summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ci/environments/multinode-containers.yaml6
-rw-r--r--ci/environments/scenario001-multinode-containers.yaml9
-rw-r--r--ci/environments/scenario002-multinode-containers.yaml6
-rw-r--r--ci/environments/scenario003-multinode-containers.yaml6
-rw-r--r--ci/environments/scenario004-multinode-containers.yaml39
-rw-r--r--ci/environments/scenario006-multinode-containers.yaml1
-rw-r--r--ci/environments/scenario007-multinode-containers.yaml6
-rw-r--r--common/deploy-steps.j261
-rw-r--r--common/major_upgrade_steps.j2.yaml41
-rw-r--r--common/post-upgrade.j2.yaml2
-rw-r--r--common/services.yaml17
-rw-r--r--docker/services/ceph-ansible/ceph-base.yaml31
-rw-r--r--docker/services/ceph-ansible/ceph-client.yaml2
-rw-r--r--docker/services/ceph-ansible/ceph-external.yaml2
-rw-r--r--docker/services/ceph-ansible/ceph-mds.yaml2
-rw-r--r--docker/services/ceph-ansible/ceph-mon.yaml2
-rw-r--r--docker/services/ceph-ansible/ceph-osd.yaml4
-rw-r--r--docker/services/ceph-ansible/ceph-rgw.yaml2
-rw-r--r--docker/services/containers-common.yaml1
-rw-r--r--docker/services/gnocchi-metricd.yaml2
-rw-r--r--docker/services/gnocchi-statsd.yaml2
-rw-r--r--docker/services/haproxy.yaml5
-rw-r--r--docker/services/nova-api.yaml2
-rw-r--r--docker/services/pacemaker/cinder-backup.yaml6
-rw-r--r--docker/services/pacemaker/cinder-volume.yaml6
-rw-r--r--docker/services/pacemaker/database/mysql.yaml24
-rw-r--r--docker/services/pacemaker/database/redis.yaml111
-rw-r--r--docker/services/pacemaker/haproxy.yaml23
-rw-r--r--docker/services/pacemaker/rabbitmq.yaml18
-rw-r--r--environments/docker-uc-light.yaml29
-rw-r--r--environments/network-isolation-no-tunneling.j2.yaml34
-rw-r--r--environments/network-isolation-no-tunneling.yaml61
-rw-r--r--environments/network-isolation.j2.yaml3
-rw-r--r--environments/neutron-nuage-config.yaml2
-rw-r--r--environments/services/neutron-lbaasv2.yaml2
-rw-r--r--network/management_v6.yaml71
-rw-r--r--network/networks.j2.yaml6
-rw-r--r--network_data.yaml6
-rw-r--r--puppet/services/README.rst4
-rw-r--r--puppet/services/neutron-base.yaml2
-rw-r--r--puppet/services/neutron-plugin-ml2-nuage.yaml12
-rw-r--r--puppet/services/neutron-plugin-nsx.yaml2
-rw-r--r--puppet/services/pacemaker/cinder-volume.yaml20
-rw-r--r--puppet/services/tacker.yaml1
-rw-r--r--releasenotes/notes/adds-post_upgrade_tasks-eba0656012c861a1.yaml12
-rw-r--r--releasenotes/notes/fix-internal-api-network-name-282bfda2cdb406aa.yaml6
-rw-r--r--releasenotes/notes/fix-missing-tacker-password-c2ce555cdd52c102.yaml4
-rw-r--r--releasenotes/notes/workflow_tasks-4da5830821b7154b.yaml (renamed from releasenotes/notes/service_workflow_tasks-4da5830821b7154b.yaml)0
-rw-r--r--roles/ControllerOpenstack.yaml4
-rw-r--r--roles/Networker.yaml7
-rw-r--r--roles/UndercloudLight.yaml34
-rwxr-xr-xtools/yaml-validate.py9
52 files changed, 465 insertions, 305 deletions
diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml
index f050d9a2..781527f4 100644
--- a/ci/environments/multinode-containers.yaml
+++ b/ci/environments/multinode-containers.yaml
@@ -7,12 +7,6 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
- # NOTE: This is needed because of upgrades from Ocata to Pike. We
- # deploy the initial environment with Ocata templates, and
- # overcloud-resource-registry.yaml there doesn't have this Docker
- # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
- # remove this.
- OS::TripleO::Services::Docker: OS::Heat::None
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml
index 79d5a280..0429a4b4 100644
--- a/ci/environments/scenario001-multinode-containers.yaml
+++ b/ci/environments/scenario001-multinode-containers.yaml
@@ -16,12 +16,6 @@ resource_registry:
# TODO fluentd is being containerized: https://review.openstack.org/#/c/467072/
OS::TripleO::Services::FluentdClient: ../../puppet/services/logging/fluentd-client.yaml
OS::TripleO::Services::SensuClient: ../../docker/services/sensu-client.yaml
- # NOTE: This is needed because of upgrades from Ocata to Pike. We
- # deploy the initial environment with Ocata templates, and
- # overcloud-resource-registry.yaml there doesn't have this Docker
- # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
- # remove this.
- OS::TripleO::Services::Docker: OS::Heat::None
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
@@ -106,6 +100,7 @@ parameter_defaults:
- /dev/loop3
journal_size: 512
journal_collocation: true
+ osd_scenario: collocated
CephAnsibleExtraConfig:
ceph_conf_overrides:
global:
@@ -123,7 +118,7 @@ parameter_defaults:
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
CephPoolDefaultSize: 1
- DockerCephDaemonImage: ceph/daemon:tag-build-master-jewel-centos-7
+ DockerCephDaemonImage: ceph/daemon:tag-build-ceph-dfg-jewel-centos-7
NovaEnableRbdBackend: true
CinderEnableRbdBackend: true
CinderBackupBackend: ceph
diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml
index 0ca67d00..bec5f48e 100644
--- a/ci/environments/scenario002-multinode-containers.yaml
+++ b/ci/environments/scenario002-multinode-containers.yaml
@@ -10,12 +10,6 @@ resource_registry:
OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml
OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
OS::TripleO::Services::MongoDb: ../../docker/services/database/mongodb.yaml
- # NOTE: This is needed because of upgrades from Ocata to Pike. We
- # deploy the initial environment with Ocata templates, and
- # overcloud-resource-registry.yaml there doesn't have this Docker
- # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
- # remove this.
- OS::TripleO::Services::Docker: OS::Heat::None
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
diff --git a/ci/environments/scenario003-multinode-containers.yaml b/ci/environments/scenario003-multinode-containers.yaml
index 107b66b2..65fa6a65 100644
--- a/ci/environments/scenario003-multinode-containers.yaml
+++ b/ci/environments/scenario003-multinode-containers.yaml
@@ -11,12 +11,6 @@ resource_registry:
OS::TripleO::Services::MistralApi: ../../docker/services/mistral-api.yaml
OS::TripleO::Services::MistralEngine: ../../docker/services/mistral-engine.yaml
OS::TripleO::Services::MistralExecutor: ../../docker/services/mistral-executor.yaml
- # NOTE: This is needed because of upgrades from Ocata to Pike. We
- # deploy the initial environment with Ocata templates, and
- # overcloud-resource-registry.yaml there doesn't have this Docker
- # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
- # remove this.
- OS::TripleO::Services::Docker: OS::Heat::None
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
diff --git a/ci/environments/scenario004-multinode-containers.yaml b/ci/environments/scenario004-multinode-containers.yaml
index e2be75cc..4b647925 100644
--- a/ci/environments/scenario004-multinode-containers.yaml
+++ b/ci/environments/scenario004-multinode-containers.yaml
@@ -1,8 +1,3 @@
-# NOTE: This is an environment specific for containers CI. Mainly we
-# deploy non-pacemakerized overcloud. Once we are able to deploy and
-# upgrade pacemakerized and containerized overcloud, we should remove
-# this file and use normal CI multinode environments/scenarios.
-
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
@@ -18,16 +13,27 @@ resource_registry:
OS::TripleO::Services::ManilaScheduler: ../../docker/services/manila-scheduler.yaml
OS::TripleO::Services::ManilaShare: ../../docker/services/pacemaker/manila-share.yaml
OS::TripleO::Services::ManilaBackendCephFs: ../../puppet/services/manila-backend-cephfs.yaml
- # NOTE: This is needed because of upgrades from Ocata to Pike. We
- # deploy the initial environment with Ocata templates, and
- # overcloud-resource-registry.yaml there doesn't have this Docker
- # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
- # remove this.
- OS::TripleO::Services::Docker: OS::Heat::None
+ # TODO: in Queens, re-add bgp-vpn and l2gw services when
+ # containerized.
+ # https://bugs.launchpad.net/bugs/1713612
+ # OS::TripleO::Services::NeutronBgpVpnApi: ../../puppet/services/neutron-bgpvpn-api.yaml
+ # OS::TripleO::Services::NeutronL2gwApi: ../../puppet/services/neutron-l2gw-api.yaml
+ # OS::TripleO::Services::NeutronL2gwAgent: ../../puppet/services/neutron-l2gw-agent.yaml
+ # These enable Pacemaker
+ OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None
+ OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml
+ OS::TripleO::Services::RabbitMQ: ../../docker/services/pacemaker/rabbitmq.yaml
+ OS::TripleO::Services::HAproxy: ../../docker/services/pacemaker/haproxy.yaml
+ OS::TripleO::Services::Pacemaker: ../../puppet/services/pacemaker.yaml
+ OS::TripleO::Services::PacemakerRemote: ../../puppet/services/pacemaker_remote.yaml
+ OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml
+ OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml
+ OS::TripleO::Services::MySQL: ../../docker/services/pacemaker/database/mysql.yaml
+ OS::TripleO::Services::Keepalived: OS::Heat::None
# Some infra instances don't pass the ping test but are otherwise working.
# Since the OVB jobs also test this functionality we can shut it off here.
OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml
- OS::TripleO::Services::NovaMigrationTarget: OS::Heat::None
parameter_defaults:
@@ -80,6 +86,9 @@ parameter_defaults:
# TODO: in Queens, re-add bgp-vpn and l2gw services when
# containerized.
# https://bugs.launchpad.net/bugs/1713612
+ # - OS::TripleO::Services::NeutronBgpVpnApi
+ # - OS::TripleO::Services::NeutronL2gwApi
+ # - OS::TripleO::Services::NeutronL2gwAgent
ControllerExtraConfig:
nova::compute::libvirt::services::libvirt_virt_type: qemu
nova::compute::libvirt::libvirt_virt_type: qemu
@@ -98,4 +107,10 @@ parameter_defaults:
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
CephPoolDefaultSize: 1
SwiftCeilometerPipelineEnabled: false
+ # TODO: in Queens, re-add bgp-vpn and l2gw services when
+ # containerized.
+ # https://bugs.launchpad.net/bugs/1713612
+ # NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin, networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin'
+ # BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
+ # L2gwServiceProvider: ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default']
NotificationDriver: 'noop'
diff --git a/ci/environments/scenario006-multinode-containers.yaml b/ci/environments/scenario006-multinode-containers.yaml
index d0a952d5..025fd81e 100644
--- a/ci/environments/scenario006-multinode-containers.yaml
+++ b/ci/environments/scenario006-multinode-containers.yaml
@@ -5,7 +5,6 @@ resource_registry:
OS::TripleO::Services::IronicApi: ../docker/services/ironic-api.yaml
OS::TripleO::Services::IronicConductor: ../docker/services/ironic-conductor.yaml
OS::TripleO::Services::IronicPxe: ../docker/services/ironic-pxe.yaml
- OS::TripleO::Services::Docker: OS::Heat::None
parameter_defaults:
ControllerServices:
diff --git a/ci/environments/scenario007-multinode-containers.yaml b/ci/environments/scenario007-multinode-containers.yaml
index faf56ba4..bad3e4a5 100644
--- a/ci/environments/scenario007-multinode-containers.yaml
+++ b/ci/environments/scenario007-multinode-containers.yaml
@@ -1,12 +1,6 @@
resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode-os-net-config.yaml
- # NOTE: This is needed because of upgrades from Ocata to Pike. We
- # deploy the initial environment with Ocata templates, and
- # overcloud-resource-registry.yaml there doesn't have this Docker
- # mapping at all. After we stop CI'ing Ocata->Pike upgrade, we can
- # remove this.
- OS::TripleO::Services::Docker: OS::Heat::None
OS::TripleO::Services::OVNController: ../../docker/services/ovn-controller.yaml
OS::TripleO::Services::OVNDBs: ../../docker/services/ovn-dbs.yaml
# Some infra instances don't pass the ping test but are otherwise working.
diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2
index 1119fb60..a1bd8826 100644
--- a/common/deploy-steps.j2
+++ b/common/deploy-steps.j2
@@ -1,7 +1,15 @@
# certain initialization steps (run in a container) will occur
# on the role marked as primary controller or the first role listed
-{%- set primary_role = [roles[0]] -%}
-{%- for role in roles -%}
+{%- if enabled_roles is not defined -%}
+ # On upgrade certain roles can be disabled for operator driven upgrades
+ # See major_upgrade_steps.j2.yaml and post-upgrade.j2.yaml
+ {%- set enabled_roles = roles -%}
+ {%- set is_upgrade = false -%}
+{%- else %}
+ {%- set is_upgrade = true -%}
+{%- endif -%}
+{%- set primary_role = [enabled_roles[0]] -%}
+{%- for role in enabled_roles -%}
{%- if 'primary' in role.tags and 'controller' in role.tags -%}
{%- set _ = primary_role.pop() -%}
{%- set _ = primary_role.append(role) -%}
@@ -55,10 +63,10 @@ conditions:
{% for step in range(1, deploy_steps_max) %}
WorkflowTasks_Step{{step}}_Enabled:
or:
- {%- for role in roles %}
+ {%- for role in enabled_roles %}
- not:
equals:
- - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}]
+ - get_param: [role_data, {{role.name}}, workflow_tasks, step{{step}}]
- ''
- False
{%- endfor %}
@@ -90,30 +98,30 @@ resources:
_TASKS: {get_file: deploy-steps-tasks.yaml}
{%- for step in range(1, deploy_steps_max) %}
-# BEGIN service_workflow_tasks handling
+# BEGIN workflow_tasks handling
WorkflowTasks_Step{{step}}:
type: OS::Mistral::Workflow
condition: WorkflowTasks_Step{{step}}_Enabled
depends_on:
{%- if step == 1 %}
- {%- for dep in roles %}
+ {%- for dep in enabled_roles %}
- {{dep.name}}PreConfig
- {{dep.name}}ArtifactsDeploy
{%- endfor %}
{%- else %}
- {%- for dep in roles %}
+ {%- for dep in enabled_roles %}
- {{dep.name}}Deployment_Step{{step -1}}
{%- endfor %}
{%- endif %}
properties:
- name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]}
+ name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflow_tasks", "step{{step}}"]]}
type: direct
tasks:
yaql:
expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten()
data:
- {%- for role in roles %}
- - get_param: [role_data, {{role.name}}, service_workflow_tasks]
+ {%- for role in enabled_roles %}
+ - get_param: [role_data, {{role.name}}, workflow_tasks]
{%- endfor %}
WorkflowTasks_Step{{step}}_Execution:
@@ -143,13 +151,14 @@ resources:
{%- endfor %}
evaluate_env: false
always_update: true
-# END service_workflow_tasks handling
+# END workflow_tasks handling
{% endfor %}
+# Artifacts config and HostPrepConfig is done on all roles, not only
+# enabled_roles, because on upgrade we need to write the json files
+# for the operator driven upgrade scripts (the ansible steps consume them)
{% for role in roles %}
- # Post deployment steps for all roles
- # A single config is re-applied with an incrementing step number
- # {{role.name}} Role steps
+ # Prepare host tasks for {{role.name}}
{{role.name}}ArtifactsConfig:
type: ../puppet/deploy-artifacts.yaml
@@ -183,7 +192,11 @@ resources:
tasks:
# Join host_prep_tasks with the other per-host configuration
list_concat:
+{%- if is_upgrade|default(false) and role.disable_upgrade_deployment|default(false) %}
+ - []
+{%- else %}
- {get_param: [role_data, {{role.name}}, host_prep_tasks]}
+{%- endif %}
-
{%- raw %}
# Write the manifest for baremetal puppet configuration
@@ -235,9 +248,10 @@ resources:
properties:
servers: {get_param: [servers, {{role.name}}]}
config: {get_resource: {{role.name}}HostPrepConfig}
+{% endfor %}
- # BEGIN CONFIG STEPS
-
+ # BEGIN CONFIG STEPS, only on enabled_roles
+{%- for role in enabled_roles %}
{{role.name}}PreConfig:
type: OS::TripleO::Tasks::{{role.name}}PreConfig
depends_on: {{role.name}}HostPrepDeployment
@@ -246,6 +260,8 @@ resources:
input_values:
update_identifier: {get_param: DeployIdentifier}
+ # Deployment steps for {{role.name}}
+ # A single config is re-applied with an incrementing step number
{% for step in range(1, deploy_steps_max) %}
{{role.name}}Deployment_Step{{step}}:
type: OS::TripleO::DeploymentSteps
@@ -257,12 +273,12 @@ resources:
# if https://bugs.launchpad.net/heat/+bug/1700569
# is fixed.
{%- if step == 1 %}
- {%- for dep in roles %}
+ {%- for dep in enabled_roles %}
- {{dep.name}}PreConfig
- {{dep.name}}ArtifactsDeploy
{%- endfor %}
{%- else %}
- {%- for dep in roles %}
+ {%- for dep in enabled_roles %}
- {{dep.name}}Deployment_Step{{step -1}}
{%- endfor %}
{%- endif %}
@@ -285,7 +301,7 @@ resources:
# after all the previous deployment steps.
{{role.name}}ExtraConfigPost:
depends_on:
- {%- for dep in roles %}
+ {%- for dep in enabled_roles %}
- {{dep.name}}Deployment_Step5
{%- endfor %}
type: OS::TripleO::NodeExtraConfigPost
@@ -298,7 +314,7 @@ resources:
{{role.name}}PostConfig:
type: OS::TripleO::Tasks::{{role.name}}PostConfig
depends_on:
- {%- for dep in roles %}
+ {%- for dep in enabled_roles %}
- {{dep.name}}ExtraConfigPost
{%- endfor %}
properties:
@@ -354,8 +370,3 @@ outputs:
with_sequence: start=0 end={{upgrade_steps_max-1}}
loop_control:
loop_var: step
- - include: deploy_steps_tasks.yaml
- with_sequence: start=0 end={{deploy_steps_max-1}}
- loop_control:
- loop_var: step
-
diff --git a/common/major_upgrade_steps.j2.yaml b/common/major_upgrade_steps.j2.yaml
index 7fc91153..36b342f9 100644
--- a/common/major_upgrade_steps.j2.yaml
+++ b/common/major_upgrade_steps.j2.yaml
@@ -187,6 +187,43 @@ resources:
role_data: {get_param: role_data}
ctlplane_service_ips: {get_param: ctlplane_service_ips}
+{%- for step in range(0, upgrade_steps_max) %}
+ {%- for role in roles %}
+ {{role.name}}PostUpgradeConfig_Config{{step}}:
+ type: OS::TripleO::UpgradeConfig
+ depends_on:
+ {%- for role_inside in enabled_roles %}
+ {%- if step > 0 %}
+ - {{role_inside.name}}PostUpgradeConfig_Deployment{{step -1}}
+ {%- else %}
+ - AllNodesPostUpgradeSteps
+ {%- endif %}
+ {%- endfor %}
+ properties:
+ UpgradeStepConfig: {get_param: [role_data, {{role.name}}, post_upgrade_tasks]}
+ step: {{step}}
+ {%- endfor %}
+
+ {%- for role in enabled_roles %}
+ {{role.name}}PostUpgradeConfig_Deployment{{step}}:
+ type: OS::Heat::SoftwareDeploymentGroup
+ depends_on:
+ {%- for role_inside in enabled_roles %}
+ {%- if step > 0 %}
+ - {{role_inside.name}}PostUpgradeConfig_Deployment{{step -1}}
+ {%- else %}
+ - AllNodesPostUpgradeSteps
+ {%- endif %}
+ {%- endfor %}
+ properties:
+ servers: {get_param: [servers, {{role.name}}]}
+ config: {get_resource: {{role.name}}PostUpgradeConfig_Config{{step}}}
+ input_values:
+ role: {{role.name}}
+ update_identifier: {get_param: UpdateIdentifier}
+ {%- endfor %}
+{%- endfor %}
+
outputs:
# Output the config for each role, just use Step1 as the config should be
# the same for all steps (only the tag provided differs)
@@ -196,3 +233,7 @@ outputs:
{% for role in roles %}
{{role.name.lower()}}: {get_attr: [{{role.name}}UpgradeConfig_Step1, upgrade_config]}
{% endfor %}
+ RoleConfig:
+ description: Mapping of config data for all roles
+ value: {get_attr: [AllNodesPostUpgradeSteps, RoleConfig]}
+
diff --git a/common/post-upgrade.j2.yaml b/common/post-upgrade.j2.yaml
index 7cd6abdf..af47c6ea 100644
--- a/common/post-upgrade.j2.yaml
+++ b/common/post-upgrade.j2.yaml
@@ -1,4 +1,4 @@
# Note the include here is the same as post.j2.yaml but the data used at
# # the time of rendering is different if any roles disable upgrades
-{% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
+{% set enabled_roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
{% include 'deploy-steps.j2' %}
diff --git a/common/services.yaml b/common/services.yaml
index a8186e43..a0015c7e 100644
--- a/common/services.yaml
+++ b/common/services.yaml
@@ -174,13 +174,13 @@ resources:
expression: coalesce($.data.role_data, []).where($ != null).select($.get('service_config_settings')).where($ != null).reduce($1.mergeWith($2), {})
data: {role_data: {get_attr: [ServiceChain, role_data]}}
- ServiceWorkflowTasks:
+ WorkflowTasks:
type: OS::Heat::Value
properties:
type: json
value:
yaql:
- expression: coalesce($.data.role_data, []).where($ != null).select($.get('service_workflow_tasks')).where($ != null).reduce($1.mergeWith($2), {})
+ expression: coalesce($.data.role_data, []).where($ != null).select($.get('workflow_tasks')).where($ != null).reduce($1.mergeWith($2), {})
data: {role_data: {get_attr: [ServiceChain, role_data]}}
UpgradeTasks:
@@ -193,6 +193,16 @@ resources:
expression: coalesce($.data, []).where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct()
data: {get_attr: [ServiceChain, role_data]}
+ PostUpgradeTasks:
+ type: OS::Heat::Value
+ properties:
+ type: comma_delimited_list
+ value:
+ yaql:
+ # Note we use distinct() here to filter any identical tasks, e.g yum update for all services
+ expression: coalesce($.data, []).where($ != null).select($.get('post_upgrade_tasks')).where($ != null).flatten().distinct()
+ data: {get_attr: [ServiceChain, role_data]}
+
UpdateTasks:
type: OS::Heat::Value
properties:
@@ -260,9 +270,10 @@ outputs:
config_settings: {map_merge: {get_attr: [ServiceChain, role_data, config_settings]}}
global_config_settings: {get_attr: [GlobalConfigSettings, value]}
service_config_settings: {get_attr: [ServiceConfigSettings, value]}
- service_workflow_tasks: {get_attr: [ServiceWorkflowTasks, value]}
+ workflow_tasks: {get_attr: [WorkflowTasks, value]}
step_config: {get_attr: [PuppetStepConfig, value]}
upgrade_tasks: {get_attr: [UpgradeTasks, value]}
+ post_upgrade_tasks: {get_attr: [PostUpgradeTasks, value]}
update_tasks: {get_attr: [UpdateTasks, value]}
upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]}
service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml
index 18d3e6a3..8cc81fb0 100644
--- a/docker/services/ceph-ansible/ceph-base.yaml
+++ b/docker/services/ceph-ansible/ceph-base.yaml
@@ -58,13 +58,17 @@ parameters:
type: string
description: List of ceph-ansible tags to skip
default: 'package-install,with_pkg'
+ CephConfigOverrides:
+ type: json
+ description: Extra config settings to dump into ceph.conf
+ default: {}
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.
CephPoolDefaultPgNum:
description: default pg_num to use for the RBD pools
type: number
- default: 32
+ default: 128
CephPools:
description: >
It can be used to override settings for one of the predefined pools, or to create
@@ -178,7 +182,7 @@ outputs:
config_volume: ''
step_config: ''
docker_config: {}
- service_workflow_tasks:
+ workflow_tasks:
step2:
- name: ceph_base_ansible_workflow
workflow: { get_param: CephAnsibleWorkflowName }
@@ -269,16 +273,19 @@ outputs:
pools: []
ceph_conf_overrides:
global:
- osd_pool_default_size: {get_param: CephPoolDefaultSize}
- osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
- rgw_keystone_api_version: 3
- rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
- rgw_keystone_accepted_roles: 'Member, _member_, admin'
- rgw_keystone_admin_domain: default
- rgw_keystone_admin_project: service
- rgw_keystone_admin_user: swift
- rgw_keystone_admin_password: {get_param: SwiftPassword}
- rgw_s3_auth_use_keystone: 'true'
+ map_merge:
+ - osd_pool_default_size: {get_param: CephPoolDefaultSize}
+ osd_pool_default_pg_num: {get_param: CephPoolDefaultPgNum}
+ osd_pool_default_pgp_num: {get_param: CephPoolDefaultPgNum}
+ rgw_keystone_api_version: 3
+ rgw_keystone_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
+ rgw_keystone_accepted_roles: 'Member, _member_, admin'
+ rgw_keystone_admin_domain: default
+ rgw_keystone_admin_project: service
+ rgw_keystone_admin_user: swift
+ rgw_keystone_admin_password: {get_param: SwiftPassword}
+ rgw_s3_auth_use_keystone: 'true'
+ - {get_param: CephConfigOverrides}
ntp_service_enabled: false
generate_fsid: false
ip_version:
diff --git a/docker/services/ceph-ansible/ceph-client.yaml b/docker/services/ceph-ansible/ceph-client.yaml
index 55d8d9da..0b782941 100644
--- a/docker/services/ceph-ansible/ceph-client.yaml
+++ b/docker/services/ceph-ansible/ceph-client.yaml
@@ -54,5 +54,5 @@ outputs:
config_volume: ''
step_config: ''
docker_config: {}
- service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
config_settings: {}
diff --git a/docker/services/ceph-ansible/ceph-external.yaml b/docker/services/ceph-ansible/ceph-external.yaml
index f93dd566..bb2fc20a 100644
--- a/docker/services/ceph-ansible/ceph-external.yaml
+++ b/docker/services/ceph-ansible/ceph-external.yaml
@@ -58,7 +58,7 @@ outputs:
config_volume: ''
step_config: ''
docker_config: {}
- service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
config_settings:
ceph_client_ansible_vars:
map_merge:
diff --git a/docker/services/ceph-ansible/ceph-mds.yaml b/docker/services/ceph-ansible/ceph-mds.yaml
index 4ef3a669..abdb3c3f 100644
--- a/docker/services/ceph-ansible/ceph-mds.yaml
+++ b/docker/services/ceph-ansible/ceph-mds.yaml
@@ -68,7 +68,7 @@ outputs:
config_volume: ''
step_config: ''
docker_config: {}
- service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
config_settings:
map_merge:
- tripleo.ceph_mds.firewall_rules:
diff --git a/docker/services/ceph-ansible/ceph-mon.yaml b/docker/services/ceph-ansible/ceph-mon.yaml
index 90149d1e..45f939c2 100644
--- a/docker/services/ceph-ansible/ceph-mon.yaml
+++ b/docker/services/ceph-ansible/ceph-mon.yaml
@@ -71,7 +71,7 @@ outputs:
config_volume: ''
step_config: ''
docker_config: {}
- service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
config_settings:
map_merge:
- tripleo.ceph_mon.firewall_rules:
diff --git a/docker/services/ceph-ansible/ceph-osd.yaml b/docker/services/ceph-ansible/ceph-osd.yaml
index 6e0f4a60..a441f5c9 100644
--- a/docker/services/ceph-ansible/ceph-osd.yaml
+++ b/docker/services/ceph-ansible/ceph-osd.yaml
@@ -38,6 +38,7 @@ parameters:
- /dev/vdb
journal_size: 512
journal_collocation: true
+ osd_scenario: collocated
resources:
CephBase:
@@ -62,7 +63,7 @@ outputs:
config_volume: ''
step_config: ''
docker_config: {}
- service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
config_settings:
map_merge:
- tripleo.ceph_osd.firewall_rules:
@@ -72,4 +73,5 @@ outputs:
- ceph_osd_ansible_vars:
map_merge:
- {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
+ - osd_objectstore: filestore
- {get_param: CephAnsibleDisksConfig} \ No newline at end of file
diff --git a/docker/services/ceph-ansible/ceph-rgw.yaml b/docker/services/ceph-ansible/ceph-rgw.yaml
index 4bed9b46..4479fdbf 100644
--- a/docker/services/ceph-ansible/ceph-rgw.yaml
+++ b/docker/services/ceph-ansible/ceph-rgw.yaml
@@ -62,7 +62,7 @@ outputs:
config_volume: ''
step_config: ''
docker_config: {}
- service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ workflow_tasks: {get_attr: [CephBase, role_data, workflow_tasks]}
config_settings:
map_merge:
- tripleo.ceph_rgw.firewall_rules:
diff --git a/docker/services/containers-common.yaml b/docker/services/containers-common.yaml
index 2c894da5..9f982f8b 100644
--- a/docker/services/containers-common.yaml
+++ b/docker/services/containers-common.yaml
@@ -64,6 +64,7 @@ outputs:
# Syslog socket
- /dev/log:/dev/log
- /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro
+ - /sys/fs/selinux:/sys/fs/selinux
- if:
- internal_tls_enabled
- - list_join:
diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml
index 5a6958a0..9a114458 100644
--- a/docker/services/gnocchi-metricd.yaml
+++ b/docker/services/gnocchi-metricd.yaml
@@ -90,7 +90,7 @@ outputs:
owner: gnocchi:gnocchi
recurse: true
docker_config:
- step_4:
+ step_5:
gnocchi_metricd:
image: {get_param: DockerGnocchiMetricdImage}
net: host
diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml
index 2957312b..834d0055 100644
--- a/docker/services/gnocchi-statsd.yaml
+++ b/docker/services/gnocchi-statsd.yaml
@@ -90,7 +90,7 @@ outputs:
owner: gnocchi:gnocchi
recurse: true
docker_config:
- step_4:
+ step_5:
gnocchi_statsd:
image: {get_param: DockerGnocchiStatsdImage}
net: host
diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml
index f0e2f71d..70e1f893 100644
--- a/docker/services/haproxy.yaml
+++ b/docker/services/haproxy.yaml
@@ -96,8 +96,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [HAProxyBase, role_data, config_settings]
- - tripleo::haproxy::haproxy_daemon: false
- tripleo::haproxy::haproxy_service_manage: false
+ - tripleo::haproxy::haproxy_service_manage: false
# NOTE(jaosorior): We disable the CRL since we have no way to restart haproxy
# when this is updated
tripleo::haproxy::crl_file: null
@@ -130,7 +129,7 @@ outputs:
- null
kolla_config:
/var/lib/kolla/config_files/haproxy.json:
- command: haproxy -f /etc/haproxy/haproxy.cfg
+ command: /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index f46e27c0..9f1ae865 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -219,7 +219,7 @@ outputs:
detach: false
volumes: *nova_api_bootstrap_volumes
user: root
- command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts'"
+ command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage cell_v2 discover_hosts --verbose'"
metadata_settings:
get_attr: [NovaApiBase, role_data, metadata_settings]
host_prep_tasks:
diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml
index c2117c04..cdb8c1bc 100644
--- a/docker/services/pacemaker/cinder-backup.yaml
+++ b/docker/services/pacemaker/cinder-backup.yaml
@@ -188,6 +188,9 @@ outputs:
resource: openstack-cinder-backup
state: disable
wait_for_resource: true
+ register: output
+ retries: 5
+ until: output.rc == 0
when: is_bootstrap_node
- name: Delete the stopped openstack-cinder-backup cluster resource.
tags: step2
@@ -195,6 +198,9 @@ outputs:
resource: openstack-cinder-backup
state: delete
wait_for_resource: true
+ register: output
+ retries: 5
+ until: output.rc == 0
when: is_bootstrap_node
- name: Disable cinder_backup service
tags: step2
diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml
index a4f69517..15c5e099 100644
--- a/docker/services/pacemaker/cinder-volume.yaml
+++ b/docker/services/pacemaker/cinder-volume.yaml
@@ -206,6 +206,9 @@ outputs:
resource: openstack-cinder-volume
state: disable
wait_for_resource: true
+ register: output
+ retries: 5
+ until: output.rc == 0
when: is_bootstrap_node
- name: Delete the stopped openstack-cinder-volume cluster resource.
tags: step2
@@ -213,6 +216,9 @@ outputs:
resource: openstack-cinder-volume
state: delete
wait_for_resource: true
+ register: output
+ retries: 5
+ until: output.rc == 0
when: is_bootstrap_node
- name: Disable cinder_volume service from boot
tags: step2
diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml
index f57f779e..9dace271 100644
--- a/docker/services/pacemaker/database/mysql.yaml
+++ b/docker/services/pacemaker/database/mysql.yaml
@@ -159,6 +159,7 @@ outputs:
detach: false
image: {get_param: DockerMysqlImage}
net: host
+ user: root
# Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
command:
- 'bash'
@@ -167,8 +168,9 @@ outputs:
list_join:
- "\n"
- - 'if [ -e /var/lib/mysql/mysql ]; then exit 0; fi'
- - 'kolla_start'
- - 'mysqld_safe --skip-networking --wsrep-on=OFF --wsrep-provider=none &'
+ - 'echo -e "\n[mysqld]\nwsrep_provider=none" >> /etc/my.cnf'
+ - 'sudo -u mysql -E kolla_start'
+ - 'mysqld_safe --skip-networking --wsrep-on=OFF &'
- 'timeout ${DB_MAX_TIMEOUT} /bin/bash -c ''until mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" ping 2>/dev/null; do sleep 1; done'''
- 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "CREATE USER ''clustercheck''@''localhost'' IDENTIFIED BY ''${DB_CLUSTERCHECK_PASSWORD}'';"'
- 'mysql -uroot -p"${DB_ROOT_PASSWORD}" -e "GRANT PROCESS ON *.* TO ''clustercheck''@''localhost'' WITH GRANT OPTION;"'
@@ -266,20 +268,34 @@ outputs:
- name: set is_bootstrap_node fact
tags: common
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Check cluster resource status
+ tags: step2
+ pacemaker_resource:
+ resource: galera
+ state: master
+ check_mode: true
+ ignore_errors: true
+ register: galera_res
- name: Disable the galera cluster resource
tags: step2
pacemaker_resource:
resource: galera
state: disable
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and galera_res|succeeded
- name: Delete the stopped galera cluster resource.
tags: step2
pacemaker_resource:
resource: galera
state: delete
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and galera_res|succeeded
- name: Disable mysql service
tags: step2
service: name=mariadb enabled=no
diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml
index 0b8aa046..4d26a084 100644
--- a/docker/services/pacemaker/database/redis.yaml
+++ b/docker/services/pacemaker/database/redis.yaml
@@ -36,9 +36,19 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
+ ContainersCommon:
+ type: ../../containers-common.yaml
+
RedisBase:
type: ../../../../puppet/services/database/redis.yaml
properties:
@@ -74,6 +84,8 @@ outputs:
- 3124
- 6379
- 26379
+ tripleo::stunnel::manage_service: false
+ tripleo::stunnel::foreground: 'yes'
step_config: ""
service_config_settings: {get_attr: [RedisBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
@@ -109,6 +121,13 @@ outputs:
- path: /var/log/redis
owner: redis:redis
recurse: true
+ /var/lib/kolla/config_files/redis_tls_proxy.json:
+ command: stunnel /etc/stunnel/stunnel.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
docker_config:
step_1:
redis_image_tag:
@@ -134,32 +153,54 @@ outputs:
- /usr/bin:/usr/bin:ro
- /var/run/docker.sock:/var/run/docker.sock:rw
step_2:
- redis_init_bundle:
- start_order: 2
- detach: false
- net: host
- user: root
- config_volume: 'redis_init_bundle'
- command:
- - '/bin/bash'
- - '-c'
- - str_replace:
- template:
- list_join:
- - '; '
- - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
- - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
- params:
- TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
- CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle'
- image: *redis_config_image
- volumes:
- - /etc/hosts:/etc/hosts:ro
- - /etc/localtime:/etc/localtime:ro
- - /etc/puppet:/tmp/puppet-etc:ro
- - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
- - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
- - /dev/shm:/dev/shm:rw
+ map_merge:
+ - redis_init_bundle:
+ start_order: 2
+ detach: false
+ net: host
+ user: root
+ config_volume: 'redis_init_bundle'
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 2}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file,file_line,concat,augeas,TAGS -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
+ CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::redis_bundle'
+ image: *redis_config_image
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ - if:
+ - internal_tls_enabled
+ - redis_tls_proxy:
+ start_order: 3
+ image: *redis_image_pcmklatest
+ net: host
+ user: root
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/redis_tls_proxy.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/redis/:/var/lib/kolla/config_files/src:ro
+ - /etc/pki/tls/certs/redis.crt:/etc/pki/tls/certs/redis.crt:ro
+ - /etc/pki/tls/private/redis.key:/etc/pki/tls/private/redis.key:ro
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ - {}
+ metadata_settings:
+ get_attr: [RedisBase, role_data, metadata_settings]
host_prep_tasks:
- name: create /var/run/redis
file:
@@ -181,20 +222,34 @@ outputs:
- name: set is_bootstrap_node fact
tags: common
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Check cluster resource status
+ tags: step2
+ pacemaker_resource:
+ resource: {get_attr: [RedisBase, role_data, service_name]}
+ state: master
+ check_mode: true
+ ignore_errors: true
+ register: redis_res
- name: Disable the redis cluster resource
tags: step2
pacemaker_resource:
resource: {get_attr: [RedisBase, role_data, service_name]}
state: disable
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and redis_res|succeeded
- name: Delete the stopped redis cluster resource.
tags: step2
pacemaker_resource:
resource: {get_attr: [RedisBase, role_data, service_name]}
state: delete
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and redis_res|succeeded
- name: Disable redis service
tags: step2
service: name=redis enabled=no
diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml
index 3cdc5255..2cc04e96 100644
--- a/docker/services/pacemaker/haproxy.yaml
+++ b/docker/services/pacemaker/haproxy.yaml
@@ -78,8 +78,7 @@ outputs:
config_settings:
map_merge:
- get_attr: [HAProxyBase, role_data, config_settings]
- - tripleo::haproxy::haproxy_daemon: false
- haproxy_docker: true
+ - haproxy_docker: true
tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image {get_param: DockerHAProxyImage}
# the list of directories that contain the certs to bind mount in the countainer
# bind-mounting the directories rather than all the cert, key and pem files ensures
@@ -120,7 +119,7 @@ outputs:
data: *tls_mapping
kolla_config:
/var/lib/kolla/config_files/haproxy.json:
- command: haproxy -f /etc/haproxy/haproxy.cfg
+ command: /usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
@@ -224,17 +223,31 @@ outputs:
- name: set is_bootstrap_node fact
tags: common
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Check cluster resource status
+ tags: step2
+ pacemaker_resource:
+ resource: {get_attr: [HAProxyBase, role_data, service_name]}
+ state: started
+ check_mode: true
+ ignore_errors: true
+ register: haproxy_res
- name: Disable the haproxy cluster resource.
tags: step2
pacemaker_resource:
resource: {get_attr: [HAProxyBase, role_data, service_name]}
state: disable
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and haproxy_res|succeeded
- name: Delete the stopped haproxy cluster resource.
tags: step2
pacemaker_resource:
resource: {get_attr: [HAProxyBase, role_data, service_name]}
state: delete
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and haproxy_res|succeeded
diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml
index ba1abaf9..7333689c 100644
--- a/docker/services/pacemaker/rabbitmq.yaml
+++ b/docker/services/pacemaker/rabbitmq.yaml
@@ -215,20 +215,34 @@ outputs:
- name: set is_bootstrap_node fact
tags: common
set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
+ - name: Check cluster resource status
+ tags: step2
+ pacemaker_resource:
+ resource: {get_attr: [RabbitmqBase, role_data, service_name]}
+ state: started
+ check_mode: true
+ ignore_errors: true
+ register: rabbitmq_res
- name: Disable the rabbitmq cluster resource.
tags: step2
pacemaker_resource:
resource: {get_attr: [RabbitmqBase, role_data, service_name]}
state: disable
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and rabbitmq_res|succeeded
- name: Delete the stopped rabbitmq cluster resource.
tags: step2
pacemaker_resource:
resource: {get_attr: [RabbitmqBase, role_data, service_name]}
state: delete
wait_for_resource: true
- when: is_bootstrap_node
+ register: output
+ retries: 5
+ until: output.rc == 0
+ when: is_bootstrap_node and rabbitmq_res|succeeded
- name: Disable rabbitmq service
tags: step2
service: name=rabbitmq-server enabled=no
diff --git a/environments/docker-uc-light.yaml b/environments/docker-uc-light.yaml
new file mode 100644
index 00000000..3220489c
--- /dev/null
+++ b/environments/docker-uc-light.yaml
@@ -0,0 +1,29 @@
+# A lightweight UC for pre-provisioned deployed servers
+resource_registry:
+ OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
+ # Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2
+ OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml
+
+ OS::TripleO::Services::ContainersLogrotateCrond: ../docker/services/logrotate-crond.yaml
+ OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml
+ OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
+ OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
+ OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
+ OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml
+ OS::TripleO::Services::MistralApi: ../docker/services/mistral-api.yaml
+ OS::TripleO::Services::MistralEngine: ../docker/services/mistral-engine.yaml
+ OS::TripleO::Services::MistralExecutor: ../docker/services/mistral-executor.yaml
+ OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
+ OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
+ OS::TripleO::Services::NeutronCorePlugin: ../docker/services/neutron-plugin-ml2.yaml
+ OS::TripleO::Services::NeutronDhcpAgent: ../docker/services/neutron-dhcp.yaml
+ OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
+ OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
+ OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
+ OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
+ OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml
+ OS::TripleO::Services::Zaqar: ../docker/services/zaqar.yaml
+
+parameter_defaults:
+ ZaqarMessageStore: 'swift'
+ ZaqarManagementStore: 'sqlalchemy' \ No newline at end of file
diff --git a/environments/network-isolation-no-tunneling.j2.yaml b/environments/network-isolation-no-tunneling.j2.yaml
new file mode 100644
index 00000000..6bf00f1e
--- /dev/null
+++ b/environments/network-isolation-no-tunneling.j2.yaml
@@ -0,0 +1,34 @@
+# ******************************************************************************
+# DEPRECATED: Modify networks used for custom roles by modifying the role file
+# in the roles/ directory, or disable the network entirely by setting network to
+# "enabled: false" in network_data.yaml.
+# ******************************************************************************
+# Enable the creation of Neutron networks for isolated Overcloud
+# traffic and configure each role to assign ports (related
+# to that role) on these networks. This version of the environment
+# has no dedicated VLAN for tunneling, for deployments that use
+# VLAN mode, flat provider networks, etc.
+resource_registry:
+ # networks as defined in network_data.yaml, except for tenant net
+ {%- for network in networks if network.enabled|default(true) and network.name != 'Tenant' %}
+ OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}.yaml
+ {%- endfor %}
+ OS::TripleO::Network::Tenant: OS::Heat::None
+
+ # Port assignments for the VIPs
+ {%- for network in networks if network.vip and network.name != 'Tenant' %}
+ OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml
+ {%- endfor %}
+ OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
+
+ # Port assignments for each role are determined by the role definition.
+{%- for role in roles %}
+ # Port assignments for the {{role.name}} role.
+ {%- for network in networks %}
+ {%- if network.name in role.networks|default([]) and network.enabled|default(true) and network.name != 'Tenant'%}
+ OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml
+ {%- elif network.enabled|default(true) %}
+ OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/noop.yaml
+ {%- endif %}
+ {%- endfor %}
+{% endfor %}
diff --git a/environments/network-isolation-no-tunneling.yaml b/environments/network-isolation-no-tunneling.yaml
deleted file mode 100644
index ff1d7887..00000000
--- a/environments/network-isolation-no-tunneling.yaml
+++ /dev/null
@@ -1,61 +0,0 @@
-# Enable the creation of Neutron networks for isolated Overcloud
-# traffic and configure each role to assign ports (related
-# to that role) on these networks. This version of the environment
-# has no dedicated VLAN for tunneling, for deployments that use
-# VLAN mode, flat provider networks, etc.
-resource_registry:
- OS::TripleO::Network::External: ../network/external.yaml
- OS::TripleO::Network::InternalApi: ../network/internal_api.yaml
- OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt.yaml
- OS::TripleO::Network::Storage: ../network/storage.yaml
- OS::TripleO::Network::Tenant: ../network/noop.yaml
- # Management network is optional and disabled by default.
- # To enable it, include environments/network-management.yaml
- #OS::TripleO::Network::Management: ../network/management.yaml
-
- # Port assignments for the VIPs
- OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external.yaml
- OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api.yaml
- OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage.yaml
- OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
-
- # Port assignments for the controller role
- OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external.yaml
- OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api.yaml
- OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::Controller::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management.yaml
-
- # Port assignments for the compute role
- OS::TripleO::Compute::Ports::ExternalPort: ../network/ports/noop.yaml
- OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api.yaml
- OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::Compute::Ports::StorageMgmtPort: ../network/ports/noop.yaml
- OS::TripleO::Compute::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::Compute::Ports::ManagementPort: ../network/ports/management.yaml
-
- # Port assignments for the ceph storage role
- OS::TripleO::CephStorage::Ports::ExternalPort: ../network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::InternalApiPort: ../network/ports/noop.yaml
- OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::CephStorage::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::CephStorage::Ports::ManagementPort: ../network/ports/management.yaml
-
- # Port assignments for the swift storage role
- OS::TripleO::SwiftStorage::Ports::ExternalPort: ../network/ports/noop.yaml
- OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml
- OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::SwiftStorage::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::SwiftStorage::Ports::ManagementPort: ../network/ports/management.yaml
-
- # Port assignments for the block storage role
- OS::TripleO::BlockStorage::Ports::ExternalPort: ../network/ports/noop.yaml
- OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api.yaml
- OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage.yaml
- OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt.yaml
- OS::TripleO::BlockStorage::Ports::TenantPort: ../network/ports/noop.yaml
- #OS::TripleO::BlockStorage::Ports::ManagementPort: ../network/ports/management.yaml
diff --git a/environments/network-isolation.j2.yaml b/environments/network-isolation.j2.yaml
index 1b792afd..2db1a828 100644
--- a/environments/network-isolation.j2.yaml
+++ b/environments/network-isolation.j2.yaml
@@ -22,9 +22,6 @@ resource_registry:
{%- endfor %}
OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip.yaml
-
- OS::TripleO::{{primary_role_name}}::Ports::RedisVipPort: ../network/ports/vip.yaml
-
{%- for role in roles %}
# Port assignments for the {{role.name}}
{%- for network in networks %}
diff --git a/environments/neutron-nuage-config.yaml b/environments/neutron-nuage-config.yaml
index ce64311b..fb47770f 100644
--- a/environments/neutron-nuage-config.yaml
+++ b/environments/neutron-nuage-config.yaml
@@ -28,6 +28,8 @@ parameter_defaults:
NeutronTunnelIdRanges: ''
NeutronNetworkVLANRanges: ''
NeutronVniRanges: ''
+ NovaPatchConfigMonkeyPatch: false
+ NovaPatchConfigMonkeyPatchModules: ''
NovaOVSBridge: 'default_bridge'
NeutronMetadataProxySharedSecret: 'default'
InstanceNameTemplate: 'inst-%08x'
diff --git a/environments/services/neutron-lbaasv2.yaml b/environments/services/neutron-lbaasv2.yaml
index 385bb2fe..ca42d20d 100644
--- a/environments/services/neutron-lbaasv2.yaml
+++ b/environments/services/neutron-lbaasv2.yaml
@@ -8,7 +8,7 @@
# - OVS: neutron.agent.linux.interface.OVSInterfaceDriver
# - LinuxBridges: neutron.agent.linux.interface.BridgeInterfaceDriver
resource_registry:
- OS::TripleO::Services::NeutronLbaasv2Agent: ../puppet/services/neutron-lbaas.yaml
+ OS::TripleO::Services::NeutronLbaasv2Agent: ../../puppet/services/neutron-lbaas.yaml
parameter_defaults:
NeutronLbaasInterfaceDriver: "neutron.agent.linux.interface.OVSInterfaceDriver"
diff --git a/network/management_v6.yaml b/network/management_v6.yaml
deleted file mode 100644
index 2eb8c876..00000000
--- a/network/management_v6.yaml
+++ /dev/null
@@ -1,71 +0,0 @@
-heat_template_version: pike
-
-description: >
- Management network. System administration, SSH, DNS, NTP, etc. This network
- would usually be the default gateway for the non-controller nodes.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- ManagementNetCidr:
- default: 'fd00:fd00:fd00:6000::/64'
- description: Cidr for the management network.
- type: string
- ManagementNetValueSpecs:
- default: {'provider:physical_network': 'management', 'provider:network_type': 'flat'}
- description: Value specs for the management network.
- type: json
- ManagementNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- ManagementNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- ManagementNetName:
- default: management
- description: The name of the management network.
- type: string
- ManagementSubnetName:
- default: management_subnet
- description: The name of the management subnet in Neutron.
- type: string
- ManagementAllocationPools:
- default: [{'start': 'fd00:fd00:fd00:6000::10', 'end': 'fd00:fd00:fd00:6000:ffff:ffff:ffff:fffe'}]
- description: Ip allocation pool range for the management network.
- type: json
- IPv6AddressMode:
- default: dhcpv6-stateful
- description: Neutron subnet IPv6 address mode
- type: string
- IPv6RAMode:
- default: dhcpv6-stateful
- description: Neutron subnet IPv6 router advertisement mode
- type: string
-
-resources:
- ManagementNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: ManagementNetAdminStateUp}
- name: {get_param: ManagementNetName}
- shared: {get_param: ManagementNetShared}
- value_specs: {get_param: ManagementNetValueSpecs}
-
- ManagementSubnet:
- type: OS::Neutron::Subnet
- properties:
- ip_version: 6
- ipv6_address_mode: {get_param: IPv6AddressMode}
- ipv6_ra_mode: {get_param: IPv6RAMode}
- cidr: {get_param: ManagementNetCidr}
- name: {get_param: ManagementSubnetName}
- network: {get_resource: ManagementNetwork}
- allocation_pools: {get_param: ManagementAllocationPools}
-
-outputs:
- OS::stack_id:
- description: Neutron management network
- value: {get_resource: ManagementNetwork}
- subnet_cidr:
- value: {get_attr: [ManagementSubnet, cidr]}
diff --git a/network/networks.j2.yaml b/network/networks.j2.yaml
index 48c509df..1a170045 100644
--- a/network/networks.j2.yaml
+++ b/network/networks.j2.yaml
@@ -4,8 +4,7 @@ description: Create networks to split out Overcloud traffic
resources:
{%- for network in networks %}
- {%- set network_name = network.compat_name|default(network.name) %}
- {{network_name}}Network:
+ {{network.name}}Network:
type: OS::TripleO::Network::{{network.name}}
{%- endfor %}
@@ -19,9 +18,8 @@ outputs:
# NOTE(gfidente): we need to replace the null value with a
# string to work around https://bugs.launchpad.net/heat/+bug/1700025
{%- for network in networks %}
- {%- set network_name = network.compat_name|default(network.name) %}
{{network.name_lower}}:
yaql:
- data: {get_attr: [{{network_name}}Network, subnet_cidr]}
+ data: {get_attr: [{{network.name}}Network, subnet_cidr]}
expression: str($.data).replace('null', 'disabled')
{%- endfor %}
diff --git a/network_data.yaml b/network_data.yaml
index fed11576..90293ab3 100644
--- a/network_data.yaml
+++ b/network_data.yaml
@@ -58,7 +58,6 @@
allocation_pools: [{'start': '172.16.2.4', 'end': '172.16.2.250'}]
ipv6_subnet: 'fd00:fd00:fd00:2000::/64'
ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:2000::10', 'end': 'fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe'}]
- compat_name: Internal
- name: Storage
vip: true
name_lower: storage
@@ -81,8 +80,9 @@
ipv6_subnet: 'fd00:fd00:fd00:5000::/64'
ipv6_allocation_pools: [{'start': 'fd00:fd00:fd00:5000::10', 'end': 'fd00:fd00:fd00:5000:ffff:ffff:ffff:fffe'}]
- name: Management
- # Management network is disabled by default
- enabled: false
+ # Management network is enabled by default for backwards-compatibility, but
+ # is not included in any roles by default. Add to role definitions to use.
+ enabled: true
vip: false # Management network does not use VIPs
name_lower: management
ip_subnet: '10.0.1.0/24'
diff --git a/puppet/services/README.rst b/puppet/services/README.rst
index a593d55e..38e2a280 100644
--- a/puppet/services/README.rst
+++ b/puppet/services/README.rst
@@ -99,12 +99,12 @@ It is also possible to use Mistral actions or workflows together with
a deployment step, these are executed before the main configuration run.
To describe actions or workflows from within a service use:
- * service_workflow_tasks: One or more workflow task properties
+ * workflow_tasks: One or more workflow task properties
which expects a map where the key is the step and the value a list of
dictionaries descrbing each a workflow task, for example::
- service_workflow_tasks:
+ workflow_tasks:
step2:
- name: echo
action: std.echo output=Hello
diff --git a/puppet/services/neutron-base.yaml b/puppet/services/neutron-base.yaml
index af3f8637..9e493c3e 100644
--- a/puppet/services/neutron-base.yaml
+++ b/puppet/services/neutron-base.yaml
@@ -33,7 +33,7 @@ parameters:
DhcpAgentNotification:
default: true
description: Whether or not to enable DHCP agent notifications.
- type: string
+ type: boolean
NeutronDnsDomain:
type: string
default: openstacklocal
diff --git a/puppet/services/neutron-plugin-ml2-nuage.yaml b/puppet/services/neutron-plugin-ml2-nuage.yaml
index a7dc2e8b..4cd541cc 100644
--- a/puppet/services/neutron-plugin-ml2-nuage.yaml
+++ b/puppet/services/neutron-plugin-ml2-nuage.yaml
@@ -67,6 +67,16 @@ parameters:
type: boolean
default: false
+ NovaPatchConfigMonkeyPatch:
+ description: Apply monkey patching or not
+ type: boolean
+ default: false
+
+ NovaPatchConfigMonkeyPatchModules:
+ description: List of modules/decorators to monkey patch
+ type: comma_delimited_list
+ default: ''
+
resources:
NeutronML2Base:
@@ -95,5 +105,7 @@ outputs:
neutron::plugins::ml2::nuage::nuage_base_uri_version: {get_param: NeutronNuageBaseURIVersion}
neutron::plugins::ml2::nuage::nuage_cms_id: {get_param: NeutronNuageCMSId}
nova::api::use_forwarded_for: {get_param: UseForwardedFor}
+ nova::patch::config::monkey_patch: {get_param: NovaPatchConfigMonkeyPatch}
+ nova::patch::config::monkey_patch_modules: {get_param: NovaPatchConfigMonkeyPatchModules}
step_config: |
include tripleo::profile::base::neutron::plugins::ml2
diff --git a/puppet/services/neutron-plugin-nsx.yaml b/puppet/services/neutron-plugin-nsx.yaml
index 26380649..ad0fc7f8 100644
--- a/puppet/services/neutron-plugin-nsx.yaml
+++ b/puppet/services/neutron-plugin-nsx.yaml
@@ -49,7 +49,7 @@ parameters:
NativeDhcpMetadata:
default: True
description: This is the flag to indicate if using native DHCP/Metadata or not.
- type: string
+ type: boolean
DhcpProfileUuid:
description: This is the UUID of the NSX DHCP Profile that will be used to enable
native DHCP service.
diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml
index f4675875..cbbf2eaf 100644
--- a/puppet/services/pacemaker/cinder-volume.yaml
+++ b/puppet/services/pacemaker/cinder-volume.yaml
@@ -66,17 +66,9 @@ outputs:
resource: openstack-cinder-volume
state: disable
wait_for_resource: true
- - name: get bootstrap nodeid
- tags: step5
- command: hiera bootstrap_nodeid
- register: bootstrap_node
- - block:
- - name: Sync cinder DB
- tags: step5
- command: cinder-manage db sync
- - name: Start cinder_volume service (pacemaker)
- tags: step5
- pacemaker_resource:
- resource: openstack-cinder-volume
- state: enable
- when: bootstrap_node.stdout == ansible_hostname
+ post_upgrade_tasks:
+ - name: Start cinder_volume service (pacemaker)
+ tags: step1
+ pacemaker_resource:
+ resource: openstack-cinder-volume
+ state: enable
diff --git a/puppet/services/tacker.yaml b/puppet/services/tacker.yaml
index 541a2eb6..251d8092 100644
--- a/puppet/services/tacker.yaml
+++ b/puppet/services/tacker.yaml
@@ -114,6 +114,7 @@ outputs:
tacker::keystone::authtoken::project_name: 'service'
tacker::keystone::authtoken::user_domain_name: 'Default'
tacker::keystone::authtoken::project_domain_name: 'Default'
+ tacker::keystone::authtoken::password: {get_param: TackerPassword}
tacker::keystone::authtoken::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
tacker::keystone::authtoken::auth_uri: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix]}
diff --git a/releasenotes/notes/adds-post_upgrade_tasks-eba0656012c861a1.yaml b/releasenotes/notes/adds-post_upgrade_tasks-eba0656012c861a1.yaml
new file mode 100644
index 00000000..bdce1348
--- /dev/null
+++ b/releasenotes/notes/adds-post_upgrade_tasks-eba0656012c861a1.yaml
@@ -0,0 +1,12 @@
+---
+upgrade:
+ - |
+ This adds post_upgrade_tasks, ansible tasks that can be added to any
+ service manifest (currently, pacemaker/cinder-volume for bug 1706951).
+
+ These are similar to the existing upgrade_tasks in their format, however
+ they will be executed *after* the docker/puppet config. So the order is
+ upgrade_tasks, deployment steps (docker/puppet), then post_upgrade_tasks.
+
+ Also like the upgrade_tasks these are serialised and you can use 'tags'
+ with 'step0' to 'step6' (more can be added if needed).
diff --git a/releasenotes/notes/fix-internal-api-network-name-282bfda2cdb406aa.yaml b/releasenotes/notes/fix-internal-api-network-name-282bfda2cdb406aa.yaml
new file mode 100644
index 00000000..2e7e79f1
--- /dev/null
+++ b/releasenotes/notes/fix-internal-api-network-name-282bfda2cdb406aa.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+ - |
+ Fixes heat resource OS::TripleO::Network::Internal to be renamed back to
+ OS::TripleO::Network::InternalApi for backwards compatibility with
+ previous versions.
diff --git a/releasenotes/notes/fix-missing-tacker-password-c2ce555cdd52c102.yaml b/releasenotes/notes/fix-missing-tacker-password-c2ce555cdd52c102.yaml
new file mode 100644
index 00000000..7d8d3dd1
--- /dev/null
+++ b/releasenotes/notes/fix-missing-tacker-password-c2ce555cdd52c102.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+ - |
+ Fixes missing Keystone authtoken password for Tacker.
diff --git a/releasenotes/notes/service_workflow_tasks-4da5830821b7154b.yaml b/releasenotes/notes/workflow_tasks-4da5830821b7154b.yaml
index cf99ec5d..cf99ec5d 100644
--- a/releasenotes/notes/service_workflow_tasks-4da5830821b7154b.yaml
+++ b/releasenotes/notes/workflow_tasks-4da5830821b7154b.yaml
diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml
index 066962c1..2f86d2d2 100644
--- a/roles/ControllerOpenstack.yaml
+++ b/roles/ControllerOpenstack.yaml
@@ -75,6 +75,10 @@
- OS::TripleO::Services::Memcached
- OS::TripleO::Services::MongoDb
- OS::TripleO::Services::MySQLClient
+ - OS::TripleO::Services::NeutronApi
+ - OS::TripleO::Services::NeutronBgpVpnApi
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronL2gwApi
- OS::TripleO::Services::NovaApi
- OS::TripleO::Services::NovaConductor
- OS::TripleO::Services::NovaConsoleauth
diff --git a/roles/Networker.yaml b/roles/Networker.yaml
index ac30c2fd..afd3b101 100644
--- a/roles/Networker.yaml
+++ b/roles/Networker.yaml
@@ -3,10 +3,11 @@
###############################################################################
- name: Networker
description: |
- Standalone networking role to run Neutron services their own. Includes
+ Standalone networking role to run Neutron agents their own. Includes
Pacemaker integration via PacemakerRemote
networks:
- InternalApi
+ - Tenant
HostnameFormatDefault: '%stackname%-networker-%index%'
ServicesDefault:
- OS::TripleO::Services::AuditD
@@ -17,12 +18,8 @@
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- - OS::TripleO::Services::NeutronApi
- - OS::TripleO::Services::NeutronBgpVpnApi
- - OS::TripleO::Services::NeutronCorePlugin
- OS::TripleO::Services::NeutronDhcpAgent
- OS::TripleO::Services::NeutronL2gwAgent
- - OS::TripleO::Services::NeutronL2gwApi
- OS::TripleO::Services::NeutronL3Agent
- OS::TripleO::Services::NeutronLbaasv2Agent
- OS::TripleO::Services::NeutronMetadataAgent
diff --git a/roles/UndercloudLight.yaml b/roles/UndercloudLight.yaml
new file mode 100644
index 00000000..bc1b1c9a
--- /dev/null
+++ b/roles/UndercloudLight.yaml
@@ -0,0 +1,34 @@
+###############################################################################
+# Role: Undercloud #
+###############################################################################
+- name: Undercloud
+ description: |
+ EXPERIMENTAL. A role to deploy the minimal undercloud for pre-provisioned
+ deployed servers via heat using the 'openstack undercloud deploy' command.
+ Should be used with the 'environments/docker-uc-light.yaml' template
+ instead of the 'environments/docker.yaml'.
+ CountDefault: 1
+ disable_constraints: True
+ tags:
+ - primary
+ - controller
+ ServicesDefault:
+ - OS::TripleO::Services::ContainersLogrotateCrond
+ - OS::TripleO::Services::HeatApi
+ - OS::TripleO::Services::HeatApiCfn
+ - OS::TripleO::Services::HeatEngine
+ - OS::TripleO::Services::Keystone
+ - OS::TripleO::Services::Memcached
+ - OS::TripleO::Services::MistralApi
+ - OS::TripleO::Services::MistralEngine
+ - OS::TripleO::Services::MistralExecutor
+ - OS::TripleO::Services::MySQL
+ - OS::TripleO::Services::NeutronApi
+ - OS::TripleO::Services::NeutronCorePlugin
+ - OS::TripleO::Services::NeutronDhcpAgent
+ - OS::TripleO::Services::NeutronServer
+ - OS::TripleO::Services::RabbitMQ
+ - OS::TripleO::Services::SwiftProxy
+ - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::SwiftStorage
+ - OS::TripleO::Services::Zaqar
diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index 682cb8df..f7a45d7b 100755
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -31,12 +31,13 @@ envs_containing_endpoint_map = ['tls-endpoints-public-dns.yaml',
'tls-endpoints-public-ip.yaml',
'tls-everywhere-endpoints-dns.yaml']
ENDPOINT_MAP_FILE = 'endpoint_map.yaml'
-OPTIONAL_SECTIONS = ['service_workflow_tasks']
+OPTIONAL_SECTIONS = ['workflow_tasks']
REQUIRED_DOCKER_SECTIONS = ['service_name', 'docker_config', 'puppet_config',
'config_settings', 'step_config']
OPTIONAL_DOCKER_SECTIONS = ['docker_puppet_tasks', 'upgrade_tasks',
- 'service_config_settings', 'host_prep_tasks',
- 'metadata_settings', 'kolla_config']
+ 'post_upgrade_tasks', 'service_config_settings',
+ 'host_prep_tasks', 'metadata_settings',
+ 'kolla_config']
REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS = ['config_volume', 'step_config',
'config_image']
OPTIONAL_DOCKER_PUPPET_CONFIG_SECTIONS = [ 'puppet_tags', 'volumes' ]
@@ -87,6 +88,8 @@ PARAMETER_DEFINITION_EXCLUSIONS = {'ManagementNetCidr': ['default'],
'OVNSouthboundServerPort': ['description'],
'ExternalInterfaceDefaultRoute':
['description', 'default'],
+ 'ManagementInterfaceDefaultRoute':
+ ['description', 'default'],
'IPPool': ['description'],
'SSLCertificate': ['description',
'default',