deployment_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup - {% if step == 1 %} - depends_on: [{{role.name}}PreConfig, {{role.name}}ArtifactsDeploy] - {% else %} depends_on: - {% for dep in roles %} + - WorkflowTasks_Step{{step}}_Execution + # TODO(gfidente): the following if/else condition + # replicates what is already defined for the + # WorkflowTasks_StepX resource and can be remove + # if https://bugs.launchpad.net/heat/+bug/1700569 + # is fixed. + {%- if step == 1 %} + {%- for dep in roles %} + - {{dep.name}}PreConfig + - {{dep.name}}ArtifactsDeploy + {%- endfor %} + {%- else %} + {%- for dep in roles %} - {{dep.name}}Deployment_Step{{step -1}} - {% endfor %} - {% endif %} + {%- endfor %} + {%- endif %} properties: name: {{role.name}}Deployment_Step{{step}} servers: {get_param: [servers, {{role.name}}]} @@ -49,9 +74,9 @@ # after all the previous deployment steps. {{role.name}}ExtraConfigPost: depends_on: - {% for dep in roles %} + {%- for dep in roles %} - {{dep.name}}Deployment_Step5 - {% endfor %} + {%- endfor %} type: OS::TripleO::NodeExtraConfigPost properties: servers: {get_param: [servers, {{role.name}}]} @@ -62,9 +87,9 @@ {{role.name}}PostConfig: type: OS::TripleO::Tasks::{{role.name}}PostConfig depends_on: - {% for dep in roles %} + {%- for dep in roles %} - {{dep.name}}ExtraConfigPost - {% endfor %} + {%- endfor %} properties: servers: {get_param: servers} input_values: @@ -72,3 +97,60 @@ {% endfor %} + +# BEGIN service_workflow_tasks handling +{% for step in range(1, deploy_steps_max) %} + WorkflowTasks_Step{{step}}: + type: OS::Mistral::Workflow + condition: WorkflowTasks_Step{{step}}_Enabled + depends_on: + {%- if step == 1 %} + {%- for dep in roles %} + - {{dep.name}}PreConfig + - {{dep.name}}ArtifactsDeploy + {%- endfor %} + {%- else %} + {%- for dep in roles %} + - {{dep.name}}Deployment_Step{{step -1}} + {%- endfor %} + {%- endif %} + properties: + name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]} + type: direct + tasks: + yaql: + expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten() + data: + {%- for role in roles %} + - get_param: [role_data, {{role.name}}, service_workflow_tasks] + {%- endfor %} + + WorkflowTasks_Step{{step}}_Execution: + type: OS::Mistral::ExternalResource + condition: WorkflowTasks_Step{{step}}_Enabled + depends_on: WorkflowTasks_Step{{step}} + properties: + actions: + CREATE: + workflow: { get_resource: WorkflowTasks_Step{{step}} } + params: + env: + service_ips: { get_param: ctlplane_service_ips } + role_merged_configs: + {%- for r in roles %} + {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} + {%- endfor %} + evaluate_env: false + UPDATE: + workflow: { get_resource: WorkflowTasks_Step{{step}} } + params: + env: + service_ips: { get_param: ctlplane_service_ips } + role_merged_configs: + {%- for r in roles %} + {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} + {%- endfor %} + evaluate_env: false + always_update: true +{% endfor %} +# END service_workflow_tasks handling diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 5ab763ba..18707b9a 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -1,18 +1,24 @@ +{# ## Some variables are set to enable rendering backwards compatible templates #} +{# ## where a few parameter/resource names don't match the expected pattern #} +{# ## FIXME: we need some way to deprecate the old inconsistent parameters #} +{%- if role.name == 'Controller' -%} + {%- set deprecated_extraconfig_param = 'controllerExtraConfig' -%} +{% endif %} heat_template_version: pike -description: 'OpenStack {{role}} node configured by Puppet' +description: 'OpenStack {{role.name}} node configured by Puppet' parameters: - Overcloud{{role}}Flavor: - description: Flavor for the {{role}} node. + Overcloud{{role.name}}Flavor: + description: Flavor for the {{role.name}} node. default: baremetal type: string -{% if disable_constraints is not defined %} +{% if role.disable_constraints is not defined %} constraints: - custom_constraint: nova.flavor {% endif %} - {{role}}Image: + {{role.name}}Image: type: string default: overcloud-full -{% if disable_constraints is not defined %} +{% if role.disable_constraints is not defined %} constraints: - custom_constraint: glance.image {% endif %} @@ -24,7 +30,7 @@ parameters: description: Name of an existing Nova key pair to enable SSH access to the instances type: string default: default -{% if disable_constraints is not defined %} +{% if role.disable_constraints is not defined %} constraints: - custom_constraint: nova.keypair {% endif %} @@ -63,14 +69,21 @@ parameters: default: {} description: | Additional hiera configuration to inject into the cluster. Note - that {{role}}ExtraConfig takes precedence over ExtraConfig. + that {{role.name}}ExtraConfig takes precedence over ExtraConfig. type: json - {{role}}ExtraConfig: + {{role.name}}ExtraConfig: default: {} description: | Role specific additional hiera configuration to inject into the cluster. type: json - {{role}}IPs: +{%- if deprecated_extraconfig_param is defined %} + {{deprecated_extraconfig_param}}: + default: {} + description: | + DEPRECATED use {{role.name}}ExtraConfig instead + type: json +{%- endif %} + {{role.name}}IPs: default: {} type: json NetworkDeploymentActions: @@ -91,7 +104,7 @@ parameters: description: > The DNS domain used for the hosts. This must match the overcloud_domain_name configured on the undercloud. - {{role}}ServerMetadata: + {{role.name}}ServerMetadata: default: {} description: > Extra properties or metadata passed to Nova for the created nodes in @@ -106,7 +119,7 @@ parameters: the overcloud. It's accessible via the Nova metadata API. This applies to all roles and is merged with a role-specific metadata parameter. type: json - {{role}}SchedulerHints: + {{role.name}}SchedulerHints: type: json description: Optional scheduler hints to pass to nova default: {} @@ -169,6 +182,33 @@ parameters: type: json description: Role Specific Parameters default: {} + DeploymentSwiftDataMap: + type: json + description: | + Map of servers to Swift container and object for storing deployment data. + The keys are the Heat assigned hostnames, and the value is a map of the + container/object name in Swift. Example value: + overcloud-controller-0: + container: overcloud-controller + object: 0 + overcloud-controller-1: + container: overcloud-controller + object: 1 + overcloud-controller-2: + container: overcloud-controller + object: 2 + overcloud-novacompute-0: + container: overcloud-compute + object: 0 + default: {} + +{% if deprecated_extraconfig_param is defined %} +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - {{deprecated_extraconfig_param}} +{%- endif %} conditions: server_not_blacklisted: @@ -176,18 +216,24 @@ conditions: equals: - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]} - 1 + deployment_swift_data_map_unset: + equals: + - get_param: + - DeploymentSwiftDataMap + - {get_param: Hostname} + - "" resources: - {{role}}: - type: OS::TripleO::{{role}}Server + {{role.name}}: + type: OS::TripleO::{{role.name}}Server metadata: os-collect-config: command: {get_param: ConfigCommand} splay: {get_param: ConfigCollectSplay} properties: - image: {get_param: {{role}}Image} + image: {get_param: {{role.name}}Image} image_update_policy: {get_param: ImageUpdatePolicy} - flavor: {get_param: Overcloud{{role}}Flavor} + flavor: {get_param: Overcloud{{role.name}}Flavor} key_name: {get_param: KeyName} networks: - network: ctlplane @@ -201,9 +247,15 @@ resources: metadata: map_merge: - {get_param: ServerMetadata} - - {get_param: {{role}}ServerMetadata} + - {get_param: {{role.name}}ServerMetadata} - {get_param: ServiceMetadataSettings} - scheduler_hints: {get_param: {{role}}SchedulerHints} + scheduler_hints: {get_param: {{role.name}}SchedulerHints} + deployment_swift_data: + if: + - deployment_swift_data_map_unset + - {} + - {get_param: [DeploymentSwiftDataMap, + {get_param: Hostname}]} # Combine the NodeAdminUserData and NodeUserData mime archives UserData: @@ -230,83 +282,34 @@ resources: # For optional operator role-specific userdata # Should return a OS::Heat::MultipartMime reference via OS::stack_id RoleUserData: - type: OS::TripleO::{{role}}::NodeUserData - - ExternalPort: - type: OS::TripleO::{{role}}::Ports::ExternalPort - properties: - ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} - IPPool: {get_param: {{role}}IPs} - NodeIndex: {get_param: NodeIndex} - - InternalApiPort: - type: OS::TripleO::{{role}}::Ports::InternalApiPort - properties: - ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} - IPPool: {get_param: {{role}}IPs} - NodeIndex: {get_param: NodeIndex} - - StoragePort: - type: OS::TripleO::{{role}}::Ports::StoragePort - properties: - ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} - IPPool: {get_param: {{role}}IPs} - NodeIndex: {get_param: NodeIndex} - - StorageMgmtPort: - type: OS::TripleO::{{role}}::Ports::StorageMgmtPort - properties: - ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} - IPPool: {get_param: {{role}}IPs} - NodeIndex: {get_param: NodeIndex} + type: OS::TripleO::{{role.name}}::NodeUserData - TenantPort: - type: OS::TripleO::{{role}}::Ports::TenantPort + {%- for network in networks %} + {{network.name}}Port: + type: OS::TripleO::{{role.name}}::Ports::{{network.name}}Port properties: - ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} - IPPool: {get_param: {{role}}IPs} - NodeIndex: {get_param: NodeIndex} - - ManagementPort: - type: OS::TripleO::{{role}}::Ports::ManagementPort - properties: - ControlPlaneIP: {get_attr: [{{role}}, networks, ctlplane, 0]} - IPPool: {get_param: {{role}}IPs} + ControlPlaneIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + IPPool: {get_param: {{role.name}}IPs} NodeIndex: {get_param: NodeIndex} + {%- endfor %} NetworkConfig: - type: OS::TripleO::{{role}}::Net::SoftwareConfig + type: OS::TripleO::{{role.name}}::Net::SoftwareConfig properties: - ControlPlaneIp: {get_attr: [{{role}}, networks, ctlplane, 0]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} + ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + {%- for network in networks %} + {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]} + {%- endfor %} NetIpMap: type: OS::TripleO::Network::Ports::NetIpMap properties: - ControlPlaneIp: {get_attr: [{{role}}, networks, ctlplane, 0]} - ExternalIp: {get_attr: [ExternalPort, ip_address]} - ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]} - ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]} - InternalApiIp: {get_attr: [InternalApiPort, ip_address]} - InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]} - InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]} - StorageIp: {get_attr: [StoragePort, ip_address]} - StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]} - StorageIpUri: {get_attr: [StoragePort, ip_address_uri]} - StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]} - StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]} - StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]} - TenantIp: {get_attr: [TenantPort, ip_address]} - TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]} - TenantIpUri: {get_attr: [TenantPort, ip_address_uri]} - ManagementIp: {get_attr: [ManagementPort, ip_address]} - ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]} - ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]} + ControlPlaneIp: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + {%- for network in networks %} + {{network.name}}Ip: {get_attr: [{{network.name}}Port, ip_address]} + {{network.name}}IpSubnet: {get_attr: [{{network.name}}Port, ip_subnet]} + {{network.name}}IpUri: {get_attr: [{{network.name}}Port, ip_address_uri]} + {%- endfor %} NetHostMap: type: OS::Heat::Value @@ -317,92 +320,94 @@ resources: fqdn: list_join: - '.' - - - {get_attr: [{{role}}, name]} + - - {get_attr: [{{role.name}}, name]} - external - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role}}, name]} + - - {get_attr: [{{role.name}}, name]} - external internal_api: fqdn: list_join: - '.' - - - {get_attr: [{{role}}, name]} + - - {get_attr: [{{role.name}}, name]} - internalapi - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role}}, name]} + - - {get_attr: [{{role.name}}, name]} - internalapi storage: fqdn: list_join: - '.' - - - {get_attr: [{{role}}, name]} + - - {get_attr: [{{role.name}}, name]} - storage - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role}}, name]} + - - {get_attr: [{{role.name}}, name]} - storage storage_mgmt: fqdn: list_join: - '.' - - - {get_attr: [{{role}}, name]} + - - {get_attr: [{{role.name}}, name]} - storagemgmt - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role}}, name]} + - - {get_attr: [{{role.name}}, name]} - storagemgmt tenant: fqdn: list_join: - '.' - - - {get_attr: [{{role}}, name]} + - - {get_attr: [{{role.name}}, name]} - tenant - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role}}, name]} + - - {get_attr: [{{role.name}}, name]} - tenant management: fqdn: list_join: - '.' - - - {get_attr: [{{role}}, name]} + - - {get_attr: [{{role.name}}, name]} - management - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role}}, name]} + - - {get_attr: [{{role.name}}, name]} - management ctlplane: fqdn: list_join: - '.' - - - {get_attr: [{{role}}, name]} + - - {get_attr: [{{role.name}}, name]} - ctlplane - {get_param: CloudDomain} short: list_join: - '.' - - - {get_attr: [{{role}}, name]} + - - {get_attr: [{{role.name}}, name]} - ctlplane PreNetworkConfig: - type: OS::TripleO::{{role}}::PreNetworkConfig + type: OS::TripleO::{{role.name}}::PreNetworkConfig properties: - server: {get_resource: {{role}}} + server: {get_resource: {{role.name}}} RoleParameters: {get_param: RoleParameters} + ServiceNames: {get_param: ServiceNames} + deployment_actions: {get_attr: [DeploymentActions, value]} NetworkDeployment: type: OS::TripleO::SoftwareDeployment @@ -410,7 +415,7 @@ resources: properties: name: NetworkDeployment config: {get_resource: NetworkConfig} - server: {get_resource: {{role}}} + server: {get_resource: {{role.name}}} actions: {get_param: NetworkDeploymentActions} input_values: bridge_name: {get_param: NeutronPhysicalBridge} @@ -421,7 +426,7 @@ resources: - {get_param: NetworkDeploymentActions} - [] - {{role}}UpgradeInitConfig: + {{role.name}}UpgradeInitConfig: type: OS::Heat::SoftwareConfig properties: group: script @@ -435,26 +440,26 @@ resources: # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first - {{role}}UpgradeInitDeployment: + {{role.name}}UpgradeInitDeployment: type: OS::Heat::SoftwareDeployment depends_on: NetworkDeployment properties: - name: {{role}}UpgradeInitDeployment - server: {get_resource: {{role}}} - config: {get_resource: {{role}}UpgradeInitConfig} + name: {{role.name}}UpgradeInitDeployment + server: {get_resource: {{role.name}}} + config: {get_resource: {{role.name}}UpgradeInitConfig} actions: if: - server_not_blacklisted - ['CREATE', 'UPDATE'] - [] - {{role}}Deployment: + {{role.name}}Deployment: type: OS::Heat::StructuredDeployment - depends_on: {{role}}UpgradeInitDeployment + depends_on: {{role.name}}UpgradeInitDeployment properties: - name: {{role}}Deployment - config: {get_resource: {{role}}Config} - server: {get_resource: {{role}}} + name: {{role.name}}Deployment + config: {get_resource: {{role.name}}Config} + server: {get_resource: {{role.name}}} input_values: enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]} actions: @@ -463,7 +468,7 @@ resources: - ['CREATE', 'UPDATE'] - [] - {{role}}Config: + {{role.name}}Config: type: OS::Heat::StructuredConfig properties: group: hiera @@ -472,11 +477,11 @@ resources: - '"%{::uuid}"' - heat_config_%{::deploy_config_name} - config_step - - {{role.lower()}}_extraconfig + - {{role.name.lower()}}_extraconfig - extraconfig - service_names - service_configs - - {{role.lower()}} + - {{role.name.lower()}} - bootstrap_node # provided by allNodesConfig - all_nodes # provided by allNodesConfig - vip_data # provided by allNodesConfig @@ -490,9 +495,14 @@ resources: map_replace: - {get_param: ServiceConfigSettings} - values: {get_attr: [NetIpMap, net_ip_map]} - {{role.lower()}}_extraconfig: {get_param: {{role}}ExtraConfig} + {{role.name.lower()}}_extraconfig: + map_merge: +{%- if deprecated_extraconfig_param is defined %} + - {get_param: {{deprecated_extraconfig_param}}} +{%- endif %} + - {get_param: {{role.name}}ExtraConfig} extraconfig: {get_param: ExtraConfig} - {{role.lower()}}: + {{role.name.lower()}}: tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade} tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: LoggingSources} tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: LoggingGroups} @@ -503,28 +513,53 @@ resources: fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]} fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]} + {%- if 'primary' in role.tags and 'controller' in role.tags %} + tripleo::haproxy::service_certificate: {get_attr: [NodeTLSData, deployed_ssl_certificate_path]} + {%- endif -%} # Resource for site-specific injection of root certificate NodeTLSCAData: - depends_on: {{role}}Deployment + depends_on: NetworkDeployment type: OS::TripleO::NodeTLSCAData properties: - server: {get_resource: {{role}}} + server: {get_resource: {{role.name}}} + + {%- if 'primary' in role.tags and 'controller' in role.tags %} + # Resource for site-specific passing of private keys/certificates + NodeTLSData: + depends_on: NodeTLSCAData + type: OS::TripleO::NodeTLSData + properties: + server: {get_resource: {{role.name}}} + NodeIndex: {get_param: NodeIndex} + {%- endif -%} # Hook for site-specific additional pre-deployment config, e.g extra hieradata - {{role}}ExtraConfigPre: - depends_on: {{role}}Deployment - type: OS::TripleO::{{role}}ExtraConfigPre + {{role.name}}ExtraConfigPre: + depends_on: {{role.name}}Deployment + type: OS::TripleO::{{role.name}}ExtraConfigPre + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: - server: {get_resource: {{role}}} + server: {get_resource: {{role.name}}} # Hook for site-specific additional pre-deployment config, # applying to all nodes, e.g node registration/unregistration NodeExtraConfig: - depends_on: [{{role}}ExtraConfigPre, NodeTLSCAData] + depends_on: + - {{role.name}}ExtraConfigPre + {%- if 'primary' in role.tags and 'controller' in role.tags %} + - NodeTLSData + {%- else %} + - NodeTLSCAData + {%- endif %} type: OS::TripleO::NodeExtraConfig + # We have to use conditions here so that we don't break backwards + # compatibility with templates everywhere + condition: server_not_blacklisted properties: - server: {get_resource: {{role}}} + server: {get_resource: {{role.name}}} UpdateConfig: type: OS::TripleO::Tasks::PackageUpdate @@ -535,7 +570,7 @@ resources: properties: name: UpdateDeployment config: {get_resource: UpdateConfig} - server: {get_resource: {{role}}} + server: {get_resource: {{role.name}}} input_values: update_identifier: get_param: UpdateIdentifier @@ -545,110 +580,132 @@ resources: - ['CREATE', 'UPDATE'] - [] + DeploymentActions: + type: OS::Heat::Value + properties: + value: + if: + - server_not_blacklisted + - ['CREATE', 'UPDATE'] + - [] + SshHostPubKey: type: OS::TripleO::Ssh::HostPubKey - depends_on: {{role}}Deployment + depends_on: {{role.name}}Deployment properties: - server: {get_resource: {{role}}} + server: {get_resource: {{role.name}}} + deployment_actions: {get_attr: [DeploymentActions, value]} outputs: ip_address: description: IP address of the server in the ctlplane network - value: {get_attr: [{{role}}, networks, ctlplane, 0]} + value: {get_attr: [{{role.name}}, networks, ctlplane, 0]} hostname: description: Hostname of the server - value: {get_attr: [{{role}}, name]} + value: {get_attr: [{{role.name}}, name]} hostname_map: description: Mapping of network names to hostnames value: - external: {get_attr: [NetHostMap, value, external, fqdn]} - internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]} - storage: {get_attr: [NetHostMap, value, storage, fqdn]} - storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]} - tenant: {get_attr: [NetHostMap, value, tenant, fqdn]} - management: {get_attr: [NetHostMap, value, management, fqdn]} + {%- for network in networks %} + {{network.name_lower|default(network.name.lower())}}: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower()) }}, fqdn]} + {%- endfor %} ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]} hosts_entry: value: str_replace: template: | PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST - EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST - INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST - STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST - STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST - TENANTIP TENANTHOST.DOMAIN TENANTHOST - MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST + {%- for network in networks %} + {{network.name}}IP {{network.name}}HOST.DOMAIN {{network.name}}HOST + {%- endfor %} CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role}}HostnameResolveNetwork]}]} + PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [{{role}}, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [{{role}}, networks, ctlplane, 0]} + PRIMARYHOST: {get_attr: [{{role.name}}, name]} + {%- for network in networks %} + {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]} + {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]} + {%- endfor %} + CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]} CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} known_hosts_entry: description: Entry for ssh known hosts value: str_replace: template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\ -EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\ -INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\ -STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\ -STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\ -TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\ -MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\ + {%- for network in networks %} +{{network.name}}IP,{{network.name}}HOST.DOMAIN,{{network.name}}HOST,\ + {%- endfor %} CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY" params: - PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role}}HostnameResolveNetwork]}]} + PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, {{role.name}}HostnameResolveNetwork]}]} DOMAIN: {get_param: CloudDomain} - PRIMARYHOST: {get_attr: [{{role}}, name]} - EXTERNALIP: {get_attr: [ExternalPort, ip_address]} - EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]} - INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]} - INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]} - STORAGEIP: {get_attr: [StoragePort, ip_address]} - STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]} - STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]} - STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]} - TENANTIP: {get_attr: [TenantPort, ip_address]} - TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]} - MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]} - MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]} - CTLPLANEIP: {get_attr: [{{role}}, networks, ctlplane, 0]} + PRIMARYHOST: {get_attr: [{{role.name}}, name]} + {%- for network in networks %} + {{network.name}}IP: {get_attr: [{{network.name}}Port, ip_address]} + {{network.name}}HOST: {get_attr: [NetHostMap, value, {{network.name_lower|default(network.name.lower())}}, short]} + {%- endfor %} + CTLPLANEIP: {get_attr: [{{role.name}}, networks, ctlplane, 0]} CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]} HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]} nova_server_resource: - description: Heat resource handle for {{role}} server + description: Heat resource handle for {{role.name}} server value: - {get_resource: {{role}}} + {get_resource: {{role.name}}} condition: server_not_blacklisted - external_ip_address: - description: IP address of the server in the external network - value: {get_attr: [ExternalPort, ip_address]} - internal_api_ip_address: - description: IP address of the server in the internal_api network - value: {get_attr: [InternalApiPort, ip_address]} - storage_ip_address: - description: IP address of the server in the storage network - value: {get_attr: [StoragePort, ip_address]} - storage_mgmt_ip_address: - description: IP address of the server in the storage_mgmt network - value: {get_attr: [StorageMgmtPort, ip_address]} - tenant_ip_address: - description: IP address of the server in the tenant network - value: {get_attr: [TenantPort, ip_address]} - management_ip_address: - description: IP address of the server in the management network - value: {get_attr: [ManagementPort, ip_address]} + deployed_server_port_map: + description: | + Map of Heat created hostname of the server to ip address. This is the + hostname before it has been mapped with the HostnameMap parameter, and + the IP address from the ctlplane network. This map can be used to construct + the DeployedServerPortMap parameter when using split-stack. + value: + map_replace: + - hostname: + fixed_ips: + - ip_address: {get_attr: [{{role.name}}, networks, ctlplane, 0]} + - keys: + hostname: + list_join: + - '-' + - - {get_param: Hostname} + - ctlplane + deployed_server_deployment_swift_data_map: + description: + Map of Heat created hostname of the server to the Swift container and object + used to created the temporary url for metadata polling with + os-collect-config. + value: + map_replace: + - hostname: + container: + str_split: + - '/' + - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]} + - 5 + object: + str_split: + - '?' + - str_split: + - '/' + - {get_attr: [{{role.name}}, os_collect_config, request, metadata_url]} + - 6 + - 0 + - keys: {hostname: {get_param: Hostname}} + {%- if 'primary' in role.tags and 'controller' in role.tags %} + tls_key_modulus_md5: + description: MD5 checksum of the TLS Key Modulus + value: {get_attr: [NodeTLSData, key_modulus_md5]} + tls_cert_modulus_md5: + description: MD5 checksum of the TLS Certificate Modulus + value: {get_attr: [NodeTLSData, cert_modulus_md5]} + {%- endif %} + os_collect_config: + description: The os-collect-config configuration associated with this server resource + value: {get_attr: [{{role.name}}, os_collect_config]} + {%- for network in networks %} + {{network.name_lower|default(network.name.lower())}}_ip_address: + description: IP address of the server in the {{network.name}} network + value: {get_attr: [{{network.name}}Port, ip_address]} + {%- endfor %} diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 7a18ef0c..d55414b7 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -95,6 +95,30 @@ are re-asserted when applying latter ones. 5) Service activation (Pacemaker) +It is also possible to use Mistral actions or workflows together with +a deployment step, these are executed before the main configuration run. +To describe actions or workflows from within a service use: + + * service_workflow_tasks: One or more workflow task properties + +which expects a map where the key is the step and the value a list of +dictionaries descrbing each a workflow task, for example:: + + service_workflow_tasks: + step2: + - name: echo + action: std.echo output=Hello + step3: + - name: external + workflow: my-pre-existing-workflow-name + input: + workflow_param1: value + workflow_param2: value + +The Heat guide for the `OS::Mistral::Workflow task property +<https://docs.openstack.org/developer/heat/template_guide/openstack.html#OS::Mistral::Workflow-prop-tasks>`_ +has more details about the expected dictionary. + Batch Upgrade Steps ------------------- diff --git a/puppet/services/aodh-api.yaml b/puppet/services/aodh-api.yaml index 561b48cb..d9b61ccd 100644 --- a/puppet/services/aodh-api.yaml +++ b/puppet/services/aodh-api.yaml @@ -4,6 +4,10 @@ description: > OpenStack Aodh API service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -43,6 +47,7 @@ resources: AodhBase: type: ./aodh-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -52,6 +57,7 @@ resources: ApacheServiceBase: type: ./apache.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/aodh-base.yaml b/puppet/services/aodh-base.yaml index 0563d08b..9e970475 100644 --- a/puppet/services/aodh-base.yaml +++ b/puppet/services/aodh-base.yaml @@ -4,6 +4,10 @@ description: > OpenStack Aodh service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -64,6 +68,12 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + constraints: + - allowed_values: [ 'messagingv2', 'noop' ] conditions: service_debug_unset: {equals : [{get_param: AodhDebug}, '']} @@ -91,6 +101,7 @@ outputs: - {get_param: Debug } - {get_param: AodhDebug } aodh::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + aodh::notification_driver: {get_param: NotificationDriver} aodh::rabbit_userid: {get_param: RabbitUserName} aodh::rabbit_password: {get_param: RabbitPassword} aodh::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/aodh-evaluator.yaml b/puppet/services/aodh-evaluator.yaml index 669c11dd..eedb291f 100644 --- a/puppet/services/aodh-evaluator.yaml +++ b/puppet/services/aodh-evaluator.yaml @@ -4,6 +4,10 @@ description: > OpenStack Aodh Evaluator service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -34,6 +38,7 @@ resources: AodhBase: type: ./aodh-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/aodh-listener.yaml b/puppet/services/aodh-listener.yaml index 17710ecb..631a3dc1 100644 --- a/puppet/services/aodh-listener.yaml +++ b/puppet/services/aodh-listener.yaml @@ -4,6 +4,10 @@ description: > OpenStack Aodh Listener service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -34,6 +38,7 @@ resources: AodhBase: type: ./aodh-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/aodh-notifier.yaml b/puppet/services/aodh-notifier.yaml index 2eed1b75..1bc5e4df 100644 --- a/puppet/services/aodh-notifier.yaml +++ b/puppet/services/aodh-notifier.yaml @@ -4,6 +4,10 @@ description: > OpenStack Aodh Notifier service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -34,6 +38,7 @@ resources: AodhBase: type: ./aodh-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml index 23fcab90..6c55fde3 100644 --- a/puppet/services/apache.yaml +++ b/puppet/services/apache.yaml @@ -13,6 +13,10 @@ parameters: default: 256 description: Maximum number of Apache processes. type: number + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/auditd.yaml b/puppet/services/auditd.yaml index 3eff534b..3a676ddf 100644 --- a/puppet/services/auditd.yaml +++ b/puppet/services/auditd.yaml @@ -4,6 +4,10 @@ description: > AuditD configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index 51331242..a894dbdf 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -4,6 +4,10 @@ description: > OpenStack Barbican API service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -73,12 +77,19 @@ parameters: e.g. { barbican-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + constraints: + - allowed_values: [ 'messagingv2', 'noop' ] resources: ApacheServiceBase: type: ./apache.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -109,6 +120,7 @@ outputs: - service_debug_unset - {get_param: Debug } - {get_param: BarbicanDebug } + barbican::api::notification_driver: {get_param: NotificationDriver} barbican::api::rabbit_use_ssl: {get_param: RabbitClientUseSSL} barbican::api::rabbit_userid: {get_param: RabbitUserName} barbican::api::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/ca-certs.yaml b/puppet/services/ca-certs.yaml index 6249c1ab..46446f14 100644 --- a/puppet/services/ca-certs.yaml +++ b/puppet/services/ca-certs.yaml @@ -4,6 +4,10 @@ description: > HAproxy service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/ceilometer-agent-central.yaml b/puppet/services/ceilometer-agent-central.yaml index 2dbaf554..2d3c91a9 100644 --- a/puppet/services/ceilometer-agent-central.yaml +++ b/puppet/services/ceilometer-agent-central.yaml @@ -4,6 +4,10 @@ description: > OpenStack Ceilometer Central Agent service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -43,6 +47,7 @@ resources: CeilometerServiceBase: type: ./ceilometer-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml index c453a43d..3cf51519 100644 --- a/puppet/services/ceilometer-agent-compute.yaml +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -4,6 +4,10 @@ description: > OpenStack Ceilometer Compute Agent service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -40,6 +44,7 @@ resources: CeilometerServiceBase: type: ./ceilometer-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/ceilometer-agent-ipmi.yaml b/puppet/services/ceilometer-agent-ipmi.yaml index 7dd1e78d..f61f9083 100644 --- a/puppet/services/ceilometer-agent-ipmi.yaml +++ b/puppet/services/ceilometer-agent-ipmi.yaml @@ -4,6 +4,10 @@ description: > OpenStack Ceilometer Ipmi Agent service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -43,6 +47,7 @@ resources: CeilometerServiceBase: type: ./ceilometer-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/ceilometer-agent-notification.yaml b/puppet/services/ceilometer-agent-notification.yaml index 6e893564..d6e98ae8 100644 --- a/puppet/services/ceilometer-agent-notification.yaml +++ b/puppet/services/ceilometer-agent-notification.yaml @@ -4,6 +4,10 @@ description: > OpenStack Ceilometer Notification Agent service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -40,6 +44,7 @@ resources: CeilometerServiceBase: type: ./ceilometer-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/ceilometer-api.yaml b/puppet/services/ceilometer-api.yaml index 74b0c3d2..aba303fb 100644 --- a/puppet/services/ceilometer-api.yaml +++ b/puppet/services/ceilometer-api.yaml @@ -4,6 +4,10 @@ description: > OpenStack Ceilometer API service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -48,6 +52,7 @@ resources: CeilometerServiceBase: type: ./ceilometer-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -57,6 +62,7 @@ resources: ApacheServiceBase: type: ./apache.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 1d86369b..9fc1530a 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -4,6 +4,10 @@ description: > OpenStack Ceilometer service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -103,6 +107,12 @@ parameters: description: The user password for SNMPd with readonly rights running on all Overcloud nodes type: string hidden: true + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + constraints: + - allowed_values: [ 'messagingv2', 'noop' ] conditions: service_debug_unset: {equals : [{get_param: CeilometerDebug}, '']} @@ -139,6 +149,7 @@ outputs: ceilometer::dispatcher::gnocchi::filter_project: 'service' ceilometer::dispatcher::gnocchi::archive_policy: 'low' ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' + ceilometer::notification_driver: {get_param: NotificationDriver} ceilometer::rabbit_userid: {get_param: RabbitUserName} ceilometer::rabbit_password: {get_param: RabbitPassword} ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/ceilometer-collector.yaml b/puppet/services/ceilometer-collector.yaml index 3ec18420..918a8839 100644 --- a/puppet/services/ceilometer-collector.yaml +++ b/puppet/services/ceilometer-collector.yaml @@ -5,6 +5,10 @@ description: > This service is deprecated and will be removed in future releases. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -73,6 +77,7 @@ resources: CeilometerServiceBase: type: ./ceilometer-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -82,6 +87,7 @@ resources: MongoDbBase: type: ./database/mongodb-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/ceilometer-expirer.yaml b/puppet/services/ceilometer-expirer.yaml index 775e921a..40c41ba4 100644 --- a/puppet/services/ceilometer-expirer.yaml +++ b/puppet/services/ceilometer-expirer.yaml @@ -6,6 +6,10 @@ description: > future releases. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -36,6 +40,7 @@ resources: CeilometerServiceBase: type: ./ceilometer-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml index e12c55eb..ce9f9b9d 100644 --- a/puppet/services/ceph-base.yaml +++ b/puppet/services/ceph-base.yaml @@ -29,23 +29,16 @@ parameters: GlanceRbdPoolName: default: images type: string - GlanceBackend: - default: swift - description: The short name of the Glance backend to use. Should be one - of swift, rbd, or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] GnocchiRbdPoolName: default: metrics type: string - NovaEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Nova - type: boolean NovaRbdPoolName: default: vms type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -82,16 +75,6 @@ parameter_groups: parameters: - ControllerEnableCephStorage -conditions: - glance_multiple_locations: - and: - - equals: - - get_param: GlanceBackend - - rbd - - equals: - - get_param: NovaEnableRbdBackend - - true - outputs: role_data: description: Role data for the Ceph base service. @@ -153,6 +136,3 @@ outputs: - keys: CEPH_CLIENT_KEY: list_join: ['.', ['client', {get_param: CephClientUserName}]] - service_config_settings: - glance_api: - glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]} diff --git a/puppet/services/ceph-client.yaml b/puppet/services/ceph-client.yaml index ec34fcae..0bee5fcd 100644 --- a/puppet/services/ceph-client.yaml +++ b/puppet/services/ceph-client.yaml @@ -4,6 +4,10 @@ description: > Ceph Client service. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -34,6 +38,7 @@ resources: CephBase: type: ./ceph-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml index 599532c4..97e44159 100644 --- a/puppet/services/ceph-external.yaml +++ b/puppet/services/ceph-external.yaml @@ -27,23 +27,16 @@ parameters: GlanceRbdPoolName: default: images type: string - GlanceBackend: - default: swift - description: The short name of the Glance backend to use. Should be one - of swift, rbd, or file - type: string - constraints: - - allowed_values: ['swift', 'file', 'rbd'] GnocchiRbdPoolName: default: metrics type: string - NovaEnableRbdBackend: - default: false - description: Whether to enable or not the Rbd backend for Nova - type: boolean NovaRbdPoolName: default: vms type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -76,16 +69,6 @@ parameters: clients using older Ceph servers. type: string -conditions: - glance_multiple_locations: - and: - - equals: - - get_param: GlanceBackend - - rbd - - equals: - - get_param: NovaEnableRbdBackend - - true - outputs: role_data: description: Role data for the Ceph External service. @@ -122,8 +105,5 @@ outputs: - ceph-base - ceph-mon - ceph-osd - service_config_settings: - glance_api: - glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]} step_config: | include ::tripleo::profile::base::ceph::client diff --git a/puppet/services/ceph-mds.yaml b/puppet/services/ceph-mds.yaml index 270d3a26..c561ea0e 100644 --- a/puppet/services/ceph-mds.yaml +++ b/puppet/services/ceph-mds.yaml @@ -4,6 +4,10 @@ description: > Ceph MDS service. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -36,6 +40,7 @@ resources: CephBase: type: ./ceph-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/ceph-mon.yaml b/puppet/services/ceph-mon.yaml index 28552301..4fe6e908 100644 --- a/puppet/services/ceph-mon.yaml +++ b/puppet/services/ceph-mon.yaml @@ -4,6 +4,10 @@ description: > Ceph Monitor service. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -69,11 +73,11 @@ parameters: type: json CephValidationRetries: type: number - default: 5 + default: 40 description: Number of retry attempts for Ceph validation CephValidationDelay: type: number - default: 10 + default: 30 description: Interval (in seconds) in between validation checks MonitoringSubscriptionCephMon: default: 'overcloud-ceph-mon' @@ -87,6 +91,7 @@ resources: CephBase: type: ./ceph-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/ceph-osd.yaml b/puppet/services/ceph-osd.yaml index 24b2886a..8f43b08a 100644 --- a/puppet/services/ceph-osd.yaml +++ b/puppet/services/ceph-osd.yaml @@ -4,6 +4,10 @@ description: > Ceph OSD service. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -52,6 +56,7 @@ resources: CephBase: type: ./ceph-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index ad91b4ec..29629461 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -4,6 +4,10 @@ description: > Ceph RadosGW service. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -36,7 +40,7 @@ parameters: type: string hidden: true SwiftPassword: - description: The password for the swift service account, used by the Ceph RGW services. + description: The password for the swift service account type: string hidden: true KeystoneRegion: @@ -48,6 +52,7 @@ resources: CephBase: type: ./ceph-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/certmonger-user.yaml b/puppet/services/certmonger-user.yaml index 0508c557..216c7ad3 100644 --- a/puppet/services/certmonger-user.yaml +++ b/puppet/services/certmonger-user.yaml @@ -4,6 +4,10 @@ description: > Requests certificates using certmonger through Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 036209f3..fbfe532a 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -13,6 +13,10 @@ parameters: description: The password for the cinder service account, used by cinder-api. type: string hidden: true + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -60,6 +64,12 @@ parameters: e.g. { cinder-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + constraints: + - allowed_values: [ 'messagingv2', 'noop' ] conditions: cinder_workers_zero: {equals : [{get_param: CinderWorkers}, 0]} @@ -69,6 +79,7 @@ resources: ApacheServiceBase: type: ./apache.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -79,6 +90,7 @@ resources: CinderBase: type: ./cinder-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -105,6 +117,7 @@ outputs: cinder::keystone::authtoken::user_domain_name: 'Default' cinder::keystone::authtoken::project_domain_name: 'Default' cinder::policy::policies: {get_param: CinderApiPolicies} + cinder::ceilometer::notification_driver: {get_param: NotificationDriver} cinder::api::enable_proxy_headers_parsing: true cinder::api::nova_catalog_info: 'compute:nova:internalURL' diff --git a/puppet/services/cinder-backend-dellps.yaml b/puppet/services/cinder-backend-dellps.yaml index d7806f3e..388e49b7 100644 --- a/puppet/services/cinder-backend-dellps.yaml +++ b/puppet/services/cinder-backend-dellps.yaml @@ -52,6 +52,10 @@ parameters: CinderDellPsUseChap: type: boolean default: false + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/cinder-backend-dellsc.yaml b/puppet/services/cinder-backend-dellsc.yaml index c0bffb18..136852a6 100644 --- a/puppet/services/cinder-backend-dellsc.yaml +++ b/puppet/services/cinder-backend-dellsc.yaml @@ -64,6 +64,10 @@ parameters: CinderDellScExcludedDomainIp: type: string default: '' + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/cinder-backend-netapp.yaml b/puppet/services/cinder-backend-netapp.yaml index fbde4c0a..9cbac246 100644 --- a/puppet/services/cinder-backend-netapp.yaml +++ b/puppet/services/cinder-backend-netapp.yaml @@ -3,6 +3,10 @@ heat_template_version: pike description: Openstack Cinder Netapp backend parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/cinder-backend-pure.yaml b/puppet/services/cinder-backend-pure.yaml index 576896a4..6f4de25b 100644 --- a/puppet/services/cinder-backend-pure.yaml +++ b/puppet/services/cinder-backend-pure.yaml @@ -17,6 +17,10 @@ description: > Openstack Cinder Pure Storage FlashArray backend parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/cinder-backend-scaleio.yaml b/puppet/services/cinder-backend-scaleio.yaml index 832cc099..97bac05d 100644 --- a/puppet/services/cinder-backend-scaleio.yaml +++ b/puppet/services/cinder-backend-scaleio.yaml @@ -69,6 +69,10 @@ parameters: CinderScaleIOSanThinProvision: type: boolean default: true + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/cinder-backend-veritas-hyperscale.yaml b/puppet/services/cinder-backend-veritas-hyperscale.yaml new file mode 100644 index 00000000..11ceb2fd --- /dev/null +++ b/puppet/services/cinder-backend-veritas-hyperscale.yaml @@ -0,0 +1,56 @@ +# Copyright (c) 2017 Veritas Technologies LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: ocata + +description: > + Openstack Veritas HyperScale backend + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Veritas HyperScale backend. + value: + service_name: cinder_backend_veritas_hyperscale + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_vrts_hs_backend: true + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/cinder-backup.yaml b/puppet/services/cinder-backup.yaml index 629a0f5b..7ac4321b 100644 --- a/puppet/services/cinder-backup.yaml +++ b/puppet/services/cinder-backup.yaml @@ -16,6 +16,10 @@ parameters: CephClientUserName: default: openstack type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -47,6 +51,7 @@ resources: CinderBase: type: ./cinder-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index f7dfe5e1..5b2a2582 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -16,6 +16,10 @@ parameters: default: '' description: Set to True to enable debugging on Cinder services. type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/cinder-hpelefthand-iscsi.yaml b/puppet/services/cinder-hpelefthand-iscsi.yaml index 3ea0fd87..8f443cc8 100644 --- a/puppet/services/cinder-hpelefthand-iscsi.yaml +++ b/puppet/services/cinder-hpelefthand-iscsi.yaml @@ -23,6 +23,10 @@ parameters: CinderHPELeftHandDebug: type: boolean default: false + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml index 806f9bb4..540a3523 100644 --- a/puppet/services/cinder-scheduler.yaml +++ b/puppet/services/cinder-scheduler.yaml @@ -4,6 +4,10 @@ description: > OpenStack Cinder Scheduler service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -40,6 +44,7 @@ resources: CinderBase: type: ./cinder-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index 1f8c345d..d95370d7 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -60,6 +60,10 @@ parameters: CephClientUserName: default: openstack type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -96,6 +100,7 @@ resources: CinderBase: type: ./cinder-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/congress.yaml b/puppet/services/congress.yaml index 5bca94d7..f5d38b60 100644 --- a/puppet/services/congress.yaml +++ b/puppet/services/congress.yaml @@ -4,6 +4,10 @@ description: > OpenStack Congress service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -33,6 +37,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. CongressDebug: default: '' description: Set to True to enable debugging Glance service. @@ -65,6 +70,12 @@ parameters: e.g. { congress-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + constraints: + - allowed_values: [ 'messagingv2', 'noop' ] conditions: service_debug_unset: {equals : [{get_param: CongressDebug}, '']} @@ -92,6 +103,7 @@ outputs: - {get_param: Debug } - {get_param: CongressDebug } congress::rpc_backend: rabbit + congress::notification_driver: {get_param: NotificationDriver} congress::rabbit_userid: {get_param: RabbitUserName} congress::rabbit_password: {get_param: RabbitPassword} congress::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/database/mongodb-base.yaml b/puppet/services/database/mongodb-base.yaml index b5fced4c..c218e8b5 100644 --- a/puppet/services/database/mongodb-base.yaml +++ b/puppet/services/database/mongodb-base.yaml @@ -15,6 +15,10 @@ parameters: MongoDbReplset: type: string default: "tripleo" + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml index 968d4355..04f34e24 100644 --- a/puppet/services/database/mongodb.yaml +++ b/puppet/services/database/mongodb.yaml @@ -5,6 +5,10 @@ description: > parameters: #Parameters not used EndpointMap + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -52,6 +56,7 @@ resources: MongoDbBase: type: ./mongodb-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/database/mysql-client.yaml b/puppet/services/database/mysql-client.yaml index 19d732dd..2eb20789 100644 --- a/puppet/services/database/mysql-client.yaml +++ b/puppet/services/database/mysql-client.yaml @@ -4,6 +4,10 @@ description: > Mysql client settings parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/database/mysql.yaml b/puppet/services/database/mysql.yaml index 882ba299..abbe7a22 100644 --- a/puppet/services/database/mysql.yaml +++ b/puppet/services/database/mysql.yaml @@ -5,6 +5,10 @@ description: > parameters: #Parameters not used EndpointMap + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -47,7 +51,7 @@ parameters: description: Whether to use Galera instead of regular MariaDB. type: boolean NovaPassword: - description: The password for the nova db account + description: The password for the nova service and db account type: string hidden: true EnableInternalTLS: diff --git a/puppet/services/database/redis-base.yaml b/puppet/services/database/redis-base.yaml index 89fa8065..2a6a89e9 100644 --- a/puppet/services/database/redis-base.yaml +++ b/puppet/services/database/redis-base.yaml @@ -5,13 +5,17 @@ description: > parameters: RedisPassword: - description: The password for Redis + description: The password for the redis service account. type: string hidden: true RedisFDLimit: description: Configure Redis FD limit type: string default: 10240 + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/database/redis.yaml b/puppet/services/database/redis.yaml index 9567a73f..bd96823b 100644 --- a/puppet/services/database/redis.yaml +++ b/puppet/services/database/redis.yaml @@ -4,6 +4,10 @@ description: > OpenStack Redis service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -31,6 +35,7 @@ resources: RedisBase: type: ./redis-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/disabled/ceilometer-api-disabled.yaml b/puppet/services/disabled/ceilometer-api-disabled.yaml new file mode 100644 index 00000000..a4fb91db --- /dev/null +++ b/puppet/services/disabled/ceilometer-api-disabled.yaml @@ -0,0 +1,45 @@ +heat_template_version: pike + +description: > + OpenStack Ceilometer API service, disabled since pike + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the disabled Ceilometer API role. + value: + service_name: ceilometer_api_disabled + upgrade_tasks: + - name: Purge Ceilometer apache config files + tags: step1 + file: path=/etc/httpd/conf.d/10-ceilometer_wsgi.conf state=absent + - name: Clean up ceilometer port from ports.conf + tags: step1 + lineinfile: dest=/etc/httpd/conf/ports.conf state=absent regexp="8777$" diff --git a/puppet/services/disabled/ceilometer-collector-disabled.yaml b/puppet/services/disabled/ceilometer-collector-disabled.yaml index 18092a8f..f6170c8f 100644 --- a/puppet/services/disabled/ceilometer-collector-disabled.yaml +++ b/puppet/services/disabled/ceilometer-collector-disabled.yaml @@ -4,6 +4,10 @@ description: > OpenStack Ceilometer Collector service, disabled since pike parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/disabled/ceilometer-expirer-disabled.yaml b/puppet/services/disabled/ceilometer-expirer-disabled.yaml index 7be394b6..7c680c61 100644 --- a/puppet/services/disabled/ceilometer-expirer-disabled.yaml +++ b/puppet/services/disabled/ceilometer-expirer-disabled.yaml @@ -4,6 +4,10 @@ description: > OpenStack Ceilometer Expirer service, disabled since pike parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -36,3 +40,6 @@ outputs: - name: Remove ceilometer expirer cron tab on upgrade tags: step1 shell: '/usr/bin/crontab -u ceilometer -r' + register: remove_ceilometer_expirer_crontab + failed_when: remove_ceilometer_expirer_crontab.rc != 0 and remove_ceilometer_expirer_crontab.stderr != "no crontab for ceilometer" + changed_when: remove_ceilometer_expirer_crontab.stderr != "no crontab for ceilometer" diff --git a/puppet/services/disabled/glance-registry-disabled.yaml b/puppet/services/disabled/glance-registry-disabled.yaml index 85a5c5ef..238e7395 100644 --- a/puppet/services/disabled/glance-registry-disabled.yaml +++ b/puppet/services/disabled/glance-registry-disabled.yaml @@ -4,6 +4,10 @@ description: > OpenStack Glance Registry service, disabled since ocata parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/disabled/mongodb-disabled.yaml b/puppet/services/disabled/mongodb-disabled.yaml index fa3fe9a8..9e58103c 100644 --- a/puppet/services/disabled/mongodb-disabled.yaml +++ b/puppet/services/disabled/mongodb-disabled.yaml @@ -4,6 +4,10 @@ description: > Mongodb service, disabled by default since pike parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/docker.yaml b/puppet/services/docker.yaml index 2be21122..d11ef66a 100644 --- a/puppet/services/docker.yaml +++ b/puppet/services/docker.yaml @@ -4,18 +4,20 @@ description: > Configures docker on the host parameters: - DockerNamespace: - description: namespace - default: tripleoupstream + DockerInsecureRegistryAddress: + description: Optional. The IP Address and Port of an insecure docker + namespace that will be configured in /etc/sysconfig/docker. type: string - DockerNamespaceIsRegistry: - type: boolean - default: false + default: '' EndpointMap: default: {} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -34,14 +36,19 @@ parameters: description: Parameters specific to the role type: json +conditions: + insecure_registry_is_empty: {equals : [{get_param: DockerInsecureRegistryAddress}, '']} + outputs: role_data: description: Role data for the docker service value: service_name: docker config_settings: - tripleo::profile::base::docker::docker_namespace: {get_param: DockerNamespace} - tripleo::profile::base::docker::insecure_registry: {get_param: DockerNamespaceIsRegistry} + if: + - insecure_registry_is_empty + - {} + - tripleo::profile::base::docker::insecure_registry_address: {get_param: DockerInsecureRegistryAddress} step_config: | include ::tripleo::profile::base::docker upgrade_tasks: diff --git a/puppet/services/ec2-api.yaml b/puppet/services/ec2-api.yaml index aa878a91..85fdb369 100644 --- a/puppet/services/ec2-api.yaml +++ b/puppet/services/ec2-api.yaml @@ -4,6 +4,10 @@ description: > OpenStack EC2-API service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -57,7 +61,7 @@ parameters: path: /var/log/ec2api/ec2api.log EnablePackageInstall: default: 'false' - description: Set to true to enable package installation via Puppet + description: Set to true to enable package installation at deploy time type: boolean Ec2ApiPolicies: description: | diff --git a/puppet/services/etcd.yaml b/puppet/services/etcd.yaml index 2e87764d..4828fcb9 100644 --- a/puppet/services/etcd.yaml +++ b/puppet/services/etcd.yaml @@ -4,6 +4,10 @@ description: > Etcd service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/external-swift-proxy.yaml b/puppet/services/external-swift-proxy.yaml index 206536d7..ac1f11ac 100644 --- a/puppet/services/external-swift-proxy.yaml +++ b/puppet/services/external-swift-proxy.yaml @@ -4,6 +4,10 @@ description: > External Swift Proxy endpoint configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -40,7 +44,7 @@ parameters: type: string default: 'service' SwiftPassword: - description: The password for the swift service account, used by the swift proxy services. + description: The password for the swift service account type: string hidden: true KeystoneRegion: diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 7812c8e2..8ec3546f 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -4,6 +4,10 @@ description: > OpenStack Glance API service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -96,6 +100,10 @@ parameters: GlanceRbdPoolName: default: images type: string + NovaEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Nova + type: boolean RabbitPassword: description: The password for RabbitMQ type: string @@ -124,17 +132,32 @@ parameters: e.g. { glance-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + constraints: + - allowed_values: [ 'messagingv2', 'noop' ] conditions: use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} glance_workers_unset: {equals : [{get_param: GlanceWorkers}, '']} service_debug_unset: {equals : [{get_param: GlanceDebug}, '']} + glance_multiple_locations: + and: + - equals: + - get_param: GlanceBackend + - rbd + - equals: + - get_param: NovaEnableRbdBackend + - true resources: TLSProxyBase: type: OS::TripleO::Services::TLSProxyBase properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -187,6 +210,8 @@ outputs: glance::keystone::authtoken::project_domain_name: 'Default' glance::api::pipeline: 'keystone' glance::api::show_image_direct_url: true + glance::api::show_multiple_locations: {if: [glance_multiple_locations, true, false]} + glance::api::os_region_name: {get_param: KeystoneRegion} # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples # (eg. for internal_api): @@ -224,7 +249,7 @@ outputs: glance::notify::rabbitmq::rabbit_port: {get_param: RabbitClientPort} glance::notify::rabbitmq::rabbit_password: {get_param: RabbitPassword} glance::notify::rabbitmq::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - glance::notify::rabbitmq::notification_driver: messagingv2 + glance::notify::rabbitmq::notification_driver: {get_param: NotificationDriver} tripleo::profile::base::glance::api::glance_nfs_enabled: {get_param: GlanceNfsEnabled} tripleo::glance::nfs_mount::share: {get_param: GlanceNfsShare} tripleo::glance::nfs_mount::options: {get_param: GlanceNfsOptions} diff --git a/puppet/services/gnocchi-api.yaml b/puppet/services/gnocchi-api.yaml index 2411d42d..cd7ab692 100644 --- a/puppet/services/gnocchi-api.yaml +++ b/puppet/services/gnocchi-api.yaml @@ -4,6 +4,10 @@ description: > Gnocchi service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -64,6 +68,7 @@ resources: GnocchiServiceBase: type: ./gnocchi-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -73,6 +78,7 @@ resources: ApacheServiceBase: type: ./apache.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml index b4af7e85..7f64e97b 100644 --- a/puppet/services/gnocchi-base.yaml +++ b/puppet/services/gnocchi-base.yaml @@ -4,6 +4,10 @@ description: > Gnocchi service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/gnocchi-metricd.yaml b/puppet/services/gnocchi-metricd.yaml index 5ada99fa..d45d140a 100644 --- a/puppet/services/gnocchi-metricd.yaml +++ b/puppet/services/gnocchi-metricd.yaml @@ -4,6 +4,10 @@ description: > Gnocchi service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -38,6 +42,7 @@ resources: GnocchiServiceBase: type: ./gnocchi-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/gnocchi-statsd.yaml b/puppet/services/gnocchi-statsd.yaml index 5ba1dfc7..85eba5d4 100644 --- a/puppet/services/gnocchi-statsd.yaml +++ b/puppet/services/gnocchi-statsd.yaml @@ -4,6 +4,10 @@ description: > Gnocchi service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -34,6 +38,7 @@ resources: GnocchiServiceBase: type: ./gnocchi-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml index 1866bb97..b6b4f270 100644 --- a/puppet/services/haproxy-internal-tls-certmonger.yaml +++ b/puppet/services/haproxy-internal-tls-certmonger.yaml @@ -4,6 +4,10 @@ description: > HAProxy deployment with TLS enabled, powered by certmonger parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml index 7ebacdbc..e79d2aec 100644 --- a/puppet/services/haproxy-public-tls-certmonger.yaml +++ b/puppet/services/haproxy-public-tls-certmonger.yaml @@ -4,6 +4,10 @@ description: > HAProxy deployment with TLS enabled, powered by certmonger parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml index 619cf131..a37135da 100644 --- a/puppet/services/haproxy.yaml +++ b/puppet/services/haproxy.yaml @@ -4,6 +4,10 @@ description: > HAproxy service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -26,6 +30,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + EnableLoadBalancer: + default: true + description: Whether to deploy a LoadBalancer, set to false when an external load balancer is used. + type: boolean HAProxyStatsPassword: description: Password for HAProxy stats endpoint hidden: true @@ -38,8 +46,12 @@ parameters: default: /dev/log description: Syslog address where HAproxy will send its log type: string + HAProxyStatsEnabled: + default: true + description: Whether or not to enable the HAProxy stats interface. + type: boolean RedisPassword: - description: The password for Redis + description: The password for the redis service account. type: string hidden: true MonitoringSubscriptionHaproxy: @@ -61,6 +73,7 @@ resources: HAProxyPublicTLS: type: OS::TripleO::Services::HAProxyPublicTLS properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -70,6 +83,7 @@ resources: HAProxyInternalTLS: type: OS::TripleO::Services::HAProxyInternalTLS properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -95,6 +109,8 @@ outputs: tripleo::haproxy::redis_password: {get_param: RedisPassword} tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile} tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile} + tripleo::haproxy::haproxy_stats: {get_param: HAProxyStatsEnabled} + enable_load_balancer: {get_param: EnableLoadBalancer} tripleo::profile::base::haproxy::certificates_specs: map_merge: - get_attr: [HAProxyPublicTLS, role_data, certificates_specs] diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index 92d73cfb..070bd7c7 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -4,6 +4,10 @@ description: > Openstack Heat CloudFormation API service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -58,6 +62,7 @@ resources: ApacheServiceBase: type: ./apache.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -68,6 +73,7 @@ resources: HeatBase: type: ./heat-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -124,6 +130,8 @@ outputs: heat::keystone::auth_cfn::admin_url: {get_param: [EndpointMap, HeatCfnAdmin, uri]} heat::keystone::auth_cfn::password: {get_param: HeatPassword} heat::keystone::auth_cfn::region: {get_param: KeystoneRegion} + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Check if heat_api_cfn is deployed command: systemctl is-enabled openstack-heat-api-cfn diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index a740d201..689251a3 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -4,6 +4,10 @@ description: > Openstack Heat CloudWatch API service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -50,6 +54,7 @@ resources: ApacheServiceBase: type: ./apache.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -60,6 +65,7 @@ resources: HeatBase: type: ./heat-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -108,6 +114,8 @@ outputs: - heat::wsgi::apache_api_cloudwatch::workers: {get_param: HeatWorkers} step_config: | include ::tripleo::profile::base::heat::api_cloudwatch + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Check if heat_api_cloudwatch is deployed command: systemctl is-enabled openstack-heat-api-cloudwatch diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index ced7f0c4..51f52a71 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -4,6 +4,10 @@ description: > Openstack Heat API service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -64,6 +68,7 @@ resources: ApacheServiceBase: type: ./apache.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -74,6 +79,7 @@ resources: HeatBase: type: ./heat-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -131,6 +137,8 @@ outputs: heat::keystone::auth::admin_url: {get_param: [EndpointMap, HeatAdmin, uri]} heat::keystone::auth::password: {get_param: HeatPassword} heat::keystone::auth::region: {get_param: KeystoneRegion} + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - name: Check is heat_api is deployed command: systemctl is-enabled openstack-heat-api diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index d89fe46a..269fa0c2 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -30,6 +30,10 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -115,6 +119,12 @@ parameters: default: 1048576 description: Maximum raw byte size of the Heat API JSON request body. type: number + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + constraints: + - allowed_values: [ 'messagingv2', 'noop' ] conditions: service_debug_unset: {equals : [{get_param: HeatDebug}, '']} @@ -125,6 +135,7 @@ outputs: value: service_name: heat_base config_settings: + heat::notification_driver: {get_param: NotificationDriver} heat::rabbit_userid: {get_param: RabbitUserName} heat::rabbit_password: {get_param: RabbitPassword} heat::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 1d5f054b..855af6f1 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -4,6 +4,10 @@ description: > Openstack Heat Engine service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -70,6 +74,7 @@ resources: HeatBase: type: ./heat-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index 1f97b8ba..63ab92eb 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -4,6 +4,10 @@ description: > Horizon service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/ironic-api.yaml b/puppet/services/ironic-api.yaml index 0e8eacf1..f003be72 100644 --- a/puppet/services/ironic-api.yaml +++ b/puppet/services/ironic-api.yaml @@ -4,6 +4,10 @@ description: > OpenStack Ironic API configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -51,6 +55,7 @@ resources: ApacheServiceBase: type: ./apache.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -61,6 +66,7 @@ resources: IronicBase: type: ./ironic-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/ironic-base.yaml b/puppet/services/ironic-base.yaml index 41d6cedc..f49141df 100644 --- a/puppet/services/ironic-base.yaml +++ b/puppet/services/ironic-base.yaml @@ -4,6 +4,10 @@ description: > OpenStack Ironic services configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 0e8c8e12..1ed1ee7c 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -4,6 +4,10 @@ description: > OpenStack Ironic conductor configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -103,6 +107,7 @@ resources: IronicBase: type: ./ironic-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/ironic-inspector.yaml b/puppet/services/ironic-inspector.yaml index e8537a29..a7627927 100644 --- a/puppet/services/ironic-inspector.yaml +++ b/puppet/services/ironic-inspector.yaml @@ -4,6 +4,10 @@ description: > OpenStack Ironic Inspector configured with Puppet (EXPERIMENTAL) parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/network/contrail-provision.yaml b/puppet/services/iscsid.yaml index 8918f6da..9510df3b 100644 --- a/puppet/services/network/contrail-provision.yaml +++ b/puppet/services/iscsid.yaml @@ -1,9 +1,13 @@ heat_template_version: pike description: > - Provision Contrail services after deployment + Configure iscsid parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -27,23 +31,11 @@ parameters: via parameter_defaults in the resource registry. type: json -resources: - ContrailBase: - type: ./contrail-base.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - outputs: role_data: - description: Contrail provisioning role + description: Role data for iscsid value: - service_name: contrail_provision - config_settings: - map_merge: - - get_attr: [ContrailBase, role_data, config_settings] + service_name: iscsid + config_setting: {} step_config: | - include ::tripleo::network::contrail::provision + include ::tripleo::profile::base::iscsid diff --git a/puppet/services/keepalived.yaml b/puppet/services/keepalived.yaml index 44e6b248..a258ee41 100644 --- a/puppet/services/keepalived.yaml +++ b/puppet/services/keepalived.yaml @@ -4,6 +4,10 @@ description: > Keepalived service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml index c142b475..011ec037 100644 --- a/puppet/services/kernel.yaml +++ b/puppet/services/kernel.yaml @@ -4,6 +4,10 @@ description: > Load kernel modules with kmod and configure kernel options with sysctl. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 60d194bc..8796209b 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -38,6 +38,10 @@ parameters: default: 'fernet' constraints: - allowed_values: ['uuid', 'fernet'] + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -63,6 +67,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. KeystoneDebug: default: '' description: Set to True to enable debugging Keystone service. @@ -203,6 +208,12 @@ parameters: type: json default: {} hidden: true + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + constraints: + - allowed_values: [ 'messagingv2', 'noop' ] parameter_groups: - label: deprecated @@ -214,12 +225,14 @@ parameter_groups: parameters: - KeystoneFernetKey0 - KeystoneFernetKey1 + - KeystoneNotificationDriver resources: ApacheServiceBase: type: ./apache.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -281,7 +294,7 @@ outputs: keystone::rabbit_password: {get_param: RabbitPassword} keystone::rabbit_use_ssl: {get_param: RabbitClientUseSSL} keystone::rabbit_port: {get_param: RabbitClientPort} - keystone::notification_driver: {get_param: KeystoneNotificationDriver} + keystone::notification_driver: {get_param: NotificationDriver} keystone::notification_format: {get_param: KeystoneNotificationFormat} keystone::roles::admin::email: {get_param: AdminEmail} keystone::roles::admin::password: {get_param: AdminPassword} diff --git a/puppet/services/logging/fluentd-base.yaml b/puppet/services/logging/fluentd-base.yaml index 21049a9e..0ab157c7 100644 --- a/puppet/services/logging/fluentd-base.yaml +++ b/puppet/services/logging/fluentd-base.yaml @@ -3,6 +3,10 @@ heat_template_version: pike description: Fluentd base service parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/logging/fluentd-client.yaml b/puppet/services/logging/fluentd-client.yaml index e34f31fa..958306f8 100644 --- a/puppet/services/logging/fluentd-client.yaml +++ b/puppet/services/logging/fluentd-client.yaml @@ -3,6 +3,10 @@ heat_template_version: pike description: Fluentd client configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -34,6 +38,7 @@ resources: EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} diff --git a/puppet/services/logging/fluentd-config.yaml b/puppet/services/logging/fluentd-config.yaml index 9ade6419..a2390545 100644 --- a/puppet/services/logging/fluentd-config.yaml +++ b/puppet/services/logging/fluentd-config.yaml @@ -3,6 +3,10 @@ heat_template_version: pike description: Fluentd logging configuration parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index 2710d789..9fc76bf6 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -4,6 +4,10 @@ description: > Manila-api service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -42,6 +46,7 @@ resources: ManilaBase: type: ./manila-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml index f4c7a074..9d6b508b 100644 --- a/puppet/services/manila-backend-cephfs.yaml +++ b/puppet/services/manila-backend-cephfs.yaml @@ -4,6 +4,10 @@ description: > Openstack Manila Cephfs backend parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/manila-backend-generic.yaml b/puppet/services/manila-backend-generic.yaml index 7be92399..44f4a642 100644 --- a/puppet/services/manila-backend-generic.yaml +++ b/puppet/services/manila-backend-generic.yaml @@ -49,6 +49,10 @@ parameters: ManilaServiceNetworkCidr: type: string default: '172.16.0.0/16' + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/manila-backend-netapp.yaml b/puppet/services/manila-backend-netapp.yaml index b1068488..d4caedf0 100644 --- a/puppet/services/manila-backend-netapp.yaml +++ b/puppet/services/manila-backend-netapp.yaml @@ -64,6 +64,10 @@ parameters: ManilaNetappSnapmirrorQuiesceTimeout: type: number default: 3600 + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/manila-base.yaml b/puppet/services/manila-base.yaml index d0ee2125..3c825473 100644 --- a/puppet/services/manila-base.yaml +++ b/puppet/services/manila-base.yaml @@ -4,6 +4,10 @@ description: > Openstack Manila base service. Shared by manila-api/scheduler/share services parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -56,6 +60,12 @@ parameters: description: The password for the manila service account. type: string hidden: true + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + constraints: + - allowed_values: [ 'messagingv2', 'noop' ] conditions: service_debug_unset: {equals : [{get_param: ManilaDebug}, '']} @@ -66,6 +76,7 @@ outputs: value: service_name: manila_base config_settings: + manila::notification_driver: {get_param: NotificationDriver} manila::rabbit_userid: {get_param: RabbitUserName} manila::rabbit_password: {get_param: RabbitPassword} manila::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/manila-scheduler.yaml b/puppet/services/manila-scheduler.yaml index b3d1ffa2..7d43f685 100644 --- a/puppet/services/manila-scheduler.yaml +++ b/puppet/services/manila-scheduler.yaml @@ -4,6 +4,10 @@ description: > Manila-scheduler service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -28,7 +32,7 @@ parameters: type: json NovaPassword: type: string - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account hidden: true NeutronPassword: description: The password for the neutron service and db account, used by neutron agents. @@ -46,6 +50,7 @@ resources: ManilaBase: type: ./manila-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/manila-share.yaml b/puppet/services/manila-share.yaml index 50d7f7c6..08c36483 100644 --- a/puppet/services/manila-share.yaml +++ b/puppet/services/manila-share.yaml @@ -4,6 +4,10 @@ description: > Manila-share service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -38,6 +42,7 @@ resources: ManilaBase: type: ./manila-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml index 5b98e02b..2bc08fde 100644 --- a/puppet/services/memcached.yaml +++ b/puppet/services/memcached.yaml @@ -4,6 +4,10 @@ description: > Memcached service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/metrics/collectd.yaml b/puppet/services/metrics/collectd.yaml index da77ef0e..7fd301b2 100644 --- a/puppet/services/metrics/collectd.yaml +++ b/puppet/services/metrics/collectd.yaml @@ -3,6 +3,10 @@ heat_template_version: pike description: Collectd client service parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/mistral-api.yaml b/puppet/services/mistral-api.yaml index b865ec1f..10de99a9 100644 --- a/puppet/services/mistral-api.yaml +++ b/puppet/services/mistral-api.yaml @@ -4,6 +4,10 @@ description: > Openstack Mistral API service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -47,6 +51,7 @@ resources: ApacheServiceBase: type: ./apache.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -54,6 +59,7 @@ resources: MistralBase: type: ./mistral-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/mistral-base.yaml b/puppet/services/mistral-base.yaml index 8b3655dd..dbcc3f79 100644 --- a/puppet/services/mistral-base.yaml +++ b/puppet/services/mistral-base.yaml @@ -4,6 +4,10 @@ description: > Openstack Mistral base service. Shared for all Mistral services. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -61,6 +65,12 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + constraints: + - allowed_values: [ 'messagingv2', 'noop' ] conditions: service_debug_unset: {equals : [{get_param: MistralDebug}, '']} @@ -81,6 +91,7 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo + mistral::notification_driver: {get_param: NotificationDriver} mistral::rabbit_userid: {get_param: RabbitUserName} mistral::rabbit_password: {get_param: RabbitPassword} mistral::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/mistral-engine.yaml b/puppet/services/mistral-engine.yaml index 6a0fed1a..879c74aa 100644 --- a/puppet/services/mistral-engine.yaml +++ b/puppet/services/mistral-engine.yaml @@ -4,6 +4,10 @@ description: > Openstack Mistral Engine service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -31,6 +35,7 @@ resources: MistralBase: type: ./mistral-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/mistral-executor.yaml b/puppet/services/mistral-executor.yaml index 57f29dd4..9e8e6c5d 100644 --- a/puppet/services/mistral-executor.yaml +++ b/puppet/services/mistral-executor.yaml @@ -4,6 +4,10 @@ description: > Openstack Mistral API service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -31,6 +35,7 @@ resources: MistralBase: type: ./mistral-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/monitoring/sensu-base.yaml b/puppet/services/monitoring/sensu-base.yaml index 5e7e9940..0f0fe957 100644 --- a/puppet/services/monitoring/sensu-base.yaml +++ b/puppet/services/monitoring/sensu-base.yaml @@ -3,6 +3,10 @@ heat_template_version: pike description: Sensu base service parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -40,7 +44,7 @@ parameters: to the RabbitMQ host. Set MonitoringRabbitUseSSL to true without specifying a private key or cert chain to use SSL transport, but not cert auth. - type: string + type: boolean MonitoringRabbitSSLPrivateKey: default: '' description: Private key to be used by Sensu to connect to RabbitMQ host. diff --git a/puppet/services/monitoring/sensu-client.yaml b/puppet/services/monitoring/sensu-client.yaml index 25e2b947..a9ffabe5 100644 --- a/puppet/services/monitoring/sensu-client.yaml +++ b/puppet/services/monitoring/sensu-client.yaml @@ -3,6 +3,10 @@ heat_template_version: pike description: Sensu client configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -27,8 +31,9 @@ parameters: via parameter_defaults in the resource registry. type: json AdminPassword: - description: Keystone admin user password + description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string + hidden: true KeystoneRegion: default: 'regionOne' description: Keystone region for endpoint @@ -43,6 +48,7 @@ resources: SensuBase: type: ./sensu-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/network/contrail-analytics-database.yaml b/puppet/services/network/contrail-analytics-database.yaml index 9b78437b..414a69cc 100644 --- a/puppet/services/network/contrail-analytics-database.yaml +++ b/puppet/services/network/contrail-analytics-database.yaml @@ -7,6 +7,10 @@ description: > and configures Contrail Analytics Database. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -34,6 +38,7 @@ resources: ContrailBase: type: ./contrail-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/network/contrail-analytics.yaml b/puppet/services/network/contrail-analytics.yaml index f85ba7cc..c60ffcd0 100644 --- a/puppet/services/network/contrail-analytics.yaml +++ b/puppet/services/network/contrail-analytics.yaml @@ -7,6 +7,10 @@ description: > and configures Contrail Analytics. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -29,14 +33,34 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ContrailAnalyticsCollectorHttp: + default: 8089 + description: Contrail Analytics Collector http port + type: number + ContrailAnalyticsCollectorSandesh: + default: 8086 + description: Contrail Analytics Collector sandesh port + type: number + ContrailAnalyticsHttp: + default: 8090 + description: Contrail Analytics http port + type: number + ContrailAnalyticsRedis: + default: 6379 + description: Contrail Analytics redis port + type: number + ContrailAnalyticsApi: + default: 8081 + description: Contrail Analytics Api port + type: number resources: ContrailBase: type: ./contrail-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} @@ -48,14 +72,14 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::analytics::collector_http_server_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorHttpInternal, port]} - contrail::analytics::collector_sandesh_port: {get_param: [EndpointMap, ContrailAnalyticsCollectorSandeshInternal, port]} + - contrail::analytics::collector_http_server_port: {get_param: ContrailAnalyticsCollectorHttp} + contrail::analytics::collector_sandesh_port: {get_param: ContrailAnalyticsCollectorSandesh} contrail::analytics::host_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} - contrail::analytics::http_server_port: {get_param: [EndpointMap, ContrailAnalyticsHttpInternal, port]} + contrail::analytics::http_server_port: {get_param: ContrailAnalyticsHttp} contrail::analytics::listen_ip_address: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} contrail::analytics::redis_server: '127.0.0.1' - contrail::analytics::redis_server_port: {get_param: [EndpointMap, ContrailAnalyticsRedisInternal, port]} + contrail::analytics::redis_server_port: {get_param: ContrailAnalyticsRedis} contrail::analytics::rest_api_ip: {get_param: [ServiceNetMap, ContrailAnalyticsNetwork]} - contrail::analytics::rest_api_port: {get_param: [EndpointMap, ContrailAnalyticsApiInternal, port]} + contrail::analytics::rest_api_port: {get_param: ContrailAnalyticsApi} step_config: | include ::tripleo::network::contrail::analytics diff --git a/puppet/services/network/contrail-base.yaml b/puppet/services/network/contrail-base.yaml index bdcdbb86..77c30bd9 100644 --- a/puppet/services/network/contrail-base.yaml +++ b/puppet/services/network/contrail-base.yaml @@ -4,6 +4,10 @@ description: > Base parameters for all Contrail Services. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -26,16 +30,16 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - ContrailAAAMode: + AAAMode: description: AAAmode can be no-auth, cloud-admin or rbac type: string default: 'rbac' - ContrailAAAModeAnalytics: + AAAModeAnalytics: description: AAAmode for analytics can be no-auth, cloud-admin or rbac type: string default: 'no-auth' AdminPassword: - description: Keystone admin user password + description: The password for the keystone admin account, used for monitoring, querying neutron etc. type: string hidden: true AdminTenantName: @@ -43,25 +47,33 @@ parameters: type: string default: 'admin' AdminToken: - description: Keystone admin token + description: The keystone auth secret and db password. type: string hidden: true AdminUser: description: Keystone admin user name type: string default: 'admin' - AuthPortSSL: - default: 13357 - description: Keystone SSL port - type: number - AuthPortSSLPublic: - default: 13000 - description: Keystone Public SSL port - type: number ContrailAuth: default: 'keystone' description: Keystone authentication method type: string + ContrailAnalyticsVIP: + default: '' + description: Contrail Analytics Api Virtual IP address + type: string + ContrailConfigPort: + default: 8082 + description: Contrail Config Api port + type: number + ContrailConfigVIP: + default: '' + description: Contrail Config Virtual IP address + type: string + ContrailDiscoveryPort: + default: 5998 + description: Contrail Config Api port + type: number ContrailInsecure: default: false description: Keystone insecure mode @@ -70,6 +82,14 @@ parameters: default: '127.0.0.1:12111' description: Memcached server type: string + ContrailVIP: + default: '' + description: Contrail VIP + type: string + ContrailWebuiVIP: + default: '' + description: Contrail Webui Virtual IP address + type: string RabbitPassword: description: The password for RabbitMQ type: string @@ -83,29 +103,49 @@ parameters: description: Set rabbit subscriber port, change this if using SSL type: number +conditions: + contrail_config_vip_unset: {equals : [{get_param: ContrailConfigVIP}, '']} + contrail_analytics_vip_unset: {equals : [{get_param: ContrailAnalyticsVIP}, '']} + contrail_webui_vip_unset: {equals : [{get_param: ContrailWebuiVIP}, '']} + outputs: role_data: description: Shared role data for the Contrail services. value: service_name: contrail_base config_settings: - contrail::aaa_mode: {get_param: ContrailAAAMode} - contrail::analytics_aaa_mode: {get_param: ContrailAAAModeAnalytics} - contrail::admin_password: {get_param: AdminPassword} - contrail::admin_tenant_name: {get_param: AdminTenantName} - contrail::admin_token: {get_param: AdminToken} - contrail::admin_user: {get_param: AdminUser} - contrail::auth: {get_param: ContrailAuth} - contrail::auth_host: {get_param: [EndpointMap, KeystonePublic, host] } - contrail::auth_port: {get_param: [EndpointMap, KeystoneAdmin, port] } - contrail::auth_port_ssl: {get_param: AuthPortSSL } - contrail::auth_port_public: {get_param: [EndpointMap, KeystonePublic, port] } - contrail::auth_port_ssl_public: {get_param: AuthPortSSLPublic } - contrail::auth_protocol: {get_param: [EndpointMap, KeystoneInternal, protocol] } - contrail::api_port: {get_param: [EndpointMap, ContrailConfigInternal, port] } - contrail::disc_server_port: {get_param: [EndpointMap, ContrailDiscoveryInternal, port] } - contrail::insecure: {get_param: ContrailInsecure} - contrail::memcached_server: {get_param: ContrailMemcachedServer} - contrail::rabbit_password: {get_param: RabbitPassword} - contrail::rabbit_user: {get_param: RabbitUserName} - contrail::rabbit_port: {get_param: RabbitClientPort} + map_merge: + - contrail::aaa_mode: {get_param: AAAMode} + contrail::analytics_aaa_mode: {get_param: AAAModeAnalytics} + contrail::admin_password: {get_param: AdminPassword} + contrail::admin_tenant_name: {get_param: AdminTenantName} + contrail::admin_token: {get_param: AdminToken} + contrail::admin_user: {get_param: AdminUser} + contrail::auth: {get_param: ContrailAuth} + contrail::auth_host: {get_param: [EndpointMap, KeystoneAdmin, host] } + contrail::auth_port: {get_param: [EndpointMap, KeystoneAdmin, port] } + contrail::auth_port_public: {get_param: [EndpointMap, KeystonePublic, port] } + contrail::auth_protocol: {get_param: [EndpointMap, KeystonePublic, protocol] } + contrail::api_port: {get_param: ContrailConfigPort } + contrail::disc_server_port: {get_param: ContrailDiscoveryPort } + contrail::insecure: {get_param: ContrailInsecure} + contrail::memcached_server: {get_param: ContrailMemcachedServer} + contrail::rabbit_password: {get_param: RabbitPassword} + contrail::rabbit_user: {get_param: RabbitUserName} + contrail::rabbit_port: {get_param: RabbitClientPort} + contrail::vip: {get_param: ContrailVIP} + - + if: + - contrail_config_vip_unset + - {} + - contrail_config_vip: {get_param: ContrailConfigVIP} + - + if: + - contrail_webui_vip_unset + - {} + - contrail_webui_vip: {get_param: ContrailWebuiVIP} + - + if: + - contrail_analytics_vip_unset + - {} + - contrail_analytics_vip: {get_param: ContrailAnalyticsVIP} diff --git a/puppet/services/network/contrail-config.yaml b/puppet/services/network/contrail-config.yaml index feda5854..210c81d7 100644 --- a/puppet/services/network/contrail-config.yaml +++ b/puppet/services/network/contrail-config.yaml @@ -7,6 +7,10 @@ description: > and configures Contrail Config. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -37,11 +41,16 @@ parameters: description: Ifmap user password type: string default: 'api-server' + ContrailConfigPort: + default: 8082 + description: Contrail Config Api port + type: number resources: ContrailBase: type: ./contrail-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -59,8 +68,8 @@ outputs: - contrail::config::ifmap_password: {get_param: ContrailConfigIfmapUserPassword} contrail::config::ifmap_username: {get_param: ContrailConfigIfmapUserName} contrail::config::listen_ip_address: {get_param: [ServiceNetMap, ContrailConfigNetwork]} - contrail::config::listen_port: {get_param: [EndpointMap, ContrailConfigInternal, port] } + contrail::config::listen_port: {get_param: ContrailConfigPort} contrail::config::redis_server: '127.0.0.1' - contrail::config::host_ip: {get_param: [ServiceNetMap, ContrailConfigNetwork] } + contrail::config::host_ip: {get_param: [ServiceNetMap, ContrailConfigNetwork]} step_config: | include ::tripleo::network::contrail::config diff --git a/puppet/services/network/contrail-control.yaml b/puppet/services/network/contrail-control.yaml index f1108547..20951b0b 100644 --- a/puppet/services/network/contrail-control.yaml +++ b/puppet/services/network/contrail-control.yaml @@ -7,6 +7,10 @@ description: > and configures Contrail Control. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -37,11 +41,16 @@ parameters: description: sda1/256 hmac key, e.g. echo -n "values" | openssl dgst -sha256 -hmac key -binary | base64 type: string hidden: true + ContrailControlManageNamed: + description: named config file mgmt + type: string + default: true resources: ContrailBase: type: ./contrail-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -59,5 +68,6 @@ outputs: - contrail::control::asn: {get_param: ContrailControlASN } contrail::control::host_ip: {get_param: [ServiceNetMap, ContrailControlNetwork]} contrail::control::rndc_secret: {get_param: ContrailControlRNDCSecret} + contrail::control::manage_named: {get_param: ContrailControlManageNamed} step_config: | include ::tripleo::network::contrail::control diff --git a/puppet/services/network/contrail-database.yaml b/puppet/services/network/contrail-database.yaml index 5ce25a2e..d6c1192d 100644 --- a/puppet/services/network/contrail-database.yaml +++ b/puppet/services/network/contrail-database.yaml @@ -7,6 +7,10 @@ description: > and configures Contrail Database. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -34,6 +38,7 @@ resources: ContrailBase: type: ./contrail-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/network/contrail-dpdk.yaml b/puppet/services/network/contrail-dpdk.yaml new file mode 100644 index 00000000..1f331894 --- /dev/null +++ b/puppet/services/network/contrail-dpdk.yaml @@ -0,0 +1,82 @@ +heat_template_version: pike + +description: > + OpenStack Neutron Compute OpenContrail plugin + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronMetadataProxySharedSecret: + description: Metadata Secret + type: string + hidden: true + ContrailVrouterPhysicalInterface: + default: 'eth0' + description: vRouter physical interface + type: string + ContrailVrouterGateway: + default: '192.168.24.1' + description: vRouter default gateway + type: string + ContrailVrouterNetmask: + default: '255.255.255.0' + description: vRouter netmask + type: string + +resources: + ContrailBase: + type: ./contrail-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Neutron Compute OpenContrail plugin + value: + service_name: contrail_dpdk + config_settings: + map_merge: + - get_attr: [ContrailBase, role_data, config_settings] + - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]} + contrail::vrouter::is_dpdk: 'true' + contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface} + contrail::vrouter::gateway: {get_param: ContrailVrouterGateway} + contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask} + contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} + tripleo.neutron_compute_plugin_opencontrail.firewall_rules: + '111 neutron_compute_plugin_opencontrail proxy': + dport: + - 8097 + - 8085 + proto: tcp + step_config: | + include ::tripleo::network::contrail::vrouter diff --git a/puppet/services/network/contrail-heat.yaml b/puppet/services/network/contrail-heat.yaml index da86714e..81a8d86b 100644 --- a/puppet/services/network/contrail-heat.yaml +++ b/puppet/services/network/contrail-heat.yaml @@ -5,6 +5,10 @@ description: > to orchestrate Contrail parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -32,6 +36,7 @@ resources: ContrailBase: type: ./contrail-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/network/contrail-neutron-plugin.yaml b/puppet/services/network/contrail-neutron-plugin.yaml index 0c5e2a86..50a6be48 100644 --- a/puppet/services/network/contrail-neutron-plugin.yaml +++ b/puppet/services/network/contrail-neutron-plugin.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron Opencontrail plugin parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -29,12 +33,13 @@ parameters: ContrailExtensions: description: List of OpenContrail extensions to be enabled type: comma_delimited_list - default: '' + default: 'ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam,policy:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_policy.NeutronPluginContrailPolicy,route-table:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_vpc.NeutronPluginContrailVpc,contrail:None' resources: ContrailBase: type: ./contrail-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -49,7 +54,7 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - neutron::api_extensions_path: /usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions + - neutron::api_extensions_path: '/usr/lib/python2.7/site-packages/neutron_plugin_contrail/extensions:/usr/lib/python2.7/site-packages/neutron_lbaas/extensions' contrail::vrouter::contrail_extensions: {get_param: ContrailExtensions} step_config: | include tripleo::network::contrail::neutron_plugin diff --git a/puppet/services/network/contrail-tsn.yaml b/puppet/services/network/contrail-tsn.yaml index 9d48e0e6..058b9dc9 100644 --- a/puppet/services/network/contrail-tsn.yaml +++ b/puppet/services/network/contrail-tsn.yaml @@ -4,6 +4,10 @@ description: > Contrail TSN Service parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -29,15 +33,15 @@ parameters: NeutronMetadataProxySharedSecret: description: Metadata Secret type: string - VrouterPhysicalInterface: + ContrailVrouterPhysicalInterface: default: 'eth0' description: vRouter physical interface type: string - VrouterGateway: + ContrailVrouterGateway: default: '192.168.24.1' description: vRouter default gateway type: string - VrouterNetmask: + ContrailVrouterNetmask: default: '255.255.255.0' description: vRouter netmask type: string @@ -46,6 +50,7 @@ resources: ContrailBase: type: ./contrail-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -60,10 +65,10 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]} - contrail::vrouter::physical_interface: {get_param: VrouterPhysicalInterface} - contrail::vrouter::gateway: {get_param: VrouterGateway} - contrail::vrouter::netmask: {get_param: VrouterNetmask} + - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]} + contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface} + contrail::vrouter::gateway: {get_param: ContrailVrouterGateway} + contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask} contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} contrail::vrouter::is_tsn: 'true' tripleo.neutron_compute_plugin_opencontrail.firewall_rules: diff --git a/puppet/services/network/contrail-vrouter.yaml b/puppet/services/network/contrail-vrouter.yaml index f03ed9c6..981fe2fb 100644 --- a/puppet/services/network/contrail-vrouter.yaml +++ b/puppet/services/network/contrail-vrouter.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron Compute OpenContrail plugin parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -42,11 +46,16 @@ parameters: default: '255.255.255.0' description: vRouter netmask type: string + ContrailVrouterControlNodeIps: + description: List of Contrail Node IPs + type: comma_delimited_list + default: '' resources: ContrailBase: type: ./contrail-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -61,14 +70,16 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, NeutronCorePluginOpencontrailNetwork]} + - contrail::vrouter::host_ip: {get_param: [ServiceNetMap, ContrailVrouterNetwork]} contrail::vrouter::physical_interface: {get_param: ContrailVrouterPhysicalInterface} contrail::vrouter::gateway: {get_param: ContrailVrouterGateway} contrail::vrouter::netmask: {get_param: ContrailVrouterNetmask} contrail::vrouter::metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} - tripleo.neutron_compute_plugin_opencontrail.firewall_rules: - '111 neutron_compute_plugin_opencontrail proxy': + contrail::vrouter::control_node_ips: {get_param: ContrailVrouterControlNodeIps} + tripleo.contrail_vrouter.firewall_rules: + '111 contrail_vrouter_8085': + dport: 8085 + '112 contrail_vrouter_8097': dport: 8097 - proto: tcp step_config: | include ::tripleo::network::contrail::vrouter diff --git a/puppet/services/network/contrail-webui.yaml b/puppet/services/network/contrail-webui.yaml index f723e6a8..8f96643f 100644 --- a/puppet/services/network/contrail-webui.yaml +++ b/puppet/services/network/contrail-webui.yaml @@ -7,6 +7,10 @@ description: > and configures Contrail WebUI. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -29,11 +33,20 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ContrailWebuiHttp: + default: 8080 + description: Contrail Webui http port + type: number + ContrailWebuiHttps: + default: 8143 + description: Contrail Webui https port + type: number resources: ContrailBase: type: ./contrail-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -48,8 +61,8 @@ outputs: config_settings: map_merge: - get_attr: [ContrailBase, role_data, config_settings] - - contrail::webui::http_port: {get_param: [EndpointMap, ContrailWebuiHttpInternal, port] } - contrail::webui::https_port: {get_param: [EndpointMap, ContrailWebuiHttpsInternal, port] } + - contrail::webui::http_port: {get_param: ContrailWebuiHttp } + contrail::webui::https_port: {get_param: ContrailWebuiHttps } contrail::webui::redis_ip: '127.0.0.1' step_config: | include ::tripleo::network::contrail::webui diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 8e1e0b80..459a968a 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron Server configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -46,7 +50,7 @@ parameters: description: Allow automatic l3-agent failover type: string NovaPassword: - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true NeutronEnableDVR: @@ -107,6 +111,7 @@ resources: TLSProxyBase: type: OS::TripleO::Services::TLSProxyBase properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -117,6 +122,7 @@ resources: NeutronBase: type: ./neutron-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 3c7518b3..b9556890 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -69,6 +69,10 @@ parameters: networks, neutron uses this value without modification. For overlay networks such as VXLAN, neutron automatically subtracts the overlay protocol overhead from this value. + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -91,6 +95,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + constraints: + - allowed_values: [ 'messagingv2', 'noop' ] conditions: dhcp_agents_zero: {equals : [{get_param: NeutronDhcpAgentsPerNetwork}, 0]} @@ -107,6 +117,7 @@ outputs: neutron::rabbit_user: {get_param: RabbitUserName} neutron::rabbit_use_ssl: {get_param: RabbitClientUseSSL} neutron::rabbit_port: {get_param: RabbitClientPort} + neutron::notification_driver: {get_param: NotificationDriver} neutron::core_plugin: {get_param: NeutronCorePlugin} neutron::service_plugins: {get_param: NeutronServicePlugins} neutron::debug: diff --git a/puppet/services/neutron-bgpvpn-api.yaml b/puppet/services/neutron-bgpvpn-api.yaml index a70337d1..8279eb26 100644 --- a/puppet/services/neutron-bgpvpn-api.yaml +++ b/puppet/services/neutron-bgpvpn-api.yaml @@ -4,6 +4,10 @@ description: > BGPVPN API service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/neutron-bigswitch-agent.yaml b/puppet/services/neutron-bigswitch-agent.yaml index 3faf7887..029d2e02 100644 --- a/puppet/services/neutron-bigswitch-agent.yaml +++ b/puppet/services/neutron-bigswitch-agent.yaml @@ -4,6 +4,10 @@ description: > Installs bigswitch agent and enables the services parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/neutron-compute-plugin-midonet.yaml b/puppet/services/neutron-compute-plugin-midonet.yaml index 75b03044..3f0b84ee 100644 --- a/puppet/services/neutron-compute-plugin-midonet.yaml +++ b/puppet/services/neutron-compute-plugin-midonet.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron Compute Midonet plugin parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/neutron-compute-plugin-nuage.yaml b/puppet/services/neutron-compute-plugin-nuage.yaml index a1657258..f1a56530 100644 --- a/puppet/services/neutron-compute-plugin-nuage.yaml +++ b/puppet/services/neutron-compute-plugin-nuage.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron Compute Nuage plugin parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -27,7 +31,7 @@ parameters: via parameter_defaults in the resource registry. type: json NovaPassword: - description: The password for the nova service account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true NuageMetadataPort: diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/neutron-compute-plugin-ovn.yaml index b5ce790d..dfd87eda 100644 --- a/puppet/services/neutron-compute-plugin-ovn.yaml +++ b/puppet/services/neutron-compute-plugin-ovn.yaml @@ -20,6 +20,10 @@ parameters: default: {} description: Parameters specific to the role type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/neutron-compute-plugin-plumgrid.yaml b/puppet/services/neutron-compute-plugin-plumgrid.yaml index 08cecf64..c041891b 100644 --- a/puppet/services/neutron-compute-plugin-plumgrid.yaml +++ b/puppet/services/neutron-compute-plugin-plumgrid.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron Compute Plumgrid plugin parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index 91582db8..f6047fac 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron DHCP agent configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -57,6 +61,7 @@ resources: NeutronBase: type: ./neutron-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/neutron-l2gw-agent.yaml b/puppet/services/neutron-l2gw-agent.yaml index 39c443f7..7785f15b 100644 --- a/puppet/services/neutron-l2gw-agent.yaml +++ b/puppet/services/neutron-l2gw-agent.yaml @@ -3,6 +3,10 @@ heat_template_version: pike description: > L2 Gateway agent configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/neutron-l2gw-api.yaml b/puppet/services/neutron-l2gw-api.yaml index 1ad009b4..fdd65266 100644 --- a/puppet/services/neutron-l2gw-api.yaml +++ b/puppet/services/neutron-l2gw-api.yaml @@ -4,6 +4,10 @@ description: > L2 Gateway service plugin configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/neutron-l3-compute-dvr.yaml b/puppet/services/neutron-l3-compute-dvr.yaml index 1a4a4f68..a3baf710 100644 --- a/puppet/services/neutron-l3-compute-dvr.yaml +++ b/puppet/services/neutron-l3-compute-dvr.yaml @@ -5,6 +5,10 @@ description: > configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -30,6 +34,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. MonitoringSubscriptionNeutronL3Dvr: default: 'overcloud-neutron-l3-dvr' type: string @@ -57,6 +62,7 @@ resources: NeutronBase: type: ./neutron-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index 0598639c..7ccf526a 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron L3 agent configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -29,6 +33,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. NeutronL3AgentMode: description: | Agent mode for L3 agent. Must be one of legacy or dvr_snat. @@ -65,6 +70,7 @@ resources: NeutronBase: type: ./neutron-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/neutron-lbaas.yaml b/puppet/services/neutron-lbaas.yaml new file mode 100644 index 00000000..ec477ddc --- /dev/null +++ b/puppet/services/neutron-lbaas.yaml @@ -0,0 +1,75 @@ +heat_template_version: pike + +description: > + Neutron LBaaS service configured with Puppet + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronLbaasInterfaceDriver: + default: 'neutron.agent.linux.interface.OVSInterfaceDriver' + type: string + NeutronLbaasDeviceDriver: + default: 'neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver' + type: string + NeutronServiceProviders: + default: 'LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default' + description: Global list of service providers used by neutron. This + list should be passed in to ensure all service + providers desired by the user are included. The + provided default value only set the provider for the LBaaSv2 + subsystem.This is currently incompatible with enabling + octavia-api as one service or the other will break because the defaults are different. + type: comma_delimited_list + +resources: + + NeutronBase: + type: ./neutron-base.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + +outputs: + role_data: + description: Role data for the Neutron LBaaS role. + value: + service_name: neutron_lbaas + config_settings: + map_merge: + - get_attr: [NeutronBase, role_data, config_settings] + - neutron::agents::lbaas::interface_driver: {get_param: NeutronLbaasInterfaceDriver} + neutron::agents::lbaas::device_driver: {get_param: NeutronLbaasDeviceDriver} + step_config: | + include ::tripleo::profile::base::neutron::lbaas + service_config_settings: + neutron_api: + neutron::server::service_providers: {get_param: NeutronServiceProviders} diff --git a/puppet/services/neutron-linuxbridge-agent.yaml b/puppet/services/neutron-linuxbridge-agent.yaml index f4324054..5d7b99e7 100644 --- a/puppet/services/neutron-linuxbridge-agent.yaml +++ b/puppet/services/neutron-linuxbridge-agent.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron Linuxbridge agent configured with Puppet. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -56,6 +60,7 @@ resources: NeutronBase: type: ./neutron-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 593fae43..81f12f01 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron Metadata agent configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -62,6 +66,7 @@ resources: NeutronBase: type: ./neutron-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/neutron-midonet.yaml b/puppet/services/neutron-midonet.yaml index 8ace3e59..f7873b9e 100644 --- a/puppet/services/neutron-midonet.yaml +++ b/puppet/services/neutron-midonet.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron Midonet plugin and services parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 76d5c269..1d4029cf 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron OVS agent configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -53,8 +57,7 @@ parameters: type: comma_delimited_list NeutronEnableDVR: default: False - description: | - Enable support for distributed routing in the OVS Agent. + description: Enable Neutron DVR. type: boolean NeutronEnableARPResponder: default: false @@ -86,14 +89,19 @@ resources: NeutronBase: type: ./neutron-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - OpenVswitchUpgrade: - type: ./openvswitch-upgrade.yaml + Ovs: + type: ./openvswitch.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} outputs: role_data: @@ -138,7 +146,7 @@ outputs: expression: $.data.ovs_upgrade + $.data.neutron_ovs_upgrade data: ovs_upgrade: - get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks] + get_attr: [Ovs, role_data, upgrade_tasks] neutron_ovs_upgrade: - name: Check if neutron_ovs_agent is deployed command: systemctl is-enabled neutron-openvswitch-agent diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index 29c10469..4f5eecca 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron OVS DPDK configured with Puppet for Compute Role parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -26,32 +30,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - HostCpusList: - default: "0" - description: List of cores to be used for host process - type: string - constraints: - - allowed_pattern: "[0-9,-]+" - NeutronDpdkCoreList: - default: "" - description: List of cores to be used for DPDK Poll Mode Driver - type: string - constraints: - - allowed_pattern: "[0-9,-]*" - NeutronDpdkMemoryChannels: - default: "" - description: Number of memory channels to be used for DPDK - type: string - constraints: - - allowed_pattern: "[0-9]*" - NeutronDpdkSocketMemory: - default: "" - description: Memory allocated for each socket - type: string - NeutronDpdkDriverType: - default: "vfio-pci" - description: DPDK Driver type - type: string # below parameters has to be set in neutron agent only for compute nodes. # as of now there is no other usecase for these parameters except dpdk. # should be moved to compute only ovs agent in case of any other usecases. @@ -69,15 +47,13 @@ resources: NeutronOvsAgent: type: ./neutron-ovs-agent.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - OpenVswitchUpgrade: - type: ./openvswitch-upgrade.yaml - # Merging role-specific parameters (RoleParameters) with the default parameters. # RoleParameters will have the precedence over the default parameters. RoleParametersValue: @@ -89,20 +65,19 @@ resources: - map_replace: - neutron::agents::ml2::ovs::datapath_type: NeutronDatapathType neutron::agents::ml2::ovs::vhostuser_socket_dir: NeutronVhostuserSocketDir - vswitch::dpdk::driver_type: NeutronDpdkDriverType - vswitch::dpdk::host_core_list: HostCpusList - vswitch::dpdk::pmd_core_list: NeutronDpdkCoreList - vswitch::dpdk::memory_channels: NeutronDpdkMemoryChannels - vswitch::dpdk::socket_mem: NeutronDpdkSocketMemory - values: {get_param: [RoleParameters]} - values: NeutronDatapathType: {get_param: NeutronDatapathType} NeutronVhostuserSocketDir: {get_param: NeutronVhostuserSocketDir} - NeutronDpdkDriverType: {get_param: NeutronDpdkDriverType} - HostCpusList: {get_param: HostCpusList} - NeutronDpdkCoreList: {get_param: NeutronDpdkCoreList} - NeutronDpdkMemoryChannels: {get_param: NeutronDpdkMemoryChannels} - NeutronDpdkSocketMemory: {get_param: NeutronDpdkSocketMemory} + + Ovs: + type: ./openvswitch.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} outputs: role_data: @@ -116,7 +91,8 @@ outputs: - keys: tripleo.neutron_ovs_agent.firewall_rules: tripleo.neutron_ovs_dpdk_agent.firewall_rules - neutron::agents::ml2::ovs::enable_dpdk: true + - get_attr: [Ovs, role_data, config_settings] - get_attr: [RoleParametersValue, value] step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]} upgrade_tasks: - get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks] + get_attr: [Ovs, role_data, upgrade_tasks] diff --git a/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml b/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml index a1516955..3e7250d1 100644 --- a/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml +++ b/puppet/services/neutron-plugin-ml2-fujitsu-cfab.yaml @@ -4,6 +4,10 @@ description: > Configure hieradata for Fujitsu C-Fabric plugin configuration parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -58,6 +62,7 @@ resources: NeutronMl2Base: type: ./neutron-plugin-ml2.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml b/puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml index c4bf0758..cb7842e2 100644 --- a/puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml +++ b/puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml @@ -3,6 +3,10 @@ heat_template_version: pike description: Configure hieradata for Fujitsu fossw plugin configuration parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -61,6 +65,7 @@ resources: NeutronMl2Base: type: ./neutron-plugin-ml2.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/neutron-plugin-ml2-odl.yaml b/puppet/services/neutron-plugin-ml2-odl.yaml index 6424b76a..cc4cd8f4 100644 --- a/puppet/services/neutron-plugin-ml2-odl.yaml +++ b/puppet/services/neutron-plugin-ml2-odl.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron ML2/OpenDaylight plugin configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -36,6 +40,7 @@ resources: NeutronMl2Base: type: ./neutron-plugin-ml2.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/neutron-plugin-ml2-ovn.yaml b/puppet/services/neutron-plugin-ml2-ovn.yaml index 4cda87b6..fb6900ee 100644 --- a/puppet/services/neutron-plugin-ml2-ovn.yaml +++ b/puppet/services/neutron-plugin-ml2-ovn.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron ML2/OVN plugin configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -65,6 +69,7 @@ resources: NeutronMl2Base: type: ./neutron-plugin-ml2.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml index 130f889b..dd757b5d 100644 --- a/puppet/services/neutron-plugin-ml2.yaml +++ b/puppet/services/neutron-plugin-ml2.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron ML2 Plugin configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -49,8 +53,8 @@ parameters: default: 'datacentre:1:1000' description: > The Neutron ML2 and OpenVSwitch vlan mapping range to support. See the - Neutron documentation for permitted values. Defaults to permitting any - VLAN on the 'datacentre' physical network (See NeutronBridgeMappings). + Neutron documentation for permitted values. Defaults to permitting VLANs + 1 to 1000 on the 'datacentre' physical network (See NeutronBridgeMappings). type: comma_delimited_list NeutronTunnelIdRanges: description: | @@ -73,6 +77,7 @@ resources: NeutronBase: type: ./neutron-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/neutron-plugin-nsx.yaml b/puppet/services/neutron-plugin-nsx.yaml index c4088e6c..2774b03e 100644 --- a/puppet/services/neutron-plugin-nsx.yaml +++ b/puppet/services/neutron-plugin-nsx.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron NSX parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/neutron-plugin-nuage.yaml b/puppet/services/neutron-plugin-nuage.yaml index 953ffeb6..135b1806 100644 --- a/puppet/services/neutron-plugin-nuage.yaml +++ b/puppet/services/neutron-plugin-nuage.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron Nuage plugin parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -68,6 +72,7 @@ resources: NeutronBase: type: ./neutron-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/neutron-plugin-plumgrid.yaml b/puppet/services/neutron-plugin-plumgrid.yaml index a158010c..71928473 100644 --- a/puppet/services/neutron-plugin-plumgrid.yaml +++ b/puppet/services/neutron-plugin-plumgrid.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron Plumgrid plugin parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml index 090640ed..3c18209c 100644 --- a/puppet/services/neutron-sriov-agent.yaml +++ b/puppet/services/neutron-sriov-agent.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron SR-IOV nic agent configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: > @@ -59,6 +63,7 @@ resources: NeutronBase: type: ./neutron-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/neutron-vpp-agent.yaml b/puppet/services/neutron-vpp-agent.yaml index cb72f67b..803c041b 100644 --- a/puppet/services/neutron-vpp-agent.yaml +++ b/puppet/services/neutron-vpp-agent.yaml @@ -4,6 +4,10 @@ description: > OpenStack Neutron ML2/VPP agent configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: > @@ -39,6 +43,7 @@ resources: NeutronBase: type: ./neutron-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml index fe2f2946..b413fb12 100644 --- a/puppet/services/nova-api.yaml +++ b/puppet/services/nova-api.yaml @@ -4,6 +4,10 @@ description: > OpenStack Nova API service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -28,10 +32,10 @@ parameters: type: json NovaWorkers: default: 0 - description: Number of workers for Nova API service. + description: Number of workers for Nova services. type: number NovaPassword: - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true KeystoneRegion: @@ -81,21 +85,20 @@ conditions: nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]} resources: - # Temporarily disable Nova API deployed in WSGI - # https://bugs.launchpad.net/nova/+bug/1661360 - # ApacheServiceBase: - # type: ./apache.yaml - # properties: - # ServiceNetMap: {get_param: ServiceNetMap} - # DefaultPasswords: {get_param: DefaultPasswords} - # EndpointMap: {get_param: EndpointMap} - # RoleName: {get_param: RoleName} - # RoleParameters: {get_param: RoleParameters} - # EnableInternalTLS: {get_param: EnableInternalTLS} + ApacheServiceBase: + type: ./apache.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + EnableInternalTLS: {get_param: EnableInternalTLS} NovaBase: type: ./nova-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -114,9 +117,7 @@ outputs: config_settings: map_merge: - get_attr: [NovaBase, role_data, config_settings] - # Temporarily disable Nova API deployed in WSGI - # https://bugs.launchpad.net/nova/+bug/1661360 - # - get_attr: [ApacheServiceBase, role_data, config_settings] + - get_attr: [ApacheServiceBase, role_data, config_settings] - nova::cron::archive_deleted_rows::hour: '*/12' nova::cron::archive_deleted_rows::destination: '/dev/null' tripleo.nova_api.firewall_rules: @@ -143,23 +144,21 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} - # Temporarily disable Nova API deployed in WSGI - # https://bugs.launchpad.net/nova/+bug/1661360 - nova_wsgi_enabled: false - # nova::api::service_name: 'httpd' - # nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} + nova_wsgi_enabled: true + nova::api::service_name: 'httpd' + nova::wsgi::apache_api::ssl: {get_param: EnableInternalTLS} # NOTE: bind IP is found in Heat replacing the network name with the local node IP # for the given network; replacement examples (eg. for internal_api): # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - # nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} - # nova::wsgi::apache_api::servername: - # str_replace: - # template: - # "%{hiera('fqdn_$NETWORK')}" - # params: - # $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::wsgi::apache_api::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::wsgi::apache_api::servername: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} nova::api::neutron_metadata_proxy_shared_secret: {get_param: NeutronMetadataProxySharedSecret} nova::api::instance_name_template: {get_param: InstanceNameTemplate} nova_enable_db_purge: {get_param: NovaEnableDBPurge} @@ -169,9 +168,7 @@ outputs: - nova_workers_zero - {} - nova::api::osapi_compute_workers: {get_param: NovaWorkers} - # Temporarily disable Nova API deployed in WSGI - # https://bugs.launchpad.net/nova/+bug/1661360 - # nova::wsgi::apache_api::workers: {get_param: NovaWorkers} + nova::wsgi::apache_api::workers: {get_param: NovaWorkers} step_config: | include tripleo::profile::base::nova::api service_config_settings: @@ -199,87 +196,91 @@ outputs: nova::keystone::auth::admin_url: {get_param: [EndpointMap, NovaAdmin, uri]} nova::keystone::auth::password: {get_param: NovaPassword} nova::keystone::auth::region: {get_param: KeystoneRegion} - # Temporarily disable Nova API deployed in WSGI - # https://bugs.launchpad.net/nova/+bug/1661360 - # metadata_settings: - # get_attr: [ApacheServiceBase, role_data, metadata_settings] + metadata_settings: + get_attr: [ApacheServiceBase, role_data, metadata_settings] upgrade_tasks: - - name: get bootstrap nodeid - tags: common - command: hiera bootstrap_nodeid - register: bootstrap_node - - name: set is_bootstrap_node fact - tags: common - set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} - - name: Extra migration for nova tripleo/+bug/1656791 - tags: step0,pre-upgrade - when: is_bootstrap_node - command: nova-manage db online_data_migrations - - name: Stop and disable nova_api service (pre-upgrade not under httpd) - tags: step2 - service: name=openstack-nova-api state=stopped enabled=no - - name: Create puppet manifest to set transport_url in nova.conf - tags: step5 - when: is_bootstrap_node - copy: - dest: /root/nova-api_upgrade_manifest.pp - mode: 0600 - content: > - $transport_url = os_transport_url({ - 'transport' => hiera('messaging_service_name', 'rabbit'), - 'hosts' => any2array(hiera('rabbitmq_node_names', undef)), - 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ), - 'username' => hiera('nova::rabbit_userid', 'guest'), - 'password' => hiera('nova::rabbit_password'), - 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0')))) - }) - oslo::messaging::default { 'nova_config': - transport_url => $transport_url - } - - name: Run puppet apply to set tranport_url in nova.conf - tags: step5 - when: is_bootstrap_node - command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp - register: puppet_apply_nova_api_upgrade - failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2] - changed_when: puppet_apply_nova_api_upgrade.rc == 2 - - name: Setup cell_v2 (map cell0) - tags: step5 - when: is_bootstrap_node - shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection) - - name: Setup cell_v2 (create default cell) - tags: step5 - when: is_bootstrap_node - # (owalsh) puppet-nova expects the cell name 'default' - # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344 - shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection) - register: nova_api_create_cell - failed_when: nova_api_create_cell.rc not in [0,2] - changed_when: nova_api_create_cell.rc == 0 - - name: Setup cell_v2 (sync nova/cell DB) - tags: step5 - when: is_bootstrap_node - command: nova-manage db sync - async: {get_param: NovaDbSyncTimeout} - poll: 10 - - name: Setup cell_v2 (get cell uuid) - tags: step5 - when: is_bootstrap_node - shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}' - register: nova_api_cell_uuid - - name: Setup cell_v2 (migrate hosts) - tags: step5 - when: is_bootstrap_node - command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose - - name: Setup cell_v2 (migrate instances) - tags: step5 - when: is_bootstrap_node - command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}} - - name: Sync nova_api DB - tags: step5 - command: nova-manage api_db sync - when: is_bootstrap_node - - name: Online data migration for nova - tags: step5 - when: is_bootstrap_node - command: nova-manage db online_data_migrations + yaql: + expression: $.data.apache_upgrade + $.data.nova_api_upgrade + data: + apache_upgrade: + get_attr: [ApacheServiceBase, role_data, upgrade_tasks] + nova_api_upgrade: + - name: get bootstrap nodeid + tags: common + command: hiera bootstrap_nodeid + register: bootstrap_node + - name: set is_bootstrap_node fact + tags: common + set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}} + - name: Extra migration for nova tripleo/+bug/1656791 + tags: step0,pre-upgrade + when: is_bootstrap_node + command: nova-manage db online_data_migrations + - name: Stop and disable nova_api service (pre-upgrade not under httpd) + tags: step2 + service: name=openstack-nova-api state=stopped enabled=no + - name: Create puppet manifest to set transport_url in nova.conf + tags: step5 + when: is_bootstrap_node + copy: + dest: /root/nova-api_upgrade_manifest.pp + mode: 0600 + content: > + $transport_url = os_transport_url({ + 'transport' => hiera('messaging_service_name', 'rabbit'), + 'hosts' => any2array(hiera('rabbitmq_node_names', undef)), + 'port' => sprintf('%s',hiera('nova::rabbit_port', '5672') ), + 'username' => hiera('nova::rabbit_userid', 'guest'), + 'password' => hiera('nova::rabbit_password'), + 'ssl' => sprintf('%s', bool2num(str2bool(hiera('nova::rabbit_use_ssl', '0')))) + }) + oslo::messaging::default { 'nova_config': + transport_url => $transport_url + } + - name: Run puppet apply to set tranport_url in nova.conf + tags: step5 + when: is_bootstrap_node + command: puppet apply --modulepath /etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --detailed-exitcodes /root/nova-api_upgrade_manifest.pp + register: puppet_apply_nova_api_upgrade + failed_when: puppet_apply_nova_api_upgrade.rc not in [0,2] + changed_when: puppet_apply_nova_api_upgrade.rc == 2 + - name: Setup cell_v2 (map cell0) + tags: step5 + when: is_bootstrap_node + shell: nova-manage cell_v2 map_cell0 --database_connection=$(hiera nova::cell0_database_connection) + - name: Setup cell_v2 (create default cell) + tags: step5 + when: is_bootstrap_node + # (owalsh) puppet-nova expects the cell name 'default' + # (owalsh) pass the db uri explicitly to avoid https://bugs.launchpad.net/tripleo/+bug/1662344 + shell: nova-manage cell_v2 create_cell --name='default' --database_connection=$(hiera nova::database_connection) + register: nova_api_create_cell + failed_when: nova_api_create_cell.rc not in [0,2] + changed_when: nova_api_create_cell.rc == 0 + - name: Setup cell_v2 (sync nova/cell DB) + tags: step5 + when: is_bootstrap_node + command: nova-manage db sync + async: {get_param: NovaDbSyncTimeout} + poll: 10 + - name: Setup cell_v2 (get cell uuid) + tags: step5 + when: is_bootstrap_node + shell: nova-manage cell_v2 list_cells | sed -e '1,3d' -e '$d' | awk -F ' *| *' '$2 == "default" {print $4}' + register: nova_api_cell_uuid + - name: Setup cell_v2 (migrate hosts) + tags: step5 + when: is_bootstrap_node + command: nova-manage cell_v2 discover_hosts --cell_uuid {{nova_api_cell_uuid.stdout}} --verbose + - name: Setup cell_v2 (migrate instances) + tags: step5 + when: is_bootstrap_node + command: nova-manage cell_v2 map_instances --cell_uuid {{nova_api_cell_uuid.stdout}} + - name: Sync nova_api DB + tags: step5 + command: nova-manage api_db sync + when: is_bootstrap_node + - name: Online data migration for nova + tags: step5 + when: is_bootstrap_node + command: nova-manage db online_data_migrations diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index ea584932..08302ee9 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -4,6 +4,10 @@ description: > OpenStack Nova base service. Shared for all Nova services. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -30,8 +34,14 @@ parameters: type: string default: 'regionOne' description: Keystone region for endpoint + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + constraints: + - allowed_values: [ 'messagingv2', 'noop' ] NovaPassword: - description: The password for the nova service and db account, used by nova-api. + description: The password for the nova service and db account type: string hidden: true NeutronPassword: @@ -215,7 +225,7 @@ outputs: nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' nova::host: '%{::fqdn}' nova::notify_on_state_change: 'vm_and_task_state' - nova::notification_driver: messagingv2 + nova::notification_driver: {get_param: NotificationDriver} nova::network::neutron::neutron_auth_type: 'v3password' nova::db::database_db_max_retries: -1 nova::db::database_max_retries: -1 diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 68a71e42..a12bfd0f 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -4,6 +4,10 @@ description: > OpenStack Nova Compute service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -32,6 +36,13 @@ parameters: CephClientUserName: default: openstack type: string + CephClientKey: + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClusterFSID: + type: string + description: The Ceph cluster FSID. Must be a UUID. CinderEnableNfsBackend: default: false description: Whether to enable or not the NFS backend for Cinder @@ -93,12 +104,19 @@ parameters: SSH key for migration. Expects a dictionary with keys 'public_key' and 'private_key'. Values should be identical to SSH public/private key files. - default: {} + default: + public_key: '' + private_key: '' + MigrationSshPort: + default: 22 + description: Target port for migration over ssh + type: number resources: NovaBase: type: ./nova-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -147,24 +165,15 @@ outputs: NovaPCIPassthrough: {get_param: NovaPCIPassthrough} # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false - tripleo::profile::base::nova::manage_migration: true - tripleo::profile::base::nova::migration_ssh_key: {get_param: MigrationSshKey} - tripleo::profile::base::nova::migration_ssh_localaddrs: - - "%{hiera('cold_migration_ssh_inbound_addr')}" - - "%{hiera('live_migration_ssh_inbound_addr')}" - live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} - cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]} - tripleo::profile::base::nova::nova_compute_enabled: true + tripleo::profile::base::nova::migration::client::nova_compute_enabled: true + tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]} + tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort} nova::compute::rbd::libvirt_images_rbd_pool: {get_param: NovaRbdPoolName} nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} tripleo::profile::base::nova::compute::cinder_nfs_backend: {get_param: CinderEnableNfsBackend} rbd_persistent_storage: {get_param: CinderEnableRbdBackend} - nova::compute::rbd::rbd_keyring: - list_join: - - '.' - - - 'client' - - {get_param: CephClientUserName} - nova::compute::rbd::libvirt_rbd_secret_uuid: "%{hiera('ceph::profile::params::fsid')}" + nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey} + nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID} nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' nova::compute::rbd::ephemeral_storage: {get_param: NovaEnableRbdBackend} diff --git a/puppet/services/nova-conductor.yaml b/puppet/services/nova-conductor.yaml index 30eb1277..a6638be0 100644 --- a/puppet/services/nova-conductor.yaml +++ b/puppet/services/nova-conductor.yaml @@ -4,6 +4,10 @@ description: > OpenStack Nova Conductor service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -28,7 +32,7 @@ parameters: type: json NovaWorkers: default: 0 - description: Number of workers for Nova Conductor service. + description: Number of workers for Nova services. type: number MonitoringSubscriptionNovaConductor: default: 'overcloud-nova-conductor' @@ -50,6 +54,7 @@ resources: NovaBase: type: ./nova-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/nova-consoleauth.yaml b/puppet/services/nova-consoleauth.yaml index fa1168aa..317dd41b 100644 --- a/puppet/services/nova-consoleauth.yaml +++ b/puppet/services/nova-consoleauth.yaml @@ -4,6 +4,10 @@ description: > OpenStack Nova Consoleauth service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -39,6 +43,7 @@ resources: NovaBase: type: ./nova-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/nova-ironic.yaml b/puppet/services/nova-ironic.yaml index 4f664329..5a9f16b3 100644 --- a/puppet/services/nova-ironic.yaml +++ b/puppet/services/nova-ironic.yaml @@ -4,6 +4,10 @@ description: > OpenStack Nova Compute service configured with Puppet and using Ironic parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -35,6 +39,7 @@ resources: NovaBase: type: ./nova-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml index 4e762b57..e2ae7260 100644 --- a/puppet/services/nova-libvirt.yaml +++ b/puppet/services/nova-libvirt.yaml @@ -4,6 +4,10 @@ description: > Libvirt service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -26,6 +30,20 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + CephClientUserName: + default: openstack + type: string + CephClientKey: + description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring. + type: string + hidden: true + CephClusterFSID: + type: string + description: The Ceph cluster FSID. Must be a UUID. + CinderEnableRbdBackend: + default: false + description: Whether to enable or not the Rbd backend for Cinder + type: boolean NovaComputeLibvirtType: type: string default: kvm @@ -66,6 +84,19 @@ parameters: the InternalTLSCAFile parameter) is not desired. The current default reflects TripleO's default CA, which is FreeIPA. It will only be used if internal TLS is enabled. + MigrationSshKey: + type: json + description: > + SSH key for migration. + Expects a dictionary with keys 'public_key' and 'private_key'. + Values should be identical to SSH public/private key files. + default: + public_key: '' + private_key: '' + MigrationSshPort: + default: 22 + description: Target port for migration over ssh + type: number conditions: @@ -87,6 +118,7 @@ resources: NovaBase: type: ./nova-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -106,8 +138,12 @@ outputs: - nova::compute::libvirt::manage_libvirt_services: false # we manage migration in nova common puppet profile nova::compute::libvirt::migration_support: false - tripleo::profile::base::nova::manage_migration: true - tripleo::profile::base::nova::libvirt_enabled: true + nova::compute::rbd::libvirt_rbd_user: {get_param: CephClientUserName} + nova::compute::rbd::libvirt_rbd_secret_key: {get_param: CephClientKey} + nova::compute::rbd::libvirt_rbd_secret_uuid: {get_param: CephClusterFSID} + tripleo::profile::base::nova::migration::client::libvirt_enabled: true + tripleo::profile::base::nova::migration::client::ssh_private_key: {get_param: [ MigrationSshKey, private_key ]} + tripleo::profile::base::nova::migration::client::ssh_port: {get_param: MigrationSshPort} nova::compute::libvirt::services::libvirt_virt_type: {get_param: NovaComputeLibvirtType} nova::compute::libvirt::libvirt_virt_type: {get_param: NovaComputeLibvirtType} nova::compute::libvirt::libvirt_enabled_perf_events: {get_param: LibvirtEnabledPerfEvents} @@ -115,6 +151,7 @@ outputs: nova::compute::libvirt::qemu::max_files: 32768 nova::compute::libvirt::qemu::max_processes: 131072 nova::compute::libvirt::vncserver_listen: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + rbd_persistent_storage: {get_param: CinderEnableRbdBackend} tripleo.nova_libvirt.firewall_rules: '200 nova_libvirt': dport: @@ -127,7 +164,7 @@ outputs: - use_tls_for_live_migration - generate_service_certificates: true - tripleo::profile::base::nova::libvirt_tls: true + tripleo::profile::base::nova::migration::client::libvirt_tls: true nova::migration::libvirt::live_migration_inbound_addr: str_replace: template: diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml index 335b2c28..ca9eed09 100644 --- a/puppet/services/nova-metadata.yaml +++ b/puppet/services/nova-metadata.yaml @@ -4,6 +4,10 @@ description: > OpenStack Nova API service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -28,7 +32,7 @@ parameters: type: json NovaWorkers: default: 0 - description: Number of workers for Nova API service. + description: Number of workers for Nova services. type: number conditions: diff --git a/puppet/services/nova-migration-target.yaml b/puppet/services/nova-migration-target.yaml new file mode 100644 index 00000000..128abc2c --- /dev/null +++ b/puppet/services/nova-migration-target.yaml @@ -0,0 +1,57 @@ +heat_template_version: ocata + +description: > + OpenStack Nova migration target configured with Puppet + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + MigrationSshKey: + type: json + description: > + SSH key for migration. + Expects a dictionary with keys 'public_key' and 'private_key'. + Values should be identical to SSH public/private key files. + default: + public_key: '' + private_key: '' + +outputs: + role_data: + description: Role data for the Nova migration target service. + value: + service_name: nova_migration_target + config_settings: + tripleo::profile::base::nova::migration::target::ssh_authorized_keys: + - {get_param: [ MigrationSshKey, public_key ]} + tripleo::profile::base::nova::migration::target::ssh_localaddrs: + - "%{hiera('cold_migration_ssh_inbound_addr')}" + - "%{hiera('live_migration_ssh_inbound_addr')}" + live_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaLibvirtNetwork]} + cold_migration_ssh_inbound_addr: {get_param: [ServiceNetMap, NovaColdMigrationNetwork]} + step_config: | + include tripleo::profile::base::nova::migration::target diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 86aa079e..916cefd9 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -4,6 +4,10 @@ description: > OpenStack Nova Placement API service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -28,10 +32,10 @@ parameters: type: json NovaWorkers: default: 0 - description: Number of workers for Nova Placement API service. + description: Number of workers for Nova services. type: number NovaPassword: - description: The password for the nova service and db account, used by nova-placement. + description: The password for the nova service and db account type: string hidden: true KeystoneRegion: @@ -57,6 +61,7 @@ resources: ApacheServiceBase: type: ./apache.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -67,6 +72,7 @@ resources: NovaBase: type: ./nova-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/nova-scheduler.yaml b/puppet/services/nova-scheduler.yaml index 72a1fce7..e47cb90c 100644 --- a/puppet/services/nova-scheduler.yaml +++ b/puppet/services/nova-scheduler.yaml @@ -4,6 +4,10 @@ description: > OpenStack Nova Scheduler service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -58,6 +62,7 @@ resources: NovaBase: type: ./nova-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/nova-vnc-proxy.yaml b/puppet/services/nova-vnc-proxy.yaml index 2db44d6f..6d599df7 100644 --- a/puppet/services/nova-vnc-proxy.yaml +++ b/puppet/services/nova-vnc-proxy.yaml @@ -4,6 +4,10 @@ description: > OpenStack Nova Vncproxy service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -39,6 +43,7 @@ resources: NovaBase: type: ./nova-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/octavia-api.yaml b/puppet/services/octavia-api.yaml index e64a00f5..464fc2d0 100644 --- a/puppet/services/octavia-api.yaml +++ b/puppet/services/octavia-api.yaml @@ -4,6 +4,10 @@ description: > OpenStack Octavia API service. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -54,6 +58,7 @@ resources: OctaviaBase: type: ./octavia-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/octavia-base.yaml b/puppet/services/octavia-base.yaml index 0809b3e4..8f968d8d 100644 --- a/puppet/services/octavia-base.yaml +++ b/puppet/services/octavia-base.yaml @@ -4,6 +4,10 @@ description: > OpenStack Octavia base service. Shared for all Octavia services parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -58,6 +62,12 @@ parameters: default: 5672 description: Set rabbit subscriber port, change this if using SSL type: number + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + constraints: + - allowed_values: [ 'messagingv2', 'noop' ] conditions: service_debug_unset: {equals : [{get_param: OctaviaDebug}, '']} @@ -74,6 +84,7 @@ outputs: - {get_param: Debug } - {get_param: OctaviaDebug } octavia::purge_config: {get_param: EnableConfigPurge} + octavia::notification_driver: {get_param: NotificationDriver} octavia::rabbit_use_ssl: {get_param: RabbitClientUseSSL} octavia::rabbit_userid: {get_param: RabbitUserName} octavia::rabbit_password: {get_param: RabbitPassword} diff --git a/puppet/services/octavia-health-manager.yaml b/puppet/services/octavia-health-manager.yaml index 853567d3..874e9f59 100644 --- a/puppet/services/octavia-health-manager.yaml +++ b/puppet/services/octavia-health-manager.yaml @@ -4,6 +4,10 @@ description: > OpenStack Octavia Health Manager service. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,6 +48,7 @@ resources: OctaviaBase: type: ./octavia-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/octavia-housekeeping.yaml b/puppet/services/octavia-housekeeping.yaml index 6c556fa7..79e0e664 100644 --- a/puppet/services/octavia-housekeeping.yaml +++ b/puppet/services/octavia-housekeeping.yaml @@ -4,6 +4,10 @@ description: > OpenStack Octavia Housekeeping service. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -51,6 +55,7 @@ resources: OctaviaBase: type: ./octavia-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/octavia-worker.yaml b/puppet/services/octavia-worker.yaml index 4feae415..2cc8a1e8 100644 --- a/puppet/services/octavia-worker.yaml +++ b/puppet/services/octavia-worker.yaml @@ -4,6 +4,10 @@ description: > OpenStack Octavia Worker service. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -74,6 +78,7 @@ resources: OctaviaBase: type: ./octavia-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/opendaylight-api.yaml b/puppet/services/opendaylight-api.yaml index af85f4a3..472dbcce 100644 --- a/puppet/services/opendaylight-api.yaml +++ b/puppet/services/opendaylight-api.yaml @@ -37,6 +37,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -54,6 +58,10 @@ parameters: default: {} description: Parameters specific to the role type: json + OpenDaylightManageRepositories: + description: Whether to manage the OpenDaylight repository + type: boolean + default: false outputs: role_data: @@ -68,6 +76,7 @@ outputs: opendaylight::enable_dhcp: {get_param: OpenDaylightEnableDHCP} opendaylight::odl_bind_ip: {get_param: [ServiceNetMap, OpendaylightApiNetwork]} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} + opendaylight::manage_repositories: {get_param: OpenDaylightManageRepositories} tripleo.opendaylight_api.firewall_rules: '137 opendaylight api': dport: diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 0d859be1..2027292c 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -38,6 +38,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -57,8 +61,15 @@ parameters: type: json resources: - OpenVswitchUpgrade: - type: ./openvswitch-upgrade.yaml + Ovs: + type: ./openvswitch.yaml + properties: + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} outputs: role_data: @@ -66,19 +77,23 @@ outputs: value: service_name: opendaylight_ovs config_settings: - opendaylight::odl_rest_port: {get_param: OpenDaylightPort} - opendaylight::username: {get_param: OpenDaylightUsername} - opendaylight::password: {get_param: OpenDaylightPassword} - opendaylight_check_url: {get_param: OpenDaylightCheckURL} - opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} - neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} - neutron::plugins::ovs::opendaylight::provider_mappings: {get_param: OpenDaylightProviderMappings} - tripleo.opendaylight_ovs.firewall_rules: - '118 neutron vxlan networks': - proto: 'udp' - dport: 4789 - '136 neutron gre networks': - proto: 'gre' + map_merge: + - opendaylight::odl_rest_port: {get_param: OpenDaylightPort} + opendaylight::username: {get_param: OpenDaylightUsername} + opendaylight::password: {get_param: OpenDaylightPassword} + neutron::plugins::ovs::opendaylight::odl_username: {get_param: OpenDaylightUsername} + neutron::plugins::ovs::opendaylight::odl_password: {get_param: OpenDaylightPassword} + opendaylight_check_url: {get_param: OpenDaylightCheckURL} + opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} + neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} + neutron::plugins::ovs::opendaylight::provider_mappings: {get_param: OpenDaylightProviderMappings} + tripleo.opendaylight_ovs.firewall_rules: + '118 neutron vxlan networks': + proto: 'udp' + dport: 4789 + '136 neutron gre networks': + proto: 'gre' + - get_attr: [Ovs, role_data, config_settings] step_config: | include tripleo::profile::base::neutron::plugins::ovs::opendaylight upgrade_tasks: @@ -86,7 +101,7 @@ outputs: expression: $.data.ovs_upgrade + $.data.opendaylight_upgrade data: ovs_upgrade: - get_attr: [OpenVswitchUpgrade, role_data, upgrade_tasks] + get_attr: [Ovs, role_data, upgrade_tasks] opendaylight_upgrade: - name: Check if openvswitch is deployed command: systemctl is-enabled openvswitch diff --git a/puppet/services/openvswitch-upgrade.yaml b/puppet/services/openvswitch-upgrade.yaml deleted file mode 100644 index f6e78462..00000000 --- a/puppet/services/openvswitch-upgrade.yaml +++ /dev/null @@ -1,50 +0,0 @@ -heat_template_version: pike - -description: > - Openvswitch package special handling for upgrade. - -outputs: - role_data: - description: Upgrade task for special handling of Openvswitch (OVS) upgrade. - value: - service_name: openvswitch_upgrade - upgrade_tasks: - - name: Check openvswitch version. - tags: step2 - register: ovs_version - ignore_errors: true - shell: rpm -qa | awk -F- '/^openvswitch-2/{print $2 "-" $3}' - - name: Check openvswitch packaging. - tags: step2 - shell: rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep -q "systemctl.*try-restart" - register: ovs_packaging_issue - ignore_errors: true - - block: - - name: "Ensure empty directory: emptying." - file: - state: absent - path: /root/OVS_UPGRADE - - name: "Ensure empty directory: creating." - file: - state: directory - path: /root/OVS_UPGRADE - owner: root - group: root - mode: 0750 - - name: Download OVS packages. - command: yumdownloader --destdir /root/OVS_UPGRADE --resolve openvswitch - - name: Get rpm list for manual upgrade of OVS. - shell: ls -1 /root/OVS_UPGRADE/*.rpm - register: ovs_list_of_rpms - - name: Manual upgrade of OVS - shell: | - rpm -U --test {{item}} 2>&1 | grep "already installed" || \ - rpm -U --replacepkgs --notriggerun --nopostun {{item}}; - args: - chdir: /root/OVS_UPGRADE - with_items: - - "{{ovs_list_of_rpms.stdout_lines}}" - tags: step2 - when: "'2.5.0-14' in '{{ovs_version.stdout}}' - or - ovs_packaging_issue|succeeded" diff --git a/puppet/services/openvswitch.yaml b/puppet/services/openvswitch.yaml new file mode 100644 index 00000000..d8061d4b --- /dev/null +++ b/puppet/services/openvswitch.yaml @@ -0,0 +1,184 @@ +heat_template_version: pike + +description: > + Open vSwitch Configuration + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + OvsDpdkCoreList: + description: > + List of cores to be used for DPDK lcore threads. Note, these threads + are used by the OVS control path for validator and handling functions. + type: string + constraints: + - allowed_pattern: "[0-9,-]*" + default: "" + OvsDpdkMemoryChannels: + description: Number of memory channels per socket to be used for DPDK + type: string + constraints: + - allowed_pattern: "[0-9]*" + default: "" + OvsDpdkSocketMemory: + default: "" + description: > + Sets the amount of hugepage memory to assign per NUMA node. It is + recommended to use the socket closest to the PCIe slot used for the + desired DPDK NIC. The format should be in "<socket 0 mem>, <socket 1 + mem>, <socket n mem>", where the value is specified in MB. For example: + "1024,0". + type: string + OvsDpdkDriverType: + default: "vfio-pci" + description: > + DPDK Driver type. Ensure the Overcloud NIC to be used for DPDK supports + this UIO/PMD driver. + type: string + OvsPmdCoreList: + description: > + A list or range of CPU cores for PMD threads to be pinned to. Note, NIC + location to cores on socket, number of hyper-threaded logical cores, and + desired number of PMD threads can all play a role in configuring this + setting. These cores should be on the same socket where + OvsDpdkSocketMemory is assigned. If using hyperthreading then specify + both logical cores that would equal the physical core. Also, specifying + more than one core will trigger multiple PMD threads to be spawned which + may improve dataplane performance. + constraints: + - allowed_pattern: "[0-9,-]*" + type: string + default: "" + # DEPRECATED: the following options are deprecated and are currently maintained + # for backwards compatibility. They will be removed in the Queens cycle. + HostCpusList: + description: List of cores to be used for host process + type: string + constraints: + - allowed_pattern: "[0-9,-]*" + default: '' + NeutronDpdkCoreList: + description: List of cores to be used for DPDK Poll Mode Driver + type: string + constraints: + - allowed_pattern: "[0-9,-]*" + default: '' + NeutronDpdkMemoryChannels: + description: Number of memory channels to be used for DPDK + type: string + constraints: + - allowed_pattern: "[0-9]*" + default: '' + NeutronDpdkSocketMemory: + default: '' + description: Memory allocated for each socket + type: string + NeutronDpdkDriverType: + default: "vfio-pci" + description: DPDK Driver type + type: string + +parameter_groups: +- label: deprecated + description: Do not use deprecated params, they will be removed. + parameters: + - HostCpusList + - NeutronDpdkCoreList + - NeutronDpdkMemoryChannels + - NeutronDpdkSocketMemory + - NeutronDpdkDriverType + +conditions: + l_cores_empty: {equals: [{get_param: OvsDpdkCoreList}, '']} + pmd_cores_empty: {equals: [{get_param: OvsPmdCoreList}, '']} + mem_channels_empty: {equals: [{get_param: OvsDpdkMemoryChannels}, '']} + socket_mem_empty: {equals: [{get_param: OvsDpdkSocketMemory}, '']} + driver_not_set: {equals: [{get_param: OvsDpdkDriverType}, 'vfio-pci']} + +outputs: + role_data: + description: Role data for the Open vSwitch service. + value: + service_name: openvswitch + config_settings: + map_replace: + - map_replace: + - vswitch::dpdk::driver_type: OvsDpdkDriverType + vswitch::dpdk::host_core_list: OvsDpdkCoreList + vswitch::dpdk::pmd_core_list: OvsPmdCoreList + vswitch::dpdk::memory_channels: OvsDpdkMemoryChannels + vswitch::dpdk::socket_mem: OvsDpdkSocketMemory + - values: {get_param: [RoleParameters]} + - values: + OvsDpdkCoreList: {if: [l_cores_empty, {get_param: HostCpusList}, {get_param: OvsDpdkCoreList}]} + OvsDpdkMemoryChannels: {if: [mem_channels_empty, {get_param: NeutronDpdkMemoryChannels}, {get_param: OvsDpdkMemoryChannels}]} + OvsDpdkSocketMemory: {if: [socket_mem_empty, {get_param: NeutronDpdkSocketMemory}, {get_param: OvsDpdkSocketMemory}]} + OvsDpdkDriverType: {if: [driver_not_set, {get_param: NeutronDpdkDriverType}, {get_param: OvsDpdkDriverType}]} + OvsPmdCoreList: {if: [pmd_cores_empty, {get_param: NeutronDpdkCoreList}, {get_param: OvsPmdCoreList}]} + + upgrade_tasks: + - name: Check openvswitch version. + tags: step2 + register: ovs_version + ignore_errors: true + shell: rpm -qa | awk -F- '/^openvswitch-2/{print $2 "-" $3}' + - name: Check openvswitch packaging. + tags: step2 + shell: rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep -q "systemctl.*try-restart" + register: ovs_packaging_issue + ignore_errors: true + - block: + - name: "Ensure empty directory: emptying." + file: + state: absent + path: /root/OVS_UPGRADE + - name: "Ensure empty directory: creating." + file: + state: directory + path: /root/OVS_UPGRADE + owner: root + group: root + mode: 0750 + - name: Make yum cache. + command: yum makecache + - name: Download OVS packages. + command: yumdownloader --destdir /root/OVS_UPGRADE --resolve openvswitch + - name: Get rpm list for manual upgrade of OVS. + shell: ls -1 /root/OVS_UPGRADE/*.rpm + register: ovs_list_of_rpms + - name: Manual upgrade of OVS + shell: | + rpm -U --test {{item}} 2>&1 | grep "already installed" || \ + rpm -U --replacepkgs --notriggerun --nopostun {{item}}; + args: + chdir: /root/OVS_UPGRADE + with_items: + - "{{ovs_list_of_rpms.stdout_lines}}" + tags: step2 + when: "'2.5.0-14' in '{{ovs_version.stdout}}' + or + ovs_packaging_issue|succeeded" diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml index df234c77..f6f3e3c8 100644 --- a/puppet/services/ovn-dbs.yaml +++ b/puppet/services/ovn-dbs.yaml @@ -4,6 +4,10 @@ description: > OVN databases configured with puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index 1c89011c..158d04bd 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -4,6 +4,10 @@ description: > Pacemaker service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -101,11 +105,6 @@ parameters: description: Whether to deploy a LoadBalancer on the Controller type: boolean - PacemakerResources: - type: comma_delimited_list - description: List of resources managed by pacemaker - default: ['rabbitmq', 'galera'] - outputs: role_data: description: Role data for the Pacemaker role. @@ -152,20 +151,8 @@ outputs: async: 30 poll: 4 - name: Stop pacemaker cluster - tags: step2 + tags: step3 pacemaker_cluster: state=offline - name: Start pacemaker cluster tags: step4 pacemaker_cluster: state=online - - name: Check pacemaker resource - tags: step4 - pacemaker_is_active: - resource: "{{ item }}" - max_wait: 500 - with_items: {get_param: PacemakerResources} - - name: Check pacemaker haproxy resource - tags: step4 - pacemaker_is_active: - resource: haproxy - max_wait: 500 - when: {get_param: EnableLoadBalancer} diff --git a/puppet/services/pacemaker/ceph-rbdmirror.yaml b/puppet/services/pacemaker/ceph-rbdmirror.yaml index 7ecb64d1..caf112d1 100644 --- a/puppet/services/pacemaker/ceph-rbdmirror.yaml +++ b/puppet/services/pacemaker/ceph-rbdmirror.yaml @@ -4,6 +4,10 @@ description: > Ceph RBD mirror service. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -34,6 +38,7 @@ resources: CephBase: type: ../ceph-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/pacemaker/cinder-backup.yaml b/puppet/services/pacemaker/cinder-backup.yaml index d888d4a4..99c78987 100644 --- a/puppet/services/pacemaker/cinder-backup.yaml +++ b/puppet/services/pacemaker/cinder-backup.yaml @@ -16,6 +16,10 @@ parameters: CephClientUserName: default: openstack type: string + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -44,6 +48,7 @@ resources: CinderBackupBase: type: ../cinder-backup.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml index 39914db5..a1134f3e 100644 --- a/puppet/services/pacemaker/cinder-volume.yaml +++ b/puppet/services/pacemaker/cinder-volume.yaml @@ -4,6 +4,10 @@ description: > OpenStack Cinder Volume service with Pacemaker configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -32,6 +36,7 @@ resources: CinderVolumeBase: type: ../cinder-volume.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/pacemaker/database/mysql.yaml b/puppet/services/pacemaker/database/mysql.yaml index 0a7659e0..27353809 100644 --- a/puppet/services/pacemaker/database/mysql.yaml +++ b/puppet/services/pacemaker/database/mysql.yaml @@ -5,6 +5,10 @@ description: > parameters: #Parameters not used EndpointMap + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -38,6 +42,7 @@ resources: MysqlBase: type: ../../database/mysql.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/pacemaker/database/redis.yaml b/puppet/services/pacemaker/database/redis.yaml index 5bc28ed4..66eb4b2a 100644 --- a/puppet/services/pacemaker/database/redis.yaml +++ b/puppet/services/pacemaker/database/redis.yaml @@ -4,6 +4,10 @@ description: > OpenStack Redis service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -31,6 +35,7 @@ resources: RedisBase: type: ../../database/redis.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/pacemaker/haproxy.yaml b/puppet/services/pacemaker/haproxy.yaml index 0fb83939..45b2a665 100644 --- a/puppet/services/pacemaker/haproxy.yaml +++ b/puppet/services/pacemaker/haproxy.yaml @@ -4,6 +4,10 @@ description: > HAproxy service with Pacemaker configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -31,6 +35,7 @@ resources: LoadbalancerServiceBase: type: ../haproxy.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/pacemaker/manila-share.yaml b/puppet/services/pacemaker/manila-share.yaml index 12f6529c..61bf4580 100644 --- a/puppet/services/pacemaker/manila-share.yaml +++ b/puppet/services/pacemaker/manila-share.yaml @@ -4,6 +4,10 @@ description: > The manila-share service with Pacemaker configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -32,6 +36,7 @@ resources: ManilaShareBase: type: ../manila-share.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/pacemaker/ovn-dbs.yaml b/puppet/services/pacemaker/ovn-dbs.yaml index 1cbb4763..38039aa5 100644 --- a/puppet/services/pacemaker/ovn-dbs.yaml +++ b/puppet/services/pacemaker/ovn-dbs.yaml @@ -4,6 +4,10 @@ description: > OVN databases configured with puppet in HA mode parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -40,6 +44,7 @@ resources: OVNDBsBase: type: ../ovn-dbs.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/pacemaker/rabbitmq.yaml b/puppet/services/pacemaker/rabbitmq.yaml index 79257201..112149c7 100644 --- a/puppet/services/pacemaker/rabbitmq.yaml +++ b/puppet/services/pacemaker/rabbitmq.yaml @@ -4,6 +4,10 @@ description: > RabbitMQ service with Pacemaker configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -31,6 +35,7 @@ resources: RabbitMQServiceBase: type: ../rabbitmq.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/pacemaker_remote.yaml b/puppet/services/pacemaker_remote.yaml index c49b0848..76511784 100644 --- a/puppet/services/pacemaker_remote.yaml +++ b/puppet/services/pacemaker_remote.yaml @@ -4,6 +4,10 @@ description: > Pacemaker remote service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml index 0289b7a7..74d3f27c 100644 --- a/puppet/services/panko-api.yaml +++ b/puppet/services/panko-api.yaml @@ -6,6 +6,10 @@ description: > be disabled in future releases. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -45,6 +49,7 @@ resources: PankoBase: type: ./panko-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -54,6 +59,7 @@ resources: ApacheServiceBase: type: ./apache.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/panko-base.yaml b/puppet/services/panko-base.yaml index a94d4ea5..35428840 100644 --- a/puppet/services/panko-base.yaml +++ b/puppet/services/panko-base.yaml @@ -4,6 +4,10 @@ description: > OpenStack Panko service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/qdr.yaml b/puppet/services/qdr.yaml index 0659a945..4cb2df18 100644 --- a/puppet/services/qdr.yaml +++ b/puppet/services/qdr.yaml @@ -4,6 +4,10 @@ description: > Qpid dispatch router service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -28,14 +32,14 @@ parameters: type: json RabbitUserName: default: guest - description: The username for Qdr + description: The username for RabbitMQ type: string RabbitPassword: - description: The password for Qdr + description: The password for RabbitMQ type: string hidden: true RabbitClientPort: - description: Listening port for Qdr + description: Set rabbit subscriber port, change this if using SSL default: 5672 type: number MonitoringSubscriptionQdr: diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index 1a42fdad..5867721a 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -4,6 +4,10 @@ description: > RabbitMQ service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -93,7 +97,7 @@ outputs: NODE_PORT: '' NODE_IP_ADDRESS: '' RABBITMQ_NODENAME: "rabbit@%{::hostname}" - RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' + RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<15000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<15000:64/native>>}]"' 'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}" rabbitmq_kernel_variables: inet_dist_listen_min: '25672' diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 3df4ce7c..d660fe31 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -4,6 +4,10 @@ description: > OpenStack Sahara API service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -57,6 +61,7 @@ resources: SaharaBase: type: ./sahara-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/sahara-base.yaml b/puppet/services/sahara-base.yaml index c294e744..7c122c60 100644 --- a/puppet/services/sahara-base.yaml +++ b/puppet/services/sahara-base.yaml @@ -4,6 +4,10 @@ description: > OpenStack Sahara base service. Shared for all Sahara services. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -60,6 +64,12 @@ parameters: default: ["ambari","cdh","mapr","vanilla","spark","storm"] description: Sahara enabled plugin list type: comma_delimited_list + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + constraints: + - allowed_values: [ 'messagingv2', 'noop' ] conditions: service_debug_unset: {equals : [{get_param: SaharaDebug}, '']} @@ -80,6 +90,7 @@ outputs: query: read_default_file: /etc/my.cnf.d/tripleo.cnf read_default_group: tripleo + sahara::notify::notification_driver: {get_param: NotificationDriver} sahara::rabbit_password: {get_param: RabbitPassword} sahara::rabbit_user: {get_param: RabbitUserName} sahara::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index b6c108ea..b58e3ec2 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -4,6 +4,10 @@ description: > OpenStack Sahara Engine service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -39,6 +43,7 @@ resources: SaharaBase: type: ./sahara-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} diff --git a/puppet/services/securetty.yaml b/puppet/services/securetty.yaml index 84a370f0..b070d95f 100644 --- a/puppet/services/securetty.yaml +++ b/puppet/services/securetty.yaml @@ -4,6 +4,10 @@ description: > Configure securetty values parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/snmp.yaml b/puppet/services/snmp.yaml index ffa5d317..732058b6 100644 --- a/puppet/services/snmp.yaml +++ b/puppet/services/snmp.yaml @@ -6,6 +6,10 @@ description: > monitoring. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/sshd.yaml b/puppet/services/sshd.yaml index 30058f03..a9807014 100644 --- a/puppet/services/sshd.yaml +++ b/puppet/services/sshd.yaml @@ -4,6 +4,10 @@ description: > Configure sshd_config parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/swift-base.yaml b/puppet/services/swift-base.yaml index 3066aecd..8d74c703 100644 --- a/puppet/services/swift-base.yaml +++ b/puppet/services/swift-base.yaml @@ -4,6 +4,10 @@ description: > OpenStack Swift Proxy service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 9a304edb..06e8180d 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -4,6 +4,10 @@ description: > OpenStack Swift Proxy service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -31,7 +35,7 @@ parameters: description: Set to True to enable debugging on all services. type: string SwiftPassword: - description: The password for the swift service account, used by the swift proxy services. + description: The password for the swift service account type: string hidden: true SwiftProxyNodeTimeout: @@ -59,10 +63,10 @@ parameters: type: string SwiftCeilometerPipelineEnabled: description: Set to False to disable the swift proxy ceilometer pipeline. - default: True + default: false type: boolean SwiftCeilometerIgnoreProjects: - default: ['services'] + default: ['service'] description: Comma-seperated list of project names to ignore. type: comma_delimited_list RabbitClientPort: @@ -81,13 +85,14 @@ parameters: conditions: - ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]} + ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, true]} use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} resources: SwiftBase: type: ./swift-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -97,6 +102,7 @@ resources: TLSProxyBase: type: OS::TripleO::Services::TLSProxyBase properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -118,14 +124,20 @@ outputs: swift::proxy::authtoken::project_name: 'service' swift::proxy::node_timeout: {get_param: SwiftProxyNodeTimeout} swift::proxy::workers: {get_param: SwiftWorkers} - swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName} - swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} - swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} - swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} - swift::proxy::ceilometer::password: {get_param: SwiftPassword} - swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects} - swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} - swift::proxy::ceilometer::nonblocking_notify: true + - + if: + - ceilometer_pipeline_enabled + - + swift::proxy::ceilometer::rabbit_user: {get_param: RabbitUserName} + swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} + swift::proxy::ceilometer::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri]} + swift::proxy::ceilometer::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]} + swift::proxy::ceilometer::password: {get_param: SwiftPassword} + swift::proxy::ceilometer::ignore_projects: {get_param: SwiftCeilometerIgnoreProjects} + swift::proxy::ceilometer::nonblocking_notify: true + swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + - {} + - swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort} tripleo::profile::base::swift::proxy::ceilometer_messaging_use_ssl: {get_param: RabbitClientUseSSL} tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled} @@ -168,7 +180,6 @@ outputs: - '' - 'proxy-logging' - 'proxy-server' - swift::proxy::ceilometer::rabbit_use_ssl: {get_param: RabbitClientUseSSL} swift::proxy::account_autocreate: true # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples diff --git a/puppet/services/swift-ringbuilder.yaml b/puppet/services/swift-ringbuilder.yaml index 3808dbcc..dd4cebb4 100644 --- a/puppet/services/swift-ringbuilder.yaml +++ b/puppet/services/swift-ringbuilder.yaml @@ -4,6 +4,10 @@ description: > OpenStack Swift Ringbuilder parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index f1a9b930..f9c3cbae 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -4,6 +4,10 @@ description: > OpenStack Swift Storage service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -60,6 +64,7 @@ resources: SwiftBase: type: ./swift-base.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -125,6 +130,7 @@ outputs: - openstack-swift-container-updater - openstack-swift-container - openstack-swift-object-auditor + - openstack-swift-object-expirer - openstack-swift-object-replicator - openstack-swift-object-updater - openstack-swift-object diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml index 5ced8c3c..541a2eb6 100644 --- a/puppet/services/tacker.yaml +++ b/puppet/services/tacker.yaml @@ -4,6 +4,10 @@ description: > OpenStack Tacker service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -33,6 +37,7 @@ parameters: Debug: type: string default: '' + description: Set to True to enable debugging on all services. TackerDebug: default: '' description: Set to True to enable debugging Tacker service. @@ -65,6 +70,12 @@ parameters: e.g. { tacker-context_is_admin: { key: context_is_admin, value: 'role:admin' } } default: {} type: json + NotificationDriver: + type: string + default: 'messagingv2' + description: Driver or drivers to handle sending notifications. + constraints: + - allowed_values: [ 'messagingv2', 'noop' ] conditions: service_debug_unset: {equals : [{get_param: TackerDebug}, '']} @@ -93,6 +104,7 @@ outputs: - {get_param: Debug } - {get_param: TackerDebug } tacker::rpc_backend: rabbit + tacker::notification_driver: {get_param: NotificationDriver} tacker::rabbit_userid: {get_param: RabbitUserName} tacker::rabbit_password: {get_param: RabbitPassword} tacker::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml index 92c3f9ef..4ddba6da 100644 --- a/puppet/services/time/ntp.yaml +++ b/puppet/services/time/ntp.yaml @@ -7,6 +7,10 @@ description: > and configure NTP. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/time/timezone.yaml b/puppet/services/time/timezone.yaml index aece02cf..f991a6b0 100644 --- a/puppet/services/time/timezone.yaml +++ b/puppet/services/time/timezone.yaml @@ -4,6 +4,10 @@ description: > Composable Timezone service parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/tripleo-firewall.yaml b/puppet/services/tripleo-firewall.yaml index 9fb590ef..18835255 100644 --- a/puppet/services/tripleo-firewall.yaml +++ b/puppet/services/tripleo-firewall.yaml @@ -4,6 +4,10 @@ description: > TripleO Firewall settings parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index 2b9b8834..e471c2a6 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -4,6 +4,10 @@ description: > TripleO Package installation settings parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -28,7 +32,7 @@ parameters: type: json EnablePackageInstall: default: 'false' - description: Set to true to enable package installation via Puppet + description: Set to true to enable package installation at deploy time type: boolean outputs: diff --git a/puppet/services/veritas-hyperscale-controller.yaml b/puppet/services/veritas-hyperscale-controller.yaml new file mode 100644 index 00000000..fe641ad6 --- /dev/null +++ b/puppet/services/veritas-hyperscale-controller.yaml @@ -0,0 +1,106 @@ +# Copyright (c) 2017 Veritas Technologies LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: ocata + +description: > + Openstack Veritas HyperScale backend + +parameters: + VrtsRabbitPassword: + type: string + description: The Rabbitmq password of the hyperscale user. Mandatory. + VrtsKeystonePassword: + type: string + description: The Keystone password of the hyperscale service. Mandatory. + VrtsMysqlPassword: + type: string + description: The MySQL password of the hyperscale user. Mandatory. + VrtsCtrlMgmtIP: + type: string + default: '' + description: The management IP of HyperScale. The value will be inferred + from the rest of the deployment settings if left blank. + VrtsDashboardIP: + type: string + default: '' + description: The dashboard IP of HyperScale. The value will be inferred + from the rest of the deployment settings if left blank. + VrtsZookeeperIP: + type: string + description: The IP of a node where Zookeeper is configured. Mandatory. + VrtsSSHPassword: + type: string + description: The SSH password of the hyperscale user. Mandatory. + VrtsConfigParam1: + type: string + default: '' + description: Additional config parameter. Optional. + VrtsConfigParam2: + type: string + default: '' + description: Additional config parameter. Optional. + VrtsConfigParam3: + type: string + default: '' + description: Additional config parameter. Optional. + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Install Veritas HyperScale packages for controller. + value: + service_name: veritas_hyperscale_controller + config_settings: + global_config_settings: + vrts_ctrl_mgmt_ip: {get_param: VrtsCtrlMgmtIP} + vrts_dashboard_ip: {get_param: VrtsDashboardIP} + vrts_zookeeper_ip: {get_param: VrtsZookeeperIP} + vrts_ssh_passwd: {get_param: VrtsSSHPassword} + vrts_config_param1: {get_param: VrtsConfigParam1} + vrts_config_param2: {get_param: VrtsConfigParam2} + vrts_config_param3: {get_param: VrtsConfigParam3} + step_config: | + include ::veritas_hyperscale::controller_pkg_inst + service_config_settings: + rabbitmq: + vrts_rabbitmq_passwd: {get_param: VrtsRabbitPassword} + keystone: + vrts_keystone_passwd: {get_param: VrtsKeystonePassword} + mysql: + vrts_mysql_passwd: {get_param: VrtsMysqlPassword} diff --git a/puppet/services/vpp.yaml b/puppet/services/vpp.yaml index e3e28a2f..fda92b7a 100644 --- a/puppet/services/vpp.yaml +++ b/puppet/services/vpp.yaml @@ -4,6 +4,10 @@ description: > Vpp service configured with Puppet parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/zaqar.yaml b/puppet/services/zaqar.yaml index 416d86df..21857423 100644 --- a/puppet/services/zaqar.yaml +++ b/puppet/services/zaqar.yaml @@ -4,6 +4,10 @@ description: > Openstack Zaqar service. Shared for all Heat services. parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -52,6 +56,14 @@ parameters: type: string description: Set the number of workers for zaqar::wsgi::apache default: '%{::os_workers}' + ZaqarMessageStore: + type: string + description: The messaging store for Zaqar + default: mongodb + ZaqarManagementStore: + type: string + description: The management store for Zaqar + default: mongodb EnableInternalTLS: type: boolean default: false @@ -59,12 +71,15 @@ parameters: conditions: zaqar_workers_zero: {equals : [{get_param: ZaqarWorkers}, 0]} service_debug_unset: {equals : [{get_param: ZaqarDebug}, '']} + zaqar_messaging_store_swift: {equals : [{get_param: ZaqarMessageStore}, 'swift']} + zaqar_management_store_sqlalchemy: {equals : [{get_param: ZaqarManagementStore}, 'sqlalchemy']} resources: ApacheServiceBase: type: ./apache.yaml properties: + ServiceData: {get_param: ServiceData} ServiceNetMap: {get_param: ServiceNetMap} DefaultPasswords: {get_param: DefaultPasswords} EndpointMap: {get_param: EndpointMap} @@ -100,26 +115,67 @@ outputs: "%{hiera('fqdn_$NETWORK')}" params: $NETWORK: {get_param: [ServiceNetMap, ZaqarApiNetwork]} + zaqar::message_store: {get_param: ZaqarMessageStore} + zaqar::management_store: {get_param: ZaqarManagementStore} + - + if: + - zaqar_messaging_store_swift + - + zaqar::messaging::swift::uri: + list_join: + - '' + - ['swift://zaqar:', {get_param: ZaqarPassword}, '@/service'] + zaqar::messaging::swift::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } + tripleo::profile::base::zaqar::messaging_store: 'swift' + - {} + - + if: + - zaqar_management_store_sqlalchemy + - + tripleo::profile::base::zaqar::management_store: 'sqlalchemy' + zaqar::management::sqlalchemy::uri: + make_url: + scheme: {get_param: [EndpointMap, MysqlInternal, protocol]} + username: zaqar + password: {get_param: ZaqarPassword} + host: {get_param: [EndpointMap, MysqlInternal, host]} + path: /zaqar + query: + read_default_file: /etc/my.cnf.d/tripleo.cnf + read_default_group: tripleo + - {} - if: - zaqar_workers_zero - {} - zaqar::wsgi::apache::workers: {get_param: ZaqarWorkers} service_config_settings: - keystone: - zaqar::keystone::auth::password: {get_param: ZaqarPassword} - zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} - zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} - zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} - zaqar::keystone::auth::region: {get_param: KeystoneRegion} - zaqar::keystone::auth::tenant: 'service' - zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} - zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} - zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} - zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} - zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} - zaqar::keystone::auth_websocket::tenant: 'service' - + map_merge: + - keystone: + zaqar::keystone::auth::password: {get_param: ZaqarPassword} + zaqar::keystone::auth::public_url: {get_param: [EndpointMap, ZaqarPublic, uri]} + zaqar::keystone::auth::admin_url: {get_param: [EndpointMap, ZaqarAdmin, uri]} + zaqar::keystone::auth::internal_url: {get_param: [EndpointMap, ZaqarInternal, uri]} + zaqar::keystone::auth::region: {get_param: KeystoneRegion} + zaqar::keystone::auth::tenant: 'service' + zaqar::keystone::auth_websocket::password: {get_param: ZaqarPassword} + zaqar::keystone::auth_websocket::public_url: {get_param: [EndpointMap, ZaqarWebSocketPublic, uri]} + zaqar::keystone::auth_websocket::admin_url: {get_param: [EndpointMap, ZaqarWebSocketAdmin, uri]} + zaqar::keystone::auth_websocket::internal_url: {get_param: [EndpointMap, ZaqarWebSocketInternal, uri]} + zaqar::keystone::auth_websocket::region: {get_param: KeystoneRegion} + zaqar::keystone::auth_websocket::tenant: 'service' + - + if: + - zaqar_management_store_sqlalchemy + - mysql: + zaqar::db::mysql::user: zaqar + zaqar::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]} + zaqar::db::mysql::dbname: zaqar + zaqar::db::mysql::password: {get_param: ZaqarPassword} + zaqar::db::mysql::allowed_hosts: + - '%' + - "%{hiera('mysql_bind_host')}" + - {} step_config: | include ::tripleo::profile::base::zaqar upgrade_tasks: diff --git a/releasenotes/notes/Make-exposing-haproxy-stats-interface-configurable-2b634793c4f13950.yaml b/releasenotes/notes/Make-exposing-haproxy-stats-interface-configurable-2b634793c4f13950.yaml new file mode 100644 index 00000000..193154d0 --- /dev/null +++ b/releasenotes/notes/Make-exposing-haproxy-stats-interface-configurable-2b634793c4f13950.yaml @@ -0,0 +1,4 @@ +--- +features: + - The HAProxy stats interface can now be enabled/disabled with the + HAProxyStatsEnabled flag. Note that it's still enabled by default. diff --git a/releasenotes/notes/add-deploymentswiftdatamap-parameter-351ee63800016e4d.yaml b/releasenotes/notes/add-deploymentswiftdatamap-parameter-351ee63800016e4d.yaml new file mode 100644 index 00000000..67a55cd8 --- /dev/null +++ b/releasenotes/notes/add-deploymentswiftdatamap-parameter-351ee63800016e4d.yaml @@ -0,0 +1,6 @@ +--- +features: + - Added new DeploymentSwiftDataMap parameter, which is used to set the + deployment_swift_data property on the Server resoures. The parameter is a + map where the keys are the Heat assigned hostnames, and the value is a map + of the container/object name in Swift. diff --git a/releasenotes/notes/add-server-os-collect-config-data-eeea2f57b3a82654.yaml b/releasenotes/notes/add-server-os-collect-config-data-eeea2f57b3a82654.yaml new file mode 100644 index 00000000..cd352ac1 --- /dev/null +++ b/releasenotes/notes/add-server-os-collect-config-data-eeea2f57b3a82654.yaml @@ -0,0 +1,6 @@ +--- +features: + - Adds a new output, ServerOsCollectConfigData, which is the + os-collect-config configuration associated with each server resource. + This can be used to [pre]configure the os-collect-config agents on + deployed-server's. diff --git a/releasenotes/notes/cleanup-odl-clustering-93a3ec132f3c2343.yaml b/releasenotes/notes/cleanup-odl-clustering-93a3ec132f3c2343.yaml new file mode 100644 index 00000000..01ce1758 --- /dev/null +++ b/releasenotes/notes/cleanup-odl-clustering-93a3ec132f3c2343.yaml @@ -0,0 +1,6 @@ +--- +deprecations: + - Deprecate and remove configuring clustering for + OpenDaylight container using an exec. + Configuration is now handled via puppet-opendaylight + using file resources. diff --git a/releasenotes/notes/composable-veritas-hyperscale-driver-e7f0a35d7d9a8df1.yaml b/releasenotes/notes/composable-veritas-hyperscale-driver-e7f0a35d7d9a8df1.yaml new file mode 100644 index 00000000..3c17e242 --- /dev/null +++ b/releasenotes/notes/composable-veritas-hyperscale-driver-e7f0a35d7d9a8df1.yaml @@ -0,0 +1,3 @@ +--- +features: + - Add support for Veritas HyperScale Cinder backend. diff --git a/releasenotes/notes/computeovsdpdk-role-67d53a405ce4174b.yaml b/releasenotes/notes/computeovsdpdk-role-67d53a405ce4174b.yaml new file mode 100644 index 00000000..ec7f40c9 --- /dev/null +++ b/releasenotes/notes/computeovsdpdk-role-67d53a405ce4174b.yaml @@ -0,0 +1,4 @@ +--- +features: + - A new role ComputeOvsDpdk has been added to enable dynamic roles_data + creation with OVS-DPDK role. diff --git a/releasenotes/notes/contrail-bugfixes-and-dpdk-enabling-0233a06e23259660.yaml b/releasenotes/notes/contrail-bugfixes-and-dpdk-enabling-0233a06e23259660.yaml new file mode 100644 index 00000000..776c7b48 --- /dev/null +++ b/releasenotes/notes/contrail-bugfixes-and-dpdk-enabling-0233a06e23259660.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + This patch enables the configuration of Contrail DPDK on the Compute nodes + by specifying the required parameters in an environment file. +fixes: + - | + The patch moves the Contrail control plane communication from the public + network to the internal_api network. diff --git a/releasenotes/notes/deployed-server-environment-output-d838c782f76823b7.yaml b/releasenotes/notes/deployed-server-environment-output-d838c782f76823b7.yaml new file mode 100644 index 00000000..14a5a279 --- /dev/null +++ b/releasenotes/notes/deployed-server-environment-output-d838c782f76823b7.yaml @@ -0,0 +1,6 @@ +--- +features: + - Add a new output, DeployedServerEnvironment, that can be used as + the contents of an environment file. This environment file can then be used + as input into a services only stack when using split-stack. The parameter + simplifies the manual steps needed to deploy split-stack. diff --git a/releasenotes/notes/disable-ceilo-middleware-6853cb92e3e08161.yaml b/releasenotes/notes/disable-ceilo-middleware-6853cb92e3e08161.yaml new file mode 100644 index 00000000..28dac8b0 --- /dev/null +++ b/releasenotes/notes/disable-ceilo-middleware-6853cb92e3e08161.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - Disable ceilometer in the swift proxy middleware pipeline out of the box. + This generates a lot of events with gnocchi and swift backend and causes + heavy load. It should be easy to enable if needed. diff --git a/releasenotes/notes/enable-dpdk-on-boot-f5b098b10152b436.yaml b/releasenotes/notes/enable-dpdk-on-boot-f5b098b10152b436.yaml new file mode 100644 index 00000000..4cb9b801 --- /dev/null +++ b/releasenotes/notes/enable-dpdk-on-boot-f5b098b10152b436.yaml @@ -0,0 +1,8 @@ +--- +features: + - DPDK is enabled in OvS before the NetworkDeployment to ensure DPDK + is ready to handle new port additions. +upgrade: + - A new parameter ServiceNames is added to the PreNeworkConfig resource. + All templates associated with PreNeworkConfig should add this new + parameter during the upgrade. diff --git a/releasenotes/notes/enable-neutron-lbaas-integration-b72126f2c7e71cee.yaml b/releasenotes/notes/enable-neutron-lbaas-integration-b72126f2c7e71cee.yaml new file mode 100644 index 00000000..490dc244 --- /dev/null +++ b/releasenotes/notes/enable-neutron-lbaas-integration-b72126f2c7e71cee.yaml @@ -0,0 +1,4 @@ +--- +features: + - Allows the configuration of the Neutron LBaaS + agent.
\ No newline at end of file diff --git a/releasenotes/notes/enable-neutron-lbaas-integration-fa999ccd548ee6b6.yaml b/releasenotes/notes/enable-neutron-lbaas-integration-fa999ccd548ee6b6.yaml new file mode 100644 index 00000000..7d6b1ecc --- /dev/null +++ b/releasenotes/notes/enable-neutron-lbaas-integration-fa999ccd548ee6b6.yaml @@ -0,0 +1,4 @@ +--- +features: + - Allows the configuration of the Neutron LBaaS + agent. diff --git a/releasenotes/notes/generated-sample-environments-8b523f55f36e940c.yaml b/releasenotes/notes/generated-sample-environments-8b523f55f36e940c.yaml new file mode 100644 index 00000000..0721334c --- /dev/null +++ b/releasenotes/notes/generated-sample-environments-8b523f55f36e940c.yaml @@ -0,0 +1,21 @@ +--- +features: + - | + There is now a tool in tripleo-heat-templates, similar to the + oslo-config-generator, that can be used to programmatically generate + sample environment files based directly on the contents of the templates + themselves. This ensures consistency in the sample environments, as well + as making it easier to update environments to reflect changes to the + templates. +upgrade: + - | + Some sample environment files will be moving as part of the work to + generate them programmatically. The old versions will be left in place for + one cycle to allow a smooth upgrade process. When upgrading, if any of the + environment files in use for the deployment have been deprecated they + should be replaced with the new generated verions. +deprecations: + - | + Where a generated sample environment replaces an existing one, the existing + environment is deprecated. This will be noted in a comment at the top of + the file. diff --git a/releasenotes/notes/notification-driver-noop-e322ca6704a5bc50.yaml b/releasenotes/notes/notification-driver-noop-e322ca6704a5bc50.yaml new file mode 100644 index 00000000..b7090973 --- /dev/null +++ b/releasenotes/notes/notification-driver-noop-e322ca6704a5bc50.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + Allow to configure the Message Queue notification driver. + By default, we'll configure 'messagingv2' but we can now + override NotificationDriver parameter and set 'noop' when + we don't want notifications, which is the case when + we disable Telemetry services. +deprecations: + - KeystoneNotificationDriver is deprecated in favor of NotificationDriver. diff --git a/releasenotes/notes/odl-user-a4c58ac0c3a64d90.yaml b/releasenotes/notes/odl-user-a4c58ac0c3a64d90.yaml new file mode 100644 index 00000000..d37ab12b --- /dev/null +++ b/releasenotes/notes/odl-user-a4c58ac0c3a64d90.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - Fixing an issue where a custom password for the + OpenDaylight controller caused the TripleO deployment + to fail diff --git a/releasenotes/notes/opendaylight-manage-repos-9eaf900c08e8d96f.yaml b/releasenotes/notes/opendaylight-manage-repos-9eaf900c08e8d96f.yaml new file mode 100644 index 00000000..b7497b19 --- /dev/null +++ b/releasenotes/notes/opendaylight-manage-repos-9eaf900c08e8d96f.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Adding the ability to disable the OpenDaylight upstream repository. + Introducing the OpenDaylightManageRepositories parameter. diff --git a/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml b/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml new file mode 100644 index 00000000..f8c06fd6 --- /dev/null +++ b/releasenotes/notes/ovs-dpdk-permission-workaround-20aaebcc8d6009ec.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - Fixed the openvswitch permission to allow ovs to access vhost + sockets created by qemu. This is a workaround until openvswitch + provides the actual solution. + diff --git a/releasenotes/notes/refactor-dpdk-dd37ccf14f711bb1.yaml b/releasenotes/notes/refactor-dpdk-dd37ccf14f711bb1.yaml new file mode 100644 index 00000000..1e44d926 --- /dev/null +++ b/releasenotes/notes/refactor-dpdk-dd37ccf14f711bb1.yaml @@ -0,0 +1,23 @@ +--- +features: + - Adds common openvswitch service template to be + inherited by other services. + - Adds environment file to be used for deploying + OpenDaylight + OVS DPDK. + - Adds first boot and ovs configuration scripts +deprecations: + - The ``HostCpusList`` parameter is deprecated in + favor of ``OvsDpdkCoreList`` and will be removed + in a future release. + - The ``NeutronDpdkCoreList`` parameter is deprecated in + favor of ``OvsPmdCoreList`` and will be removed + in a future release. + - The ``NeutronDpdkMemoryChannels`` parameter is deprecated in + favor of ``OvsDpdkMemoryChannels`` and will be removed + in a future release. + - The ``NeutronDpdkSocketMemory`` parameter is deprecated in + favor of ``OvsDpdkSocketMemory`` and will be removed + in a future release. + - The ``NeutronDpdkDriverType`` parameter is deprecated in + favor of ``OvsDpdkDriverType`` and will be removed + in a future release. diff --git a/releasenotes/notes/roles-data-validation-7845702b5ed85366.yaml b/releasenotes/notes/roles-data-validation-7845702b5ed85366.yaml new file mode 100644 index 00000000..766b6581 --- /dev/null +++ b/releasenotes/notes/roles-data-validation-7845702b5ed85366.yaml @@ -0,0 +1,8 @@ +--- +features: + - | + The roles_data.yaml and roles_data_undercloud.yaml can be generated with + tox using ``tox -e genrolesdata``. + - | + pep8 now checks that the roles_data.yaml and roles_data_undercloud.yaml + matches data generated from the roles/ files. diff --git a/releasenotes/notes/service_workflow_tasks-4da5830821b7154b.yaml b/releasenotes/notes/service_workflow_tasks-4da5830821b7154b.yaml new file mode 100644 index 00000000..cf99ec5d --- /dev/null +++ b/releasenotes/notes/service_workflow_tasks-4da5830821b7154b.yaml @@ -0,0 +1,8 @@ +--- +features: + - | + It is now possible to trigger Mistral workflows or workflow actions + before a deployment step is applied. This can be defined within the + scope of a service template and is described as a task property + for the Heat OS::Mistral::Workflow resource, for more details also + see the puppet/services/README.rst file.
\ No newline at end of file diff --git a/releasenotes/notes/split-stack-environments-1f817e24b5d90959.yaml b/releasenotes/notes/split-stack-environments-1f817e24b5d90959.yaml new file mode 100644 index 00000000..1bc99371 --- /dev/null +++ b/releasenotes/notes/split-stack-environments-1f817e24b5d90959.yaml @@ -0,0 +1,7 @@ +--- +features: + - Add 2 new example environments to facilitate deploying split-stack, + environments/overcloud-baremetal.j2.yaml and + environments/overcloud-services.yaml. The environments are used to deploy two + separate Heat stacks, one for just the baremetal+network configuration and one + for the service configuration. diff --git a/releasenotes/notes/subnet-mapping-into-services-999a2c5a90b85709.yaml b/releasenotes/notes/subnet-mapping-into-services-999a2c5a90b85709.yaml new file mode 100644 index 00000000..1b8593a2 --- /dev/null +++ b/releasenotes/notes/subnet-mapping-into-services-999a2c5a90b85709.yaml @@ -0,0 +1,6 @@ +--- +other: + - | + Adds the ability to resolve network subnets from within + the service templates. The new ServiceData structure contains + a mapping like {network_name: cidr} in net_cidr_map.
\ No newline at end of file diff --git a/releasenotes/notes/vipmap-output-4a9ce99930960346.yaml b/releasenotes/notes/vipmap-output-4a9ce99930960346.yaml new file mode 100644 index 00000000..1f49bacd --- /dev/null +++ b/releasenotes/notes/vipmap-output-4a9ce99930960346.yaml @@ -0,0 +1,5 @@ +--- +features: + - Add VipMap output to the top level stack output. VipMap is a mapping from + each network to the VIP address on that network. Also includes the Redis + VIP. diff --git a/releasenotes/notes/zaqar_backends-ccf8adfd24a17bf5.yaml b/releasenotes/notes/zaqar_backends-ccf8adfd24a17bf5.yaml new file mode 100644 index 00000000..a72da829 --- /dev/null +++ b/releasenotes/notes/zaqar_backends-ccf8adfd24a17bf5.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Add Heat parameters which allow the end user to configure custom + management and messaging backends for MySQL and Swift. diff --git a/releasenotes/notes/zaqar_undercloud_backends-f63224a2a3aa684e.yaml b/releasenotes/notes/zaqar_undercloud_backends-f63224a2a3aa684e.yaml new file mode 100644 index 00000000..64a41424 --- /dev/null +++ b/releasenotes/notes/zaqar_undercloud_backends-f63224a2a3aa684e.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Update undercloud default Heat parameters so we use the Zaqar swift/mysql + backends. This allows us to drop MongoDB from the undercloud. diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py index 72b89b10..939b263c 100644 --- a/releasenotes/source/conf.py +++ b/releasenotes/source/conf.py @@ -27,7 +27,7 @@ # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom # ones. extensions = [ - 'oslosphinx', + 'openstackdocstheme', 'reno.sphinxext', ] @@ -52,7 +52,7 @@ copyright = u'2017, TripleO Developers' # built documents. # # The full version, including alpha/beta/rc tags. -release = '7.0.0.0b2' +release = '7.0.0.0b3' # The short X.Y version. version = '7.0.0' @@ -101,7 +101,7 @@ pygments_style = 'sphinx' # The theme to use for HTML and HTML Help pages. See the documentation for # a list of builtin themes. -html_theme = 'default' +html_theme = 'openstackdocs' # Theme options are theme-specific and customize the look and feel of a theme # further. For a list of options available for each theme, see the @@ -262,3 +262,8 @@ texinfo_documents = [ # -- Options for Internationalization output ------------------------------ locale_dirs = ['locale/'] + +# openstackdocstheme options +repository_name = 'openstack/tripleo-heat-templates' +bug_project = 'tripleo' +bug_tag = 'documentation' diff --git a/requirements.txt b/requirements.txt index 4a9b7253..d4e343ec 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,3 +4,4 @@ pbr!=2.1.0,>=2.0.0 # Apache-2.0 Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause) six>=1.9.0 # MIT +tripleo-common>=7.1.0 # Apache-2.0 diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml index b0117400..3779d23e 100644 --- a/roles/BlockStorage.yaml +++ b/roles/BlockStorage.yaml @@ -13,6 +13,7 @@ - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::CinderBackendVRTSHyperScale - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::FluentdClient diff --git a/roles/Compute.yaml b/roles/Compute.yaml index 75a6f608..de356487 100644 --- a/roles/Compute.yaml +++ b/roles/Compute.yaml @@ -33,6 +33,7 @@ - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty diff --git a/roles/ComputeHCI.yaml b/roles/ComputeHCI.yaml new file mode 100644 index 00000000..d20b5f33 --- /dev/null +++ b/roles/ComputeHCI.yaml @@ -0,0 +1,46 @@ +############################################################################### +# Role: ComputeHCI # +############################################################################### +- name: ComputeHCI + description: | + Compute Node role hosting Ceph OSD too + networks: + - InternalApi + - Tenant + - Storage + - StorageMgmt + disable_upgrade_deployment: True + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::NeutronSriovAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Vpp diff --git a/roles/ComputeOvsDpdk.yaml b/roles/ComputeOvsDpdk.yaml new file mode 100644 index 00000000..7c3cd218 --- /dev/null +++ b/roles/ComputeOvsDpdk.yaml @@ -0,0 +1,41 @@ +############################################################################### +# Role: ComputeOvsDpdk # +############################################################################### +- name: ComputeOvsDpdk + description: | + Compute OvS DPDK Role + CountDefault: 1 + networks: + - InternalApi + - Tenant + - Storage + HostnameFormatDefault: '%stackname%-computeovsdpdk-%index%' + disable_upgrade_deployment: True + ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::ComputeNeutronOvsDpdk + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages diff --git a/roles/Controller.yaml b/roles/Controller.yaml index b0a13138..34a23b43 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -40,10 +40,12 @@ - OS::TripleO::Services::CinderBackendDellSc - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO + - OS::TripleO::Services::CinderBackendVRTSHyperScale - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderHPELeftHandISCSI - OS::TripleO::Services::CinderScheduler - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Clustercheck - OS::TripleO::Services::Collectd - OS::TripleO::Services::Congress - OS::TripleO::Services::Docker @@ -84,6 +86,7 @@ - OS::TripleO::Services::NeutronL2gwAgent - OS::TripleO::Services::NeutronL2gwApi - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronLbaasv2Agent - OS::TripleO::Services::NeutronLinuxbridgeAgent - OS::TripleO::Services::NeutronMetadataAgent - OS::TripleO::Services::NeutronML2FujitsuCfab diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 6cf2120e..1feb12f0 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -40,6 +40,7 @@ - OS::TripleO::Services::CinderVolume - OS::TripleO::Services::Collectd - OS::TripleO::Services::Congress + - OS::TripleO::Services::Clustercheck - OS::TripleO::Services::Docker - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::Etcd @@ -56,6 +57,7 @@ - OS::TripleO::Services::Horizon - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Keepalived - OS::TripleO::Services::Kernel - OS::TripleO::Services::Keystone diff --git a/roles/Networker.yaml b/roles/Networker.yaml index a28eaa63..635c430f 100644 --- a/roles/Networker.yaml +++ b/roles/Networker.yaml @@ -16,12 +16,13 @@ - OS::TripleO::Services::Kernel - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::NeutronApi - - OS::TripleO::Services::NeutronBgpvpnApi + - OS::TripleO::Services::NeutronBgpVpnApi - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronDhcpAgent - OS::TripleO::Services::NeutronL2gwAgent - OS::TripleO::Services::NeutronL2gwApi - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronLbaasv2Agent - OS::TripleO::Services::NeutronMetadataAgent - OS::TripleO::Services::NeutronML2FujitsuCfab - OS::TripleO::Services::NeutronML2FujitsuFossw diff --git a/roles/README.rst b/roles/README.rst index cd1fcb47..b21a34b6 100644 --- a/roles/README.rst +++ b/roles/README.rst @@ -95,6 +95,7 @@ Example BlockStorage CephStorage Compute + ComputeOvsDpdk Controller ControllerOpenstack Database @@ -151,12 +152,14 @@ Example * OS::TripleO::Services::ComputeNeutronOvsAgent * OS::TripleO::Services::Docker * OS::TripleO::Services::FluentdClient + * OS::TripleO::Services::Iscsid * OS::TripleO::Services::Kernel * OS::TripleO::Services::MySQLClient * OS::TripleO::Services::NeutronSriovAgent * OS::TripleO::Services::NeutronVppAgent * OS::TripleO::Services::NovaCompute * OS::TripleO::Services::NovaLibvirt + * OS::TripleO::Services::NovaMigrationTarget * OS::TripleO::Services::Ntp * OS::TripleO::Services::OpenDaylightOvs * OS::TripleO::Services::Securetty diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml index bcdedc71..d462fb27 100644 --- a/roles/Undercloud.yaml +++ b/roles/Undercloud.yaml @@ -18,6 +18,7 @@ - OS::TripleO::Services::HeatEngine - OS::TripleO::Services::IronicApi - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::IronicInspector - OS::TripleO::Services::IronicPxe - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Keystone @@ -25,7 +26,6 @@ - OS::TripleO::Services::MistralApi - OS::TripleO::Services::MistralEngine - OS::TripleO::Services::MistralExecutor - - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQL - OS::TripleO::Services::NeutronApi - OS::TripleO::Services::NeutronCorePlugin @@ -48,6 +48,7 @@ - OS::TripleO::Services::UndercloudAodhListener - OS::TripleO::Services::UndercloudAodhNotifier - OS::TripleO::Services::UndercloudCeilometerAgentCentral + - OS::TripleO::Services::UndercloudCeilometerAgentIpmi - OS::TripleO::Services::UndercloudCeilometerAgentNotification - OS::TripleO::Services::UndercloudGnocchiApi - OS::TripleO::Services::UndercloudGnocchiMetricd diff --git a/roles_data.yaml b/roles_data.yaml index f96e5625..466164fc 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -1,5 +1,5 @@ ############################################################################### -# File generated by tripleoclient +# File generated by TripleO ############################################################################### ############################################################################### # Role: Controller # @@ -43,10 +43,12 @@ - OS::TripleO::Services::CinderBackendDellSc - OS::TripleO::Services::CinderBackendNetApp - OS::TripleO::Services::CinderBackendScaleIO + - OS::TripleO::Services::CinderBackendVRTSHyperScale - OS::TripleO::Services::CinderBackup - OS::TripleO::Services::CinderHPELeftHandISCSI - OS::TripleO::Services::CinderScheduler - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Clustercheck - OS::TripleO::Services::Collectd - OS::TripleO::Services::Congress - OS::TripleO::Services::Docker @@ -87,6 +89,7 @@ - OS::TripleO::Services::NeutronL2gwAgent - OS::TripleO::Services::NeutronL2gwApi - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronLbaasv2Agent - OS::TripleO::Services::NeutronLinuxbridgeAgent - OS::TripleO::Services::NeutronMetadataAgent - OS::TripleO::Services::NeutronML2FujitsuCfab @@ -163,6 +166,7 @@ - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget - OS::TripleO::Services::Ntp - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::Securetty @@ -188,6 +192,7 @@ - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::CinderBackendVRTSHyperScale - OS::TripleO::Services::Collectd - OS::TripleO::Services::Docker - OS::TripleO::Services::FluentdClient @@ -259,3 +264,4 @@ - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - OS::TripleO::Services::TripleoPackages + diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml index 783df91d..2c8e479f 100644 --- a/roles_data_undercloud.yaml +++ b/roles_data_undercloud.yaml @@ -1,5 +1,5 @@ ############################################################################### -# File generated by tripleoclient +# File generated by TripleO ############################################################################### ############################################################################### # Role: Undercloud # @@ -29,7 +29,6 @@ - OS::TripleO::Services::MistralApi - OS::TripleO::Services::MistralEngine - OS::TripleO::Services::MistralExecutor - - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQL - OS::TripleO::Services::NeutronApi - OS::TripleO::Services::NeutronCorePlugin @@ -59,3 +58,4 @@ - OS::TripleO::Services::UndercloudGnocchiStatsd - OS::TripleO::Services::UndercloudPankoApi - OS::TripleO::Services::Zaqar + diff --git a/services.yaml b/services.yaml deleted file mode 100644 index 724727bb..00000000 --- a/services.yaml +++ /dev/null @@ -1,144 +0,0 @@ -#FIXME move into common when specfile adds it -heat_template_version: pike - -description: > - Utility stack to convert an array of services into a set of combined - role configs. - -parameters: - Services: - default: [] - description: | - List nested stack service templates. - type: comma_delimited_list - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - DefaultPasswords: - default: {} - description: Mapping of service -> default password. Used to help - pass top level passwords managed by Heat into services. - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - description: Role Specific parameters to be provided to service - default: {} - type: json - -resources: - - ServiceChain: - type: OS::Heat::ResourceChain - properties: - resources: {get_param: Services} - concurrent: true - resource_properties: - ServiceNetMap: {get_param: ServiceNetMap} - EndpointMap: {get_param: EndpointMap} - DefaultPasswords: {get_param: DefaultPasswords} - RoleName: {get_param: RoleName} - RoleParameters: {get_param: RoleParameters} - - LoggingConfiguration: - type: OS::TripleO::LoggingConfiguration - - ServiceServerMetadataHook: - type: OS::TripleO::ServiceServerMetadataHook - properties: - RoleData: {get_attr: [ServiceChain, role_data]} - -outputs: - role_data: - description: Combined Role data for this set of services. - value: - service_names: - {get_attr: [ServiceChain, role_data, service_name]} - monitoring_subscriptions: - yaql: - expression: list($.data.role_data.where($ != null).select($.get('monitoring_subscription')).where($ != null)) - data: {role_data: {get_attr: [ServiceChain, role_data]}} - logging_sources: - # Transform the individual logging_source configuration from - # each service in the chain into a global list, adding some - # default configuration at the same time. - yaql: - expression: > - let( - default_format => $.data.default_format, - pos_file_path => $.data.pos_file_path, - sources => $.data.sources.flatten() - ) -> - $sources.where($ != null).select({ - 'type' => 'tail', - 'tag' => $.tag, - 'path' => $.path, - 'format' => $.get('format', $default_format), - 'pos_file' => $.get('pos_file', $pos_file_path + '/' + $.tag + '.pos') - }) - data: - sources: - - {get_attr: [LoggingConfiguration, LoggingDefaultSources]} - - yaql: - expression: list($.data.role_data.where($ != null).select($.get('logging_source')).where($ != null)) - data: {role_data: {get_attr: [ServiceChain, role_data]}} - - - {get_attr: [LoggingConfiguration, LoggingExtraSources]} - default_format: {get_attr: [LoggingConfiguration, LoggingDefaultFormat]} - pos_file_path: {get_attr: [LoggingConfiguration, LoggingPosFilePath]} - logging_groups: - # Build a list of unique groups to which we should add the - # fluentd user. - yaql: - expression: > - set(($.data.default + $.data.extra + $.data.role_data.where($ != null).select($.get('logging_groups'))).flatten()).where($) - data: - default: {get_attr: [LoggingConfiguration, LoggingDefaultGroups]} - extra: {get_attr: [LoggingConfiguration, LoggingExtraGroups]} - role_data: {get_attr: [ServiceChain, role_data]} - config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}} - global_config_settings: - map_merge: - yaql: - expression: list($.data.role_data.where($ != null).select($.get('global_config_settings')).where($ != null)) - data: {role_data: {get_attr: [ServiceChain, role_data]}} - service_config_settings: - yaql: - expression: $.data.role_data.where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {}) - data: {role_data: {get_attr: [ServiceChain, role_data]}} - step_config: {get_attr: [ServiceChain, role_data, step_config]} - upgrade_tasks: - yaql: - # Note we use distinct() here to filter any identical tasks, e.g yum update for all services - expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() - data: {get_attr: [ServiceChain, role_data]} - upgrade_batch_tasks: - yaql: - # Note we use distinct() here to filter any identical tasks, e.g yum update for all services - expression: $.data.where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct() - data: {get_attr: [ServiceChain, role_data]} - service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]} - - # Keys to support docker/services - puppet_config: {get_attr: [ServiceChain, role_data, puppet_config]} - kolla_config: - map_merge: {get_attr: [ServiceChain, role_data, kolla_config]} - docker_config: - {get_attr: [ServiceChain, role_data, docker_config]} - docker_puppet_tasks: - {get_attr: [ServiceChain, role_data, docker_puppet_tasks]} - host_prep_tasks: - yaql: - # Note we use distinct() here to filter any identical tasks - expression: $.data.where($ != null).select($.get('host_prep_tasks')).where($ != null).flatten().distinct() - data: {get_attr: [ServiceChain, role_data]} diff --git a/test-requirements.txt b/test-requirements.txt index 81136356..1b60459c 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,11 +1,11 @@ # The order of packages is significant, because pip processes them in the order # of appearance. Changing the order has an impact on the overall integration # process, which may cause wedges in the gate later. +openstackdocstheme>=1.11.0 # Apache-2.0 PyYAML>=3.10.0 # MIT Jinja2!=2.9.0,!=2.9.1,!=2.9.2,!=2.9.3,!=2.9.4,>=2.8 # BSD License (3 clause) six>=1.9.0 # MIT -sphinx!=1.6.1,>=1.5.1 # BSD -oslosphinx>=4.7.0 # Apache-2.0 +sphinx>=1.6.2 # BSD reno!=2.3.1,>=1.8.0 # Apache-2.0 coverage!=4.4,>=4.0 # Apache-2.0 fixtures>=3.0.0 # Apache-2.0/BSD diff --git a/tools/process-templates.py b/tools/process-templates.py index 69ed96a6..badc1426 100755 --- a/tools/process-templates.py +++ b/tools/process-templates.py @@ -138,19 +138,33 @@ def process_templates(template_path, role_data_path, output_dir, print("jinja2 rendering roles %s" % "," .join(role_names)) for role in role_names: - j2_data = {'role': role} - # (dprince) For the undercloud installer we don't - # want to have heat check nova/glance API's - if r_map[role].get('disable_constraints', False): - j2_data['disable_constraints'] = True + j2_data = {'role': r_map[role]} out_f = "-".join( [role.lower(), os.path.basename(f).replace('.role.j2.yaml', '.yaml')]) out_f_path = os.path.join(out_dir, out_f) if not (out_f_path in excl_templates): - _j2_render_to_file(template_data, j2_data, - out_f_path, overwrite) + if '{{role.name}}' in template_data: + j2_data = {'role': r_map[role], + 'networks': network_data} + _j2_render_to_file(template_data, j2_data, + out_f_path, overwrite) + else: + # Backwards compatibility with templates + # that specify {{role}} vs {{role.name}} + j2_data = {'role': role, + 'networks': network_data} + # (dprince) For the undercloud installer we + # don'twant to have heat check nova/glance + # API's + if r_map[role].get('disable_constraints', + False): + j2_data['disable_constraints'] = True + _j2_render_to_file( + template_data,j2_data, + out_f_path, overwrite) + else: print('skipping rendering of %s' % out_f_path) elif f.endswith('.j2.yaml'): diff --git a/tools/roles-data-generate-samples.sh b/tools/roles-data-generate-samples.sh new file mode 100755 index 00000000..cb370dcc --- /dev/null +++ b/tools/roles-data-generate-samples.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +set -e + +SCRIPT_DIR=$(cd `dirname $0` && pwd -P) +OUTPUT_DIR=${OUTPUT_DIR:-$(cd "${SCRIPT_DIR}/../" && pwd -P)} + +echo "Generating ${OUTPUT_DIR}/roles_data.yaml" +$SCRIPT_DIR/roles-data-generate.py Controller Compute BlockStorage ObjectStorage CephStorage > $OUTPUT_DIR/roles_data.yaml + +echo "Generating ${OUTPUT_DIR}/roles_data_undercloud.yaml" +$SCRIPT_DIR/roles-data-generate.py Undercloud > $OUTPUT_DIR/roles_data_undercloud.yaml diff --git a/tools/roles-data-generate.py b/tools/roles-data-generate.py new file mode 100755 index 00000000..0b768744 --- /dev/null +++ b/tools/roles-data-generate.py @@ -0,0 +1,49 @@ +#!/usr/bin/env python +# +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# + +import argparse +import collections +import os +import sys + +from tripleo_common.utils import roles as rolesutils + +__tht_root_dir = os.path.dirname(os.path.dirname(__file__)) +__tht_roles_dir = os.path.join(__tht_root_dir, 'roles') + + +def parse_opts(argv): + parser = argparse.ArgumentParser( + description='Generate roles_data.yaml for requested roles. NOTE: ' + 'This is a stripped down version of what is provided by ' + 'the tripleoclient. The tripleoclient should be used for ' + 'additional functionality.') + parser.add_argument('--roles-path', metavar='<roles directory>', + help="Filesystem path containing the roles yaml files", + default=__tht_roles_dir) + parser.add_argument('roles', nargs="+", metavar='<role>', + help='List of roles to use to generate the ' + 'roles_data.yaml file') + opts = parser.parse_args(argv[1:]) + + return opts + +opts = parse_opts(sys.argv) + +roles = collections.OrderedDict.fromkeys(opts.roles) +print(rolesutils.generate_roles_data_from_directory(opts.roles_path, + roles.keys())) diff --git a/tools/roles-data-validation.sh b/tools/roles-data-validation.sh new file mode 100755 index 00000000..7c5786e1 --- /dev/null +++ b/tools/roles-data-validation.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# +# Copyright 2017 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +set -e + +SCRIPT_DIR=$(cd `dirname $0` && pwd -P) +THT_DIR=${OUTPUT_DIR:-$(cd "${SCRIPT_DIR}/../" && pwd -P)} +TMPDIR=$(mktemp -d) + +function do_cleanup { + rm -rf $TMPDIR +} +trap do_cleanup EXIT + +function check_diff { + local thtfile=$1 + local genfile=$2 + echo -n "Performing diff on $thtfile $genfile... " + diff $thtfile $genfile > $TMPDIR/diff_results + if [ $? = 1 ]; then + echo "ERROR: Generated roles file not match the current ${thtfile}" + echo "Please make sure to update the appropriate roles/* files." + echo "Here is the diff ${thtfile} ${genfile}" + cat $TMPDIR/diff_results + exit 1 + fi + echo "OK!" +} + +OUTPUT_DIR=$TMPDIR +source $SCRIPT_DIR/roles-data-generate-samples.sh + +set +e +check_diff $THT_DIR/roles_data.yaml $TMPDIR/roles_data.yaml +check_diff $THT_DIR/roles_data_undercloud.yaml $TMPDIR/roles_data_undercloud.yaml diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index ff215fba..1554f9fd 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -18,7 +18,7 @@ import yaml required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords', - 'RoleName', 'RoleParameters'] + 'RoleName', 'RoleParameters', 'ServiceData'] # NOTE(bnemec): The duplication in this list is intentional. For the # transition to generated environments we have two copies of these files, @@ -38,7 +38,105 @@ OPTIONAL_DOCKER_SECTIONS = ['docker_puppet_tasks', 'upgrade_tasks', 'metadata_settings', 'kolla_config'] REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS = ['config_volume', 'step_config', 'config_image'] -OPTIONAL_DOCKER_PUPPET_CONFIG_SECTIONS = [ 'puppet_tags' ] +OPTIONAL_DOCKER_PUPPET_CONFIG_SECTIONS = [ 'puppet_tags', 'volumes' ] +# Mapping of parameter names to a list of the fields we should _not_ enforce +# consistency across files on. This should only contain parameters whose +# definition we cannot change for backwards compatibility reasons. New +# parameters to the templates should not be added to this list. +PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'], + 'ManagementAllocationPools': ['default'], + 'ExternalNetCidr': ['default'], + 'ExternalAllocationPools': ['default'], + 'StorageNetCidr': ['default'], + 'StorageAllocationPools': ['default'], + 'StorageMgmtNetCidr': ['default', + # FIXME + 'description'], + 'StorageMgmtAllocationPools': ['default'], + 'TenantNetCidr': ['default'], + 'TenantAllocationPools': ['default'], + 'InternalApiNetCidr': ['default'], + 'UpdateIdentifier': ['description'], + # TODO(bnemec): Address these existing + # inconsistencies. + 'NeutronMetadataProxySharedSecret': [ + 'description', 'hidden'], + 'ServiceNetMap': ['description', 'default'], + 'EC2MetadataIp': ['default'], + 'network': ['default'], + 'ControlPlaneIP': ['default', + 'description'], + 'ControlPlaneIp': ['default', + 'description'], + 'NeutronBigswitchLLDPEnabled': ['default'], + 'NeutronEnableL2Pop': ['description'], + 'NeutronWorkers': ['description'], + 'TenantIpSubnet': ['description'], + 'ExternalNetName': ['description'], + 'ControlPlaneDefaultRoute': ['default'], + 'StorageMgmtNetName': ['description'], + 'ServerMetadata': ['description'], + 'InternalApiIpUri': ['description'], + 'UpgradeLevelNovaCompute': ['default'], + 'StorageMgmtIpUri': ['description'], + 'server': ['description'], + 'servers': ['description'], + 'FixedIPs': ['description'], + 'ExternalIpSubnet': ['description'], + 'NeutronBridgeMappings': ['description'], + 'ExtraConfig': ['description'], + 'InternalApiIpSubnet': ['description'], + 'DefaultPasswords': ['description', + 'default'], + 'BondInterfaceOvsOptions': ['description', + 'default', + 'constraints'], + 'KeyName': ['constraints'], + 'TenantNetName': ['description'], + 'StorageIpSubnet': ['description'], + 'OVNSouthboundServerPort': ['description'], + 'ExternalInterfaceDefaultRoute': + ['description', 'default'], + 'ExternalIpUri': ['description'], + 'IPPool': ['description'], + 'ControlPlaneNetwork': ['description'], + 'SSLCertificate': ['description', + 'default', + 'hidden'], + 'HostCpusList': ['default', 'constraints'], + 'InternalApiAllocationPools': ['default'], + 'NodeIndex': ['description'], + 'name': ['description', 'default'], + 'StorageNetName': ['description'], + 'ManagementNetName': ['description'], + 'NeutronPublicInterface': ['description'], + 'RoleParameters': ['description'], + 'ManagementInterfaceDefaultRoute': + ['default'], + 'image': ['description', 'default'], + 'NeutronBigswitchAgentEnabled': ['default'], + 'EndpointMap': ['description', 'default'], + 'DockerManilaConfigImage': ['description', + 'default'], + 'NetworkName': ['default', 'description'], + 'StorageIpUri': ['description'], + 'InternalApiNetName': ['description'], + 'NeutronTunnelTypes': ['description'], + 'replacement_policy': ['default'], + 'StorageMgmtIpSubnet': ['description'], + 'CloudDomain': ['description', 'default'], + 'key_name': ['default', 'description'], + 'EnableLoadBalancer': ['description'], + 'ControllerExtraConfig': ['description'], + 'NovaComputeExtraConfig': ['description'], + 'controllerExtraConfig': ['description'], + 'DockerSwiftConfigImage': ['default'], + } + +PREFERRED_CAMEL_CASE = { + 'ec2api': 'Ec2Api', + 'haproxy': 'HAProxy', +} def exit_usage(): @@ -46,6 +144,11 @@ def exit_usage(): sys.exit(1) +def to_camel_case(string): + return PREFERRED_CAMEL_CASE.get(string, ''.join(s.capitalize() or '_' for + s in string.split('_'))) + + def get_base_endpoint_map(filename): try: tpl = yaml.load(open(filename).read()) @@ -75,14 +178,30 @@ def validate_hci_compute_services_default(env_filename, env_tpl): env_services_list = env_tpl['parameter_defaults']['ComputeServices'] env_services_list.remove('OS::TripleO::Services::CephOSD') roles_filename = os.path.join(os.path.dirname(env_filename), - '../roles_data.yaml') + '../roles/Compute.yaml') roles_tpl = yaml.load(open(roles_filename).read()) for role in roles_tpl: if role['name'] == 'Compute': roles_services_list = role['ServicesDefault'] if sorted(env_services_list) != sorted(roles_services_list): - print('ERROR: ComputeServices in %s is different ' - 'from ServicesDefault in roles_data.yaml' % env_filename) + print('ERROR: ComputeServices in %s is different from ' + 'ServicesDefault in roles/Compute.yaml' % env_filename) + return 1 + return 0 + + +def validate_hci_computehci_role(hci_role_filename, hci_role_tpl): + compute_role_filename = os.path.join(os.path.dirname(hci_role_filename), + './Compute.yaml') + compute_role_tpl = yaml.load(open(compute_role_filename).read()) + compute_role_services = compute_role_tpl[0]['ServicesDefault'] + for role in hci_role_tpl: + if role['name'] == 'ComputeHCI': + hci_role_services = role['ServicesDefault'] + hci_role_services.remove('OS::TripleO::Services::CephOSD') + if sorted(hci_role_services) != sorted(compute_role_services): + print('ERROR: ServicesDefault in %s is different from' + 'ServicesDefault in roles/Compute.yaml' % hci_role_filename) return 1 return 0 @@ -170,6 +289,32 @@ def validate_docker_service(filename, tpl): % (key, filename)) return 1 + config_volume = puppet_config.get('config_volume') + expected_config_image_parameter = "Docker%sConfigImage" % to_camel_case(config_volume) + if config_volume and not expected_config_image_parameter in tpl.get('parameters', []): + print('ERROR: Missing %s heat parameter for %s config_volume.' + % (expected_config_image_parameter, config_volume)) + return 1 + + if 'docker_config' in role_data: + docker_config = role_data['docker_config'] + for _, step in docker_config.items(): + if not isinstance(step, dict): + # NOTE(mandre) this skips everything that is not a dict + # so we may ignore some containers definitions if they + # are in a map_merge for example + continue + for _, container in step.items(): + if not isinstance(container, dict): + continue + command = container.get('command', '') + if isinstance(command, list): + command = ' '.join(map(str, command)) + if 'bootstrap_host_exec' in command \ + and container.get('user') != 'root': + print('ERROR: bootstrap_host_exec needs to run as the root user.') + return 1 + if 'parameters' in tpl: for param in required_params: if param not in tpl['parameters']: @@ -211,7 +356,30 @@ def validate_service(filename, tpl): return 0 -def validate(filename): +def validate(filename, param_map): + """Validate a Heat template + + :param filename: The path to the file to validate + :param param_map: A dict which will be populated with the details of the + parameters in the template. The dict will have the + following structure: + + {'ParameterName': [ + {'filename': ./file1.yaml, + 'data': {'description': '', + 'type': string, + 'default': '', + ...} + }, + {'filename': ./file2.yaml, + 'data': {'description': '', + 'type': string, + 'default': '', + ...} + }, + ... + ]} + """ print('Validating %s' % filename) retval = 0 try: @@ -235,12 +403,17 @@ def validate(filename): if filename.endswith('hyperconverged-ceph.yaml'): retval = validate_hci_compute_services_default(filename, tpl) + if filename.startswith('./roles/ComputeHCI.yaml'): + retval = validate_hci_computehci_role(filename, tpl) + except Exception: print(traceback.format_exc()) return 1 # yaml is OK, now walk the parameters and output a warning for unused ones if 'heat_template_version' in tpl: - for p in tpl.get('parameters', {}): + for p, data in tpl.get('parameters', {}).items(): + definition = {'data': data, 'filename': filename} + param_map.setdefault(p, []).append(definition) if p in required_params: continue str_p = '\'%s\'' % p @@ -260,14 +433,17 @@ exit_val = 0 failed_files = [] base_endpoint_map = None env_endpoint_maps = list() +param_map = {} for base_path in path_args: if os.path.isdir(base_path): for subdir, dirs, files in os.walk(base_path): + if '.tox' in dirs: + dirs.remove('.tox') for f in files: if f.endswith('.yaml') and not f.endswith('.j2.yaml'): file_path = os.path.join(subdir, f) - failed = validate(file_path) + failed = validate(file_path, param_map) if failed: failed_files.append(file_path) exit_val |= failed @@ -278,7 +454,7 @@ for base_path in path_args: if env_endpoint_map: env_endpoint_maps.append(env_endpoint_map) elif os.path.isfile(base_path) and base_path.endswith('.yaml'): - failed = validate(base_path) + failed = validate(base_path, param_map) if failed: failed_files.append(base_path) exit_val |= failed @@ -310,6 +486,32 @@ else: failed_files.extend(set(envs_containing_endpoint_map) - matched_files) exit_val |= 1 +# Validate that duplicate parameters defined in multiple files all have the +# same definition. +mismatch_count = 0 +for p, defs in param_map.items(): + # Nothing to validate if the parameter is only defined once + if len(defs) == 1: + continue + check_data = [d['data'] for d in defs] + # Override excluded fields so they don't affect the result + exclusions = PARAMETER_DEFINITION_EXCLUSIONS.get(p, []) + ex_dict = {} + for field in exclusions: + ex_dict[field] = 'IGNORED' + for d in check_data: + d.update(ex_dict) + # If all items in the list are not == the first, then the check fails + if check_data.count(check_data[0]) != len(check_data): + mismatch_count += 1 + exit_val |= 1 + failed_files.extend([d['filename'] for d in defs]) + print('Mismatched parameter definitions found for "%s"' % p) + print('Definitions found:') + for d in defs: + print(' %s:\n %s' % (d['filename'], d['data'])) +print('Mismatched parameter definitions: %d' % mismatch_count) + if failed_files: print('Validation failed on:') for f in failed_files: @@ -14,10 +14,13 @@ commands = python setup.py testr --slowest --testr-args='{posargs}' commands = {posargs} [testenv:pep8] +whielist_externals = + bash commands = python ./tools/process-templates.py python ./network/endpoints/build_endpoint_map.py --check python ./tools/yaml-validate.py . + bash -c ./tools/roles-data-validation.sh [testenv:templates] commands = python ./tools/process-templates.py @@ -32,3 +35,9 @@ commands = python setup.py test --coverage --coverage-package-name=tripleo_heat_ commands = python ./tools/process-templates.py python ./tripleo_heat_templates/environment_generator.py sample-env-generator/ + +[testenv:genroledata] +whielist_externals = + bash +commands = + bash -c tools/roles-data-generate-samples.sh diff --git a/validation-scripts/all-nodes.sh b/validation-scripts/all-nodes.sh index ed7fefb7..296dcd36 100644 --- a/validation-scripts/all-nodes.sh +++ b/validation-scripts/all-nodes.sh @@ -10,12 +10,13 @@ function ping_retry() { PING_CMD=ping6 fi until [ $COUNT -ge $TIMES ]; do - if $PING_CMD -w 300 -c 1 $IP_ADDR &> /dev/null; then + if $PING_CMD -w 10 -c 1 $IP_ADDR &> /dev/null; then echo "Ping to $IP_ADDR succeeded." return 0 fi echo "Ping to $IP_ADDR failed. Retrying..." COUNT=$(($COUNT + 1)) + sleep 60 done return 1 } |