diff options
| -rwxr-xr-x | extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh | 2 | ||||
| -rwxr-xr-x | extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh | 2 | ||||
| -rw-r--r-- | extraconfig/tasks/major_upgrade_pacemaker_migrations.sh | 20 | ||||
| -rwxr-xr-x | extraconfig/tasks/pacemaker_resource_restart.sh | 3 | ||||
| -rw-r--r-- | puppet/services/barbican-api.yaml | 5 | ||||
| -rw-r--r-- | puppet/services/heat-engine.yaml | 2 | ||||
| -rw-r--r-- | puppet/services/horizon.yaml | 69 | ||||
| -rw-r--r-- | puppet/services/neutron-base.yaml | 7 | ||||
| -rw-r--r-- | puppet/services/nova-base.yaml | 94 |
9 files changed, 115 insertions, 89 deletions
diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh index 739c01dd..080831ab 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_1.sh @@ -31,6 +31,6 @@ fi # services will be restart as there are no other constraints if [[ -n $(is_bootstrap_node) ]]; then migrate_full_to_ng_ha - rabbitmq_mitaka_newton_upgrade + rabbitmq_newton_ocata_upgrade fi diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh index 37061512..6748f891 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh @@ -55,7 +55,7 @@ if [[ -n $(is_bootstrap_node) ]]; then # Run all the db syncs # TODO: check if this can be triggered in puppet and removed from here - ceilometer-dbsync --config-file=/etc/ceilometer/ceilometer.conf + ceilometer-upgrade --config-file=/etc/ceilometer/ceilometer.conf --skip-gnocchi-resource-types cinder-manage db sync glance-manage --config-file=/etc/glance/glance-registry.conf db_sync heat-manage --config-file /etc/heat/heat.conf db_sync diff --git a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh index 7c9083a4..6d02acc8 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh +++ b/extraconfig/tasks/major_upgrade_pacemaker_migrations.sh @@ -179,3 +179,23 @@ function disable_standalone_ceilometer_api { fi fi } + + +# This function will make sure that the rabbitmq ha policies are converted from mitaka to newton +# In newton we had: Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"all"}" +# In ocata we want: Attributes: set_policy="ha-all ^(?!amq\.).* {"ha-mode":"exactly","ha-params":2}" +# The nr "2" should be CEIL(N/2) where N is the number of Controllers (i.e. rabbit instances) +# Note that changing an attribute like this makes the rabbitmq resource restart +function rabbitmq_newton_ocata_upgrade { + if pcs resource show rabbitmq-clone | grep -q -E "Attributes:.*\"ha-mode\":\"all\""; then + # Number of controller is obtained by counting how many hostnames we + # have in controller_node_names hiera key + nr_controllers=$(($(hiera controller_node_names | grep -o "," |wc -l) + 1)) + nr_queues=$(($nr_controllers / 2 + ($nr_controllers % 2))) + if ! [ $nr_queues -gt 0 -a $nr_queues -le $nr_controllers ]; then + echo_error "ERROR: The nr. of HA queues during the M/N upgrade is out of range $nr_queues" + exit 1 + fi + pcs resource update rabbitmq set_policy='ha-all ^(?!amq\\.).* {"ha-mode":"exactly","ha-params":'"$nr_queues}" --wait=600 + fi +} diff --git a/extraconfig/tasks/pacemaker_resource_restart.sh b/extraconfig/tasks/pacemaker_resource_restart.sh index 8500bcef..49d39bc8 100755 --- a/extraconfig/tasks/pacemaker_resource_restart.sh +++ b/extraconfig/tasks/pacemaker_resource_restart.sh @@ -28,7 +28,6 @@ if [[ -d "$RESTART_FOLDER" && -n $(pcmk_running) && -n $(is_bootstrap_node) ]]; fi -haproxy_status=$(systemctl is-active haproxy) -if [ "$haproxy_status" = "active" ]; then +if [ $(systemctl is-active haproxy) = "active" ]; then systemctl reload haproxy fi diff --git a/puppet/services/barbican-api.yaml b/puppet/services/barbican-api.yaml index cf57680c..ab6b0ec7 100644 --- a/puppet/services/barbican-api.yaml +++ b/puppet/services/barbican-api.yaml @@ -52,6 +52,9 @@ parameters: default: guest description: The username for RabbitMQ type: string + EnableInternalTLS: + type: boolean + default: false resources: @@ -85,7 +88,7 @@ outputs: barbican::api::rabbit_heartbeat_timeout_threshold: 60 barbican::api::service_name: 'httpd' barbican::wsgi::apache::bind_host: {get_param: [ServiceNetMap, BarbicanApiNetwork]} - barbican::wsgi::apache::ssl: false + barbican::wsgi::apache::ssl: {get_param: EnableInternalTLS} barbican::wsgi::apache::workers: {get_param: BarbicanWorkers} barbican::wsgi::apache::servername: str_replace: diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 20415eef..3f0e4105 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -105,4 +105,4 @@ outputs: - "%{hiera('mysql_bind_host')}" keystone: # This is needed because the keystone profile handles creating the domain - heat::keystone::domain::domain_password: {get_param: HeatStackDomainAdminPassword} + tripleo::profile::base::keystone::heat_admin_password: {get_param: HeatStackDomainAdminPassword} diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index cea0c0b0..017bb76f 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -24,7 +24,7 @@ parameters: type: json HorizonAllowedHosts: default: '*' - description: A list of IP/Hostname for the server Horizonis running on. + description: A list of IP/Hostname for the server Horizon is running on. Used for header checks. type: comma_delimited_list HorizonSecret: @@ -32,11 +32,6 @@ parameters: type: string hidden: true default: '' - NeutronMechanismDrivers: - default: 'openvswitch' - description: | - The mechanism drivers for the Neutron tenant network. - type: comma_delimited_list MemcachedIPv6: default: false description: Enable IPv6 features in Memcached. @@ -45,6 +40,10 @@ parameters: default: 'overcloud-horizon' type: string +conditions: + + debug_empty: {equals : [{get_param: Debug}, '']} + outputs: role_data: description: Role data for the Horizon role. @@ -52,34 +51,34 @@ outputs: service_name: horizon monitoring_subscription: {get_param: MonitoringSubscriptionHorizon} config_settings: - horizon::allowed_hosts: {get_param: HorizonAllowedHosts} - neutron::plugins::ml2::mechanism_drivers: - str_replace: - template: MECHANISMS - params: - MECHANISMS: {get_param: NeutronMechanismDrivers} - tripleo.horizon.firewall_rules: - '126 horizon': - dport: - - 80 - - 443 - horizon::disable_password_reveal: true - horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache - horizon::django_session_engine: 'django.contrib.sessions.backends.cache' - horizon::vhost_extra_params: - add_listen: false - priority: 10 - access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' - horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]} - horizon::django_debug: {get_param: Debug} - horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]} - horizon::secret_key: - yaql: - expression: $.data.passwords.where($ != '').first() - data: - passwords: - - {get_param: HorizonSecret} - - {get_param: [DefaultPasswords, horizon_secret]} - memcached_ipv6: {get_param: MemcachedIPv6} + map_merge: + - horizon::allowed_hosts: {get_param: HorizonAllowedHosts} + tripleo.horizon.firewall_rules: + '126 horizon': + dport: + - 80 + - 443 + horizon::disable_password_reveal: true + horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache + horizon::django_session_engine: 'django.contrib.sessions.backends.cache' + horizon::vhost_extra_params: + add_listen: false + priority: 10 + access_log_format: '%a %l %u %t \"%r\" %>s %b \"%%{}{Referer}i\" \"%%{}{User-Agent}i\"' + horizon::bind_address: {get_param: [ServiceNetMap, HorizonNetwork]} + horizon::keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri]} + horizon::secret_key: + yaql: + expression: $.data.passwords.where($ != '').first() + data: + passwords: + - {get_param: HorizonSecret} + - {get_param: [DefaultPasswords, horizon_secret]} + memcached_ipv6: {get_param: MemcachedIPv6} + - + if: + - debug_empty + - {} + - horizon::django_debug: {get_param: Debug} step_config: | include ::tripleo::profile::base::horizon diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml index 6bb4ba08..0b2cef07 100644 --- a/puppet/services/neutron-base.yaml +++ b/puppet/services/neutron-base.yaml @@ -50,16 +50,13 @@ parameters: to false may result in configuration remnants after updates/upgrades. NeutronGlobalPhysnetMtu: type: number - default: 1496 + default: 1500 description: | MTU of the underlying physical network. Neutron uses this value to calculate MTU for all virtual network components. For flat and VLAN networks, neutron uses this value without modification. For overlay networks such as VXLAN, neutron automatically subtracts the overlay - protocol overhead from this value. The default value of 1496 is - currently in effect to compensate for some additional overhead when - deploying with some network configurations (e.g. network isolation over - single network interfaces) + protocol overhead from this value. ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 8db00d8f..74a95d20 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Nova base service. Shared for all Nova services. @@ -66,6 +66,9 @@ parameters: type: string description: Nova Compute upgrade level default: '' +conditions: + + compute_upgrade_level_empty: {equals : [{get_param: UpgradeLevelNovaCompute}, '']} outputs: role_data: @@ -73,45 +76,50 @@ outputs: value: service_name: nova_base config_settings: - nova::rabbit_password: {get_param: RabbitPassword} - nova::rabbit_userid: {get_param: RabbitUserName} - nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} - nova::rabbit_port: {get_param: RabbitClientPort} - nova::database_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://nova:' - - {get_param: NovaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/nova' - nova::api_database_connection: - list_join: - - '' - - - {get_param: [EndpointMap, MysqlInternal, protocol]} - - '://nova_api:' - - {get_param: NovaPassword} - - '@' - - {get_param: [EndpointMap, MysqlInternal, host]} - - '/nova_api' - nova::debug: {get_param: Debug} - nova::purge_config: {get_param: EnableConfigPurge} - nova::network::neutron::neutron_project_name: 'service' - nova::network::neutron::neutron_username: 'neutron' - nova::network::neutron::dhcp_domain: '' - nova::network::neutron::neutron_password: {get_param: NeutronPassword} - nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} - nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} - nova::rabbit_heartbeat_timeout_threshold: 60 - nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' - nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed. - nova::notify_on_state_change: 'vm_and_task_state' - nova::notification_driver: messagingv2 - nova::network::neutron::neutron_auth_type: 'v3password' - nova::db::database_db_max_retries: -1 - nova::db::database_max_retries: -1 - nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} - nova::use_ipv6: {get_param: NovaIPv6} - nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute} - nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge} + map_merge: + - nova::rabbit_password: {get_param: RabbitPassword} + nova::rabbit_userid: {get_param: RabbitUserName} + nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + nova::rabbit_port: {get_param: RabbitClientPort} + nova::database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://nova:' + - {get_param: NovaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/nova' + nova::api_database_connection: + list_join: + - '' + - - {get_param: [EndpointMap, MysqlInternal, protocol]} + - '://nova_api:' + - {get_param: NovaPassword} + - '@' + - {get_param: [EndpointMap, MysqlInternal, host]} + - '/nova_api' + nova::debug: {get_param: Debug} + nova::purge_config: {get_param: EnableConfigPurge} + nova::network::neutron::neutron_project_name: 'service' + nova::network::neutron::neutron_username: 'neutron' + nova::network::neutron::dhcp_domain: '' + nova::network::neutron::neutron_password: {get_param: NeutronPassword} + nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} + nova::network::neutron::neutron_auth_url: {get_param: [EndpointMap, KeystoneV3Admin, uri]} + nova::rabbit_heartbeat_timeout_threshold: 60 + nova::cinder_catalog_info: 'volumev2:cinderv2:internalURL' + nova::host: '"%{::fqdn}"' # NOTE: extra quoting is needed. + nova::notify_on_state_change: 'vm_and_task_state' + nova::notification_driver: messagingv2 + nova::network::neutron::neutron_auth_type: 'v3password' + nova::db::database_db_max_retries: -1 + nova::db::database_max_retries: -1 + nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} + nova::use_ipv6: {get_param: NovaIPv6} + nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge} + - + if: + - compute_upgrade_level_empty + - {} + - nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute} |