diff options
58 files changed, 1054 insertions, 129 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index 4aecd570..cd846316 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -160,6 +160,16 @@ topics: description: Deploy Mistral service requires: - overcloud-resource-registry-puppet.yaml + - title: Ceilometer Api + description: + environments: + - file: environments/services/disable-ceilometer-api.yaml + title: Ceilometer Api + description: Disable Ceilometer Api service. This service is + deprecated and will be removed in future releases. Please move + to using gnocchi/aodh/panko apis instead. + requires: + - overcloud-resource-registry-puppet.yaml # - title: Network Interface Configuration # description: @@ -360,6 +370,11 @@ topics: description: Enable C-Fabric in the overcloud requires: - overcloud-resource-registry-puppet.yaml + - file: environments/neutron-ml2-fujitsu-fossw.yaml + title: Fujitsu Neutron plugin for FOS + description: Enable FOS in the overcloud + requires: + - overcloud-resource-registry-puppet.yaml - title: Nova Extensions description: @@ -417,6 +432,12 @@ topics: Enables a Cinder EQLX backend, configured via puppet requires: - overcloud-resource-registry-puppet.yaml + - file: environments/cinder-iser.yaml + title: Cinder iSER backend + description: > + Enable a Cinder iSER RDMA backend, configured via puppet + requires: + - overcloud-resource-registry-puppet.yaml - title: Externally managed Ceph description: > Enable the use of an externally managed Ceph cluster diff --git a/ci/environments/multinode-3nodes.yaml b/ci/environments/multinode-3nodes.yaml new file mode 100644 index 00000000..f35a0804 --- /dev/null +++ b/ci/environments/multinode-3nodes.yaml @@ -0,0 +1,77 @@ +# Specifies which roles (groups of nodes) will be deployed +# Note this is used as an input to the various *.j2.yaml +# jinja2 templates, so that they are converted into *.yaml +# during the plan creation (via a mistral action/workflow). +# +# The format is a list, with the following format: +# +# * name: (string) mandatory, name of the role, must be unique +# +# CountDefault: (number) optional, default number of nodes, defaults to 0 +# sets the default for the {{role.name}}Count parameter in overcloud.yaml +# +# HostnameFormatDefault: (string) optional default format string for hostname +# defaults to '%stackname%-{{role.name.lower()}}-%index%' +# sets the default for {{role.name}}HostnameFormat parameter in overcloud.yaml +# +# ServicesDefault: (list) optional default list of services to be deployed +# on the role, defaults to an empty list. Sets the default for the +# {{role.name}}Services parameter in overcloud.yaml + +- name: ControllerApi + CountDefault: 1 + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::Core + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaVncProxy + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + +- name: Controller + CountDefault: 1 + ServicesDefault: + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Core + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml new file mode 100644 index 00000000..d7b61bb6 --- /dev/null +++ b/ci/environments/multinode.yaml @@ -0,0 +1,47 @@ +resource_registry: + OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml + OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml + +parameter_defaults: + ControllerServices: + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronServer + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaPlacement + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + ControllerExtraConfig: + nova::compute::libvirt::services::libvirt_virt_type: qemu + nova::compute::libvirt::libvirt_virt_type: qemu + # Required for Centos 7.3 and Qemu 2.6.0 + nova::compute::libvirt::libvirt_cpu_mode: 'none' + SwiftCeilometerPipelineEnabled: False diff --git a/ci/pingtests/scenario002-multinode.yaml b/ci/pingtests/scenario002-multinode.yaml index 7af1ba0c..da1ae60c 100644 --- a/ci/pingtests/scenario002-multinode.yaml +++ b/ci/pingtests/scenario002-multinode.yaml @@ -81,7 +81,7 @@ resources: type: OS::Cinder::EncryptedVolumeType properties: volume_type: {get_resource: luks_volume_type} - provider: nova.volume.encryptors.luks.LuksEncryptor + provider: luks cipher: aes-xts-plain64 control_location: front-end key_size: 256 diff --git a/ci/pingtests/tenantvm_floatingip.yaml b/ci/pingtests/tenantvm_floatingip.yaml new file mode 100644 index 00000000..0f31bc16 --- /dev/null +++ b/ci/pingtests/tenantvm_floatingip.yaml @@ -0,0 +1,142 @@ +heat_template_version: 2013-05-23 + +description: > + This template resides in tripleo-ci for Mitaka CI jobs only. + For Newton and beyond, please look in THT. + HOT template to create a new neutron network plus a router to the public + network, and for deploying a server into the new network. The template also + assigns a floating IP address and sets security group rules. ADAPTED FROM + https://raw.githubusercontent.com/openstack/heat-templates/master/hot/servers_in_new_neutron_net.yaml +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + default: 'pingtest_key' + image: + type: string + description: Name of image to use for servers + default: 'pingtest_image' + public_net_name: + type: string + default: 'nova' + description: > + ID or name of public network for which floating IP addresses will be allocated + private_net_name: + type: string + description: Name of private network to be created + default: 'default-net' + private_net_cidr: + type: string + description: Private network address (CIDR notation) + default: '192.168.2.0/24' + private_net_gateway: + type: string + description: Private network gateway address + default: '192.168.2.1' + private_net_pool_start: + type: string + description: Start of private network IP address allocation pool + default: '192.168.2.100' + private_net_pool_end: + type: string + default: '192.168.2.200' + description: End of private network IP address allocation pool + +resources: + + key_pair: + type: OS::Nova::KeyPair + properties: + save_private_key: true + name: {get_param: key_name } + + private_net: + type: OS::Neutron::Net + properties: + name: { get_param: private_net_name } + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: { get_param: private_net_cidr } + gateway_ip: { get_param: private_net_gateway } + allocation_pools: + - start: { get_param: private_net_pool_start } + end: { get_param: private_net_pool_end } + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: { get_param: public_net_name } + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + volume1: + type: OS::Cinder::Volume + properties: + name: Volume1 + image: { get_param: image } + size: 1 + + server1: + type: OS::Nova::Server + depends_on: volume1 + properties: + name: Server1 + block_device_mapping: + - device_name: vda + volume_id: { get_resource: volume1 } + flavor: { get_resource: test_flavor } + key_name: { get_resource: key_pair } + networks: + - port: { get_resource: server1_port } + + server1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + security_groups: [{ get_resource: server_security_group }] + + server1_floating_ip: + type: OS::Neutron::FloatingIP + # TODO: investigate why we need this depends_on and if we could + # replace it by router_id with get_resource: router_interface + depends_on: router_interface + properties: + floating_network: { get_param: public_net_name } + port_id: { get_resource: server1_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + name: pingtest-security-group + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + + test_flavor: + type: OS::Nova::Flavor + properties: + ram: 512 + vcpus: 1 + +outputs: + server1_private_ip: + description: IP address of server1 in private network + value: { get_attr: [ server1, first_address ] } + server1_public_ip: + description: Floating IP address of server1 in public network + value: { get_attr: [ server1_floating_ip, floating_ip_address ] } diff --git a/ci/scripts/freeipa_setup.sh b/ci/scripts/freeipa_setup.sh index 6906a2dd..a36493a1 100644 --- a/ci/scripts/freeipa_setup.sh +++ b/ci/scripts/freeipa_setup.sh @@ -8,6 +8,8 @@ # - AdminPassword # - UndercloudFQDN # - HostsSecret +# - ProvisioningCIDR: If set, it adds the given CIDR to the provisioning +# interface (which is hardcoded to eth1) # set -eux @@ -17,6 +19,12 @@ elif [ -f "/tmp/freeipa-setup.env" ]; then source /tmp/freeipa-setup.env fi +if [ -n "$ProvisioningCIDR" ]; then + # Add address to provisioning network interface + ip link set dev eth1 up + ip addr add $ProvisioningCIDR dev eth1 +fi + # Set DNS servers echo "nameserver 8.8.8.8" >> /etc/resolv.conf echo "nameserver 8.8.4.4" >> /etc/resolv.conf diff --git a/deployed-server/README.rst b/deployed-server/README.rst index f269b6a4..e4d8299b 100644 --- a/deployed-server/README.rst +++ b/deployed-server/README.rst @@ -119,7 +119,7 @@ from the deployment command, the script should be ready to run: [NovaCompute]: CREATE_IN_PROGRESS state changed The user running the script must be able to ssh as root to each server. Define -the the names of your custom roles (if applicable) and hostnames of the deployed +the names of your custom roles (if applicable) and hostnames of the deployed servers you intend to use for each role type. For each role name, a corresponding <role-name>_hosts variable should also be defined, e.g.:: diff --git a/environments/cinder-iser.yaml b/environments/cinder-iser.yaml new file mode 100644 index 00000000..5eae7c04 --- /dev/null +++ b/environments/cinder-iser.yaml @@ -0,0 +1,19 @@ +parameter_defaults: + + ## Whether to enable iscsi backend for Cinder. + CinderEnableIscsiBackend: true + CinderISCSIProtocol: 'iser' + CinderISCSIHelper: 'lioadm' + + ## Whether to enable rbd (Ceph) backend for Cinder. + CinderEnableRbdBackend: false + + ## Whether to enable NFS backend for Cinder. + CinderEnableNfsBackend: false + + ## Whether to enable rbd (Ceph) backend for Nova ephemeral storage. + NovaEnableRbdBackend: false + + ## Glance backend can be either 'rbd' (Ceph), 'swift' or 'file'. + ## GlanceBackend: swift + diff --git a/environments/deployed-server-noop-ctlplane.yaml b/environments/deployed-server-noop-ctlplane.yaml index 54f5e41d..8835d5b1 100644 --- a/environments/deployed-server-noop-ctlplane.yaml +++ b/environments/deployed-server-noop-ctlplane.yaml @@ -1,3 +1,4 @@ resource_registry: + OS::TripleO::DeployedServer::Bootstrap: OS::Heat::None OS::TripleO::Server: ../deployed-server/deployed-server.yaml OS::TripleO::DeployedServer::ControlPlanePort: ../deployed-server/deployed-neutron-port.yaml diff --git a/environments/enable-internal-tls.yaml b/environments/enable-internal-tls.yaml index 6e912faa..d2fc59c6 100644 --- a/environments/enable-internal-tls.yaml +++ b/environments/enable-internal-tls.yaml @@ -6,3 +6,5 @@ resource_registry: OS::TripleO::Services::HAProxyInternalTLS: ../puppet/services/haproxy-internal-tls-certmonger.yaml OS::TripleO::Services::ApacheTLS: ../puppet/services/apache-internal-tls-certmonger.yaml OS::TripleO::Services::MySQLTLS: ../puppet/services/database/mysql-internal-tls-certmonger.yaml + # We use apache as a TLS proxy + OS::TripleO::Services::TLSProxyBase: ../puppet/services/apache.yaml diff --git a/environments/neutron-ml2-fujitsu-fossw.yaml b/environments/neutron-ml2-fujitsu-fossw.yaml new file mode 100644 index 00000000..8db8da75 --- /dev/null +++ b/environments/neutron-ml2-fujitsu-fossw.yaml @@ -0,0 +1,22 @@ +# A Heat environment file which can be used to enable Fujitsu fossw +# plugin, configured via puppet +resource_registry: + OS::TripleO::Services::NeutronML2FujitsuFossw: ../puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml + +parameter_defaults: + # Fixed + NeutronMechanismDrivers: ['openvswitch','fujitsu_fossw'] + NeutronTypeDrivers: ['vlan','vxlan'] + NeutronNetworkType: ['vlan','vxlan'] + + # Required + NeutronFujitsuFosswIps: '192.168.0.1,192.168.0.2' + NeutronFujitsuFosswUserName: + NeutronFujitsuFosswPassword: + + # Optional + #NeutronFujitsuFosswPort: + #NeutronFujitsuFosswTimeout: + #NeutronFujitsuFosswUdpDestPort: + #NeutronFujitsuFosswOvsdbVlanidRangeMin: + #NeutronFujitsuFosswOvsdbPort: diff --git a/environments/puppet-pacemaker.yaml b/environments/puppet-pacemaker.yaml index 0b71dbd9..da607a72 100644 --- a/environments/puppet-pacemaker.yaml +++ b/environments/puppet-pacemaker.yaml @@ -12,6 +12,7 @@ resource_registry: OS::TripleO::Services::RabbitMQ: ../puppet/services/pacemaker/rabbitmq.yaml OS::TripleO::Services::HAproxy: ../puppet/services/pacemaker/haproxy.yaml OS::TripleO::Services::Pacemaker: ../puppet/services/pacemaker.yaml + OS::TripleO::Services::PacemakerRemote: ../puppet/services/pacemaker_remote.yaml OS::TripleO::Services::Redis: ../puppet/services/pacemaker/database/redis.yaml OS::TripleO::Services::MySQL: ../puppet/services/pacemaker/database/mysql.yaml # Services that are disabled by default (use relevant environment files): diff --git a/environments/services/disable-ceilometer-api.yaml b/environments/services/disable-ceilometer-api.yaml new file mode 100644 index 00000000..94cd8d5d --- /dev/null +++ b/environments/services/disable-ceilometer-api.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::CeilometerApi: OS::Heat::None diff --git a/environments/services/etcd.yaml b/environments/services/etcd.yaml new file mode 100644 index 00000000..08d54d58 --- /dev/null +++ b/environments/services/etcd.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::Etcd: ../../puppet/services/etcd.yaml diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh index a3ce393f..a3cbd945 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_3.sh @@ -60,7 +60,7 @@ if [[ -n $(is_bootstrap_node) ]]; then glance-manage db_sync heat-manage --config-file /etc/heat/heat.conf db_sync keystone-manage db_sync - neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head + neutron-db-manage upgrade heads nova-manage db sync nova-manage api_db sync nova-manage db online_data_migrations diff --git a/network/endpoints/endpoint_data.yaml b/network/endpoints/endpoint_data.yaml index 23c1ce1e..5a7bdda9 100644 --- a/network/endpoints/endpoint_data.yaml +++ b/network/endpoints/endpoint_data.yaml @@ -202,7 +202,7 @@ Nova: NovaPlacement: Internal: - net_param: NovaApi + net_param: NovaPlacement uri_suffixes: '': /placement Public: @@ -210,7 +210,7 @@ NovaPlacement: uri_suffixes: '': /placement Admin: - net_param: NovaApi + net_param: NovaPlacement uri_suffixes: '': /placement port: 8778 diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index a17f1c96..8ce62484 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -5007,14 +5007,14 @@ outputs: CLOUDNAME: get_param: - CloudEndpoints - - get_param: [ServiceNetMap, NovaApiNetwork] + - get_param: [ServiceNetMap, NovaPlacementNetwork] IP_ADDRESS: get_param: - NetIpMap - str_replace: params: NETWORK: - get_param: [ServiceNetMap, NovaApiNetwork] + get_param: [ServiceNetMap, NovaPlacementNetwork] template: NETWORK_uri host_nobrackets: str_replace: @@ -5024,11 +5024,11 @@ outputs: CLOUDNAME: get_param: - CloudEndpoints - - get_param: [ServiceNetMap, NovaApiNetwork] + - get_param: [ServiceNetMap, NovaPlacementNetwork] IP_ADDRESS: get_param: - NetIpMap - - get_param: [ServiceNetMap, NovaApiNetwork] + - get_param: [ServiceNetMap, NovaPlacementNetwork] port: get_param: [EndpointMap, NovaPlacementAdmin, port] protocol: @@ -5045,14 +5045,14 @@ outputs: CLOUDNAME: get_param: - CloudEndpoints - - get_param: [ServiceNetMap, NovaApiNetwork] + - get_param: [ServiceNetMap, NovaPlacementNetwork] IP_ADDRESS: get_param: - NetIpMap - str_replace: params: NETWORK: - get_param: [ServiceNetMap, NovaApiNetwork] + get_param: [ServiceNetMap, NovaPlacementNetwork] template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaPlacementAdmin, port] @@ -5069,18 +5069,17 @@ outputs: CLOUDNAME: get_param: - CloudEndpoints - - get_param: [ServiceNetMap, NovaApiNetwork] + - get_param: [ServiceNetMap, NovaPlacementNetwork] IP_ADDRESS: get_param: - NetIpMap - str_replace: params: NETWORK: - get_param: [ServiceNetMap, NovaApiNetwork] + get_param: [ServiceNetMap, NovaPlacementNetwork] template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaPlacementAdmin, port] - - /placement NovaPlacementInternal: host: str_replace: @@ -5090,14 +5089,14 @@ outputs: CLOUDNAME: get_param: - CloudEndpoints - - get_param: [ServiceNetMap, NovaApiNetwork] + - get_param: [ServiceNetMap, NovaPlacementNetwork] IP_ADDRESS: get_param: - NetIpMap - str_replace: params: NETWORK: - get_param: [ServiceNetMap, NovaApiNetwork] + get_param: [ServiceNetMap, NovaPlacementNetwork] template: NETWORK_uri host_nobrackets: str_replace: @@ -5107,11 +5106,11 @@ outputs: CLOUDNAME: get_param: - CloudEndpoints - - get_param: [ServiceNetMap, NovaApiNetwork] + - get_param: [ServiceNetMap, NovaPlacementNetwork] IP_ADDRESS: get_param: - NetIpMap - - get_param: [ServiceNetMap, NovaApiNetwork] + - get_param: [ServiceNetMap, NovaPlacementNetwork] port: get_param: [EndpointMap, NovaPlacementInternal, port] protocol: @@ -5128,14 +5127,14 @@ outputs: CLOUDNAME: get_param: - CloudEndpoints - - get_param: [ServiceNetMap, NovaApiNetwork] + - get_param: [ServiceNetMap, NovaPlacementNetwork] IP_ADDRESS: get_param: - NetIpMap - str_replace: params: NETWORK: - get_param: [ServiceNetMap, NovaApiNetwork] + get_param: [ServiceNetMap, NovaPlacementNetwork] template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaPlacementInternal, port] @@ -5152,18 +5151,17 @@ outputs: CLOUDNAME: get_param: - CloudEndpoints - - get_param: [ServiceNetMap, NovaApiNetwork] + - get_param: [ServiceNetMap, NovaPlacementNetwork] IP_ADDRESS: get_param: - NetIpMap - str_replace: params: NETWORK: - get_param: [ServiceNetMap, NovaApiNetwork] + get_param: [ServiceNetMap, NovaPlacementNetwork] template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaPlacementInternal, port] - - /placement NovaPlacementPublic: host: str_replace: @@ -5240,13 +5238,12 @@ outputs: get_param: - NetIpMap - str_replace: - params: + params: NETWORK: get_param: [ServiceNetMap, PublicNetwork] - template: NETWORK_uri + template: NETWORK_uri - ':' - get_param: [EndpointMap, NovaPlacementPublic, port] - - /placement NovaVNCProxyAdmin: host: str_replace: diff --git a/network/scripts/run-os-net-config.sh b/network/scripts/run-os-net-config.sh index a7dbedc7..8fe2d270 100755 --- a/network/scripts/run-os-net-config.sh +++ b/network/scripts/run-os-net-config.sh @@ -10,7 +10,7 @@ # a deployment input via input_values # $network_config : the json serialized os-net-config config to apply # -set -ux +set -eux function get_metadata_ip() { @@ -98,8 +98,10 @@ EOF_CAT fi fi done + set +e os-net-config -c /etc/os-net-config/dhcp_all_interfaces.yaml -v --detailed-exit-codes --cleanup RETVAL=$? + set -e if [[ $RETVAL == 2 ]]; then ping_metadata_ip elif [[ $RETVAL != 0 ]]; then @@ -123,8 +125,10 @@ if [ -n '$network_config' ]; then sed -i "s/bridge_name/${bridge_name:-''}/" /etc/os-net-config/config.json sed -i "s/interface_name/${interface_name:-''}/" /etc/os-net-config/config.json + set +e os-net-config -c /etc/os-net-config/config.json -v --detailed-exit-codes RETVAL=$? + set -e if [[ $RETVAL == 2 ]]; then ping_metadata_ip diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index 8f1c4b45..cb4f464a 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -21,6 +21,9 @@ parameters: # snake_case - the names must still match when converted ServiceNetMapDefaults: default: + # Note the values in this map are replaced by *NetName + # to allow for sane defaults when the network names are + # overridden. ApacheNetwork: internal_api NeutronTenantNetwork: tenant CeilometerApiNetwork: internal_api @@ -42,6 +45,7 @@ parameters: HeatApiCfnNetwork: internal_api HeatApiCloudwatchNetwork: internal_api NovaApiNetwork: internal_api + NovaPlacementNetwork: internal_api NovaMetadataNetwork: internal_api NovaVncProxyNetwork: internal_api SwiftStorageNetwork: storage_mgmt @@ -60,9 +64,11 @@ parameters: OvnDbsNetwork: internal_api MistralApiNetwork: internal_api ZaqarApiNetwork: internal_api + PacemakerRemoteNetwork: internal_api # We special-case the default ResolveNetwork for the CephStorage role # for backwards compatibility, all other roles default to internal_api CephStorageHostnameResolveNetwork: storage + EtcdNetwork: internal_api {% for role in roles if role.name != 'CephStorage' %} {{role.name}}HostnameResolveNetwork: internal_api {% endfor %} @@ -82,20 +88,62 @@ parameters: internal use only, this will be removed in future. type: json + InternalApiNetName: + default: internal_api + description: The name of the internal API network. + type: string + ExternalNetName: + default: external + description: The name of the external network. + type: string + ManagementNetName: + default: management + description: The name of the management network. + type: string + StorageNetName: + default: storage + description: The name of the storage network. + type: string + StorageMgmtNetName: + default: storage_mgmt + description: The name of the Storage management network. + type: string + TenantNetName: + default: tenant + description: The name of the tenant network. + type: string + + parameter_groups: - label: deprecated description: Do not use deprecated params, they will be removed. parameters: - ServiceNetMapDeprecatedMapping +resources: + ServiceNetMapValue: + type: OS::Heat::Value + properties: + type: json + value: + map_merge: + - map_replace: + - {get_param: ServiceNetMapDefaults} + - values: + external: {get_param: ExternalNetName} + internal_api: {get_param: InternalApiNetName} + storage: {get_param: StorageNetName} + storage_mgmt: {get_param: StorageMgmtNetName} + tenant: {get_param: TenantNetName} + management: {get_param: ManagementNetName} + - map_replace: + - {get_param: ServiceNetMap} + - keys: {get_param: ServiceNetMapDeprecatedMapping} + + outputs: service_net_map: - value: - map_merge: - - {get_param: ServiceNetMapDefaults} - - map_replace: - - {get_param: ServiceNetMap} - - keys: {get_param: ServiceNetMapDeprecatedMapping} + value: {get_attr: [ServiceNetMapValue, value]} service_net_map_lower: value: @@ -105,9 +153,4 @@ outputs: yaql: expression: dict($.data.map.items().select([ regex(`([a-z0-9])([A-Z])`).replace($[0], '\\1_\\2').toLower(), $[1]])) data: - map: - map_merge: - - {get_param: ServiceNetMapDefaults} - - map_replace: - - {get_param: ServiceNetMap} - - keys: {get_param: ServiceNetMapDeprecatedMapping} + map: {get_attr: [ServiceNetMapValue, value]} diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 7e0ecf04..0612b186 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -130,6 +130,7 @@ resource_registry: OS::TripleO::Services::BlockStorageCinderVolume: puppet/services/cinder-volume.yaml OS::TripleO::Services::Keystone: puppet/services/keystone.yaml OS::TripleO::Services::GlanceApi: puppet/services/glance-api.yaml + OS::TripleO::Services::GlanceRegistry: puppet/services/disabled/glance-registry.yaml OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml @@ -159,6 +160,7 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml OS::TripleO::Services::Pacemaker: OS::Heat::None + OS::TripleO::Services::PacemakerRemote: OS::Heat::None OS::TripleO::Services::NeutronSriovAgent: OS::Heat::None OS::TripleO::Services::RabbitMQ: puppet/services/rabbitmq.yaml OS::TripleO::Services::HAproxy: puppet/services/haproxy.yaml @@ -229,9 +231,12 @@ resource_registry: OS::TripleO::Services::ContrailControl: puppet/services/network/contrail-control.yaml OS::TripleO::Services::ContrailDatabase: puppet/services/network/contrail-database.yaml OS::TripleO::Services::ContrailWebui: puppet/services/network/contrail-webui.yaml + OS::TripleO::Services::TLSProxyBase: OS::Heat::None OS::TripleO::Services::Zaqar: OS::Heat::None OS::TripleO::Services::NeutronML2FujitsuCfab: OS::Heat::None + OS::TripleO::Services::NeutronML2FujitsuFossw: OS::Heat::None OS::TripleO::Services::CinderHPELeftHandISCSI: OS::Heat::None + OS::TripleO::Services::Etcd: OS::Heat::None parameter_defaults: EnablePackageInstall: false diff --git a/puppet/major_upgrade_steps.j2.yaml b/puppet/major_upgrade_steps.j2.yaml index 9430a704..433b03a0 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/puppet/major_upgrade_steps.j2.yaml @@ -31,19 +31,23 @@ resources: {% if step > 0 %} depends_on: {% for dep in roles %} + {% if not dep.disable_upgrade_deployment|default(false) %} - {{dep.name}}Upgrade_Step{{step -1}} + {% endif %} {% endfor %} {% endif %} properties: UpgradeStepConfig: {get_param: [role_data, {{role.name}}, upgrade_tasks]} step: {{step}} - + {% if not role.disable_upgrade_deployment|default(false) %} {{role.name}}Upgrade_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup {% if step > 0 %} depends_on: {% for dep in roles %} + {% if not dep.disable_upgrade_deployment|default(false) %} - {{dep.name}}Upgrade_Step{{step -1}} + {% endif %} {% endfor %} {% endif %} properties: @@ -53,6 +57,7 @@ resources: input_values: role: {{role.name}} update_identifier: {get_param: UpdateIdentifier} + {% endif %} {% endfor %} {% endfor %} diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml index 2a02ea19..83c32868 100644 --- a/puppet/post.j2.yaml +++ b/puppet/post.j2.yaml @@ -21,11 +21,10 @@ parameters: perform configuration on a Heat stack-update. resources: - -{% for role in roles %} # Post deployment steps for all roles # A single config is re-applied with an incrementing step number - # {{role.name}} Role steps +{% for role in roles %} + # {{role.name}} Role post deploy steps {{role.name}}ArtifactsConfig: type: deploy-artifacts.yaml @@ -58,8 +57,6 @@ resources: # Step through a series of configuration steps {% for step in range(1, 6) %} - {% for role in roles %} - {{role.name}}Deployment_Step{{step}}: type: OS::Heat::StructuredDeploymentGroup {% if step == 1 %} @@ -77,8 +74,6 @@ resources: input_values: step: {{step}} update_identifier: {get_param: DeployIdentifier} - - {% endfor %} {% endfor %} {{role.name}}PostConfig: diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml index b1d36c94..b666b86b 100644 --- a/puppet/services/ceilometer-agent-compute.yaml +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -21,6 +21,12 @@ parameters: MonitoringSubscriptionCeilometerCompute: default: 'overcloud-ceilometer-agent-compute' type: string + InstanceDiscoveryMethod: + default: 'libvirt_metadata' + description: Method used to discover instances running on compute node + type: string + constraints: + - allowed_values: ['naive', 'libvirt_metadata', 'workload_partitioning'] resources: CeilometerServiceBase: @@ -37,6 +43,8 @@ outputs: service_name: ceilometer_agent_compute monitoring_subscription: {get_param: MonitoringSubscriptionCeilometerCompute} config_settings: - get_attr: [CeilometerServiceBase, role_data, config_settings] + map_merge: + - get_attr: [CeilometerServiceBase, role_data, config_settings] + - ceilometer::agent::compute::instance_discovery_method: {get_param: InstanceDiscoveryMethod} step_config: | include ::tripleo::profile::base::ceilometer::agent::compute diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index 0528368e..a86a0cdf 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -46,14 +46,6 @@ parameters: default: 0 description: Number of workers for Ceilometer service. type: number - CeilometerStoreEvents: - default: false - description: Whether to store events in ceilometer. - type: boolean - EnableLegacyCeilometerApi: - default: false - description: Enable legacy ceilometer Api service if needed. - type: boolean EventPipelinePublishers: default: ['notifier://?topic=alarm.all'] description: A list of publishers to put in event_pipeline.yaml. @@ -103,7 +95,6 @@ outputs: - '/ceilometer' - '?bind_address=' - "%{hiera('tripleo::profile::base::database::mysql::client_bind_address')}" - enable_legacy_ceilometer_api: {get_param: EnableLegacyCeilometerApi} ceilometer_backend: {get_param: CeilometerBackend} ceilometer::metering_secret: {get_param: CeilometerMeteringSecret} # we include db_sync class in puppet-tripleo @@ -114,7 +105,6 @@ outputs: ceilometer::keystone::authtoken::auth_url: { get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix] } ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } - ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents} ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers} ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion} ceilometer::agent::auth::auth_tenant_name: 'service' diff --git a/puppet/services/ceph-rgw.yaml b/puppet/services/ceph-rgw.yaml index 6448387c..92536994 100644 --- a/puppet/services/ceph-rgw.yaml +++ b/puppet/services/ceph-rgw.yaml @@ -57,7 +57,11 @@ outputs: tripleo::profile::base::ceph::rgw::keystone_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} tripleo::profile::base::ceph::rgw::civetweb_bind_ip: {get_param: [ServiceNetMap, CephRgwNetwork]} tripleo::profile::base::ceph::rgw::civetweb_bind_port: {get_param: [EndpointMap, CephRgwInternal, port]} - ceph::params::user_radosgw: ceph + tripleo::profile::base::ceph::rgw::rgw_keystone_version: v3 + ceph::profile::params::rgw_keystone_admin_domain: default + ceph::profile::params::rgw_keystone_admin_project: service + ceph::profile::params::rgw_keystone_admin_user: swift + ceph::profile::params::rgw_keystone_admin_password: {get_param: SwiftPassword} tripleo.ceph_rgw.firewall_rules: '122 ceph rgw': dport: {get_param: [EndpointMap, CephRgwInternal, port]} @@ -68,7 +72,8 @@ outputs: ceph::rgw::keystone::auth::public_url: {get_param: [EndpointMap, CephRgwPublic, uri]} ceph::rgw::keystone::auth::internal_url: {get_param: [EndpointMap, CephRgwInternal, uri]} ceph::rgw::keystone::auth::admin_url: {get_param: [EndpointMap, CephRgwAdmin, uri]} - ceph::rgw::keystone::auth::user: 'swift' - ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} ceph::rgw::keystone::auth::region: {get_param: KeystoneRegion} - ceph::rgw::keystone::auth::tenant: 'service' + ceph::rgw::keystone::auth::roles: [ 'admin', 'member', '_member_' ] + ceph::rgw::keystone::auth::tenant: service + ceph::rgw::keystone::auth::user: swift + ceph::rgw::keystone::auth::password: {get_param: SwiftPassword} diff --git a/puppet/services/cinder-api.yaml b/puppet/services/cinder-api.yaml index 7d197831..eee04ce0 100644 --- a/puppet/services/cinder-api.yaml +++ b/puppet/services/cinder-api.yaml @@ -91,7 +91,6 @@ outputs: cinder::config: DEFAULT/swift_catalog_info: value: 'object-store:swift:internalURL' - cinder::glance::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} tripleo::profile::base::cinder::cinder_enable_db_purge: {get_param: CinderEnableDBPurge} tripleo.cinder_api.firewall_rules: '119 cinder': @@ -160,6 +159,3 @@ outputs: - name: Stop and disable cinder_api service (pre-upgrade not under httpd) tags: step2 service: name=openstack-cinder-api state=stopped enabled=no - - name: Start cinder_api service (running under httpd) - tags: step6 - service: name=httpd state=started diff --git a/puppet/services/cinder-base.yaml b/puppet/services/cinder-base.yaml index be4b4af2..a5d7fcf1 100644 --- a/puppet/services/cinder-base.yaml +++ b/puppet/services/cinder-base.yaml @@ -44,6 +44,46 @@ parameters: default: guest description: The username for RabbitMQ type: string + CinderCronDbPurgeMinute: + type: string + description: > + Cron to move deleted instances to another table - Minute + default: '1' + CinderCronDbPurgeHour: + type: string + description: > + Cron to move deleted instances to another table - Hour + default: '0' + CinderCronDbPurgeMonthday: + type: string + description: > + Cron to move deleted instances to another table - Month Day + default: '*' + CinderCronDbPurgeMonth: + type: string + description: > + Cron to move deleted instances to another table - Month + default: '*' + CinderCronDbPurgeWeekday: + type: string + description: > + Cron to move deleted instances to another table - Week Day + default: '*' + CinderCronDbPurgeUser: + type: string + description: > + Cron to move deleted instances to another table - User + default: 'keystone' + CinderCronDbPurgeAge: + type: string + description: > + Cron to move deleted instances to another table - Age + default: '0' + CinderCronDbPurgeDestination: + type: string + description: > + Cron to move deleted instances to another table - Log destination + default: '/var/log/cinder/cinder-rowsflush.log' outputs: role_data: @@ -71,3 +111,12 @@ outputs: cinder::cron::db_purge::destination: '/dev/null' cinder::db::database_db_max_retries: -1 cinder::db::database_max_retries: -1 + cinder::cron::db_purge::minute: {get_param: CinderCronDbPurgeMinute} + cinder::cron::db_purge::hour: {get_param: CinderCronDbPurgeHour} + cinder::cron::db_purge::monthday: {get_param: CinderCronDbPurgeMonthday} + cinder::cron::db_purge::month: {get_param: CinderCronDbPurgeMonth} + cinder::cron::db_purge::weekday: {get_param: CinderCronDbPurgeWeekday} + cinder::cron::db_purge::user: {get_param: CinderCronDbPurgeUser} + cinder::cron::db_purge::age: {get_param: CinderCronDbPurgeAge} + cinder::cron::db_purge::destination: {get_param: CinderCronDbPurgeDestination} + cinder::glance::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} diff --git a/puppet/services/cinder-scheduler.yaml b/puppet/services/cinder-scheduler.yaml index e12af631..6a0b1f24 100644 --- a/puppet/services/cinder-scheduler.yaml +++ b/puppet/services/cinder-scheduler.yaml @@ -55,6 +55,3 @@ outputs: - name: Stop cinder_scheduler service tags: step2 service: name=openstack-cinder-scheduler state=stopped - - name: Start cinder_scheduler service - tags: step6 - service: name=openstack-cinder-scheduler state=started diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index cc06d87b..8834eaa5 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -20,6 +20,10 @@ parameters: default: lioadm description: The iSCSI helper to use with cinder. type: string + CinderISCSIProtocol: + default: iscsi + description: Whether to use TCP ('iscsi') or iSER RDMA ('iser') for iSCSI + type: string CinderLVMLoopDeviceSize: default: 10280 description: The size of the loopback file used by the cinder LVM driver. @@ -97,6 +101,7 @@ outputs: SERVERS: {get_param: CinderNfsServers} tripleo::profile::base::cinder::volume::iscsi::cinder_lvm_loop_device_size: {get_param: CinderLVMLoopDeviceSize} tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_helper: {get_param: CinderISCSIHelper} + tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_protocol: {get_param: CinderISCSIProtocol} tripleo::profile::base::cinder::volume::rbd::cinder_rbd_pool_name: {get_param: CinderRbdPoolName} tripleo::profile::base::cinder::volume::rbd::cinder_rbd_user_name: {get_param: CephClientUserName} tripleo.cinder_volume.firewall_rules: @@ -117,7 +122,3 @@ outputs: - name: Sync cinder_volume DB tags: step5 command: cinder-manage db sync - - name: Start cinder_volume service - tags: step6 - service: name=openstack-cinder-volume state=started - diff --git a/puppet/services/disabled/glance-registry.yaml b/puppet/services/disabled/glance-registry.yaml new file mode 100644 index 00000000..4d22bddc --- /dev/null +++ b/puppet/services/disabled/glance-registry.yaml @@ -0,0 +1,30 @@ +heat_template_version: ocata + +description: > + OpenStack Glance Registry service, disabled since ocata + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the disabled Glance Registry role. + value: + service_name: glance_registry + upgrade_tasks: + - name: Stop and disable glance_registry service on upgrade + tags: step2 + service: name=openstack-glance-registry state=stopped enabled=no diff --git a/puppet/services/etcd.yaml b/puppet/services/etcd.yaml new file mode 100644 index 00000000..f96fa723 --- /dev/null +++ b/puppet/services/etcd.yaml @@ -0,0 +1,58 @@ +heat_template_version: ocata + +description: > + Etcd service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + EtcdInitialClusterToken: + default: 'etcd-tripleo' + description: Initial cluster token for the etcd cluster during bootstrap. + type: string + MonitoringSubscriptionEtcd: + default: 'overcloud-etcd' + type: string + +outputs: + role_data: + description: Role data for the Etcd role. + value: + service_name: etcd + monitoring_subscription: {get_param: MonitoringSubscriptionEtcd} + config_settings: + etcd::etcd_name: + str_replace: + template: + '"%{::fqdn_$NETWORK}"' + params: + $NETWORK: {get_param: [ServiceNetMap, EtcdNetwork]} + # NOTE: bind IP is found in Heat replacing the network name with the local node IP + # for the given network; replacement examples (eg. for internal_api): + # internal_api -> IP + # internal_api_uri -> [IP] + # internal_api_subnet - > IP/CIDR + tripleo::profile::base::etcd::bind_ip: {get_param: [ServiceNetMap, EtcdNetwork]} + tripleo::profile::base::etcd::client_port: '2379' + tripleo::profile::base::etcd::peer_port: '2380' + etcd::initial_cluster_token: {get_param: EtcdInitialClusterToken} + etcd::manage_package: false + tripleo.etcd.firewall_rules: + '141 etcd': + dport: + - 2379 + - 2380 + step_config: | + include ::tripleo::profile::base::etcd diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index 6d01bd48..09ea5d22 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -45,8 +45,23 @@ parameters: default: tag: openstack.glance.api path: /var/log/glance/api.log + EnableInternalTLS: + type: boolean + default: false + +conditions: + use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]} resources: + + TLSProxyBase: + type: OS::TripleO::Services::TLSProxyBase + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + EnableInternalTLS: {get_param: EnableInternalTLS} + GlanceBase: type: ./glance-base.yaml properties: @@ -66,6 +81,7 @@ outputs: config_settings: map_merge: - get_attr: [GlanceBase, role_data, config_settings] + - get_attr: [TLSProxyBase, role_data, config_settings] - glance::api::database_connection: list_join: - '' @@ -100,7 +116,23 @@ outputs: # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - glance::api::bind_host: {get_param: [ServiceNetMap, GlanceApiNetwork]} + tripleo::profile::base::glance::api::tls_proxy_bind_ip: + get_param: [ServiceNetMap, GlanceApiNetwork] + tripleo::profile::base::glance::api::tls_proxy_fqdn: + str_replace: + template: + "%{hiera('fqdn_$NETWORK')}" + params: + $NETWORK: {get_param: [ServiceNetMap, GlanceApiNetwork]} + tripleo::profile::base::glance::api::tls_proxy_port: + get_param: [EndpointMap, GlanceInternal, port] + # Bind to localhost if internal TLS is enabled, since we put a TLs + # proxy in front. + glance::api::bind_host: + if: + - use_tls_proxy + - 'localhost' + - {get_param: [ServiceNetMap, GlanceApiNetwork]} step_config: | include ::tripleo::profile::base::glance::api service_config_settings: @@ -109,9 +141,9 @@ outputs: - name: Stop glance_api service tags: step2 service: name=openstack-glance-api state=stopped + - name: Stop and disable glance registry (removed for Ocata) + tags: step2 + service: name=openstack-glance-registry state=stopped enabled=no - name: Sync glance_api DB tags: step5 command: glance-manage --config-file=/etc/glance/glance-api.conf db_sync - - name: Start glance_api service - tags: step6 - service: name=openstack-glance-api state=started diff --git a/puppet/services/heat-api-cfn.yaml b/puppet/services/heat-api-cfn.yaml index f4d3cad3..28317dd3 100644 --- a/puppet/services/heat-api-cfn.yaml +++ b/puppet/services/heat-api-cfn.yaml @@ -88,7 +88,3 @@ outputs: - name: Stop heat_api_cfn service tags: step2 service: name=openstack-heat-api-cfn state=stopped - - name: Start heat_api_cfn service - tags: step6 - service: name=openstack-heat-api-cfn state=started - diff --git a/puppet/services/heat-api-cloudwatch.yaml b/puppet/services/heat-api-cloudwatch.yaml index ba4a287a..5de25ab8 100644 --- a/puppet/services/heat-api-cloudwatch.yaml +++ b/puppet/services/heat-api-cloudwatch.yaml @@ -70,6 +70,3 @@ outputs: - name: Stop heat_api_cloudwatch service tags: step2 service: name=openstack-heat-api-cloudwatch state=stopped - - name: Start heat_api_cloudwatch service - tags: step6 - service: name=openstack-heat-api state=started diff --git a/puppet/services/heat-api.yaml b/puppet/services/heat-api.yaml index 7ec9d6d4..0ce8e1fa 100644 --- a/puppet/services/heat-api.yaml +++ b/puppet/services/heat-api.yaml @@ -88,6 +88,3 @@ outputs: - name: Stop heat_api service tags: step2 service: name=openstack-heat-api state=stopped - - name: Start heat_api service - tags: step6 - service: name=openstack-heat-api state=started diff --git a/puppet/services/heat-base.yaml b/puppet/services/heat-base.yaml index a933a94b..90943751 100644 --- a/puppet/services/heat-base.yaml +++ b/puppet/services/heat-base.yaml @@ -44,6 +44,61 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + HeatCronPurgeDeletedEnsure: + type: string + description: > + Cron to purge db entries marked as deleted and older than $age - Ensure + default: 'present' + HeatCronPurgeDeletedMinute: + type: string + description: > + Cron to purge db entries marked as deleted and older than $age - Minute + default: '1' + HeatCronPurgeDeletedHour: + type: string + description: > + Cron to purge db entries marked as deleted and older than $age - Hour + default: '0' + HeatCronPurgeDeletedMonthday: + type: string + description: > + Cron to purge db entries marked as deleted and older than $age - Month Day + default: '*' + HeatCronPurgeDeletedMonth: + type: string + description: > + Cron to purge db entries marked as deleted and older than $age - Month + default: '*' + HeatCronPurgeDeletedWeekday: + type: string + description: > + Cron to purge db entries marked as deleted and older than $age - Week Day + default: '*' + HeatCronPurgeDeletedMaxDelay: + type: string + description: > + Cron to purge db entries marked as deleted and older than $age - Max Delay + default: '3600' + HeatCronPurgeDeletedUser: + type: string + description: > + Cron to purge db entries marked as deleted and older than $age - User + default: 'heat' + HeatCronPurgeDeletedAge: + type: string + description: > + Cron to purge db entries marked as deleted and older than $age - Age + default: '30' + HeatCronPurgeDeletedAgeType: + type: string + description: > + Cron to purge db entries marked as deleted and older than $age - Age type + default: 'days' + HeatCronPurgeDeletedDestination: + type: string + description: > + Cron to purge db entries marked as deleted and older than $age - Log destination + default: '/dev/null' outputs: role_data: @@ -72,14 +127,21 @@ outputs: heat::keystone::domain::domain_name: 'heat_stack' heat::keystone::domain::domain_admin: 'heat_stack_domain_admin' heat::keystone::domain::domain_admin_email: 'heat_stack_domain_admin@localhost' - heat::cron::purge_deleted::age: 30 - heat::cron::purge_deleted::age_type: 'days' - heat::cron::purge_deleted::maxdelay: 3600 - heat::cron::purge_deleted::destination: '/dev/null' heat::db::database_db_max_retries: -1 heat::db::database_max_retries: -1 heat::yaql_memory_quota: 100000 heat::yaql_limit_iterators: 1000 + heat::cron::purge_deleted::ensure: {get_param: HeatCronPurgeDeletedEnsure} + heat::cron::purge_deleted::minute: {get_param: HeatCronPurgeDeletedMinute} + heat::cron::purge_deleted::hour: {get_param: HeatCronPurgeDeletedHour} + heat::cron::purge_deleted::monthday: {get_param: HeatCronPurgeDeletedMonthday} + heat::cron::purge_deleted::month: {get_param: HeatCronPurgeDeletedMonth} + heat::cron::purge_deleted::weekday: {get_param: HeatCronPurgeDeletedWeekday} + heat::cron::purge_deleted::maxdelay: {get_param: HeatCronPurgeDeletedMaxDelay} + heat::cron::purge_deleted::user: {get_param: HeatCronPurgeDeletedUser} + heat::cron::purge_deleted::age: {get_param: HeatCronPurgeDeletedAge} + heat::cron::purge_deleted::age_type: {get_param: HeatCronPurgeDeletedAgeType} + heat::cron::purge_deleted::destination: {get_param: HeatCronPurgeDeletedDestination} service_config_settings: keystone: tripleo::profile::base::keystone::heat_admin_domain: 'heat_stack' diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 6efb0653..976d413c 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -144,6 +144,3 @@ outputs: - name: Sync heat_engine DB tags: step5 command: heat-manage --config-file /etc/heat/heat.conf db_sync - - name: Start heat_engine service - tags: step6 - service: name=openstack-heat-engine state=started diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index f69e20b4..434f0a33 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -113,6 +113,51 @@ parameters: EnableInternalTLS: type: boolean default: false + KeystoneCronTokenFlushEnsure: + type: string + description: > + Cron to purge expired tokens - Ensure + default: 'present' + KeystoneCronTokenFlushMinute: + type: string + description: > + Cron to purge expired tokens - Minute + default: '1' + KeystoneCronTokenFlushHour: + type: string + description: > + Cron to purge expired tokens - Hour + default: '0' + KeystoneCronTokenFlushMonthday: + type: string + description: > + Cron to purge expired tokens - Month Day + default: '*' + KeystoneCronTokenFlushMonth: + type: string + description: > + Cron to purge expired tokens - Month + default: '*' + KeystoneCronTokenFlushWeekday: + type: string + description: > + Cron to purge expired tokens - Week Day + default: '*' + KeystoneCronTokenFlushMaxDelay: + type: string + description: > + Cron to purge expired tokens - Max Delay + default: '0' + KeystoneCronTokenFlushDestination: + type: string + description: > + Cron to purge expired tokens - Log destination + default: '/var/log/keystone/keystone-tokenflush.log' + KeystoneCronTokenFlushUser: + type: string + description: > + Cron to purge expired tokens - User + default: 'keystone' resources: @@ -239,6 +284,16 @@ outputs: # NOTE: this applies to all 2 bind IP settings below... keystone::wsgi::apache::bind_host: {get_param: [ServiceNetMap, KeystonePublicApiNetwork]} keystone::wsgi::apache::admin_bind_host: {get_param: [ServiceNetMap, KeystoneAdminApiNetwork]} + keystone::cron::token_flush::ensure: {get_param: KeystoneCronTokenFlushEnsure} + keystone::cron::token_flush::minute: {get_param: KeystoneCronTokenFlushMinute} + keystone::cron::token_flush::hour: {get_param: KeystoneCronTokenFlushHour} + keystone::cron::token_flush::monthday: {get_param: KeystoneCronTokenFlushMonthday} + keystone::cron::token_flush::month: {get_param: KeystoneCronTokenFlushMonth} + keystone::cron::token_flush::weekday: {get_param: KeystoneCronTokenFlushWeekday} + keystone::cron::token_flush::maxdelay: {get_param: KeystoneCronTokenFlushMaxDelay} + keystone::cron::token_flush::destination: {get_param: KeystoneCronTokenFlushDestination} + keystone::cron::token_flush::user: {get_param: KeystoneCronTokenFlushUser} + step_config: | include ::tripleo::profile::base::keystone service_config_settings: @@ -258,6 +313,3 @@ outputs: - name: Sync keystone DB tags: step5 command: keystone-manage db_sync - - name: Start keystone service (running under httpd) - tags: step6 - service: name=httpd state=started diff --git a/puppet/services/manila-api.yaml b/puppet/services/manila-api.yaml index b7c64823..f1cddbd0 100644 --- a/puppet/services/manila-api.yaml +++ b/puppet/services/manila-api.yaml @@ -64,6 +64,7 @@ outputs: # internal_api_subnet - > IP/CIDR manila::api::bind_host: {get_param: [ServiceNetMap, ManilaApiNetwork]} manila::api::enable_proxy_headers_parsing: true + manila::api::default_share_type: 'default' step_config: | include ::tripleo::profile::base::manila::api service_config_settings: diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index bbb79bba..cf444215 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -167,7 +167,3 @@ outputs: - name: Sync neutron_api DB tags: step5 command: neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head - - name: Start neutron_api service - tags: step6 - service: name=neutron-server state=started - diff --git a/puppet/services/neutron-dhcp.yaml b/puppet/services/neutron-dhcp.yaml index c7965a64..5e7de18e 100644 --- a/puppet/services/neutron-dhcp.yaml +++ b/puppet/services/neutron-dhcp.yaml @@ -78,6 +78,3 @@ outputs: - name: Stop neutron_dhcp service tags: step2 service: name=neutron-dhcp-agent state=stopped - - name: Start neutron_dhcp service - tags: step6 - service: name=neutron-dhcp-agent state=started diff --git a/puppet/services/neutron-l3.yaml b/puppet/services/neutron-l3.yaml index b3d7b3bf..9d858441 100644 --- a/puppet/services/neutron-l3.yaml +++ b/puppet/services/neutron-l3.yaml @@ -83,6 +83,3 @@ outputs: - name: Stop neutron_l3 service tags: step2 service: name=neutron-l3-agent state=stopped - - name: Start neutron_l3 service - tags: step6 - service: name=neutron-l3-agent state=started diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml index 68d7110a..43066767 100644 --- a/puppet/services/neutron-metadata.yaml +++ b/puppet/services/neutron-metadata.yaml @@ -79,6 +79,3 @@ outputs: - name: Stop neutron_metadata service tags: step2 service: name=neutron-metadata-agent state=stopped - - name: Start neutron_metadata service - tags: step6 - service: name=neutron-metadata-agent state=started diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index e24fae7c..baeb0c66 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -124,7 +124,3 @@ outputs: - name: Stop neutron_ovs_agent service tags: step2 service: name=neutron-openvswitch-agent state=stopped - - name: Start neutron_ovs_agent service - tags: step6 - service: name=neutron-openvswitch-agent state=started - diff --git a/puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml b/puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml new file mode 100644 index 00000000..85971f17 --- /dev/null +++ b/puppet/services/neutron-plugin-ml2-fujitsu-fossw.yaml @@ -0,0 +1,78 @@ +heat_template_version: ocata + +description: Configure hieradata for Fujitsu fossw plugin configuration + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + NeutronFujitsuFosswIps: + description: 'The List of IP address of all fos switches.' + type: comma_delimited_list + NeutronFujitsuFosswUserName: + description: 'The username of the fos switches.' + type: string + NeutronFujitsuFosswPassword: + description: 'The password of the fos switches.' + type: string + hidden: true + NeutronFujitsuFosswPort: + description: 'The port number used for SSH connection.' + type: number + default: 22 + NeutronFujitsuFosswTimeout: + description: 'The timeout os SSH connection.' + type: number + default: 30 + NeutronFujitsuFosswUdpDestPort: + description: 'The port number of VXLAN UDP destination on the fos switches.' + type: number + default: 4789 + NeutronFujitsuFosswOvsdbVlanidRangeMin: + description: 'The minimum VLAN ID in the range that is used for binding VNI and physical port.' + type: number + default: 2 + NeutronFujitsuFosswOvsdbPort: + description: 'The port number which OVSDB server on the fos switches listen.' + type: number + default: 6640 + +resources: + + NeutronMl2Base: + type: ./neutron-plugin-ml2.yaml + properties: + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + EndpointMap: {get_param: EndpointMap} + +outputs: + role_data: + description: Role data for Fujitsu Fossw ML2 Driver + value: + service_name: neutron_plugin_ml2_fujitsu_fossw + config_settings: + map_merge: + - get_attr: [NeutronMl2Base, role_data, config_settings] + - neutron::plugins::ml2::fujitsu::fossw::fossw_ips: {get_param: NeutronFujitsuFosswIps} + neutron::plugins::ml2::fujitsu::fossw::username: {get_param: NeutronFujitsuFosswUserName} + neutron::plugins::ml2::fujitsu::fossw::password: {get_param: NeutronFujitsuFosswPassword} + neutron::plugins::ml2::fujitsu::fossw::port: {get_param: NeutronFujitsuFosswPort} + neutron::plugins::ml2::fujitsu::fossw::timeout: {get_param: NeutronFujitsuFosswTimeout} + neutron::plugins::ml2::fujitsu::fossw::udp_dest_port: {get_param: NeutronFujitsuFosswUdpDestPort} + neutron::plugins::ml2::fujitsu::fossw::ovsdb_vlanid_range_min: {get_param: NeutronFujitsuFosswOvsdbVlanidRangeMin} + neutron::plugins::ml2::fujitsu::fossw::ovsdb_port: {get_param: NeutronFujitsuFosswOvsdbPort} + step_config: | + include ::tripleo::profile::base::neutron::plugins::ml2 + diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index d70e66a0..c448bf49 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -18,6 +18,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + KeystoneRegion: + type: string + default: 'regionOne' + description: Keystone region for endpoint NovaPassword: description: The password for the nova service and db account, used by nova-api. type: string @@ -66,6 +70,53 @@ parameters: type: string description: Nova Compute upgrade level default: '' + NovaCronArchiveDeleteRowsMinute: + type: string + description: > + Cron to move deleted instances to another table - Minute + default: '1' + NovaCronArchiveDeleteRowsHour: + type: string + description: > + Cron to move deleted instances to another table - Hour + default: '0' + NovaCronArchiveDeleteRowsMonthday: + type: string + description: > + Cron to move deleted instances to another table - Month Day + default: '*' + NovaCronArchiveDeleteRowsMonth: + type: string + description: > + Cron to move deleted instances to another table - Month + default: '*' + NovaCronArchiveDeleteRowsWeekday: + type: string + description: > + Cron to move deleted instances to another table - Week Day + default: '*' + NovaCronArchiveDeleteRowsMaxRows: + type: string + description: > + Cron to move deleted instances to another table - Max Rows + default: '100' + NovaCronArchiveDeleteRowsUser: + type: string + description: > + Cron to move deleted instances to another table - User + default: 'nova' + NovaCronArchiveDeleteRowsDestination: + type: string + description: > + Cron to move deleted instances to another table - Log destination + default: '/var/log/nova/nova-rowsflush.log' + NovaCronArchiveDeleteRowsUntilComplete: + type: boolean + description: > + Cron to move deleted instances to another table - Until complete + default: false + + conditions: compute_upgrade_level_empty: {equals : [{get_param: UpgradeLevelNovaCompute}, '']} @@ -81,6 +132,10 @@ outputs: nova::rabbit_userid: {get_param: RabbitUserName} nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} nova::rabbit_port: {get_param: RabbitClientPort} + nova::placement::project_name: 'service' + nova::placement::password: {get_param: NovaPassword} + nova::placement::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} + nova::placement::os_region_name: {get_param: KeystoneRegion} nova::database_connection: list_join: - '' @@ -133,13 +188,26 @@ outputs: nova::glance_api_servers: {get_param: [EndpointMap, GlanceInternal, uri]} nova::use_ipv6: {get_param: NovaIPv6} nova::network::neutron::neutron_ovs_bridge: {get_param: NovaOVSBridge} - - + nova::cron::archive_deleted_rows::minute: {get_param: NovaCronArchiveDeleteRowsMinute} + nova::cron::archive_deleted_rows::hour: {get_param: NovaCronArchiveDeleteRowsHour} + nova::cron::archive_deleted_rows::monthday: {get_param: NovaCronArchiveDeleteRowsMonthday} + nova::cron::archive_deleted_rows::month: {get_param: NovaCronArchiveDeleteRowsMonth} + nova::cron::archive_deleted_rows::weekday: {get_param: NovaCronArchiveDeleteRowsWeekday} + nova::cron::archive_deleted_rows::max_rows: {get_param: NovaCronArchiveDeleteRowsMaxRows} + nova::cron::archive_deleted_rows::user: {get_param: NovaCronArchiveDeleteRowsUser} + nova::cron::archive_deleted_rows::destination: {get_param: NovaCronArchiveDeleteRowsDestination} + nova::cron::archive_deleted_rows::until_complete: {get_param: NovaCronArchiveDeleteRowsUntilComplete} + - if: - compute_upgrade_level_empty - {} - nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute} service_config_settings: mysql: + # NOTE(aschultz): this should be configurable if/when we support more + # complex cell v2 configurations. For now, this is the default cell + # created for the cell v2 configuration + nova::db::mysql_api::setup_cell0: true nova::rabbit_password: {get_param: RabbitPassword} nova::rabbit_userid: {get_param: RabbitUserName} nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 9b7120d8..82b83561 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -79,10 +79,6 @@ outputs: dport: - 8778 - 13778 - nova::placement::project_name: 'service' - nova::placement::password: {get_param: NovaPassword} - nova::placement::auth_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]} - nova::placement::os_region_name: {get_param: KeystoneRegion} nova::wsgi::apache_placement::api_port: '8778' nova::wsgi::apache_placement::ssl: {get_param: EnableInternalTLS} # NOTE: bind IP is found in Heat replacing the network name with the local node IP diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index 9adf1bdb..a8a9fb99 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -29,6 +29,11 @@ parameters: default: false description: Whether to enable fencing in Pacemaker or not. type: boolean + PacemakerRemoteAuthkey: + type: string + description: The authkey for the pacemaker remote service. + hidden: true + default: '' PcsdPassword: type: string description: The password for the 'pcsd' user for pacemaker. @@ -112,5 +117,6 @@ outputs: passwords: - {get_param: PcsdPassword} - {get_param: [DefaultPasswords, pcsd_password]} + tripleo::profile::base::pacemaker::remote_authkey: {get_param: PacemakerRemoteAuthkey} step_config: | include ::tripleo::profile::base::pacemaker diff --git a/puppet/services/pacemaker_remote.yaml b/puppet/services/pacemaker_remote.yaml new file mode 100644 index 00000000..daee43e6 --- /dev/null +++ b/puppet/services/pacemaker_remote.yaml @@ -0,0 +1,57 @@ +heat_template_version: ocata + +description: > + Pacemaker remote service configured with Puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + PacemakerRemoteAuthkey: + type: string + description: The authkey for the pacemaker remote service. + hidden: true + default: '' + MonitoringSubscriptionPacemakerRemote: + default: 'overcloud-pacemaker_remote' + type: string + PacemakerRemoteLoggingSource: + type: json + default: + tag: system.pacemaker_remote + path: /var/log/pacemaker.log + format: >- + /^(?<time>[^ ]*\s*[^ ]* [^ ]*) + \[(?<pid>[^ ]*)\] + (?<host>[^ ]*) + (?<message>.*)$/ + +outputs: + role_data: + description: Role data for the Pacemaker remote role. + value: + service_name: pacemaker_remote + monitoring_subscription: {get_param: MonitoringSubscriptionPacemakerRemote} + logging_groups: + - haclient + logging_source: {get_param: PacemakerRemoteLoggingSource} + config_settings: + tripleo.pacemaker_remote.firewall_rules: + '130 pacemaker_remote tcp': + proto: 'tcp' + dport: + - 3121 + tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey} + step_config: | + include ::tripleo::profile::base::pacemaker_remote diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index ab9dad46..2c4ccbc9 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -78,6 +78,7 @@ outputs: NODE_IP_ADDRESS: '' RABBITMQ_NODENAME: "rabbit@%{::hostname}" RABBITMQ_SERVER_ERL_ARGS: '"+K true +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]"' + 'export ERL_EPMD_ADDRESS': "%{hiera('rabbitmq::interface')}" rabbitmq_kernel_variables: inet_dist_listen_min: '25672' inet_dist_listen_max: '25672' diff --git a/puppet/services/sahara-api.yaml b/puppet/services/sahara-api.yaml index 9e494385..8573ea81 100644 --- a/puppet/services/sahara-api.yaml +++ b/puppet/services/sahara-api.yaml @@ -90,3 +90,7 @@ outputs: sahara::db::mysql::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + upgrade_tasks: + - name: Stop sahara_api service + tags: step2 + service: name=openstack-sahara-api state=stopped diff --git a/puppet/services/sahara-engine.yaml b/puppet/services/sahara-engine.yaml index a1521c28..987fe25b 100644 --- a/puppet/services/sahara-engine.yaml +++ b/puppet/services/sahara-engine.yaml @@ -49,3 +49,10 @@ outputs: - get_attr: [SaharaBase, role_data, config_settings] step_config: | include ::tripleo::profile::base::sahara::engine + upgrade_tasks: + - name: Stop sahara_engine service + tags: step2 + service: name=openstack-sahara-engine state=stopped + - name: Sync sahara_engine DB + tags: step5 + command: sahara-db-manage --config-file /etc/sahara/sahara.conf upgrade head diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index 6ccfe7a2..62d227a2 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -119,8 +119,8 @@ outputs: - 'keystone' - 'staticweb' - 'copy' - - 'container-quotas' - - 'account-quotas' + - 'container_quotas' + - 'account_quotas' - 'slo' - 'dlo' - 'versioned_writes' @@ -157,3 +157,7 @@ outputs: - admin - swiftoperator - ResellerAdmin + upgrade_tasks: + - name: Stop swift_proxy service + tags: step2 + service: name=openstack-swift-proxy state=stopped diff --git a/puppet/services/swift-storage.yaml b/puppet/services/swift-storage.yaml index 00ae9c35..08df928d 100644 --- a/puppet/services/swift-storage.yaml +++ b/puppet/services/swift-storage.yaml @@ -90,3 +90,20 @@ outputs: swift::storage::all::storage_local_net_ip: {get_param: [ServiceNetMap, SwiftStorageNetwork]} step_config: | include ::tripleo::profile::base::swift::storage + upgrade_tasks: + - name: Stop swift storage services + tags: step2 + service: name={{ item }} state=stopped + with_items: + - openstack-swift-account-auditor + - openstack-swift-account-reaper + - openstack-swift-account-replicator + - openstack-swift-account + - openstack-swift-container-auditor + - openstack-swift-container-replicator + - openstack-swift-container-updater + - openstack-swift-container + - openstack-swift-object-auditor + - openstack-swift-object-replicator + - openstack-swift-object-updater + - openstack-swift-object diff --git a/puppet/services/time/ntp.yaml b/puppet/services/time/ntp.yaml index 7c3a19a9..88ab90cb 100644 --- a/puppet/services/time/ntp.yaml +++ b/puppet/services/time/ntp.yaml @@ -38,4 +38,4 @@ outputs: dport: 123 proto: udp step_config: | - include ::ntp + include ::tripleo::profile::base::time::ntp diff --git a/roles_data.yaml b/roles_data.yaml index bbb1ab7a..39cb56f9 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -17,6 +17,9 @@ # disable_constraints: (boolean) optional, whether to disable Nova and Glance # constraints for each role specified in the templates. # +# disable_upgrade_deployment: (boolean) optional, whether to run the composable upgrade +# steps for all services that are deployed on the particular role. +# # ServicesDefault: (list) optional default list of services to be deployed # on the role, defaults to an empty list. Sets the default for the # {{role.name}}Services parameter in overcloud.yaml @@ -102,11 +105,14 @@ - OS::TripleO::Services::Zaqar - OS::TripleO::Services::OVNDBs - OS::TripleO::Services::NeutronML2FujitsuCfab + - OS::TripleO::Services::NeutronML2FujitsuFossw - OS::TripleO::Services::CinderHPELeftHandISCSI + - OS::TripleO::Services::Etcd - name: Compute CountDefault: 1 HostnameFormatDefault: '%stackname%-novacompute-%index%' + disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::CACerts - OS::TripleO::Services::CephClient @@ -143,6 +149,7 @@ - OS::TripleO::Services::FluentdClient - name: ObjectStorage + disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::CACerts - OS::TripleO::Services::Kernel @@ -157,6 +164,7 @@ - OS::TripleO::Services::FluentdClient - name: CephStorage + disable_upgrade_deployment: True ServicesDefault: - OS::TripleO::Services::CACerts - OS::TripleO::Services::CephOSD diff --git a/tools/process-templates.py b/tools/process-templates.py index 9a06812b..7d66b35d 100755 --- a/tools/process-templates.py +++ b/tools/process-templates.py @@ -14,6 +14,7 @@ import argparse import jinja2 import os +import shutil import six import sys import yaml @@ -33,6 +34,9 @@ def parse_opts(argv): action='store_true', help="""Enable safe mode (do not overwrite files).""", default=False) + parser.add_argument('-o', '--output-dir', metavar='OUTPUT_DIR', + help="""Output dir for all the templates""", + default='') opts = parser.parse_args(argv[1:]) return opts @@ -60,7 +64,7 @@ def _j2_render_to_file(j2_template, j2_data, outfile_name=None, out_f.write(r_template) -def process_templates(template_path, role_data_path, overwrite): +def process_templates(template_path, role_data_path, output_dir, overwrite): with open(role_data_path) as role_data_file: role_data = yaml.safe_load(role_data_file) @@ -69,6 +73,11 @@ def process_templates(template_path, role_data_path, overwrite): with open(j2_excludes_path) as role_data_file: j2_excludes = yaml.safe_load(role_data_file) + if output_dir and not os.path.isdir(output_dir): + if os.path.exists(output_dir): + raise RuntimeError('Output dir %s is not a directory' % output_dir) + os.mkdir(output_dir) + role_names = [r.get('name') for r in role_data] r_map = {} for r in role_data: @@ -78,6 +87,29 @@ def process_templates(template_path, role_data_path, overwrite): if os.path.isdir(template_path): for subdir, dirs, files in os.walk(template_path): + + # NOTE(flaper87): Ignore hidden dirs as we don't + # generate templates for those. + # Note the slice assigment for `dirs` is necessary + # because we need to modify the *elements* in the + # dirs list rather than the reference to the list. + # This way we'll make sure os.walk will iterate over + # the shrunk list. os.walk doesn't have an API for + # filtering dirs at this point. + dirs[:] = [d for d in dirs if not d[0] == '.'] + files = [f for f in files if not f[0] == '.'] + + # NOTE(flaper87): We could have used shutil.copytree + # but it requires the dst dir to not be present. This + # approach is safer as it doesn't require us to delete + # the output_dir in advance and it allows for running + # the command multiple times with the same output_dir. + out_dir = subdir + if output_dir: + out_dir = os.path.join(output_dir, subdir) + if not os.path.exists(out_dir): + os.mkdir(out_dir) + for f in files: file_path = os.path.join(subdir, f) # We do two templating passes here: @@ -101,7 +133,7 @@ def process_templates(template_path, role_data_path, overwrite): [role.lower(), os.path.basename(f).replace('.role.j2.yaml', '.yaml')]) - out_f_path = os.path.join(subdir, out_f) + out_f_path = os.path.join(out_dir, out_f) if not (out_f_path in excl_templates): _j2_render_to_file(template_data, j2_data, out_f_path, overwrite) @@ -112,9 +144,12 @@ def process_templates(template_path, role_data_path, overwrite): with open(file_path) as j2_template: template_data = j2_template.read() j2_data = {'roles': role_data} - out_f = file_path.replace('.j2.yaml', '.yaml') - _j2_render_to_file(template_data, j2_data, out_f, + out_f = os.path.basename(f).replace('.j2.yaml', '.yaml') + out_f_path = os.path.join(out_dir, out_f) + _j2_render_to_file(template_data, j2_data, out_f_path, overwrite) + elif output_dir: + shutil.copy(os.path.join(subdir, f), out_dir) else: print('Unexpected argument %s' % template_path) @@ -123,4 +158,4 @@ opts = parse_opts(sys.argv) role_data_path = os.path.join(opts.base_path, opts.roles_data) -process_templates(opts.base_path, role_data_path, (not opts.safe)) +process_templates(opts.base_path, role_data_path, opts.output_dir, (not opts.safe)) diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 63e3ce51..19e40d19 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -196,8 +196,8 @@ if base_endpoint_map and \ matches = validate_endpoint_map(base_endpoint_map, env_endpoint_map['map']) if not matches: - print("ERROR: %s doesn't match base endpoint map" % - env_endpoint_map['file']) + print("ERROR: %s needs to be updated to match changes in base " + "endpoint map" % env_endpoint_map['file']) failed_files.append(env_endpoint_map['file']) exit_val |= 1 else: |