diff options
| -rw-r--r-- | capabilities-map.yaml | 5 | ||||
| -rw-r--r-- | ci/environments/scenario001-multinode.yaml | 2 | ||||
| -rw-r--r-- | ci/environments/scenario002-multinode.yaml | 2 | ||||
| -rw-r--r-- | ci/environments/scenario003-multinode.yaml | 2 | ||||
| -rw-r--r-- | ci/environments/scenario004-multinode.yaml | 2 | ||||
| -rw-r--r-- | ci/scripts/freeipa_setup.sh | 19 | ||||
| -rw-r--r-- | environments/cinder-scaleio-config.yaml | 35 | ||||
| -rw-r--r-- | puppet/services/cinder-backend-scaleio.yaml | 111 | ||||
| -rw-r--r-- | puppet/services/cinder-volume.yaml | 3 | ||||
| -rw-r--r-- | puppet/services/glance-api.yaml | 3 | ||||
| -rw-r--r-- | puppet/services/heat-engine.yaml | 3 | ||||
| -rw-r--r-- | puppet/services/ironic-conductor.yaml | 3 | ||||
| -rw-r--r-- | puppet/services/keystone.yaml | 3 | ||||
| -rw-r--r-- | puppet/services/neutron-api.yaml | 3 | ||||
| -rw-r--r-- | puppet/services/nova-base.yaml | 1 | ||||
| -rw-r--r-- | puppet/services/nova-placement.yaml | 8 | ||||
| -rw-r--r-- | releasenotes/notes/6.0.0-b52a14a71fc62788.yaml | 44 |
17 files changed, 215 insertions, 34 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml index b2b424b1..7ed0deb4 100644 --- a/capabilities-map.yaml +++ b/capabilities-map.yaml @@ -437,6 +437,11 @@ topics: title: Cinder iSER backend description: > Enable a Cinder iSER RDMA backend, configured via puppet + - file: environments/cinder-scaleio-config.yaml + title: Cinder Dell EMC ScaleIO backend + description: > + Enables a Cinder Dell EMC ScaleIO backend, + configured via puppet requires: - overcloud-resource-registry-puppet.yaml - title: Externally managed Ceph diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml index d4cd99c1..72e25704 100644 --- a/ci/environments/scenario001-multinode.yaml +++ b/ci/environments/scenario001-multinode.yaml @@ -66,6 +66,8 @@ parameter_defaults: - OS::TripleO::Services::Collectd - OS::TripleO::Services::Tacker - OS::TripleO::Services::Congress + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index e611c6f9..bf4721e2 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -47,6 +47,8 @@ parameter_defaults: - OS::TripleO::Services::MongoDb - OS::TripleO::Services::Zaqar - OS::TripleO::Services::Ec2Api + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml index b26ee0a3..9167010c 100644 --- a/ci/environments/scenario003-multinode.yaml +++ b/ci/environments/scenario003-multinode.yaml @@ -43,6 +43,8 @@ parameter_defaults: - OS::TripleO::Services::MistralApi - OS::TripleO::Services::MistralEngine - OS::TripleO::Services::MistralExecutor + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml index 5b253a84..87b10ca1 100644 --- a/ci/environments/scenario004-multinode.yaml +++ b/ci/environments/scenario004-multinode.yaml @@ -44,6 +44,8 @@ parameter_defaults: - OS::TripleO::Services::CephOSD - OS::TripleO::Services::CephClient - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::TripleoFirewall ControllerExtraConfig: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu diff --git a/ci/scripts/freeipa_setup.sh b/ci/scripts/freeipa_setup.sh index a36493a1..c9a5cba2 100644 --- a/ci/scripts/freeipa_setup.sh +++ b/ci/scripts/freeipa_setup.sh @@ -10,6 +10,9 @@ # - HostsSecret # - ProvisioningCIDR: If set, it adds the given CIDR to the provisioning # interface (which is hardcoded to eth1) +# - UsingNovajoin: If unset, we pre-provision the service principals +# needed for the overcloud deploy. If set, we skip this, +# since novajoin will do it. # set -eux @@ -94,11 +97,13 @@ if [ "$?" = '1' ]; then exit 1 fi -# Create undercloud host -ipa host-add $UndercloudFQDN --password=$HostsSecret --force +if [ -z "$UsingNovajoin" ]; then + # Create undercloud host + ipa host-add $UndercloudFQDN --password=$HostsSecret --force -# Create overcloud nodes and services -git clone https://github.com/JAORMX/freeipa-tripleo-incubator.git -cd freeipa-tripleo-incubator -python create_ipa_tripleo_host_setup.py -w $HostsSecret -d $(hostname -d) \ - --controller-count 1 --compute-count 1 + # Create overcloud nodes and services + git clone https://github.com/JAORMX/freeipa-tripleo-incubator.git + cd freeipa-tripleo-incubator + python create_ipa_tripleo_host_setup.py -w $HostsSecret -d $(hostname -d) \ + --controller-count 1 --compute-count 1 +fi diff --git a/environments/cinder-scaleio-config.yaml b/environments/cinder-scaleio-config.yaml new file mode 100644 index 00000000..cebd619c --- /dev/null +++ b/environments/cinder-scaleio-config.yaml @@ -0,0 +1,35 @@ +# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# A Heat environment file which can be used to enable a +# a Cinder Dell EMC SacleIO backend, configured via puppet +resource_registry: + OS::TripleO::Services::CinderBackendScaleIO: ../puppet/services/cinder-backend-scaleio.yaml + +parameter_defaults: + CinderEnableScaleIOBackend: true + CinderScaleIOBackendName: 'tripleo_scaleio' + CinderScaleIOSanIp: '' + CinderScaleIOSanLogin: '' + CinderScaleIOSanPassword: '' + CinderScaleIORestServerPort: '443' + CinderScaleIOVerifyServerCertificate: false + CinderScaleIOServerCertificatePath: '' + CinderScaleIOProtectionDomainName: 'domain1' + CinderScaleIOStoragePoolName: 'pool1' + CinderScaleIOStoragePools: 'domain1:pool1' + CinderScaleIORoundVolumeCapacity: true + CinderScaleIOUnmapVolumeBeforeDeletion: false + CinderScaleIOMaxOverSubscriptionRatio: '' + CinderScaleIOSanThinProvision: true diff --git a/puppet/services/cinder-backend-scaleio.yaml b/puppet/services/cinder-backend-scaleio.yaml new file mode 100644 index 00000000..eb709cd5 --- /dev/null +++ b/puppet/services/cinder-backend-scaleio.yaml @@ -0,0 +1,111 @@ +# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +heat_template_version: ocata + +description: > + Openstack Cinder Dell EMC ScaleIO backend + +parameters: + CinderEnableScaleIOBackend: + type: boolean + default: true + CinderScaleIOBackendName: + type: string + default: 'tripleo_scaleio' + CinderScaleIOSanIp: + type: string + default: '' + CinderScaleIOSanLogin: + type: string + default: '' + CinderScaleIOSanPassword: + type: string + default: '' + hidden: true + CinderScaleIORestServerPort: + type: number + default: 443 + CinderScaleIOVerifyServerCertificate: + type: boolean + default: false + CinderScaleIOServerCertificatePath: + type: string + default: '' + CinderScaleIOProtectionDomainId: + type: string + default: '' + CinderScaleIOProtectionDomainName: + type: string + default: '' + CinderScaleIOStoragePoolId: + type: string + default: '' + CinderScaleIOStoragePoolName: + type: string + default: '' + CinderScaleIOStoragePools: + type: string + default: '' + CinderScaleIORoundVolumeCapacity: + type: boolean + default: true + CinderScaleIOUnmapVolumeBeforeDeletion: + type: boolean + default: false + CinderScaleIOMaxOverSubscriptionRatio: + type: string + default: '' + CinderScaleIOSanThinProvision: + type: boolean + default: true + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + type: json + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + +outputs: + role_data: + description: Role data for the Cinder Dell EMC ScaleIO backend. + value: + service_name: cinder_backend_scaleio + config_settings: + tripleo::profile::base::cinder::volume::cinder_enable_scaleio_backend: {get_param: CinderEnableScaleIOBackend} + cinder::backend::scaleio::volume_backend_name: {get_param: CinderScaleIOBackendName} + cinder::backend::scaleio::sio_login: {get_param: CinderScaleIOSanLogin} + cinder::backend::scaleio::sio_password: {get_param: CinderScaleIOSanPassword} + cinder::backend::scaleio::sio_server_hostname: {get_param: CinderScaleIOSanIp} + cinder::backend::scaleio::sio_server_port: {get_param: CinderScaleIORestServerPort} + cinder::backend::scaleio::sio_verify_server_certificate: {get_param: CinderScaleIOVerifyServerCertificate} + cinder::backend::scaleio::sio_server_certificate_path: {get_param: CinderScaleIOServerCertificatePath} + cinder::backend::scaleio::sio_protection_domain_name: {get_param: CinderScaleIOProtectionDomainName} + cinder::backend::scaleio::sio_protection_domain_id: {get_param: CinderScaleIOProtectionDomainId} + cinder::backend::scaleio::sio_storage_pool_id: {get_param: CinderScaleIOStoragePoolId} + cinder::backend::scaleio::sio_storage_pool_name: {get_param: CinderScaleIOStoragePoolName} + cinder::backend::scaleio::sio_storage_pools: {get_param: CinderScaleIOStoragePools} + cinder::backend::scaleio::sio_round_volume_capacity: {get_param: CinderScaleIORoundVolumeCapacity} + cinder::backend::scaleio::sio_unmap_volume_before_deletion: {get_param: CinderScaleIOUnmapVolumeBeforeDeletion} + cinder::backend::scaleio::sio_max_over_subscription_ratio: {get_param: CinderScaleIOMaxOverSubscriptionRatio} + cinder::backend::scaleio::sio_thin_provision: {get_param: CinderScaleIOThinProvision} + step_config: | + include ::tripleo::profile::base::cinder::volume diff --git a/puppet/services/cinder-volume.yaml b/puppet/services/cinder-volume.yaml index dd1d3833..3a06afb8 100644 --- a/puppet/services/cinder-volume.yaml +++ b/puppet/services/cinder-volume.yaml @@ -122,6 +122,3 @@ outputs: - name: Stop cinder_volume service tags: step2 service: name=openstack-cinder-volume state=stopped - - name: Sync cinder_volume DB - tags: step5 - command: cinder-manage db sync diff --git a/puppet/services/glance-api.yaml b/puppet/services/glance-api.yaml index b49b29f7..5b3ab3e4 100644 --- a/puppet/services/glance-api.yaml +++ b/puppet/services/glance-api.yaml @@ -147,6 +147,3 @@ outputs: - name: Stop and disable glance registry (removed for Ocata) tags: step2 service: name=openstack-glance-registry state=stopped enabled=no - - name: Sync glance_api DB - tags: step5 - command: glance-manage --config-file=/etc/glance/glance-api.conf db_sync diff --git a/puppet/services/heat-engine.yaml b/puppet/services/heat-engine.yaml index 3b73eb88..e85b7537 100644 --- a/puppet/services/heat-engine.yaml +++ b/puppet/services/heat-engine.yaml @@ -144,6 +144,3 @@ outputs: - name: Stop heat_engine service tags: step2 service: name=openstack-heat-engine state=stopped - - name: Sync heat_engine DB - tags: step5 - command: heat-manage --config-file /etc/heat/heat.conf db_sync diff --git a/puppet/services/ironic-conductor.yaml b/puppet/services/ironic-conductor.yaml index 48d87209..739db13c 100644 --- a/puppet/services/ironic-conductor.yaml +++ b/puppet/services/ironic-conductor.yaml @@ -111,6 +111,3 @@ outputs: - name: Stop ironic_conductor service tags: step2 service: name=openstack-ironic-conductor state=stopped - - name: Sync ironic_conductor DB - tags: step5 - command: ironic-dbsync diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml index 7da4a9c2..b2374ec4 100644 --- a/puppet/services/keystone.yaml +++ b/puppet/services/keystone.yaml @@ -310,8 +310,5 @@ outputs: - name: Stop keystone service (running under httpd) tags: step2 service: name=httpd state=stopped - - name: Sync keystone DB - tags: step5 - command: keystone-manage db_sync metadata_settings: get_attr: [ApacheServiceBase, role_data, metadata_settings] diff --git a/puppet/services/neutron-api.yaml b/puppet/services/neutron-api.yaml index 65fa0d8f..e89509b2 100644 --- a/puppet/services/neutron-api.yaml +++ b/puppet/services/neutron-api.yaml @@ -198,6 +198,3 @@ outputs: - name: Stop neutron_api service tags: step2 service: name=neutron-server state=stopped - - name: Sync neutron_api DB - tags: step5 - command: neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index d42a582b..5b9fb769 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -173,6 +173,7 @@ outputs: nova::purge_config: {get_param: EnableConfigPurge} nova::network::neutron::neutron_project_name: 'service' nova::network::neutron::neutron_username: 'neutron' + nova::network::neutron::neutron_region_name: {get_param: KeystoneRegion} nova::network::neutron::dhcp_domain: '' nova::network::neutron::neutron_password: {get_param: NeutronPassword} nova::network::neutron::neutron_url: {get_param: [EndpointMap, NeutronInternal, uri]} diff --git a/puppet/services/nova-placement.yaml b/puppet/services/nova-placement.yaml index 82b83561..5564c1b3 100644 --- a/puppet/services/nova-placement.yaml +++ b/puppet/services/nova-placement.yaml @@ -86,13 +86,13 @@ outputs: # internal_api -> IP # internal_api_uri -> [IP] # internal_api_subnet - > IP/CIDR - nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaApiNetwork]} + nova::wsgi::apache_placement::bind_host: {get_param: [ServiceNetMap, NovaPlacementNetwork]} nova::wsgi::apache_placement::servername: str_replace: template: "%{hiera('fqdn_$NETWORK')}" params: - $NETWORK: {get_param: [ServiceNetMap, NovaApiNetwork]} + $NETWORK: {get_param: [ServiceNetMap, NovaPlacementNetwork]} - if: - nova_workers_zero @@ -118,3 +118,7 @@ outputs: nova::db::mysql_placement::allowed_hosts: - '%' - "%{hiera('mysql_bind_host')}" + upgrade_tasks: + - name: Stop nova_placement service (running under httpd) + tags: step2 + service: name=httpd state=stopped diff --git a/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml b/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml index 069cbd23..f9afb18d 100644 --- a/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml +++ b/releasenotes/notes/6.0.0-b52a14a71fc62788.yaml @@ -54,9 +54,20 @@ features: - Add Panko service support. This service is not enabled by default. Use environments/services/enable-panko.yaml to include it in your deployment. - Add EC2-API composable service support. + - Allow dnsmasq_dns_servers to be configured for Neutron DHCP Agent with a + new parameter (NeutronDhcpAgentDnsmasqDnsServers, default to []). + - Add support for Ceph RBD mirroring daemon managed by Pacemaker. + - Add deployed server bootstrap for RHEL. + - Configure VNC Server listen address on internal_api network by default. + - Support for Cinder Dell EMC PS Series. + - Support for Cinder Dell EMC EMC Storage Center. + - Support for Octavia composable services for LBaaS with Neutron. + - Support for Collectd composable services for performance monitoring. + - Support for Tacker composable service for VNF management. upgrade: - Update OpenDaylight deployment to use networking-odl v2 as a mechanism driver. + - Update Contrail composable services. deprecations: - Glance Registry service has been removed and Glance API v2 is now deploy by default. Glance API v1 is not supported anymore in TripleO. @@ -68,16 +79,26 @@ deprecations: - Removes deprecated OpenDaylight L2 only deployments. Deploying ODL without L3 DVR is no longer supported. security: - - Disallow iframe embed in Horizon configuration to prevent dashboard being - embedded within an iframe and exposed to Cross-Frame Scripting (XFS) - vulnerability on legacy browsers. - - Allow management of enforce_password_check in Horizons configuration to - display an 'Admin Password' field on the Change Password form to verify that + - Enable management of 'DISALLOW_IFRAME_EMBED' in Horizon configuration to + prevent dashboard being embedded within an iframe and exposed to Cross-Frame + Scripting (XFS) vulnerability on legacy browsers. + - Enable management of 'ENFORCE_PASSWORD_CHECK' in Horizons configuration to + display an Admin Password field on the Change Password form to verify that it is indeed the admin logged-in who wants to change the password. - - Allow management of disable_password_reveal in Horizon, to remove the + - Enable management of 'DISABLE_PASSWORD_REVEAL' in Horizon, to remove the password reveal option. - - Enable secure_proxy_ssl_header option in Horizons configuration to take + - Enable 'SECURE_PROXY_SSL_HEADER' option in Horizons configuration to take X-Forwarded-Proto header into account when forming URLs. + - Enable management of ENFORCE_PASSWORD_CHECK value. By setting + 'ENFORCE_PASSWORD_CHECK' to 'True' within Horizons local_settings.py, it + displays an ‘Admin Password’ field on the “Change Password” form to verify + that it is the admin logged-in that wants to perform the password change. + - Enable management of Horizons Password Validation. Enables injection of an + operators own password validation regex via a heat template. + - Enable management of '/etc/issue Banner' whereby an operator can populate + their own Banner warning text to be displayed upon terminal login. + - Enable management of auditd system. '/etc/audit/audit.rules' can now be + populated by means of a heat template. fixes: - Fixes `bug 1645898 <https://bugs.launchpad.net/tripleo/+bug/1645898>`__ so epmd is binded on @@ -93,3 +114,12 @@ fixes: - Fixes `bug 1643487 <https://bugs.launchpad.net/tripleo/+bug/1643487>`__ to prevent source address from binding to a VIP for database connection. + - Fixes `bug 1649836 + <https://bugs.launchpad.net/tripleo/+bug/1649836>`__ to configure + DPDK options to isolate PMD cores and ovs process cores. + - Fixes `bug 1662344 + <https://bugs.launchpad.net/tripleo/+bug/1662344>`__ by stopping + to set bind_address on nova db uri. + This reverts the changes in https://review.openstack.org/414629 for nova as + they are incompatible with cell_v2. + This is a temporary fix for HA while a long-term solution is developed. |