summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore2
-rw-r--r--.testr.conf4
-rw-r--r--README.rst3
-rw-r--r--ci/environments/multinode-container-upgrade.yaml70
-rw-r--r--common/README1
-rw-r--r--docker/deploy-steps-playbook.yaml9
-rwxr-xr-xdocker/docker-puppet.py100
-rw-r--r--docker/docker-steps.j231
-rwxr-xr-xdocker/docker-toool3
-rw-r--r--docker/services/aodh-api.yaml13
-rw-r--r--docker/services/aodh-evaluator.yaml4
-rw-r--r--docker/services/aodh-listener.yaml4
-rw-r--r--docker/services/aodh-notifier.yaml4
-rw-r--r--docker/services/ceilometer-agent-central.yaml4
-rw-r--r--docker/services/ceilometer-agent-compute.yaml7
-rw-r--r--docker/services/ceilometer-agent-ipmi.yaml113
-rw-r--r--docker/services/ceilometer-agent-notification.yaml6
-rw-r--r--docker/services/cinder-api.yaml156
-rw-r--r--docker/services/cinder-backup.yaml132
-rw-r--r--docker/services/cinder-scheduler.yaml120
-rw-r--r--docker/services/cinder-volume.yaml167
-rw-r--r--docker/services/collectd.yaml94
-rw-r--r--docker/services/congress-api.yaml134
-rw-r--r--docker/services/containers-common.yaml69
-rw-r--r--docker/services/database/mongodb.yaml3
-rw-r--r--docker/services/database/mysql.yaml7
-rw-r--r--docker/services/database/redis.yaml21
-rw-r--r--docker/services/ec2-api.yaml153
-rw-r--r--docker/services/etcd.yaml2
-rw-r--r--docker/services/glance-api.yaml13
-rw-r--r--docker/services/gnocchi-api.yaml13
-rw-r--r--docker/services/gnocchi-metricd.yaml4
-rw-r--r--docker/services/gnocchi-statsd.yaml4
-rw-r--r--docker/services/heat-api-cfn.yaml4
-rw-r--r--docker/services/heat-api.yaml4
-rw-r--r--docker/services/heat-engine.yaml5
-rw-r--r--docker/services/horizon.yaml128
-rw-r--r--docker/services/ironic-api.yaml8
-rw-r--r--docker/services/ironic-pxe.yaml4
-rw-r--r--docker/services/iscsid.yaml109
-rw-r--r--docker/services/keystone.yaml9
-rw-r--r--docker/services/memcached.yaml1
-rw-r--r--docker/services/mistral-api.yaml12
-rw-r--r--docker/services/multipathd.yaml89
-rw-r--r--docker/services/neutron-api.yaml9
-rw-r--r--docker/services/neutron-l3.yaml6
-rw-r--r--docker/services/neutron-metadata.yaml4
-rw-r--r--docker/services/neutron-ovs-agent.yaml6
-rw-r--r--docker/services/nova-api.yaml12
-rw-r--r--docker/services/nova-compute.yaml8
-rw-r--r--docker/services/nova-consoleauth.yaml108
-rw-r--r--docker/services/nova-ironic.yaml2
-rw-r--r--docker/services/nova-libvirt.yaml30
-rw-r--r--docker/services/nova-placement.yaml4
-rw-r--r--docker/services/nova-vnc-proxy.yaml108
-rw-r--r--docker/services/pacemaker/cinder-volume.yaml170
-rw-r--r--docker/services/pacemaker/haproxy.yaml23
-rw-r--r--docker/services/panko-api.yaml15
-rw-r--r--docker/services/rabbitmq.yaml4
-rw-r--r--docker/services/sahara-api.yaml119
-rw-r--r--docker/services/sahara-engine.yaml110
-rw-r--r--docker/services/sensu-client.yaml131
-rw-r--r--docker/services/services.yaml105
-rw-r--r--docker/services/swift-proxy.yaml4
-rw-r--r--docker/services/swift-ringbuilder.yaml15
-rw-r--r--docker/services/swift-storage.yaml23
-rw-r--r--docker/services/tacker.yaml133
-rw-r--r--docker/services/zaqar.yaml4
-rw-r--r--environments/cinder-dellsc-config.yaml1
-rw-r--r--environments/cinder-netapp-config.yaml4
-rw-r--r--environments/docker-services-tls-everywhere.yaml10
-rw-r--r--environments/docker.yaml17
-rw-r--r--environments/enable-tls.yaml4
-rw-r--r--environments/host-config-and-reboot.j2.yaml18
-rw-r--r--environments/host-config-pre-network.j2.yaml16
-rw-r--r--environments/hyperconverged-ceph.yaml1
-rw-r--r--environments/inject-trust-anchor-hiera.yaml4
-rw-r--r--environments/inject-trust-anchor.yaml4
-rw-r--r--environments/network-isolation.j2.yaml37
-rw-r--r--environments/network-isolation.yaml59
-rw-r--r--environments/networking/neutron-midonet.yaml66
-rw-r--r--environments/neutron-midonet.yaml4
-rw-r--r--environments/neutron-ml2-ovn-ha.yaml24
-rw-r--r--environments/predictable-placement/custom-hostnames.yaml33
-rw-r--r--environments/puppet-ceph-external.yaml4
-rw-r--r--environments/services-docker/collectd.yaml2
-rw-r--r--environments/services-docker/congress.yaml2
-rw-r--r--environments/services-docker/ec2-api.yaml2
-rw-r--r--environments/services-docker/sahara.yaml3
-rw-r--r--environments/services-docker/sensu-client.yaml3
-rw-r--r--environments/services-docker/tacker.yaml2
-rw-r--r--environments/services-docker/undercloud-ceilometer.yaml1
-rw-r--r--environments/services/ironic.yaml1
-rw-r--r--environments/ssl/enable-tls.yaml41
-rw-r--r--environments/ssl/inject-trust-anchor-hiera.yaml22
-rw-r--r--environments/ssl/inject-trust-anchor.yaml20
-rw-r--r--environments/ssl/tls-endpoints-public-dns.yaml131
-rw-r--r--environments/ssl/tls-endpoints-public-ip.yaml131
-rw-r--r--environments/ssl/tls-everywhere-endpoints-dns.yaml131
-rw-r--r--environments/storage/cinder-netapp-config.yaml119
-rw-r--r--environments/storage/cinder-nfs.yaml27
-rw-r--r--environments/storage/enable-ceph.yaml35
-rw-r--r--environments/storage/external-ceph.yaml78
-rw-r--r--environments/storage/glance-nfs.yaml34
-rw-r--r--environments/tls-endpoints-public-dns.yaml10
-rw-r--r--environments/tls-endpoints-public-ip.yaml10
-rw-r--r--environments/tls-everywhere-endpoints-dns.yaml10
-rw-r--r--environments/undercloud.yaml2
-rwxr-xr-xextraconfig/post_deploy/undercloud_post.sh94
-rw-r--r--extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml25
-rw-r--r--extraconfig/pre_network/ansible_host_config.yaml (renamed from extraconfig/pre_network/ansible_host_config.ansible)8
-rw-r--r--extraconfig/pre_network/config_then_reboot.yaml24
-rw-r--r--extraconfig/pre_network/host_config_and_reboot.role.j2.yaml33
-rw-r--r--extraconfig/pre_network/host_config_and_reboot.yaml104
-rwxr-xr-xextraconfig/tasks/pacemaker_common_functions.sh2
-rw-r--r--extraconfig/tasks/post_puppet_pacemaker.j2.yaml8
-rw-r--r--extraconfig/tasks/ssh/host_public_key.yaml8
-rwxr-xr-xextraconfig/tasks/yum_update.sh2
-rw-r--r--network/endpoints/endpoint_data.yaml2
-rw-r--r--network/endpoints/endpoint_map.yaml6
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml5
-rw-r--r--overcloud.j2.yaml5
-rw-r--r--plan-samples/README.rst22
-rw-r--r--plan-samples/plan-environment-derived-params.yaml35
-rw-r--r--puppet/all-nodes-config.yaml18
-rw-r--r--puppet/blockstorage-role.yaml49
-rw-r--r--puppet/cephstorage-role.yaml52
-rw-r--r--puppet/compute-role.yaml52
-rw-r--r--puppet/controller-role.yaml52
-rw-r--r--puppet/objectstorage-role.yaml50
-rw-r--r--puppet/puppet-steps.j227
-rw-r--r--puppet/role.role.j2.yaml51
-rw-r--r--puppet/services/certmonger-user.yaml17
-rw-r--r--puppet/services/cinder-backend-dellsc.yaml4
-rw-r--r--puppet/services/cinder-backend-netapp.yaml8
-rw-r--r--puppet/services/cinder-volume.yaml16
-rw-r--r--puppet/services/disabled/ceilometer-expirer-disabled.yaml20
-rw-r--r--puppet/services/gnocchi-base.yaml10
-rw-r--r--puppet/services/haproxy.yaml6
-rw-r--r--puppet/services/horizon.yaml2
-rw-r--r--puppet/services/ironic-conductor.yaml6
-rw-r--r--puppet/services/ironic-inspector.yaml151
-rw-r--r--puppet/services/keystone.yaml41
-rw-r--r--puppet/services/neutron-sriov-agent.yaml22
-rw-r--r--puppet/services/nova-api.yaml2
-rw-r--r--puppet/services/nova-compute.yaml26
-rw-r--r--puppet/services/ovn-dbs.yaml1
-rw-r--r--puppet/services/pacemaker/ovn-dbs.yaml61
-rw-r--r--puppet/services/pacemaker_remote.yaml38
-rw-r--r--puppet/services/panko-api.yaml4
-rw-r--r--releasenotes/notes/Introduce-ManageKeystoneFernetKeys-parameter-2478cf5fc5e64256.yaml6
-rw-r--r--releasenotes/notes/Use-KeystoneFernetKeys-parameter-bd635a106bb8e00f.yaml10
-rw-r--r--releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml5
-rw-r--r--releasenotes/notes/baremetal-role-34cb48cc30d7bdb4.yaml5
-rw-r--r--releasenotes/notes/change-panko-api-port-fb8967420cd036b1.yaml4
-rw-r--r--releasenotes/notes/derive-params-custom-plan-env-3a810ff58a68e0ad.yaml4
-rw-r--r--releasenotes/notes/example-roles-d27c748090f6a154.yaml6
-rw-r--r--releasenotes/notes/ironic-inspector-43441782bdf0f84e.yaml5
-rw-r--r--releasenotes/notes/max-active-fernet-keys-f960f08838a75eee.yaml5
-rw-r--r--releasenotes/notes/num-storage-sacks-f640be5fcd374a6b.yaml3
-rw-r--r--releasenotes/notes/ovn-ha-c0139ac519680872.yaml3
-rw-r--r--releasenotes/notes/pre-network-config-role-specific-b36cc4bd6383e493.yaml11
-rw-r--r--releasenotes/notes/remove-ceilometer-cron-85362e197ba245a0.yaml5
-rw-r--r--roles/BlockStorage.yaml29
-rw-r--r--roles/CephStorage.yaml27
-rw-r--r--roles/Compute.yaml45
-rw-r--r--roles/Controller.yaml127
-rw-r--r--roles/ControllerOpenstack.yaml104
-rw-r--r--roles/Database.yaml25
-rw-r--r--roles/IronicConductor.yaml21
-rw-r--r--roles/Messaging.yaml24
-rw-r--r--roles/Networker.yaml38
-rw-r--r--roles/ObjectStorage.yaml30
-rw-r--r--roles/README.rst210
-rw-r--r--roles/Telemetry.yaml32
-rw-r--r--roles/Undercloud.yaml56
-rw-r--r--roles_data.yaml339
-rw-r--r--roles_data_undercloud.yaml60
-rw-r--r--sample-env-generator/README.rst160
-rw-r--r--sample-env-generator/networking.yaml32
-rw-r--r--sample-env-generator/predictable-placement.yaml17
-rw-r--r--sample-env-generator/ssl.yaml459
-rw-r--r--sample-env-generator/storage.yaml133
-rw-r--r--services.yaml (renamed from puppet/services/services.yaml)15
-rw-r--r--test-requirements.txt8
-rwxr-xr-xtools/yaml-validate.py19
-rw-r--r--tox.ini10
-rw-r--r--tripleo_heat_templates/__init__.py0
-rwxr-xr-xtripleo_heat_templates/environment_generator.py212
-rw-r--r--tripleo_heat_templates/tests/__init__.py0
-rw-r--r--tripleo_heat_templates/tests/test_environment_generator.py498
191 files changed, 7287 insertions, 803 deletions
diff --git a/.gitignore b/.gitignore
index cea6064d..2d067214 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,8 +22,10 @@ lib64
pip-log.txt
# Unit test / coverage reports
+cover
.coverage
.tox
+.testrepository
nosetests.xml
# Translations
diff --git a/.testr.conf b/.testr.conf
new file mode 100644
index 00000000..5837838f
--- /dev/null
+++ b/.testr.conf
@@ -0,0 +1,4 @@
+[DEFAULT]
+test_command=OS_STDOUT_CAPTURE=1 OS_STDERR_CAPTURE=1 OS_TEST_TIMEOUT=60 OS_LOG_CAPTURE=1 ${PYTHON:-python} -m subunit.run discover -t ./tripleo_heat_templates ./tripleo_heat_templates $LISTOPT $IDOPTION
+test_id_option=--load-list $IDFILE
+test_list_option=--list
diff --git a/README.rst b/README.rst
index 6a753c0f..988a0d86 100644
--- a/README.rst
+++ b/README.rst
@@ -54,6 +54,9 @@ A description of the directory layout in TripleO Heat Templates.
* validation-scripts: validation scripts useful to all deployment
configurations
+ * roles: example roles that can be used with the tripleoclient to generate
+ a roles_data.yaml for a deployment See the
+ `roles/README.rst <roles/README.rst>`_ for additional details.
Service testing matrix
----------------------
diff --git a/ci/environments/multinode-container-upgrade.yaml b/ci/environments/multinode-container-upgrade.yaml
deleted file mode 100644
index 24bb1f49..00000000
--- a/ci/environments/multinode-container-upgrade.yaml
+++ /dev/null
@@ -1,70 +0,0 @@
-# NOTE: This is an environment specific for containers CI. Mainly we
-# deploy non-pacemakerized overcloud. Once we are able to deploy and
-# upgrade pacemakerized and containerized overcloud, we should remove
-# this file and use normal CI multinode environments/scenarios.
-
-resource_registry:
- OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
- OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
-
- # NOTE: This is needed because of upgrades from Ocata to Pike. We
- # deploy the initial environment with Ocata templates, and
- # overcloud-resource-registry.yaml there doesn't have this Docker
- # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
- # remove this.
- OS::TripleO::Services::Docker: OS::Heat::None
-
-parameter_defaults:
- ControllerServices:
- - OS::TripleO::Services::CephMon
- - OS::TripleO::Services::CephOSD
- - OS::TripleO::Services::CinderApi
- - OS::TripleO::Services::CinderScheduler
- - OS::TripleO::Services::CinderVolume
- - OS::TripleO::Services::Docker
- - OS::TripleO::Services::Kernel
- - OS::TripleO::Services::Keystone
- - OS::TripleO::Services::GlanceApi
- - OS::TripleO::Services::HeatApi
- - OS::TripleO::Services::HeatApiCfn
- - OS::TripleO::Services::HeatApiCloudwatch
- - OS::TripleO::Services::HeatEngine
- - OS::TripleO::Services::MySQL
- - OS::TripleO::Services::MySQLClient
- - OS::TripleO::Services::NeutronDhcpAgent
- - OS::TripleO::Services::NeutronL3Agent
- - OS::TripleO::Services::NeutronMetadataAgent
- - OS::TripleO::Services::NeutronServer
- - OS::TripleO::Services::NeutronCorePlugin
- - OS::TripleO::Services::NeutronOvsAgent
- - OS::TripleO::Services::RabbitMQ
- - OS::TripleO::Services::HAproxy
- - OS::TripleO::Services::Keepalived
- - OS::TripleO::Services::Memcached
- - OS::TripleO::Services::Pacemaker
- - OS::TripleO::Services::NovaConductor
- - OS::TripleO::Services::NovaApi
- - OS::TripleO::Services::NovaPlacement
- - OS::TripleO::Services::NovaMetadata
- - OS::TripleO::Services::NovaScheduler
- - OS::TripleO::Services::Ntp
- - OS::TripleO::Services::SwiftProxy
- - OS::TripleO::Services::SwiftStorage
- - OS::TripleO::Services::SwiftRingBuilder
- - OS::TripleO::Services::Snmp
- - OS::TripleO::Services::Timezone
- - OS::TripleO::Services::TripleoPackages
- - OS::TripleO::Services::NovaCompute
- - OS::TripleO::Services::NovaLibvirt
- - OS::TripleO::Services::Sshd
- ControllerExtraConfig:
- nova::compute::libvirt::services::libvirt_virt_type: qemu
- nova::compute::libvirt::libvirt_virt_type: qemu
- # Required for Centos 7.3 and Qemu 2.6.0
- nova::compute::libvirt::libvirt_cpu_mode: 'none'
- #NOTE(gfidente): not great but we need this to deploy on ext4
- #http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
- ceph::profile::params::osd_max_object_name_len: 256
- ceph::profile::params::osd_max_object_namespace_len: 64
- SwiftCeilometerPipelineEnabled: False
- Debug: True
diff --git a/common/README b/common/README
new file mode 100644
index 00000000..6a523118
--- /dev/null
+++ b/common/README
@@ -0,0 +1 @@
+This will contain some common templates but it needs to be added to the RPM spec first
diff --git a/docker/deploy-steps-playbook.yaml b/docker/deploy-steps-playbook.yaml
index a0beaa2c..b3cb500f 100644
--- a/docker/deploy-steps-playbook.yaml
+++ b/docker/deploy-steps-playbook.yaml
@@ -23,12 +23,15 @@
##################################################
# Per step starting of the containers using paunch
##################################################
- - name: Check if /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json exists
+ - name: Check if /var/lib/hashed-tripleo-config/docker-container-startup-config-step_{{step}}.json exists
stat:
- path: /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json
+ path: /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json
register: docker_config_json
+ # Note docker-puppet.py generates the hashed-*.json file, which is a copy of
+ # the *step_n.json with a hash of the generated external config added
+ # This acts as a salt to enable restarting the container if config changes
- name: Start containers for step {{step}}
- command: paunch --debug apply --file /var/lib/tripleo-config/docker-container-startup-config-step_{{step}}.json --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}}
+ command: paunch --debug apply --file /var/lib/tripleo-config/hashed-docker-container-startup-config-step_{{step}}.json --config-id tripleo_step{{step}} --managed-by tripleo-{{role_name}}
when: docker_config_json.stat.exists
changed_when: false
check_mode: no
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py
index d9d0c255..13211676 100755
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@@ -18,9 +18,11 @@
# that can be used to generate config files or run ad-hoc puppet modules
# inside of a container.
+import glob
import json
import logging
import os
+import sys
import subprocess
import sys
import tempfile
@@ -55,6 +57,28 @@ def pull_image(name):
log.debug(cmd_stderr)
+def match_config_volume(prefix, config):
+ # Match the mounted config volume - we can't just use the
+ # key as e.g "novacomute" consumes config-data/nova
+ volumes = config.get('volumes', [])
+ config_volume=None
+ for v in volumes:
+ if v.startswith(prefix):
+ config_volume = os.path.relpath(
+ v.split(":")[0], prefix).split("/")[0]
+ break
+ return config_volume
+
+
+def get_config_hash(prefix, config_volume):
+ hashfile = os.path.join(prefix, "%s.md5sum" % config_volume)
+ hash_data = None
+ if os.path.isfile(hashfile):
+ with open(hashfile) as f:
+ hash_data = f.read().rstrip()
+ return hash_data
+
+
def rm_container(name):
if os.environ.get('SHOW_DIFF', None):
log.info('Diffing container: %s' % name)
@@ -166,37 +190,34 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
if [ -n "$PUPPET_TAGS" ]; then
TAGS="--tags \"$PUPPET_TAGS\""
fi
+
+ # workaround LP1696283
+ mkdir -p /etc/ssh
+ touch /etc/ssh/ssh_known_hosts
+
FACTER_hostname=$HOSTNAME FACTER_uuid=docker /usr/bin/puppet apply --verbose $TAGS /etc/config.pp
# Disables archiving
if [ -z "$NO_ARCHIVE" ]; then
- rm -Rf /var/lib/config-data/${NAME}
-
- # copying etc should be enough for most services
- mkdir -p /var/lib/config-data/${NAME}/etc
- cp -a /etc/* /var/lib/config-data/${NAME}/etc/
-
- # workaround LP1696283
- mkdir -p /var/lib/config-data/${NAME}/etc/ssh
- touch /var/lib/config-data/${NAME}/etc/ssh/ssh_known_hosts
-
- if [ -d /root/ ]; then
- cp -a /root/ /var/lib/config-data/${NAME}/root/
- fi
- if [ -d /var/lib/ironic/tftpboot/ ]; then
- mkdir -p /var/lib/config-data/${NAME}/var/lib/ironic/
- cp -a /var/lib/ironic/tftpboot/ /var/lib/config-data/${NAME}/var/lib/ironic/tftpboot/
- fi
- if [ -d /var/lib/ironic/httpboot/ ]; then
- mkdir -p /var/lib/config-data/${NAME}/var/lib/ironic/
- cp -a /var/lib/ironic/httpboot/ /var/lib/config-data/${NAME}/var/lib/ironic/httpboot/
- fi
-
- # apache services may files placed in /var/www/
- if [ -d /var/www/ ]; then
- mkdir -p /var/lib/config-data/${NAME}/var/www
- cp -a /var/www/* /var/lib/config-data/${NAME}/var/www/
- fi
+ archivedirs=("/etc" "/root" "/var/lib/ironic/tftpboot" "/var/lib/ironic/httpboot" "/var/www")
+ rsync_srcs=""
+ for d in "${archivedirs[@]}"; do
+ if [ -d "$d" ]; then
+ rsync_srcs+=" $d"
+ fi
+ done
+ rsync -a -R --delay-updates --delete-after $rsync_srcs /var/lib/config-data/${NAME}
+
+ # Also make a copy of files modified during puppet run
+ # This is useful for debugging
+ mkdir -p /var/lib/config-data/puppet-generated/${NAME}
+ rsync -a -R -0 --delay-updates --delete-after \
+ --files-from=<(find $rsync_srcs -newer /etc/ssh/ssh_known_hosts -print0) \
+ / /var/lib/config-data/puppet-generated/${NAME}
+
+ # Write a checksum of the config-data dir, this is used as a
+ # salt to trigger container restart when the config changes
+ tar cf - /var/lib/config-data/${NAME} | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum
fi
""")
@@ -297,5 +318,30 @@ for returncode, config_volume in zip(returncodes, config_volumes):
log.error('ERROR configuring %s' % config_volume)
success = False
+
+# Update the startup configs with the config hash we generated above
+config_volume_prefix = os.environ.get('CONFIG_VOLUME_PREFIX', '/var/lib/config-data')
+log.debug('CONFIG_VOLUME_PREFIX: %s' % config_volume_prefix)
+startup_configs = os.environ.get('STARTUP_CONFIG_PATTERN', '/var/lib/tripleo-config/docker-container-startup-config-step_*.json')
+log.debug('STARTUP_CONFIG_PATTERN: %s' % startup_configs)
+infiles = glob.glob('/var/lib/tripleo-config/docker-container-startup-config-step_*.json')
+for infile in infiles:
+ with open(infile) as f:
+ infile_data = json.load(f)
+
+ for k, v in infile_data.iteritems():
+ config_volume = match_config_volume(config_volume_prefix, v)
+ if config_volume:
+ config_hash = get_config_hash(config_volume_prefix, config_volume)
+ if config_hash:
+ env = v.get('environment', [])
+ env.append("TRIPLEO_CONFIG_HASH=%s" % config_hash)
+ log.debug("Updating config hash for %s, config_volume=%s hash=%s" % (k, config_volume, config_hash))
+ infile_data[k]['environment'] = env
+
+ outfile = os.path.join(os.path.dirname(infile), "hashed-" + os.path.basename(infile))
+ with open(outfile, 'w') as out_f:
+ json.dump(infile_data, out_f)
+
if not success:
sys.exit(1)
diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2
index a56ca02b..3dd963b9 100644
--- a/docker/docker-steps.j2
+++ b/docker/docker-steps.j2
@@ -139,10 +139,6 @@ resources:
- name: Write kolla config json files
copy: content="{{item.value|to_json}}" dest="{{item.key}}" force=yes
with_dict: "{{kolla_config}}"
- - name: Install paunch FIXME remove when packaged
- shell: |
- yum -y install python-pip
- pip install paunch
########################################################
# Bootstrap tasks, only performed on bootstrap_server_id
########################################################
@@ -220,26 +216,31 @@ resources:
{% endfor %}
# END CONFIG STEPS
- {{role.name}}PostConfig:
- type: OS::TripleO::Tasks::{{role.name}}PostConfig
+ # Note, this should be the last step to execute configuration changes.
+ # Ensure that all {{role.name}}ExtraConfigPost steps are executed
+ # after all the previous deployment steps.
+ {{role.name}}ExtraConfigPost:
depends_on:
{% for dep in roles %}
- {{dep.name}}Deployment_Step5
{% endfor %}
+ type: OS::TripleO::NodeExtraConfigPost
properties:
- servers: {get_param: servers}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
+ servers: {get_param: [servers, {{role.name}}]}
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- {{role.name}}ExtraConfigPost:
+ # The {{role.name}}PostConfig steps are in charge of
+ # quiescing all services, i.e. in the Controller case,
+ # we should run a full service reload.
+ {{role.name}}PostConfig:
+ type: OS::TripleO::Tasks::{{role.name}}PostConfig
depends_on:
{% for dep in roles %}
- - {{dep.name}}PostConfig
+ - {{dep.name}}ExtraConfigPost
{% endfor %}
- type: OS::TripleO::NodeExtraConfigPost
properties:
- servers: {get_param: [servers, {{role.name}}]}
+ servers: {get_param: servers}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
{% endfor %}
diff --git a/docker/docker-toool b/docker/docker-toool
index 36aba4a7..0b87ea92 100755
--- a/docker/docker-toool
+++ b/docker/docker-toool
@@ -75,6 +75,9 @@ def parse_opts(argv):
def docker_arg_map(key, value):
value = str(value).encode('ascii', 'ignore')
+ if len(value) == 0:
+ return ''
+
return {
'environment': "--env=%s" % value,
# 'image': value,
diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml
index f802e4e6..bda5469a 100644
--- a/docker/services/aodh-api.yaml
+++ b/docker/services/aodh-api.yaml
@@ -78,7 +78,7 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhApiImage} ]
kolla_config:
- /var/lib/kolla/config_files/aodh-api.json:
+ /var/lib/kolla/config_files/aodh_api.json:
command: /usr/sbin/httpd -DFOREGROUND
permissions:
- path: /var/log/aodh
@@ -86,16 +86,15 @@ outputs:
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
aodh_init_log:
- start_order: 0
image: *aodh_image
user: root
volumes:
- /var/log/containers/aodh:/var/log/aodh
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R aodh:aodh /var/log/aodh']
+ step_3:
aodh_db_sync:
- start_order: 1
image: *aodh_image
net: host
privileged: false
@@ -118,9 +117,11 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/aodh-api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/aodh_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- - /var/lib/config-data/aodh/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/aodh/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/aodh/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/aodh/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/aodh/var/www/:/var/www/:ro
- /var/log/containers/aodh:/var/log/aodh
-
diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml
index 9d514d0c..74ac635f 100644
--- a/docker/services/aodh-evaluator.yaml
+++ b/docker/services/aodh-evaluator.yaml
@@ -70,7 +70,7 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhEvaluatorImage} ]
kolla_config:
- /var/lib/kolla/config_files/aodh-evaluator.json:
+ /var/lib/kolla/config_files/aodh_evaluator.json:
command: /usr/bin/aodh-evaluator
permissions:
- path: /var/log/aodh
@@ -87,7 +87,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/aodh-evaluator.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/aodh_evaluator.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /var/log/containers/aodh:/var/log/aodh
environment:
diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml
index dac61087..0930f42e 100644
--- a/docker/services/aodh-listener.yaml
+++ b/docker/services/aodh-listener.yaml
@@ -70,7 +70,7 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhListenerImage} ]
kolla_config:
- /var/lib/kolla/config_files/aodh-listener.json:
+ /var/lib/kolla/config_files/aodh_listener.json:
command: /usr/bin/aodh-listener
permissions:
- path: /var/log/aodh
@@ -87,7 +87,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/aodh-listener.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/aodh_listener.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /var/log/containers/aodh:/var/log/aodh
environment:
diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml
index a22ae85e..607d9997 100644
--- a/docker/services/aodh-notifier.yaml
+++ b/docker/services/aodh-notifier.yaml
@@ -70,7 +70,7 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerAodhNotifierImage} ]
kolla_config:
- /var/lib/kolla/config_files/aodh-notifier.json:
+ /var/lib/kolla/config_files/aodh_notifier.json:
command: /usr/bin/aodh-notifier
permissions:
- path: /var/log/aodh
@@ -87,7 +87,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/aodh-notifier.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/aodh_notifier.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /var/log/containers/aodh:/var/log/aodh
environment:
diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml
index ba4ba921..9cec4a61 100644
--- a/docker/services/ceilometer-agent-central.yaml
+++ b/docker/services/ceilometer-agent-central.yaml
@@ -68,7 +68,7 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerCeilometerCentralImage} ]
kolla_config:
- /var/lib/kolla/config_files/ceilometer-agent-central.json:
+ /var/lib/kolla/config_files/ceilometer_agent_central.json:
command: /usr/bin/ceilometer-polling --polling-namespaces central
docker_config:
step_3:
@@ -89,7 +89,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/ceilometer-agent-central.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/ceilometer_agent_central.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml
index fe8dc158..8d06d094 100644
--- a/docker/services/ceilometer-agent-compute.yaml
+++ b/docker/services/ceilometer-agent-compute.yaml
@@ -68,11 +68,11 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerCeilometerComputeImage} ]
kolla_config:
- /var/lib/kolla/config_files/ceilometer-agent-compute.json:
+ /var/lib/kolla/config_files/ceilometer_agent_compute.json:
command: /usr/bin/ceilometer-polling --polling-namespaces compute
docker_config:
step_4:
- ceilometer_agent-compute:
+ ceilometer_agent_compute:
image: *ceilometer_agent_compute_image
net: host
privileged: false
@@ -81,8 +81,9 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/ceilometer-agent-compute.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/ceilometer_agent_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+ - /var/run/libvirt:/var/run/libvirt:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
upgrade_tasks:
diff --git a/docker/services/ceilometer-agent-ipmi.yaml b/docker/services/ceilometer-agent-ipmi.yaml
new file mode 100644
index 00000000..02793e48
--- /dev/null
+++ b/docker/services/ceilometer-agent-ipmi.yaml
@@ -0,0 +1,113 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Ceilometer Agent Ipmi service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCeilometerIpmiImage:
+ description: image
+ default: 'centos-binary-ceilometer-ipmi:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CeilometerAgentIpmiBase:
+ type: ../../puppet/services/ceilometer-agent-ipmi.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Ceilometer Agent Ipmi role.
+ value:
+ service_name: {get_attr: [CeilometerAgentIpmiBase, role_data, service_name]}
+ config_settings: {get_attr: [CeilometerAgentIpmiBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [CeilometerAgentIpmiBase, role_data, step_config]
+ service_config_settings: {get_attr: [CeilometerAgentIpmiBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: ceilometer
+ puppet_tags: ceilometer_config
+ step_config: *step_config
+ config_image: &ceilometer_agent_ipmi_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCeilometerIpmiImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/ceilometer-agent-ipmi.json:
+ command: /usr/bin/ceilometer-polling --polling-namespaces ipmi
+ docker_config:
+ step_3:
+ ceilometer_init_log:
+ start_order: 0
+ image: *ceilometer_agent_ipmi_image
+ user: root
+ command: ['/bin/bash', '-c', 'chown -R ceilometer:ceilometer /var/log/ceilometer']
+ volumes:
+ - /var/log/containers/ceilometer:/var/log/ceilometer
+ step_4:
+ ceilometer_agent_ipmi:
+ image: *ceilometer_agent_ipmi_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/ceilometer-agent-ipmi.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ step_5:
+ ceilometer_gnocchi_upgrade:
+ start_order: 1
+ image: *ceilometer_agent_ipmi_image
+ net: host
+ detach: false
+ privileged: false
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
+ - /var/log/containers/ceilometer:/var/log/ceilometer
+ command: "/usr/bin/bootstrap_host_exec ceilometer su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'"
+ upgrade_tasks:
+ - name: Stop and disable ceilometer agent ipmi service
+ tags: step2
+ service: name=openstack-ceilometer-agent-ipmi state=stopped enabled=no
diff --git a/docker/services/ceilometer-agent-notification.yaml b/docker/services/ceilometer-agent-notification.yaml
index 79df3306..36424e91 100644
--- a/docker/services/ceilometer-agent-notification.yaml
+++ b/docker/services/ceilometer-agent-notification.yaml
@@ -68,7 +68,7 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerCeilometerNotificationImage} ]
kolla_config:
- /var/lib/kolla/config_files/ceilometer-agent-notification.json:
+ /var/lib/kolla/config_files/ceilometer_agent_notification.json:
command: /usr/bin/ceilometer-agent-notification
docker_config:
step_3:
@@ -80,7 +80,7 @@ outputs:
volumes:
- /var/log/containers/ceilometer:/var/log/ceilometer
step_4:
- ceilometer_agent-notification:
+ ceilometer_agent_notification:
image: *ceilometer_agent_notification_image
net: host
privileged: false
@@ -89,7 +89,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/ceilometer-agent-notification.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/ceilometer_agent_notification.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ceilometer/etc/ceilometer/:/etc/ceilometer/:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml
new file mode 100644
index 00000000..94bd66d8
--- /dev/null
+++ b/docker/services/cinder-api.yaml
@@ -0,0 +1,156 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Cinder API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCinderApiImage:
+ description: image
+ default: 'centos-binary-cinder-api:latest'
+ type: string
+ # we configure all cinder services in the same cinder base container
+ DockerCinderConfigImage:
+ description: image
+ default: 'centos-binary-cinder-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CinderBase:
+ type: ../../puppet/services/cinder-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder API role.
+ value:
+ service_name: {get_attr: [CinderBase, role_data, service_name]}
+ config_settings: {get_attr: [CinderBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [CinderBase, role_data, step_config]
+ service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: cinder
+ puppet_tags: cinder_config,file,concat,file_line
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/cinder_api.json:
+ command: /usr/sbin/httpd -DFOREGROUND
+ permissions:
+ - path: /var/log/cinder
+ owner: cinder:cinder
+ recurse: true
+ docker_config:
+ step_2:
+ cinder_api_init_logs:
+ image: &cinder_api_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderApiImage} ]
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/cinder:/var/log/cinder
+ command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
+ step_3:
+ cinder_api_db_sync:
+ image: *cinder_api_image
+ net: host
+ privileged: false
+ detach: false
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
+ - /var/log/containers/cinder:/var/log/cinder
+ command:
+ - '/usr/bin/bootstrap_host_exec'
+ - 'cinder_api'
+ - "su cinder -s /bin/bash -c 'cinder-manage db sync'"
+ step_4:
+ cinder_api:
+ image: *cinder_api_image
+ net: host
+ privileged: false
+ restart: always
+ # NOTE(mandre) kolla image changes the user to 'cinder', we need it
+ # to be root to run httpd
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/cinder_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
+ - /var/lib/config-data/cinder/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/cinder/var/www/:/var/www/:ro
+ - /var/log/containers/cinder:/var/log/cinder
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/cinder
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable cinder_api service
+ tags: step2
+ service: name=httpd state=stopped enabled=no
diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml
new file mode 100644
index 00000000..0958a7e8
--- /dev/null
+++ b/docker/services/cinder-backup.yaml
@@ -0,0 +1,132 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Cinder Backup service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCinderBackupImage:
+ description: image
+ default: 'centos-binary-cinder-backup:latest'
+ type: string
+ # we configure all cinder services in the same cinder base container
+ DockerCinderConfigImage:
+ description: image
+ default: 'centos-binary-cinder-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CinderBase:
+ type: ../../puppet/services/cinder-backup.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Backup role.
+ value:
+ service_name: {get_attr: [CinderBase, role_data, service_name]}
+ config_settings: {get_attr: [CinderBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [CinderBase, role_data, step_config]
+ service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: cinder
+ puppet_tags: cinder_config,file,concat,file_line
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/cinder_backup.json:
+ command: /usr/bin/cinder-backup --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
+ permissions:
+ - path: /var/lib/cinder
+ owner: cinder:cinder
+ recurse: true
+ - path: /var/log/cinder
+ owner: cinder:cinder
+ recurse: true
+ docker_config:
+ step_3:
+ cinder_backup_init_logs:
+ start_order: 0
+ image: &cinder_backup_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderBackupImage} ]
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/cinder:/var/log/cinder
+ command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
+ step_4:
+ cinder_backup:
+ image: *cinder_backup_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
+ - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this
+ - /dev/:/dev/
+ - /run/:/run/
+ - /sys:/sys
+ - /lib/modules:/lib/modules:ro
+ - /etc/iscsi:/etc/iscsi
+ - /var/lib/cinder:/var/lib/cinder
+ - /var/log/containers/cinder:/var/log/cinder
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/lib/cinder
+ - /var/log/containers/cinder
+ upgrade_tasks:
+ - name: Stop and disable cinder_backup service
+ tags: step2
+ service: name=openstack-cinder-backup state=stopped enabled=no
diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml
new file mode 100644
index 00000000..8199c34b
--- /dev/null
+++ b/docker/services/cinder-scheduler.yaml
@@ -0,0 +1,120 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Cinder Scheduler service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCinderSchedulerImage:
+ description: image
+ default: 'centos-binary-cinder-scheduler:latest'
+ type: string
+ # we configure all cinder services in the same cinder base container
+ DockerCinderConfigImage:
+ description: image
+ default: 'centos-binary-cinder-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CinderBase:
+ type: ../../puppet/services/cinder-scheduler.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Scheduler role.
+ value:
+ service_name: {get_attr: [CinderBase, role_data, service_name]}
+ config_settings: {get_attr: [CinderBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [CinderBase, role_data, step_config]
+ service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: cinder
+ puppet_tags: cinder_config,file,concat,file_line
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/cinder_scheduler.json:
+ command: /usr/bin/cinder-scheduler --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
+ permissions:
+ - path: /var/log/cinder
+ owner: cinder:cinder
+ recurse: true
+ docker_config:
+ step_2:
+ cinder_scheduler_init_logs:
+ image: &cinder_scheduler_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderSchedulerImage} ]
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/cinder:/var/log/cinder
+ command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
+ step_4:
+ cinder_scheduler:
+ image: *cinder_scheduler_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/cinder_scheduler.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
+ - /var/log/containers/cinder:/var/log/cinder
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/log/containers/cinder
+ upgrade_tasks:
+ - name: Stop and disable cinder_scheduler service
+ tags: step2
+ service: name=openstack-cinder-scheduler state=stopped enabled=no
diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml
new file mode 100644
index 00000000..26eb10e7
--- /dev/null
+++ b/docker/services/cinder-volume.yaml
@@ -0,0 +1,167 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Cinder Volume service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCinderVolumeImage:
+ description: image
+ default: 'centos-binary-cinder-volume:latest'
+ type: string
+ # we configure all cinder services in the same cinder base container
+ DockerCinderConfigImage:
+ description: image
+ default: 'centos-binary-cinder-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ # custom parameters for the Cinder volume role
+ CinderEnableIscsiBackend:
+ default: true
+ description: Whether to enable or not the Iscsi backend for Cinder
+ type: boolean
+ CinderLVMLoopDeviceSize:
+ default: 10280
+ description: The size of the loopback file used by the cinder LVM driver.
+ type: number
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CinderBase:
+ type: ../../puppet/services/cinder-volume.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Volume role.
+ value:
+ service_name: {get_attr: [CinderBase, role_data, service_name]}
+ config_settings: {get_attr: [CinderBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [CinderBase, role_data, step_config]
+ service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: cinder
+ puppet_tags: cinder_config,file,concat,file_line
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/cinder_volume.json:
+ command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
+ permissions:
+ - path: /var/log/cinder
+ owner: cinder:cinder
+ recurse: true
+ docker_config:
+ step_3:
+ cinder_volume_init_logs:
+ start_order: 0
+ image: &cinder_volume_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ]
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/cinder:/var/log/cinder
+ command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
+ step_4:
+ cinder_volume:
+ image: *cinder_volume_image
+ net: host
+ privileged: true
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/cinder/etc/cinder/:/etc/cinder/:ro
+ - /var/lib/config-data/ceph/etc/ceph/:/etc/ceph/:ro #FIXME: we need to generate a ceph.conf with puppet for this
+ - /dev/:/dev/
+ - /run/:/run/
+ - /sys:/sys
+ - /etc/iscsi:/etc/iscsi
+ - /var/lib/cinder:/var/lib/cinder
+ - /var/log/containers/cinder:/var/log/cinder
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/log/containers/cinder
+ - /var/lib/cinder
+ - name: cinder_enable_iscsi_backend fact
+ set_fact:
+ cinder_enable_iscsi_backend: {get_param: CinderEnableIscsiBackend}
+ - name: cinder create LVM volume group dd
+ command:
+ list_join:
+ - ''
+ - - 'dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek='
+ - str_replace:
+ template: VALUE
+ params:
+ VALUE: {get_param: CinderLVMLoopDeviceSize}
+ - 'M'
+ args:
+ creates: /var/lib/cinder/cinder-volumes
+ when: cinder_enable_iscsi_backend
+ - name: cinder create LVM volume group
+ shell: |
+ if ! losetup /dev/loop2; then
+ losetup /dev/loop2 /var/lib/cinder/cinder-volumes
+ fi
+ if ! pvdisplay | grep cinder-volumes; then
+ pvcreate /dev/loop2
+ fi
+ if ! vgdisplay | grep cinder-volumes; then
+ vgcreate cinder-volumes /dev/loop2
+ fi
+ args:
+ executable: /bin/bash
+ creates: /dev/loop2
+ when: cinder_enable_iscsi_backend
+ upgrade_tasks:
+ - name: Stop and disable cinder_volume service
+ tags: step2
+ service: name=openstack-cinder-volume state=stopped enabled=no
diff --git a/docker/services/collectd.yaml b/docker/services/collectd.yaml
new file mode 100644
index 00000000..7354898b
--- /dev/null
+++ b/docker/services/collectd.yaml
@@ -0,0 +1,94 @@
+heat_template_version: pike
+
+description: >
+ Containerized collectd service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCollectdImage:
+ description: image
+ default: 'centos-binary-collectd:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CollectdBase:
+ type: ../../puppet/services/metrics/collectd.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the collectd role.
+ value:
+ service_name: {get_attr: [CollectdBase, role_data, service_name]}
+ config_settings: {get_attr: [CollectdBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [CollectdBase, role_data, step_config]
+ service_config_settings: {get_attr: [CollectdBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: collectd
+ puppet_tags: collectd_client_config
+ step_config: *step_config
+ config_image: &collectd_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCollectdImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/collectd.json:
+ command: /usr/sbin/collectd -f
+ docker_config:
+ step_3:
+ collectd:
+ image: *collectd_image
+ net: host
+ privileged: true
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/run/docker.sock:/var/run/docker.sock:rw
+ - /var/lib/kolla/config_files/collectd.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/collectd/etc/collectd/:/etc/collectd/:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable collectd service
+ tags: step2
+ service: name=collectd.service state=stopped enabled=no
+
diff --git a/docker/services/congress-api.yaml b/docker/services/congress-api.yaml
new file mode 100644
index 00000000..92b0eeb9
--- /dev/null
+++ b/docker/services/congress-api.yaml
@@ -0,0 +1,134 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Congress API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCongressApiImage:
+ description: image
+ default: 'centos-binary-congress-api:latest'
+ type: string
+ DockerCongressConfigImage:
+ description: image
+ default: 'centos-binary-congress-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ CongressApiBase:
+ type: ../../puppet/services/congress.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Congress API role.
+ value:
+ service_name: {get_attr: [CongressApiBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [CongressApiBase, role_data, config_settings]
+ step_config: &step_config
+ get_attr: [CongressApiBase, role_data, step_config]
+ service_config_settings: {get_attr: [CongressApiBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: congress
+ puppet_tags: congress_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCongressConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/congress_api.json:
+ command: /usr/bin/congress-server --config-file=/etc/congress/congress.conf --log-file=/var/log/congress/api.log
+ permissions:
+ - path: /var/log/congress
+ owner: congress:congress
+ recurse: true
+ docker_config:
+ # db sync runs before permissions set by kolla_config
+ step_2:
+ congress_init_logs:
+ image: &congress_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCongressApiImage} ]
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/congress:/var/log/congress
+ command: ['/bin/bash', '-c', 'chown -R congress:congress /var/log/congress']
+ step_3:
+ congress_db_sync:
+ image: *congress_image
+ net: host
+ privileged: false
+ detach: false
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/congress/etc/:/etc/:ro
+ - /var/log/containers/congress:/var/log/congress
+ command: "/usr/bin/bootstrap_host_exec congress su congress -s /bin/bash -c 'congress-db-manage --config-file /etc/congress/congress.conf upgrade head'"
+ step_4:
+ congress_api:
+ start_order: 15
+ image: *congress_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/congress_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/congress/etc/congress/:/etc/congress/:ro
+ - /var/log/containers/congress:/var/log/congress
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/congress
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable congress_api service
+ tags: step2
+ service: name=openstack-congress-server state=stopped enabled=no
diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml
index 973d9994..d104853f 100644
--- a/docker/services/containers-common.yaml
+++ b/docker/services/containers-common.yaml
@@ -3,19 +3,64 @@ heat_template_version: pike
description: >
Contains a static list of common things necessary for containers
+parameters:
+
+ # Required parameters
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+
outputs:
volumes:
description: Common volumes for the containers.
value:
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- # required for bootstrap_host_exec
- - /etc/puppet:/etc/puppet:ro
- # OpenSSL trusted CAs
- - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
- - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
- - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
- - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
- # Syslog socket
- - /dev/log:/dev/log
- - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
+ list_concat:
+ - - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ # required for bootstrap_host_exec
+ - /etc/puppet:/etc/puppet:ro
+ # OpenSSL trusted CAs
+ - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro
+ - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro
+ - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro
+ - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro
+ # Syslog socket
+ - /dev/log:/dev/log
+ - /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
+ - if:
+ - internal_tls_enabled
+ - - {get_param: InternalTLSCAFile}
+ - null
diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml
index 96a02f9f..5d0eb79d 100644
--- a/docker/services/database/mongodb.yaml
+++ b/docker/services/database/mongodb.yaml
@@ -87,7 +87,8 @@ outputs:
privileged: false
volumes: &mongodb_volumes
- /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/mongodb/etc/:/etc/:ro
+ - /var/lib/config-data/mongodb/etc/mongod.conf:/etc/mongod.conf:ro
+ - /var/lib/config-data/mongodb/etc/mongos.conf:/etc/mongos.conf:ro
- /etc/localtime:/etc/localtime:ro
- /var/log/containers/mongodb:/var/log/mongodb
- /var/lib/mongodb:/var/lib/mongodb
diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml
index 73578e13..9eabb719 100644
--- a/docker/services/database/mysql.yaml
+++ b/docker/services/database/mysql.yaml
@@ -87,17 +87,16 @@ outputs:
recurse: true
docker_config:
# Kolla_bootstrap runs before permissions set by kolla_config
- step_2:
+ step_1:
mysql_init_logs:
- start_order: 0
image: *mysql_image
privileged: false
user: root
volumes:
- /var/log/containers/mysql:/var/log/mariadb
command: ['/bin/bash', '-c', 'chown -R mysql:mysql /var/log/mariadb']
+ step_2:
mysql_bootstrap:
- start_order: 1
detach: false
image: *mysql_image
net: host
@@ -105,7 +104,7 @@ outputs:
command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start']
volumes: &mysql_volumes
- /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/mysql/etc/:/etc/:ro
+ - /var/lib/config-data/mysql/etc/my.cnf.d:/etc/my.cnf.d:ro
- /etc/localtime:/etc/localtime:ro
- /etc/hosts:/etc/hosts:ro
- /var/lib/mysql:/var/lib/mysql
diff --git a/docker/services/database/redis.yaml b/docker/services/database/redis.yaml
index 73df96c5..9d0d30c8 100644
--- a/docker/services/database/redis.yaml
+++ b/docker/services/database/redis.yaml
@@ -77,7 +77,17 @@ outputs:
recurse: true
docker_config:
step_1:
+ redis_init_logs:
+ start_order: 0
+ detach: false
+ image: *redis_image
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/redis:/var/log/redis
+ command: ['/bin/bash', '-c', 'chown -R redis:redis /var/log/redis']
redis:
+ start_order: 1
image: *redis_image
net: host
privileged: false
@@ -85,16 +95,19 @@ outputs:
volumes:
- /run:/run
- /var/lib/kolla/config_files/redis.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/redis/etc/:/etc/:ro
+ - /var/lib/config-data/redis/etc/redis.conf:/etc/redis.conf:ro
- /etc/localtime:/etc/localtime:ro
- - logs:/var/log/kolla
+ - /var/log/containers/redis:/var/log/redis
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- - name: create /var/run/redis
+ - name: create persistent directories
file:
- path: /var/run/redis
+ path: "{{ item }}"
state: directory
+ with_items:
+ - /var/log/containers/redis
+ - /var/run/redis
upgrade_tasks:
- name: Stop and disable redis service
tags: step2
diff --git a/docker/services/ec2-api.yaml b/docker/services/ec2-api.yaml
new file mode 100644
index 00000000..bc3654b0
--- /dev/null
+++ b/docker/services/ec2-api.yaml
@@ -0,0 +1,153 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized EC2 API service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerEc2ApiImage:
+ description: image
+ default: 'centos-binary-ec2-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ Ec2ApiPuppetBase:
+ type: ../../puppet/services/ec2-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the EC2 API role.
+ value:
+ service_name: {get_attr: [Ec2ApiPuppetBase, role_data, service_name]}
+ config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [Ec2ApiPuppetBase, role_data, step_config]
+ service_config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: ec2api
+ puppet_tags: ec2api_api_paste_ini,ec2api_config
+ step_config: *step_config
+ config_image: &ec2_api_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerEc2ApiImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/ec2_api.json:
+ command: /usr/bin/ec2-api
+ permissions:
+ - path: /var/log/ec2api
+ owner: ec2api:ec2api
+ recurse: true
+ /var/lib/kolla/config_files/ec2_api_metadata.json:
+ command: /usr/bin/ec2-api-metadata
+ permissions:
+ - path: /var/log/ec2api # default log dir for metadata service as well
+ owner: ec2api:ec2api
+ recurse: true
+ docker_config:
+ # db sync runs before permissions set by kolla_config
+ step_2:
+ ec2_api_init_logs:
+ image: *ec2_api_image
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/ec2_api:/var/log/ec2api
+ # mount ec2_api_metadata to "ec2api-metadata" only here to fix
+ # permissions of both directories in one go
+ - /var/log/containers/ec2_api_metadata:/var/log/ec2api-metadata
+ command: ['/bin/bash', '-c', 'chown -R ec2api:ec2api /var/log/ec2api /var/log/ec2api-metadata']
+ step_3:
+ ec2_api_db_sync:
+ image: *ec2_api_image
+ net: host
+ detach: false
+ privileged: false
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro
+ - /var/log/containers/ec2_api:/var/log/ec2api
+ command: "/usr/bin/bootstrap_host_exec ec2_api su ec2api -s /bin/bash -c '/usr/bin/ec2-api-manage db_sync'"
+ step_4:
+ ec2_api:
+ image: *ec2_api_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/ec2_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro
+ - /var/log/containers/ec2_api:/var/log/ec2api
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ ec2_api_metadata:
+ image: *ec2_api_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/ec2_api_metadata.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/ec2_api/etc/ec2api/:/etc/ec2api/:ro
+ - /var/log/containers/ec2_api_metadata:/var/log/ec2api
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent log directories
+ file:
+ path: /var/log/containers/{{ item }}
+ state: directory
+ with_items:
+ - ec2_api
+ - ec2_api_metadata
+ upgrade_tasks:
+ - name: Stop and disable EC2-API services
+ tags: step2
+ service: name={{ item }} state=stopped enabled=no
+ with_items:
+ - openstack-ec2-api
+ - openstack-ec2-api-metadata
diff --git a/docker/services/etcd.yaml b/docker/services/etcd.yaml
index e5a7096b..818bddd4 100644
--- a/docker/services/etcd.yaml
+++ b/docker/services/etcd.yaml
@@ -100,7 +100,7 @@ outputs:
step_config: 'include ::tripleo::profile::base::etcd'
config_image: *etcd_image
volumes:
- - /var/lib/config-data/etcd/etc/:/etc
+ - /var/lib/config-data/etcd/etc/etcd/:/etc/etcd:ro
- /var/lib/etcd:/var/lib/etcd:ro
host_prep_tasks:
- name: create /var/lib/etcd
diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml
index df8186da..5c244012 100644
--- a/docker/services/glance-api.yaml
+++ b/docker/services/glance-api.yaml
@@ -79,23 +79,22 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerGlanceApiImage} ]
kolla_config:
- /var/lib/kolla/config_files/glance-api.json:
+ /var/lib/kolla/config_files/glance_api.json:
command: /usr/bin/glance-api --config-file /usr/share/glance/glance-api-dist.conf --config-file /etc/glance/glance-api.conf
/var/lib/kolla/config_files/glance_api_tls_proxy.json:
command: /usr/sbin/httpd -DFOREGROUND
docker_config:
# Kolla_bootstrap/db_sync runs before permissions set by kolla_config
- step_3:
+ step_2:
glance_init_logs:
- start_order: 0
image: *glance_image
privileged: false
user: root
volumes:
- /var/log/containers/glance:/var/log/glance
command: ['/bin/bash', '-c', 'chown -R glance:glance /var/log/glance']
+ step_3:
glance_api_db_sync:
- start_order: 1
image: *glance_image
net: host
privileged: false
@@ -105,7 +104,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/glance-api.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/kolla/config_files/glance_api.json:/var/lib/kolla/config_files/config.json
- /var/lib/config-data/glance_api/etc/glance/:/etc/glance/:ro
- /var/log/containers/glance:/var/log/glance
environment:
@@ -136,7 +135,9 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/glance_api_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/glance_api/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/glance_api/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/glance_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/glance_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml
index e59d6095..bd1c3168 100644
--- a/docker/services/gnocchi-api.yaml
+++ b/docker/services/gnocchi-api.yaml
@@ -78,7 +78,7 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerGnocchiApiImage} ]
kolla_config:
- /var/lib/kolla/config_files/gnocchi-api.json:
+ /var/lib/kolla/config_files/gnocchi_api.json:
command: /usr/sbin/httpd -DFOREGROUND
permissions:
- path: /var/log/gnocchi
@@ -86,16 +86,15 @@ outputs:
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
gnocchi_init_log:
- start_order: 0
image: *gnocchi_image
user: root
volumes:
- /var/log/containers/gnocchi:/var/log/gnocchi
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi']
+ step_3:
gnocchi_db_sync:
- start_order: 1
image: *gnocchi_image
net: host
detach: false
@@ -118,9 +117,11 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/gnocchi-api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- - /var/lib/config-data/gnocchi/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/gnocchi/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/gnocchi/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/gnocchi/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/gnocchi/var/www/:/var/www/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
-
diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml
index 2724805b..ea26d838 100644
--- a/docker/services/gnocchi-metricd.yaml
+++ b/docker/services/gnocchi-metricd.yaml
@@ -68,7 +68,7 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerGnocchiMetricdImage} ]
kolla_config:
- /var/lib/kolla/config_files/gnocchi-metricd.json:
+ /var/lib/kolla/config_files/gnocchi_metricd.json:
command: /usr/bin/gnocchi-metricd
permissions:
- path: /var/log/gnocchi
@@ -85,7 +85,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/gnocchi-metricd.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/gnocchi_metricd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
environment:
diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml
index 305971f1..a8ae857d 100644
--- a/docker/services/gnocchi-statsd.yaml
+++ b/docker/services/gnocchi-statsd.yaml
@@ -68,7 +68,7 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerGnocchiStatsdImage} ]
kolla_config:
- /var/lib/kolla/config_files/gnocchi-statsd.json:
+ /var/lib/kolla/config_files/gnocchi_statsd.json:
command: /usr/bin/gnocchi-statsd
permissions:
- path: /var/log/gnocchi
@@ -85,7 +85,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/gnocchi-statsd.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
environment:
diff --git a/docker/services/heat-api-cfn.yaml b/docker/services/heat-api-cfn.yaml
index 37fa4c81..89ba8cbd 100644
--- a/docker/services/heat-api-cfn.yaml
+++ b/docker/services/heat-api-cfn.yaml
@@ -108,7 +108,9 @@ outputs:
-
- /var/lib/kolla/config_files/heat_api_cfn.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/heat_api_cfn/etc/heat/:/etc/heat/:ro
- - /var/lib/config-data/heat_api_cfn/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/heat_api_cfn/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/heat_api_cfn/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/heat_api_cfn/var/www/:/var/www/:ro
- /var/log/containers/heat:/var/log/heat
-
diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml
index 5043aed8..834f2a0b 100644
--- a/docker/services/heat-api.yaml
+++ b/docker/services/heat-api.yaml
@@ -108,7 +108,9 @@ outputs:
-
- /var/lib/kolla/config_files/heat_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/heat_api/etc/heat/:/etc/heat/:ro
- - /var/lib/config-data/heat_api/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/heat_api/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/heat_api/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/heat_api/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/heat_api/var/www/:/var/www/:ro
- /var/log/containers/heat:/var/log/heat
-
diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml
index 0adad538..7a3312dd 100644
--- a/docker/services/heat-engine.yaml
+++ b/docker/services/heat-engine.yaml
@@ -80,16 +80,15 @@ outputs:
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
heat_init_log:
- start_order: 0
image: *heat_engine_image
user: root
volumes:
- /var/log/containers/heat:/var/log/heat
command: ['/bin/bash', '-c', 'chown -R heat:heat /var/log/heat']
+ step_3:
heat_engine_db_sync:
- start_order: 1
image: *heat_engine_image
net: host
privileged: false
diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml
new file mode 100644
index 00000000..13bd091c
--- /dev/null
+++ b/docker/services/horizon.yaml
@@ -0,0 +1,128 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Horizon service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerHorizonImage:
+ description: image
+ default: 'centos-binary-horizon:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ HorizonBase:
+ type: ../../puppet/services/horizon.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Horizon API role.
+ value:
+ service_name: {get_attr: [HorizonBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [HorizonBase, role_data, config_settings]
+ - horizon::vhost_extra_params:
+ add_listen: true
+ priority: 10
+ access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"'
+ options: ['FollowSymLinks','MultiViews']
+ - horizon::secure_cookies: false
+ step_config: {get_attr: [HorizonBase, role_data, step_config]}
+ service_config_settings: {get_attr: [HorizonBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: horizon
+ puppet_tags: horizon_config
+ step_config: {get_attr: [HorizonBase, role_data, step_config]}
+ config_image: &horizon_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerHorizonImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/horizon.json:
+ command: /usr/sbin/httpd -DFOREGROUND
+ permissions:
+ - path: /var/log/horizon/
+ owner: apache:apache
+ recurse: true
+ # FIXME Apache tries to write a .lock file there
+ - path: /usr/share/openstack-dashboard/openstack_dashboard/local/
+ owner: apache:apache
+ recurse: false
+ docker_config:
+ step_2:
+ horizon_fix_perms:
+ image: *horizon_image
+ user: root
+ # NOTE Set ownership for /var/log/horizon/horizon.log file here,
+ # otherwise it's created by root when generating django cache.
+ # FIXME Apache needs to read files in /etc/openstack-dashboard
+ # Need to set permissions to match the BM case,
+ # http://paste.openstack.org/show/609819/
+ command: ['/bin/bash', '-c', 'touch /var/log/horizon/horizon.log && chown -R apache:apache /var/log/horizon && chmod -R a+rx /etc/openstack-dashboard']
+ volumes:
+ - /var/log/containers/horizon:/var/log/horizon
+ - /var/lib/config-data/horizon/etc/:/etc/
+ step_3:
+ horizon:
+ image: *horizon_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/horizon/etc/httpd:/etc/httpd:ro
+ - /var/lib/config-data/horizon/etc/openstack-dashboard:/etc/openstack-dashboard:ro
+ - /var/log/containers/horizon:/var/log/horizon
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/horizon
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable horizon service (running under httpd)
+ tags: step2
+ service: name=httpd state=stopped enabled=no
+ metadata_settings:
+ get_attr: [HorizonBase, role_data, metadata_settings]
diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml
index c8978aa2..a32176af 100644
--- a/docker/services/ironic-api.yaml
+++ b/docker/services/ironic-api.yaml
@@ -82,9 +82,8 @@ outputs:
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
ironic_init_logs:
- start_order: 0
image: &ironic_image
list_join:
- '/'
@@ -94,6 +93,7 @@ outputs:
volumes:
- /var/log/containers/ironic:/var/log/ironic
command: ['/bin/bash', '-c', 'chown -R ironic:ironic /var/log/ironic']
+ step_3:
ironic_db_sync:
start_order: 1
image: *ironic_image
@@ -105,7 +105,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/config-data/ironic/etc/:/etc/:ro
+ - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro
- /var/log/containers/ironic:/var/log/ironic
command: "/usr/bin/bootstrap_host_exec ironic_api su ironic -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf'"
step_4:
@@ -120,7 +120,7 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_api.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/ironic/etc/:/etc/:ro
+ - /var/lib/config-data/ironic/etc/ironic:/etc/ironic:ro
- /var/log/containers/ironic:/var/log/ironic
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/ironic-pxe.yaml b/docker/services/ironic-pxe.yaml
index bc828e65..75c70828 100644
--- a/docker/services/ironic-pxe.yaml
+++ b/docker/services/ironic-pxe.yaml
@@ -113,7 +113,9 @@ outputs:
-
- /var/lib/kolla/config_files/ironic_pxe_http.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ironic/etc/ironic/:/etc/ironic/:ro
- - /var/lib/config-data/ironic/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/ironic/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/ironic/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/ironic/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/ironic/var/www/:/var/www/:ro
- /var/lib/ironic:/var/lib/ironic/
- /var/log/containers/ironic:/var/log/ironic
diff --git a/docker/services/iscsid.yaml b/docker/services/iscsid.yaml
new file mode 100644
index 00000000..53f5aff2
--- /dev/null
+++ b/docker/services/iscsid.yaml
@@ -0,0 +1,109 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Iscsid service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerIscsidImage:
+ description: image
+ default: 'centos-binary-iscsid:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+outputs:
+ role_data:
+ description: Role data for the Iscsid API role.
+ value:
+ service_name: iscsid
+ config_settings: {}
+ step_config: ''
+ service_config_settings: {}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: iscsid
+ #puppet_tags: file
+ step_config: ''
+ config_image: &iscsid_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerIscsidImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/iscsid.json:
+ command: /usr/sbin/iscsid -f
+ docker_config:
+ step_3:
+ iscsid:
+ start_order: 2
+ image: *iscsid_image
+ net: host
+ privileged: true
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/iscsid.json:/var/lib/kolla/config_files/config.json:ro
+ - /dev/:/dev/
+ - /run/:/run/
+ - /sys:/sys
+ - /lib/modules:/lib/modules:ro
+ - /etc/iscsi:/etc/iscsi
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create /etc/iscsi
+ file:
+ path: /etc/iscsi
+ state: directory
+ - name: stat /lib/systemd/system/iscsid.socket
+ stat: path=/lib/systemd/system/iscsid.socket
+ register: stat_iscsid_socket
+ - name: Stop and disable iscsid.socket service
+ service: name=iscsid.socket state=stopped enabled=no
+ when: stat_iscsid_socket.stat.exists
+ upgrade_tasks:
+ - name: stat /lib/systemd/system/iscsid.service
+ stat: path=/lib/systemd/system/iscsid.service
+ register: stat_iscsid_service
+ - name: Stop and disable iscsid service
+ tags: step2
+ service: name=iscsid state=stopped enabled=no
+ when: stat_iscsid_service.stat.exists
+ - name: stat /lib/systemd/system/iscsid.socket
+ stat: path=/lib/systemd/system/iscsid.socket
+ register: stat_iscsid_socket
+ - name: Stop and disable iscsid.socket service
+ tags: step2
+ service: name=iscsid.socket state=stopped enabled=no
+ when: stat_iscsid_socket.stat.exists
+ metadata_settings: {}
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index 772859ee..4cd44f21 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -95,16 +95,15 @@ outputs:
command: /usr/sbin/httpd -DFOREGROUND
docker_config:
# Kolla_bootstrap/db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
keystone_init_log:
- start_order: 0
image: *keystone_image
user: root
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R keystone:keystone /var/log/keystone']
volumes:
- /var/log/containers/keystone:/var/log/keystone
+ step_3:
keystone_db_sync:
- start_order: 1
image: *keystone_image
net: host
privileged: false
@@ -116,7 +115,9 @@ outputs:
- /var/lib/kolla/config_files/keystone.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/keystone/var/www/:/var/www/:ro
- /var/lib/config-data/keystone/etc/keystone/:/etc/keystone/:ro
- - /var/lib/config-data/keystone/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/keystone/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/keystone/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/keystone/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/log/containers/keystone:/var/log/keystone
-
if:
diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml
index d85a0878..d4539649 100644
--- a/docker/services/memcached.yaml
+++ b/docker/services/memcached.yaml
@@ -72,6 +72,7 @@ outputs:
step_1:
memcached_init_logs:
start_order: 0
+ detach: false
image: *memcached_image
privileged: false
user: root
diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml
index 5586d41b..30c3cde1 100644
--- a/docker/services/mistral-api.yaml
+++ b/docker/services/mistral-api.yaml
@@ -82,9 +82,8 @@ outputs:
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
mistral_init_logs:
- start_order: 0
image: &mistral_image
list_join:
- '/'
@@ -94,8 +93,9 @@ outputs:
volumes:
- /var/log/containers/mistral:/var/log/mistral
command: ['/bin/bash', '-c', 'chown -R mistral:mistral /var/log/mistral']
+ step_3:
mistral_db_sync:
- start_order: 1
+ start_order: 0
image: *mistral_image
net: host
privileged: false
@@ -105,11 +105,11 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/config-data/mistral/etc/:/etc/:ro
+ - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral
command: "/usr/bin/bootstrap_host_exec mistral_api su mistral -s /bin/bash -c 'mistral-db-manage --config-file /etc/mistral/mistral.conf upgrade head'"
mistral_db_populate:
- start_order: 2
+ start_order: 1
image: *mistral_image
net: host
privileged: false
@@ -119,7 +119,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/config-data/mistral/etc/:/etc/:ro
+ - /var/lib/config-data/mistral/etc/mistral/:/etc/mistral/:ro
- /var/log/containers/mistral:/var/log/mistral
# NOTE: dprince this requires that we install openstack-tripleo-common into
# the Mistral API image so that we get tripleo* actions
diff --git a/docker/services/multipathd.yaml b/docker/services/multipathd.yaml
new file mode 100644
index 00000000..d8927d4b
--- /dev/null
+++ b/docker/services/multipathd.yaml
@@ -0,0 +1,89 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Multipathd service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerMultipathdImage:
+ description: image
+ default: 'centos-binary-multipathd:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+outputs:
+ role_data:
+ description: Role data for the Multipathd API role.
+ value:
+ service_name: multipathd
+ config_settings: {}
+ step_config: ''
+ service_config_settings: {}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: multipathd
+ #puppet_tags: file
+ step_config: ''
+ config_image: &multipathd_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerMultipathdImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/multipathd.json:
+ command: /usr/sbin/multipathd -d
+ docker_config:
+ step_3:
+ multipathd:
+ start_order: 1
+ image: *multipathd_image
+ net: host
+ privileged: true
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/multipathd.json:/var/lib/kolla/config_files/config.json:ro
+ - /dev/:/dev/
+ - /run/:/run/
+ - /sys:/sys
+ - /lib/modules:/lib/modules:ro
+ - /etc/iscsi:/etc/iscsi
+ - /var/lib/cinder:/var/lib/cinder
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ upgrade_tasks:
+ - name: Stop and disable multipathd service
+ tags: step2
+ service: name=multipathd state=stopped enabled=no
+ metadata_settings: {}
diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml
index 7ce47a14..6c2d4cae 100644
--- a/docker/services/neutron-api.yaml
+++ b/docker/services/neutron-api.yaml
@@ -92,9 +92,8 @@ outputs:
command: /usr/sbin/httpd -DFOREGROUND
docker_config:
# db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
neutron_init_logs:
- start_order: 0
image: &neutron_api_image
list_join:
- '/'
@@ -104,8 +103,8 @@ outputs:
volumes:
- /var/log/containers/neutron:/var/log/neutron
command: ['/bin/bash', '-c', 'chown -R neutron:neutron /var/log/neutron']
+ step_3:
neutron_db_sync:
- start_order: 1
image: *neutron_api_image
net: host
privileged: false
@@ -150,7 +149,9 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/neutron_server_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/neutron/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/neutron/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/neutron/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/neutron/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
diff --git a/docker/services/neutron-l3.yaml b/docker/services/neutron-l3.yaml
index bd5147d3..f3a284fe 100644
--- a/docker/services/neutron-l3.yaml
+++ b/docker/services/neutron-l3.yaml
@@ -71,7 +71,7 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/neutron-l3-agent.json:
+ /var/lib/kolla/config_files/neutron_l3_agent.json:
command: /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/l3_agent.ini
permissions:
- path: /var/log/neutron
@@ -79,7 +79,7 @@ outputs:
recurse: true
docker_config:
step_4:
- neutronl3agent:
+ neutron_l3_agent:
image:
list_join:
- '/'
@@ -92,7 +92,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/neutron-l3-agent.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/neutron_l3_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- /lib/modules:/lib/modules:ro
- /run:/run
diff --git a/docker/services/neutron-metadata.yaml b/docker/services/neutron-metadata.yaml
index 88b2ca5c..69bf0c4e 100644
--- a/docker/services/neutron-metadata.yaml
+++ b/docker/services/neutron-metadata.yaml
@@ -71,7 +71,7 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/neutron-metadata-agent.json:
+ /var/lib/kolla/config_files/neutron_metadata_agent.json:
command: /usr/bin/neutron-metadata-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/metadata_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-metadata-agent
permissions:
- path: /var/log/neutron
@@ -92,7 +92,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/neutron-metadata-agent.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/neutron_metadata_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- /lib/modules:/lib/modules:ro
- /run:/run
diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml
index 89bf8663..65ad21ed 100644
--- a/docker/services/neutron-ovs-agent.yaml
+++ b/docker/services/neutron-ovs-agent.yaml
@@ -70,7 +70,7 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNeutronConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/neutron-openvswitch-agent.json:
+ /var/lib/kolla/config_files/neutron_ovs_agent.json:
command: /usr/bin/neutron-openvswitch-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/openvswitch_agent.ini --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
permissions:
- path: /var/log/neutron
@@ -78,7 +78,7 @@ outputs:
recurse: true
docker_config:
step_4:
- neutronovsagent:
+ neutron_ovs_agent:
image: &neutron_ovs_agent_image
list_join:
- '/'
@@ -91,7 +91,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/neutron-openvswitch-agent.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/neutron_ovs_agent.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/neutron/etc/neutron/:/etc/neutron/:ro
- /lib/modules:/lib/modules:ro
- /run:/run
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index 2375dada..c97f45de 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -86,9 +86,8 @@ outputs:
recurse: true
docker_config:
# db sync runs before permissions set by kolla_config
- step_3:
+ step_2:
nova_init_logs:
- start_order: 0
image: &nova_api_image
list_join:
- '/'
@@ -98,8 +97,9 @@ outputs:
volumes:
- /var/log/containers/nova:/var/log/nova
command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
+ step_3:
nova_api_db_sync:
- start_order: 1
+ start_order: 0
image: *nova_api_image
net: host
detach: false
@@ -116,7 +116,7 @@ outputs:
# to be capable of upgrading a baremetal setup. This is to ensure the name
# of the cell is 'default'
nova_api_map_cell0:
- start_order: 2
+ start_order: 1
image: *nova_api_image
net: host
detach: false
@@ -124,7 +124,7 @@ outputs:
volumes: *nova_api_volumes
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 map_cell0'"
nova_api_create_default_cell:
- start_order: 3
+ start_order: 2
image: *nova_api_image
net: host
detach: false
@@ -136,7 +136,7 @@ outputs:
user: root
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 create_cell --name=default'"
nova_db_sync:
- start_order: 4
+ start_order: 3
image: *nova_api_image
net: host
detach: false
diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml
index 4f10a1a3..9f647eba 100644
--- a/docker/services/nova-compute.yaml
+++ b/docker/services/nova-compute.yaml
@@ -74,7 +74,7 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNovaComputeImage} ]
kolla_config:
- /var/lib/kolla/config_files/nova-compute.json:
+ /var/lib/kolla/config_files/nova_compute.json:
command: /usr/bin/nova-compute --config-file /etc/nova/nova.conf --config-file /etc/nova/rootwrap.conf
permissions:
- path: /var/log/nova
@@ -86,17 +86,17 @@ outputs:
docker_config:
# FIXME: run discover hosts here
step_4:
- novacompute:
+ nova_compute:
image: *nova_compute_image
net: host
privileged: true
- user: root
+ user: nova
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/nova-compute.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/nova_compute.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/nova_libvirt/etc/nova/:/etc/nova/:ro
- /dev:/dev
- /etc/iscsi:/etc/iscsi
diff --git a/docker/services/nova-consoleauth.yaml b/docker/services/nova-consoleauth.yaml
new file mode 100644
index 00000000..19f25d8e
--- /dev/null
+++ b/docker/services/nova-consoleauth.yaml
@@ -0,0 +1,108 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Nova Consoleauth service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNovaConsoleauthImage:
+ description: image
+ default: 'centos-binary-nova-consoleauth:latest'
+ type: string
+ DockerNovaConfigImage:
+ description: image
+ default: 'centos-binary-nova-base:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ NovaConsoleauthPuppetBase:
+ type: ../../puppet/services/nova-consoleauth.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Consoleauth service.
+ value:
+ service_name: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_name]}
+ config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [NovaConsoleauthPuppetBase, role_data, step_config]
+ service_config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: nova
+ puppet_tags: nova_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/nova_consoleauth.json:
+ command: /usr/bin/nova-consoleauth
+ permissions:
+ - path: /var/log/nova
+ owner: nova:nova
+ recurse: true
+ docker_config:
+ step_4:
+ nova_consoleauth:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaConsoleauthImage} ]
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/nova_consoleauth.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+ - /var/log/containers/nova:/var/log/nova
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/nova
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable nova_consoleauth service
+ tags: step2
+ service: name=openstack-nova-consoleauth state=stopped enabled=no
diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml
index be0dd111..63780fe6 100644
--- a/docker/services/nova-ironic.yaml
+++ b/docker/services/nova-ironic.yaml
@@ -81,7 +81,7 @@ outputs:
recurse: true
docker_config:
step_5:
- novacompute:
+ nova_compute:
image:
list_join:
- '/'
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index 9779d676..6c871f14 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -44,6 +44,26 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ UseTLSTransportForLiveMigration:
+ type: boolean
+ default: true
+ description: If set to true and if EnableInternalTLS is enabled, it will
+ set the libvirt URI's transport to tls and configure the
+ relevant keys for libvirt.
+
+conditions:
+
+ use_tls_for_live_migration:
+ and:
+ - equals:
+ - {get_param: EnableInternalTLS}
+ - true
+ - equals:
+ - {get_param: UseTLSTransportForLiveMigration}
+ - true
resources:
@@ -84,8 +104,12 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
kolla_config:
- /var/lib/kolla/config_files/nova-libvirt.json:
- command: /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
+ /var/lib/kolla/config_files/nova_libvirt.json:
+ command:
+ if:
+ - use_tls_for_live_migration
+ - /usr/sbin/libvirtd --listen --config /etc/libvirt/libvirtd.conf
+ - /usr/sbin/libvirtd --config /etc/libvirt/libvirtd.conf
permissions:
- path: /var/log/nova
owner: nova:nova
@@ -105,7 +129,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/nova-libvirt.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/nova_libvirt.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/nova_libvirt/etc/libvirt/:/etc/libvirt/:ro
- /lib/modules:/lib/modules:ro
- /dev:/dev
diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml
index ae4ccf68..8f06f731 100644
--- a/docker/services/nova-placement.yaml
+++ b/docker/services/nova-placement.yaml
@@ -92,7 +92,9 @@ outputs:
-
- /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/nova_placement/etc/nova/:/etc/nova/:ro
- - /var/lib/config-data/nova_placement/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/nova_placement/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/nova_placement/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/nova_placement/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/nova_placement/var/www/:/var/www/:ro
- /var/log/containers/nova:/var/log/nova
environment:
diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml
new file mode 100644
index 00000000..97d2d154
--- /dev/null
+++ b/docker/services/nova-vnc-proxy.yaml
@@ -0,0 +1,108 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Nova Vncproxy service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerNovaVncProxyImage:
+ description: image
+ default: 'centos-binary-nova-novncproxy:latest'
+ type: string
+ DockerNovaConfigImage:
+ description: image
+ default: 'centos-binary-nova-base:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ NovaVncProxyPuppetBase:
+ type: ../../puppet/services/nova-vnc-proxy.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Nova Vncproxy service.
+ value:
+ service_name: {get_attr: [NovaVncProxyPuppetBase, role_data, service_name]}
+ config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, config_settings]}
+ step_config: &step_config
+ get_attr: [NovaVncProxyPuppetBase, role_data, step_config]
+ service_config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: nova
+ puppet_tags: nova_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/nova_vnc_proxy.json:
+ command: /usr/bin/nova-novncproxy --web /usr/share/novnc/
+ permissions:
+ - path: /var/log/nova
+ owner: nova:nova
+ recurse: true
+ docker_config:
+ step_4:
+ nova_vnc_proxy:
+ image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerNovaVncProxyImage} ]
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/nova_vnc_proxy.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
+ - /var/log/containers/nova:/var/log/nova
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/nova
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable nova_vnc_proxy service
+ tags: step2
+ service: name=openstack-nova-novncproxy state=stopped enabled=no
diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml
new file mode 100644
index 00000000..987ebaf0
--- /dev/null
+++ b/docker/services/pacemaker/cinder-volume.yaml
@@ -0,0 +1,170 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Cinder Volume service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerCinderVolumeImage:
+ description: image
+ default: 'centos-binary-cinder-volume:latest'
+ type: string
+ # we configure all cinder services in the same cinder base container
+ DockerCinderConfigImage:
+ description: image
+ default: 'centos-binary-cinder-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ # custom parameters for the Cinder volume role
+ CinderEnableIscsiBackend:
+ default: true
+ description: Whether to enable or not the Iscsi backend for Cinder
+ type: boolean
+ CinderLVMLoopDeviceSize:
+ default: 10280
+ description: The size of the loopback file used by the cinder LVM driver.
+ type: number
+
+resources:
+
+ CinderBase:
+ type: ../../../puppet/services/cinder-volume.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Volume role.
+ value:
+ service_name: {get_attr: [CinderBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [CinderBase, role_data, config_settings]
+ - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderVolumeImage} ]
+ cinder::volume::manage_service: false
+ cinder::volume::enabled: false
+ cinder::host: hostgroup
+ step_config: ""
+ service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: cinder
+ puppet_tags: cinder_config,file,concat,file_line
+ step_config: {get_attr: [CinderBase, role_data, step_config]}
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerCinderConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/cinder_volume.json:
+ command: /usr/bin/cinder-volume --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf
+ permissions:
+ - path: /var/log/cinder
+ owner: cinder:cinder
+ recurse: true
+ docker_config:
+ step_3:
+ cinder_volume_init_logs:
+ start_order: 0
+ image: *cinder_volume_image
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/cinder:/var/log/cinder
+ command: ['/bin/bash', '-c', 'chown -R cinder:cinder /var/log/cinder']
+ step_5:
+ cinder_volume_init_bundle:
+ start_order: 0
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
+ CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::volume_bundle'
+ image: *cinder_volume_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/log/containers/cinder
+ - /var/lib/cinder
+ #FIXME: all of this should be conditional on the CinderEnableIscsiBackend value being set to true
+ - name: cinder create LVM volume group dd
+ command:
+ list_join:
+ - ''
+ - - 'dd if=/dev/zero of=/var/lib/cinder/cinder-volumes bs=1 count=0 seek='
+ - str_replace:
+ template: VALUE
+ params:
+ VALUE: {get_param: CinderLVMLoopDeviceSize}
+ - 'M'
+ args:
+ creates: /var/lib/cinder/cinder-volumes
+ - name: cinder create LVM volume group
+ shell: |
+ if ! losetup /dev/loop2; then
+ losetup /dev/loop2 /var/lib/cinder/cinder-volumes
+ fi
+ if ! pvdisplay | grep cinder-volumes; then
+ pvcreate /dev/loop2
+ fi
+ if ! vgdisplay | grep cinder-volumes; then
+ vgcreate cinder-volumes /dev/loop2
+ fi
+ args:
+ executable: /bin/bash
+ creates: /dev/loop2
+ upgrade_tasks:
+ - name: Stop and disable cinder_volume service
+ tags: step2
+ service: name=openstack-cinder-volume state=stopped enabled=no
diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml
index ae19652e..7557afd6 100644
--- a/docker/services/pacemaker/haproxy.yaml
+++ b/docker/services/pacemaker/haproxy.yaml
@@ -60,11 +60,7 @@ outputs:
list_join:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerHAProxyImage} ]
- step_config:
- list_join:
- - "\n"
- - - &noop_pcmk "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }"
- - 'include ::tripleo::profile::pacemaker::haproxy_bundle'
+ step_config: ""
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
@@ -74,8 +70,8 @@ outputs:
list_join:
- "\n"
- - "exec {'wait-for-settle': command => '/bin/true' }"
- - &noop_firewall "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}"
- - *noop_pcmk
+ - "class tripleo::firewall(){}; define tripleo::firewall::rule( $port = undef, $dport = undef, $sport = undef, $proto = undef, $action = undef, $state = undef, $source = undef, $iniface = undef, $chain = undef, $destination = undef, $extras = undef){}"
+ - "['pcmk_bundle', 'pcmk_resource', 'pcmk_property', 'pcmk_constraint', 'pcmk_resource_default'].each |String $val| { noop_resource($val) }"
- 'include ::tripleo::profile::pacemaker::haproxy_bundle'
config_image: *haproxy_image
kolla_config:
@@ -88,6 +84,7 @@ outputs:
detach: false
net: host
user: root
+ privileged: true
command:
- '/bin/bash'
- '-c'
@@ -98,14 +95,20 @@ outputs:
- - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
- "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
params:
- TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+ TAGS: 'tripleo::firewall::rule,pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ip,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
CONFIG:
list_join:
- ';'
- - - *noop_firewall
- - 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::haproxy_bundle'
+ - - 'include ::tripleo::profile::base::pacemaker'
+ - 'include ::tripleo::profile::pacemaker::haproxy_bundle'
image: *haproxy_image
volumes:
+ # puppet saves iptables rules in /etc/sysconfig
+ - /etc/sysconfig:/etc/sysconfig:rw
+ # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount
+ # the necessary bit and prevent systemd to try to reload the service in the container
+ - /usr/libexec/iptables:/usr/libexec/iptables:ro
+ - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- /etc/puppet:/tmp/puppet-etc:ro
diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml
index b9e6e93a..585148e5 100644
--- a/docker/services/panko-api.yaml
+++ b/docker/services/panko-api.yaml
@@ -80,23 +80,22 @@ outputs:
- '/'
- [ {get_param: DockerNamespace}, {get_param: DockerPankoApiImage} ]
kolla_config:
- /var/lib/kolla/config_files/panko-api.json:
+ /var/lib/kolla/config_files/panko_api.json:
command: /usr/sbin/httpd -DFOREGROUND
permissions:
- path: /var/log/panko
owner: panko:panko
recurse: true
docker_config:
- step_3:
- panko-init-log:
- start_order: 0
+ step_2:
+ panko_init_log:
image: *panko_image
user: root
volumes:
- /var/log/containers/panko:/var/log/panko
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R panko:panko /var/log/panko']
+ step_3:
panko_db_sync:
- start_order: 1
image: *panko_image
net: host
detach: false
@@ -120,9 +119,11 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- - /var/lib/kolla/config_files/panko-api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/kolla/config_files/panko_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/panko/etc/panko/:/etc/panko/:ro
- - /var/lib/config-data/panko/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/panko/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/panko/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/panko/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/lib/config-data/panko/var/www/:/var/www/:ro
- /var/log/containers/panko:/var/log/panko
-
diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml
index e2f8228e..06d663c9 100644
--- a/docker/services/rabbitmq.yaml
+++ b/docker/services/rabbitmq.yaml
@@ -89,6 +89,7 @@ outputs:
step_1:
rabbitmq_init_logs:
start_order: 0
+ detach: false
image: *rabbitmq_image
privileged: false
user: root
@@ -97,6 +98,7 @@ outputs:
command: ['/bin/bash', '-c', 'chown -R rabbitmq:rabbitmq /var/log/rabbitmq']
rabbitmq_bootstrap:
start_order: 1
+ detach: false
image: *rabbitmq_image
net: host
privileged: false
@@ -146,7 +148,7 @@ outputs:
step_config: 'include ::tripleo::profile::base::rabbitmq'
config_image: *rabbitmq_image
volumes:
- - /var/lib/config-data/rabbitmq/etc/:/etc/
+ - /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:ro
host_prep_tasks:
- name: create persistent directories
diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml
new file mode 100644
index 00000000..10670796
--- /dev/null
+++ b/docker/services/sahara-api.yaml
@@ -0,0 +1,119 @@
+heat_template_version: pike
+
+description: >
+ OpenStack Sahara service configured with Puppet
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerSaharaApiImage:
+ description: image
+ default: 'centos-binary-sahara-api:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ SaharaApiPuppetBase:
+ type: ../../puppet/services/sahara-api.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Sahara API role.
+ value:
+ service_name: {get_attr: [SaharaApiPuppetBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [SaharaApiPuppetBase, role_data, config_settings]
+ - sahara::sync_db: false
+ step_config: &step_config
+ get_attr: [SaharaApiPuppetBase, role_data, step_config]
+ service_config_settings: {get_attr: [SaharaApiPuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS #
+ puppet_config:
+ config_volume: sahara
+ puppet_tags: sahara_api_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template
+ step_config: *step_config
+ config_image: &sahara_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSaharaApiImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/sahara-api.json:
+ command: /usr/bin/sahara-api --config-file /etc/sahara/sahara.conf
+ permissions:
+ - path: /var/lib/sahara
+ owner: sahara:sahara
+ recurse: true
+ - path: /var/log/sahara
+ owner: sahara:sahara
+ recurse: true
+ docker_config:
+ step_3:
+ sahara_db_sync:
+ image: *sahara_image
+ net: host
+ privileged: false
+ detach: false
+ volumes: &sahara_volumes
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/sahara-api.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro
+ - /lib/modules:/lib/modules:ro
+ - /var/lib/sahara:/var/lib/sahara
+ - /var/log/containers/sahara:/var/log/sahara
+ command: "/usr/bin/bootstrap_host_exec sahara_api su sahara -s /bin/bash -c 'sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head'"
+ step_4:
+ sahara_api:
+ image: *sahara_image
+ net: host
+ privileged: false
+ restart: always
+ volumes: *sahara_volumes
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create /var/lib/sahara
+ file:
+ path: /var/lib/sahara
+ state: directory
+ - name: create persistent sahara logs directory
+ file:
+ path: /var/log/containers/sahara
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable sahara_api service
+ tags: step2
+ service: name=openstack-sahara-api state=stopped enabled=no
diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml
new file mode 100644
index 00000000..41b5790b
--- /dev/null
+++ b/docker/services/sahara-engine.yaml
@@ -0,0 +1,110 @@
+heat_template_version: pike
+
+description: >
+ OpenStack Sahara service configured with Puppet
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerSaharaEngineImage:
+ description: image
+ default: 'centos-binary-sahara-engine:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ SaharaEnginePuppetBase:
+ type: ../../puppet/services/sahara-engine.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Sahara Engine role.
+ value:
+ service_name: {get_attr: [SaharaEnginePuppetBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [SaharaEnginePuppetBase, role_data, config_settings]
+ - sahara::sync_db: false
+ step_config: &step_config
+ get_attr: [SaharaEnginePuppetBase, role_data, step_config]
+ service_config_settings: {get_attr: [SaharaEnginePuppetBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS #
+ puppet_config:
+ config_volume: sahara
+ puppet_tags: sahara_engine_paste_ini,sahara_cluster_template,sahara_config,sahara_node_group_template
+ step_config: *step_config
+ config_image: &sahara_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSaharaEngineImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/sahara-engine.json:
+ command: /usr/bin/sahara-engine --config-file /etc/sahara/sahara.conf
+ permissions:
+ - path: /var/lib/sahara
+ owner: sahara:sahara
+ recurse: true
+ - path: /var/log/sahara
+ owner: sahara:sahara
+ recurse: true
+ docker_config:
+ step_4:
+ sahara_engine:
+ image: *sahara_image
+ net: host
+ privileged: false
+ restart: always
+ volumes: &sahara_volumes
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/sahara-engine.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/sahara/etc/sahara/:/etc/sahara/:ro
+ - /var/lib/sahara:/var/lib/sahara
+ - /var/log/containers/sahara:/var/log/sahara
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create /var/lib/sahara
+ file:
+ path: /var/lib/sahara
+ state: directory
+ - name: create persistent sahara logs directory
+ file:
+ path: /var/log/containers/sahara
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable sahara_engine service
+ tags: step2
+ service: name=openstack-sahara-engine state=stopped enabled=no
diff --git a/docker/services/sensu-client.yaml b/docker/services/sensu-client.yaml
new file mode 100644
index 00000000..e6bdf155
--- /dev/null
+++ b/docker/services/sensu-client.yaml
@@ -0,0 +1,131 @@
+heat_template_version: pike
+
+description: >
+ Containerized Sensu client service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerSensuClientImage:
+ description: image
+ default: 'centos-binary-sensu-client:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ SensuDockerCheckCommand:
+ type: string
+ default: |
+ for i in $(docker ps --format '{{.ID}}'); do
+ if result=$(docker inspect --format='{{.State.Health.Status}}' $i 2>/dev/null); then
+ if [ "$result" != 'healthy' ]; then
+ echo "$(docker inspect --format='{{.Name}}' $i) ($i): $(docker inspect --format='{{json .State}}' $i)" && exit 2;
+ fi
+ fi
+ done
+ SensuDockerCheckInterval:
+ type: number
+ description: The frequency in seconds the docker health check is executed.
+ default: 10
+ SensuDockerCheckHandlers:
+ default: []
+ description: The Sensu event handler to use for events
+ created by the docker health check.
+ type: comma_delimited_list
+ SensuDockerCheckOccurrences:
+ type: number
+ description: The number of event occurrences before sensu-plugin-aware handler should take action.
+ default: 3
+ SensuDockerCheckRefresh:
+ type: number
+ description: The number of seconds sensu-plugin-aware handlers should wait before taking second action.
+ default: 90
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ SensuClientBase:
+ type: ../../puppet/services/monitoring/sensu-client.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+
+outputs:
+ role_data:
+ description: Role data for the Sensu client role.
+ value:
+ service_name: {get_attr: [SensuClientBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [SensuClientBase, role_data, config_settings]
+ - sensu::checks:
+ check-docker-health:
+ standalone: true
+ command: {get_param: SensuDockerCheckCommand}
+ interval: {get_param: SensuDockerCheckInterval}
+ handlers: {get_param: SensuDockerCheckHandlers}
+ occurrences: {get_param: SensuDockerCheckOccurrences}
+ refresh: {get_param: SensuDockerCheckRefresh}
+ step_config: &step_config
+ get_attr: [SensuClientBase, role_data, step_config]
+ service_config_settings: {get_attr: [SensuClientBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: sensu
+ puppet_tags: sensu_rabbitmq_config,sensu_client_config,sensu_check_config,sensu_check
+ step_config: *step_config
+ config_image: &sensu_client_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerSensuClientImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/sensu-client.json:
+ command: /usr/bin/sensu-client -d /etc/sensu/conf.d/
+ docker_config:
+ step_3:
+ sensu_client:
+ image: *sensu_client_image
+ net: host
+ privileged: true
+ # NOTE(mmagr) kolla image changes the user to 'sensu', we need it
+ # to be root have rw permission to docker.sock to run successfully
+ # "docker inspect" command
+ user: root
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/run/docker.sock:/var/run/docker.sock:rw
+ - /var/lib/kolla/config_files/sensu-client.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/sensu/etc/sensu/:/etc/sensu/:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable sensu-client service
+ tags: step2
+ service: name=sensu-client.service state=stopped enabled=no
diff --git a/docker/services/services.yaml b/docker/services/services.yaml
deleted file mode 100644
index 2ad3b63d..00000000
--- a/docker/services/services.yaml
+++ /dev/null
@@ -1,105 +0,0 @@
-heat_template_version: pike
-
-description: >
- Utility stack to convert an array of services into a set of combined
- role configs.
-
-parameters:
- Services:
- default: []
- description: |
- List nested stack service templates.
- type: comma_delimited_list
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry. This
- mapping overrides those in ServiceNetMapDefaults.
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- DefaultPasswords:
- default: {}
- description: Mapping of service -> default password. Used to help
- pass top level passwords managed by Heat into services.
- type: json
- RoleName:
- default: ''
- description: Role name on which the service is applied
- type: string
- RoleParameters:
- default: {}
- description: Parameters specific to the role
- type: json
-
-resources:
-
- PuppetServices:
- type: ../../puppet/services/services.yaml
- properties:
- Services: {get_param: Services}
- ServiceNetMap: {get_param: ServiceNetMap}
- EndpointMap: {get_param: EndpointMap}
- DefaultPasswords: {get_param: DefaultPasswords}
- RoleName: {get_param: RoleName}
- RoleParameters: {get_param: RoleParameters}
-
- ServiceChain:
- type: OS::Heat::ResourceChain
- properties:
- resources: {get_param: Services}
- concurrent: true
- resource_properties:
- ServiceNetMap: {get_param: ServiceNetMap}
- EndpointMap: {get_param: EndpointMap}
- DefaultPasswords: {get_param: DefaultPasswords}
- RoleName: {get_param: RoleName}
- RoleParameters: {get_param: RoleParameters}
-
-outputs:
- role_data:
- description: Combined Role data for this set of services.
- value:
- service_names:
- {get_attr: [PuppetServices, role_data, service_names]}
- monitoring_subscriptions:
- {get_attr: [PuppetServices, role_data, monitoring_subscriptions]}
- logging_sources:
- {get_attr: [PuppetServices, role_data, logging_sources]}
- logging_groups:
- {get_attr: [PuppetServices, role_data, logging_groups]}
- service_config_settings:
- {get_attr: [PuppetServices, role_data, service_config_settings]}
- config_settings:
- {get_attr: [PuppetServices, role_data, config_settings]}
- global_config_settings:
- {get_attr: [PuppetServices, role_data, global_config_settings]}
- step_config:
- {get_attr: [ServiceChain, role_data, step_config]}
- puppet_config: {get_attr: [ServiceChain, role_data, puppet_config]}
- kolla_config:
- map_merge: {get_attr: [ServiceChain, role_data, kolla_config]}
- docker_config:
- {get_attr: [ServiceChain, role_data, docker_config]}
- docker_puppet_tasks:
- {get_attr: [ServiceChain, role_data, docker_puppet_tasks]}
- host_prep_tasks:
- yaql:
- # Note we use distinct() here to filter any identical tasks
- expression: $.data.where($ != null).select($.get('host_prep_tasks')).where($ != null).flatten().distinct()
- data: {get_attr: [ServiceChain, role_data]}
- upgrade_tasks:
- yaql:
- # Note we use distinct() here to filter any identical tasks, e.g yum update for all services
- expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct()
- data: {get_attr: [ServiceChain, role_data]}
- upgrade_batch_tasks:
- yaql:
- # Note we use distinct() here to filter any identical tasks, e.g yum update for all services
- expression: $.data.where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct()
- data: {get_attr: [ServiceChain, role_data]}
- service_metadata_settings:
- get_attr: [PuppetServices, role_data, service_metadata_settings]
diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml
index 04c4ba1e..f1d0da77 100644
--- a/docker/services/swift-proxy.yaml
+++ b/docker/services/swift-proxy.yaml
@@ -117,7 +117,9 @@ outputs:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/swift_proxy_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
- - /var/lib/config-data/swift/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/swift/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/swift/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/swift/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
- /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
environment:
diff --git a/docker/services/swift-ringbuilder.yaml b/docker/services/swift-ringbuilder.yaml
index bfd445d0..075d8d7c 100644
--- a/docker/services/swift-ringbuilder.yaml
+++ b/docker/services/swift-ringbuilder.yaml
@@ -58,6 +58,14 @@ parameters:
default: true
description: 'Use a local directory for Swift storage services when building rings'
type: boolean
+ SwiftRingGetTempurl:
+ default: ''
+ description: A temporary Swift URL to download rings from.
+ type: string
+ SwiftRingPutTempurl:
+ default: ''
+ description: A temporary Swift URL to upload rings to.
+ type: string
resources:
@@ -75,14 +83,17 @@ outputs:
description: Role data for Swift Ringbuilder configuration in containers.
value:
service_name: {get_attr: [SwiftRingbuilderBase, role_data, service_name]}
- config_settings: {get_attr: [SwiftRingbuilderBase, role_data, config_settings]}
+ config_settings:
+ map_merge:
+ - {get_attr: [SwiftRingbuilderBase, role_data, config_settings]}
+ - tripleo::profile::base::swift::ringbuilder:skip_consistency_check: true
step_config: &step_config
get_attr: [SwiftRingbuilderBase, role_data, step_config]
service_config_settings: {get_attr: [SwiftRingbuilderBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: 'swift'
- puppet_tags: exec,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance
+ puppet_tags: exec,fetch_swift_ring_tarball,extract_swift_ring_tarball,ring_object_device,swift::ringbuilder::create,tripleo::profile::base::swift::add_devices,swift::ringbuilder::rebalance,create_swift_ring_tarball,upload_swift_ring_tarball
step_config: *step_config
config_image:
list_join:
diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml
index 017fb123..55aea208 100644
--- a/docker/services/swift-storage.yaml
+++ b/docker/services/swift-storage.yaml
@@ -46,6 +46,11 @@ parameters:
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
+ SwiftRawDisks:
+ default: {}
+ description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
+ type: json
+
resources:
@@ -66,7 +71,11 @@ outputs:
description: Role data for the swift storage services.
value:
service_name: {get_attr: [SwiftStorageBase, role_data, service_name]}
- config_settings: {get_attr: [SwiftStorageBase, role_data, config_settings]}
+ config_settings:
+ map_merge:
+ - {get_attr: [SwiftStorageBase, role_data, config_settings]}
+ # FIXME (cschwede): re-enable this once checks works inside containers
+ - swift::storage::all::mount_check: false
step_config: &step_config
get_attr: [SwiftStorageBase, role_data, step_config]
service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]}
@@ -348,6 +357,18 @@ outputs:
with_items:
- /var/log/containers/swift
- /srv/node
+ - name: Format and mount devices defined in SwiftRawDisks
+ mount:
+ name: /srv/node/{{ item }}
+ src: /dev/{{ item }}
+ fstype: xfs
+ opts: noatime
+ state: mounted
+ with_items:
+ - repeat:
+ template: 'DEVICE'
+ for_each:
+ DEVICE: {get_param: SwiftRawDisks}
upgrade_tasks:
- name: Stop and disable swift storage services
tags: step2
diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml
new file mode 100644
index 00000000..df9750c9
--- /dev/null
+++ b/docker/services/tacker.yaml
@@ -0,0 +1,133 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Tacker service
+
+parameters:
+ DockerNamespace:
+ description: namespace
+ default: 'tripleoupstream'
+ type: string
+ DockerTackerImage:
+ description: image
+ default: 'centos-binary-tacker:latest'
+ type: string
+ DockerTackerConfigImage:
+ description: image
+ default: 'centos-binary-tacker:latest'
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+ TackerBase:
+ type: ../../puppet/services/tacker.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Tacker role.
+ value:
+ service_name: {get_attr: [TackerBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [TackerBase, role_data, config_settings]
+ step_config: &step_config
+ get_attr: [TackerBase, role_data, step_config]
+ service_config_settings: {get_attr: [TackerBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: tacker
+ puppet_tags: tacker_config
+ step_config: *step_config
+ config_image:
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerTackerConfigImage} ]
+ kolla_config:
+ /var/lib/kolla/config_files/tacker_api.json:
+ command: /usr/bin/tacker-server --config-file=/etc/tacker/tacker.conf --log-file=/var/log/tacker/api.log
+ permissions:
+ - path: /var/log/tacker
+ owner: tacker:tacker
+ recurse: true
+ docker_config:
+ # db sync runs before permissions set by kolla_config
+ step_2:
+ tacker_init_logs:
+ image: &tacker_image
+ list_join:
+ - '/'
+ - [ {get_param: DockerNamespace}, {get_param: DockerTackerImage} ]
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/tacker:/var/log/tacker
+ command: ['/bin/bash', '-c', 'chown -R tacker:tacker /var/log/tacker']
+ step_3:
+ tacker_db_sync:
+ image: *tacker_image
+ net: host
+ privileged: false
+ detach: false
+ user: root
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/config-data/tacker/etc/:/etc/:ro
+ - /var/log/containers/tacker:/var/log/tacker
+ command: "/usr/bin/bootstrap_host_exec tacker su tacker -s /bin/bash -c 'tacker-db-manage --config-file /etc/tacker/tacker.conf upgrade head'"
+ step_4:
+ tacker_api:
+ image: *tacker_image
+ net: host
+ privileged: false
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/tacker_api.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/tacker/etc/tacker/:/etc/tacker/:ro
+ - /var/log/containers/tacker:/var/log/tacker
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/tacker
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable tacker-server service
+ tags: step2
+ service: name=openstack-tacker-server state=stopped enabled=no
diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml
index 594df693..5ce324b9 100644
--- a/docker/services/zaqar.yaml
+++ b/docker/services/zaqar.yaml
@@ -93,7 +93,9 @@ outputs:
- /var/lib/kolla/config_files/zaqar.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/zaqar/etc/zaqar/:/etc/zaqar/:ro
- /var/lib/config-data/zaqar/var/www/:/var/www/:ro
- - /var/lib/config-data/zaqar/etc/httpd/:/etc/httpd/:ro
+ - /var/lib/config-data/zaqar/etc/httpd/conf/:/etc/httpd/conf/:ro
+ - /var/lib/config-data/zaqar/etc/httpd/conf.d/:/etc/httpd/conf.d/:ro
+ - /var/lib/config-data/zaqar/etc/httpd/conf.modules.d/:/etc/httpd/conf.modules.d/:ro
- /var/log/containers/zaqar:/var/log/zaqar
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/environments/cinder-dellsc-config.yaml b/environments/cinder-dellsc-config.yaml
index 99e517bf..681a2fe9 100644
--- a/environments/cinder-dellsc-config.yaml
+++ b/environments/cinder-dellsc-config.yaml
@@ -19,3 +19,4 @@ parameter_defaults:
CinderDellScSecondarySanLogin: 'Admin'
CinderDellScSecondarySanPassword: ''
CinderDellScSecondaryScApiPort: 3033
+ CinderDellScExcludedDomainIp: ''
diff --git a/environments/cinder-netapp-config.yaml b/environments/cinder-netapp-config.yaml
index dfd15893..83ecbbe4 100644
--- a/environments/cinder-netapp-config.yaml
+++ b/environments/cinder-netapp-config.yaml
@@ -1,3 +1,7 @@
+# *************************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/storage/cinder-netapp-config.yaml
+# instead.
+# *************************************************************************************
# A Heat environment file which can be used to enable a
# a Cinder NetApp backend, configured via puppet
resource_registry:
diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml
index 2740664c..3ca04697 100644
--- a/environments/docker-services-tls-everywhere.yaml
+++ b/environments/docker-services-tls-everywhere.yaml
@@ -35,13 +35,11 @@ resource_registry:
OS::TripleO::PostDeploySteps: ../docker/post.yaml
OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
- OS::TripleO::Services: ../docker/services/services.yaml
-
parameter_defaults:
- # Defaults to 'tripleoupstream'. Specify a local docker registry
- # Example: 192.168.24.1:8787/tripleoupstream
- DockerNamespace: tripleoupstream
- DockerNamespaceIsRegistry: false
+ # To specify a local docker registry, enable these
+ # where 192.168.24.1 is the host running docker-distribution
+ #DockerNamespace: 192.168.24.1:8787/tripleoupstream
+ #DockerNamespaceIsRegistry: true
ComputeServices:
- OS::TripleO::Services::CACerts
diff --git a/environments/docker.yaml b/environments/docker.yaml
index 5b03b084..6a5ec87a 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -2,10 +2,11 @@ resource_registry:
# This can be used when you don't want to run puppet on the host,
# e.g atomic, but it has been replaced with OS::TripleO::Services::Docker
# OS::TripleO::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
- OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
# The compute node still needs extra initialization steps
OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
+ OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
+
#NOTE (dprince) add roles to be docker enabled as we support them
OS::TripleO::Services::NovaLibvirt: ../docker/services/nova-libvirt.yaml
OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
@@ -18,7 +19,9 @@ resource_registry:
OS::TripleO::Services::NovaApi: ../docker/services/nova-api.yaml
OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml
OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml
+ OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml
OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml
+ OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml
OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
@@ -27,7 +30,6 @@ resource_registry:
OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml
OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
- OS::TripleO::Services::HAProxy: ../docker/services/haproxy.yaml
OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml
OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml
@@ -44,14 +46,21 @@ resource_registry:
OS::TripleO::Services::AodhListener: ../docker/services/aodh-listener.yaml
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml
+ OS::TripleO::Services::CeilometerAgentIpmi: ../docker/services/ceilometer-agent-ipmi.yaml
OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml
OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml
+ OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml
+ OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml
+ OS::TripleO::Services::Multipathd: ../docker/services/multipathd.yaml
+ OS::TripleO::Services::CinderApi: ../docker/services/cinder-api.yaml
+ OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml
+ # FIXME: Had to remove these to unblock containers CI. They should be put back when fixed.
+ # OS::TripleO::Services::CinderBackup: ../docker/services/cinder-backup.yaml
+ # OS::TripleO::Services::CinderVolume: ../docker/services/cinder-volume.yaml
OS::TripleO::PostDeploySteps: ../docker/post.yaml
OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
- OS::TripleO::Services: ../docker/services/services.yaml
-
parameter_defaults:
# To specify a local docker registry, enable these
# where 192.168.24.1 is the host running docker-distribution
diff --git a/environments/enable-tls.yaml b/environments/enable-tls.yaml
index 39ded654..175e1fd7 100644
--- a/environments/enable-tls.yaml
+++ b/environments/enable-tls.yaml
@@ -1,7 +1,11 @@
+# ********************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/ssl/enable-tls.yaml instead.
+# ********************************************************************************
# Use this environment to pass in certificates for SSL deployments.
# For these values to take effect, one of the tls-endpoints-*.yaml environments
# must also be used.
parameter_defaults:
+ HorizonSecureCookies: True
SSLCertificate: |
The contents of your certificate go here
SSLIntermediateCertificate: ''
diff --git a/environments/host-config-and-reboot.j2.yaml b/environments/host-config-and-reboot.j2.yaml
new file mode 100644
index 00000000..d5f69ec5
--- /dev/null
+++ b/environments/host-config-and-reboot.j2.yaml
@@ -0,0 +1,18 @@
+resource_registry:
+{% for role in roles %}
+ OS::TripleO::{{role.name}}::PreNetworkConfig: ../extraconfig/pre_network/host_config_and_reboot.yaml
+{% endfor %}
+
+#parameter_defaults:
+ # Note: There are no global parameters which can be applied to all roles as
+ # these configuration have to be specific to role.
+
+ # Sample parameters for Compute and ComputeOvsDpdk roles
+ #ComputeParameters:
+ #KernelArgs: ""
+ #TunedProfileName: ""
+ #HostIsolatedCoreList: ""
+ #ComputeOvsDpdkParameters:
+ #KernelArgs: ""
+ #TunedProfileName: ""
+ #HostIsolatedCoreList: ""
diff --git a/environments/host-config-pre-network.j2.yaml b/environments/host-config-pre-network.j2.yaml
deleted file mode 100644
index c79e28b4..00000000
--- a/environments/host-config-pre-network.j2.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-resource_registry:
-# Create the registry only for roles with the word "Compute" in it. Like ComputeOvsDpdk, ComputeSriov, etc.,
-{%- for role in roles -%}
-{% if "Compute" in role.name %}
- OS::TripleO::{{role.name}}::PreNetworkConfig: ../extraconfig/pre_network/{{role.name.lower()}}-host_config_and_reboot.yaml
-{%- endif -%}
-{% endfor %}
-
-#parameter_defaults:
- # Sample parameters for Compute and ComputeOvsDpdk roles
- #ComputeKernelArgs: ""
- #ComputeTunedProfileName: ""
- #ComputeHostCpuList: ""
- #ComputeOvsDpdkKernelArgs: ""
- #ComputeOvsDpdkTunedProfileName: ""
- #ComputeOvsDpdkHostCpuList: ""
diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml
index 0f7e1143..05a3a391 100644
--- a/environments/hyperconverged-ceph.yaml
+++ b/environments/hyperconverged-ceph.yaml
@@ -36,3 +36,4 @@ parameter_defaults:
- OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Iscsid
diff --git a/environments/inject-trust-anchor-hiera.yaml b/environments/inject-trust-anchor-hiera.yaml
index b4908c1b..95d2de95 100644
--- a/environments/inject-trust-anchor-hiera.yaml
+++ b/environments/inject-trust-anchor-hiera.yaml
@@ -1,3 +1,7 @@
+# **************************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/ssl/inject-trust-anchor-hiera.yaml
+# instead.
+# **************************************************************************************
parameter_defaults:
CAMap:
first-ca-name:
diff --git a/environments/inject-trust-anchor.yaml b/environments/inject-trust-anchor.yaml
index 3ecb0d27..1b0f7066 100644
--- a/environments/inject-trust-anchor.yaml
+++ b/environments/inject-trust-anchor.yaml
@@ -1,3 +1,7 @@
+# ********************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/ssl/inject-trust-anchor.yaml
+# instead.
+# ********************************************************************************
parameter_defaults:
SSLRootCertificate: |
The contents of your root CA certificate go here
diff --git a/environments/network-isolation.j2.yaml b/environments/network-isolation.j2.yaml
new file mode 100644
index 00000000..6a7318fc
--- /dev/null
+++ b/environments/network-isolation.j2.yaml
@@ -0,0 +1,37 @@
+{%- set primary_role = [roles[0]] -%}
+{%- for role in roles -%}
+ {%- if 'primary' in role.tags and 'controller' in role.tags -%}
+ {%- set _ = primary_role.pop() -%}
+ {%- set _ = primary_role.append(role) -%}
+ {%- endif -%}
+{%- endfor -%}
+{%- set primary_role_name = primary_role[0].name -%}
+# Enable the creation of Neutron networks for isolated Overcloud
+# traffic and configure each role to assign ports (related
+# to that role) on these networks.
+# primary role is: {{primary_role_name}}
+resource_registry:
+ # networks as defined in network_data.yaml
+ {%- for network in networks if network.enabled|default(true) %}
+ OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}.yaml
+ {%- endfor %}
+
+ # Port assignments for the VIPs
+ {%- for network in networks if network.vip %}
+ OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml
+ {%- endfor %}
+ OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
+
+
+ OS::TripleO::{{primary_role_name}}::Ports::RedisVipPort: ../network/ports/vip.yaml
+
+{%- for role in roles %}
+ # Port assignments for the {{role.name}}
+ {%- for network in networks %}
+ {%- if network.name in role.networks|default([]) and network.enabled|default(true) %}
+ OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml
+ {%- else %}
+ OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/noop.yaml
+ {%- endif %}
+ {%- endfor %}
+{%- endfor %}
diff --git a/environments/network-isolation.yaml b/environments/network-isolation.yaml
deleted file mode 100644
index a6b4b8ae..00000000
--- a/environments/network-isolation.yaml
+++ /dev/null
@@ -1,59 +0,0 @@
-# Enable the creation of Neutron networks for isolated Overcloud
-# traffic and configure each role to assign ports (related
-# to that role) on these networks.
-resource_registry:
- OS::TripleO::Network::External: ../network/external.yaml
- OS::TripleO::Network::InternalApi: ../network/internal_api.yaml
- OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml
- OS::TripleO::Network::Storage: ../network/storage.yaml
- OS::TripleO::Network::Tenant: ../network/tenant.yaml
- # Management network is optional and disabled by default.
- # To enable it, include environments/network-management.yaml
- #OS::TripleO::Network::Management: ../network/management.yaml
-
- # Port assignments for the VIPs
- OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml
- OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api.yaml
- OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage.yaml
- OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
-
- # Port assignments for the controller role
- OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml
- OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml
- OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant.yaml
- #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management.yaml
-
- # Port assignments for the compute role
- OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml
- OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api.yaml
- OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml
- OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant.yaml
- #OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management.yaml
-
- # Port assignments for the ceph storage role
- OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::InternalApiPort: ../network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management.yaml
-
- # Port assignments for the swift storage role
- OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml
- OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml
- OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management.yaml
-
- # Port assignments for the block storage role
- OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml
- OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml
- OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml
diff --git a/environments/networking/neutron-midonet.yaml b/environments/networking/neutron-midonet.yaml
new file mode 100644
index 00000000..ad8da8cf
--- /dev/null
+++ b/environments/networking/neutron-midonet.yaml
@@ -0,0 +1,66 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Enable the Neutron MidoNet Services
+# description: |
+# A Heat environment that can be used to deploy MidoNet Services
+parameter_defaults:
+ # Native Transport Port
+ # Type: string
+ CassandraClientPort: 9042
+
+ # The port for the Thrift RPC service, which is used for client connections
+ # Type: string
+ CassandraClientPortThrift: 9160
+
+ # The SSL port for encrypted communication. Unused unless enabled in encryption_options
+ # Type: string
+ CassandraSslStoragePort: 7001
+
+ # The Cassandra port for inter-node communication
+ # Type: string
+ CassandraStoragePort: 7000
+
+ # Name of the tunnel zone used to tunnel packages
+ # Type: string
+ TunnelZoneName: tunnelzone_tripleo
+
+ # Type of the tunnels on the overlay. Choose between `gre` and `vxlan`
+ # Type: string
+ TunnelZoneType: vxlan
+
+ # ******************************************************
+ # Static parameters - these are values that must be
+ # included in the environment but should not be changed.
+ # ******************************************************
+ # Whether enable Cassandra cluster on Controller
+ # Type: boolean
+ EnableCassandraOnController: True
+
+ # Whether enable Zookeeper cluster on Controller
+ # Type: boolean
+ EnableZookeeperOnController: True
+
+ # The core plugin for Neutron. The value should be the entrypoint to be loaded
+ # from neutron.core_plugins namespace.
+ # Type: string
+ NeutronCorePlugin: midonet.neutron.plugin_v1.MidonetPluginV2
+
+ # If True, DHCP provide metadata route to VM.
+ # Type: boolean
+ NeutronEnableIsolatedMetadata: True
+
+ # *********************
+ # End static parameters
+ # *********************
+resource_registry:
+ OS::TripleO::AllNodesExtraConfig: ../../puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml
+ OS::TripleO::Controller::Net::SoftwareConfig: ../../net-config-linux-bridge.yaml
+ OS::TripleO::Services::ComputeNeutronCorePlugin: ../../puppet/services/neutron-compute-plugin-midonet.yaml
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginMidonet
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
diff --git a/environments/neutron-midonet.yaml b/environments/neutron-midonet.yaml
index c120d0b3..64cea2a6 100644
--- a/environments/neutron-midonet.yaml
+++ b/environments/neutron-midonet.yaml
@@ -1,3 +1,7 @@
+# ******************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/networking/neutron-midonet
+# instead.
+# ******************************************************************************
# A Heat environment that can be used to deploy MidoNet Services
resource_registry:
OS::TripleO::AllNodesExtraConfig: ../puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml
diff --git a/environments/neutron-ml2-ovn-ha.yaml b/environments/neutron-ml2-ovn-ha.yaml
new file mode 100644
index 00000000..c592d576
--- /dev/null
+++ b/environments/neutron-ml2-ovn-ha.yaml
@@ -0,0 +1,24 @@
+# A Heat environment file which can be used to enable OVN
+# extensions, configured via puppet
+resource_registry:
+ OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN
+ OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml
+ OS::TripleO::Services::OVNDBs: ../puppet/services/pacemaker/ovn-dbs.yaml
+# Disabling Neutron services that overlap with OVN
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+
+parameter_defaults:
+ NeutronMechanismDrivers: ovn
+ OVNVifType: ovs
+ OVNNeutronSyncMode: log
+ OVNQosDriver: ovn-qos
+ OVNTunnelEncapType: geneve
+ NeutronEnableDHCPAgent: false
+ NeutronTypeDrivers: 'geneve,vxlan,vlan,flat'
+ NeutronNetworkType: 'geneve'
+ NeutronServicePlugins: 'qos,ovn-router'
+ NeutronVniRanges: ['1:65536', ]
diff --git a/environments/predictable-placement/custom-hostnames.yaml b/environments/predictable-placement/custom-hostnames.yaml
new file mode 100644
index 00000000..0d9d520b
--- /dev/null
+++ b/environments/predictable-placement/custom-hostnames.yaml
@@ -0,0 +1,33 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Custom Hostnames
+# description: |
+# Hostname format for each role
+# Note %index% is translated into the index of the node, e.g 0/1/2 etc
+# and %stackname% is replaced with OS::stack_name in the template below.
+# If you want to use the heat generated names, pass '' (empty string).
+parameter_defaults:
+ # Format for BlockStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ BlockStorageHostnameFormat: '%stackname%-blockstorage-%index%'
+
+ # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ CephStorageHostnameFormat: '%stackname%-cephstorage-%index%'
+
+ # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ComputeHostnameFormat: '%stackname%-novacompute-%index%'
+
+ # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ControllerHostnameFormat: '%stackname%-controller-%index%'
+
+ # Format for ObjectStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ObjectStorageHostnameFormat: '%stackname%-objectstorage-%index%'
+
diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml
index 5f8b02ad..2f577c26 100644
--- a/environments/puppet-ceph-external.yaml
+++ b/environments/puppet-ceph-external.yaml
@@ -1,3 +1,7 @@
+# ******************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/storage/ceph-external.yaml
+# instead.
+# ******************************************************************************
# A Heat environment file which can be used to enable the
# use of an externally managed Ceph cluster.
resource_registry:
diff --git a/environments/services-docker/collectd.yaml b/environments/services-docker/collectd.yaml
new file mode 100644
index 00000000..1623a888
--- /dev/null
+++ b/environments/services-docker/collectd.yaml
@@ -0,0 +1,2 @@
+resource_registry:
+ OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml
diff --git a/environments/services-docker/congress.yaml b/environments/services-docker/congress.yaml
new file mode 100644
index 00000000..5d4c7307
--- /dev/null
+++ b/environments/services-docker/congress.yaml
@@ -0,0 +1,2 @@
+resource_registry:
+ OS::TripleO::Services::Congress: ../../docker/services/congress-api.yaml
diff --git a/environments/services-docker/ec2-api.yaml b/environments/services-docker/ec2-api.yaml
new file mode 100644
index 00000000..24cbb032
--- /dev/null
+++ b/environments/services-docker/ec2-api.yaml
@@ -0,0 +1,2 @@
+resource_registry:
+ OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
diff --git a/environments/services-docker/sahara.yaml b/environments/services-docker/sahara.yaml
new file mode 100644
index 00000000..d0bf9fe1
--- /dev/null
+++ b/environments/services-docker/sahara.yaml
@@ -0,0 +1,3 @@
+resource_registry:
+ OS::TripleO::Services::SaharaApi: ../../docker/services/sahara-api.yaml
+ OS::TripleO::Services::SaharaEngine: ../../docker/services/sahara-engine.yaml
diff --git a/environments/services-docker/sensu-client.yaml b/environments/services-docker/sensu-client.yaml
new file mode 100644
index 00000000..c03104d2
--- /dev/null
+++ b/environments/services-docker/sensu-client.yaml
@@ -0,0 +1,3 @@
+
+resource_registry:
+ OS::TripleO::Services::SensuClient: ../../docker/services/sensu-client.yaml
diff --git a/environments/services-docker/tacker.yaml b/environments/services-docker/tacker.yaml
new file mode 100644
index 00000000..cba8d6b9
--- /dev/null
+++ b/environments/services-docker/tacker.yaml
@@ -0,0 +1,2 @@
+resource_registry:
+ OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml
diff --git a/environments/services-docker/undercloud-ceilometer.yaml b/environments/services-docker/undercloud-ceilometer.yaml
index 07a61c20..ca55b4d9 100644
--- a/environments/services-docker/undercloud-ceilometer.yaml
+++ b/environments/services-docker/undercloud-ceilometer.yaml
@@ -1,3 +1,4 @@
resource_registry:
OS::TripleO::Services::UndercloudCeilometerAgentCentral: ../../docker/services/ceilometer-agent-central.yaml
OS::TripleO::Services::UndercloudCeilometerAgentNotification: ../../docker/services/ceilometer-agent-notification.yaml
+ OS::TripleO::Services::UndercloudCeilometerAgentIpmi: ../../docker/services/ceilometer-agent-ipmi.yaml
diff --git a/environments/services/ironic.yaml b/environments/services/ironic.yaml
index b1317382..8359f4a7 100644
--- a/environments/services/ironic.yaml
+++ b/environments/services/ironic.yaml
@@ -1,5 +1,4 @@
resource_registry:
OS::TripleO::Services::IronicApi: ../../puppet/services/ironic-api.yaml
OS::TripleO::Services::IronicConductor: ../../puppet/services/ironic-conductor.yaml
- OS::TripleO::Services::IronicPxe: ../../puppet/services/ironic-pxe.yaml
OS::TripleO::Services::NovaIronic: ../../puppet/services/nova-ironic.yaml
diff --git a/environments/ssl/enable-tls.yaml b/environments/ssl/enable-tls.yaml
new file mode 100644
index 00000000..c8ed2bd2
--- /dev/null
+++ b/environments/ssl/enable-tls.yaml
@@ -0,0 +1,41 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Enable SSL on OpenStack Public Endpoints
+# description: |
+# Use this environment to pass in certificates for SSL deployments.
+# For these values to take effect, one of the tls-endpoints-*.yaml environments
+# must also be used.
+parameter_defaults:
+ # The content of the SSL certificate (without Key) in PEM format.
+ # Mandatory. This parameter must be set by the user.
+ # Type: string
+ SSLCertificate: |
+ The contents of your certificate go here
+
+ # The content of an SSL intermediate CA certificate in PEM format.
+ # Type: string
+ SSLIntermediateCertificate: ''
+
+ # The content of the SSL Key in PEM format.
+ # Mandatory. This parameter must be set by the user.
+ # Type: string
+ SSLKey: |
+ The contents of the private key go here
+
+ # ******************************************************
+ # Static parameters - these are values that must be
+ # included in the environment but should not be changed.
+ # ******************************************************
+ # The filepath of the certificate as it will be stored in the controller.
+ # Type: string
+ DeployedSSLCertificatePath: /etc/pki/tls/private/overcloud_endpoint.pem
+
+ # *********************
+ # End static parameters
+ # *********************
+resource_registry:
+ OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
diff --git a/environments/ssl/inject-trust-anchor-hiera.yaml b/environments/ssl/inject-trust-anchor-hiera.yaml
new file mode 100644
index 00000000..db3f2677
--- /dev/null
+++ b/environments/ssl/inject-trust-anchor-hiera.yaml
@@ -0,0 +1,22 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Inject SSL Trust Anchor on Overcloud Nodes
+# description: |
+# When using an SSL certificate signed by a CA that is not in the default
+# list of CAs, this environment allows adding a custom CA certificate to
+# the overcloud nodes.
+parameter_defaults:
+ # Map containing the CA certs and information needed for deploying them.
+ # Type: json
+ CAMap:
+ first-ca-name:
+ content: |
+ The content of the CA cert goes here
+ second-ca-name:
+ content: |
+ The content of the CA cert goes here
+
diff --git a/environments/ssl/inject-trust-anchor.yaml b/environments/ssl/inject-trust-anchor.yaml
new file mode 100644
index 00000000..521a4191
--- /dev/null
+++ b/environments/ssl/inject-trust-anchor.yaml
@@ -0,0 +1,20 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Inject SSL Trust Anchor on Overcloud Nodes
+# description: |
+# When using an SSL certificate signed by a CA that is not in the default
+# list of CAs, this environment allows adding a custom CA certificate to
+# the overcloud nodes.
+parameter_defaults:
+ # The content of a CA's SSL certificate file in PEM format. This is evaluated on the client side.
+ # Mandatory. This parameter must be set by the user.
+ # Type: string
+ SSLRootCertificate: |
+ The contents of your certificate go here
+
+resource_registry:
+ OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml
diff --git a/environments/ssl/tls-endpoints-public-dns.yaml b/environments/ssl/tls-endpoints-public-dns.yaml
new file mode 100644
index 00000000..216afece
--- /dev/null
+++ b/environments/ssl/tls-endpoints-public-dns.yaml
@@ -0,0 +1,131 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Deploy Public SSL Endpoints as DNS Names
+# description: |
+# Use this environment when deploying an SSL-enabled overcloud where the public
+# endpoint is a DNS name.
+parameter_defaults:
+ # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
+ # Type: json
+ EndpointMap:
+ AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
+ BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+ BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+ BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
+ CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
+ CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+ CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
+ CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
+ ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+ Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+ Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
+ GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
+ GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
+ HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
+ HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
+ HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
+ IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
+ IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+ IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+ IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
+ KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
+ KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
+ KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
+ ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
+ MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
+ MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
+ MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
+ MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
+ NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
+ NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
+ NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
+ NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
+ NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
+ NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
+ OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
+ PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
+ PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
+ PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
+ SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
+ SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+ TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+ TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+ TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
+ ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
+ ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
+ ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
+ ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
+ ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
+ ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
+
diff --git a/environments/ssl/tls-endpoints-public-ip.yaml b/environments/ssl/tls-endpoints-public-ip.yaml
new file mode 100644
index 00000000..d216ab7f
--- /dev/null
+++ b/environments/ssl/tls-endpoints-public-ip.yaml
@@ -0,0 +1,131 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Deploy Public SSL Endpoints as IP Addresses
+# description: |
+# Use this environment when deploying an SSL-enabled overcloud where the public
+# endpoint is an IP address.
+parameter_defaults:
+ # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
+ # Type: json
+ EndpointMap:
+ AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
+ BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+ BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+ BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
+ CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
+ CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
+ CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
+ CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+ Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+ Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
+ GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
+ GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
+ HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
+ HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
+ HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
+ IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
+ IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+ IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+ IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
+ KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
+ KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
+ KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
+ ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
+ MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
+ MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
+ MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
+ MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
+ NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
+ NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
+ NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
+ NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
+ NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
+ NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
+ OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
+ PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
+ PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
+ PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
+ SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
+ SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
+ TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+ TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+ TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
+ ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
+ ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
+ ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
+ ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
+ ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
+ ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'}
+
diff --git a/environments/ssl/tls-everywhere-endpoints-dns.yaml b/environments/ssl/tls-everywhere-endpoints-dns.yaml
new file mode 100644
index 00000000..63157ddd
--- /dev/null
+++ b/environments/ssl/tls-everywhere-endpoints-dns.yaml
@@ -0,0 +1,131 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Deploy All SSL Endpoints as DNS Names
+# description: |
+# Use this environment when deploying an overcloud where all the endpoints are
+# DNS names and there's TLS in all endpoint types.
+parameter_defaults:
+ # Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry.
+ # Type: json
+ EndpointMap:
+ AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
+ AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
+ AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
+ BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
+ BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
+ BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
+ CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
+ CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
+ CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
+ CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
+ CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
+ CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+ CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
+ CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
+ CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
+ CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
+ CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
+ CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
+ ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
+ Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
+ Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
+ GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
+ GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
+ GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
+ GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
+ GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
+ GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
+ HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
+ HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
+ HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
+ HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
+ HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
+ HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
+ HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
+ IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
+ IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
+ IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
+ IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
+ IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
+ IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
+ KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
+ KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
+ KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
+ ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
+ ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
+ ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
+ MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
+ MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
+ MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
+ MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
+ NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
+ NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
+ NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
+ NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
+ NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
+ NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
+ NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
+ NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
+ NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
+ NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
+ NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
+ NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
+ OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
+ PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
+ PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
+ PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
+ SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
+ SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
+ SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
+ SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
+ SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
+ SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+ TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
+ TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
+ TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
+ ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
+ ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
+ ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
+ ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
+ ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
+ ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
+
diff --git a/environments/storage/cinder-netapp-config.yaml b/environments/storage/cinder-netapp-config.yaml
new file mode 100644
index 00000000..4cdba09b
--- /dev/null
+++ b/environments/storage/cinder-netapp-config.yaml
@@ -0,0 +1,119 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Enable the Cinder NetApp Backend
+# description: |
+# A Heat environment file which can be used to enable a
+# a Cinder NetApp backend, configured via puppet
+parameter_defaults:
+ #
+ # Type: string
+ CinderNetappBackendName: tripleo_netapp
+
+ #
+ # Type: string
+ CinderNetappControllerIps: ''
+
+ #
+ # Type: string
+ CinderNetappCopyOffloadToolPath: ''
+
+ #
+ # Type: string
+ CinderNetappEseriesHostType: linux_dm_mp
+
+ #
+ # Type: string
+ CinderNetappHostType: ''
+
+ #
+ # Mandatory. This parameter must be set by the user.
+ # Type: string
+ CinderNetappLogin: <None>
+
+ #
+ # Type: string
+ CinderNetappNfsMountOptions: ''
+
+ #
+ # Type: string
+ CinderNetappNfsShares: ''
+
+ #
+ # Type: string
+ CinderNetappNfsSharesConfig: /etc/cinder/shares.conf
+
+ #
+ # Type: string
+ CinderNetappPartnerBackendName: ''
+
+ #
+ # Mandatory. This parameter must be set by the user.
+ # Type: string
+ CinderNetappPassword: <None>
+
+ #
+ # Type: string
+ CinderNetappSaPassword: ''
+
+ #
+ # Mandatory. This parameter must be set by the user.
+ # Type: string
+ CinderNetappServerHostname: <None>
+
+ #
+ # Type: string
+ CinderNetappServerPort: 80
+
+ #
+ # Type: string
+ CinderNetappSizeMultiplier: 1.2
+
+ #
+ # Type: string
+ CinderNetappStorageFamily: ontap_cluster
+
+ #
+ # Type: string
+ CinderNetappStoragePools: ''
+
+ #
+ # Type: string
+ CinderNetappStorageProtocol: nfs
+
+ #
+ # Type: string
+ CinderNetappTransportType: http
+
+ #
+ # Type: string
+ CinderNetappVfiler: ''
+
+ #
+ # Type: string
+ CinderNetappVolumeList: ''
+
+ #
+ # Type: string
+ CinderNetappVserver: ''
+
+ #
+ # Type: string
+ CinderNetappWebservicePath: /devmgr/v2
+
+ # ******************************************************
+ # Static parameters - these are values that must be
+ # included in the environment but should not be changed.
+ # ******************************************************
+ #
+ # Type: boolean
+ CinderEnableNetappBackend: True
+
+ # *********************
+ # End static parameters
+ # *********************
+resource_registry:
+ OS::TripleO::ControllerExtraConfigPre: ../../puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
diff --git a/environments/storage/cinder-nfs.yaml b/environments/storage/cinder-nfs.yaml
new file mode 100644
index 00000000..2de3e78c
--- /dev/null
+++ b/environments/storage/cinder-nfs.yaml
@@ -0,0 +1,27 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Enable Cinder NFS Backend
+# description: |
+# Configure and include this environment to enable the use of an NFS
+# share as the backend for Cinder.
+parameter_defaults:
+ # Whether to enable or not the Iscsi backend for Cinder
+ # Type: boolean
+ CinderEnableIscsiBackend: False
+
+ # Whether to enable or not the NFS backend for Cinder
+ # Type: boolean
+ CinderEnableNfsBackend: True
+
+ # Mount options for NFS mounts used by Cinder NFS backend. Effective when CinderEnableNfsBackend is true.
+ # Type: string
+ CinderNfsMountOptions: ''
+
+ # NFS servers used by Cinder NFS backend. Effective when CinderEnableNfsBackend is true.
+ # Type: comma_delimited_list
+ CinderNfsServers: 192.168.122.1:/export/cinder
+
diff --git a/environments/storage/enable-ceph.yaml b/environments/storage/enable-ceph.yaml
new file mode 100644
index 00000000..c629f74b
--- /dev/null
+++ b/environments/storage/enable-ceph.yaml
@@ -0,0 +1,35 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Enable Ceph Storage Backend
+# description: |
+# Include this environment to enable Ceph as the backend for
+# Cinder, Nova, Gnocchi, and Glance.
+parameter_defaults:
+ # The short name of the Cinder Backup backend to use.
+ # Type: string
+ CinderBackupBackend: rbd
+
+ # Whether to enable or not the Iscsi backend for Cinder
+ # Type: boolean
+ CinderEnableIscsiBackend: False
+
+ # Whether to enable or not the Rbd backend for Cinder
+ # Type: boolean
+ CinderEnableRbdBackend: True
+
+ # The short name of the Glance backend to use. Should be one of swift, rbd, or file
+ # Type: string
+ GlanceBackend: rbd
+
+ # The short name of the Gnocchi backend to use. Should be one of swift, rbd, or file
+ # Type: string
+ GnocchiBackend: rbd
+
+ # Whether to enable or not the Rbd backend for Nova
+ # Type: boolean
+ NovaEnableRbdBackend: True
+
diff --git a/environments/storage/external-ceph.yaml b/environments/storage/external-ceph.yaml
new file mode 100644
index 00000000..f1c9d516
--- /dev/null
+++ b/environments/storage/external-ceph.yaml
@@ -0,0 +1,78 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Deploy Using an External Ceph Cluster
+# description: |
+# A Heat environment file which can be used to enable the
+# use of an externally managed Ceph cluster.
+parameter_defaults:
+ # The Ceph admin client key. Can be created with ceph-authtool --gen-print-key.
+ # Type: string
+ CephAdminKey: ''
+
+ # The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ # Mandatory. This parameter must be set by the user.
+ # Type: string
+ CephClientKey: <None>
+
+ #
+ # Type: string
+ CephClientUserName: openstack
+
+ # The Ceph cluster FSID. Must be a UUID.
+ # Mandatory. This parameter must be set by the user.
+ # Type: string
+ CephClusterFSID: <None>
+
+ # List of externally managed Ceph Mon Host IPs. Only used for external Ceph deployments.
+ # Type: string
+ CephExternalMonHost: ''
+
+ # Whether to enable or not the Iscsi backend for Cinder
+ # Type: boolean
+ CinderEnableIscsiBackend: False
+
+ # Whether to enable or not the Rbd backend for Cinder
+ # Type: boolean
+ CinderEnableRbdBackend: True
+
+ #
+ # Type: string
+ CinderRbdPoolName: volumes
+
+ # The short name of the Glance backend to use. Should be one of swift, rbd, or file
+ # Type: string
+ GlanceBackend: rbd
+
+ #
+ # Type: string
+ GlanceRbdPoolName: images
+
+ # The short name of the Gnocchi backend to use. Should be one of swift, rbd, or file
+ # Type: string
+ GnocchiBackend: rbd
+
+ #
+ # Type: string
+ GnocchiRbdPoolName: metrics
+
+ # Whether to enable or not the Rbd backend for Nova
+ # Type: boolean
+ NovaEnableRbdBackend: True
+
+ #
+ # Type: string
+ NovaRbdPoolName: vms
+
+ # The default features enabled when creating a block device image. Only applies to format 2 images. Set to '1' for Jewel clients using older Ceph servers.
+ # Type: string
+ RbdDefaultFeatures: ''
+
+resource_registry:
+ OS::TripleO::Services::CephClient: OS::Heat::None
+ OS::TripleO::Services::CephExternal: ../../puppet/services/ceph-external.yaml
+ OS::TripleO::Services::CephMon: OS::Heat::None
+ OS::TripleO::Services::CephOSD: OS::Heat::None
diff --git a/environments/storage/glance-nfs.yaml b/environments/storage/glance-nfs.yaml
new file mode 100644
index 00000000..3c139306
--- /dev/null
+++ b/environments/storage/glance-nfs.yaml
@@ -0,0 +1,34 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Enable Glance NFS Backend
+# description: |
+# Configure and include this environment to enable the use of an NFS
+# share as the backend for Glance.
+parameter_defaults:
+ # NFS mount options for image storage (when GlanceNfsEnabled is true)
+ # Type: string
+ GlanceNfsOptions: intr,context=system_u:object_r:glance_var_lib_t:s0
+
+ # NFS share to mount for image storage (when GlanceNfsEnabled is true)
+ # Type: string
+ GlanceNfsShare: ''
+
+ # ******************************************************
+ # Static parameters - these are values that must be
+ # included in the environment but should not be changed.
+ # ******************************************************
+ # The short name of the Glance backend to use. Should be one of swift, rbd, or file
+ # Type: string
+ GlanceBackend: file
+
+ # When using GlanceBackend 'file', mount NFS share for image storage.
+ # Type: boolean
+ GlanceNfsEnabled: True
+
+ # *********************
+ # End static parameters
+ # *********************
diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml
index 44432210..83b32495 100644
--- a/environments/tls-endpoints-public-dns.yaml
+++ b/environments/tls-endpoints-public-dns.yaml
@@ -1,3 +1,7 @@
+# *************************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/ssl/tls-endpoints-public-dns.yaml
+# instead.
+# *************************************************************************************
# Use this environment when deploying an SSL-enabled overcloud where the public
# endpoint is a DNS name.
parameter_defaults:
@@ -100,9 +104,9 @@ parameter_defaults:
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
- PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
- PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
- PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
+ PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
+ PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
+ PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml
index 5ac2918b..8e502972 100644
--- a/environments/tls-endpoints-public-ip.yaml
+++ b/environments/tls-endpoints-public-ip.yaml
@@ -1,3 +1,7 @@
+# *************************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/ssl/tls-endpoints-public-ip.yaml
+# instead.
+# *************************************************************************************
# Use this environment when deploying an SSL-enabled overcloud where the public
# endpoint is an IP address.
parameter_defaults:
@@ -100,9 +104,9 @@ parameter_defaults:
OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
- PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
- PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
- PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
+ PankoAdmin: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
+ PankoInternal: {protocol: 'http', port: '8977', host: 'IP_ADDRESS'}
+ PankoPublic: {protocol: 'https', port: '13977', host: 'IP_ADDRESS'}
SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml
index 865ed4c3..84cabf10 100644
--- a/environments/tls-everywhere-endpoints-dns.yaml
+++ b/environments/tls-everywhere-endpoints-dns.yaml
@@ -72,8 +72,8 @@ parameter_defaults:
IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
- IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
- IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
+ IronicInspectorAdmin: {protocol: 'https', port: '5050', host: 'CLOUDNAME'}
+ IronicInspectorInternal: {protocol: 'https', port: '5050', host: 'CLOUDNAME'}
IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
@@ -100,9 +100,9 @@ parameter_defaults:
OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
- PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
- PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
- PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
+ PankoAdmin: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
+ PankoInternal: {protocol: 'https', port: '8977', host: 'CLOUDNAME'}
+ PankoPublic: {protocol: 'https', port: '13977', host: 'CLOUDNAME'}
SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
diff --git a/environments/undercloud.yaml b/environments/undercloud.yaml
index 7a2716da..559d81df 100644
--- a/environments/undercloud.yaml
+++ b/environments/undercloud.yaml
@@ -18,3 +18,5 @@ parameter_defaults:
HeatConvergenceEngine: false
HeatMaxResourcesPerStack: -1
HeatMaxJsonBodySize: 2097152
+ IronicInspectorInterface: br-ctlplane
+ IronicInspectorIpRange: '192.168.24.100,192.168.24.200'
diff --git a/extraconfig/post_deploy/undercloud_post.sh b/extraconfig/post_deploy/undercloud_post.sh
index 8bcae1d3..3c508d11 100755
--- a/extraconfig/post_deploy/undercloud_post.sh
+++ b/extraconfig/post_deploy/undercloud_post.sh
@@ -45,57 +45,61 @@ if ! grep "$(cat /root/.ssh/id_rsa.pub)" /root/.ssh/authorized_keys; then
cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
fi
-PHYSICAL_NETWORK=ctlplane
-
-ctlplane_id=$(openstack network list -f csv -c ID -c Name --quote none | tail -n +2 | grep ctlplane | cut -d, -f1)
-subnet_ids=$(openstack subnet list -f csv -c ID --quote none | tail -n +2)
-subnet_id=
+if [ "$(hiera neutron_api_enabled)" = "true" ]; then
+ PHYSICAL_NETWORK=ctlplane
+
+ ctlplane_id=$(openstack network list -f csv -c ID -c Name --quote none | tail -n +2 | grep ctlplane | cut -d, -f1)
+ subnet_ids=$(openstack subnet list -f csv -c ID --quote none | tail -n +2)
+ subnet_id=
+
+ for subnet_id in $subnet_ids; do
+ network_id=$(openstack subnet show -f value -c network_id $subnet_id)
+ if [ "$network_id" = "$ctlplane_id" ]; then
+ break
+ fi
+ done
-for subnet_id in $subnet_ids; do
- network_id=$(openstack subnet show -f value -c network_id $subnet_id)
- if [ "$network_id" = "$ctlplane_id" ]; then
- break
- fi
-done
-
-net_create=1
-if [ -n "$subnet_id" ]; then
- cidr=$(openstack subnet show $subnet_id -f value -c cidr)
- if [ "$cidr" = "$undercloud_network_cidr" ]; then
- net_create=0
- else
- echo "New cidr $undercloud_network_cidr does not equal old cidr $cidr"
- echo "Will attempt to delete and recreate subnet $subnet_id"
+ net_create=1
+ if [ -n "$subnet_id" ]; then
+ cidr=$(openstack subnet show $subnet_id -f value -c cidr)
+ if [ "$cidr" = "$undercloud_network_cidr" ]; then
+ net_create=0
+ else
+ echo "New cidr $undercloud_network_cidr does not equal old cidr $cidr"
+ echo "Will attempt to delete and recreate subnet $subnet_id"
+ fi
fi
-fi
-if [ "$net_create" -eq "1" ]; then
- # Delete the subnet and network to make sure it doesn't already exist
- if openstack subnet list | grep start; then
- openstack subnet delete $(openstack subnet list | grep start | awk '{print $4}')
- fi
- if openstack network show ctlplane; then
- openstack network delete ctlplane
+ if [ "$net_create" -eq "1" ]; then
+ # Delete the subnet and network to make sure it doesn't already exist
+ if openstack subnet list | grep start; then
+ openstack subnet delete $(openstack subnet list | grep start | awk '{print $4}')
+ fi
+ if openstack network show ctlplane; then
+ openstack network delete ctlplane
+ fi
+
+
+ NETWORK_ID=$(openstack network create --provider-network-type=flat --provider-physical-network=ctlplane ctlplane | grep " id " | awk '{print $4}')
+
+ NAMESERVER_ARG=""
+ if [ -n "${undercloud_nameserver:-}" ]; then
+ NAMESERVER_ARG="--dns-nameserver $undercloud_nameserver"
+ fi
+
+ openstack subnet create --network=$NETWORK_ID \
+ --gateway=$undercloud_network_gateway \
+ --subnet-range=$undercloud_network_cidr \
+ --allocation-pool start=$undercloud_dhcp_start,end=$undercloud_dhcp_end \
+ --host-route destination=169.254.169.254/32,gateway=$local_ip \
+ $NAMESERVER_ARG ctlplane
fi
-
-
- NETWORK_ID=$(openstack network create --provider-network-type=flat --provider-physical-network=ctlplane ctlplane | grep " id " | awk '{print $4}')
-
- NAMESERVER_ARG=""
- if [ -n "${undercloud_nameserver:-}" ]; then
- NAMESERVER_ARG="--dns-nameserver $undercloud_nameserver"
- fi
-
- openstack subnet create --network=$NETWORK_ID \
- --gateway=$undercloud_network_gateway \
- --subnet-range=$undercloud_network_cidr \
- --allocation-pool start=$undercloud_dhcp_start,end=$undercloud_dhcp_end \
- --host-route destination=169.254.169.254/32,gateway=$local_ip \
- $NAMESERVER_ARG ctlplane
fi
-# Disable nova quotas
-openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}')
+if [ "$(hiera nova_api_enabled)" = "true" ]; then
+ # Disable nova quotas
+ openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}')
+fi
# MISTRAL WORKFLOW CONFIGURATION
if [ "$(hiera mistral_api_enabled)" = "true" ]; then
diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
index 96632bc2..fb0d1699 100644
--- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
+++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
@@ -59,6 +59,19 @@ parameters:
description: |
When enabled, the system will perform a yum update after performing the
RHEL Registration process.
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
+
+conditions:
+ deployment_actions_empty:
+ equals:
+ - {get_param: deployment_actions}
+ - []
resources:
@@ -136,7 +149,11 @@ resources:
name: RHELUnregistrationDeployment
server: {get_param: server}
config: {get_resource: RHELUnregistration}
- actions: ['DELETE'] # Only do this on DELETE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['DELETE'] # Only do this on DELETE
input_values:
REG_METHOD: {get_param: rhel_reg_method}
@@ -169,7 +186,11 @@ resources:
name: UpdateDeploymentAfterRHELRegistration
config: {get_resource: YumUpdateConfigurationAfterRHELRegistration}
server: {get_param: server}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
outputs:
deploy_stdout:
diff --git a/extraconfig/pre_network/ansible_host_config.ansible b/extraconfig/pre_network/ansible_host_config.yaml
index c126c1a1..f4f1a14a 100644
--- a/extraconfig/pre_network/ansible_host_config.ansible
+++ b/extraconfig/pre_network/ansible_host_config.yaml
@@ -28,8 +28,8 @@
lineinfile:
dest: /etc/tuned/cpu-partitioning-variables.conf
regexp: '^isolated_cores=.*'
- line: 'isolated_cores={{ _HOST_CPUS_LIST_ }}'
- when: _HOST_CPUS_LIST_|default("") != ""
+ line: 'isolated_cores={{ _TUNED_CORES_ }}'
+ when: _TUNED_CORES_|default("") != ""
- name: Tune-d provile activation
shell: tuned-adm profile {{ _TUNED_PROFILE_NAME_ }}
@@ -52,7 +52,7 @@
when:
- item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') != "lo"
# This condition will list all the interfaces except the one with valid IP (which is Provisioning network at this stage)
- # Simpler Version - hostvars[inventory_hostname]['ansible_' + iface_name ]['ipv4']['address'] is undefined
- - hostvars[inventory_hostname]['ansible_' + item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') ]['ipv4']['address'] is undefined
+ # Simpler Version - hostvars[inventory_hostname]['ansible_' + iface_name ]['ipv4'] is undefined
+ - hostvars[inventory_hostname]['ansible_' + item.path | regex_replace('(^.*ifcfg-)(.*)', '\\2') ]['ipv4'] is undefined
with_items:
- "{{ ifcfg_files.files }}"
diff --git a/extraconfig/pre_network/config_then_reboot.yaml b/extraconfig/pre_network/config_then_reboot.yaml
index 48ba5263..79cb7cbc 100644
--- a/extraconfig/pre_network/config_then_reboot.yaml
+++ b/extraconfig/pre_network/config_then_reboot.yaml
@@ -7,6 +7,19 @@ description: >
parameters:
server:
type: string
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
+
+conditions:
+ deployment_actions_empty:
+ equals:
+ - {get_param: deployment_actions}
+ - []
resources:
@@ -24,6 +37,11 @@ resources:
name: SomeDeployment
server: {get_param: server}
config: {get_resource: SomeConfig}
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
actions: ['CREATE'] # Only do this on CREATE
RebootConfig:
@@ -44,5 +62,9 @@ resources:
name: RebootDeployment
server: {get_param: server}
config: {get_resource: RebootConfig}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
signal_transport: NO_SIGNAL
diff --git a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml
index 658fea77..fe52ef7e 100644
--- a/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml
+++ b/extraconfig/pre_network/host_config_and_reboot.role.j2.yaml
@@ -7,6 +7,9 @@ description: >
parameters:
server:
type: string
+ # Deprecated Parameters, these configuration are deprecated in favor or role-specific parameters.
+ # Use: extraconfig/pre_network/host_config_and_reboot.yaml.
+ # Deprecated in Pike and will be removed in Queens.
{{role}}KernelArgs:
type: string
default: ""
@@ -16,6 +19,20 @@ parameters:
{{role}}HostCpusList:
type: string
default: ""
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
+
+parameter_group:
+ - label: deprecated
+ parameters:
+ - {{role}}KernelArgs
+ - {{role}}TunedProfileName
+ - {{role}}HostCpusList
conditions:
param_exists:
@@ -28,6 +45,10 @@ conditions:
equals:
- get_param: {{role}}TunedProfileName
- ""
+ deployment_actions_empty:
+ equals:
+ - {get_param: deployment_actions}
+ - []
resources:
@@ -52,7 +73,11 @@ resources:
name: HostParametersDeployment
server: {get_param: server}
config: {get_resource: HostParametersConfig}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
input_values:
_KERNEL_ARGS_: {get_param: {{role}}KernelArgs}
_TUNED_PROFILE_NAME_: {get_param: {{role}}TunedProfileName}
@@ -78,7 +103,11 @@ resources:
name: RebootDeployment
server: {get_param: server}
config: {get_resource: RebootConfig}
- actions: ['CREATE'] # Only do this on CREATE
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
signal_transport: NO_SIGNAL
outputs:
diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml
new file mode 100644
index 00000000..21309dd5
--- /dev/null
+++ b/extraconfig/pre_network/host_config_and_reboot.yaml
@@ -0,0 +1,104 @@
+heat_template_version: pike
+
+description: >
+ All configurations which require reboot should be initiated via PreNetworkConfig. After
+ this configuration is completed, the corresponding node will be rebooted.
+
+parameters:
+ server:
+ type: string
+ RoleParameters:
+ type: json
+ description: Role Specific parameters
+ default: {}
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
+
+conditions:
+ is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}}
+ deployment_actions_empty:
+ equals:
+ - {get_param: deployment_actions}
+ - []
+
+resources:
+ HostParametersConfig:
+ type: OS::Heat::SoftwareConfig
+ condition: is_host_config_required
+ properties:
+ group: ansible
+ inputs:
+ - name: _KERNEL_ARGS_
+ - name: _TUNED_PROFILE_NAME_
+ - name: _TUNED_CORES_
+ outputs:
+ - name: result
+ config:
+ get_file: ansible_host_config.yaml
+
+ HostParametersDeployment:
+ type: OS::Heat::SoftwareDeployment
+ condition: is_host_config_required
+ properties:
+ name: HostParametersDeployment
+ server: {get_param: server}
+ config: {get_resource: HostParametersConfig}
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
+ input_values:
+ _KERNEL_ARGS_: {get_param: [RoleParameters, KernelArgs]}
+ _TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]}
+ _TUNED_CORES_: {get_param: [RoleParameters, HostIsolatedCoreList]}
+
+ RebootConfig:
+ type: OS::Heat::SoftwareConfig
+ condition: is_host_config_required
+ properties:
+ group: script
+ config: |
+ #!/bin/bash
+ # Stop os-collect-config to avoid any race collecting another
+ # deployment before reboot happens
+ systemctl stop os-collect-config.service
+ /sbin/reboot
+
+ RebootDeployment:
+ type: OS::Heat::SoftwareDeployment
+ depends_on: HostParametersDeployment
+ condition: is_host_config_required
+ properties:
+ name: RebootDeployment
+ server: {get_param: server}
+ config: {get_resource: RebootConfig}
+ actions:
+ if:
+ - deployment_actions_empty
+ - []
+ - ['CREATE'] # Only do this on CREATE
+ signal_transport: NO_SIGNAL
+
+outputs:
+ result:
+ condition: is_host_config_required
+ value:
+ get_attr: [HostParametersDeployment, result]
+ stdout:
+ condition: is_host_config_required
+ value:
+ get_attr: [HostParametersDeployment, deploy_stdout]
+ stderr:
+ condition: is_host_config_required
+ value:
+ get_attr: [HostParametersDeployment, deploy_stderr]
+ status_code:
+ condition: is_host_config_required
+ value:
+ get_attr: [HostParametersDeployment, deploy_status_code]
diff --git a/extraconfig/tasks/pacemaker_common_functions.sh b/extraconfig/tasks/pacemaker_common_functions.sh
index f17a073a..d1dd5d1d 100755
--- a/extraconfig/tasks/pacemaker_common_functions.sh
+++ b/extraconfig/tasks/pacemaker_common_functions.sh
@@ -11,7 +11,7 @@ function log_debug {
}
function is_bootstrap_node {
- if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid)" = "$(facter hostname)" ]; then
+ if [ "$(hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid | tr '[:upper:]' '[:lower:]')" = "$(facter hostname | tr '[:upper:]' '[:lower:]')" ]; then
log_debug "Node is bootstrap"
echo "true"
fi
diff --git a/extraconfig/tasks/post_puppet_pacemaker.j2.yaml b/extraconfig/tasks/post_puppet_pacemaker.j2.yaml
index 7fc258d6..6bf5afb0 100644
--- a/extraconfig/tasks/post_puppet_pacemaker.j2.yaml
+++ b/extraconfig/tasks/post_puppet_pacemaker.j2.yaml
@@ -10,8 +10,8 @@ parameters:
resources:
-{%- for role in roles -%}
-{% if "controller" in role.tags %}
+{%- for role in roles %}
+ {%- if 'controller' in role.tags %}
{{role.name}}PostPuppetMaintenanceModeConfig:
type: OS::Heat::SoftwareConfig
properties:
@@ -37,6 +37,6 @@ resources:
properties:
servers: {get_param: [servers, {{role.name}}]}
input_values: {get_param: input_values}
-{%- endif -%}
-{% endfor %}
+ {%- endif %}
+{%- endfor %}
diff --git a/extraconfig/tasks/ssh/host_public_key.yaml b/extraconfig/tasks/ssh/host_public_key.yaml
index e4ba0cc4..02fdbf1c 100644
--- a/extraconfig/tasks/ssh/host_public_key.yaml
+++ b/extraconfig/tasks/ssh/host_public_key.yaml
@@ -7,6 +7,13 @@ parameters:
server:
description: ID of the node to apply this config to
type: string
+ deployment_actions:
+ default: ['CREATE', 'UPDATE']
+ type: comma_delimited_list
+ description: >
+ List of stack actions that will trigger any deployments in this
+ templates. The actions will be an empty list of the server is in the
+ toplevel DeploymentServerBlacklist parameter's value.
resources:
SshHostPubKeyConfig:
@@ -28,6 +35,7 @@ resources:
properties:
config: {get_resource: SshHostPubKeyConfig}
server: {get_param: server}
+ actions: {get_param: deployment_actions}
outputs:
diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh
index cb9cc5b1..0c4a7928 100755
--- a/extraconfig/tasks/yum_update.sh
+++ b/extraconfig/tasks/yum_update.sh
@@ -49,7 +49,7 @@ fi
# of packages to update (the check for -z "$update_identifier" guarantees that this
# is run only on overcloud stack update -i)
if [[ "$pacemaker_status" == "active" && \
- "$(hiera -c /etc/puppet/hiera.yaml pacemaker_short_bootstrap_node_name)" == "$(facter hostname)" ]] ; then \
+ "$(hiera -c /etc/puppet/hiera.yaml pacemaker_short_bootstrap_node_name | tr '[:upper:]' '[:lower:]')" == "$(facter hostname | tr '[:upper:]' '[:lower:]')" ]] ; then \
# OCF scripts don't cope with -eu
echo "Verifying if we need to fix up any IPv6 VIPs"
set +eu
diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml
index f5f2b97e..ece40085 100644
--- a/network/endpoints/endpoint_data.yaml
+++ b/network/endpoints/endpoint_data.yaml
@@ -134,7 +134,7 @@ Panko:
net_param: Public
Admin:
net_param: PankoApi
- port: 8779
+ port: 8977
Cinder:
Internal:
diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml
index 4509bca9..42d1fbd0 100644
--- a/network/endpoints/endpoint_map.yaml
+++ b/network/endpoints/endpoint_map.yaml
@@ -117,9 +117,9 @@ parameters:
OctaviaAdmin: {protocol: http, port: '9876', host: IP_ADDRESS}
OctaviaInternal: {protocol: http, port: '9876', host: IP_ADDRESS}
OctaviaPublic: {protocol: http, port: '9876', host: IP_ADDRESS}
- PankoAdmin: {protocol: http, port: '8779', host: IP_ADDRESS}
- PankoInternal: {protocol: http, port: '8779', host: IP_ADDRESS}
- PankoPublic: {protocol: http, port: '8779', host: IP_ADDRESS}
+ PankoAdmin: {protocol: http, port: '8977', host: IP_ADDRESS}
+ PankoInternal: {protocol: http, port: '8977', host: IP_ADDRESS}
+ PankoPublic: {protocol: http, port: '8977', host: IP_ADDRESS}
SaharaAdmin: {protocol: http, port: '8386', host: IP_ADDRESS}
SaharaInternal: {protocol: http, port: '8386', host: IP_ADDRESS}
SaharaPublic: {protocol: http, port: '8386', host: IP_ADDRESS}
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index d4c301bb..4aee571e 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -106,7 +106,7 @@ resource_registry:
OS::TripleO::UpgradeConfig: puppet/upgrade_config.yaml
# services
- OS::TripleO::Services: puppet/services/services.yaml
+ OS::TripleO::Services: services.yaml
OS::TripleO::Services::Apache: puppet/services/apache.yaml
OS::TripleO::Services::CACerts: puppet/services/ca-certs.yaml
OS::TripleO::Services::CephMds: OS::Heat::None
@@ -200,6 +200,7 @@ resource_registry:
# Undercloud Telemetry services
OS::TripleO::Services::UndercloudCeilometerAgentCentral: OS::Heat::None
OS::TripleO::Services::UndercloudCeilometerAgentNotification: OS::Heat::None
+ OS::TripleO::Services::UndercloudCeilometerAgentIpmi: OS::Heat::None
#Gnocchi services
OS::TripleO::Services::GnocchiApi: puppet/services/gnocchi-api.yaml
@@ -236,6 +237,7 @@ resource_registry:
OS::TripleO::Services::MistralExecutor: OS::Heat::None
OS::TripleO::Services::IronicApi: OS::Heat::None
OS::TripleO::Services::IronicConductor: OS::Heat::None
+ OS::TripleO::Services::IronicInspector: OS::Heat::None
OS::TripleO::Services::NovaIronic: OS::Heat::None
OS::TripleO::Services::TripleoPackages: puppet/services/tripleo-packages.yaml
OS::TripleO::Services::TripleoFirewall: puppet/services/tripleo-firewall.yaml
@@ -263,6 +265,7 @@ resource_registry:
OS::TripleO::Services::NeutronVppAgent: OS::Heat::None
OS::TripleO::Services::Docker: OS::Heat::None
OS::TripleO::Services::CertmongerUser: OS::Heat::None
+ OS::TripleO::Services::Iscsid: OS::Heat::None
parameter_defaults:
EnablePackageInstall: false
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index f8655b18..e4c04b4e 100644
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -101,8 +101,8 @@ parameters:
default: 'localdomain'
type: string
description: >
- The DNS domain used for the hosts. This should match the dhcp_domain
- configured in the Undercloud neutron. Defaults to localdomain.
+ The DNS domain used for the hosts. This must match the
+ overcloud_domain_name configured on the undercloud.
ServerMetadata:
default: {}
description: >
@@ -446,6 +446,7 @@ resources:
MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChainRoleData, value, monitoring_subscriptions]}
ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChainRoleData, value, service_metadata_settings]}
DeploymentServerBlacklistDict: {get_attr: [DeploymentServerBlacklistDict, value]}
+ RoleParameters: {get_param: {{role.name}}Parameters}
{% endfor %}
{% for role in roles %}
diff --git a/plan-samples/README.rst b/plan-samples/README.rst
new file mode 100644
index 00000000..44b9d0cd
--- /dev/null
+++ b/plan-samples/README.rst
@@ -0,0 +1,22 @@
+=================================
+Samples for plan-environment.yaml
+=================================
+
+The ``plan-environment.yaml`` file provides the details of the plan to be
+deployed by TripleO. Along with the details of the heat environments and
+parameters, it is also possible to provide workflow specific parameters to the
+TripleO mistral workflows. A new section ``workflow_parameters`` has been
+added to provide workflow specific parameters. This provides a clear
+separation of heat environment parameters and the workflow only parameters.
+These customized plan environment files can be provided as with ``-p`` option
+to the ``openstack overcloud deploy`` and ``openstack overcloud plan create``
+commands. The sample format to provide the workflow specific parameters::
+
+ workflow_parameters:
+ tripleo.derive_params.v1.derive_parameters:
+ # DPDK Parameters
+ number_of_pmd_cpu_threads_per_numa_node: 2
+
+
+All the parameters specified under the workflow name will be passed as
+``user_input`` to the workflow, while invoking from the tripleoclient. \ No newline at end of file
diff --git a/plan-samples/plan-environment-derived-params.yaml b/plan-samples/plan-environment-derived-params.yaml
new file mode 100644
index 00000000..964e57d2
--- /dev/null
+++ b/plan-samples/plan-environment-derived-params.yaml
@@ -0,0 +1,35 @@
+version: 1.0
+
+name: overcloud
+description: >
+ Default Deployment plan
+template: overcloud.yaml
+environments:
+ - path: overcloud-resource-registry-puppet.yaml
+workflow_parameters:
+ tripleo.derive_params.v1.derive_parameters:
+ ######### DPDK Parameters #########
+ # Specifices the minimum number of CPU threads to be allocated for DPDK
+ # PMD threads. The actual allocation will be based on network config, if
+ # the a DPDK port is associated with a numa node, then this configuration
+ # will be used, else 0.
+ number_of_pmd_cpu_threads_per_numa_node: 4
+ # Amount of memory to be configured as huge pages in percentage. Ouf the
+ # total available memory (excluding the NovaReservedHostMemory), the
+ # specified percentage of the remaining is configured as huge pages.
+ huge_page_allocation_percentage: 90
+ ######### HCI Parameters #########
+ hci_profile: default
+ hci_profile_config:
+ default:
+ average_guest_memory_size_in_mb: 2048
+ average_guest_cpu_utilization_percentage: 50
+ many_small_vms:
+ average_guest_memory_size_in_mb: 1024
+ average_guest_cpu_utilization_percentage: 20
+ few_large_vms:
+ average_guest_memory_size_in_mb: 4096
+ average_guest_cpu_utilization_percentage: 80
+ nfv_default:
+ average_guest_memory_size_in_mb: 8192
+ average_guest_cpu_utilization_percentage: 90
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index baafe03d..b1284452 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -12,10 +12,8 @@ parameters:
type: string
cloud_name_ctlplane:
type: string
- # FIXME(shardy) this can be comma_delimited_list when
- # https://bugs.launchpad.net/heat/+bug/1617019 is fixed
enabled_services:
- type: string
+ type: comma_delimited_list
controller_ips:
type: comma_delimited_list
logging_groups:
@@ -118,7 +116,10 @@ resources:
map_merge:
- tripleo::profile::base::logging::fluentd::fluentd_sources: {get_param: logging_sources}
- tripleo::profile::base::logging::fluentd::fluentd_groups: {get_param: logging_groups}
- - enabled_services: {get_param: enabled_services}
+ - enabled_services:
+ yaql:
+ expression: $.data.distinct()
+ data: {get_param: enabled_services}
# This writes out a mapping of service_name_enabled: 'true'
# For any services not enabled, hiera foo_enabled will
# return nil, as it's undefined
@@ -129,8 +130,7 @@ resources:
# https://bugs.launchpad.net/heat/+bug/1617203
SERVICE_enabled: 'true'
for_each:
- SERVICE:
- str_split: [',', {get_param: enabled_services}]
+ SERVICE: {get_param: enabled_services}
# Dynamically generate per-service network data
# This works as follows (outer->inner functions)
# yaql - filters services where no mapping exists in ServiceNetMap
@@ -150,8 +150,7 @@ resources:
template:
SERVICE_network: SERVICE_network
for_each:
- SERVICE:
- str_split: [',', {get_param: enabled_services}]
+ SERVICE: {get_param: enabled_services}
- values: {get_param: ServiceNetMap}
# Keystone doesn't provide separate entries for the public
# and admin endpoints, so we need to add them here manually
@@ -203,8 +202,7 @@ resources:
template:
SERVICE_vip: SERVICE_network
for_each:
- SERVICE:
- str_split: [',', {get_param: enabled_services}]
+ SERVICE: {get_param: enabled_services}
- values: {get_param: ServiceNetMap}
- values: {get_param: NetVipMap}
- keystone_admin_api_vip:
diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml
index 7b6fbb71..95dcf0b5 100644
--- a/puppet/blockstorage-role.yaml
+++ b/puppet/blockstorage-role.yaml
@@ -69,8 +69,8 @@ parameters:
default: 'localdomain'
type: string
description: >
- The DNS domain used for the hosts. This should match the dhcp_domain
- configured in the Undercloud neutron. Defaults to localdomain.
+ The DNS domain used for the hosts. This must match the
+ overcloud_domain_name configured on the undercloud.
BlockStorageServerMetadata:
default: {}
description: >
@@ -139,6 +139,10 @@ parameters:
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
+ RoleParameters:
+ type: json
+ description: Role Specific Parameters
+ default: {}
conditions:
server_not_blacklisted:
@@ -372,16 +376,21 @@ resources:
type: OS::TripleO::BlockStorage::PreNetworkConfig
properties:
server: {get_resource: BlockStorage}
+ RoleParameters: {get_param: RoleParameters}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
- condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
server: {get_resource: BlockStorage}
- actions: {get_param: NetworkDeploymentActions}
+ actions:
+ if:
+ - server_not_blacklisted
+ - {get_param: NetworkDeploymentActions}
+ - []
BlockStorageUpgradeInitConfig:
type: OS::Heat::SoftwareConfig
@@ -400,22 +409,30 @@ resources:
BlockStorageUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
- condition: server_not_blacklisted
properties:
name: BlockStorageUpgradeInitDeployment
server: {get_resource: BlockStorage}
config: {get_resource: BlockStorageUpgradeInitConfig}
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
BlockStorageDeployment:
type: OS::Heat::StructuredDeployment
depends_on: BlockStorageUpgradeInitDeployment
- condition: server_not_blacklisted
properties:
name: BlockStorageDeployment
server: {get_resource: BlockStorage}
config: {get_resource: BlockStorageConfig}
input_values:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
# Map heat metadata into hiera datafiles
BlockStorageConfig:
@@ -455,6 +472,7 @@ resources:
fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
+ fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
@@ -468,6 +486,9 @@ resources:
NodeExtraConfig:
depends_on: NodeTLSCAData
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: BlockStorage}
@@ -477,7 +498,6 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
- condition: server_not_blacklisted
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
@@ -485,12 +505,27 @@ resources:
input_values:
update_identifier:
get_param: UpdateIdentifier
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: BlockStorageDeployment
properties:
server: {get_resource: BlockStorage}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml
index 8047e3dc..6674a8ac 100644
--- a/puppet/cephstorage-role.yaml
+++ b/puppet/cephstorage-role.yaml
@@ -75,8 +75,8 @@ parameters:
default: 'localdomain'
type: string
description: >
- The DNS domain used for the hosts. This should match the dhcp_domain
- configured in the Undercloud neutron. Defaults to localdomain.
+ The DNS domain used for the hosts. This must match the
+ overcloud_domain_name configured on the undercloud.
CephStorageServerMetadata:
default: {}
description: >
@@ -145,6 +145,10 @@ parameters:
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
+ RoleParameters:
+ type: json
+ description: Role Specific Parameters
+ default: {}
conditions:
server_not_blacklisted:
@@ -378,16 +382,21 @@ resources:
type: OS::TripleO::CephStorage::PreNetworkConfig
properties:
server: {get_resource: CephStorage}
+ RoleParameters: {get_param: RoleParameters}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
- condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
server: {get_resource: CephStorage}
- actions: {get_param: NetworkDeploymentActions}
+ actions:
+ if:
+ - server_not_blacklisted
+ - {get_param: NetworkDeploymentActions}
+ - []
CephStorageUpgradeInitConfig:
type: OS::Heat::SoftwareConfig
@@ -406,22 +415,30 @@ resources:
CephStorageUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
- condition: server_not_blacklisted
properties:
name: CephStorageUpgradeInitDeployment
server: {get_resource: CephStorage}
config: {get_resource: CephStorageUpgradeInitConfig}
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
CephStorageDeployment:
type: OS::Heat::StructuredDeployment
depends_on: CephStorageUpgradeInitDeployment
- condition: server_not_blacklisted
properties:
name: CephStorageDeployment
config: {get_resource: CephStorageConfig}
server: {get_resource: CephStorage}
input_values:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
CephStorageConfig:
type: OS::Heat::StructuredConfig
@@ -460,6 +477,7 @@ resources:
fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
+ fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
@@ -472,6 +490,9 @@ resources:
CephStorageExtraConfigPre:
depends_on: CephStorageDeployment
type: OS::TripleO::CephStorageExtraConfigPre
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: CephStorage}
@@ -480,6 +501,9 @@ resources:
NodeExtraConfig:
depends_on: [CephStorageExtraConfigPre, NodeTLSCAData]
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: CephStorage}
@@ -489,19 +513,33 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
- condition: server_not_blacklisted
properties:
config: {get_resource: UpdateConfig}
server: {get_resource: CephStorage}
input_values:
update_identifier:
get_param: UpdateIdentifier
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: CephStorageDeployment
properties:
server: {get_resource: CephStorage}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml
index e453508a..37eb98d1 100644
--- a/puppet/compute-role.yaml
+++ b/puppet/compute-role.yaml
@@ -90,8 +90,8 @@ parameters:
default: 'localdomain'
type: string
description: >
- The DNS domain used for the hosts. This should match the dhcp_domain
- configured in the Undercloud neutron. Defaults to localdomain.
+ The DNS domain used for the hosts. This must match the
+ overcloud_domain_name configured on the undercloud.
NovaComputeServerMetadata:
default: {}
description: >
@@ -157,6 +157,10 @@ parameters:
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
+ RoleParameters:
+ type: json
+ description: Role Specific Parameters
+ default: {}
conditions:
server_not_blacklisted:
@@ -381,6 +385,8 @@ resources:
type: OS::TripleO::Compute::PreNetworkConfig
properties:
server: {get_resource: NovaCompute}
+ RoleParameters: {get_param: RoleParameters}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkConfig:
type: OS::TripleO::Compute::Net::SoftwareConfig
@@ -396,12 +402,15 @@ resources:
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
- condition: server_not_blacklisted
properties:
name: NetworkDeployment
+ actions:
+ if:
+ - server_not_blacklisted
+ - {get_param: NetworkDeploymentActions}
+ - []
config: {get_resource: NetworkConfig}
server: {get_resource: NovaCompute}
- actions: {get_param: NetworkDeploymentActions}
input_values:
bridge_name: {get_param: NeutronPhysicalBridge}
interface_name: {get_param: NeutronPublicInterface}
@@ -423,9 +432,13 @@ resources:
NovaComputeUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
- condition: server_not_blacklisted
properties:
name: NovaComputeUpgradeInitDeployment
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
server: {get_resource: NovaCompute}
config: {get_resource: NovaComputeUpgradeInitConfig}
@@ -472,13 +485,18 @@ resources:
fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
+ fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
NovaComputeDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: NovaComputeUpgradeInitDeployment
- condition: server_not_blacklisted
properties:
name: NovaComputeDeployment
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
config: {get_resource: NovaComputeConfig}
server: {get_resource: NovaCompute}
input_values:
@@ -495,6 +513,9 @@ resources:
ComputeExtraConfigPre:
depends_on: NovaComputeDeployment
type: OS::TripleO::ComputeExtraConfigPre
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: NovaCompute}
@@ -503,6 +524,9 @@ resources:
NodeExtraConfig:
depends_on: [ComputeExtraConfigPre, NodeTLSCAData]
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: NovaCompute}
@@ -512,20 +536,34 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
- condition: server_not_blacklisted
properties:
name: UpdateDeployment
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
config: {get_resource: UpdateConfig}
server: {get_resource: NovaCompute}
input_values:
update_identifier:
get_param: UpdateIdentifier
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: NovaComputeDeployment
properties:
server: {get_resource: NovaCompute}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml
index 4c0a70f6..01f54df0 100644
--- a/puppet/controller-role.yaml
+++ b/puppet/controller-role.yaml
@@ -104,8 +104,8 @@ parameters:
default: 'localdomain'
type: string
description: >
- The DNS domain used for the hosts. This should match the dhcp_domain
- configured in the Undercloud neutron. Defaults to localdomain.
+ The DNS domain used for the hosts. This must match the
+ overcloud_domain_name configured on the undercloud.
ControllerServerMetadata:
default: {}
description: >
@@ -171,6 +171,10 @@ parameters:
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
+ RoleParameters:
+ type: json
+ description: Role Specific Parameters
+ default: {}
parameter_groups:
- label: deprecated
@@ -401,6 +405,8 @@ resources:
type: OS::TripleO::Controller::PreNetworkConfig
properties:
server: {get_resource: Controller}
+ RoleParameters: {get_param: RoleParameters}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkConfig:
type: OS::TripleO::Controller::Net::SoftwareConfig
@@ -415,13 +421,16 @@ resources:
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
- condition: server_not_blacklisted
depends_on: PreNetworkConfig
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
server: {get_resource: Controller}
- actions: {get_param: NetworkDeploymentActions}
+ actions:
+ if:
+ - server_not_blacklisted
+ - {get_param: NetworkDeploymentActions}
+ - []
input_values:
bridge_name: br-ex
interface_name: {get_param: NeutronPublicInterface}
@@ -457,19 +466,27 @@ resources:
# but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
ControllerUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
- condition: server_not_blacklisted
depends_on: NetworkDeployment
properties:
name: ControllerUpgradeInitDeployment
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
server: {get_resource: Controller}
config: {get_resource: ControllerUpgradeInitConfig}
ControllerDeployment:
type: OS::TripleO::SoftwareDeployment
- condition: server_not_blacklisted
depends_on: ControllerUpgradeInitDeployment
properties:
name: ControllerDeployment
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
config: {get_resource: ControllerConfig}
server: {get_resource: Controller}
input_values:
@@ -530,11 +547,15 @@ resources:
fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
+ fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
# Hook for site-specific additional pre-deployment config, e.g extra hieradata
ControllerExtraConfigPre:
depends_on: ControllerDeployment
type: OS::TripleO::ControllerExtraConfigPre
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: Controller}
@@ -543,6 +564,9 @@ resources:
NodeExtraConfig:
depends_on: [ControllerExtraConfigPre, NodeTLSData]
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: Controller}
@@ -551,21 +575,35 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
- condition: server_not_blacklisted
depends_on: NetworkDeployment
properties:
name: UpdateDeployment
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
config: {get_resource: UpdateConfig}
server: {get_resource: Controller}
input_values:
update_identifier:
get_param: UpdateIdentifier
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: ControllerDeployment
properties:
server: {get_resource: Controller}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml
index 5ab6669f..e6348420 100644
--- a/puppet/objectstorage-role.yaml
+++ b/puppet/objectstorage-role.yaml
@@ -69,8 +69,8 @@ parameters:
default: 'localdomain'
type: string
description: >
- The DNS domain used for the hosts. This should match the dhcp_domain
- configured in the Undercloud neutron. Defaults to localdomain.
+ The DNS domain used for the hosts. This must match the
+ overcloud_domain_name configured on the undercloud.
SwiftStorageServerMetadata:
default: {}
description: >
@@ -139,6 +139,10 @@ parameters:
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
+ RoleParameters:
+ type: json
+ description: Role Specific Parameters
+ default: {}
conditions:
server_not_blacklisted:
@@ -372,16 +376,22 @@ resources:
type: OS::TripleO::ObjectStorage::PreNetworkConfig
properties:
server: {get_resource: SwiftStorage}
+ RoleParameters: {get_param: RoleParameters}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
- condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
server: {get_resource: SwiftStorage}
- actions: {get_param: NetworkDeploymentActions}
+ actions:
+ if:
+ - server_not_blacklisted
+ - {get_param: NetworkDeploymentActions}
+ - []
+
SwiftStorageUpgradeInitConfig:
type: OS::Heat::SoftwareConfig
@@ -400,11 +410,15 @@ resources:
SwiftStorageUpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
- condition: server_not_blacklisted
properties:
name: SwiftStorageUpgradeInitDeployment
server: {get_resource: SwiftStorage}
config: {get_resource: SwiftStorageUpgradeInitConfig}
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
SwiftStorageHieraConfig:
type: OS::Heat::StructuredConfig
@@ -443,17 +457,22 @@ resources:
fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
+ fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
SwiftStorageHieraDeploy:
type: OS::Heat::StructuredDeployment
depends_on: SwiftStorageUpgradeInitDeployment
- condition: server_not_blacklisted
properties:
name: SwiftStorageHieraDeploy
server: {get_resource: SwiftStorage}
config: {get_resource: SwiftStorageHieraConfig}
input_values:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
# Resource for site-specific injection of root certificate
NodeTLSCAData:
@@ -467,6 +486,9 @@ resources:
NodeExtraConfig:
depends_on: NodeTLSCAData
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: SwiftStorage}
@@ -476,19 +498,33 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
- condition: server_not_blacklisted
properties:
config: {get_resource: UpdateConfig}
server: {get_resource: SwiftStorage}
input_values:
update_identifier:
get_param: UpdateIdentifier
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: SwiftStorageHieraDeploy
properties:
server: {get_resource: SwiftStorage}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2
index 360c633a..5567d65d 100644
--- a/puppet/puppet-steps.j2
+++ b/puppet/puppet-steps.j2
@@ -44,26 +44,31 @@
update_identifier: {get_param: DeployIdentifier}
{% endfor %}
- {{role.name}}PostConfig:
- type: OS::TripleO::Tasks::{{role.name}}PostConfig
+ # Note, this should be the last step to execute configuration changes.
+ # Ensure that all {{role.name}}ExtraConfigPost steps are executed
+ # after all the previous deployment steps.
+ {{role.name}}ExtraConfigPost:
depends_on:
{% for dep in roles %}
- {{dep.name}}Deployment_Step5
{% endfor %}
+ type: OS::TripleO::NodeExtraConfigPost
properties:
- servers: {get_param: servers}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
+ servers: {get_param: [servers, {{role.name}}]}
- # Note, this should come last, so use depends_on to ensure
- # this is created after any other resources.
- {{role.name}}ExtraConfigPost:
+ # The {{role.name}}PostConfig steps are in charge of
+ # quiescing all services, i.e. in the Controller case,
+ # we should run a full service reload.
+ {{role.name}}PostConfig:
+ type: OS::TripleO::Tasks::{{role.name}}PostConfig
depends_on:
{% for dep in roles %}
- - {{dep.name}}PostConfig
+ - {{dep.name}}ExtraConfigPost
{% endfor %}
- type: OS::TripleO::NodeExtraConfigPost
properties:
- servers: {get_param: [servers, {{role.name}}]}
+ servers: {get_param: servers}
+ input_values:
+ update_identifier: {get_param: DeployIdentifier}
+
{% endfor %}
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index 570efb3a..4911fbe9 100644
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -85,8 +85,8 @@ parameters:
default: 'localdomain'
type: string
description: >
- The DNS domain used for the hosts. This should match the dhcp_domain
- configured in the Undercloud neutron. Defaults to localdomain.
+ The DNS domain used for the hosts. This must match the
+ overcloud_domain_name configured on the undercloud.
{{role}}ServerMetadata:
default: {}
description: >
@@ -161,6 +161,10 @@ parameters:
Map of server hostnames to blacklist from any triggered
deployments. If the value is 1, the server will be blacklisted. This
parameter is generated from the parent template.
+ RoleParameters:
+ type: json
+ description: Role Specific Parameters
+ default: {}
conditions:
server_not_blacklisted:
@@ -394,11 +398,12 @@ resources:
type: OS::TripleO::{{role}}::PreNetworkConfig
properties:
server: {get_resource: {{role}}}
+ RoleParameters: {get_param: RoleParameters}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
NetworkDeployment:
type: OS::TripleO::SoftwareDeployment
depends_on: PreNetworkConfig
- condition: server_not_blacklisted
properties:
name: NetworkDeployment
config: {get_resource: NetworkConfig}
@@ -407,6 +412,11 @@ resources:
input_values:
bridge_name: br-ex
interface_name: {get_param: NeutronPublicInterface}
+ actions:
+ if:
+ - server_not_blacklisted
+ - {get_param: NetworkDeploymentActions}
+ - []
{{role}}UpgradeInitConfig:
type: OS::Heat::SoftwareConfig
@@ -425,22 +435,30 @@ resources:
{{role}}UpgradeInitDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
- condition: server_not_blacklisted
properties:
name: {{role}}UpgradeInitDeployment
server: {get_resource: {{role}}}
config: {get_resource: {{role}}UpgradeInitConfig}
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
{{role}}Deployment:
type: OS::Heat::StructuredDeployment
depends_on: {{role}}UpgradeInitDeployment
- condition: server_not_blacklisted
properties:
name: {{role}}Deployment
config: {get_resource: {{role}}Config}
server: {get_resource: {{role}}}
input_values:
enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
{{role}}Config:
type: OS::Heat::StructuredConfig
@@ -481,6 +499,7 @@ resources:
fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
+ fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
# Resource for site-specific injection of root certificate
NodeTLSCAData:
@@ -493,6 +512,9 @@ resources:
{{role}}ExtraConfigPre:
depends_on: {{role}}Deployment
type: OS::TripleO::{{role}}ExtraConfigPre
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: {{role}}}
@@ -501,6 +523,9 @@ resources:
NodeExtraConfig:
depends_on: [{{role}}ExtraConfigPre, NodeTLSCAData]
type: OS::TripleO::NodeExtraConfig
+ # We have to use conditions here so that we don't break backwards
+ # compatibility with templates everywhere
+ condition: server_not_blacklisted
properties:
server: {get_resource: {{role}}}
@@ -510,7 +535,6 @@ resources:
UpdateDeployment:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
- condition: server_not_blacklisted
properties:
name: UpdateDeployment
config: {get_resource: UpdateConfig}
@@ -518,12 +542,27 @@ resources:
input_values:
update_identifier:
get_param: UpdateIdentifier
+ actions:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
+
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ if:
+ - server_not_blacklisted
+ - ['CREATE', 'UPDATE']
+ - []
SshHostPubKey:
type: OS::TripleO::Ssh::HostPubKey
depends_on: {{role}}Deployment
properties:
server: {get_resource: {{role}}}
+ deployment_actions: {get_attr: [DeploymentActions, value]}
outputs:
ip_address:
diff --git a/puppet/services/certmonger-user.yaml b/puppet/services/certmonger-user.yaml
index 6ad451a8..0508c557 100644
--- a/puppet/services/certmonger-user.yaml
+++ b/puppet/services/certmonger-user.yaml
@@ -26,11 +26,28 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ DefaultCRLURL:
+ default: 'http://ipa-ca/ipa/crl/MasterCRL.bin'
+ description: URI where to get the CRL to be configured in the nodes.
+ type: string
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
outputs:
role_data:
description: Role data for the certmonger-user service
value:
service_name: certmonger_user
+ config_settings:
+ tripleo::certmonger::ca::crl::crl_source:
+ if:
+ - internal_tls_enabled
+ - {get_param: DefaultCRLURL}
+ - null
step_config: |
include ::tripleo::profile::base::certmonger_user
diff --git a/puppet/services/cinder-backend-dellsc.yaml b/puppet/services/cinder-backend-dellsc.yaml
index a201134c..c0bffb18 100644
--- a/puppet/services/cinder-backend-dellsc.yaml
+++ b/puppet/services/cinder-backend-dellsc.yaml
@@ -61,6 +61,9 @@ parameters:
CinderDellScSecondaryScApiPort:
type: number
default: 3033
+ CinderDellScExcludedDomainIp:
+ type: string
+ default: ''
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
@@ -105,5 +108,6 @@ outputs:
cinder::backend::dellsc_iscsi::secondary_san_login: {get_param: CinderDellScSecondarySanLogin}
cinder::backend::dellsc_iscsi::secondary_san_password: {get_param: CinderDellScSecondarySanPassword}
cinder::backend::dellsc_iscsi::secondary_sc_api_port: {get_param: CinderDellScSecondaryScApiPort}
+ cinder::backend::dellsc_iscsi::excluded_domain_ip: {get_param: CinderDellScExcludedDomainIp}
step_config: |
include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/cinder-backend-netapp.yaml b/puppet/services/cinder-backend-netapp.yaml
index bddc8e1a..fbde4c0a 100644
--- a/puppet/services/cinder-backend-netapp.yaml
+++ b/puppet/services/cinder-backend-netapp.yaml
@@ -93,6 +93,12 @@ parameters:
CinderNetappWebservicePath:
type: string
default: '/devmgr/v2'
+ CinderNetappNasSecureFileOperations:
+ type: string
+ default: 'false'
+ CinderNetappNasSecureFilePermissions:
+ type: string
+ default: 'false'
# DEPRECATED options for compatibility with older versions
CinderNetappEseriesHostType:
type: string
@@ -133,5 +139,7 @@ outputs:
cinder::backend::netapp::netapp_storage_pools: {get_param: CinderNetappStoragePools}
cinder::backend::netapp::netapp_host_type: {get_param: CinderNetappHostType}
cinder::backend::netapp::netapp_webservice_path: {get_param: CinderNetappWebservicePath}
+ cinder::backend::netapp::nas_secure_file_operations: {get_param: CinderNetappNasSecureFileOperations}
+ cinder::backend::netapp::nas_secure_file_permissions: {get_param: CinderNetappNasSecureFilePermissions}
step_config: |
include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml
index fe95222b..1f8c345d 100644
--- a/puppet/services/cinder-volume.yaml
+++ b/puppet/services/cinder-volume.yaml
@@ -40,6 +40,20 @@ parameters:
NFS servers used by Cinder NFS backend. Effective when
CinderEnableNfsBackend is true.
type: comma_delimited_list
+ CinderNasSecureFileOperations:
+ default: false
+ description: >
+ Controls whether security enhanced NFS file operations are enabled.
+ Valid values are 'auto', 'true' or 'false'. Effective when
+ CinderEnableNfsBackend is true.
+ type: string
+ CinderNasSecureFilePermissions:
+ default: false
+ description: >
+ Controls whether security enhanced NFS file permissions are enabled.
+ Valid values are 'auto', 'true' or 'false'. Effective when
+ CinderEnableNfsBackend is true.
+ type: string
CinderRbdPoolName:
default: volumes
type: string
@@ -105,6 +119,8 @@ outputs:
tripleo::profile::base::cinder::volume::cinder_enable_rbd_backend: {get_param: CinderEnableRbdBackend}
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_mount_options: {get_param: CinderNfsMountOptions}
tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: {get_param: CinderNfsServers}
+ tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_operations: {get_param: CinderNasSecureFileOperations}
+ tripleo::profile::base::cinder::volume::nfs::cinder_nas_secure_file_permissions: {get_param: CinderNasSecureFilePermissions}
tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize}
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper}
tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_protocol: {get_param: CinderISCSIProtocol}
diff --git a/puppet/services/disabled/ceilometer-expirer-disabled.yaml b/puppet/services/disabled/ceilometer-expirer-disabled.yaml
index 9b7b47ef..7be394b6 100644
--- a/puppet/services/disabled/ceilometer-expirer-disabled.yaml
+++ b/puppet/services/disabled/ceilometer-expirer-disabled.yaml
@@ -27,24 +27,12 @@ parameters:
via parameter_defaults in the resource registry.
type: json
-resources:
- CeilometerServiceBase:
- type: ../ceilometer-base.yaml
- properties:
- ServiceNetMap: {get_param: ServiceNetMap}
- DefaultPasswords: {get_param: DefaultPasswords}
- EndpointMap: {get_param: EndpointMap}
- RoleName: {get_param: RoleName}
- RoleParameters: {get_param: RoleParameters}
-
outputs:
role_data:
description: Role data for the disabling Ceilometer Expirer role.
value:
service_name: ceilometer_expirer_disabled
- config_settings:
- map_merge:
- - get_attr: [CeilometerServiceBase, role_data, config_settings]
- - ceilometer::expirer::enable_cron: false
- step_config: |
- include ::tripleo::profile::base::ceilometer::expirer
+ upgrade_tasks:
+ - name: Remove ceilometer expirer cron tab on upgrade
+ tags: step1
+ shell: '/usr/bin/crontab -u ceilometer -r'
diff --git a/puppet/services/gnocchi-base.yaml b/puppet/services/gnocchi-base.yaml
index f4067ef6..b4af7e85 100644
--- a/puppet/services/gnocchi-base.yaml
+++ b/puppet/services/gnocchi-base.yaml
@@ -34,6 +34,10 @@ parameters:
default: 30
description: Delay between processing metrics.
type: number
+ NumberOfStorageSacks:
+ default: 128
+ description: Number of storage sacks to create.
+ type: number
GnocchiPassword:
description: The password for the gnocchi service and db account.
type: string
@@ -87,7 +91,11 @@ outputs:
query:
read_default_file: /etc/my.cnf.d/tripleo.cnf
read_default_group: tripleo
- gnocchi::db::sync::extra_opts: ''
+ gnocchi::db::sync::extra_opts:
+ str_replace:
+ template: " --sacks-number NUM_SACKS"
+ params:
+ NUM_SACKS: {get_param: NumberOfStorageSacks}
gnocchi::storage::metric_processing_delay: {get_param: MetricProcessingDelay}
gnocchi::storage::swift::swift_user: 'service:gnocchi'
gnocchi::storage::swift::swift_auth_version: 3
diff --git a/puppet/services/haproxy.yaml b/puppet/services/haproxy.yaml
index a71491c0..619cf131 100644
--- a/puppet/services/haproxy.yaml
+++ b/puppet/services/haproxy.yaml
@@ -50,6 +50,11 @@ parameters:
type: string
description: Specifies the default CA cert to use if TLS is used for
services in the internal network.
+ InternalTLSCRLPEMFile:
+ default: '/etc/pki/CA/crl/overcloud-crl.pem'
+ type: string
+ description: Specifies the default CRL PEM file to use for revocation if
+ TLS is used for services in the internal network.
resources:
@@ -89,6 +94,7 @@ outputs:
tripleo::haproxy::haproxy_stats_password: {get_param: HAProxyStatsPassword}
tripleo::haproxy::redis_password: {get_param: RedisPassword}
tripleo::haproxy::ca_bundle: {get_param: InternalTLSCAFile}
+ tripleo::haproxy::crl_file: {get_param: InternalTLSCRLPEMFile}
tripleo::profile::base::haproxy::certificates_specs:
map_merge:
- get_attr: [HAProxyPublicTLS, role_data, certificates_specs]
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 93bced8b..092d0720 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -55,7 +55,7 @@ parameters:
HorizonSecureCookies:
description: Set CSRF_COOKIE_SECURE / SESSION_COOKIE_SECURE in Horizon
type: boolean
- default: true
+ default: false
MemcachedIPv6:
default: false
description: Enable IPv6 features in Memcached.
diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml
index b1676715..0e8c8e12 100644
--- a/puppet/services/ironic-conductor.yaml
+++ b/puppet/services/ironic-conductor.yaml
@@ -164,6 +164,12 @@ outputs:
ironic::my_ip: {get_param: [ServiceNetMap, IronicNetwork]}
ironic::pxe::common::http_port: {get_param: IronicIPXEPort}
# Credentials to access other services
+ ironic::cinder::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ ironic::cinder::username: 'ironic'
+ ironic::cinder::password: {get_param: IronicPassword}
+ ironic::cinder::project_name: 'service'
+ ironic::cinder::user_domain_name: 'Default'
+ ironic::cinder::project_domain_name: 'Default'
ironic::glance::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
ironic::glance::username: 'ironic'
ironic::glance::password: {get_param: IronicPassword}
diff --git a/puppet/services/ironic-inspector.yaml b/puppet/services/ironic-inspector.yaml
new file mode 100644
index 00000000..e8537a29
--- /dev/null
+++ b/puppet/services/ironic-inspector.yaml
@@ -0,0 +1,151 @@
+heat_template_version: ocata
+
+description: >
+ OpenStack Ironic Inspector configured with Puppet (EXPERIMENTAL)
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ MonitoringSubscriptionIronicInspector:
+ default: 'overcloud-ironic-inspector'
+ type: string
+ KeystoneRegion:
+ type: string
+ default: 'regionOne'
+ description: Keystone region for endpoint
+ Debug:
+ default: ''
+ description: Set to True to enable debugging on all services.
+ type: string
+ IronicInspectorInterface:
+ default: br-ex
+ description: |
+ Network interface on which inspection dnsmasq will listen. Should allow
+ access to untagged traffic from nodes booted for inspection. The default
+ value only makes sense if you don't modify any networking configuration.
+ type: string
+ IronicInspectorIPXEEnabled:
+ default: true
+ description: Whether to use iPXE for inspection.
+ type: boolean
+ IronicInspectorIpRange:
+ description: |
+ Temporary IP range that will be given to nodes during the inspection
+ process. This should not overlap with any range that Neutron's DHCP
+ gives away, but it has to be routeable back to ironic-inspector API.
+ This option has no meaningful defaults, and thus is required.
+ type: string
+ IronicInspectorUseSwift:
+ default: true
+ description: Whether to use Swift for storing introspection data.
+ type: boolean
+ IronicIPXEPort:
+ default: 8088
+ description: Port to use for serving images when iPXE is used.
+ type: string
+ IronicPassword:
+ description: The password for the Ironic service and db account, used by the Ironic services
+ type: string
+ hidden: true
+
+conditions:
+ enable_ipxe: {equals : [{get_param: IronicInspectorIPXEEnabled}, true]}
+ use_swift: {equals : [{get_param: IronicInspectorUseSwift}, true]}
+
+outputs:
+ role_data:
+ description: Role data for the Ironic Inspector role.
+ value:
+ service_name: ironic_inspector
+ monitoring_subscription: {get_param: MonitoringSubscriptionIronicInspector}
+ config_settings:
+ map_merge:
+ - ironic::inspector::listen_address: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
+ ironic::inspector::dnsmasq_local_ip: {get_param: [ServiceNetMap, IronicInspectorNetwork]}
+ ironic::inspector::dnsmasq_ip_range: {get_param: IronicInspectorIpRange}
+ ironic::inspector::dnsmasq_interface: {get_param: IronicInspectorInterface}
+ ironic::inspector::debug: {get_param: Debug}
+ ironic::inspector::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri] }
+ ironic::inspector::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ ironic::inspector::authtoken::username: 'ironic'
+ ironic::inspector::authtoken::password: {get_param: IronicPassword}
+ ironic::inspector::authtoken::project_name: 'service'
+ ironic::inspector::authtoken::user_domain_name: 'Default'
+ ironic::inspector::authtoken::project_domain_name: 'Default'
+ tripleo.ironic_inspector.firewall_rules:
+ '137 ironic-inspector':
+ dport:
+ - 5050
+ ironic::inspector::ironic_username: 'ironic'
+ ironic::inspector::ironic_password: {get_param: IronicPassword}
+ ironic::inspector::ironic_tenant_name: 'service'
+ ironic::inspector::ironic_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ ironic::inspector::ironic_max_retries: 6
+ ironic::inspector::ironic_retry_interval: 10
+ ironic::inspector::ironic_user_domain_name: 'Default'
+ ironic::inspector::ironic_project_domain_name: 'Default'
+ ironic::inspector::http_port: {get_param: IronicIPXEPort}
+ ironic::inspector::db::database_connection:
+ list_join:
+ - ''
+ - - {get_param: [EndpointMap, MysqlInternal, protocol]}
+ - '://ironic-inspector:'
+ - {get_param: IronicPassword}
+ - '@'
+ - {get_param: [EndpointMap, MysqlInternal, host]}
+ - '/ironic-inspector'
+ - '?read_default_file=/etc/my.cnf.d/tripleo.cnf&read_default_group=tripleo'
+ -
+ if:
+ - enable_ipxe
+ - ironic::inspector::pxe_transfer_protocol: 'http'
+ - {}
+ -
+ if:
+ - use_swift
+ - ironic::inspector::store_data: 'swift'
+ ironic::inspector::swift_username: 'ironic'
+ ironic::inspector::swift_password: {get_param: IronicPassword}
+ ironic::inspector::swift_tenant_name: 'service'
+ ironic::inspector::swift_auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ ironic::inspector::swift_user_domain_name: 'Default'
+ ironic::inspector::swift_project_domain_name: 'Default'
+ - {}
+ step_config: |
+ include ::tripleo::profile::base::ironic_inspector
+ service_config_settings:
+ keystone:
+ ironic::keystone::auth_inspector::tenant: 'service'
+ ironic::keystone::auth_inspector::public_url: {get_param: [EndpointMap, IronicInspectorPublic, uri]}
+ ironic::keystone::auth_inspector::internal_url: {get_param: [EndpointMap, IronicInspectorInternal, uri]}
+ ironic::keystone::auth_inspector::admin_url: {get_param: [EndpointMap, IronicInspectorAdmin, uri]}
+ ironic::keystone::auth_inspector::password: {get_param: IronicPassword}
+ ironic::keystone::auth_inspector::region: {get_param: KeystoneRegion}
+ mysql:
+ ironic::inspector::db::mysql::password: {get_param: IronicPassword}
+ ironic::inspector::db::mysql::user: ironic-inspector
+ ironic::inspector::db::mysql::host: {get_param: [EndpointMap, MysqlInternal, host_nobrackets]}
+ ironic::inspector::db::mysql::dbname: ironic-inspector
+ ironic::inspector::db::mysql::allowed_hosts:
+ - '%'
+ - "%{hiera('mysql_bind_host')}"
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index f3a9cbc4..60d194bc 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -113,10 +113,27 @@ parameters:
description: The second Keystone credential key. Must be a valid key.
KeystoneFernetKey0:
type: string
- description: The first Keystone fernet key. Must be a valid key.
+ default: ''
+ description: (DEPRECATED) The first Keystone fernet key. Must be a valid key.
KeystoneFernetKey1:
type: string
- description: The second Keystone fernet key. Must be a valid key.
+ default: ''
+ description: (DEPRECATED) The second Keystone fernet key. Must be a valid key.
+ KeystoneFernetKeys:
+ type: json
+ description: Mapping containing keystone's fernet keys and their paths.
+ KeystoneFernetMaxActiveKeys:
+ type: number
+ description: The maximum active keys in the keystone fernet key repository.
+ default: 5
+ ManageKeystoneFernetKeys:
+ type: boolean
+ default: true
+ description: Whether TripleO should manage the keystone fernet keys or not.
+ If set to true, the fernet keys will get the values from the
+ saved keys repository in mistral (the KeystoneFernetKeys
+ variable). If set to false, only the stack creation
+ initializes the keys, but subsequent updates won't touch them.
KeystoneLoggingSource:
type: json
default:
@@ -187,6 +204,17 @@ parameters:
default: {}
hidden: true
+parameter_groups:
+- label: deprecated
+ description: |
+ The following parameters are deprecated and will be removed. They should not
+ be relied on for new deployments. If you have concerns regarding deprecated
+ parameters, please contact the TripleO development team on IRC or the
+ OpenStack mailing list.
+ parameters:
+ - KeystoneFernetKey0
+ - KeystoneFernetKey1
+
resources:
ApacheServiceBase:
@@ -234,6 +262,7 @@ outputs:
keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
keystone::token_provider: {get_param: KeystoneTokenProvider}
keystone::enable_fernet_setup: {if: [keystone_fernet_tokens, true, false]}
+ keystone::fernet_max_active_keys: {get_param: KeystoneFernetMaxActiveKeys}
keystone::enable_proxy_headers_parsing: true
keystone::enable_credential_setup: true
keystone::credential_keys:
@@ -241,12 +270,8 @@ outputs:
content: {get_param: KeystoneCredential0}
'/etc/keystone/credential-keys/1':
content: {get_param: KeystoneCredential1}
- keystone::fernet_keys:
- '/etc/keystone/fernet-keys/0':
- content: {get_param: KeystoneFernetKey0}
- '/etc/keystone/fernet-keys/1':
- content: {get_param: KeystoneFernetKey1}
- keystone::fernet_replace_keys: false
+ keystone::fernet_keys: {get_param: KeystoneFernetKeys}
+ keystone::fernet_replace_keys: {get_param: ManageKeystoneFernetKeys}
keystone::debug:
if:
- service_debug_unset
diff --git a/puppet/services/neutron-sriov-agent.yaml b/puppet/services/neutron-sriov-agent.yaml
index c124d1e6..090640ed 100644
--- a/puppet/services/neutron-sriov-agent.yaml
+++ b/puppet/services/neutron-sriov-agent.yaml
@@ -65,6 +65,24 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ # Merging role-specific parameters (RoleParameters) with the default parameters.
+ # RoleParameters will have the precedence over the default parameters.
+ RoleParametersValue:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_replace:
+ - map_replace:
+ - neutron::agents::ml2::sriov::physical_device_mappings: NeutronPhysicalDevMappings
+ neutron::agents::ml2::sriov::exclude_devices: NeutronExcludeDevices
+ tripleo::host::sriov::number_of_vfs: NeutronSriovNumVFs
+ - values: {get_param: [RoleParameters]}
+ - values:
+ NeutronPhysicalDevMappings: {get_param: NeutronPhysicalDevMappings}
+ NeutronExcludeDevices: {get_param: NeutronExcludeDevices}
+ NeutronSriovNumVFs: {get_param: NeutronSriovNumVFs}
+
outputs:
role_data:
description: Role data for the Neutron SR-IOV nic agent service.
@@ -73,8 +91,6 @@ outputs:
config_settings:
map_merge:
- get_attr: [NeutronBase, role_data, config_settings]
- - neutron::agents::ml2::sriov::physical_device_mappings: {get_param: NeutronPhysicalDevMappings}
- neutron::agents::ml2::sriov::exclude_devices: {get_param: NeutronExcludeDevices}
- tripleo::host::sriov::number_of_vfs: {get_param: NeutronSriovNumVFs}
+ - get_attr: [RoleParametersValue, value]
step_config: |
include ::tripleo::profile::base::neutron::sriov
diff --git a/puppet/services/nova-api.yaml b/puppet/services/nova-api.yaml
index 835edf0a..fe2f2946 100644
--- a/puppet/services/nova-api.yaml
+++ b/puppet/services/nova-api.yaml
@@ -210,7 +210,7 @@ outputs:
register: bootstrap_node
- name: set is_bootstrap_node fact
tags: common
- set_fact: is_bootstrap_node={{bootstrap_node.stdout == ansible_hostname}}
+ set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
- name: Extra migration for nova tripleo/+bug/1656791
tags: step0,pre-upgrade
when: is_bootstrap_node
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index e39e997a..68a71e42 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -105,6 +105,22 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+ # Merging role-specific parameters (RoleParameters) with the default parameters.
+ # RoleParameters will have the precedence over the default parameters.
+ RoleParametersValue:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_replace:
+ - map_replace:
+ - nova::compute::vcpu_pin_set: NovaVcpuPinSet
+ nova::compute::reserved_host_memory: NovaReservedHostMemory
+ - values: {get_param: [RoleParameters]}
+ - values:
+ NovaVcpuPinSet: {get_param: NovaVcpuPinSet}
+ NovaReservedHostMemory: {get_param: NovaReservedHostMemory}
+
outputs:
role_data:
description: Role data for the Nova Compute service.
@@ -117,14 +133,18 @@ outputs:
config_settings:
map_merge:
- get_attr: [NovaBase, role_data, config_settings]
+ - get_attr: [RoleParametersValue, value]
- nova::compute::libvirt::manage_libvirt_services: false
nova::compute::pci_passthrough:
str_replace:
template: "JSON_PARAM"
params:
- JSON_PARAM: {get_param: NovaPCIPassthrough}
- nova::compute::vcpu_pin_set: {get_param: NovaVcpuPinSet}
- nova::compute::reserved_host_memory: {get_param: NovaReservedHostMemory}
+ map_replace:
+ - map_replace:
+ - JSON_PARAM: NovaPCIPassthrough
+ - values: {get_param: [RoleParameters]}
+ - values:
+ NovaPCIPassthrough: {get_param: NovaPCIPassthrough}
# we manage migration in nova common puppet profile
nova::compute::libvirt::migration_support: false
tripleo::profile::base::nova::manage_migration: true
diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml
index 20c38d8a..df234c77 100644
--- a/puppet/services/ovn-dbs.yaml
+++ b/puppet/services/ovn-dbs.yaml
@@ -44,6 +44,7 @@ outputs:
ovn::northbound::port: {get_param: OVNNorthboundServerPort}
ovn::southbound::port: {get_param: OVNSouthboundServerPort}
ovn::northd::dbs_listen_ip: {get_param: [ServiceNetMap, OvnDbsNetwork]}
+ tripleo::haproxy::ovn_dbs_manage_lb: true
tripleo.ovn_dbs.firewall_rules:
'121 OVN DB server ports':
proto: 'tcp'
diff --git a/puppet/services/pacemaker/ovn-dbs.yaml b/puppet/services/pacemaker/ovn-dbs.yaml
new file mode 100644
index 00000000..1cbb4763
--- /dev/null
+++ b/puppet/services/pacemaker/ovn-dbs.yaml
@@ -0,0 +1,61 @@
+heat_template_version: ocata
+
+description: >
+ OVN databases configured with puppet in HA mode
+
+parameters:
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ OVNNorthboundServerPort:
+ description: Port of the OVN Northbound DB server
+ type: number
+ default: 6641
+ OVNSouthboundServerPort:
+ description: Port of the OVN Southbound DB server
+ type: number
+ default: 6642
+
+resources:
+
+ OVNDBsBase:
+ type: ../ovn-dbs.yaml
+ properties:
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the OVN northd service
+ value:
+ service_name: ovn_dbs
+ config_settings:
+ map_merge:
+ - get_attr: [OVNDBsBase, role_data, config_settings]
+ - tripleo::haproxy::ovn_dbs_manage_lb: false
+ tripleo::profile::pacemaker::ovn_northd::nb_db_port: {get_param: OVNNorthboundServerPort}
+ tripleo::profile::pacemaker::ovn_northd::sb_db_port: {get_param: OVNSouthboundServerPort}
+ step_config: |
+ include ::tripleo::profile::pacemaker::ovn_northd
diff --git a/puppet/services/pacemaker_remote.yaml b/puppet/services/pacemaker_remote.yaml
index 74aaf599..c49b0848 100644
--- a/puppet/services/pacemaker_remote.yaml
+++ b/puppet/services/pacemaker_remote.yaml
@@ -34,6 +34,42 @@ parameters:
MonitoringSubscriptionPacemakerRemote:
default: 'overcloud-pacemaker_remote'
type: string
+ EnableFencing:
+ default: false
+ description: Whether to enable fencing in Pacemaker or not.
+ type: boolean
+ FencingConfig:
+ default: {}
+ description: |
+ Pacemaker fencing configuration. The JSON should have
+ the following structure:
+ {
+ "devices": [
+ {
+ "agent": "AGENT_NAME",
+ "host_mac": "HOST_MAC_ADDRESS",
+ "params": {"PARAM_NAME": "PARAM_VALUE"}
+ }
+ ]
+ }
+ For instance:
+ {
+ "devices": [
+ {
+ "agent": "fence_xvm",
+ "host_mac": "52:54:00:aa:bb:cc",
+ "params": {
+ "multicast_address": "225.0.0.12",
+ "port": "baremetal_0",
+ "manage_fw": true,
+ "manage_key_file": true,
+ "key_file": "/etc/fence_xvm.key",
+ "key_file_password": "abcdef"
+ }
+ }
+ ]
+ }
+ type: json
PacemakerRemoteLoggingSource:
type: json
default:
@@ -60,6 +96,8 @@ outputs:
proto: 'tcp'
dport:
- 3121
+ tripleo::fencing::config: {get_param: FencingConfig}
+ enable_fencing: {get_param: EnableFencing}
tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey}
step_config: |
include ::tripleo::profile::base::pacemaker_remote
diff --git a/puppet/services/panko-api.yaml b/puppet/services/panko-api.yaml
index a41e34f7..0289b7a7 100644
--- a/puppet/services/panko-api.yaml
+++ b/puppet/services/panko-api.yaml
@@ -84,8 +84,8 @@ outputs:
tripleo.panko_api.firewall_rules:
'140 panko-api':
dport:
- - 8779
- - 13779
+ - 8977
+ - 13977
panko::api::host:
str_replace:
template:
diff --git a/releasenotes/notes/Introduce-ManageKeystoneFernetKeys-parameter-2478cf5fc5e64256.yaml b/releasenotes/notes/Introduce-ManageKeystoneFernetKeys-parameter-2478cf5fc5e64256.yaml
new file mode 100644
index 00000000..64a4d7e7
--- /dev/null
+++ b/releasenotes/notes/Introduce-ManageKeystoneFernetKeys-parameter-2478cf5fc5e64256.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - This introduces the ManageKeystoneFernetKeys parameter, which tells
+ heat/puppet if it should replace the existing fernet keys on a stack
+ deployment or not. This is useful if the deployer wants to do key rotations
+ out of band.
diff --git a/releasenotes/notes/Use-KeystoneFernetKeys-parameter-bd635a106bb8e00f.yaml b/releasenotes/notes/Use-KeystoneFernetKeys-parameter-bd635a106bb8e00f.yaml
new file mode 100644
index 00000000..1e2673f1
--- /dev/null
+++ b/releasenotes/notes/Use-KeystoneFernetKeys-parameter-bd635a106bb8e00f.yaml
@@ -0,0 +1,10 @@
+---
+features:
+ - The KeystoneFernetKeys parameter was introduced, which is able to take any
+ amount of keys as long as it's in the right format. It's generated by the
+ same mechanism as the rest of the passwords; so it's value is also
+ available via mistral's "password" environment variable. This will also
+ allow for rotations to be made via mistral and via stack updates.
+deprecations:
+ - The individual keystone fernet key parameters (KeystoneFernetKey0 and
+ KeystoneFernetKey1) were deprecated in favor of KeystoneFernetKeys.
diff --git a/releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml b/releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml
new file mode 100644
index 00000000..73b9f9c9
--- /dev/null
+++ b/releasenotes/notes/add-cinder-nas-secure-parameters-53f9d6a6e9bc129b.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - Add parameters to control the Cinder NAS security settings associated
+ with the NFS and NetApp Cinder back ends. The settings are disabled
+ by default.
diff --git a/releasenotes/notes/baremetal-role-34cb48cc30d7bdb4.yaml b/releasenotes/notes/baremetal-role-34cb48cc30d7bdb4.yaml
new file mode 100644
index 00000000..51176426
--- /dev/null
+++ b/releasenotes/notes/baremetal-role-34cb48cc30d7bdb4.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - |
+ Add an example role ``roles/IronicConductor.yaml`` for a node with only
+ ironic-conductor and its (i)PXE service.
diff --git a/releasenotes/notes/change-panko-api-port-fb8967420cd036b1.yaml b/releasenotes/notes/change-panko-api-port-fb8967420cd036b1.yaml
new file mode 100644
index 00000000..353d16db
--- /dev/null
+++ b/releasenotes/notes/change-panko-api-port-fb8967420cd036b1.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+ - Changed panko api port to run on 8977 instead of 8779. 8779 is reserved
+ for trove. Hence changing to avoid conflicts.
diff --git a/releasenotes/notes/derive-params-custom-plan-env-3a810ff58a68e0ad.yaml b/releasenotes/notes/derive-params-custom-plan-env-3a810ff58a68e0ad.yaml
new file mode 100644
index 00000000..d8fcbfec
--- /dev/null
+++ b/releasenotes/notes/derive-params-custom-plan-env-3a810ff58a68e0ad.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - Added a custom plan-environment file for providing workflow specific
+ inputs for the derived parameters workflow.
diff --git a/releasenotes/notes/example-roles-d27c748090f6a154.yaml b/releasenotes/notes/example-roles-d27c748090f6a154.yaml
new file mode 100644
index 00000000..e27674da
--- /dev/null
+++ b/releasenotes/notes/example-roles-d27c748090f6a154.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - |
+ A set of example roles has been created in the roles folder in
+ tripleo-heat-templates. Management of services for roles should occur
+ in these role files rather than in roles_data.yaml.
diff --git a/releasenotes/notes/ironic-inspector-43441782bdf0f84e.yaml b/releasenotes/notes/ironic-inspector-43441782bdf0f84e.yaml
new file mode 100644
index 00000000..1fbdd1f8
--- /dev/null
+++ b/releasenotes/notes/ironic-inspector-43441782bdf0f84e.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - |
+ Add basic support for **ironic-inspector** in the overcloud. It is highly
+ experimental and is not yet recommended for production use.
diff --git a/releasenotes/notes/max-active-fernet-keys-f960f08838a75eee.yaml b/releasenotes/notes/max-active-fernet-keys-f960f08838a75eee.yaml
new file mode 100644
index 00000000..4c10753a
--- /dev/null
+++ b/releasenotes/notes/max-active-fernet-keys-f960f08838a75eee.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - KeystoneFernetMaxActiveKeys was introduced as a parameter to the keystone
+ profile. It sets the max_active_keys value of the keystone.conf file and
+ will subsequently be used by mistral to purge the keys in a mistral task.
diff --git a/releasenotes/notes/num-storage-sacks-f640be5fcd374a6b.yaml b/releasenotes/notes/num-storage-sacks-f640be5fcd374a6b.yaml
new file mode 100644
index 00000000..e5adb6a9
--- /dev/null
+++ b/releasenotes/notes/num-storage-sacks-f640be5fcd374a6b.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - Add support to configure number of sacks in gnocchi.
diff --git a/releasenotes/notes/ovn-ha-c0139ac519680872.yaml b/releasenotes/notes/ovn-ha-c0139ac519680872.yaml
new file mode 100644
index 00000000..d36f8364
--- /dev/null
+++ b/releasenotes/notes/ovn-ha-c0139ac519680872.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - Support HA for OVN db servers and ovn-northd using Pacemaker.
diff --git a/releasenotes/notes/pre-network-config-role-specific-b36cc4bd6383e493.yaml b/releasenotes/notes/pre-network-config-role-specific-b36cc4bd6383e493.yaml
new file mode 100644
index 00000000..95e9260b
--- /dev/null
+++ b/releasenotes/notes/pre-network-config-role-specific-b36cc4bd6383e493.yaml
@@ -0,0 +1,11 @@
+---
+features:
+ - PreNetworkConfig is modified to support role-specific parameters.
+upgrade:
+ - PreNetworkConfig takes a new parameter, RoleParameters. All the templates
+ associated with PreNetworkConfig should add this new parameter during
+ upgrade.
+deprecations:
+ - Parameters {{role}}KernelArgs, {{role}}TunedProfileName and
+ {{role}}HostCpusList are deprecated. Alternatively, role-specific
+ parameter support has been added with the same names.
diff --git a/releasenotes/notes/remove-ceilometer-cron-85362e197ba245a0.yaml b/releasenotes/notes/remove-ceilometer-cron-85362e197ba245a0.yaml
new file mode 100644
index 00000000..7854fa5c
--- /dev/null
+++ b/releasenotes/notes/remove-ceilometer-cron-85362e197ba245a0.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+ - Ceilometer expirer is deprecated in pike. During upgrade, the crontab thats
+ configured with ceilometer user will be removed to ensure the expirer
+ script is not running.
diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml
new file mode 100644
index 00000000..b0117400
--- /dev/null
+++ b/roles/BlockStorage.yaml
@@ -0,0 +1,29 @@
+###############################################################################
+# Role: BlockStorage #
+###############################################################################
+- name: BlockStorage
+ description: |
+ Cinder Block Storage node role
+ networks:
+ - InternalApi
+ - Storage
+ - StorageMgmt
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::BlockStorageCinderVolume
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
diff --git a/roles/CephStorage.yaml b/roles/CephStorage.yaml
new file mode 100644
index 00000000..647c4d5a
--- /dev/null
+++ b/roles/CephStorage.yaml
@@ -0,0 +1,27 @@
+###############################################################################
+# Role: CephStorage #
+###############################################################################
+- name: CephStorage
+ description: |
+ Ceph OSD Storage node role
+ networks:
+ - Storage
+ - StorageMgmt
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CephOSD
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
diff --git a/roles/Compute.yaml b/roles/Compute.yaml
new file mode 100644
index 00000000..75a6f608
--- /dev/null
+++ b/roles/Compute.yaml
@@ -0,0 +1,45 @@
+###############################################################################
+# Role: Compute #
+###############################################################################
+- name: Compute
+ description: |
+ Basic Compute Node role
+ CountDefault: 1
+ networks:
+ - InternalApi
+ - Tenant
+ - Storage
+ HostnameFormatDefault: '%stackname%-novacompute-%index%'
+ disable_upgrade_deployment: True
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CephClient
+ - OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::ComputeCeilometerAgent
+ - OS::TripleO::Services::ComputeNeutronCorePlugin
+ - OS::TripleO::Services::ComputeNeutronL3Agent
+ - OS::TripleO::Services::ComputeNeutronMetadataAgent
+ - OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
+ - OS::TripleO::Services::NeutronSriovAgent
+ - OS::TripleO::Services::NeutronVppAgent
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Vpp
diff --git a/roles/Controller.yaml b/roles/Controller.yaml
new file mode 100644
index 00000000..b0a13138
--- /dev/null
+++ b/roles/Controller.yaml
@@ -0,0 +1,127 @@
+###############################################################################
+# Role: Controller #
+###############################################################################
+- name: Controller
+ description: |
+ Controller role that has all the controler services loaded and handles
+ Database, Messaging and Network functions.
+ CountDefault: 1
+ tags:
+ - primary
+ - controller
+ networks:
+ - External
+ - InternalApi
+ - Storage
+ - StorageMgmt
+ - Tenant
+ HostnameFormatDefault: '%stackname%-controller-%index%'
+ ServicesDefault:
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::BarbicanApi
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentNotification
+ # FIXME: This service was disabled in Pike and this entry should be removed
+ # in Queens.
+ - OS::TripleO::Services::CeilometerExpirer
+ - OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::CephMds
+ - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CephRbdMirror
+ - OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderBackendDellPs
+ - OS::TripleO::Services::CinderBackendDellSc
+ - OS::TripleO::Services::CinderBackendNetApp
+ - OS::TripleO::Services::CinderBackendScaleIO
+ - OS::TripleO::Services::CinderBackup
+ - OS::TripleO::Services::CinderHPELeftHandISCSI
+ - OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Congress
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Ec2Api
+ - OS::TripleO::Services::Etcd
+ - OS::TripleO::Services::ExternalSwiftProxy
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::GnocchiApi
+ - OS::TripleO::Services::GnocchiMetricd
+ - OS::TripleO::Services::GnocchiStatsd
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::Horizon
+ - OS::TripleO::Services::IronicApi
+ - OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::ManilaApi
+ - OS::TripleO::Services::ManilaBackendCephFs
+ - OS::TripleO::Services::ManilaBackendGeneric
+ - OS::TripleO::Services::ManilaBackendNetapp
+ - OS::TripleO::Services::ManilaScheduler
+ - OS::TripleO::Services::ManilaShare
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronApi
+ - OS::TripleO::Services::NeutronBgpVpnApi
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL2gwAgent
+ - OS::TripleO::Services::NeutronL2gwApi
+ - OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
+ - OS::TripleO::Services::NeutronMetadataAgent
+ - OS::TripleO::Services::NeutronML2FujitsuCfab
+ - OS::TripleO::Services::NeutronML2FujitsuFossw
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::NeutronVppAgent
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaConsoleauth
+ - OS::TripleO::Services::NovaIronic
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::NovaVncProxy
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::OctaviaApi
+ - OS::TripleO::Services::OctaviaHealthManager
+ - OS::TripleO::Services::OctaviaHousekeeping
+ - OS::TripleO::Services::OctaviaWorker
+ - OS::TripleO::Services::OpenDaylightApi
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::PankoApi
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::SaharaApi
+ - OS::TripleO::Services::SaharaEngine
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::Tacker
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Vpp
+ - OS::TripleO::Services::Zaqar
diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml
new file mode 100644
index 00000000..6cf2120e
--- /dev/null
+++ b/roles/ControllerOpenstack.yaml
@@ -0,0 +1,104 @@
+###############################################################################
+# Role: ControllerOpenstack #
+###############################################################################
+- name: ControllerOpenstack
+ description: |
+ Controller role that does not contain the database, messaging and networking
+ components. Use in combination with the Database, Messaging and Networker
+ roles.
+ tags:
+ - primary
+ - controller
+ networks:
+ - External
+ - InternalApi
+ - Storage
+ - StorageMgmt
+ - Tenant
+ HostnameFormatDefault: '%stackname%-controller-%index%'
+ ServicesDefault:
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::BarbicanApi
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentNotification
+ - OS::TripleO::Services::CeilometerApi
+ - OS::TripleO::Services::CeilometerExpirer
+ - OS::TripleO::Services::CephExternal
+ - OS::TripleO::Services::CephMds
+ - OS::TripleO::Services::CephMon
+ - OS::TripleO::Services::CephRbdMirror
+ - OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::CinderApi
+ - OS::TripleO::Services::CinderBackup
+ - OS::TripleO::Services::CinderHPELeftHandISCSI
+ - OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Congress
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Ec2Api
+ - OS::TripleO::Services::Etcd
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::GnocchiApi
+ - OS::TripleO::Services::GnocchiMetricd
+ - OS::TripleO::Services::GnocchiStatsd
+ - OS::TripleO::Services::HAproxy
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatApiCloudwatch
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::Horizon
+ - OS::TripleO::Services::IronicApi
+ - OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::ManilaApi
+ - OS::TripleO::Services::ManilaBackendCephFs
+ - OS::TripleO::Services::ManilaBackendGeneric
+ - OS::TripleO::Services::ManilaBackendNetapp
+ - OS::TripleO::Services::ManilaScheduler
+ - OS::TripleO::Services::ManilaShare
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaConsoleauth
+ - OS::TripleO::Services::NovaIronic
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::NovaVncProxy
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::OctaviaApi
+ - OS::TripleO::Services::OctaviaHealthManager
+ - OS::TripleO::Services::OctaviaHousekeeping
+ - OS::TripleO::Services::OctaviaWorker
+ - OS::TripleO::Services::OpenDaylightApi
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::PankoApi
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::SaharaApi
+ - OS::TripleO::Services::SaharaEngine
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::Tacker
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Vpp
+ - OS::TripleO::Services::Zaqar
+
diff --git a/roles/Database.yaml b/roles/Database.yaml
new file mode 100644
index 00000000..75b26a8c
--- /dev/null
+++ b/roles/Database.yaml
@@ -0,0 +1,25 @@
+###############################################################################
+# Role: Database #
+###############################################################################
+- name: Database
+ description: |
+ Standalone database role with the database being managed via Pacemaker
+ networks:
+ - InternalApi
+ HostnameFormatDefault: '%stackname%-database-%index%'
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+
diff --git a/roles/IronicConductor.yaml b/roles/IronicConductor.yaml
new file mode 100644
index 00000000..8a29b337
--- /dev/null
+++ b/roles/IronicConductor.yaml
@@ -0,0 +1,21 @@
+###############################################################################
+# Role: IronicConductor #
+###############################################################################
+- name: IronicConductor
+ description: |
+ Ironic Conductor node role
+ HostnameFormatDefault: '%stackname%-ironic-%index%'
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
diff --git a/roles/Messaging.yaml b/roles/Messaging.yaml
new file mode 100644
index 00000000..5b06063f
--- /dev/null
+++ b/roles/Messaging.yaml
@@ -0,0 +1,24 @@
+###############################################################################
+# Role: Messaging #
+###############################################################################
+- name: Messaging
+ description: |
+ Standalone messaging role with RabbitMQ being managed via Pacemaker
+ networks:
+ - InternalApi
+ HostnameFormatDefault: '%stackname%-messaging-%index%'
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+
diff --git a/roles/Networker.yaml b/roles/Networker.yaml
new file mode 100644
index 00000000..a28eaa63
--- /dev/null
+++ b/roles/Networker.yaml
@@ -0,0 +1,38 @@
+###############################################################################
+# Role: Networker #
+###############################################################################
+- name: Networker
+ description: |
+ Standalone networking role to run Neutron services their own. Includes
+ Pacemaker integration via PacemakerRemote
+ networks:
+ - InternalApi
+ HostnameFormatDefault: '%stackname%-networker-%index%'
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronApi
+ - OS::TripleO::Services::NeutronBgpvpnApi
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL2gwAgent
+ - OS::TripleO::Services::NeutronL2gwApi
+ - OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronMetadataAgent
+ - OS::TripleO::Services::NeutronML2FujitsuCfab
+ - OS::TripleO::Services::NeutronML2FujitsuFossw
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::NeutronVppAgent
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::PacemakerRemote
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+
diff --git a/roles/ObjectStorage.yaml b/roles/ObjectStorage.yaml
new file mode 100644
index 00000000..27dc1233
--- /dev/null
+++ b/roles/ObjectStorage.yaml
@@ -0,0 +1,30 @@
+###############################################################################
+# Role: ObjectStorage #
+###############################################################################
+- name: ObjectStorage
+ description: |
+ Swift Object Storage node role
+ networks:
+ - InternalApi
+ - Storage
+ - StorageMgmt
+ disable_upgrade_deployment: True
+ ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
diff --git a/roles/README.rst b/roles/README.rst
new file mode 100644
index 00000000..cd1fcb47
--- /dev/null
+++ b/roles/README.rst
@@ -0,0 +1,210 @@
+Roles
+=====
+
+The yaml files in this directory can be combined into a single roles_data.yaml
+and be used with TripleO to create custom deployments.
+
+Use tripleoclient to build your own custom roles_data.yaml for your
+environment.
+
+roles_data.yaml
+---------------
+
+The roles_data.yaml specifies which roles (groups of nodes) will be deployed.
+Note this file is used as an input the the various \*.j2.yaml jinja2 templates,
+so that they are converted into \*.yaml during the plan creation. This occurs
+via a mistral action/workflow. The file format of this file is a yaml list.
+
+Role YAML files
+===============
+
+Each role yaml file should contain only a single role. The filename should
+match the role name. The name of the role is mandatory and must be unique.
+
+The role files in this folder should contain at least a role name and the
+default list of services for the role.
+
+Role Options
+------------
+
+* CountDefault: (number) optional, default number of nodes, defaults to 0
+ sets the default for the {{role.name}}Count parameter in overcloud.yaml
+
+* HostnameFormatDefault: (string) optional default format string for hostname
+ defaults to '%stackname%-{{role.name.lower()}}-%index%'
+ sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml
+
+* disable_constraints: (boolean) optional, whether to disable Nova and Glance
+ constraints for each role specified in the templates.
+
+* disable_upgrade_deployment: (boolean) optional, whether to run the
+ ansible upgrade steps for all services that are deployed on the role. If set
+ to True, the operator will drive the upgrade for this role's nodes.
+
+* upgrade_batch_size: (number): batch size for upgrades where tasks are
+ specified by services to run in batches vs all nodes at once.
+ This defaults to 1, but larger batches may be specified here.
+
+* ServicesDefault: (list) optional default list of services to be deployed
+ on the role, defaults to an empty list. Sets the default for the
+ {{role.name}}Services parameter in overcloud.yaml
+
+* tags: (list) list of tags used by other parts of the deployment process to
+ find the role for a specific type of functionality. Currently a role
+ with both 'primary' and 'controller' is used as the primary role for the
+ deployment process. If no roles have have 'primary' and 'controller', the
+ first role in this file is used as the primary role.
+
+* description: (string) as few sentences describing the role and information
+ pertaining to the usage of the role.
+
+ * networks: (list), optional list of networks which the role will have
+ access to when network isolation is enabled. The names should match
+ those defined in network_data.yaml.
+
+Working with Roles
+==================
+The tripleoclient provides a series of commands that can be used to view
+roles and generate a roles_data.yaml file for deployment.
+
+Listing Available Roles
+-----------------------
+The ``openstack overcloud role list`` command can be used to view the list
+of roles provided by tripleo-heat-templates.
+
+Usage
+^^^^^
+.. code-block::
+
+ usage: openstack overcloud role list [-h] [--roles-path <roles directory>]
+
+ List availables roles
+
+ optional arguments:
+ -h, --help show this help message and exit
+ --roles-path <roles directory>
+ Filesystem path containing the role yaml files. By
+ default this is /usr/share/openstack-tripleo-heat-
+ templates/roles
+
+Example
+^^^^^^^
+.. code-block::
+
+ [user@host ~]$ openstack overcloud role list
+ BlockStorage
+ CephStorage
+ Compute
+ Controller
+ ControllerOpenstack
+ Database
+ Messaging
+ Networker
+ ObjectStorage
+ Telemetry
+ Undercloud
+
+Viewing Role Details
+--------------------
+The ``openstack overcloud role show`` command can be used as a quick way to
+view some of the information about a role.
+
+Usage
+^^^^^
+.. code-block::
+
+ usage: openstack overcloud role show [-h] [--roles-path <roles directory>]
+ <role>
+
+ Show information about a given role
+
+ positional arguments:
+ <role> Role to display more information about.
+
+ optional arguments:
+ -h, --help show this help message and exit
+ --roles-path <roles directory>
+ Filesystem path containing the role yaml files. By
+ default this is /usr/share/openstack-tripleo-heat-
+ templates/roles
+
+Example
+^^^^^^^
+.. code-block::
+
+ [user@host ~]$ openstack overcloud role show Compute
+ ###############################################################################
+ # Role Data for 'Compute'
+ ###############################################################################
+ HostnameFormatDefault: '%stackname%-novacompute-%index%'
+ ServicesDefault:
+ * OS::TripleO::Services::AuditD
+ * OS::TripleO::Services::CACerts
+ * OS::TripleO::Services::CephClient
+ * OS::TripleO::Services::CephExternal
+ * OS::TripleO::Services::CertmongerUser
+ * OS::TripleO::Services::Collectd
+ * OS::TripleO::Services::ComputeCeilometerAgent
+ * OS::TripleO::Services::ComputeNeutronCorePlugin
+ * OS::TripleO::Services::ComputeNeutronL3Agent
+ * OS::TripleO::Services::ComputeNeutronMetadataAgent
+ * OS::TripleO::Services::ComputeNeutronOvsAgent
+ * OS::TripleO::Services::Docker
+ * OS::TripleO::Services::FluentdClient
+ * OS::TripleO::Services::Kernel
+ * OS::TripleO::Services::MySQLClient
+ * OS::TripleO::Services::NeutronSriovAgent
+ * OS::TripleO::Services::NeutronVppAgent
+ * OS::TripleO::Services::NovaCompute
+ * OS::TripleO::Services::NovaLibvirt
+ * OS::TripleO::Services::Ntp
+ * OS::TripleO::Services::OpenDaylightOvs
+ * OS::TripleO::Services::Securetty
+ * OS::TripleO::Services::SensuClient
+ * OS::TripleO::Services::Snmp
+ * OS::TripleO::Services::Sshd
+ * OS::TripleO::Services::Timezone
+ * OS::TripleO::Services::TripleoFirewall
+ * OS::TripleO::Services::TripleoPackages
+ * OS::TripleO::Services::Vpp
+ name: 'Compute'
+
+Generate roles_data.yaml
+------------------------
+The ``openstack overcloud roles generate`` command can be used to generate
+a roles_data.yaml file for deployments.
+
+Usage
+^^^^^
+.. code-block::
+
+ usage: openstack overcloud roles generate [-h]
+ [--roles-path <roles directory>]
+ [-o <output file>]
+ <role> [<role> ...]
+
+ Generate roles_data.yaml file
+
+ positional arguments:
+ <role> List of roles to use to generate the roles_data.yaml
+ file for the deployment. NOTE: Ordering is important
+ if no role has the "primary" and "controller" tags. If
+ no role is tagged then the first role listed will be
+ considered the primary role. This usually is the
+ controller role.
+
+ optional arguments:
+ -h, --help show this help message and exit
+ --roles-path <roles directory>
+ Filesystem path containing the role yaml files. By
+ default this is /usr/share/openstack-tripleo-heat-
+ templates/roles
+ -o <output file>, --output-file <output file>
+ File to capture all output to. For example,
+ roles_data.yaml
+
+Example
+^^^^^^^
+.. code-block::
+
+ [user@host ~]$ openstack overcloud roles generate -o roles_data.yaml Controller Compute BlockStorage ObjectStorage CephStorage
diff --git a/roles/Telemetry.yaml b/roles/Telemetry.yaml
new file mode 100644
index 00000000..d23ab6e3
--- /dev/null
+++ b/roles/Telemetry.yaml
@@ -0,0 +1,32 @@
+###############################################################################
+# Role: Telemetry #
+###############################################################################
+- name: Telemetry
+ description: |
+ Telemetry role that has all the telemetry services.
+ networks:
+ - InternalApi
+ HostnameFormatDefault: '%stackname%-telemetry-%index%'
+ ServicesDefault:
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentNotification
+ - OS::TripleO::Services::CeilometerApi
+ - OS::TripleO::Services::CeilometerExpirer
+ - OS::TripleO::Services::GnocchiApi
+ - OS::TripleO::Services::GnocchiMetricd
+ - OS::TripleO::Services::GnocchiStatsd
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::PankoApi
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
+
diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml
new file mode 100644
index 00000000..bcdedc71
--- /dev/null
+++ b/roles/Undercloud.yaml
@@ -0,0 +1,56 @@
+###############################################################################
+# Role: Undercloud #
+###############################################################################
+- name: Undercloud
+ description: |
+ EXPERIMENTAL. A role to deploy the undercloud via heat using the 'openstack
+ undercloud deploy' command.
+ CountDefault: 1
+ disable_constraints: True
+ tags:
+ - primary
+ - controller
+ ServicesDefault:
+ - OS::TripleO::Services::Apache
+ - OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::IronicApi
+ - OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::IronicPxe
+ - OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::MistralApi
+ - OS::TripleO::Services::MistralEngine
+ - OS::TripleO::Services::MistralExecutor
+ - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::NeutronApi
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaIronic
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::UndercloudAodhApi
+ - OS::TripleO::Services::UndercloudAodhEvaluator
+ - OS::TripleO::Services::UndercloudAodhListener
+ - OS::TripleO::Services::UndercloudAodhNotifier
+ - OS::TripleO::Services::UndercloudCeilometerAgentCentral
+ - OS::TripleO::Services::UndercloudCeilometerAgentNotification
+ - OS::TripleO::Services::UndercloudGnocchiApi
+ - OS::TripleO::Services::UndercloudGnocchiMetricd
+ - OS::TripleO::Services::UndercloudGnocchiStatsd
+ - OS::TripleO::Services::UndercloudPankoApi
+ - OS::TripleO::Services::Zaqar
diff --git a/roles_data.yaml b/roles_data.yaml
index 86cd3f0d..f96e5625 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -1,248 +1,261 @@
-# Specifies which roles (groups of nodes) will be deployed
-# Note this is used as an input to the various *.j2.yaml
-# jinja2 templates, so that they are converted into *.yaml
-# during the plan creation (via a mistral action/workflow).
-#
-# The format is a list, with the following format:
-#
-# * name: (string) mandatory, name of the role, must be unique
-#
-# CountDefault: (number) optional, default number of nodes, defaults to 0
-# sets the default for the {{role.name}}Count parameter in overcloud.yaml
-#
-# HostnameFormatDefault: (string) optional default format string for hostname
-# defaults to '%stackname%-{{role.name.lower()}}-%index%'
-# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml
-#
-# disable_constraints: (boolean) optional, whether to disable Nova and Glance
-# constraints for each role specified in the templates.
-#
-# disable_upgrade_deployment: (boolean) optional, whether to run the
-# ansible upgrade steps for all services that are deployed on the role. If set
-# to True, the operator will drive the upgrade for this role's nodes.
-#
-# upgrade_batch_size: (number): batch size for upgrades where tasks are
-# specified by services to run in batches vs all nodes at once.
-# This defaults to 1, but larger batches may be specified here.
-#
-# ServicesDefault: (list) optional default list of services to be deployed
-# on the role, defaults to an empty list. Sets the default for the
-# {{role.name}}Services parameter in overcloud.yaml
-#
-# tags: (list) list of tags used by other parts of the deployment process to
-# find the role for a specific type of functionality. Currently a role
-# with both 'primary' and 'controller' is used as the primary role for the
-# deployment process. If no roles have have 'primary' and 'controller', the
-# first role in this file is used as the primary role.
-#
+###############################################################################
+# File generated by tripleoclient
+###############################################################################
+###############################################################################
+# Role: Controller #
+###############################################################################
- name: Controller
+ description: |
+ Controller role that has all the controler services loaded and handles
+ Database, Messaging and Network functions.
CountDefault: 1
tags:
- primary
- controller
+ networks:
+ - External
+ - InternalApi
+ - Storage
+ - StorageMgmt
+ - Tenant
+ HostnameFormatDefault: '%stackname%-controller-%index%'
ServicesDefault:
+ - OS::TripleO::Services::AodhApi
+ - OS::TripleO::Services::AodhEvaluator
+ - OS::TripleO::Services::AodhListener
+ - OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::BarbicanApi
- OS::TripleO::Services::CACerts
- - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::CeilometerAgentCentral
+ - OS::TripleO::Services::CeilometerAgentNotification
+ # FIXME: This service was disabled in Pike and this entry should be removed
+ # in Queens.
+ - OS::TripleO::Services::CeilometerExpirer
+ - OS::TripleO::Services::CephExternal
- OS::TripleO::Services::CephMds
- OS::TripleO::Services::CephMon
- - OS::TripleO::Services::CephExternal
- OS::TripleO::Services::CephRbdMirror
- OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CinderApi
- - OS::TripleO::Services::CinderBackup
- - OS::TripleO::Services::CinderScheduler
- - OS::TripleO::Services::CinderVolume
- OS::TripleO::Services::CinderBackendDellPs
- OS::TripleO::Services::CinderBackendDellSc
- OS::TripleO::Services::CinderBackendNetApp
- OS::TripleO::Services::CinderBackendScaleIO
+ - OS::TripleO::Services::CinderBackup
+ - OS::TripleO::Services::CinderHPELeftHandISCSI
+ - OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Collectd
- OS::TripleO::Services::Congress
- - OS::TripleO::Services::Kernel
- - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::Ec2Api
+ - OS::TripleO::Services::Etcd
+ - OS::TripleO::Services::ExternalSwiftProxy
+ - OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::GlanceApi
+ - OS::TripleO::Services::GnocchiApi
+ - OS::TripleO::Services::GnocchiMetricd
+ - OS::TripleO::Services::GnocchiStatsd
+ - OS::TripleO::Services::HAproxy
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::Horizon
+ - OS::TripleO::Services::IronicApi
+ - OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Keepalived
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::ManilaApi
+ - OS::TripleO::Services::ManilaBackendCephFs
+ - OS::TripleO::Services::ManilaBackendGeneric
+ - OS::TripleO::Services::ManilaBackendNetapp
+ - OS::TripleO::Services::ManilaScheduler
+ - OS::TripleO::Services::ManilaShare
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::MongoDb
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronApi
- OS::TripleO::Services::NeutronBgpVpnApi
+ - OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronL2gwAgent
- OS::TripleO::Services::NeutronL2gwApi
- OS::TripleO::Services::NeutronL3Agent
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronMetadataAgent
- - OS::TripleO::Services::NeutronApi
- - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronML2FujitsuCfab
+ - OS::TripleO::Services::NeutronML2FujitsuFossw
- OS::TripleO::Services::NeutronOvsAgent
- - OS::TripleO::Services::NeutronL2gwAgent
- - OS::TripleO::Services::NeutronLinuxbridgeAgent
- - OS::TripleO::Services::RabbitMQ
- - OS::TripleO::Services::HAproxy
- - OS::TripleO::Services::Keepalived
- - OS::TripleO::Services::Memcached
- - OS::TripleO::Services::Pacemaker
- - OS::TripleO::Services::Redis
- - OS::TripleO::Services::NovaConductor
- - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::NovaApi
- - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaConsoleauth
+ - OS::TripleO::Services::NovaIronic
- OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaScheduler
- - OS::TripleO::Services::NovaConsoleauth
- OS::TripleO::Services::NovaVncProxy
- - OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::Ntp
- - OS::TripleO::Services::SwiftProxy
- - OS::TripleO::Services::ExternalSwiftProxy
- - OS::TripleO::Services::SwiftStorage
- - OS::TripleO::Services::SwiftRingBuilder
- - OS::TripleO::Services::Snmp
- - OS::TripleO::Services::Sshd
- - OS::TripleO::Services::Securetty
- - OS::TripleO::Services::Timezone
- # FIXME: This service was disabled in Pike and this entry should be removed
- # in Queens.
- - OS::TripleO::Services::CeilometerExpirer
- - OS::TripleO::Services::CeilometerAgentCentral
- - OS::TripleO::Services::CeilometerAgentNotification
- - OS::TripleO::Services::Horizon
- - OS::TripleO::Services::GnocchiApi
- - OS::TripleO::Services::GnocchiMetricd
- - OS::TripleO::Services::GnocchiStatsd
- - OS::TripleO::Services::ManilaApi
- - OS::TripleO::Services::ManilaScheduler
- - OS::TripleO::Services::ManilaBackendGeneric
- - OS::TripleO::Services::ManilaBackendNetapp
- - OS::TripleO::Services::ManilaBackendCephFs
- - OS::TripleO::Services::ManilaShare
- - OS::TripleO::Services::AodhApi
- - OS::TripleO::Services::AodhEvaluator
- - OS::TripleO::Services::AodhNotifier
- - OS::TripleO::Services::AodhListener
- - OS::TripleO::Services::SaharaApi
- - OS::TripleO::Services::SaharaEngine
- - OS::TripleO::Services::IronicApi
- - OS::TripleO::Services::IronicConductor
- - OS::TripleO::Services::NovaIronic
- - OS::TripleO::Services::TripleoPackages
- - OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::OpenDaylightApi
- - OS::TripleO::Services::OpenDaylightOvs
- - OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::Collectd
- - OS::TripleO::Services::BarbicanApi
- - OS::TripleO::Services::PankoApi
- - OS::TripleO::Services::Tacker
- - OS::TripleO::Services::Zaqar
- - OS::TripleO::Services::OVNDBs
- - OS::TripleO::Services::NeutronML2FujitsuCfab
- - OS::TripleO::Services::NeutronML2FujitsuFossw
- - OS::TripleO::Services::CinderHPELeftHandISCSI
- - OS::TripleO::Services::Etcd
- - OS::TripleO::Services::AuditD
- OS::TripleO::Services::OctaviaApi
- OS::TripleO::Services::OctaviaHealthManager
- OS::TripleO::Services::OctaviaHousekeeping
- OS::TripleO::Services::OctaviaWorker
+ - OS::TripleO::Services::OpenDaylightApi
+ - OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::OVNDBs
+ - OS::TripleO::Services::Pacemaker
+ - OS::TripleO::Services::PankoApi
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::Redis
+ - OS::TripleO::Services::SaharaApi
+ - OS::TripleO::Services::SaharaEngine
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::Tacker
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Vpp
- - OS::TripleO::Services::NeutronVppAgent
- - OS::TripleO::Services::Docker
-
+ - OS::TripleO::Services::Zaqar
+###############################################################################
+# Role: Compute #
+###############################################################################
- name: Compute
+ description: |
+ Basic Compute Node role
CountDefault: 1
+ networks:
+ - InternalApi
+ - Tenant
+ - Storage
HostnameFormatDefault: '%stackname%-novacompute-%index%'
disable_upgrade_deployment: True
ServicesDefault:
+ - OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CephClient
- OS::TripleO::Services::CephExternal
- - OS::TripleO::Services::Timezone
- - OS::TripleO::Services::Ntp
- - OS::TripleO::Services::Snmp
- - OS::TripleO::Services::Sshd
- - OS::TripleO::Services::Securetty
- - OS::TripleO::Services::NovaCompute
- - OS::TripleO::Services::NovaLibvirt
- - OS::TripleO::Services::Kernel
- - OS::TripleO::Services::ComputeNeutronCorePlugin
- - OS::TripleO::Services::ComputeNeutronOvsAgent
- - OS::TripleO::Services::NeutronLinuxbridgeAgent
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
- OS::TripleO::Services::ComputeCeilometerAgent
+ - OS::TripleO::Services::ComputeNeutronCorePlugin
- OS::TripleO::Services::ComputeNeutronL3Agent
- OS::TripleO::Services::ComputeNeutronMetadataAgent
- - OS::TripleO::Services::TripleoPackages
- - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronLinuxbridgeAgent
- OS::TripleO::Services::NeutronSriovAgent
+ - OS::TripleO::Services::NeutronVppAgent
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::Ntp
- OS::TripleO::Services::OpenDaylightOvs
+ - OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::AuditD
- - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Snmp
+ - OS::TripleO::Services::Sshd
+ - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::TripleoFirewall
+ - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::Vpp
- - OS::TripleO::Services::NeutronVppAgent
- - OS::TripleO::Services::MySQLClient
- - OS::TripleO::Services::Docker
-
+###############################################################################
+# Role: BlockStorage #
+###############################################################################
- name: BlockStorage
+ description: |
+ Cinder Block Storage node role
+ networks:
+ - InternalApi
+ - Storage
+ - StorageMgmt
ServicesDefault:
+ - OS::TripleO::Services::AuditD
+ - OS::TripleO::Services::BlockStorageCinderVolume
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
- - OS::TripleO::Services::BlockStorageCinderVolume
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
+ - OS::TripleO::Services::Iscsid
- OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
- - OS::TripleO::Services::Timezone
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- - OS::TripleO::Services::Securetty
- - OS::TripleO::Services::TripleoPackages
+ - OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::AuditD
- - OS::TripleO::Services::Collectd
- - OS::TripleO::Services::MySQLClient
- - OS::TripleO::Services::Docker
-
+ - OS::TripleO::Services::TripleoPackages
+###############################################################################
+# Role: ObjectStorage #
+###############################################################################
- name: ObjectStorage
+ description: |
+ Swift Object Storage node role
+ networks:
+ - InternalApi
+ - Storage
+ - StorageMgmt
disable_upgrade_deployment: True
ServicesDefault:
+ - OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
- - OS::TripleO::Services::SwiftStorage
- - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::Timezone
- - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::AuditD
- - OS::TripleO::Services::Collectd
- - OS::TripleO::Services::MySQLClient
- - OS::TripleO::Services::Docker
-
+ - OS::TripleO::Services::TripleoPackages
+###############################################################################
+# Role: CephStorage #
+###############################################################################
- name: CephStorage
+ description: |
+ Ceph OSD Storage node role
+ networks:
+ - Storage
+ - StorageMgmt
ServicesDefault:
+ - OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
- - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CephOSD
+ - OS::TripleO::Services::CertmongerUser
+ - OS::TripleO::Services::Collectd
+ - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
+ - OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::Securetty
+ - OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- - OS::TripleO::Services::Securetty
- OS::TripleO::Services::Timezone
- - OS::TripleO::Services::TripleoPackages
- OS::TripleO::Services::TripleoFirewall
- - OS::TripleO::Services::SensuClient
- - OS::TripleO::Services::FluentdClient
- - OS::TripleO::Services::AuditD
- - OS::TripleO::Services::Collectd
- - OS::TripleO::Services::MySQLClient
- - OS::TripleO::Services::Docker
+ - OS::TripleO::Services::TripleoPackages
diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml
index d57c8fc6..783df91d 100644
--- a/roles_data_undercloud.yaml
+++ b/roles_data_undercloud.yaml
@@ -1,49 +1,61 @@
+###############################################################################
+# File generated by tripleoclient
+###############################################################################
+###############################################################################
+# Role: Undercloud #
+###############################################################################
- name: Undercloud
+ description: |
+ EXPERIMENTAL. A role to deploy the undercloud via heat using the 'openstack
+ undercloud deploy' command.
CountDefault: 1
disable_constraints: True
tags:
- primary
- controller
ServicesDefault:
- - OS::TripleO::Services::Ntp
- - OS::TripleO::Services::MySQL
- - OS::TripleO::Services::MongoDb
- - OS::TripleO::Services::Keystone
- OS::TripleO::Services::Apache
- - OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::GlanceApi
- - OS::TripleO::Services::SwiftProxy
- - OS::TripleO::Services::SwiftStorage
- - OS::TripleO::Services::SwiftRingBuilder
- - OS::TripleO::Services::Memcached
- OS::TripleO::Services::HeatApi
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatEngine
- - OS::TripleO::Services::NovaApi
- - OS::TripleO::Services::NovaPlacement
- - OS::TripleO::Services::NovaMetadata
- - OS::TripleO::Services::NovaScheduler
- - OS::TripleO::Services::NovaConductor
- - OS::TripleO::Services::MistralEngine
- - OS::TripleO::Services::MistralApi
- - OS::TripleO::Services::MistralExecutor
- OS::TripleO::Services::IronicApi
- OS::TripleO::Services::IronicConductor
+ - OS::TripleO::Services::IronicInspector
- OS::TripleO::Services::IronicPxe
- - OS::TripleO::Services::NovaIronic
- - OS::TripleO::Services::Zaqar
- - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::Iscsid
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::MistralApi
+ - OS::TripleO::Services::MistralEngine
+ - OS::TripleO::Services::MistralExecutor
+ - OS::TripleO::Services::MongoDb
+ - OS::TripleO::Services::MySQL
- OS::TripleO::Services::NeutronApi
- OS::TripleO::Services::NeutronCorePlugin
- - OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronOvsAgent
+ - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::NovaApi
+ - OS::TripleO::Services::NovaConductor
+ - OS::TripleO::Services::NovaIronic
+ - OS::TripleO::Services::NovaMetadata
+ - OS::TripleO::Services::NovaPlacement
+ - OS::TripleO::Services::NovaScheduler
+ - OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::UndercloudAodhApi
- OS::TripleO::Services::UndercloudAodhEvaluator
- - OS::TripleO::Services::UndercloudAodhNotifier
- OS::TripleO::Services::UndercloudAodhListener
+ - OS::TripleO::Services::UndercloudAodhNotifier
+ - OS::TripleO::Services::UndercloudCeilometerAgentCentral
+ - OS::TripleO::Services::UndercloudCeilometerAgentIpmi
+ - OS::TripleO::Services::UndercloudCeilometerAgentNotification
- OS::TripleO::Services::UndercloudGnocchiApi
- OS::TripleO::Services::UndercloudGnocchiMetricd
- OS::TripleO::Services::UndercloudGnocchiStatsd
- OS::TripleO::Services::UndercloudPankoApi
- - OS::TripleO::Services::UndercloudCeilometerAgentCentral
- - OS::TripleO::Services::UndercloudCeilometerAgentNotification
+ - OS::TripleO::Services::Zaqar
diff --git a/sample-env-generator/README.rst b/sample-env-generator/README.rst
new file mode 100644
index 00000000..32e94f98
--- /dev/null
+++ b/sample-env-generator/README.rst
@@ -0,0 +1,160 @@
+Sample Environment Generator
+----------------------------
+
+This is a tool to automate the generation of our sample environment
+files. It takes a yaml file as input, and based on the environments
+defined in that file generates a number of sample environment files
+from the parameters in the Heat templates.
+
+Usage
+=====
+
+The simplest case is when an existing sample environment needs to be
+updated to reflect changes in the templates. Use the tox ``genconfig``
+target to do this::
+
+ tox -e genconfig
+
+.. note:: The tool should be run from the root directory of the
+ ``tripleo-heat-templates`` project.
+
+If a new sample environment is needed, it should be added to the
+appropriate file in the ``sample-env-generator/`` directory. The existing
+entries in the files can be used as examples, and a more detailed
+explanation of the different available keys is below:
+
+Top-level:
+- **environments**: This is the top-level key in the file. All other keys
+ below should appear in a list of dictionaries that define environments.
+
+Environment-specific:
+- **name**: the output file will be this name + .yaml, in the
+ ``environments`` directory.
+- **title**: a human-readable title for the environment.
+- **description**: A description of the environment. Will be included
+ as a comment at the top of the sample file.
+- **files**: The Heat templates containing the parameter definitions
+ for the environment. Should be specified as a path relative to the
+ root of the ``tripleo-heat-templates`` project. For example:
+ ``puppet/extraconfig/tls/tls-cert-inject.yaml:``. Each filename
+ should be a YAML dictionary that contains a ``parameters`` entry.
+- **parameters**: There should be one ``parameters`` entry per file in the
+ ``files`` section (see the example configuration below).
+ This can be either a list of parameters related to
+ the environment, which is necessary for templates like
+ overcloud.yaml, or the string 'all', which indicates that all
+ parameters from the file should be included.
+- **static**: Can be used to specify that certain parameters must
+ not be changed. Examples would be the EnableSomething params
+ in the templates. When writing a sample config for Something,
+ ``EnableSomething: True`` would be a static param, since it
+ would be nonsense to include the environment with it set to any other
+ value.
+- **sample_values**: Sometimes it is useful to include a sample value
+ for a parameter that is not the parameter's actual default.
+ An example of this is the SSLCertificate param in the enable-tls
+ environment file.
+- **resource_registry**: Many environments also need to pass
+ resource_registry entries when they are used. This can be used
+ to specify that in the configuration file.
+- **children**: For environments that share a lot of common values but may
+ need minor variations for different use cases, sample environment entries
+ can be nested. ``children`` takes a list of environments with the same
+ structure as the top-level ``environments`` key. The main difference is
+ that all keys are optional, and any that are omitted will be inherited from
+ the parent environment definition.
+
+Some behavioral notes:
+
+- Parameters without default values will be marked as mandatory to indicate
+ that the user must set a value for them.
+- It is no longer recommended to set parameters using the ``parameters``
+ section. Instead, all parameters should be set as ``parameter_defaults``
+ which will work regardless of whether the parameter is top-level or nested.
+ Therefore, the tool will always set parameters in the ``parameter_defaults``
+ section.
+- Parameters whose name begins with the _ character are treated as private.
+ This indicates that the parameter value will be passed in from another
+ template and does not need to be exposed directly to the user.
+
+If adding a new environment, don't forget to add the new file to the
+git repository so it will be included with the review.
+
+Example
+=======
+
+Given a Heat template named ``example.yaml`` that looks like::
+
+ parameters:
+ EnableExample:
+ default: False
+ description: Enable the example feature
+ type: boolean
+ ParamOne:
+ default: one
+ description: First example param
+ type: string
+ ParamTwo:
+ description: Second example param
+ type: number
+ _PrivateParam:
+ default: does not matter
+ description: Will not show up
+ type: string
+
+And an environment generator entry that looks like::
+
+ environments:
+ -
+ name: example
+ title: Example Environment
+ description: |
+ An example environment demonstrating how to use the sample
+ environment generator. This text will be included at the top
+ of the generated file as a comment.
+ files:
+ example.yaml:
+ parameters: all
+ sample_values:
+ EnableExample: True
+ static:
+ - EnableExample
+ resource_registry:
+ OS::TripleO::ExampleData: ../extraconfig/example.yaml
+
+The generated environment file would look like::
+
+ # *******************************************************************
+ # This file was created automatically by the sample environment
+ # generator. Developers should use `tox -e genconfig` to update it.
+ # Users are recommended to make changes to a copy of the file instead
+ # of the original, if any customizations are needed.
+ # *******************************************************************
+ # title: Example Environment
+ # description: |
+ # An example environment demonstrating how to use the sample
+ # environment generator. This text will be included at the top
+ # of the generated file as a comment.
+ parameter_defaults:
+ # First example param
+ # Type: string
+ ParamOne: one
+
+ # Second example param
+ # Mandatory. This parameter must be set by the user.
+ # Type: number
+ ParamTwo: <None>
+
+ # ******************************************************
+ # Static parameters - these are values that must be
+ # included in the environment but should not be changed.
+ # ******************************************************
+ # Enable the example feature
+ # Type: boolean
+ EnableExample: True
+
+ # *********************
+ # End static parameters
+ # *********************
+ resource_registry:
+ OS::TripleO::ExampleData: ../extraconfig/example.yaml
diff --git a/sample-env-generator/networking.yaml b/sample-env-generator/networking.yaml
new file mode 100644
index 00000000..ea7042b4
--- /dev/null
+++ b/sample-env-generator/networking.yaml
@@ -0,0 +1,32 @@
+environments:
+ -
+ name: networking/neutron-midonet
+ title: Enable the Neutron MidoNet Services
+ description: A Heat environment that can be used to deploy MidoNet Services
+ files:
+ puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml:
+ parameters: all
+ puppet/services/neutron-base.yaml:
+ parameters:
+ - NeutronCorePlugin
+ puppet/services/neutron-dhcp.yaml:
+ parameters:
+ - NeutronEnableIsolatedMetadata
+ sample_values:
+ NeutronCorePlugin: 'midonet.neutron.plugin_v1.MidonetPluginV2'
+ NeutronEnableIsolatedMetadata: true
+ EnableZookeeperOnController: true
+ EnableCassandraOnController: true
+ static:
+ - NeutronCorePlugin
+ - NeutronEnableIsolatedMetadata
+ - EnableZookeeperOnController
+ - EnableCassandraOnController
+ resource_registry:
+ OS::TripleO::AllNodesExtraConfig: ../../puppet/extraconfig/all_nodes/neutron-midonet-all-nodes.yaml
+ OS::TripleO::Controller::Net::SoftwareConfig: ../../net-config-linux-bridge.yaml
+ OS::TripleO::Services::NeutronL3Agent: OS::Heat::None
+ OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None
+ OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginMidonet
+ OS::TripleO::Services::ComputeNeutronCorePlugin: ../../puppet/services/neutron-compute-plugin-midonet.yaml
diff --git a/sample-env-generator/predictable-placement.yaml b/sample-env-generator/predictable-placement.yaml
new file mode 100644
index 00000000..ffda7aca
--- /dev/null
+++ b/sample-env-generator/predictable-placement.yaml
@@ -0,0 +1,17 @@
+environments:
+ -
+ name: predictable-placement/custom-hostnames
+ title: Custom Hostnames
+ files:
+ overcloud.yaml:
+ parameters:
+ - ControllerHostnameFormat
+ - ComputeHostnameFormat
+ - BlockStorageHostnameFormat
+ - ObjectStorageHostnameFormat
+ - CephStorageHostnameFormat
+ description: |
+ Hostname format for each role
+ Note %index% is translated into the index of the node, e.g 0/1/2 etc
+ and %stackname% is replaced with OS::stack_name in the template below.
+ If you want to use the heat generated names, pass '' (empty string).
diff --git a/sample-env-generator/ssl.yaml b/sample-env-generator/ssl.yaml
new file mode 100644
index 00000000..6963e842
--- /dev/null
+++ b/sample-env-generator/ssl.yaml
@@ -0,0 +1,459 @@
+environments:
+ -
+ name: ssl/enable-tls
+ title: Enable SSL on OpenStack Public Endpoints
+ description: |
+ Use this environment to pass in certificates for SSL deployments.
+ For these values to take effect, one of the tls-endpoints-*.yaml environments
+ must also be used.
+ files:
+ puppet/extraconfig/tls/tls-cert-inject.yaml:
+ parameters: all
+ static:
+ # This should probably be private, but for testing static params I'm
+ # setting it as such for now.
+ - DeployedSSLCertificatePath
+ sample_values:
+ SSLCertificate: |-
+ |
+ The contents of your certificate go here
+ SSLKey: |-
+ |
+ The contents of the private key go here
+ resource_registry:
+ OS::TripleO::NodeTLSData: ../../puppet/extraconfig/tls/tls-cert-inject.yaml
+ - name: ssl/inject-trust-anchor
+ title: Inject SSL Trust Anchor on Overcloud Nodes
+ description: |
+ When using an SSL certificate signed by a CA that is not in the default
+ list of CAs, this environment allows adding a custom CA certificate to
+ the overcloud nodes.
+ files:
+ puppet/extraconfig/tls/ca-inject.yaml:
+ parameters:
+ - SSLRootCertificate
+ sample_values:
+ SSLRootCertificate: |-
+ |
+ The contents of your certificate go here
+ resource_registry:
+ OS::TripleO::NodeTLSCAData: ../../puppet/extraconfig/tls/ca-inject.yaml
+ children:
+ - name: ssl/inject-trust-anchor-hiera
+ files:
+ puppet/services/ca-certs.yaml:
+ parameters:
+ - CAMap
+ # Need to clear this so we don't inherit the parent registry
+ resource_registry: {}
+ sample_values:
+ CAMap: |-2
+
+ first-ca-name:
+ content: |
+ The content of the CA cert goes here
+ second-ca-name:
+ content: |
+ The content of the CA cert goes here
+ -
+ name: ssl/tls-endpoints-public-ip
+ title: Deploy Public SSL Endpoints as IP Addresses
+ description: |
+ Use this environment when deploying an SSL-enabled overcloud where the public
+ endpoint is an IP address.
+ files:
+ network/endpoints/endpoint_map.yaml:
+ parameters:
+ - EndpointMap
+ sample_values:
+ # NOTE(bnemec): This is a bit odd, but it's the only way I've found that
+ # works. The |-2 tells YAML to strip two spaces off the indentation of
+ # the value, which because it's indented six spaces gets us to the four
+ # that we actually want. Note that zero is not a valid value here, so
+ # two seemed like the most sane option.
+ EndpointMap: |-2
+
+ AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhPublic: {protocol: 'https', port: '13042', host: 'IP_ADDRESS'}
+ BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+ BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+ BarbicanPublic: {protocol: 'https', port: '13311', host: 'IP_ADDRESS'}
+ CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerPublic: {protocol: 'https', port: '13777', host: 'IP_ADDRESS'}
+ CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ CephRgwPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
+ CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderPublic: {protocol: 'https', port: '13776', host: 'IP_ADDRESS'}
+ CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressPublic: {protocol: 'https', port: '13789', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+ Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+ Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'IP_ADDRESS'}
+ GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlancePublic: {protocol: 'https', port: '13292', host: 'IP_ADDRESS'}
+ GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiPublic: {protocol: 'https', port: '13041', host: 'IP_ADDRESS'}
+ HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatPublic: {protocol: 'https', port: '13004', host: 'IP_ADDRESS'}
+ HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnPublic: {protocol: 'https', port: '13005', host: 'IP_ADDRESS'}
+ HorizonPublic: {protocol: 'https', port: '443', host: 'IP_ADDRESS'}
+ IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicPublic: {protocol: 'https', port: '13385', host: 'IP_ADDRESS'}
+ IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+ IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+ IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'IP_ADDRESS'}
+ KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
+ KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
+ KeystonePublic: {protocol: 'https', port: '13000', host: 'IP_ADDRESS'}
+ ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaPublic: {protocol: 'https', port: '13786', host: 'IP_ADDRESS'}
+ MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
+ MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
+ MistralPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
+ MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
+ NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronPublic: {protocol: 'https', port: '13696', host: 'IP_ADDRESS'}
+ NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaPublic: {protocol: 'https', port: '13774', host: 'IP_ADDRESS'}
+ NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
+ NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
+ NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'IP_ADDRESS'}
+ NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'IP_ADDRESS'}
+ OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaPublic: {protocol: 'https', port: '13876', host: 'IP_ADDRESS'}
+ PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
+ PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
+ PankoPublic: {protocol: 'https', port: '13779', host: 'IP_ADDRESS'}
+ SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaPublic: {protocol: 'https', port: '13386', host: 'IP_ADDRESS'}
+ SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftPublic: {protocol: 'https', port: '13808', host: 'IP_ADDRESS'}
+ TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+ TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+ TackerPublic: {protocol: 'https', port: '13989', host: 'IP_ADDRESS'}
+ ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
+ ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
+ ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'}
+ ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
+ ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
+ ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'}
+ -
+ name: ssl/tls-endpoints-public-dns
+ title: Deploy Public SSL Endpoints as DNS Names
+ description: |
+ Use this environment when deploying an SSL-enabled overcloud where the public
+ endpoint is a DNS name.
+ files:
+ network/endpoints/endpoint_map.yaml:
+ parameters:
+ - EndpointMap
+ sample_values:
+ # NOTE(bnemec): This is a bit odd, but it's the only way I've found that
+ # works. The |-2 tells YAML to strip two spaces off the indentation of
+ # the value, which because it's indented six spaces gets us to the four
+ # that we actually want. Note that zero is not a valid value here, so
+ # two seemed like the most sane option.
+ EndpointMap: |-2
+
+ AodhAdmin: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhInternal: {protocol: 'http', port: '8042', host: 'IP_ADDRESS'}
+ AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
+ BarbicanAdmin: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+ BarbicanInternal: {protocol: 'http', port: '9311', host: 'IP_ADDRESS'}
+ BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
+ CeilometerAdmin: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerInternal: {protocol: 'http', port: '8777', host: 'IP_ADDRESS'}
+ CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
+ CephRgwAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ CephRgwInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+ CinderAdmin: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderInternal: {protocol: 'http', port: '8776', host: 'IP_ADDRESS'}
+ CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
+ CongressAdmin: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressInternal: {protocol: 'http', port: '1789', host: 'IP_ADDRESS'}
+ CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
+ ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ Ec2ApiAdmin: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+ Ec2ApiInternal: {protocol: 'http', port: '8788', host: 'IP_ADDRESS'}
+ Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
+ GlanceAdmin: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlanceInternal: {protocol: 'http', port: '9292', host: 'IP_ADDRESS'}
+ GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
+ GnocchiAdmin: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiInternal: {protocol: 'http', port: '8041', host: 'IP_ADDRESS'}
+ GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
+ HeatAdmin: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatInternal: {protocol: 'http', port: '8004', host: 'IP_ADDRESS'}
+ HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
+ HeatCfnAdmin: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnInternal: {protocol: 'http', port: '8000', host: 'IP_ADDRESS'}
+ HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
+ HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
+ IronicAdmin: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicInternal: {protocol: 'http', port: '6385', host: 'IP_ADDRESS'}
+ IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
+ IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+ IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'IP_ADDRESS'}
+ IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
+ KeystoneAdmin: {protocol: 'http', port: '35357', host: 'IP_ADDRESS'}
+ KeystoneInternal: {protocol: 'http', port: '5000', host: 'IP_ADDRESS'}
+ KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
+ ManilaAdmin: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaInternal: {protocol: 'http', port: '8786', host: 'IP_ADDRESS'}
+ ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
+ MistralAdmin: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
+ MistralInternal: {protocol: 'http', port: '8989', host: 'IP_ADDRESS'}
+ MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
+ MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'IP_ADDRESS'}
+ NeutronAdmin: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronInternal: {protocol: 'http', port: '9696', host: 'IP_ADDRESS'}
+ NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
+ NovaAdmin: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaInternal: {protocol: 'http', port: '8774', host: 'IP_ADDRESS'}
+ NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
+ NovaPlacementAdmin: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
+ NovaPlacementInternal: {protocol: 'http', port: '8778', host: 'IP_ADDRESS'}
+ NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
+ NovaVNCProxyAdmin: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyInternal: {protocol: 'http', port: '6080', host: 'IP_ADDRESS'}
+ NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
+ OctaviaAdmin: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaInternal: {protocol: 'http', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
+ PankoAdmin: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
+ PankoInternal: {protocol: 'http', port: '8779', host: 'IP_ADDRESS'}
+ PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
+ SaharaAdmin: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaInternal: {protocol: 'http', port: '8386', host: 'IP_ADDRESS'}
+ SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
+ SwiftAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+ TackerAdmin: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+ TackerInternal: {protocol: 'http', port: '9890', host: 'IP_ADDRESS'}
+ TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
+ ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
+ ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'}
+ ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
+ ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
+ ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'}
+ ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
+ -
+ name: ssl/tls-everywhere-endpoints-dns
+ title: Deploy All SSL Endpoints as DNS Names
+ description: |
+ Use this environment when deploying an overcloud where all the endpoints are
+ DNS names and there's TLS in all endpoint types.
+ files:
+ network/endpoints/endpoint_map.yaml:
+ parameters:
+ - EndpointMap
+ sample_values:
+ # NOTE(bnemec): This is a bit odd, but it's the only way I've found that
+ # works. The |-2 tells YAML to strip two spaces off the indentation of
+ # the value, which because it's indented six spaces gets us to the four
+ # that we actually want. Note that zero is not a valid value here, so
+ # two seemed like the most sane option.
+ EndpointMap: |-2
+
+ AodhAdmin: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
+ AodhInternal: {protocol: 'https', port: '8042', host: 'CLOUDNAME'}
+ AodhPublic: {protocol: 'https', port: '13042', host: 'CLOUDNAME'}
+ BarbicanAdmin: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
+ BarbicanInternal: {protocol: 'https', port: '9311', host: 'CLOUDNAME'}
+ BarbicanPublic: {protocol: 'https', port: '13311', host: 'CLOUDNAME'}
+ CeilometerAdmin: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
+ CeilometerInternal: {protocol: 'https', port: '8777', host: 'CLOUDNAME'}
+ CeilometerPublic: {protocol: 'https', port: '13777', host: 'CLOUDNAME'}
+ CephRgwAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
+ CephRgwInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
+ CephRgwPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+ CinderAdmin: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
+ CinderInternal: {protocol: 'https', port: '8776', host: 'CLOUDNAME'}
+ CinderPublic: {protocol: 'https', port: '13776', host: 'CLOUDNAME'}
+ CongressAdmin: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
+ CongressInternal: {protocol: 'https', port: '1789', host: 'CLOUDNAME'}
+ CongressPublic: {protocol: 'https', port: '13789', host: 'CLOUDNAME'}
+ ContrailAnalyticsApiAdmin: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiInternal: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsApiPublic: {protocol: 'http', port: '8081', host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpAdmin: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpInternal: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorHttpPublic: {protocol: 'http', port: '8089',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshAdmin: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshInternal: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsCollectorSandeshPublic: {protocol: 'http', port: '8086',
+ host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpAdmin: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpInternal: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsHttpPublic: {protocol: 'http', port: '8090', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisAdmin: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisInternal: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailAnalyticsRedisPublic: {protocol: 'http', port: '6379', host: 'IP_ADDRESS'}
+ ContrailConfigAdmin: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigInternal: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailConfigPublic: {protocol: 'http', port: '8082', host: 'IP_ADDRESS'}
+ ContrailDiscoveryAdmin: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryInternal: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailDiscoveryPublic: {protocol: 'http', port: '5998', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpAdmin: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpInternal: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpPublic: {protocol: 'http', port: '8080', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsAdmin: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsInternal: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ ContrailWebuiHttpsPublic: {protocol: 'http', port: '8143', host: 'IP_ADDRESS'}
+ Ec2ApiAdmin: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
+ Ec2ApiInternal: {protocol: 'https', port: '8788', host: 'CLOUDNAME'}
+ Ec2ApiPublic: {protocol: 'https', port: '13788', host: 'CLOUDNAME'}
+ GlanceAdmin: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
+ GlanceInternal: {protocol: 'https', port: '9292', host: 'CLOUDNAME'}
+ GlancePublic: {protocol: 'https', port: '13292', host: 'CLOUDNAME'}
+ GnocchiAdmin: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
+ GnocchiInternal: {protocol: 'https', port: '8041', host: 'CLOUDNAME'}
+ GnocchiPublic: {protocol: 'https', port: '13041', host: 'CLOUDNAME'}
+ HeatAdmin: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
+ HeatInternal: {protocol: 'https', port: '8004', host: 'CLOUDNAME'}
+ HeatPublic: {protocol: 'https', port: '13004', host: 'CLOUDNAME'}
+ HeatCfnAdmin: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
+ HeatCfnInternal: {protocol: 'https', port: '8000', host: 'CLOUDNAME'}
+ HeatCfnPublic: {protocol: 'https', port: '13005', host: 'CLOUDNAME'}
+ HorizonPublic: {protocol: 'https', port: '443', host: 'CLOUDNAME'}
+ IronicAdmin: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
+ IronicInternal: {protocol: 'https', port: '6385', host: 'CLOUDNAME'}
+ IronicPublic: {protocol: 'https', port: '13385', host: 'CLOUDNAME'}
+ IronicInspectorAdmin: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
+ IronicInspectorInternal: {protocol: 'http', port: '5050', host: 'CLOUDNAME'}
+ IronicInspectorPublic: {protocol: 'https', port: '13050', host: 'CLOUDNAME'}
+ KeystoneAdmin: {protocol: 'https', port: '35357', host: 'CLOUDNAME'}
+ KeystoneInternal: {protocol: 'https', port: '5000', host: 'CLOUDNAME'}
+ KeystonePublic: {protocol: 'https', port: '13000', host: 'CLOUDNAME'}
+ ManilaAdmin: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
+ ManilaInternal: {protocol: 'https', port: '8786', host: 'CLOUDNAME'}
+ ManilaPublic: {protocol: 'https', port: '13786', host: 'CLOUDNAME'}
+ MistralAdmin: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
+ MistralInternal: {protocol: 'https', port: '8989', host: 'CLOUDNAME'}
+ MistralPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
+ MysqlInternal: {protocol: 'mysql+pymysql', port: '3306', host: 'CLOUDNAME'}
+ NeutronAdmin: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
+ NeutronInternal: {protocol: 'https', port: '9696', host: 'CLOUDNAME'}
+ NeutronPublic: {protocol: 'https', port: '13696', host: 'CLOUDNAME'}
+ NovaAdmin: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
+ NovaInternal: {protocol: 'https', port: '8774', host: 'CLOUDNAME'}
+ NovaPublic: {protocol: 'https', port: '13774', host: 'CLOUDNAME'}
+ NovaPlacementAdmin: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
+ NovaPlacementInternal: {protocol: 'https', port: '8778', host: 'CLOUDNAME'}
+ NovaPlacementPublic: {protocol: 'https', port: '13778', host: 'CLOUDNAME'}
+ NovaVNCProxyAdmin: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
+ NovaVNCProxyInternal: {protocol: 'https', port: '6080', host: 'CLOUDNAME'}
+ NovaVNCProxyPublic: {protocol: 'https', port: '13080', host: 'CLOUDNAME'}
+ OctaviaAdmin: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaInternal: {protocol: 'https', port: '9876', host: 'IP_ADDRESS'}
+ OctaviaPublic: {protocol: 'https', port: '13876', host: 'CLOUDNAME'}
+ PankoAdmin: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
+ PankoInternal: {protocol: 'https', port: '8779', host: 'CLOUDNAME'}
+ PankoPublic: {protocol: 'https', port: '13779', host: 'CLOUDNAME'}
+ SaharaAdmin: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
+ SaharaInternal: {protocol: 'https', port: '8386', host: 'CLOUDNAME'}
+ SaharaPublic: {protocol: 'https', port: '13386', host: 'CLOUDNAME'}
+ SwiftAdmin: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
+ SwiftInternal: {protocol: 'https', port: '8080', host: 'CLOUDNAME'}
+ SwiftPublic: {protocol: 'https', port: '13808', host: 'CLOUDNAME'}
+ TackerAdmin: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
+ TackerInternal: {protocol: 'https', port: '9890', host: 'CLOUDNAME'}
+ TackerPublic: {protocol: 'https', port: '13989', host: 'CLOUDNAME'}
+ ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
+ ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'}
+ ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'}
+ ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
+ ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
+ ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'}
diff --git a/sample-env-generator/storage.yaml b/sample-env-generator/storage.yaml
new file mode 100644
index 00000000..aa0385cc
--- /dev/null
+++ b/sample-env-generator/storage.yaml
@@ -0,0 +1,133 @@
+environments:
+ -
+ name: storage/enable-ceph
+ title: Enable Ceph Storage Backend
+ files:
+ puppet/services/cinder-volume.yaml:
+ parameters:
+ - CinderEnableIscsiBackend
+ - CinderEnableRbdBackend
+ puppet/services/cinder-backup.yaml:
+ parameters:
+ - CinderBackupBackend
+ puppet/services/nova-compute.yaml:
+ parameters:
+ - NovaEnableRbdBackend
+ puppet/services/glance-api.yaml:
+ parameters:
+ - GlanceBackend
+ puppet/services/gnocchi-api.yaml:
+ parameters:
+ - GnocchiBackend
+ sample_values:
+ CinderEnableIscsiBackend: False
+ CinderEnableRbdBackend: True
+ CinderBackupBackend: rbd
+ NovaEnableRbdBackend: True
+ GlanceBackend: rbd
+ GnocchiBackend: rbd
+ description: |
+ Include this environment to enable Ceph as the backend for
+ Cinder, Nova, Gnocchi, and Glance.
+ -
+ name: storage/cinder-nfs
+ title: Enable Cinder NFS Backend
+ files:
+ puppet/services/cinder-volume.yaml:
+ parameters:
+ - CinderNfsMountOptions
+ - CinderNfsServers
+ - CinderEnableNfsBackend
+ - CinderEnableIscsiBackend
+ sample_values:
+ CinderEnableNfsBackend: True
+ CinderEnableIscsiBackend: False
+ CinderNfsServers: '192.168.122.1:/export/cinder'
+ description: |
+ Configure and include this environment to enable the use of an NFS
+ share as the backend for Cinder.
+ -
+ name: storage/glance-nfs
+ title: Enable Glance NFS Backend
+ files:
+ puppet/services/glance-api.yaml:
+ parameters:
+ - GlanceBackend
+ - GlanceNfsEnabled
+ - GlanceNfsShare
+ - GlanceNfsOptions
+ sample_values:
+ GlanceBackend: file
+ GlanceNfsEnabled: True
+ static:
+ - GlanceBackend
+ - GlanceNfsEnabled
+ description: |
+ Configure and include this environment to enable the use of an NFS
+ share as the backend for Glance.
+ -
+ name: storage/external-ceph
+ title: Deploy Using an External Ceph Cluster
+ files:
+ puppet/services/nova-compute.yaml:
+ parameters:
+ - NovaRbdPoolName
+ - NovaEnableRbdBackend
+ - CephClientUserName
+ puppet/services/cinder-volume.yaml:
+ parameters:
+ - CinderRbdPoolName
+ - CinderEnableIscsiBackend
+ - CinderEnableRbdBackend
+ puppet/services/glance-api.yaml:
+ parameters:
+ - GlanceRbdPoolName
+ - GlanceBackend
+ puppet/services/gnocchi-api.yaml:
+ parameters:
+ - GnocchiBackend
+ puppet/services/gnocchi-base.yaml:
+ parameters:
+ - GnocchiRbdPoolName
+ puppet/services/ceph-external.yaml:
+ parameters:
+ - CephClusterFSID
+ - CephClientKey
+ - CephExternalMonHost
+ - RbdDefaultFeatures
+ puppet/services/ceph-base.yaml:
+ parameters:
+ - CephAdminKey
+ sample_values:
+ CinderEnableIscsiBackend: False
+ CinderEnableRbdBackend: True
+ NovaEnableRbdBackend: True
+ GlanceBackend: rbd
+ GnocchiBackend: rbd
+ NovaRbdPoolName: vms
+ CinderRbdPoolName: volumes
+ GlanceRbdPoolName: images
+ GnocchiRbdPoolName: metrics
+ CephClientUserName: openstack
+ CephAdminKey: ''
+ description: |
+ A Heat environment file which can be used to enable the
+ use of an externally managed Ceph cluster.
+ resource_registry:
+ OS::TripleO::Services::CephExternal: ../../puppet/services/ceph-external.yaml
+ OS::TripleO::Services::CephMon: OS::Heat::None
+ OS::TripleO::Services::CephClient: OS::Heat::None
+ OS::TripleO::Services::CephOSD: OS::Heat::None
+ -
+ name: storage/cinder-netapp-config
+ title: Enable the Cinder NetApp Backend
+ description: |
+ A Heat environment file which can be used to enable a
+ a Cinder NetApp backend, configured via puppet
+ files:
+ puppet/services/cinder-backend-netapp.yaml:
+ parameters: all
+ static:
+ - CinderEnableNetappBackend
+ resource_registry:
+ OS::TripleO::ControllerExtraConfigPre: ../../puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
diff --git a/puppet/services/services.yaml b/services.yaml
index 0e7b6d2b..724727bb 100644
--- a/puppet/services/services.yaml
+++ b/services.yaml
@@ -1,3 +1,4 @@
+#FIXME move into common when specfile adds it
heat_template_version: pike
description: >
@@ -127,3 +128,17 @@ outputs:
expression: $.data.where($ != null).select($.get('upgrade_batch_tasks')).where($ != null).flatten().distinct()
data: {get_attr: [ServiceChain, role_data]}
service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}
+
+ # Keys to support docker/services
+ puppet_config: {get_attr: [ServiceChain, role_data, puppet_config]}
+ kolla_config:
+ map_merge: {get_attr: [ServiceChain, role_data, kolla_config]}
+ docker_config:
+ {get_attr: [ServiceChain, role_data, docker_config]}
+ docker_puppet_tasks:
+ {get_attr: [ServiceChain, role_data, docker_puppet_tasks]}
+ host_prep_tasks:
+ yaql:
+ # Note we use distinct() here to filter any identical tasks
+ expression: $.data.where($ != null).select($.get('host_prep_tasks')).where($ != null).flatten().distinct()
+ data: {get_attr: [ServiceChain, role_data]}
diff --git a/test-requirements.txt b/test-requirements.txt
index 76f03d75..81136356 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -7,3 +7,11 @@ six>=1.9.0 # MIT
sphinx!=1.6.1,>=1.5.1 # BSD
oslosphinx>=4.7.0 # Apache-2.0
reno!=2.3.1,>=1.8.0 # Apache-2.0
+coverage!=4.4,>=4.0 # Apache-2.0
+fixtures>=3.0.0 # Apache-2.0/BSD
+python-subunit>=0.0.18 # Apache-2.0/BSD
+testrepository>=0.0.18 # Apache-2.0/BSD
+testscenarios>=0.4 # Apache-2.0/BSD
+testtools>=1.4.0 # MIT
+mock>=2.0 # BSD
+oslotest>=1.10.0 # Apache-2.0
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index 92d76d23..ff215fba 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -20,8 +20,15 @@ import yaml
required_params = ['EndpointMap', 'ServiceNetMap', 'DefaultPasswords',
'RoleName', 'RoleParameters']
+# NOTE(bnemec): The duplication in this list is intentional. For the
+# transition to generated environments we have two copies of these files,
+# so they need to be listed twice. Once the deprecated version can be removed
+# the duplicate entries can be as well.
envs_containing_endpoint_map = ['tls-endpoints-public-dns.yaml',
'tls-endpoints-public-ip.yaml',
+ 'tls-everywhere-endpoints-dns.yaml',
+ 'tls-endpoints-public-dns.yaml',
+ 'tls-endpoints-public-ip.yaml',
'tls-everywhere-endpoints-dns.yaml']
ENDPOINT_MAP_FILE = 'endpoint_map.yaml'
REQUIRED_DOCKER_SECTIONS = ['service_name', 'docker_config', 'puppet_config',
@@ -219,12 +226,10 @@ def validate(filename):
# qdr aliases rabbitmq service to provide alternative messaging backend
if (filename.startswith('./puppet/services/') and
- filename not in ['./puppet/services/services.yaml',
- './puppet/services/qdr.yaml']):
+ filename not in ['./puppet/services/qdr.yaml']):
retval = validate_service(filename, tpl)
- if (filename.startswith('./docker/services/') and
- filename != './docker/services/services.yaml'):
+ if filename.startswith('./docker/services/'):
retval = validate_docker_service(filename, tpl)
if filename.endswith('hyperconverged-ceph.yaml'):
@@ -294,9 +299,9 @@ if base_endpoint_map and \
else:
print("%s matches base endpoint map" % env_endpoint_map['file'])
else:
- print("ERROR: Can't validate endpoint maps since a file is missing. "
- "If you meant to delete one of these files you should update this "
- "tool as well.")
+ print("ERROR: Did not find expected number of environments containing the "
+ "EndpointMap parameter. If you meant to add or remove one of these "
+ "environments then you also need to update this tool.")
if not base_endpoint_map:
failed_files.append(ENDPOINT_MAP_FILE)
if len(env_endpoint_maps) != len(envs_containing_endpoint_map):
diff --git a/tox.ini b/tox.ini
index b92e5456..c87bf7be 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,12 +1,14 @@
[tox]
minversion = 1.6
skipsdist = True
+envlist = py35,py27,pep8
[testenv]
usedevelop = True
install_command = pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
+commands = python setup.py testr --slowest --testr-args='{posargs}'
[testenv:venv]
commands = {posargs}
@@ -22,3 +24,11 @@ commands = python ./tools/process-templates.py
[testenv:releasenotes]
commands = bash -c tools/releasenotes_tox.sh
+
+[testenv:cover]
+commands = python setup.py test --coverage --coverage-package-name=tripleo_heat_templates --testr-args='{posargs}'
+
+[testenv:genconfig]
+commands =
+ python ./tools/process-templates.py
+ python ./tripleo_heat_templates/environment_generator.py sample-env-generator/
diff --git a/tripleo_heat_templates/__init__.py b/tripleo_heat_templates/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/tripleo_heat_templates/__init__.py
diff --git a/tripleo_heat_templates/environment_generator.py b/tripleo_heat_templates/environment_generator.py
new file mode 100755
index 00000000..876dd854
--- /dev/null
+++ b/tripleo_heat_templates/environment_generator.py
@@ -0,0 +1,212 @@
+#!/usr/bin/env python
+
+# Copyright 2015 Red Hat Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import errno
+import os
+import sys
+import yaml
+
+
+_PARAM_FORMAT = u""" # %(description)s
+ %(mandatory)s# Type: %(type)s
+ %(name)s:%(default)s
+"""
+_STATIC_MESSAGE_START = (
+ ' # ******************************************************\n'
+ ' # Static parameters - these are values that must be\n'
+ ' # included in the environment but should not be changed.\n'
+ ' # ******************************************************\n'
+ )
+_STATIC_MESSAGE_END = (' # *********************\n'
+ ' # End static parameters\n'
+ ' # *********************\n'
+ )
+_FILE_HEADER = (
+ '# *******************************************************************\n'
+ '# This file was created automatically by the sample environment\n'
+ '# generator. Developers should use `tox -e genconfig` to update it.\n'
+ '# Users are recommended to make changes to a copy of the file instead\n'
+ '# of the original, if any customizations are needed.\n'
+ '# *******************************************************************\n'
+ )
+# Certain parameter names can't be changed, but shouldn't be shown because
+# they are never intended for direct user input.
+_PRIVATE_OVERRIDES = ['server', 'servers', 'NodeIndex', 'DefaultPasswords']
+# Hidden params are not included by default when the 'all' option is used,
+# but can be explicitly included by referencing them in sample_defaults or
+# static. This allows us to generate sample environments using them when
+# necessary, but they won't be improperly included by accident.
+_HIDDEN_PARAMS = ['EndpointMap', 'RoleName', 'RoleParameters',
+ 'ServiceNetMap',
+ ]
+
+
+def _create_output_dir(target_file):
+ try:
+ os.makedirs(os.path.dirname(target_file))
+ except OSError as e:
+ if e.errno == errno.EEXIST:
+ pass
+ else:
+ raise
+
+
+def _generate_environment(input_env, parent_env=None):
+ if parent_env is None:
+ parent_env = {}
+ env = dict(parent_env)
+ env.pop('children', None)
+ env.update(input_env)
+ parameter_defaults = {}
+ param_names = []
+ sample_values = env.get('sample_values', {})
+ static_names = env.get('static', [])
+ for template_file, template_data in env['files'].items():
+ with open(template_file) as f:
+ f_data = yaml.safe_load(f)
+ f_params = f_data['parameters']
+ parameter_defaults.update(f_params)
+ if template_data['parameters'] == 'all':
+ new_names = [k for k, v in f_params.items()]
+ for hidden in _HIDDEN_PARAMS:
+ if (hidden not in (static_names + sample_values.keys()) and
+ hidden in new_names):
+ new_names.remove(hidden)
+ else:
+ new_names = template_data['parameters']
+ missing_params = [name for name in new_names
+ if name not in f_params]
+ if missing_params:
+ raise RuntimeError('Did not find specified parameter names %s '
+ 'in file %s for environment %s' %
+ (missing_params, template_file,
+ env['name']))
+ param_names += new_names
+
+ static_defaults = {k: v for k, v in parameter_defaults.items()
+ if k in param_names and
+ k in static_names
+ }
+ parameter_defaults = {k: v for k, v in parameter_defaults.items()
+ if k in param_names and
+ k not in _PRIVATE_OVERRIDES and
+ not k.startswith('_') and
+ k not in static_names
+ }
+
+ for k, v in sample_values.items():
+ if k in parameter_defaults:
+ parameter_defaults[k]['sample'] = v
+ if k in static_defaults:
+ static_defaults[k]['sample'] = v
+
+ def write_sample_entry(f, name, value):
+ default = value.get('default')
+ mandatory = ''
+ if default is None:
+ mandatory = ('# Mandatory. This parameter must be set by the '
+ 'user.\n ')
+ default = '<None>'
+ if value.get('sample') is not None:
+ default = value['sample']
+ # We ultimately cast this to str for output anyway
+ default = str(default)
+ if default == '':
+ default = "''"
+ # If the default value is something like %index%, yaml won't
+ # parse the output correctly unless we wrap it in quotes.
+ # However, not all default values can be wrapped so we need to
+ # do it conditionally.
+ if default.startswith('%'):
+ default = "'%s'" % default
+ if not default.startswith('\n'):
+ default = ' ' + default
+
+ values = {'name': name,
+ 'type': value['type'],
+ 'description':
+ value.get('description', '').rstrip().replace('\n',
+ '\n # '),
+ 'default': default,
+ 'mandatory': mandatory,
+ }
+ f.write(_PARAM_FORMAT % values + '\n')
+
+ target_file = os.path.join('environments', env['name'] + '.yaml')
+ _create_output_dir(target_file)
+ with open(target_file, 'w') as env_file:
+ env_file.write(_FILE_HEADER)
+ # TODO(bnemec): Once Heat allows the title and description to live in
+ # the environment itself, uncomment these entries and make them
+ # top-level keys in the YAML.
+ env_title = env.get('title', '')
+ env_file.write(u'# title: %s\n' % env_title)
+ env_desc = env.get('description', '')
+ env_file.write(u'# description: |\n')
+ for line in env_desc.splitlines():
+ env_file.write(u'# %s\n' % line)
+
+ if parameter_defaults:
+ env_file.write(u'parameter_defaults:\n')
+ for name, value in sorted(parameter_defaults.items()):
+ write_sample_entry(env_file, name, value)
+ if static_defaults:
+ env_file.write(_STATIC_MESSAGE_START)
+ for name, value in sorted(static_defaults.items()):
+ write_sample_entry(env_file, name, value)
+ if static_defaults:
+ env_file.write(_STATIC_MESSAGE_END)
+
+ if env.get('resource_registry'):
+ env_file.write(u'resource_registry:\n')
+ for res, value in sorted(env.get('resource_registry', {}).items()):
+ env_file.write(u' %s: %s\n' % (res, value))
+ print('Wrote sample environment "%s"' % target_file)
+
+ for e in env.get('children', []):
+ _generate_environment(e, env)
+
+
+def generate_environments(config_path):
+ if os.path.isdir(config_path):
+ config_files = os.listdir(config_path)
+ config_files = [os.path.join(config_path, i) for i in config_files
+ if os.path.splitext(i)[1] == '.yaml']
+ else:
+ config_files = [config_path]
+ for config_file in config_files:
+ print('Reading environment definitions from %s' % config_file)
+ with open(config_file) as f:
+ config = yaml.safe_load(f)
+ for env in config['environments']:
+ _generate_environment(env)
+
+
+def usage(exit_code=1):
+ print('Usage: %s [<filename.yaml> | <directory>]' % sys.argv[0])
+ sys.exit(exit_code)
+
+
+def main():
+ try:
+ config_path = sys.argv[1]
+ except IndexError:
+ usage()
+ generate_environments(config_path)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/tripleo_heat_templates/tests/__init__.py b/tripleo_heat_templates/tests/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/tripleo_heat_templates/tests/__init__.py
diff --git a/tripleo_heat_templates/tests/test_environment_generator.py b/tripleo_heat_templates/tests/test_environment_generator.py
new file mode 100644
index 00000000..94d13c71
--- /dev/null
+++ b/tripleo_heat_templates/tests/test_environment_generator.py
@@ -0,0 +1,498 @@
+# Copyright 2015 Red Hat Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import io
+import tempfile
+
+import mock
+from oslotest import base
+import six
+import testscenarios
+
+from tripleo_heat_templates import environment_generator
+
+load_tests = testscenarios.load_tests_apply_scenarios
+
+basic_template = '''
+parameters:
+ FooParam:
+ default: foo
+ description: Foo description
+ type: string
+ BarParam:
+ default: 42
+ description: Bar description
+ type: number
+ EndpointMap:
+ default: {}
+ description: Parameter that should not be included by default
+ type: json
+resources:
+ # None
+'''
+basic_private_template = '''
+parameters:
+ FooParam:
+ default: foo
+ description: Foo description
+ type: string
+ _BarParam:
+ default: 42
+ description: Bar description
+ type: number
+resources:
+ # None
+'''
+mandatory_template = '''
+parameters:
+ FooParam:
+ description: Mandatory param
+ type: string
+resources:
+ # None
+'''
+index_template = '''
+parameters:
+ FooParam:
+ description: Param with %index% as its default
+ type: string
+ default: '%index%'
+resources:
+ # None
+'''
+multiline_template = '''
+parameters:
+ FooParam:
+ description: |
+ Parameter with
+ multi-line description
+ type: string
+ default: ''
+resources:
+ # None
+'''
+
+
+class GeneratorTestCase(base.BaseTestCase):
+ content_scenarios = [
+ ('basic',
+ {'template': basic_template,
+ 'exception': None,
+ 'nested_output': '',
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Bar description
+ # Type: number
+ BarParam: 42
+
+ # Foo description
+ # Type: string
+ FooParam: foo
+
+''',
+ }),
+ ('basic-one-param',
+ {'template': basic_template,
+ 'exception': None,
+ 'nested_output': '',
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters:
+ - FooParam
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Foo description
+ # Type: string
+ FooParam: foo
+
+''',
+ }),
+ ('basic-static-param',
+ {'template': basic_template,
+ 'exception': None,
+ 'nested_output': '',
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+ static:
+ - BarParam
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Foo description
+ # Type: string
+ FooParam: foo
+
+ # ******************************************************
+ # Static parameters - these are values that must be
+ # included in the environment but should not be changed.
+ # ******************************************************
+ # Bar description
+ # Type: number
+ BarParam: 42
+
+ # *********************
+ # End static parameters
+ # *********************
+''',
+ }),
+ ('basic-static-param-sample',
+ {'template': basic_template,
+ 'exception': None,
+ 'nested_output': '',
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+ static:
+ - BarParam
+ sample_values:
+ BarParam: 1
+ FooParam: ''
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Foo description
+ # Type: string
+ FooParam: ''
+
+ # ******************************************************
+ # Static parameters - these are values that must be
+ # included in the environment but should not be changed.
+ # ******************************************************
+ # Bar description
+ # Type: number
+ BarParam: 1
+
+ # *********************
+ # End static parameters
+ # *********************
+''',
+ }),
+ ('basic-private',
+ {'template': basic_private_template,
+ 'exception': None,
+ 'nested_output': '',
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Foo description
+ # Type: string
+ FooParam: foo
+
+''',
+ }),
+ ('mandatory',
+ {'template': mandatory_template,
+ 'exception': None,
+ 'nested_output': '',
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Mandatory param
+ # Mandatory. This parameter must be set by the user.
+ # Type: string
+ FooParam: <None>
+
+''',
+ }),
+ ('basic-sample',
+ {'template': basic_template,
+ 'exception': None,
+ 'nested_output': '',
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+ sample_values:
+ FooParam: baz
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Bar description
+ # Type: number
+ BarParam: 42
+
+ # Foo description
+ # Type: string
+ FooParam: baz
+
+''',
+ }),
+ ('basic-resource-registry',
+ {'template': basic_template,
+ 'exception': None,
+ 'nested_output': '',
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+ resource_registry:
+ OS::TripleO::FakeResource: fake-filename.yaml
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Bar description
+ # Type: number
+ BarParam: 42
+
+ # Foo description
+ # Type: string
+ FooParam: foo
+
+resource_registry:
+ OS::TripleO::FakeResource: fake-filename.yaml
+''',
+ }),
+ ('basic-hidden',
+ {'template': basic_template,
+ 'exception': None,
+ 'nested_output': '',
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+ sample_values:
+ EndpointMap: |-2
+
+ foo: bar
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Bar description
+ # Type: number
+ BarParam: 42
+
+ # Parameter that should not be included by default
+ # Type: json
+ EndpointMap:
+ foo: bar
+
+ # Foo description
+ # Type: string
+ FooParam: foo
+
+''',
+ }),
+ ('missing-param',
+ {'template': basic_template,
+ 'exception': RuntimeError,
+ 'nested_output': '',
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters:
+ - SomethingNonexistent
+''',
+ 'expected_output': None,
+ }),
+ ('percent-index',
+ {'template': index_template,
+ 'exception': None,
+ 'nested_output': '',
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Param with %index% as its default
+ # Type: string
+ FooParam: '%index%'
+
+''',
+ }),
+ ('nested',
+ {'template': multiline_template,
+ 'exception': None,
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+ children:
+ - name: nested
+ title: Nested Environment
+ description: Nested description
+ sample_values:
+ FooParam: bar
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Parameter with
+ # multi-line description
+ # Type: string
+ FooParam: ''
+
+''',
+ 'nested_output': '''# title: Nested Environment
+# description: |
+# Nested description
+parameter_defaults:
+ # Parameter with
+ # multi-line description
+ # Type: string
+ FooParam: bar
+
+''',
+ }),
+ ('multi-line-desc',
+ {'template': multiline_template,
+ 'exception': None,
+ 'nested_output': '',
+ 'input_file': '''environments:
+ -
+ name: basic
+ title: Basic Environment
+ description: Basic description
+ files:
+ foo.yaml:
+ parameters: all
+''',
+ 'expected_output': '''# title: Basic Environment
+# description: |
+# Basic description
+parameter_defaults:
+ # Parameter with
+ # multi-line description
+ # Type: string
+ FooParam: ''
+
+''',
+ }),
+ ]
+
+ @classmethod
+ def generate_scenarios(cls):
+ cls.scenarios = testscenarios.multiply_scenarios(
+ cls.content_scenarios)
+
+ def test_generator(self):
+ fake_input = io.StringIO(six.text_type(self.input_file))
+ fake_template = io.StringIO(six.text_type(self.template))
+ _, fake_output_path = tempfile.mkstemp()
+ fake_output = open(fake_output_path, 'w')
+ with mock.patch('tripleo_heat_templates.environment_generator.open',
+ create=True) as mock_open:
+ mock_se = [fake_input, fake_template, fake_output]
+ if self.nested_output:
+ _, fake_nested_output_path = tempfile.mkstemp()
+ fake_nested_output = open(fake_nested_output_path, 'w')
+ fake_template2 = io.StringIO(six.text_type(self.template))
+ mock_se = [fake_input, fake_template, fake_output,
+ fake_template2, fake_nested_output]
+ mock_open.side_effect = mock_se
+ if not self.exception:
+ environment_generator.generate_environments('ignored.yaml')
+ else:
+ self.assertRaises(self.exception,
+ environment_generator.generate_environments,
+ 'ignored.yaml')
+ return
+ expected = environment_generator._FILE_HEADER + self.expected_output
+ with open(fake_output_path) as f:
+ self.assertEqual(expected, f.read())
+ if self.nested_output:
+ with open(fake_nested_output_path) as f:
+ expected = (environment_generator._FILE_HEADER +
+ self.nested_output)
+ self.assertEqual(expected, f.read())
+
+GeneratorTestCase.generate_scenarios()