diff options
41 files changed, 511 insertions, 227 deletions
diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index 89182666..df12bc59 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -101,7 +101,6 @@ parameter_defaults: devices: - /dev/loop3 journal_size: 512 - journal_collocation: true osd_scenario: collocated CephAnsibleExtraConfig: ceph_conf_overrides: diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml index bec5f48e..534f8294 100644 --- a/ci/environments/scenario002-multinode-containers.yaml +++ b/ci/environments/scenario002-multinode-containers.yaml @@ -9,7 +9,6 @@ resource_registry: OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml - OS::TripleO::Services::MongoDb: ../../docker/services/database/mongodb.yaml # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml @@ -58,7 +57,6 @@ parameter_defaults: - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::BarbicanApi - - OS::TripleO::Services::MongoDb - OS::TripleO::Services::Zaqar - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::TripleoPackages @@ -69,5 +67,7 @@ parameter_defaults: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu Debug: true + ZaqarMessageStore: 'swift' + ZaqarManagementStore: 'sqlalchemy' SwiftCeilometerPipelineEnabled: false NotificationDriver: 'noop' diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index 6c7f4ebb..2f731ce9 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -9,7 +9,6 @@ resource_registry: OS::TripleO::Services::HAproxy: ../../puppet/services/pacemaker/haproxy.yaml OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml OS::TripleO::Services::MySQL: ../../puppet/services/pacemaker/database/mysql.yaml - OS::TripleO::Services::MongoDb: ../../puppet/services/database/mongodb.yaml OS::TripleO::Services::CinderBackup: ../../puppet/services/pacemaker/cinder-backup.yaml OS::TripleO::Services::CinderVolume: ../../puppet/services/pacemaker/cinder-volume.yaml OS::TripleO::Services::Keepalived: OS::Heat::None @@ -63,7 +62,6 @@ parameter_defaults: - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder - OS::TripleO::Services::BarbicanApi - - OS::TripleO::Services::MongoDb - OS::TripleO::Services::Zaqar - OS::TripleO::Services::Ec2Api - OS::TripleO::Services::TripleoPackages @@ -86,5 +84,7 @@ parameter_defaults: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu Debug: true + ZaqarMessageStore: 'swift' + ZaqarManagementStore: 'sqlalchemy' SwiftCeilometerPipelineEnabled: false NotificationDriver: 'noop' diff --git a/ci/environments/scenario007-multinode-containers.yaml b/ci/environments/scenario007-multinode-containers.yaml index bad3e4a5..149f2d32 100644 --- a/ci/environments/scenario007-multinode-containers.yaml +++ b/ci/environments/scenario007-multinode-containers.yaml @@ -7,6 +7,9 @@ resource_registry: # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None + OS::TripleO::Services::SwiftProxy: OS::Heat::None + OS::TripleO::Services::SwiftStorage: OS::Heat::None + OS::TripleO::Services::SwiftRingBuilder: OS::Heat::None parameter_defaults: ControllerServices: - OS::TripleO::Services::Clustercheck diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml index 73d3036c..785095b6 100644 --- a/common/deploy-steps-tasks.yaml +++ b/common/deploy-steps-tasks.yaml @@ -4,11 +4,15 @@ ##################################################### # Per step puppet configuration of the baremetal host ##################################################### + - name: Set host puppet debugging fact string + set_fact: + host_puppet_config_debug: "--debug --verbose" + when: enable_debug|default(false) - name: Write the config_step hieradata copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true mode=0600 - name: Run puppet host configuration for step {{step}} command: >- - puppet apply + puppet apply {{ host_puppet_config_debug|default('') }} --modulepath=/etc/puppet/modules:/opt/stack/puppet-modules:/usr/share/openstack-puppet/modules --logdest syslog --logdest console --color=false /var/lib/tripleo-config/puppet_step_config.pp diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2 index a1bd8826..5c923a99 100644 --- a/common/deploy-steps.j2 +++ b/common/deploy-steps.j2 @@ -48,6 +48,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + ConfigDebug: + default: false + description: Whether to run config management (e.g. Puppet) in debug mode. + type: boolean DockerPuppetDebug: type: string default: '' @@ -85,6 +89,7 @@ resources: - name: role_name - name: update_identifier - name: bootstrap_server_id + - name: enable_debug - name: docker_puppet_debug - name: docker_puppet_process_count config: @@ -291,6 +296,7 @@ resources: role_name: {{role.name}} update_identifier: {get_param: DeployIdentifier} bootstrap_server_id: {get_param: [servers, {{primary_role_name}}, '0']} + enable_debug: {get_param: ConfigDebug} docker_puppet_debug: {get_param: DockerPuppetDebug} docker_puppet_process_count: {get_param: DockerPuppetProcessCount} {% endfor %} diff --git a/deployed-server/deployed-server-roles-data.yaml b/deployed-server/deployed-server-roles-data.yaml index 73dc9099..8611940a 100644 --- a/deployed-server/deployed-server-roles-data.yaml +++ b/deployed-server/deployed-server-roles-data.yaml @@ -24,163 +24,268 @@ - name: ControllerDeployedServer CountDefault: 1 disable_constraints: True + tags: + - primary + - controller + networks: + - External + - InternalApi + - Storage + - StorageMgmt + - Tenant + HostnameFormatDefault: '%stackname%-controller-%index%' ServicesDefault: + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BarbicanApi - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CertmongerUser - - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + # FIXME: This service was disabled in Pike and this entry should be removed + # in Queens. + - OS::TripleO::Services::CeilometerApi + - OS::TripleO::Services::CeilometerCollector + - OS::TripleO::Services::CeilometerExpirer - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephMds + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephRbdMirror - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackendDellPs + - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendDellEMCUnity + - OS::TripleO::Services::CinderBackendDellEMCVMAXISCSI + - OS::TripleO::Services::CinderBackendNetApp + - OS::TripleO::Services::CinderBackendScaleIO + - OS::TripleO::Services::CinderBackendVRTSHyperScale - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderHPELeftHandISCSI - OS::TripleO::Services::CinderScheduler - OS::TripleO::Services::CinderVolume - - OS::TripleO::Services::Kernel - - OS::TripleO::Services::Keystone + - OS::TripleO::Services::Clustercheck + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Congress + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Ec2Api + - OS::TripleO::Services::Etcd + - OS::TripleO::Services::ExternalSwiftProxy + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::HAproxy - OS::TripleO::Services::HeatApi - OS::TripleO::Services::HeatApiCfn - OS::TripleO::Services::HeatApiCloudwatch - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::IronicPxe - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Keepalived + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaBackendGeneric + - OS::TripleO::Services::ManilaBackendIsilon + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaBackendUnity + - OS::TripleO::Services::ManilaBackendVNX + - OS::TripleO::Services::ManilaBackendVMAX + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MongoDb - OS::TripleO::Services::MySQL - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronBgpVpnApi + - OS::TripleO::Services::NeutronCorePlugin - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL2gwAgent + - OS::TripleO::Services::NeutronL2gwApi - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronLbaasv2Agent + - OS::TripleO::Services::NeutronLinuxbridgeAgent - OS::TripleO::Services::NeutronMetadataAgent - - OS::TripleO::Services::NeutronApi - - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronML2FujitsuCfab + - OS::TripleO::Services::NeutronML2FujitsuFossw - OS::TripleO::Services::NeutronOvsAgent - - OS::TripleO::Services::RabbitMQ - - OS::TripleO::Services::HAproxy - - OS::TripleO::Services::Keepalived - - OS::TripleO::Services::Memcached - - OS::TripleO::Services::Pacemaker - - OS::TripleO::Services::Redis - - OS::TripleO::Services::NovaConductor - - OS::TripleO::Services::MongoDb + - OS::TripleO::Services::NeutronVppAgent - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaConsoleauth + - OS::TripleO::Services::NovaIronic - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaPlacement - OS::TripleO::Services::NovaScheduler - - OS::TripleO::Services::NovaConsoleauth - OS::TripleO::Services::NovaVncProxy - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::OctaviaApi + - OS::TripleO::Services::OctaviaHealthManager + - OS::TripleO::Services::OctaviaHousekeeping + - OS::TripleO::Services::OctaviaWorker + - OS::TripleO::Services::OpenDaylightApi + - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::RabbitMQ + - OS::TripleO::Services::Redis + - OS::TripleO::Services::SaharaApi + - OS::TripleO::Services::SaharaEngine + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::SwiftProxy - - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder - - OS::TripleO::Services::Snmp + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Tacker - OS::TripleO::Services::Timezone - - OS::TripleO::Services::CeilometerApi - - OS::TripleO::Services::CeilometerCollector - - OS::TripleO::Services::CeilometerExpirer - - OS::TripleO::Services::CeilometerAgentCentral - - OS::TripleO::Services::CeilometerAgentNotification - - OS::TripleO::Services::Horizon - - OS::TripleO::Services::GnocchiApi - - OS::TripleO::Services::GnocchiMetricd - - OS::TripleO::Services::GnocchiStatsd - - OS::TripleO::Services::ManilaApi - - OS::TripleO::Services::ManilaScheduler - - OS::TripleO::Services::ManilaBackendGeneric - - OS::TripleO::Services::ManilaBackendIsilon - - OS::TripleO::Services::ManilaBackendNetapp - - OS::TripleO::Services::ManilaBackendUnity - - OS::TripleO::Services::ManilaBackendCephFs - - OS::TripleO::Services::ManilaBackendVNX - - OS::TripleO::Services::ManilaBackendVMAX - - OS::TripleO::Services::ManilaShare - - OS::TripleO::Services::AodhApi - - OS::TripleO::Services::AodhEvaluator - - OS::TripleO::Services::AodhNotifier - - OS::TripleO::Services::AodhListener - - OS::TripleO::Services::SaharaApi - - OS::TripleO::Services::SaharaEngine - - OS::TripleO::Services::IronicApi - - OS::TripleO::Services::IronicConductor - - OS::TripleO::Services::NovaIronic - - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::OpenDaylightApi - - OS::TripleO::Services::OpenDaylightOvs - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::BarbicanApi - - OS::TripleO::Services::PankoApi + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned + - OS::TripleO::Services::Vpp - OS::TripleO::Services::Zaqar - - OS::TripleO::Services::OVNDBs - name: ComputeDeployedServer CountDefault: 1 HostnameFormatDefault: '%stackname%-novacompute-%index%' disable_constraints: True + disable_upgrade_deployment: True + networks: + - InternalApi + - Tenant + - Storage ServicesDefault: + - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephClient - OS::TripleO::Services::CephExternal - - OS::TripleO::Services::Timezone - - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - - OS::TripleO::Services::NovaCompute - - OS::TripleO::Services::NovaLibvirt - - OS::TripleO::Services::NovaMigrationTarget - - OS::TripleO::Services::Kernel - - OS::TripleO::Services::ComputeNeutronCorePlugin - - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin - OS::TripleO::Services::ComputeNeutronL3Agent - OS::TripleO::Services::ComputeNeutronMetadataAgent - - OS::TripleO::Services::TripleoPackages - - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronLinuxbridgeAgent - OS::TripleO::Services::NeutronSriovAgent - OS::TripleO::Services::NeutronSriovHostConfig + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaMigrationTarget + - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond - OS::TripleO::Services::OpenDaylightOvs + - OS::TripleO::Services::Securetty - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient - - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned + - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController - name: BlockStorageDeployedServer disable_constraints: True + networks: + - InternalApi + - Storage + - StorageMgmt ServicesDefault: + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BlockStorageCinderVolume - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser - - OS::TripleO::Services::BlockStorageCinderVolume + - OS::TripleO::Services::CinderBackendVRTSHyperScale + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::Iscsid - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Timezone + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp - - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned - name: ObjectStorageDeployedServer disable_constraints: True + networks: + - InternalApi + - Storage + - StorageMgmt + disable_upgrade_deployment: True ServicesDefault: + - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp - - OS::TripleO::Services::SwiftStorage - - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::Timezone - - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned - name: CephStorageDeployedServer disable_constraints: True + networks: + - Storage + - StorageMgmt ServicesDefault: + - OS::TripleO::Services::AuditD - OS::TripleO::Services::CACerts - - OS::TripleO::Services::CertmongerUser - OS::TripleO::Services::CephOSD + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::Docker + - OS::TripleO::Services::FluentdClient - OS::TripleO::Services::Kernel + - OS::TripleO::Services::MySQLClient - OS::TripleO::Services::Ntp + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::SensuClient - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd - OS::TripleO::Services::Timezone - - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall - - OS::TripleO::Services::SensuClient - - OS::TripleO::Services::FluentdClient + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned diff --git a/deployed-server/scripts/enable-ssh-admin.sh b/deployed-server/scripts/enable-ssh-admin.sh index dcabeadf..daff3907 100755 --- a/deployed-server/scripts/enable-ssh-admin.sh +++ b/deployed-server/scripts/enable-ssh-admin.sh @@ -10,6 +10,7 @@ SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"$HOME/.ssh/id_rsa"} # this is the intended variable for overriding OVERCLOUD_SSH_KEY=${OVERCLOUD_SSH_KEY:-"$SUBNODES_SSH_KEY"} +SHORT_TERM_KEY_COMMENT="TripleO split stack short term key" SLEEP_TIME=5 function overcloud_ssh_hosts_json { @@ -22,7 +23,7 @@ print(json.dumps(re.split("\s+", sys.stdin.read().strip())))' function overcloud_ssh_key_json { # we pass the contents to Mistral instead of just path, otherwise # the key file would have to be readable for the mistral user - cat "$OVERCLOUD_SSH_KEY" | python -c 'import json,sys; print(json.dumps(sys.stdin.read()))' + cat "$1" | python -c 'import json,sys; print(json.dumps(sys.stdin.read()))' } function workflow_finished { @@ -30,6 +31,12 @@ function workflow_finished { openstack workflow execution show -f shell $execution_id | grep 'state="SUCCESS"' > /dev/null } +function generate_short_term_keys { + local tmpdir=$(mktemp -d) + ssh-keygen -N '' -t rsa -b 4096 -f "$tmpdir/id_rsa" -C "$SHORT_TERM_KEY_COMMENT" > /dev/null + echo "$tmpdir" +} + if [ -z "$OVERCLOUD_HOSTS" ]; then echo 'Please set $OVERCLOUD_HOSTS' exit 1 @@ -41,7 +48,20 @@ echo "SSH key file: $OVERCLOUD_SSH_KEY" echo "Hosts: $OVERCLOUD_HOSTS" echo -EXECUTION_PARAMS="{\"ssh_user\": \"$OVERCLOUD_SSH_USER\", \"ssh_servers\": $(overcloud_ssh_hosts_json), \"ssh_private_key\": $(overcloud_ssh_key_json)}" +SHORT_TERM_KEY_DIR=$(generate_short_term_keys) +SHORT_TERM_KEY_PRIVATE="$SHORT_TERM_KEY_DIR/id_rsa" +SHORT_TERM_KEY_PUBLIC="$SHORT_TERM_KEY_DIR/id_rsa.pub" +SHORT_TERM_KEY_PUBLIC_CONTENT=$(cat $SHORT_TERM_KEY_PUBLIC) + +for HOST in $OVERCLOUD_HOSTS; do + echo "Inserting TripleO short term key for $HOST" + # prepending an extra newline so that if authorized_keys didn't + # end with a newline previously, we don't end up garbling it up + ssh -i "$OVERCLOUD_SSH_KEY" -l "$OVERCLOUD_SSH_USER" "$HOST" "echo -e '\n$SHORT_TERM_KEY_PUBLIC_CONTENT' >> \$HOME/.ssh/authorized_keys" +done + +echo "Starting ssh admin enablement workflow" +EXECUTION_PARAMS="{\"ssh_user\": \"$OVERCLOUD_SSH_USER\", \"ssh_servers\": $(overcloud_ssh_hosts_json), \"ssh_private_key\": $(overcloud_ssh_key_json "$SHORT_TERM_KEY_PRIVATE")}" EXECUTION_CREATE_OUTPUT=$(openstack workflow execution create -f shell -d 'deployed server ssh admin creation' tripleo.access.v1.enable_ssh_admin "$EXECUTION_PARAMS") echo "$EXECUTION_CREATE_OUTPUT" EXECUTION_ID=$(echo "$EXECUTION_CREATE_OUTPUT" | grep '^id=' | awk '-F"' '{ print $2 }') @@ -56,5 +76,14 @@ while ! workflow_finished $EXECUTION_ID; do sleep $SLEEP_TIME echo -n . done +echo # newline after the previous dots + +for HOST in $OVERCLOUD_HOSTS; do + echo "Removing TripleO short term key from $HOST" + ssh -l "$OVERCLOUD_SSH_USER" "$HOST" "sed -i -e '/$SHORT_TERM_KEY_COMMENT/d' \$HOME/.ssh/authorized_keys" +done + +echo "Removing short term keys locally" +rm -r "$SHORT_TERM_KEY_DIR" echo "Success." diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py index cc247031..533ed07d 100755 --- a/docker/docker-puppet.py +++ b/docker/docker-puppet.py @@ -90,16 +90,17 @@ def match_config_volume(prefix, config): config_volume=None for v in volumes: if v.startswith(prefix): - config_volume = os.path.relpath( - v.split(":")[0], prefix).split("/")[0] + config_volume = os.path.dirname(v.split(":")[0]) break return config_volume -def get_config_hash(prefix, config_volume): - hashfile = os.path.join(prefix, "%s.md5sum" % config_volume) +def get_config_hash(config_volume): + hashfile = "%s.md5sum" % config_volume + log.debug("Looking for hashfile %s for config_volume %s" % (hashfile, config_volume)) hash_data = None if os.path.isfile(hashfile): + log.debug("Got hashfile %s for config_volume %s" % (hashfile, config_volume)) with open(hashfile) as f: hash_data = f.read().rstrip() return hash_data @@ -248,6 +249,7 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume # Write a checksum of the config-data dir, this is used as a # salt to trigger container restart when the config changes tar -c -f - /var/lib/config-data/${NAME} --mtime='1970-01-01' | md5sum | awk '{print $1}' > /var/lib/config-data/${NAME}.md5sum + tar -c -f - /var/lib/config-data/puppet-generated/${NAME} --mtime='1970-01-01' | md5sum | awk '{print $1}' > /var/lib/config-data/puppet-generated/${NAME}.md5sum fi """) @@ -371,7 +373,7 @@ for infile in infiles: for k, v in infile_data.iteritems(): config_volume = match_config_volume(config_volume_prefix, v) if config_volume: - config_hash = get_config_hash(config_volume_prefix, config_volume) + config_hash = get_config_hash(config_volume) if config_hash: env = v.get('environment', []) env.append("TRIPLEO_CONFIG_HASH=%s" % config_hash) diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index 8cc81fb0..4674ec14 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -73,15 +73,9 @@ parameters: description: > It can be used to override settings for one of the predefined pools, or to create additional ones. Example: - { - "volumes": { - "size": 5, - "pg_num": 128, - "pgp_num": 128 - } - } - default: {} - type: json + [{"name": "volumes", "pg_num": 64, "rule_name": ""}] + default: [] + type: comma_delimited_list CinderRbdPoolName: default: volumes type: string @@ -225,13 +219,7 @@ outputs: - {get_param: NovaRbdPoolName} - {get_param: GlanceRbdPoolName} - {get_param: GnocchiRbdPoolName} - - repeat: - template: - name: <%pool%> - pg_num: {get_param: CephPoolDefaultPgNum} - rule_name: "" - for_each: - <%pool%>: {get_param: CephPools} + - {get_param: CephPools} openstack_keys: &openstack_keys - name: list_join: diff --git a/docker/services/ceph-ansible/ceph-mon.yaml b/docker/services/ceph-ansible/ceph-mon.yaml index 45f939c2..90b2db3b 100644 --- a/docker/services/ceph-ansible/ceph-mon.yaml +++ b/docker/services/ceph-ansible/ceph-mon.yaml @@ -83,4 +83,3 @@ outputs: - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]} - monitor_secret: {get_param: CephMonKey} admin_secret: {get_param: CephAdminKey} - monitor_interface: br_ex diff --git a/docker/services/ceph-ansible/ceph-osd.yaml b/docker/services/ceph-ansible/ceph-osd.yaml index a441f5c9..de55924b 100644 --- a/docker/services/ceph-ansible/ceph-osd.yaml +++ b/docker/services/ceph-ansible/ceph-osd.yaml @@ -37,7 +37,6 @@ parameters: devices: - /dev/vdb journal_size: 512 - journal_collocation: true osd_scenario: collocated resources: diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index e1a3827a..1a6f5c77 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -48,6 +48,16 @@ parameters: default: false description: Remove package if the service is being disabled during upgrade type: boolean + GlanceNfsShare: + default: '' + description: > + NFS share to mount for image storage (when GlanceNfsEnabled is true) + type: string + GlanceNfsOptions: + default: 'intr,context=system_u:object_r:glance_var_lib_t:s0' + description: > + NFS mount options for image storage (when GlanceNfsEnabled is true) + type: string conditions: @@ -108,6 +118,10 @@ outputs: dest: "/etc/ceph/" merge: true preserve_properties: true + permissions: + - path: /var/lib/glance + owner: glance:glance + recurse: true /var/lib/kolla/config_files/glance_api_tls_proxy.json: command: /usr/sbin/httpd -DFOREGROUND config_files: @@ -182,6 +196,15 @@ outputs: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - {} host_prep_tasks: + - name: Mount NFS on host + vars: + nfs_backend_enable: {get_param: GlanceNfsEnabled} + mount: name=/var/lib/glance src="{{item.NFS_SHARE}}" fstype=nfs4 opts="{{item.NFS_OPTIONS}}" state=mounted + with_items: + - NFS_SHARE: {get_param: GlanceNfsShare} + NFS_OPTIONS: {get_param: GlanceNfsOptions} + when: + - nfs_backend_enable - name: create persistent logs directory file: path: "{{ item }}" diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml index d6ffb6dc..2c7d7a74 100644 --- a/docker/services/horizon.yaml +++ b/docker/services/horizon.yaml @@ -113,7 +113,7 @@ outputs: volumes: - /var/log/containers/horizon:/var/log/horizon - /var/log/containers/httpd/horizon:/var/log/httpd - - /var/lib/config-data/horizon/etc/:/etc/ + - /var/lib/config-data/puppet-generated/horizon/etc/openstack-dashboard:/etc/openstack-dashboard step_3: horizon: image: *horizon_image diff --git a/docker/services/memcached.yaml b/docker/services/memcached.yaml index c78b85a6..67b84249 100644 --- a/docker/services/memcached.yaml +++ b/docker/services/memcached.yaml @@ -80,8 +80,8 @@ outputs: user: root volumes: - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro - - /var/log/memcached.log:/var/log/memcached.log - command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; chown ${USER} /var/log/memcached.log'] + - /var/log/containers/memcached:/var/log/ + command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; touch /var/log/memcached.log && chown ${USER} /var/log/memcached.log'] memcached: start_order: 1 image: *memcached_image @@ -93,8 +93,16 @@ outputs: - {get_attr: [ContainersCommon, volumes]} - - /var/lib/config-data/memcached/etc/sysconfig/memcached:/etc/sysconfig/memcached:ro - # TODO(bogdando) capture memcached syslog logs from a container - command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS'] + - /var/log/containers/memcached:/var/log/ + # NOTE: We're adding the log redirection here, even though should + # already be part of the options. This is because the redirection + # via the options is not working and ends up being passed as a + # parameter to the memcached command (which it silently ignores). + # Thus the need for the explicit redirection here. The redirection + # will be removed from the $OPTIONS, which is done via the puppet + # module, but we'll only be able to do this once the following pull + # request merges: https://github.com/saz/puppet-memcached/pull/88 + command: ['/bin/bash', '-c', 'source /etc/sysconfig/memcached; /usr/bin/memcached -p ${PORT} -u ${USER} -m ${CACHESIZE} -c ${MAXCONN} $OPTIONS >> /var/log/memcached.log 2>&1'] upgrade_tasks: - name: Stop and disable memcached service tags: step2 diff --git a/docker/services/mistral-api.yaml b/docker/services/mistral-api.yaml index 50c80216..1b4b44f2 100644 --- a/docker/services/mistral-api.yaml +++ b/docker/services/mistral-api.yaml @@ -36,6 +36,16 @@ parameters: default: {} description: Parameters specific to the role type: json + MistralWorkers: + default: 1 + description: The number of workers for the mistral-api. + type: number + MistralApiPolicies: + description: | + A hash of policies to configure for Mistral API. + e.g. { mistral-context_is_admin: { key: context_is_admin, value: 'role:admin' } } + default: {} + type: json resources: @@ -45,6 +55,16 @@ resources: MySQLClient: type: ../../puppet/services/database/mysql-client.yaml + MistralBase: + type: ../../puppet/services/mistral-base.yaml + properties: + EndpointMap: {get_param: EndpointMap} + ServiceData: {get_param: ServiceData} + ServiceNetMap: {get_param: ServiceNetMap} + DefaultPasswords: {get_param: DefaultPasswords} + RoleName: {get_param: RoleName} + RoleParameters: {get_param: RoleParameters} + MistralApiBase: type: ../../puppet/services/mistral-api.yaml properties: @@ -60,9 +80,23 @@ outputs: description: Role data for the Mistral API role. value: service_name: {get_attr: [MistralApiBase, role_data, service_name]} + # FIXME(mandre) restore once mistral-api image has the necessary packages + # to run on top of apache + # config_settings: + # map_merge: + # - get_attr: [MistralApiBase, role_data, config_settings] config_settings: map_merge: - - get_attr: [MistralApiBase, role_data, config_settings] + - get_attr: [MistralBase, role_data, config_settings] + - mistral::api::api_workers: {get_param: MistralWorkers} + mistral::api::bind_host: {get_param: [ServiceNetMap, MistralApiNetwork]} + mistral::policy::policies: {get_param: MistralApiPolicies} + tripleo.mistral_api.firewall_rules: + '133 mistral': + dport: + - 8989 + - 13989 + mistral_wsgi_enabled: false logging_source: {get_attr: [MistralApiBase, role_data, logging_source]} logging_groups: {get_attr: [MistralApiBase, role_data, logging_groups]} step_config: &step_config diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index e0c1194a..2d7aff6e 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -83,7 +83,10 @@ outputs: logging_source: {get_attr: [SwiftStorageBase, role_data, logging_source]} logging_groups: {get_attr: [SwiftStorageBase, role_data, logging_groups]} step_config: &step_config - get_attr: [SwiftStorageBase, role_data, step_config] + list_join: + - "\n" + - - {get_attr: [SwiftStorageBase, role_data, step_config]} + - "class xinetd() {}" service_config_settings: {get_attr: [SwiftStorageBase, role_data, service_config_settings]} # BEGIN DOCKER SETTINGS puppet_config: diff --git a/environments/composable-roles/standalone.yaml b/environments/composable-roles/standalone.yaml index 3305c9ed..c12d72de 100644 --- a/environments/composable-roles/standalone.yaml +++ b/environments/composable-roles/standalone.yaml @@ -30,13 +30,13 @@ parameter_defaults: # Type: string ComputeHostnameFormat: '%stackname%-novacompute-%index%' - # Number of Controller nodes to deploy + # Number of ControllerOpenstack nodes # Type: number - ControllerCount: 3 + ControllerOpenstackCount: 3 - # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud + # Format for ControllerOpenstack node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud # Type: string - ControllerHostnameFormat: '%stackname%-controller-%index%' + ControllerOpenstackHostnameFormat: '%stackname%-controller-%index%' # Number of Database nodes # Type: number @@ -66,9 +66,9 @@ parameter_defaults: # Type: string OvercloudComputeFlavor: compute - # Name of the flavor for Controller nodes + # Name of the flavor for ControllerOpenstack nodes # Type: string - OvercloudControllerFlavor: control + OvercloudControllerOpenstackFlavor: control # Name of the flavor for Database nodes # Type: string diff --git a/environments/docker.yaml b/environments/docker.yaml index 57379925..58691cc1 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -58,6 +58,8 @@ resource_registry: # OS::TripleO::Services::CinderBackup: ../docker/services/cinder-backup.yaml # OS::TripleO::Services::CinderVolume: ../docker/services/cinder-volume.yaml # + OS::TripleO::Services::SwiftDispersion: OS::Heat::None + # If SR-IOV is enabled on the compute nodes, it will need the SR-IOV # host configuration. OS::TripleO::Services::NeutronSriovHostConfig: OS::Heat::None diff --git a/environments/services/heat-api-cloudwatch.yaml b/environments/services/heat-api-cloudwatch.yaml new file mode 100644 index 00000000..ce22a91c --- /dev/null +++ b/environments/services/heat-api-cloudwatch.yaml @@ -0,0 +1,2 @@ +resource_registry: + OS::TripleO::Services::HeatApiCloudwatch: ../../puppet/services/heat-api-cloudwatch.yaml diff --git a/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml index 24557517..a5eb35c6 100644 --- a/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml +++ b/extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml @@ -20,7 +20,7 @@ parameter_defaults: rhel_reg_user: "" rhel_reg_type: "" rhel_reg_method: "" - rhel_reg_sat_repo: "rhel-7-server-satellite-tools-6.1-rpms" + rhel_reg_sat_repo: "rhel-7-server-satellite-tools-6.2-rpms" rhel_reg_http_proxy_host: "" rhel_reg_http_proxy_port: "" rhel_reg_http_proxy_username: "" diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration index 487857ef..c7d0b231 100644 --- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration +++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration @@ -186,14 +186,13 @@ function retry() { set -e } -function detect_satellite_version { - ping_api=$REG_SAT_URL/katello/api/ping - if curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $ping_api | grep "200 OK"; then - echo Satellite 6 detected at $REG_SAT_URL - satellite_version=6 +function detect_satellite_server { + if curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm | grep "200 OK"; then + echo Satellite 6 or beyond with Katello API detected at $REG_SAT_URL + katello_api_enabled=1 elif curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then - echo Satellite 5 detected at $REG_SAT_URL - satellite_version=5 + echo Satellite 5 with RHN detected at $REG_SAT_URL + katello_api_enabled=0 else echo No Satellite detected at $REG_SAT_URL exit 1 @@ -231,8 +230,8 @@ case "${REG_METHOD:-}" in retry subscription-manager $repos ;; satellite) - detect_satellite_version - if [ "$satellite_version" = "6" ]; then + detect_satellite_server + if [ "$katello_api_enabled" = "1" ]; then repos="$repos --enable ${satellite_repo}" curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" @@ -248,7 +247,7 @@ case "${REG_METHOD:-}" in rpm -Uvh katello-ca-consumer-latest.noarch.rpm || true retry subscription-manager register $opts retry subscription-manager $repos - retry yum install -y katello-agent || true # needed for errata reporting to satellite6 + yum install -y katello-agent || true # needed for errata reporting to satellite6 katello-package-upload # https://bugs.launchpad.net/tripleo/+bug/1711435 diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index e19ccd84..dfb0e910 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -103,31 +103,12 @@ parameters: internal use only, this will be removed in future. type: json - InternalApiNetName: - default: internal_api - description: The name of the internal_api network. +{%- for network in networks %} + {{network.name}}NetName: + default: {{network.name_lower}} + description: The name of the {{network.name_lower}} network. type: string - ExternalNetName: - default: external - description: The name of the external network. - type: string - ManagementNetName: - default: management - description: The name of the management network. - type: string - StorageNetName: - default: storage - description: The name of the storage network. - type: string - StorageMgmtNetName: - default: storage_mgmt - description: The name of the storage_mgmt network. - type: string - TenantNetName: - default: tenant - description: The name of the tenant network. - type: string - +{%- endfor %} parameter_groups: - label: deprecated @@ -145,12 +126,9 @@ resources: - map_replace: - {get_param: ServiceNetMapDefaults} - values: - external: {get_param: ExternalNetName} - internal_api: {get_param: InternalApiNetName} - storage: {get_param: StorageNetName} - storage_mgmt: {get_param: StorageMgmtNetName} - tenant: {get_param: TenantNetName} - management: {get_param: ManagementNetName} +{%- for network in networks %} + {{network.name_lower}}: {get_param: {{network.name}}NetName} +{%- endfor %} - map_replace: - {get_param: ServiceNetMap} - keys: {get_param: ServiceNetMapDeprecatedMapping} diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index e402f125..3ee77218 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -133,7 +133,7 @@ resource_registry: OS::TripleO::Services::GlanceRegistry: puppet/services/disabled/glance-registry-disabled.yaml OS::TripleO::Services::HeatApi: puppet/services/heat-api.yaml OS::TripleO::Services::HeatApiCfn: puppet/services/heat-api-cfn.yaml - OS::TripleO::Services::HeatApiCloudwatch: puppet/services/heat-api-cloudwatch.yaml + OS::TripleO::Services::HeatApiCloudwatch: puppet/services/disabled/heat-api-cloudwatch-disabled.yaml OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml OS::TripleO::Services::Kernel: puppet/services/kernel.yaml OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index 367ac5b6..3506fe8e 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -491,8 +491,12 @@ resources: type: OS::TripleO::Network::Ports::NetIpListMap properties: ControlPlaneIpList: {get_attr: [{{role.name}}, ip_address]} -{%- for network in networks if network.enabled|default(true) %} +{%- for network in networks %} + {%- if network.enabled|default(true) %} {{network.name}}IpList: {get_attr: [{{role.name}}, {{network.name_lower}}_ip_address]} + {%- else %} + {{network.name}}IpList: {get_attr: [{{role.name}}, ip_address]} + {%- endif %} {%- endfor %} EnabledServices: {get_attr: [{{role.name}}ServiceNames, value]} ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]} diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.j2.yaml index 37c1d4e5..bdd2bcf3 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.j2.yaml @@ -2,14 +2,10 @@ heat_template_version: pike description: 'All Nodes Config for Puppet' parameters: - cloud_name_external: - type: string - cloud_name_internal_api: - type: string - cloud_name_storage: - type: string - cloud_name_storage_mgmt: +{%- for network in networks if network.vip|default(false) %} + cloud_name_{{network.name_lower}}: type: string +{%- endfor %} cloud_name_ctlplane: type: string enabled_services: @@ -70,30 +66,12 @@ parameters: type: boolean default: false - InternalApiNetName: - default: internal_api - description: The name of the internal_api network. - type: string - ExternalNetName: - default: external - description: The name of the external network. - type: string - ManagementNetName: - default: management - description: The name of the management network. - type: string - StorageNetName: - default: storage - description: The name of the storage network. - type: string - StorageMgmtNetName: - default: storage_mgmt - description: The name of the storage_mgmt network. - type: string - TenantNetName: - default: tenant - description: The name of the tenant network. +{%- for network in networks %} + {{network.name}}NetName: + default: {{network.name_lower}} + description: The name of the {{network.name_lower}} network. type: string +{%- endfor %} resources: diff --git a/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml index 93408dd1..6e010dea 100644 --- a/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml +++ b/puppet/extraconfig/pre_deploy/compute/neutron-ml2-bigswitch.yaml @@ -24,17 +24,16 @@ resources: config: datafiles: neutron_bigswitch_data: - mapped_data: - neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent} - neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp} - # NOTE(aschultz): required for the puppet module but we don't - # actually want them defined on the compute nodes so we're - # relying on the puppet module's handling of <SERVICE DEFAULT> - # to just not set these but still accept that they were defined. - # This will should be fixed in puppet-neutron and removed here, - # but for backportability, we need to define something. - neutron::plugins::ml2::bigswitch::restproxy::servers: '<SERVICE DEFAULT>' - neutron::plugins::ml2::bigswitch::restproxy::server_auth: '<SERVICE DEFAULT>' + neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent} + neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp} + # NOTE(aschultz): required for the puppet module but we don't + # actually want them defined on the compute nodes so we're + # relying on the puppet module's handling of <SERVICE DEFAULT> + # to just not set these but still accept that they were defined. + # This will should be fixed in puppet-neutron and removed here, + # but for backportability, we need to define something. + neutron::plugins::ml2::bigswitch::restproxy::servers: '<SERVICE DEFAULT>' + neutron::plugins::ml2::bigswitch::restproxy::server_auth: '<SERVICE DEFAULT>' NeutronBigswitchDeployment: diff --git a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml index 71a915df..cda598a5 100644 --- a/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml +++ b/puppet/extraconfig/pre_deploy/controller/neutron-ml2-bigswitch.yaml @@ -50,16 +50,15 @@ resources: config: datafiles: neutron_bigswitch_data: - mapped_data: - neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent} - neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp} - neutron::plugins::ml2::bigswitch::restproxy::servers: {get_input: restproxy_servers} - neutron::plugins::ml2::bigswitch::restproxy::server_auth: {get_input: restproxy_server_auth} - neutron::plugins::ml2::bigswitch::restproxy::auto_sync_on_failure: {get_input: restproxy_auto_sync_on_failure} - neutron::plugins::ml2::bigswitch::restproxy::consistency_interval: {get_input: restproxy_consistency_interval} - neutron::plugins::ml2::bigswitch::restproxy::neutron_id: {get_input: restproxy_neutron_id} - neutron::plugins::ml2::bigswitch::restproxy::server_ssl: {get_input: restproxy_server_ssl} - neutron::plugins::ml2::bigswitch::restproxy::ssl_cert_directory: {get_input: restproxy_ssl_cert_directory} + neutron::agents::bigswitch::agent_enabled: {get_input: neutron_enable_bigswitch_agent} + neutron::agents::bigswitch::lldp_enabled: {get_input: neutron_enable_bigswitch_lldp} + neutron::plugins::ml2::bigswitch::restproxy::servers: {get_input: restproxy_servers} + neutron::plugins::ml2::bigswitch::restproxy::server_auth: {get_input: restproxy_server_auth} + neutron::plugins::ml2::bigswitch::restproxy::auto_sync_on_failure: {get_input: restproxy_auto_sync_on_failure} + neutron::plugins::ml2::bigswitch::restproxy::consistency_interval: {get_input: restproxy_consistency_interval} + neutron::plugins::ml2::bigswitch::restproxy::neutron_id: {get_input: restproxy_neutron_id} + neutron::plugins::ml2::bigswitch::restproxy::server_ssl: {get_input: restproxy_server_ssl} + neutron::plugins::ml2::bigswitch::restproxy::ssl_cert_directory: {get_input: restproxy_ssl_cert_directory} NeutronBigswitchDeployment: type: OS::Heat::StructuredDeployment diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 15da1773..d53afd04 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -565,6 +565,7 @@ resources: - bootstrap_node # provided by allNodesConfig - all_nodes # provided by allNodesConfig - vip_data # provided by allNodesConfig + - net_ip_map - '"%{::osfamily}"' # The following are required for compatibility with the Controller role # where some vendor integrations added hieradata via ExtraConfigPre @@ -578,6 +579,7 @@ resources: service_names: service_names: {get_param: ServiceNames} sensu::subscriptions: {get_param: MonitoringSubscriptions} + net_ip_map: {get_attr: [NetIpMap, net_ip_map]} service_configs: map_replace: - {get_param: ServiceConfigSettings} diff --git a/puppet/services/disabled/heat-api-cloudwatch-disabled.yaml b/puppet/services/disabled/heat-api-cloudwatch-disabled.yaml new file mode 100644 index 00000000..f7935712 --- /dev/null +++ b/puppet/services/disabled/heat-api-cloudwatch-disabled.yaml @@ -0,0 +1,48 @@ +heat_template_version: pike + +description: > + Openstack Heat CloudWatch API service, disabled by default since Pike + +parameters: + ServiceData: + default: {} + description: Dictionary packing service data + type: json + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + RoleName: + default: '' + description: Role name on which the service is applied + type: string + RoleParameters: + default: {} + description: Parameters specific to the role + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: Role data for the disabled Heat CloudWatch API + value: + service_name: heat_api_cloudwatch_disabled + upgrade_tasks: + - name: Check if heat_api_cloudwatch is deployed + command: systemctl is-enabled openstack-heat-api-cloudwatch + tags: step1 + ignore_errors: True + register: heat_api_cloudwatch_enabled + - name: Stop and disable heat_api_cloudwatch service (pre-upgrade not under httpd) + tags: step1 + when: heat_api_cloudwatch_enabled.rc == 0 + service: name=openstack-heat-api-cloudwatch state=stopped enabled=no diff --git a/puppet/services/memcached.yaml b/puppet/services/memcached.yaml index 2bc08fde..30ea4e1e 100644 --- a/puppet/services/memcached.yaml +++ b/puppet/services/memcached.yaml @@ -54,6 +54,7 @@ outputs: # internal_api_subnet - > IP/CIDR memcached::listen_ip: {get_param: [ServiceNetMap, MemcachedNetwork]} memcached::max_memory: {get_param: MemcachedMaxMemory} + memcached::verbosity: 'v' tripleo.memcached.firewall_rules: '121 memcached': dport: 11211 diff --git a/puppet/services/neutron-lbaas.yaml b/puppet/services/neutron-lbaas.yaml index ec477ddc..a2c1a2ae 100644 --- a/puppet/services/neutron-lbaas.yaml +++ b/puppet/services/neutron-lbaas.yaml @@ -73,3 +73,6 @@ outputs: service_config_settings: neutron_api: neutron::server::service_providers: {get_param: NeutronServiceProviders} + horizon: + horizon::neutron_options: + enable_lb: True diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml index 9e5ba129..5326a250 100644 --- a/puppet/services/nova-compute.yaml +++ b/puppet/services/nova-compute.yaml @@ -210,7 +210,7 @@ outputs: collectd: tripleo.collectd.plugins.nova_compute: - virt - collectd::plugins::virt::connection: "qemu:///system" + collectd::plugin::virt::connection: 'qemu:///system' upgrade_tasks: - name: Stop nova-compute service tags: step1 diff --git a/puppet/services/rabbitmq.yaml b/puppet/services/rabbitmq.yaml index a1a60201..879af2a1 100644 --- a/puppet/services/rabbitmq.yaml +++ b/puppet/services/rabbitmq.yaml @@ -41,7 +41,7 @@ parameters: RabbitFDLimit: default: 65536 description: Configures RabbitMQ FD limit - type: string + type: number RabbitIPv6: default: false description: Enable IPv6 in RabbitMQ diff --git a/releasenotes/notes/ceph-pools-with-ceph-ansible-f82425e585f90ef6.yaml b/releasenotes/notes/ceph-pools-with-ceph-ansible-f82425e585f90ef6.yaml new file mode 100644 index 00000000..63e6f212 --- /dev/null +++ b/releasenotes/notes/ceph-pools-with-ceph-ansible-f82425e585f90ef6.yaml @@ -0,0 +1,17 @@ +--- +upgrade: + - | + The format to use for the CephPools parameter needs to be updated into the + form expected by ceph-ansible. For example, for a new pool named `mypool` + it should change from: + { "mypool": { "size": 3, "pg_num": 128, "pgp_num": 128 } } + into: + [ { "name": "mypool", "pg_num": 128, "rule_name": "" } ] + The first is a map where each key is a pool name and its value the pool + properties, the second is a list where each item describes all properties + of a pool, including its name. +other: + - | + With the migration from puppet-ceph to ceph-ansible for the deployment + of Ceph, the format of CephPools parameter changes because the two tools + use a different format to represent the list of additional pools to create. diff --git a/releasenotes/notes/disable-heat-api-cloudwatch-d5a471da22472bde.yaml b/releasenotes/notes/disable-heat-api-cloudwatch-d5a471da22472bde.yaml new file mode 100644 index 00000000..5c732c01 --- /dev/null +++ b/releasenotes/notes/disable-heat-api-cloudwatch-d5a471da22472bde.yaml @@ -0,0 +1,15 @@ +--- +upgrade: + - | + The Heat API Cloudwatch API is deprecated in Pike and so it removed + by default during the Ocata to Pike upgrade. If you wish to keep this + service then you should use the environments/heat-api-cloudwatch.yaml + environment file in the tripleo-heat-templates during the upgrade (note + that this is migrated to running under httpd, if you do decide to keep + this service on Pike). +deprecations: + - | + The Heat API Cloudwatch API is deprecated in Pike and so it is now not + deployed by default. You can override this behaviour with the + environments/heat-api-cloudwatch.yaml environment file in the + tripleo-heat-templates. diff --git a/releasenotes/notes/fix-dynamic-network-disabled-9f700a9e900221b6.yaml b/releasenotes/notes/fix-dynamic-network-disabled-9f700a9e900221b6.yaml new file mode 100644 index 00000000..c6cb3636 --- /dev/null +++ b/releasenotes/notes/fix-dynamic-network-disabled-9f700a9e900221b6.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + Fixes dynamic networks to fallback to ctlplane network when they are + disabled. diff --git a/releasenotes/notes/sat-tools-0d0f0c53de9d34a5.yaml b/releasenotes/notes/sat-tools-0d0f0c53de9d34a5.yaml new file mode 100644 index 00000000..eb3ab5fc --- /dev/null +++ b/releasenotes/notes/sat-tools-0d0f0c53de9d34a5.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + When deploying with RHSM, sat-tools 6.2 will be installed instead of 6.1. + The new version is supported by RHEL 7.4 and provides katello-agent package. diff --git a/releasenotes/notes/sat_capsule-bb59fad44c17f97f.yaml b/releasenotes/notes/sat_capsule-bb59fad44c17f97f.yaml new file mode 100644 index 00000000..58298d36 --- /dev/null +++ b/releasenotes/notes/sat_capsule-bb59fad44c17f97f.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + For deployments running on RHEL with Satellite 6 (or beyond) with Capsule (Katello API enabled), + the Katello API is available on 8443 port, so the previous API ping didn't work for this case. + Capsule is now supported since we just check if katello-ca-consumer-latest rpm is available + to tell that Satellite version is 6 or beyond. diff --git a/sample-env-generator/composable-roles.yaml b/sample-env-generator/composable-roles.yaml index 91d6060f..2c929a4b 100644 --- a/sample-env-generator/composable-roles.yaml +++ b/sample-env-generator/composable-roles.yaml @@ -89,10 +89,8 @@ environments: files: overcloud.yaml: parameters: - - ControllerHostnameFormat - ComputeHostnameFormat - CephStorageHostnameFormat - - ControllerCount - ComputeCount - CephStorageCount puppet/services/time/ntp.yaml: @@ -100,19 +98,21 @@ environments: - NtpServer sample-env-generator/composable-roles.yaml: parameters: + - ControllerOpenstackHostnameFormat - DnsServers + - ControllerOpenstackCount - DatabaseCount - MessagingCount - NetworkerCount - - OvercloudControllerFlavor + - OvercloudControllerOpenstackFlavor - OvercloudComputeFlavor - OvercloudCephStorageFlavor - OvercloudDatabaseFlavor - OvercloudMessagingFlavor - OvercloudNetworkerFlavor sample_values: - ControllerCount: 3 - OvercloudControllerFlavor: control + ControllerOpenstackCount: 3 + OvercloudControllerOpenstackFlavor: control ComputeCount: 1 OvercloudComputeFlavor: compute CephStorageCount: 1 @@ -135,6 +135,10 @@ parameters: description: DNS servers to use for the Overcloud type: comma_delimited_list # Dynamic vars based on roles + ControllerOpenstackCount: + default: 0 + description: Number of ControllerOpenstack nodes + type: number DatabaseCount: default: 0 description: Number of Database nodes @@ -147,10 +151,21 @@ parameters: default: 0 description: Number of Networker nodes type: number + ControllerOpenstackHostnameFormat: + type: string + description: > + Format for ControllerOpenstack node hostnames + Note %index% is translated into the index of the node, e.g 0/1/2 etc + and %stackname% is replaced with the stack name e.g overcloud + default: "%stackname%-controller-%index%" OvercloudControllerFlavor: default: control description: Name of the flavor for Controller nodes type: string + OvercloudControllerOpenstackFlavor: + default: control + description: Name of the flavor for ControllerOpenstack nodes + type: string OvercloudComputeFlavor: default: compute description: Name of the flavor for Compute nodes diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index c3229621..76f856db 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -46,7 +46,10 @@ OPTIONAL_DOCKER_PUPPET_CONFIG_SECTIONS = [ 'puppet_tags', 'volumes' ] # consistency across files on. This should only contain parameters whose # definition we cannot change for backwards compatibility reasons. New # parameters to the templates should not be added to this list. -PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'], +PARAMETER_DEFINITION_EXCLUSIONS = {'CephPools': ['description', + 'type', + 'default'], + 'ManagementNetCidr': ['default'], 'ManagementAllocationPools': ['default'], 'ExternalNetCidr': ['default'], 'ExternalAllocationPools': ['default'], |