diff options
81 files changed, 878 insertions, 203 deletions
diff --git a/ci/environments/scenario007-multinode.yaml b/ci/environments/scenario007-multinode.yaml index 6db00ef1..dd73f476 100644 --- a/ci/environments/scenario007-multinode.yaml +++ b/ci/environments/scenario007-multinode.yaml @@ -16,7 +16,8 @@ resource_registry: OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN - OS::TripleO::Services::ComputeNeutronCorePlugin: ../../puppet/services/neutron-compute-plugin-ovn.yaml + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None + OS::TripleO::Services::OVNController: ../../puppet/services/ovn-controller.yaml OS::TripleO::Services::OVNDBs: ../../puppet/services/ovn-dbs.yaml parameter_defaults: @@ -34,7 +35,7 @@ parameter_defaults: - OS::TripleO::Services::NeutronServer - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::OVNDBs - - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::OVNController - OS::TripleO::Services::RabbitMQ - OS::TripleO::Services::HAproxy - OS::TripleO::Services::Keepalived diff --git a/common/services.yaml b/common/services.yaml index 350026cc..0bc3462f 100644 --- a/common/services.yaml +++ b/common/services.yaml @@ -35,7 +35,7 @@ parameters: description: Role name on which the service is applied type: string RoleParameters: - description: Role Specific parameters to be provided to service + description: Parameters specific to the role default: {} type: json diff --git a/deployed-server/deployed-server.yaml b/deployed-server/deployed-server.yaml index 16deb7d6..d116e7c6 100644 --- a/deployed-server/deployed-server.yaml +++ b/deployed-server/deployed-server.yaml @@ -9,6 +9,7 @@ parameters: key_name: type: string default: unused + description: Name of keypair to assign to servers security_groups: type: json default: [] diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index 70b43eb1..8afb6d28 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -49,6 +49,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhApiPuppetBase: type: ../../puppet/services/aodh-api.yaml properties: @@ -68,7 +71,10 @@ outputs: - get_attr: [AodhApiPuppetBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [AodhApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index f75c57b3..86bdfdf9 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhEvaluatorBase: type: ../../puppet/services/aodh-evaluator.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [AodhEvaluatorBase, role_data, config_settings] step_config: &step_config - get_attr: [AodhEvaluatorBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhEvaluatorBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhEvaluatorBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index 9db2ffbe..3f986ab2 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhListenerBase: type: ../../puppet/services/aodh-listener.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [AodhListenerBase, role_data, config_settings] step_config: &step_config - get_attr: [AodhListenerBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhListenerBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhListenerBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index c16c0161..852120c9 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + AodhNotifierBase: type: ../../puppet/services/aodh-notifier.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [AodhNotifierBase, role_data, config_settings] step_config: &step_config - get_attr: [AodhNotifierBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [AodhNotifierBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [AodhNotifierBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 58dec1a0..900131c9 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -49,6 +49,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-api.yaml properties: @@ -66,7 +69,10 @@ outputs: service_name: {get_attr: [CinderBase, role_data, service_name]} config_settings: {get_attr: [CinderBase, role_data, config_settings]} step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -154,6 +160,7 @@ outputs: cinder_api_cron: image: *cinder_api_image net: host + user: root privileged: false restart: always volumes: diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml index de637f3b..ad3b43c2 100644 --- a/docker/services/cinder-backup.yaml +++ b/docker/services/cinder-backup.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-backup.yaml properties: @@ -60,7 +63,10 @@ outputs: service_name: {get_attr: [CinderBase, role_data, service_name]} config_settings: {get_attr: [CinderBase, role_data, config_settings]} step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -114,7 +120,6 @@ outputs: - /var/lib/kolla/config_files/cinder_backup.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /dev/:/dev/ - /run/:/run/ diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml index 1bae005c..1ac31874 100644 --- a/docker/services/cinder-scheduler.yaml +++ b/docker/services/cinder-scheduler.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-scheduler.yaml properties: @@ -60,7 +63,10 @@ outputs: service_name: {get_attr: [CinderBase, role_data, service_name]} config_settings: {get_attr: [CinderBase, role_data, config_settings]} step_config: &step_config - get_attr: [CinderBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml index ce81fbf8..eb904c0b 100644 --- a/docker/services/cinder-volume.yaml +++ b/docker/services/cinder-volume.yaml @@ -51,6 +51,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../puppet/services/cinder-volume.yaml properties: @@ -75,6 +78,7 @@ outputs: - "\n" - - "include ::tripleo::profile::base::lvm" - get_attr: [CinderBase, role_data, step_config] + - get_attr: [MySQLClient, role_data, step_config] service_config_settings: {get_attr: [CinderBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -125,7 +129,6 @@ outputs: - /var/lib/kolla/config_files/cinder_volume.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/cinder/:/var/lib/kolla/config_files/src:ro - /var/lib/config-data/puppet-generated/iscsid/:/var/lib/kolla/config_files/src-iscsid:ro - - /var/lib/config-data/puppet-generated/ceph/:/var/lib/kolla/config_files/src-ceph:ro - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - /lib/modules:/lib/modules:ro - /dev/:/dev/ diff --git a/docker/services/congress.yaml b/docker/services/congress.yaml index e49682f9..08170cef 100644 --- a/docker/services/congress.yaml +++ b/docker/services/congress.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + CongressBase: type: ../../puppet/services/congress.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [CongressBase, role_data, config_settings] step_config: &step_config - get_attr: [CongressBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [CongressBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [CongressBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/database/mysql-client.yaml b/docker/services/database/mysql-client.yaml deleted file mode 100644 index d45d58e1..00000000 --- a/docker/services/database/mysql-client.yaml +++ /dev/null @@ -1,62 +0,0 @@ -heat_template_version: pike - -description: > - Configuration for containerized MySQL clients - -parameters: - DockerMysqlClientConfigImage: - description: The container image to use for the mysql_client config_volume - type: string - ServiceData: - default: {} - description: Dictionary packing service data - type: json - ServiceNetMap: - default: {} - description: Mapping of service_name -> network name. Typically set - via parameter_defaults in the resource registry. This - mapping overrides those in ServiceNetMapDefaults. - type: json - DefaultPasswords: - default: {} - type: json - RoleName: - default: '' - description: Role name on which the service is applied - type: string - RoleParameters: - default: {} - description: Parameters specific to the role - type: json - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - EnableInternalTLS: - type: boolean - default: false - InternalTLSCAFile: - default: '/etc/ipa/ca.crt' - type: string - description: Specifies the default CA cert to use if TLS is used for - services in the internal network. - -outputs: - role_data: - description: Role for setting mysql client parameters - value: - service_name: mysql_client - config_settings: - tripleo::profile::base::database::mysql::client::mysql_client_bind_address: {get_param: [ServiceNetMap, MysqlNetwork]} - tripleo::profile::base::database::mysql::client::enable_ssl: {get_param: EnableInternalTLS} - tripleo::profile::base::database::mysql::client::ssl_ca: {get_param: InternalTLSCAFile} - # BEGIN DOCKER SETTINGS # - step_config: "" - puppet_config: - config_volume: mysql_client - puppet_tags: file # set this even though file is the default - step_config: "include ::tripleo::profile::base::database::mysql::client" - config_image: {get_param: DockerMysqlClientConfigImage} - # no need for a docker config, this service only generates configuration files - docker_config: {} diff --git a/docker/services/ec2-api.yaml b/docker/services/ec2-api.yaml index 9f1ecbc1..1d4ddd38 100644 --- a/docker/services/ec2-api.yaml +++ b/docker/services/ec2-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + Ec2ApiPuppetBase: type: ../../puppet/services/ec2-api.yaml properties: @@ -58,7 +61,10 @@ outputs: service_name: {get_attr: [Ec2ApiPuppetBase, role_data, service_name]} config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [Ec2ApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [Ec2ApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [Ec2ApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index f4c724b0..044eb283 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -50,6 +50,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + GlanceApiPuppetBase: type: ../../puppet/services/glance-api.yaml properties: @@ -70,7 +73,10 @@ outputs: - get_attr: [GlanceApiPuppetBase, role_data, config_settings] - glance::api::sync_db: false step_config: &step_config - get_attr: [GlanceApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [GlanceApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [GlanceApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml index 6778543b..5a6958a0 100644 --- a/docker/services/gnocchi-metricd.yaml +++ b/docker/services/gnocchi-metricd.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + GnocchiMetricdBase: type: ../../puppet/services/gnocchi-metricd.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [GnocchiMetricdBase, role_data, service_name]} config_settings: {get_attr: [GnocchiMetricdBase, role_data, config_settings]} step_config: &step_config - get_attr: [GnocchiMetricdBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [GnocchiMetricdBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [GnocchiMetricdBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml index 00d218d2..19e658cd 100644 --- a/docker/services/gnocchi-statsd.yaml +++ b/docker/services/gnocchi-statsd.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + GnocchiStatsdBase: type: ../../puppet/services/gnocchi-statsd.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [GnocchiStatsdBase, role_data, service_name]} config_settings: {get_attr: [GnocchiStatsdBase, role_data, config_settings]} step_config: &step_config - get_attr: [GnocchiStatsdBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [GnocchiStatsdBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [GnocchiStatsdBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml index f080dcb2..2f0584ea 100644 --- a/docker/services/haproxy.yaml +++ b/docker/services/haproxy.yaml @@ -85,6 +85,7 @@ outputs: map_merge: - get_attr: [HAProxyBase, role_data, config_settings] - tripleo::haproxy::haproxy_daemon: false + tripleo::haproxy::haproxy_service_manage: false step_config: &step_config get_attr: [HAProxyBase, role_data, step_config] service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]} @@ -92,7 +93,8 @@ outputs: puppet_config: config_volume: haproxy puppet_tags: haproxy_config - step_config: *step_config + step_config: + "class {'::tripleo::profile::base::haproxy': manage_firewall => false}" config_image: {get_param: DockerHAProxyConfigImage} volumes: &deployed_cert_mount - list_join: @@ -110,10 +112,44 @@ outputs: preserve_properties: true docker_config: step_1: + haproxy_firewall: + detach: false + image: {get_param: DockerHAProxyImage} + net: host + user: root + privileged: true + command: + - '/bin/bash' + - '-c' + - str_replace: + template: + list_join: + - '; ' + - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 1}' > /etc/puppet/hieradata/docker.json" + - "FACTER_uuid=docker puppet apply --tags TAGS -v -e 'CONFIG'" + params: + TAGS: 'tripleo::firewall::rule' + CONFIG: *step_config + volumes: + list_concat: + - {get_attr: [ContainersCommon, volumes]} + - *deployed_cert_mount + - + - /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro + - /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro + # puppet saves iptables rules in /etc/sysconfig + - /etc/sysconfig:/etc/sysconfig:rw + # saving rules require accessing /usr/libexec/iptables/iptables.init, just bind-mount + # the necessary bit and prevent systemd to try to reload the service in the container + - /usr/libexec/iptables:/usr/libexec/iptables:ro + - /usr/libexec/initscripts/legacy-actions:/usr/libexec/initscripts/legacy-actions:ro + - /etc/puppet:/tmp/puppet-etc:ro + - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro + environment: + - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS haproxy: image: {get_param: DockerHAProxyImage} net: host - privileged: false restart: always volumes: list_concat: diff --git a/docker/services/heat-api.yaml b/docker/services/heat-api.yaml index 0bc331ca..9e38b060 100644 --- a/docker/services/heat-api.yaml +++ b/docker/services/heat-api.yaml @@ -133,6 +133,7 @@ outputs: heat_api_cron: image: {get_param: DockerHeatApiImage} net: host + user: root privileged: false restart: always volumes: diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml index 789f3f9d..a20dc131 100644 --- a/docker/services/heat-engine.yaml +++ b/docker/services/heat-engine.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + HeatBase: type: ../../puppet/services/heat-engine.yaml properties: @@ -63,7 +66,10 @@ outputs: - get_attr: [HeatBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [HeatBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [HeatBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [HeatBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/ironic-api.yaml b/docker/services/ironic-api.yaml index 90978f3e..2a9735b5 100644 --- a/docker/services/ironic-api.yaml +++ b/docker/services/ironic-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + IronicApiBase: type: ../../puppet/services/ironic-api.yaml properties: @@ -62,7 +65,10 @@ outputs: - get_attr: [IronicApiBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [IronicApiBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [IronicApiBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [IronicApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/ironic-conductor.yaml b/docker/services/ironic-conductor.yaml index 6368bd23..37f4d46e 100644 --- a/docker/services/ironic-conductor.yaml +++ b/docker/services/ironic-conductor.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + IronicConductorBase: type: ../../puppet/services/ironic-conductor.yaml properties: @@ -69,7 +72,10 @@ outputs: - ironic::pxe::http_root: /var/lib/ironic/httpboot - ironic::conductor::http_root: /var/lib/ironic/httpboot step_config: &step_config - get_attr: [IronicConductorBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [IronicConductorBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [IronicConductorBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml index 7ecfc329..fcc458a2 100644 --- a/docker/services/keystone.yaml +++ b/docker/services/keystone.yaml @@ -55,6 +55,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + KeystoneBase: type: ../../puppet/services/keystone.yaml properties: @@ -83,6 +86,7 @@ outputs: - "\n" - - "['Keystone_user', 'Keystone_endpoint', 'Keystone_domain', 'Keystone_tenant', 'Keystone_user_role', 'Keystone_role', 'Keystone_service'].each |String $val| { noop_resource($val) }" - {get_attr: [KeystoneBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [KeystoneBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: @@ -99,7 +103,9 @@ outputs: merge: true preserve_properties: true /var/lib/kolla/config_files/keystone_cron.json: - command: /usr/sbin/cron -n + # FIXME(dprince): this is unused ATM because Kolla hardcodes the + # args for the keystone container to -DFOREGROUND + command: /usr/sbin/crond -n config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" @@ -164,9 +170,11 @@ outputs: keystone_cron: start_order: 4 image: *keystone_image + user: root net: host privileged: false restart: always + command: ['/bin/bash', '-c', '/usr/local/bin/kolla_set_configs && /usr/sbin/crond -n'] volumes: list_concat: - {get_attr: [ContainersCommon, volumes]} diff --git a/docker/services/manila-api.yaml b/docker/services/manila-api.yaml index c33f4094..7b2dbfaf 100644 --- a/docker/services/manila-api.yaml +++ b/docker/services/manila-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ManilaApiPuppetBase: type: ../../puppet/services/manila-api.yaml properties: @@ -57,7 +60,10 @@ outputs: service_name: {get_attr: [ManilaApiPuppetBase, role_data, service_name]} config_settings: {get_attr: [ManilaApiPuppetBase, role_data, config_settings]} step_config: &step_config - {get_attr: [ManilaApiPuppetBase, role_data, step_config]} + list_join: + - "\n" + - - {get_attr: [ManilaApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ManilaApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/manila-scheduler.yaml b/docker/services/manila-scheduler.yaml index 730d33f6..7b5dfec3 100644 --- a/docker/services/manila-scheduler.yaml +++ b/docker/services/manila-scheduler.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ManilaSchedulerPuppetBase: type: ../../puppet/services/manila-scheduler.yaml properties: @@ -57,7 +60,10 @@ outputs: service_name: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_name]} config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, config_settings]} step_config: &step_config - {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]} + list_join: + - "\n" + - - {get_attr: [ManilaSchedulerPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ManilaSchedulerPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/manila-share.yaml b/docker/services/manila-share.yaml index b4278155..332ba864 100644 --- a/docker/services/manila-share.yaml +++ b/docker/services/manila-share.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ManilaBase: type: ../../puppet/services/manila-share.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [ManilaBase, role_data, service_name]} config_settings: {get_attr: [ManilaBase, role_data, config_settings]} step_config: &step_config - get_attr: [ManilaBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [ManilaBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index 73db3742..38b97aef 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + MistralApiBase: type: ../../puppet/services/mistral-api.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [MistralApiBase, role_data, config_settings] step_config: &step_config - get_attr: [MistralApiBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [MistralApiBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [MistralApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/mistral-engine.yaml b/docker/services/mistral-engine.yaml index 4c6b300d..2b498be3 100644 --- a/docker/services/mistral-engine.yaml +++ b/docker/services/mistral-engine.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + MistralBase: type: ../../puppet/services/mistral-engine.yaml properties: @@ -62,7 +65,10 @@ outputs: map_merge: - get_attr: [MistralBase, role_data, config_settings] step_config: &step_config - get_attr: [MistralBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [MistralBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/mistral-executor.yaml b/docker/services/mistral-executor.yaml index ea54c574..e106fe47 100644 --- a/docker/services/mistral-executor.yaml +++ b/docker/services/mistral-executor.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + MistralBase: type: ../../puppet/services/mistral-executor.yaml properties: @@ -62,7 +65,10 @@ outputs: map_merge: - get_attr: [MistralBase, role_data, config_settings] step_config: &step_config - get_attr: [MistralBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [MistralBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [MistralBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index a9125c8c..b4fce226 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -49,6 +49,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NeutronBase: type: ../../puppet/services/neutron-api.yaml properties: @@ -68,7 +71,10 @@ outputs: map_merge: - get_attr: [NeutronBase, role_data, config_settings] step_config: &step_config - get_attr: [NeutronBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NeutronBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NeutronBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index e830ab96..da461049 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaApiBase: type: ../../puppet/services/nova-api.yaml properties: @@ -69,6 +72,7 @@ outputs: - "\n" - - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }" - {get_attr: [NovaApiBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index c6e848a0..39d1740c 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -47,6 +47,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaComputeBase: type: ../../puppet/services/nova-compute.yaml properties: @@ -66,7 +69,10 @@ outputs: config_settings: get_attr: [NovaComputeBase, role_data, config_settings] step_config: &step_config - get_attr: [NovaComputeBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaComputeBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova_libvirt puppet_tags: nova_config,nova_paste_api_ini diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml index 9f666577..ae737056 100644 --- a/docker/services/nova-conductor.yaml +++ b/docker/services/nova-conductor.yaml @@ -43,6 +43,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaConductorBase: type: ../../puppet/services/nova-conductor.yaml properties: @@ -60,7 +63,10 @@ outputs: service_name: {get_attr: [NovaConductorBase, role_data, service_name]} config_settings: {get_attr: [NovaConductorBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaConductorBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaConductorBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaConductorBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-consoleauth.yaml b/docker/services/nova-consoleauth.yaml index 0d3d1ec9..715a861b 100644 --- a/docker/services/nova-consoleauth.yaml +++ b/docker/services/nova-consoleauth.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaConsoleauthPuppetBase: type: ../../puppet/services/nova-consoleauth.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_name]} config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaConsoleauthPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaConsoleauthPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaConsoleauthPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-ironic.yaml b/docker/services/nova-ironic.yaml index 17068b41..543758a1 100644 --- a/docker/services/nova-ironic.yaml +++ b/docker/services/nova-ironic.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaIronicBase: type: ../../puppet/services/nova-ironic.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaIronicBase, role_data, service_name]} config_settings: {get_attr: [NovaIronicBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaIronicBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaIronicBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova puppet_tags: nova_config,nova_paste_api_ini diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml index 973b0ebb..2f3851a5 100644 --- a/docker/services/nova-libvirt.yaml +++ b/docker/services/nova-libvirt.yaml @@ -74,6 +74,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaLibvirtBase: type: ../../puppet/services/nova-libvirt.yaml properties: @@ -93,7 +96,10 @@ outputs: config_settings: get_attr: [NovaLibvirtBase, role_data, config_settings] step_config: &step_config - get_attr: [NovaLibvirtBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaLibvirtBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} puppet_config: config_volume: nova_libvirt puppet_tags: libvirtd_config,nova_config,file,exec diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index 4c8fafd0..d784ace3 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaPlacementBase: type: ../../puppet/services/nova-placement.yaml properties: @@ -62,7 +65,10 @@ outputs: - get_attr: [NovaPlacementBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [NovaPlacementBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaPlacementBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaPlacementBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml index 5c1aa308..8d8a6358 100644 --- a/docker/services/nova-scheduler.yaml +++ b/docker/services/nova-scheduler.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaSchedulerBase: type: ../../puppet/services/nova-scheduler.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaSchedulerBase, role_data, service_name]} config_settings: {get_attr: [NovaSchedulerBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaSchedulerBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaSchedulerBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaSchedulerBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml index 37831ff7..c5f651d2 100644 --- a/docker/services/nova-vnc-proxy.yaml +++ b/docker/services/nova-vnc-proxy.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + NovaVncProxyPuppetBase: type: ../../puppet/services/nova-vnc-proxy.yaml properties: @@ -59,7 +62,10 @@ outputs: service_name: {get_attr: [NovaVncProxyPuppetBase, role_data, service_name]} config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [NovaVncProxyPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [NovaVncProxyPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [NovaVncProxyPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/octavia-api.yaml b/docker/services/octavia-api.yaml index f5b4baec..86730ebc 100644 --- a/docker/services/octavia-api.yaml +++ b/docker/services/octavia-api.yaml @@ -50,6 +50,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + OctaviaApiPuppetBase: type: ../../puppet/services/octavia-api.yaml properties: @@ -67,7 +70,10 @@ outputs: service_name: {get_attr: [OctaviaApiPuppetBase, role_data, service_name]} config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, config_settings]} step_config: &step_config - get_attr: [OctaviaApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [OctaviaApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [OctaviaApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index 26ae9bca..c6a80efa 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -52,6 +52,9 @@ parameters: resources: + MySQLClient: + type: ../../../puppet/services/database/mysql-client.yaml + CinderBackupBase: type: ../../../puppet/services/cinder-backup.yaml properties: @@ -82,7 +85,11 @@ outputs: puppet_config: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line - step_config: {get_attr: [CinderBackupBase, role_data, step_config]} + step_config: + list_join: + - "\n" + - - {get_attr: [CinderBackupBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_backup.json: diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index 262e999d..3c1b7a74 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -48,6 +48,9 @@ parameters: resources: + MySQLClient: + type: ../../../puppet/services/database/mysql-client.yaml + CinderBase: type: ../../../puppet/services/cinder-volume.yaml properties: @@ -76,7 +79,11 @@ outputs: puppet_config: config_volume: cinder puppet_tags: cinder_config,file,concat,file_line - step_config: {get_attr: [CinderBase, role_data, step_config]} + step_config: + list_join: + - "\n" + - - {get_attr: [CinderBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} config_image: {get_param: DockerCinderConfigImage} kolla_config: /var/lib/kolla/config_files/cinder_volume.json: diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml index ad2fa0f6..01c17388 100644 --- a/docker/services/panko-api.yaml +++ b/docker/services/panko-api.yaml @@ -51,6 +51,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + PankoApiPuppetBase: type: ../../puppet/services/panko-api.yaml properties: @@ -71,7 +74,10 @@ outputs: - get_attr: [PankoApiPuppetBase, role_data, config_settings] - apache::default_vhost: false step_config: &step_config - get_attr: [PankoApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [PankoApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [PankoApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml index bff2fdac..b0c3736c 100644 --- a/docker/services/sahara-api.yaml +++ b/docker/services/sahara-api.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + SaharaApiPuppetBase: type: ../../puppet/services/sahara-api.yaml properties: @@ -60,7 +63,10 @@ outputs: - get_attr: [SaharaApiPuppetBase, role_data, config_settings] - sahara::sync_db: false step_config: &step_config - get_attr: [SaharaApiPuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [SaharaApiPuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [SaharaApiPuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml index 01d4bb9c..b1660296 100644 --- a/docker/services/sahara-engine.yaml +++ b/docker/services/sahara-engine.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + SaharaEnginePuppetBase: type: ../../puppet/services/sahara-engine.yaml properties: @@ -60,7 +63,10 @@ outputs: - get_attr: [SaharaEnginePuppetBase, role_data, config_settings] - sahara::sync_db: false step_config: &step_config - get_attr: [SaharaEnginePuppetBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [SaharaEnginePuppetBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [SaharaEnginePuppetBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS # puppet_config: diff --git a/docker/services/tacker.yaml b/docker/services/tacker.yaml index cdcb4d2a..1b7d78ca 100644 --- a/docker/services/tacker.yaml +++ b/docker/services/tacker.yaml @@ -42,6 +42,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + TackerBase: type: ../../puppet/services/tacker.yaml properties: @@ -61,7 +64,10 @@ outputs: map_merge: - get_attr: [TackerBase, role_data, config_settings] step_config: &step_config - get_attr: [TackerBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [TackerBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [TackerBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/docker/services/zaqar.yaml b/docker/services/zaqar.yaml index df57ad6a..072c6759 100644 --- a/docker/services/zaqar.yaml +++ b/docker/services/zaqar.yaml @@ -53,6 +53,9 @@ resources: ContainersCommon: type: ./containers-common.yaml + MySQLClient: + type: ../../puppet/services/database/mysql-client.yaml + ZaqarBase: type: ../../puppet/services/zaqar.yaml properties: @@ -71,7 +74,10 @@ outputs: service_name: {get_attr: [ZaqarBase, role_data, service_name]} config_settings: {get_attr: [ZaqarBase, role_data, config_settings]} step_config: &step_config - get_attr: [ZaqarBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [ZaqarBase, role_data, step_config]} + - {get_attr: [MySQLClient, role_data, step_config]} service_config_settings: {get_attr: [ZaqarBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/environments/docker.yaml b/environments/docker.yaml index a7504611..336a0b3c 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -32,8 +32,8 @@ resource_registry: OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml OS::TripleO::Services::NeutronL3Agent: ../docker/services/neutron-l3.yaml + OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml - OS::TripleO::Services::MySQLClient: ../docker/services/database/mysql-client.yaml OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml OS::TripleO::Services::MongoDb: ../docker/services/database/mongodb.yaml OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml @@ -51,7 +51,7 @@ resource_registry: OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml OS::TripleO::Services::CeilometerAgentCentral: ../docker/services/ceilometer-agent-central.yaml OS::TripleO::Services::CeilometerAgentIpmi: ../docker/services/ceilometer-agent-ipmi.yaml - OS::TripleO::Services::CeilometerAgentCompute: ../docker/services/ceilometer-agent-compute.yaml + OS::TripleO::Services::ComputeCeilometerAgent: ../docker/services/ceilometer-agent-compute.yaml OS::TripleO::Services::CeilometerAgentNotification: ../docker/services/ceilometer-agent-notification.yaml OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml index d1970d64..834c4f10 100644 --- a/environments/hyperconverged-ceph.yaml +++ b/environments/hyperconverged-ceph.yaml @@ -39,3 +39,4 @@ parameter_defaults: - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Docker - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::OVNController diff --git a/environments/network-isolation.j2.yaml b/environments/network-isolation.j2.yaml index 6a7318fc..1b792afd 100644 --- a/environments/network-isolation.j2.yaml +++ b/environments/network-isolation.j2.yaml @@ -17,7 +17,7 @@ resource_registry: {%- endfor %} # Port assignments for the VIPs - {%- for network in networks if network.vip %} + {%- for network in networks if network.vip and network.enabled|default(true) %} OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml {%- endfor %} OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml diff --git a/environments/neutron-ml2-ovn-ha.yaml b/environments/neutron-ml2-ovn-ha.yaml index c592d576..a9f732b2 100644 --- a/environments/neutron-ml2-ovn-ha.yaml +++ b/environments/neutron-ml2-ovn-ha.yaml @@ -2,14 +2,15 @@ # extensions, configured via puppet resource_registry: OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN - OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml + OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml OS::TripleO::Services::OVNDBs: ../puppet/services/pacemaker/ovn-dbs.yaml # Disabling Neutron services that overlap with OVN - OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None - OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None parameter_defaults: NeutronMechanismDrivers: ovn diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml index 7483bdbb..7322b05c 100644 --- a/environments/neutron-ml2-ovn.yaml +++ b/environments/neutron-ml2-ovn.yaml @@ -1,15 +1,16 @@ # A Heat environment file which can be used to enable OVN # extensions, configured via puppet resource_registry: - OS::TripleO::Services::NeutronL3Agent: OS::Heat::None - OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None - OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None OS::TripleO::Services::NeutronCorePlugin: OS::TripleO::Services::NeutronCorePluginML2OVN - OS::TripleO::Services::ComputeNeutronCorePlugin: ../puppet/services/neutron-compute-plugin-ovn.yaml + OS::TripleO::Services::OVNController: ../puppet/services/ovn-controller.yaml + OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml # Disabling Neutron services that overlap with OVN - OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::NeutronOvsAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None - OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml + OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None + OS::TripleO::Services::NeutronL3Agent: OS::Heat::None + OS::TripleO::Services::NeutronMetadataAgent: OS::Heat::None + OS::TripleO::Services::ComputeNeutronCorePlugin: OS::Heat::None parameter_defaults: NeutronMechanismDrivers: ovn diff --git a/extraconfig/pre_network/contrail/compute_pre_network.yaml b/extraconfig/pre_network/contrail/compute_pre_network.yaml index a30330f9..69e89f87 100644 --- a/extraconfig/pre_network/contrail/compute_pre_network.yaml +++ b/extraconfig/pre_network/contrail/compute_pre_network.yaml @@ -34,7 +34,7 @@ parameters: type: string RoleParameters: type: json - description: Role Specific parameters + description: Parameters specific to the role default: {} ServiceNames: type: comma_delimited_list diff --git a/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml b/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml index 623eb7e0..4b3c673c 100644 --- a/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml +++ b/extraconfig/pre_network/contrail/contrail_dpdk_pre_network.yaml @@ -38,7 +38,7 @@ parameters: type: string RoleParameters: type: json - description: Role Specific parameters + description: Parameters specific to the role default: {} ServiceNames: type: comma_delimited_list diff --git a/extraconfig/pre_network/host_config_and_reboot.yaml b/extraconfig/pre_network/host_config_and_reboot.yaml index 2f5fcdf7..87dbeaec 100644 --- a/extraconfig/pre_network/host_config_and_reboot.yaml +++ b/extraconfig/pre_network/host_config_and_reboot.yaml @@ -9,7 +9,7 @@ parameters: type: string RoleParameters: type: json - description: Role Specific parameters + description: Parameters specific to the role default: {} ServiceNames: type: comma_delimited_list @@ -55,6 +55,21 @@ parameters: - allowed_pattern: "[0-9,-]*" type: string default: "" + deployment_actions: + default: ['CREATE', 'UPDATE'] + type: comma_delimited_list + description: > + List of stack actions that will trigger any deployments in this + templates. The actions will be an empty list of the server is in the + toplevel DeploymentServerBlacklist parameter's value. + EnableDpdkDeploymentActions: + default: ['CREATE'] + type: comma_delimited_list + description: > + Exposing the DPDK deployment action, it may be required to run DPDK + config during an upgrade. By default DPDK will be enabled during the + CREATE action only. But on cases when it requires for certain migration, + it may be required to run it for UPDATE action too. # DEPRECATED: the following options are deprecated and are currently maintained # for backwards compatibility. They will be removed in the Queens cycle. HostCpusList: @@ -79,13 +94,6 @@ parameters: default: '' description: Memory allocated for each socket type: string - deployment_actions: - default: ['CREATE', 'UPDATE'] - type: comma_delimited_list - description: > - List of stack actions that will trigger any deployments in this - templates. The actions will be an empty list of the server is in the - toplevel DeploymentServerBlacklist parameter's value. conditions: is_host_config_required: {not: {equals: [{get_param: [RoleParameters, KernelArgs]}, ""]}} @@ -159,6 +167,40 @@ resources: _TUNED_PROFILE_NAME_: {get_param: [RoleParameters, TunedProfileName]} _TUNED_CORES_: {get_param: [RoleParameters, IsolCpusList]} + RebootConfig: + type: OS::Heat::SoftwareConfig + condition: is_reboot_config_required + properties: + group: script + config: | + #!/bin/bash + # Stop os-collect-config to avoid any race collecting another + # deployment before reboot happens + systemctl stop os-collect-config.service + /sbin/reboot + + RebootDeployment: + type: OS::Heat::SoftwareDeployment + depends_on: HostParametersDeployment + condition: is_reboot_config_required + properties: + name: RebootDeployment + server: {get_param: server} + config: {get_resource: RebootConfig} + actions: + if: + - deployment_actions_empty + - [] + - ['CREATE'] # Only do this on CREATE + signal_transport: NO_SIGNAL + + # With OvS2.7 (which is default with pike), ovs-vswitchd will start dpdk + # immediately after setting dpdk-init (behaviour change from ovs2.6). + # Starting of DPDK require the huge page configuration to be enabled. So + # reboot will happen before DPDK config and we don't need an explicity + # restart after dpdk-init as true because of the behavior change. + # TODO(skramaja): Dependency is that till the service file workaround, is + # maintained, restart of ovs is required. EnableDpdkConfig: type: OS::Heat::SoftwareConfig condition: is_dpdk_config_required @@ -194,6 +236,8 @@ resources: sed -i 's/start_daemon \"\$OVS_VSWITCHD_PRIORITY\"/umask 0002 \&\& start_daemon \"$OVS_VSWITCHD_PRIORITY\"/' $ovs_ctl_path fi + systemctl daemon-reload + systemctl restart openvswitch # DO NOT use --detailed-exitcodes puppet apply --logdest console \ @@ -215,6 +259,7 @@ resources: EnableDpdkDeployment: type: OS::Heat::SoftwareDeployment condition: is_dpdk_config_required + depends_on: RebootDeployment properties: name: EnableDpdkDeployment server: {get_param: server} @@ -223,34 +268,7 @@ resources: if: - deployment_actions_empty - [] - - ['CREATE'] # Only do this on CREATE - - RebootConfig: - type: OS::Heat::SoftwareConfig - condition: is_reboot_config_required - properties: - group: script - config: | - #!/bin/bash - # Stop os-collect-config to avoid any race collecting another - # deployment before reboot happens - systemctl stop os-collect-config.service - /sbin/reboot - - RebootDeployment: - type: OS::Heat::SoftwareDeployment - depends_on: HostParametersDeployment - condition: is_reboot_config_required - properties: - name: RebootDeployment - server: {get_param: server} - config: {get_resource: RebootConfig} - actions: - if: - - deployment_actions_empty - - [] - - ['CREATE'] # Only do this on CREATE - signal_transport: NO_SIGNAL + - {get_param: EnableDpdkDeploymentActions} outputs: result: diff --git a/extraconfig/tasks/tripleo_upgrade_node.sh b/extraconfig/tasks/tripleo_upgrade_node.sh index 1114897f..af49d49d 100644 --- a/extraconfig/tasks/tripleo_upgrade_node.sh +++ b/extraconfig/tasks/tripleo_upgrade_node.sh @@ -51,6 +51,10 @@ if [[ -n \$NOVA_COMPUTE ]]; then log_debug "Restarting openstack ceilometer agent compute" systemctl restart openstack-ceilometer-compute yum install -y openstack-nova-migration + # https://bugs.launchpad.net/tripleo/+bug/1707926 stop&disable libvirtd + log_debug "Stop and disable libvirtd service for upgrade to containers" + systemctl stop libvirtd + systemctl disable libvirtd fi # Apply puppet manifest to converge just right after the ${ROLE} upgrade diff --git a/j2_excludes.yaml b/j2_excludes.yaml index 063e63d4..356068fc 100644 --- a/j2_excludes.yaml +++ b/j2_excludes.yaml @@ -8,3 +8,39 @@ name: - puppet/blockstorage-role.yaml - puppet/objectstorage-role.yaml - puppet/cephstorage-role.yaml + - network/internal_api.yaml + - network/external.yaml + - network/storage.yaml + - network/storage_mgmt.yaml + - network/tenant.yaml + - network/management.yaml + - network/internal_api_v6.yaml + - network/external_v6.yaml + - network/storage_v6.yaml + - network/storage_mgmt_v6.yaml + - network/tenant_v6.yaml + - network/management_v6.yaml + - network/ports/internal_api.yaml + - network/ports/external.yaml + - network/ports/storage.yaml + - network/ports/storage_mgmt.yaml + - network/ports/tenant.yaml + - network/ports/management.yaml + - network/ports/internal_api_v6.yaml + - network/ports/external_v6.yaml + - network/ports/storage_v6.yaml + - network/ports/storage_mgmt_v6.yaml + - network/ports/tenant_v6.yaml + - network/ports/management_v6.yaml + - network/ports/internal_api_from_pool.yaml + - network/ports/external_from_pool.yaml + - network/ports/storage_from_pool.yaml + - network/ports/storage_mgmt_from_pool.yaml + - network/ports/tenant_from_pool.yaml + - network/ports/management_from_pool.yaml + - network/ports/internal_api_from_pool_v6.yaml + - network/ports/external_from_pool_v6.yaml + - network/ports/storage_from_pool_v6.yaml + - network/ports/storage_mgmt_from_pool_v6.yaml + - network/ports/tenant_from_pool_v6.yaml + - network/ports/management_from_pool_v6.yaml diff --git a/network/network.network.j2.yaml b/network/network.network.j2.yaml new file mode 100644 index 00000000..2c223c16 --- /dev/null +++ b/network/network.network.j2.yaml @@ -0,0 +1,92 @@ +heat_template_version: pike + +description: > + {{network.name}} network definition (automatically generated). + +parameters: + # the defaults here work for static IP assignment (IPAM) only + {{network.name}}NetCidr: + default: {{network.ip_subnet|default("")}} + description: Cidr for the {{network.name_lower}} network. + type: string + {{network.name}}NetValueSpecs: + default: {'provider:physical_network': '{{network.name_lower}}', 'provider:network_type': 'flat'} + description: Value specs for the {{network.name_lower}} network. + type: json + {{network.name}}NetAdminStateUp: + default: false + description: This admin state of the network. + type: boolean + {{network.name}}NetEnableDHCP: + default: false + description: Whether to enable DHCP on the associated subnet. + type: boolean + {{network.name}}NetShared: + default: false + description: Whether this network is shared across all tenants. + type: boolean + {{network.name}}NetName: + default: {{network.name_lower}} + description: The name of the {{network.name_lower}} network. + type: string + {{network.name}}SubnetName: + default: {{network.name_lower}}_subnet + description: The name of the {{network.name_lower}} subnet in Neutron. + type: string + {{network.name}}AllocationPools: + default: {{network.allocation_pools|default([])}} + description: Ip allocation pool range for the {{network.name_lower}} network. + type: json + {{network.name}}InterfaceDefaultRoute: + default: {{network.gateway_ip|default("not_defined")}} + description: default route for the {{network.name_lower}} network + type: string +{%- if network.vlan %} + {{network.name}}NetworkVlanID: + default: {{network.vlan}} + description: Vlan ID for the {{network.name}} network traffic. + type: number +{%- endif %} +{%- if network.ipv6 %} + IPv6AddressMode: + default: dhcpv6-stateful + description: Neutron subnet IPv6 address mode + type: string + IPv6RAMode: + default: dhcpv6-stateful + description: Neutron subnet IPv6 router advertisement mode + type: string +{%- endif %} + +resources: + {{network.name}}Network: + type: OS::Neutron::Net + properties: + admin_state_up: {get_param: {{network.name}}NetAdminStateUp} + name: {get_param: {{network.name}}NetName} + shared: {get_param: {{network.name}}NetShared} + value_specs: {get_param: {{network.name}}NetValueSpecs} + + {{network.name}}Subnet: + type: OS::Neutron::Subnet + properties: + cidr: {get_param: {{network.name}}NetCidr} + name: {get_param: {{network.name}}SubnetName} + network: {get_resource: {{network.name}}Network} + allocation_pools: {get_param: {{network.name}}AllocationPools} + gateway_ip: {get_param: {{network.name}}InterfaceDefaultRoute} +{%- if network.ipv6 %} + ip_version: 6 + ipv6_address_mode: {get_param: IPv6AddressMode} + ipv6_ra_mode: {get_param: IPv6RAMode} +{%- else %} + enable_dhcp: {get_param: {{network.name}}NetEnableDHCP} +{%- endif %} + +outputs: + OS::stack_id: + description: {{network.name_lower}} network + value: {get_resource: {{network.name}}Network} + subnet_cidr: + value: {get_attr: {{network.name}}Subnet, cidr} + diff --git a/network/networks.j2.yaml b/network/networks.j2.yaml index 5aec597a..c790d370 100644 --- a/network/networks.j2.yaml +++ b/network/networks.j2.yaml @@ -5,11 +5,7 @@ description: Create networks to split out Overcloud traffic resources: {%- for network in networks %} - {%- if network.name != 'InternalApi' %} {{network.name}}Network: - {%- else %} - InternalNetwork: - {%- endif %} type: OS::TripleO::Network::{{network.name}} {%- endfor %} @@ -23,15 +19,8 @@ outputs: # NOTE(gfidente): we need to replace the null value with a # string to work around https://bugs.launchpad.net/heat/+bug/1700025 {%- for network in networks %} - {%- if network.name != 'InternalApi' %} {{network.name_lower}}: yaql: data: {get_attr: [{{network.name}}Network, subnet_cidr]} expression: str($.data).replace('null', 'disabled') - {%- else %} - {{network.name_lower}}: - yaql: - data: {get_attr: [InternalNetwork, subnet_cidr]} - expression: str($.data).replace('null', 'disabled') - {%- endif %} {%- endfor %} diff --git a/network/ports/port.network.j2.yaml b/network/ports/port.network.j2.yaml new file mode 100644 index 00000000..ded3e798 --- /dev/null +++ b/network/ports/port.network.j2.yaml @@ -0,0 +1,72 @@ +heat_template_version: pike + +description: > + Creates a port on the {{network.name}} network. The IP address will be chosen + automatically if FixedIPs is empty. + +parameters: + {{network.name}}NetName: + description: Name of the {{network.name_lower}} neutron network + default: {{network.name_lower|default(network.name|lower)}} + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatibility with noop.yaml + description: IP address on the control plane + default: '' + type: string + ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml + description: The name of the undercloud Neutron control plane + default: ctlplane + type: string + FixedIPs: + description: > + Control the IP allocation for the VIP port. E.g. + [{'ip_address':'1.2.3.4'}] + default: [] + type: json + IPPool: # Here for compatibility with from_pool.yaml + default: {} + type: json + NodeIndex: # Here for compatibility with from_pool.yaml + default: 0 + type: number + +resources: + + {{network.name}}Port: + type: OS::Neutron::Port + properties: + network: {get_param: {{network.name}}NetName} + name: {get_param: PortName} + fixed_ips: {get_param: FixedIPs} + replacement_policy: AUTO + +outputs: + ip_address: + description: {{network.name}} network IP + value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} + ip_address_uri: +{%- if network.ipv6 %} + description: {{network.name}} network IP (with brackets for IPv6 URLs) + value: + list_join: + - '' + - - '[' + - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} + - ']' +{%- else %} + description: {{network.name}} network IP (for compatibility with IPv6 URLs) + value: {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} +{%- endif %} + ip_subnet: + description: IP/Subnet CIDR for the {{network.name}} network IP + value: + list_join: + - '' + - - {get_attr: [{{network.name}}Port, fixed_ips, 0, ip_address]} + - '/' + - {str_split: ['/', {get_attr: [{{network.name}}Port, subnets, 0, cidr]}, 1]} + diff --git a/network/ports/port_from_pool.network.j2.yaml b/network/ports/port_from_pool.network.j2.yaml new file mode 100644 index 00000000..9c08ec76 --- /dev/null +++ b/network/ports/port_from_pool.network.j2.yaml @@ -0,0 +1,65 @@ +heat_template_version: pike + +description: > + Creates a port on the {{network.name}} network, using a map of IPs per role. + Each role has a map of IPs in <Role>IPs parameters, with a list of IPs by + network (lower_name or lower case). For example: + ControllerIPs: + external: + - 1.2.3.4 # First controller + - 1.2.3.5 # Second controller + +parameters: + {{network.name}}NetName: + description: Name of the {{network.name}} neutron network + default: {{network.name_lower}} + type: string + PortName: + description: Name of the port + default: '' + type: string + ControlPlaneIP: # Here for compatibility with noop.yaml + description: IP address on the control plane + default: '' + type: string + ControlPlaneNetwork: # Here for compatibility with ctlplane_vip.yaml + description: The name of the undercloud Neutron control plane + default: ctlplane + type: string + IPPool: # Set in <Role>IPs map, see environments/ips-from-pool-all.yaml + default: {} + type: json + NodeIndex: # First node in the role will get first IP, and so on... + default: 0 + type: number + {{network.name}}NetCidr: + default: {{network.ip_subnet}} + description: Cidr for the {{network.name_lower}} network. + type: string + +outputs: + ip_address: + description: {{network.name}} network IP + value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + ip_address_uri: +{%- if network.ipv6 %} + description: {{network.name}} network IP (with brackets for IPv6 URLs) + value: + list_join: + - '' + - - '[' + - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + - ']' +{%- else %} + description: {{network.name}} network IP (for compatibility with {{network.name_lower}}_v6.yaml) + value: {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} +{%- endif %} + ip_subnet: + description: IP/Subnet CIDR for the {{network.name}} network IP + value: + list_join: + - '' + - - {get_param: [IPPool, {get_param: {{network.name}}NetName}, {get_param: NodeIndex}]} + - '/' + - {str_split: ['/', {get_param: {{network.name}}NetCidr}, 1]} + diff --git a/network_data.yaml b/network_data.yaml index 23c231f9..947769ae 100644 --- a/network_data.yaml +++ b/network_data.yaml @@ -5,30 +5,59 @@ # name: Name of the network (mandatory) # name_lower: lowercase version of name used for filenames # (optional, defaults to name.lower()) -# vlan: vlan for the network (optional) -# gateway: gateway for the network (optional) # enabled: Is the network enabled (optional, defaults to true) +# ipv6: Does this network use IPv6 IPs? (optional, defaults to false) +# (optional, may use parameter defaults in environment to set) +# vlan: vlan for the network (optional) # vip: Enable creation of a virtual IP on this network -# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports, to support -# VIPs on non-default networks. See https://bugs.launchpad.net/tripleo/+bug/1667104 +# [TODO] (dsneddon@redhat.com) - Enable dynamic creation of VIP ports, +# to support VIPs on non-default networks. +# See https://bugs.launchpad.net/tripleo/+bug/1667104 +# ip_subnet: IP/CIDR, e.g. '192.168.24.0/24' (optional, may use parameter defaults) +# allocation_pools: IP range list e.g. [{'start':'10.0.0.4', 'end':'10.0.0.250}] +# gateway_ip: gateway for the network (optional, may use parameter defaults) +# NOTE: IP-related values set parameter defaults in templates, may be overridden. +# +# Example: +# - name Example +# vip: false +# ip_subnet: '10.0.2.0/24' +# allocation_pools: [{'start': '10.0.2.4', 'end': '10.0.2.250'}] +# gateway_ip: '10.0.2.254' # +# TODO (dsneddon) remove existing templates from j2_excludes.yaml +# and generate all templates dynamically. + - name: External vip: true name_lower: external + ip_subnet: '10.0.0.0/24' + allocation_pools: [{'start': '10.0.0.4', 'end': '10.0.0.250'}] + gateway_ip: '10.0.0.1' - name: InternalApi name_lower: internal_api vip: true + ip_subnet: '172.16.2.0/24' + allocation_pools: [{'start': '172.16.2.4', 'end': '172.16.2.250'}] - name: Storage vip: true name_lower: storage + ip_subnet: '172.16.1.0/24' + allocation_pools: [{'start': '172.16.1.4', 'end': '172.16.1.250'}] - name: StorageMgmt name_lower: storage_mgmt vip: true + ip_subnet: '172.16.3.0/24' + allocation_pools: [{'start': '172.16.3.4', 'end': '172.16.3.250'}] - name: Tenant vip: false # Tenant network does not use VIPs name_lower: tenant + ip_subnet: '172.16.0.0/24' + allocation_pools: [{'start': '172.16.0.4', 'end': '172.16.0.250'}] - name: Management # Management network is disabled by default enabled: false vip: false # Management network does not use VIPs name_lower: management + ip_subnet: '10.0.1.0/24' + allocation_pools: [{'start': '10.0.1.4', 'end': '10.0.1.250'}] diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 2dcc7f00..0d3b875a 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -156,6 +156,7 @@ resource_registry: OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml OS::TripleO::Services::NeutronCorePluginNSX: puppet/services/neutron-plugin-nsx.yaml OS::TripleO::Services::OVNDBs: OS::Heat::None + OS::TripleO::Services::OVNController: OS::Heat::None OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 7d58d1da..de7b6b49 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -141,7 +141,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 48e5b97a..ce44fd68 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -147,7 +147,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 3ad6f745..af45793e 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -159,7 +159,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 933b5e60..38589a4e 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -173,7 +173,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index a03a9da5..10e56450 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -141,7 +141,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 18707b9a..23d8896e 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -180,7 +180,7 @@ parameters: parameter is generated from the parent template. RoleParameters: type: json - description: Role Specific Parameters + description: Parameters specific to the role default: {} DeploymentSwiftDataMap: type: json diff --git a/puppet/services/ceilometer-agent-compute.yaml b/puppet/services/ceilometer-agent-compute.yaml index 3cf51519..27bc50f3 100644 --- a/puppet/services/ceilometer-agent-compute.yaml +++ b/puppet/services/ceilometer-agent-compute.yaml @@ -39,6 +39,10 @@ parameters: type: string constraints: - allowed_values: ['naive', 'libvirt_metadata', 'workload_partitioning'] + RedisPassword: + description: The password for the redis service account. + type: string + hidden: true resources: CeilometerServiceBase: @@ -61,6 +65,7 @@ outputs: map_merge: - get_attr: [CeilometerServiceBase, role_data, config_settings] - ceilometer::agent::compute::instance_discovery_method: {get_param: InstanceDiscoveryMethod} + - ceilometer_redis_password: {get_param: RedisPassword} compute_namespace: true service_config_settings: get_attr: [CeilometerServiceBase, role_data, service_config_settings] diff --git a/puppet/services/iscsid.yaml b/puppet/services/iscsid.yaml index 9510df3b..222977e9 100644 --- a/puppet/services/iscsid.yaml +++ b/puppet/services/iscsid.yaml @@ -36,6 +36,6 @@ outputs: description: Role data for iscsid value: service_name: iscsid - config_setting: {} + config_settings: {} step_config: | include ::tripleo::profile::base::iscsid diff --git a/puppet/services/neutron-compute-plugin-ovn.yaml b/puppet/services/ovn-controller.yaml index dfd87eda..fbc5559a 100644 --- a/puppet/services/neutron-compute-plugin-ovn.yaml +++ b/puppet/services/ovn-controller.yaml @@ -1,7 +1,7 @@ heat_template_version: pike description: > - OpenStack Neutron Compute OVN agent + OpenStack OVN Controller agent parameters: EndpointMap: @@ -52,16 +52,16 @@ parameters: outputs: role_data: - description: Role data for the Neutron Compute OVN agent + description: Role data for the OVN Controller agent value: - service_name: neutron_compute_plugin_ovn + service_name: ovn_controller config_settings: ovn::southbound::port: {get_param: OVNSouthboundServerPort} ovn::controller::ovn_encap_type: {get_param: OVNTunnelEncapType} ovn::controller::ovn_encap_ip: {get_param: [ServiceNetMap, NeutronApiNetwork]} ovn::controller::ovn_bridge_mappings: {get_param: NeutronBridgeMappings} nova::compute::force_config_drive: true - tripleo.neutron_compute_plugin_ovn.firewall_rules: + tripleo.ovn_controller.firewall_rules: '118 neutron vxlan networks': proto: 'udp' dport: 4789 @@ -70,3 +70,17 @@ outputs: dport: 6081 step_config: | include ::tripleo::profile::base::neutron::agents::ovn + upgrade_tasks: + - name: Check if ovn_controller is deployed + command: systemctl is-enabled ovn-controller + tags: common + ignore_errors: True + register: ovn_controller_enabled + - name: "PreUpgrade step0,validation: Check service ovn-controller is running" + shell: /usr/bin/systemctl show 'ovn-controller' --property ActiveState | grep '\bactive\b' + when: ovn_controller_enabled.rc == 0 + tags: step0,validation + - name: Stop ovn-controller service + tags: step1 + when: ovn_controller_enabled.rc == 0 + service: name=ovn-controller state=stopped diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml index f6f3e3c8..2b98008b 100644 --- a/puppet/services/ovn-dbs.yaml +++ b/puppet/services/ovn-dbs.yaml @@ -57,3 +57,17 @@ outputs: - {get_param: OVNSouthboundServerPort} step_config: | include ::tripleo::profile::base::neutron::ovn_northd + upgrade_tasks: + - name: Check if ovn_northd is deployed + command: systemctl is-enabled ovn-northd + tags: common + ignore_errors: True + register: ovn_northd_enabled + - name: "PreUpgrade step0,validation: Check service ovn-northd is running" + shell: /usr/bin/systemctl show 'ovn-northd' --property ActiveState | grep '\bactive\b' + when: ovn_northd_enabled.rc == 0 + tags: step0,validation + - name: Stop ovn-northd service + tags: step1 + when: ovn_northd_enabled.rc == 0 + service: name=ovn-northd state=stopped diff --git a/releasenotes/notes/ovs-2-7-support-for-dpdk-fe665cf9c6b0a750.yaml b/releasenotes/notes/ovs-2-7-support-for-dpdk-fe665cf9c6b0a750.yaml new file mode 100644 index 00000000..23f482a1 --- /dev/null +++ b/releasenotes/notes/ovs-2-7-support-for-dpdk-fe665cf9c6b0a750.yaml @@ -0,0 +1,5 @@ +--- +features: + - Added support for DPDK with OvS2.7, which requires huge page + configuration (with reboot) to be available before enabling DPDK. + diff --git a/roles/Compute.yaml b/roles/Compute.yaml index ec9e3698..56daa864 100644 --- a/roles/Compute.yaml +++ b/roles/Compute.yaml @@ -45,3 +45,4 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController diff --git a/roles/ComputeHCI.yaml b/roles/ComputeHCI.yaml index a1342dc6..0e8a90b7 100644 --- a/roles/ComputeHCI.yaml +++ b/roles/ComputeHCI.yaml @@ -45,3 +45,4 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController diff --git a/roles/Controller.yaml b/roles/Controller.yaml index c97f7a78..d702a63d 100644 --- a/roles/Controller.yaml +++ b/roles/Controller.yaml @@ -109,6 +109,7 @@ - OS::TripleO::Services::OpenDaylightApi - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - OS::TripleO::Services::RabbitMQ diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml index 398736ae..10d76dd7 100644 --- a/roles/ControllerOpenstack.yaml +++ b/roles/ControllerOpenstack.yaml @@ -86,6 +86,7 @@ - OS::TripleO::Services::OpenDaylightApi - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - OS::TripleO::Services::Redis diff --git a/roles_data.yaml b/roles_data.yaml index 59187183..0d6c8035 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -112,6 +112,7 @@ - OS::TripleO::Services::OpenDaylightApi - OS::TripleO::Services::OpenDaylightOvs - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::PankoApi - OS::TripleO::Services::RabbitMQ @@ -179,6 +180,7 @@ - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::Tuned - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController ############################################################################### # Role: BlockStorage # ############################################################################### diff --git a/tools/process-templates.py b/tools/process-templates.py index badc1426..07c27bad 100755 --- a/tools/process-templates.py +++ b/tools/process-templates.py @@ -96,6 +96,16 @@ def process_templates(template_path, role_data_path, output_dir, r_map = {} for r in role_data: r_map[r.get('name')] = r + + n_map = {} + for n in network_data: + if (n.get('enabled') is not False): + n_map[n.get('name')] = n + if not n.get('name_lower'): + n_map[n.get('name')]['name_lower'] = n.get('name').lower() + else: + print("skipping %s network: network is disabled" % n.get('name')) + excl_templates = ['%s/%s' % (template_path, e) for e in j2_excludes.get('name')] @@ -126,10 +136,13 @@ def process_templates(template_path, role_data_path, output_dir, for f in files: file_path = os.path.join(subdir, f) - # We do two templating passes here: + # We do three templating passes here: # 1. *.role.j2.yaml - we template just the role name # and create multiple files (one per role) - # 2. *.j2.yaml - we template with all roles_data, + # 2 *.network.j2.yaml - we template the network name and + # data and create multiple files for networks and + # network ports (one per network) + # 3. *.j2.yaml - we template with all roles_data, # and create one file common to all roles if f.endswith('.role.j2.yaml'): print("jinja2 rendering role template %s" % f) @@ -167,6 +180,30 @@ def process_templates(template_path, role_data_path, output_dir, else: print('skipping rendering of %s' % out_f_path) + + elif f.endswith('.network.j2.yaml'): + print("jinja2 rendering network template %s" % f) + with open(file_path) as j2_template: + template_data = j2_template.read() + print("jinja2 rendering networks %s" % ",".join(n_map)) + for network in n_map: + j2_data = {'network': n_map[network]} + # Output file names in "<name>.yaml" format + out_f = os.path.basename(f).replace('.network.j2.yaml', + '.yaml') + if os.path.dirname(file_path).endswith('ports'): + out_f = out_f.replace('port', + n_map[network]['name_lower']) + else: + out_f = out_f.replace('network', + n_map[network]['name_lower']) + out_f_path = os.path.join(out_dir, out_f) + if not (out_f_path in excl_templates): + _j2_render_to_file(template_data, j2_data, + out_f_path) + else: + print('skipping rendering of %s' % out_f_path) + elif f.endswith('.j2.yaml'): print("jinja2 rendering normal template %s" % f) with open(file_path) as j2_template: diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index 374cd6e3..ccaa5bde 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -58,6 +58,7 @@ PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'], 'TenantAllocationPools': ['default'], 'InternalApiNetCidr': ['default'], 'UpdateIdentifier': ['description'], + 'key_name': ['default'], # TODO(bnemec): Address these existing # inconsistencies. 'NeutronMetadataProxySharedSecret': [ @@ -111,7 +112,6 @@ PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'], 'StorageNetName': ['description'], 'ManagementNetName': ['description'], 'NeutronPublicInterface': ['description'], - 'RoleParameters': ['description'], 'ManagementInterfaceDefaultRoute': ['default'], 'image': ['description', 'default'], @@ -126,7 +126,6 @@ PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'], 'replacement_policy': ['default'], 'StorageMgmtIpSubnet': ['description'], 'CloudDomain': ['description', 'default'], - 'key_name': ['default', 'description'], 'EnableLoadBalancer': ['description'], 'ControllerExtraConfig': ['description'], 'NovaComputeExtraConfig': ['description'], @@ -207,6 +206,22 @@ def validate_hci_computehci_role(hci_role_filename, hci_role_tpl): return 0 +def search(item, check_item, check_key): + if check_item(item): + return True + elif isinstance(item, list): + for i in item: + if search(i, check_item, check_key): + return True + elif isinstance(item, dict): + for k in item.keys(): + if check_key(k, item[k]): + return True + elif search(item[k], check_item, check_key): + return True + return False + + def validate_mysql_connection(settings): no_op = lambda *args: False error_status = [0] @@ -228,25 +243,69 @@ def validate_mysql_connection(settings): error_status[0] = 1 return False - def search(item, check_item, check_key): - if check_item(item): - return True - elif isinstance(item, list): - for i in item: - if search(i, check_item, check_key): - return True - elif isinstance(item, dict): - for k in item.keys(): - if check_key(k, item[k]): - return True - elif search(item[k], check_item, check_key): - return True - return False - search(settings, no_op, validate_mysql_uri) return error_status[0] +def validate_docker_service_mysql_usage(filename, tpl): + no_op = lambda *args: False + included_res = [] + + def match_included_res(item): + is_config_setting = isinstance(item, list) and len(item) > 1 and \ + item[1:] == ['role_data', 'config_settings'] + if is_config_setting: + included_res.append(item[0]) + return is_config_setting + + def match_use_mysql_protocol(items): + return items == ['EndpointMap', 'MysqlInternal', 'protocol'] + + all_content = [] + + def read_all(incfile, inctpl): + # search for included content + content = inctpl['outputs']['role_data']['value'].get('config_settings',{}) + all_content.append(content) + included_res[:] = [] + if search(content, match_included_res, no_op): + files = [inctpl['resources'][x]['type'] for x in included_res] + # parse included content + for r, f in zip(included_res, files): + # disregard class names, only consider file names + if 'OS::' in f: + continue + newfile = os.path.normpath(os.path.dirname(incfile)+'/'+f) + newtmp = yaml.load(open(newfile).read()) + read_all(newfile, newtmp) + + read_all(filename, tpl) + if search(all_content, match_use_mysql_protocol, no_op): + # ensure this service includes the mysqlclient service + resources = tpl['resources'] + mysqlclient = [x for x in resources + if resources[x]['type'].endswith('mysql-client.yaml')] + if len(mysqlclient) == 0: + print("ERROR: containerized service %s uses mysql but " + "resource mysql-client.yaml is not used" + % filename) + return 1 + + # and that mysql::client puppet module is included in puppet-config + match_mysqlclient = \ + lambda x: x == [mysqlclient[0], 'role_data', 'step_config'] + role_data = tpl['outputs']['role_data'] + puppet_config = role_data['value']['puppet_config']['step_config'] + if not search(puppet_config, match_mysqlclient, no_op): + print("ERROR: containerized service %s uses mysql but " + "puppet_config section does not include " + "::tripleo::profile::base::database::mysql::client" + % filename) + return 1 + + return 0 + + def validate_docker_service(filename, tpl): if 'outputs' in tpl and 'role_data' in tpl['outputs']: if 'value' not in tpl['outputs']['role_data']: @@ -275,6 +334,10 @@ def validate_docker_service(filename, tpl): return 1 if 'puppet_config' in role_data: + if validate_docker_service_mysql_usage(filename, tpl): + print('ERROR: could not validate use of mysql service for %s.' + % filename) + return 1 puppet_config = role_data['puppet_config'] for key in puppet_config: if key in REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS: |