diff options
54 files changed, 534 insertions, 361 deletions
@@ -53,3 +53,64 @@ A description of the directory layout in TripleO Heat Templates. * validation-scripts: validation scripts useful to all deployment configurations + + +Service testing matrix +---------------------- + +The configuration for the CI scenarios will be defined in `tripleo-heat-templates/ci/` +and should be executed according to the following table: + ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| - | scenario001 | scenario002 | scenario003 | scenario004 | multinode-nonha | ++================+=============+=============+=============+=============+=================+ +| keystone | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| glance | file | swift | file | file | swift | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| cinder | | iscsi | | | iscsi | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| heat | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| mysql | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| neutron | ovs | ovs | ovs | ovs | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| rabbitmq | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| mongodb | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| redis | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| haproxy | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| keepalived | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| memcached | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| pacemaker | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| nova | qemu | qemu | qemu | qemu | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| ntp | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| snmp | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| timezone | X | X | X | X | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| sahara | | | X | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| swift | | X | | | X | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| aodh | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| ceilometer | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| gnocchi | X | | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| barbican | | X | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| zaqar | | X | | | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ +| cephrgw | | X | | X | | ++----------------+-------------+-------------+-------------+-------------+-----------------+ diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml index 97fec24c..7875ef4e 100644 --- a/ci/environments/scenario002-multinode.yaml +++ b/ci/environments/scenario002-multinode.yaml @@ -49,3 +49,4 @@ parameter_defaults: nova::compute::libvirt::services::libvirt_virt_type: qemu nova::compute::libvirt::libvirt_virt_type: qemu Debug: true + SwiftCeilometerPipelineEnabled: false diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml index 092426cb..26f94d03 100644 --- a/ci/environments/scenario003-multinode.yaml +++ b/ci/environments/scenario003-multinode.yaml @@ -50,3 +50,4 @@ parameter_defaults: # we don't deploy Swift so we switch to file backend. GlanceBackend: 'file' KeystoneTokenProvider: 'fernet' + SwiftCeilometerPipelineEnabled: false diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml index 4aa18709..0d94cea0 100644 --- a/ci/environments/scenario004-multinode.yaml +++ b/ci/environments/scenario004-multinode.yaml @@ -60,3 +60,4 @@ parameter_defaults: CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ==' CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ==' CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw==' + SwiftCeilometerPipelineEnabled: false diff --git a/deployed-server/ctlplane-port.yaml b/deployed-server/ctlplane-port.yaml deleted file mode 100644 index eb10fba0..00000000 --- a/deployed-server/ctlplane-port.yaml +++ /dev/null @@ -1,23 +0,0 @@ -heat_template_version: 2014-10-16 - -parameters: - Hostname: - type: string - -resources: - - ControlPlanePort: - type: OS::Neutron::Port - properties: - network: ctlplane - name: - list_join: - - '-' - - - {get_param: Hostname} - - ctlplane - - port - replacement_policy: AUTO - -outputs: - ip_address: - value: {get_attr: [ControlPlanePort, fixed_ips, 0, ip_address]} diff --git a/deployed-server/deployed-neutron-port.yaml b/deployed-server/deployed-neutron-port.yaml new file mode 100644 index 00000000..7855be89 --- /dev/null +++ b/deployed-server/deployed-neutron-port.yaml @@ -0,0 +1,67 @@ +heat_template_version: 2016-10-14 + +description: " + A fake OS::Neutron::Port stack which outputs fixed_ips and subnets based on + the input from the DeployedServerPortMap (set via parameter_defaults). This + lookup requires the use of port naming conventions. In order for this to work + with deployed-server the keys should be <hostname>-<network>. + Example: + parameter_defaults: + DeployedServerPortMap: + gatsby_ctlplane: + fixed_ips: + - ip_address: 127.0.0.1 + subnets: + - cidr: 24" + +parameters: + name: + default: '' + type: string + network: + default: '' + type: string + fixed_ips: + default: '' + type: comma_delimited_list + replacement_policy: + default: '' + type: string + DeployedServerPortMap: + default: {} + type: json + + +outputs: + fixed_ips: + value: + {get_param: [DeployedServerPortMap, {get_param: name}, fixed_ips]} + subnets: + value: + {get_param: [DeployedServerPortMap, {get_param: name}, subnets]} + name: + value: {get_param: name} + status: + value: DOWN + allowed_address_pairs: + value: {} + device_id: + value: '' + device_owner: + value: {get_param: network} + dns_assignment: + value: '' + port_security_enabled: + value: False + admin_state_up: + value: False + security_groups: + value: {} + network_id: + value: '' + tenant_id: + value: '' + qos_policy_id: + value: '' + mac_address: + value: '' diff --git a/deployed-server/deployed-server-config.yaml b/deployed-server/deployed-server-config.yaml deleted file mode 100644 index 8c59dc72..00000000 --- a/deployed-server/deployed-server-config.yaml +++ /dev/null @@ -1,22 +0,0 @@ -heat_template_version: 2014-10-16 -parameters: - user_data_format: - type: string - default: SOFTWARE_CONFIG - -resources: - # We just need something which returns a unique ID, but we can't - # use RandomString because RefId returns the value, not the physical - # resource ID, SoftwareConfig should work as it returns a UUID - deployed-server-config: - type: OS::Heat::SoftwareConfig - -outputs: - # FIXME(shardy) this is needed because TemplateResource returns an - # ARN not a UUID, which overflows the Deployment server_id column.. - user_data_format: - value: SOFTWARE_CONFIG - OS::stack_id: - value: {get_resource: deployed-server-config} - - diff --git a/deployed-server/deployed-server.yaml b/deployed-server/deployed-server.yaml index 73b71588..e4f35507 100644 --- a/deployed-server/deployed-server.yaml +++ b/deployed-server/deployed-server.yaml @@ -21,7 +21,7 @@ parameters: default: '' name: type: string - default: '' + default: 'deployed-server' image_update_policy: type: string default: '' @@ -40,20 +40,18 @@ parameters: default: {} resources: - # We just need something which returns a unique ID, but we can't - # use RandomString because RefId returns the value, not the physical - # resource ID, SoftwareConfig should work as it returns a UUID deployed-server: - type: OS::TripleO::DeployedServerConfig + type: OS::Heat::DeployedServer properties: - user_data_format: SOFTWARE_CONFIG + name: {get_param: name} + software_config_transport: {get_param: software_config_transport} InstanceIdConfig: type: OS::Heat::StructuredConfig properties: group: apply-config config: - instance-id: {get_attr: [deployed-server, "OS::stack_id"]} + instance-id: {get_resource: deployed-server} InstanceIdDeployment: type: OS::Heat::StructuredDeployment @@ -82,19 +80,23 @@ resources: config: {get_resource: HostsEntryConfig} server: {get_resource: deployed-server} - ControlPlanePort: + ControlPlanePortImpl: type: OS::TripleO::DeployedServer::ControlPlanePort properties: - Hostname: {get_attr: [HostsEntryDeployment, hostname]} + network: ctlplane + name: + list_join: + - '-' + - - {get_attr: [HostsEntryDeployment, hostname]} + - ctlplane + replacement_policy: AUTO outputs: - # FIXME(shardy) this is needed because TemplateResource returns an - # ARN not a UUID, which overflows the Deployment server_id column.. OS::stack_id: - value: {get_attr: [deployed-server, "OS::stack_id"]} + value: {get_resource: deployed-server} networks: value: ctlplane: - - {get_attr: [ControlPlanePort, ip_address]} + - {get_attr: [ControlPlanePortImpl, fixed_ips, 0, ip_address]} name: value: {get_attr: [HostsEntryDeployment, hostname]} diff --git a/deployed-server/scripts/get-occ-config.sh b/deployed-server/scripts/get-occ-config.sh index c3ce7183..404244b1 100755 --- a/deployed-server/scripts/get-occ-config.sh +++ b/deployed-server/scripts/get-occ-config.sh @@ -79,24 +79,19 @@ for role in $OVERCLOUD_ROLES; do server_stack=$(openstack stack resource show $stack $server_resource_name -c physical_resource_id -f value) done - deployed_server_stack=$(openstack stack resource show $server_stack deployed-server -c physical_resource_id -f value) + deployed_server_metadata_url=$(openstack stack resource metadata $server_stack deployed-server | jq -r '.["os-collect-config"].request.metadata_url') echo "======================" echo "$role$i os-collect-config.conf configuration:" config=" [DEFAULT] -collectors=heat +collectors=request command=os-refresh-config polling_interval=30 -[heat] -user_id=$admin_user_id -password=$OS_PASSWORD -auth_url=$OS_AUTH_URL -project_id=$admin_project_id -stack_id=$deployed_server_stack -resource_name=deployed-server-config" +[request] +metadata_url=$deployed_server_metadata_url" echo "$config" echo "======================" diff --git a/docker/firstboot/start_docker_agents.sh b/docker/firstboot/start_docker_agents.sh index e7e276b2..1c5cc18d 100755 --- a/docker/firstboot/start_docker_agents.sh +++ b/docker/firstboot/start_docker_agents.sh @@ -1,73 +1,56 @@ #!/bin/bash set -eux -/sbin/setenforce 0 -/sbin/modprobe ebtables - -# CentOS sets ptmx to 000. Withoutit being 666, we can't use Cinder volumes -chmod 666 /dev/pts/ptmx - -# We need hostname -f to return in a centos container for the puppet hook -HOSTNAME=$(hostname) -echo "127.0.0.1 $HOSTNAME.localdomain $HOSTNAME" >> /etc/hosts - -# update docker for local insecure registry(optional) -# Note: This is different for different docker versions -# For older docker versions < 1.4.x use commented line -#echo "OPTIONS='--insecure-registry $docker_registry'" >> /etc/sysconfig/docker -#echo "ADD_REGISTRY='--registry-mirror $docker_registry'" >> /etc/sysconfig/docker +# TODO remove this when built image includes docker +if [ ! -f "/usr/bin/docker" ]; then + yum -y install docker +fi # Local docker registry 1.8 # NOTE(mandre) $docker_namespace_is_registry is not a bash variable but is # a place holder for text replacement done via heat -if [ "$docker_namespace_is_registry" = True ]; then +if [ "$docker_namespace_is_registry" = "True" ]; then /usr/bin/systemctl stop docker.service # if namespace is used with local registry, trim all namespacing trim_var=$docker_registry registry_host="${trim_var%%/*}" /bin/sed -i -r "s/^[# ]*INSECURE_REGISTRY *=.+$/INSECURE_REGISTRY='--insecure-registry $registry_host'/" /etc/sysconfig/docker - /usr/bin/systemctl start --no-block docker.service fi -/usr/bin/docker pull $agent_image & -DOCKER_PULL_PID=$! - mkdir -p /var/lib/etc-data/json-config #FIXME: this should be a docker data container # NOTE(flaper87): Heat Agent required mounts -AGENT_COMMAND_MOUNTS="-v /var/lib/etc-data:/var/lib/etc-data \ - -v /run:/run \ - -v /etc:/host/etc \ - -v /usr/bin/atomic:/usr/bin/atomic \ - -v /var/lib/dhclient:/var/lib/dhclient \ - -v /var/lib/cloud:/var/lib/cloud \ - -v /var/lib/heat-cfntools:/var/lib/heat-cfntools \ - -v /etc/sysconfig/docker:/etc/sysconfig/docker \ - -v /etc/sysconfig/network-scripts:/etc/sysconfig/network-scripts \ - -v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2" - - -# NOTE(flaper87): Some of these commands may not be present depending on the -# atomic version. -for docker_cmd in docker docker-current docker-latest; do - if [ -f "/usr/bin/$docker_cmd" ]; then - AGENT_COMMAND_MOUNTS+=" -v /usr/bin/$docker_cmd:/usr/bin/$docker_cmd" - fi -done +AGENT_COMMAND_MOUNTS="\ +-v /var/lib/etc-data:/var/lib/etc-data \ +-v /run:/run \ +-v /etc/hosts:/etc/hosts \ +-v /etc:/host/etc \ +-v /var/lib/dhclient:/var/lib/dhclient \ +-v /var/lib/cloud:/var/lib/cloud \ +-v /var/lib/heat-cfntools:/var/lib/heat-cfntools \ +-v /var/lib/os-collect-config:/var/lib/os-collect-config \ +-v /var/lib/os-apply-config-deployments:/var/lib/os-apply-config-deployments \ +-v /var/lib/heat-config:/var/lib/heat-config \ +-v /etc/sysconfig/docker:/etc/sysconfig/docker \ +-v /etc/sysconfig/network-scripts:/etc/sysconfig/network-scripts \ +-v /usr/lib64/libseccomp.so.2:/usr/lib64/libseccomp.so.2 \ +-v /usr/bin/docker:/usr/bin/docker \ +-v /usr/bin/docker-current:/usr/bin/docker-current \ +-v /var/lib/os-collect-config:/var/lib/os-collect-config" # heat-docker-agents service cat <<EOF > /etc/systemd/system/heat-docker-agents.service - [Unit] Description=Heat Docker Agent Container After=docker.service Requires=docker.service +Before=os-collect-config.service +Conflicts=os-collect-config.service [Service] User=root -Restart=on-failure -ExecStartPre=-/usr/bin/docker kill heat-agents -ExecStartPre=-/usr/bin/docker rm heat-agents +Restart=always +ExecStartPre=-/usr/bin/docker rm -f heat-agents ExecStart=/usr/bin/docker run --name heat-agents --privileged --net=host \ $AGENT_COMMAND_MOUNTS \ --entrypoint=/usr/bin/os-collect-config $agent_image @@ -75,35 +58,12 @@ ExecStop=/usr/bin/docker stop heat-agents [Install] WantedBy=multi-user.target - EOF # enable and start heat-docker-agents -chmod 0640 /etc/systemd/system/heat-docker-agents.service /usr/bin/systemctl enable heat-docker-agents.service /usr/bin/systemctl start --no-block heat-docker-agents.service -# Disable NetworkManager and let the ifup/down scripts work properly. -/usr/bin/systemctl disable NetworkManager -/usr/bin/systemctl stop NetworkManager - -# Atomic's root partition & logical volume defaults to 3G. In order to launch -# larger VMs, we need to enlarge the root logical volume and scale down the -# docker_pool logical volume. We are allocating 80% of the disk space for -# vm data and the remaining 20% for docker images. -ATOMIC_ROOT='/dev/mapper/atomicos-root' -ROOT_DEVICE=`pvs -o vg_name,pv_name --no-headings | grep atomicos | awk '{ print $2}'` - -growpart $( echo "${ROOT_DEVICE}" | sed -r 's/([^0-9]*)([0-9]+)/\1 \2/' ) -pvresize "${ROOT_DEVICE}" -lvresize -l +80%FREE "${ATOMIC_ROOT}" -xfs_growfs "${ATOMIC_ROOT}" - -cat <<EOF > /etc/sysconfig/docker-storage-setup -GROWPART=true -AUTO_EXTEND_POOL=yes -POOL_AUTOEXTEND_PERCENT=30 -POOL_AUTOEXTEND_THRESHOLD=70 -EOF - -wait $DOCKER_PULL_PID +# Disable libvirtd +/usr/bin/systemctl disable libvirtd.service +/usr/bin/systemctl stop libvirtd.service diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml index 6cb92c83..f4d47aa6 100644 --- a/docker/post.j2.yaml +++ b/docker/post.j2.yaml @@ -25,16 +25,6 @@ parameters: default: 'tripleoupstream' type: string - DockerOpenvswitchDBImage: - description: image - default: 'centos-binary-openvswitch-db-server' - type: string - - DockerOvsVswitchdImage: - description: image - default: 'centos-binary-openvswitch-vswitchd' - type: string - LibvirtConfig: type: string default: "/etc/libvirt/libvirtd.conf" @@ -206,52 +196,6 @@ resources: nova_config: {get_param: NovaConfig} neutron_openvswitch_agent_config: {get_param: NeutronOpenvswitchAgentConfig} - NovaComputeContainersDeploymentOVS: - type: OS::Heat::StructuredDeploymentGroup - depends_on: CopyJsonDeployment - properties: - name: NovaComputeContainersDeploymentOVS - config: {get_resource: NovaComputeContainersConfigOVS} - servers: {get_param: [servers, {{role.name}}]} - - NovaComputeContainersConfigOVS: - type: OS::Heat::StructuredConfig - properties: - group: docker-cmd - config: - openvswitchdb: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOpenvswitchDBImage} ] - net: host - restart: always - volumes: - - /var/lib/etc-data/json-config/ovsdb-server.json:/var/lib/kolla/config_files/config.json - - /etc/localtime:/etc/localtime:ro - - /run:/run - - logs:/var/log/kolla/ - - openvswitch_db:/var/lib/openvswitch/ - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - - ovsvswitchd: - image: - list_join: - - '/' - - [ {get_param: DockerNamespace}, {get_param: DockerOvsVswitchdImage} ] - net: host - privileged: true - restart: always - volumes: - - /var/lib/etc-data/json-config/ovs-vswitchd.json:/var/lib/kolla/config_files/config.json - - /etc/localtime:/etc/localtime:ro - - /lib/modules:/lib/modules:ro - - /run:/run - - logs:/var/log/kolla/ - environment: - - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS - {{role.name}}ContainersConfig_Step1: type: OS::Heat::StructuredConfig depends_on: CopyJsonDeployment diff --git a/environments/deployed-server-environment.yaml b/environments/deployed-server-environment.yaml index c63d399a..7a6639f9 100644 --- a/environments/deployed-server-environment.yaml +++ b/environments/deployed-server-environment.yaml @@ -1,4 +1,3 @@ resource_registry: OS::TripleO::Server: ../deployed-server/deployed-server.yaml - OS::TripleO::DeployedServerConfig: ../deployed-server/deployed-server-config.yaml - OS::TripleO::DeployedServer::ControlPlanePort: ../deployed-server/ctlplane-port.yaml + OS::TripleO::DeployedServer::ControlPlanePort: OS::Neutron::Port diff --git a/environments/deployed-server-noop-ctlplane.yaml b/environments/deployed-server-noop-ctlplane.yaml index cfda314d..54f5e41d 100644 --- a/environments/deployed-server-noop-ctlplane.yaml +++ b/environments/deployed-server-noop-ctlplane.yaml @@ -1,4 +1,3 @@ resource_registry: OS::TripleO::Server: ../deployed-server/deployed-server.yaml - OS::TripleO::DeployedServerConfig: ../deployed-server/deployed-server-config.yaml - OS::TripleO::DeployedServer::ControlPlanePort: OS::Heat::None + OS::TripleO::DeployedServer::ControlPlanePort: ../deployed-server/deployed-neutron-port.yaml diff --git a/environments/docker.yaml b/environments/docker.yaml index 0755c61f..4f5b36b4 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -1,6 +1,6 @@ resource_registry: # Docker container with heat agents for containerized compute node. - OS::TripleO::NodeUserData: ../docker/firstboot/install_docker_agents.yaml + OS::TripleO::Compute::NodeUserData: ../docker/firstboot/install_docker_agents.yaml OS::TripleO::Services::NovaLibvirt: ../docker/services/nova-libvirt.yaml OS::TripleO::Services::ComputeNeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml OS::TripleO::Services::NovaCompute: ../docker/services/nova-compute.yaml @@ -13,7 +13,6 @@ resource_registry: OS::TripleO::Services: ../docker/services/services.yaml parameter_defaults: - NovaImage: atomic-image # Defaults to 'tripleoupstream'. Specify a local docker registry # Example: 192.0.2.1:8787/tripleoupstream DockerNamespace: tripleoupstream @@ -24,8 +23,6 @@ parameter_defaults: DockerNovaComputeImage: centos-binary-nova-compute:newton DockerLibvirtImage: centos-binary-nova-libvirt:newton DockerOpenvswitchImage: centos-binary-neutron-openvswitch-agent:newton - DockerOvsVswitchdImage: centos-binary-openvswitch-vswitchd:newton - DockerOpenvswitchDBImage: centos-binary-openvswitch-db-server:newton ComputeServices: - OS::TripleO::Services::NovaCompute diff --git a/environments/external-loadbalancer-vip-v6.yaml b/environments/external-loadbalancer-vip-v6.yaml index 5a2ef505..fbd1fb98 100644 --- a/environments/external-loadbalancer-vip-v6.yaml +++ b/environments/external-loadbalancer-vip-v6.yaml @@ -1,29 +1,24 @@ resource_registry: - OS::TripleO::Network::Ports::NetVipMap: ../network/ports/net_vip_map_external_v6.yaml - OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/from_service_v6.yaml OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_from_pool_v6.yaml OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_from_pool_v6.yaml OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_from_pool_v6.yaml OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_from_pool_v6.yaml # OVS doesn't support IPv6 endpoints for tunneling yet, so this remains IPv4 for now. OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant_from_pool.yaml + # Management network is optional and disabled by default + #OS::TripleO::Controller::Ports::ManagementPort: ../network/ports/management_from_pool_v6.yaml parameter_defaults: # When using an external loadbalancer set the following in parameter_defaults # to control your VIPs (currently one per network) # NOTE: we will eventually move to one VIP per service # - ControlPlaneIP: 192.0.2.251 - ExternalNetworkVip: 2001:db8:fd00:1000:0000:0000:0000:0005 - InternalApiNetworkVip: fd00:fd00:fd00:2000:0000:0000:0000:0005 - StorageNetworkVip: fd00:fd00:fd00:3000:0000:0000:0000:0005 - StorageMgmtNetworkVip: fd00:fd00:fd00:4000:0000:0000:0000:0005 - ServiceVips: - redis: fd00:fd00:fd00:2000:0000:0000:0000:0006 + ControlFixedIPs: [{'ip_address':'192.0.2.251'}] + PublicVirtualFixedIPs: [{'ip_address':'2001:db8:fd00:1000:0000:0000:0000:0005'}] + InternalApiVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:2000:0000:0000:0000:0005'}] + StorageVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:3000:0000:0000:0000:0005'}] + StorageMgmtVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:4000:0000:0000:0000:0005'}] + RedisVirtualFixedIPs: [{'ip_address':'fd00:fd00:fd00:2000:0000:0000:0000:0006'}] ControllerIPs: external: - 2001:db8:fd00:1000:0000:0000:0000:0007 diff --git a/environments/external-loadbalancer-vip.yaml b/environments/external-loadbalancer-vip.yaml index 8656ba1a..1759c04c 100644 --- a/environments/external-loadbalancer-vip.yaml +++ b/environments/external-loadbalancer-vip.yaml @@ -1,10 +1,4 @@ resource_registry: - OS::TripleO::Network::Ports::NetVipMap: ../network/ports/net_vip_map_external.yaml - OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/noop.yaml - OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/from_service.yaml OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_from_pool.yaml OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_from_pool.yaml OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_from_pool.yaml @@ -18,13 +12,12 @@ parameter_defaults: # to control your VIPs (currently one per network) # NOTE: we will eventually move to one VIP per service # - ControlPlaneIP: 192.0.2.251 - ExternalNetworkVip: 10.0.0.251 - InternalApiNetworkVip: 172.16.2.251 - StorageNetworkVip: 172.16.1.251 - StorageMgmtNetworkVip: 172.16.3.251 - ServiceVips: - redis: 172.16.2.252 + ControlFixedIPs: [{'ip_address':'192.0.2.251'}] + PublicVirtualFixedIPs: [{'ip_address':'10.0.0.251'}] + InternalApiVirtualFixedIPs: [{'ip_address':'172.16.2.251'}] + StorageVirtualFixedIPs: [{'ip_address':'172.16.1.251'}] + StorageMgmtVirtualFixedIPs: [{'ip_address':'172.16.3.251'}] + RedisVirtualFixedIPs: [{'ip_address':'172.16.2.252'}] ControllerIPs: external: - 10.0.0.253 diff --git a/environments/neutron-ml2-ovn.yaml b/environments/neutron-ml2-ovn.yaml index bafb2a73..3da560c8 100644 --- a/environments/neutron-ml2-ovn.yaml +++ b/environments/neutron-ml2-ovn.yaml @@ -8,10 +8,10 @@ resource_registry: # Disabling Neutron services that overlap with OVN OS::TripleO::Services::NeutronDhcpAgent: OS::Heat::None OS::TripleO::Services::ComputeNeutronOvsAgent: OS::Heat::None + OS::TripleO::Services::OVNDBs: ../puppet/services/ovn-dbs.yaml parameter_defaults: NeutronMechanismDrivers: ovn - OVNDbHost: '0.0.0.0' OVNSouthboundServerPort: 6642 OVNNorthboundServerPort: 6641 OVNDbConnectionTimeout: 60 @@ -19,3 +19,4 @@ parameter_defaults: OVNNeutronSyncMode: log OVNQosDriver: ovn-qos OVNTunnelEncapType: geneve + NeutronEnableDHCPAgent: false diff --git a/environments/tls-endpoints-public-dns.yaml b/environments/tls-endpoints-public-dns.yaml index e91c7bc3..fb66b38a 100644 --- a/environments/tls-endpoints-public-dns.yaml +++ b/environments/tls-endpoints-public-dns.yaml @@ -65,6 +65,6 @@ parameter_defaults: ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} - ZaqarWebSocketAdmin: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} - ZaqarWebSocketInternal: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} - ZaqarWebSocketPublic: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} diff --git a/environments/tls-endpoints-public-ip.yaml b/environments/tls-endpoints-public-ip.yaml index c9096f44..6586a547 100644 --- a/environments/tls-endpoints-public-ip.yaml +++ b/environments/tls-endpoints-public-ip.yaml @@ -65,6 +65,6 @@ parameter_defaults: ZaqarAdmin: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} ZaqarInternal: {protocol: 'http', port: '8888', host: 'IP_ADDRESS'} ZaqarPublic: {protocol: 'https', port: '13888', host: 'IP_ADDRESS'} - ZaqarWebSocketAdmin: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} - ZaqarWebSocketInternal: {protocol: 'http', port: '9000', host: 'IP_ADDRESS'} - ZaqarWebSocketPublic: {protocol: 'https', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketAdmin: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketInternal: {protocol: 'ws', port: '9000', host: 'IP_ADDRESS'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'IP_ADDRESS'} diff --git a/environments/tls-everywhere-endpoints-dns.yaml b/environments/tls-everywhere-endpoints-dns.yaml index 365b0a54..ebb491f0 100644 --- a/environments/tls-everywhere-endpoints-dns.yaml +++ b/environments/tls-everywhere-endpoints-dns.yaml @@ -65,6 +65,6 @@ parameter_defaults: ZaqarAdmin: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} ZaqarInternal: {protocol: 'https', port: '8888', host: 'CLOUDNAME'} ZaqarPublic: {protocol: 'https', port: '13888', host: 'CLOUDNAME'} - ZaqarWebSocketAdmin: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} - ZaqarWebSocketInternal: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} - ZaqarWebSocketPublic: {protocol: 'https', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketAdmin: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketInternal: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} + ZaqarWebSocketPublic: {protocol: 'wss', port: '9000', host: 'CLOUDNAME'} diff --git a/extraconfig/tasks/major_upgrade_block_storage.sh b/extraconfig/tasks/major_upgrade_block_storage.sh index 39861826..64c4457e 100644 --- a/extraconfig/tasks/major_upgrade_block_storage.sh +++ b/extraconfig/tasks/major_upgrade_block_storage.sh @@ -5,18 +5,7 @@ set -eu # Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then - echo "Manual upgrade of openvswitch - restart in postun detected" - mkdir OVS_UPGRADE || true - pushd OVS_UPGRADE - echo "Attempting to downloading latest openvswitch with yumdownloader" - yumdownloader --resolve openvswitch - echo "Updating openvswitch with nopostun option" - rpm -U --replacepkgs --nopostun ./*.rpm - popd -else - echo "Skipping manual upgrade of openvswitch - no restart in postun detected" -fi +special_case_ovs_upgrade_if_needed yum -y install python-zaqarclient # needed for os-collect-config yum -y -q update diff --git a/extraconfig/tasks/major_upgrade_ceph_storage.sh b/extraconfig/tasks/major_upgrade_ceph_storage.sh index d84cad45..a745e723 100644 --- a/extraconfig/tasks/major_upgrade_ceph_storage.sh +++ b/extraconfig/tasks/major_upgrade_ceph_storage.sh @@ -8,7 +8,9 @@ set -o pipefail UPGRADE_SCRIPT=/root/tripleo_upgrade_node.sh -cat > $UPGRADE_SCRIPT << 'ENDOFCAT' +declare -f special_case_ovs_upgrade_if_needed > $UPGRADE_SCRIPT +# use >> here so we don't lose the declaration we added above +cat >> $UPGRADE_SCRIPT << 'ENDOFCAT' #!/bin/bash ### DO NOT MODIFY THIS FILE ### This file is automatically delivered to the ceph-storage nodes as part of the @@ -49,19 +51,7 @@ timeout 60 bash -c "while kill -0 ${OSD_PIDS} 2> /dev/null; do sleep 2; done" -# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then - echo "Manual upgrade of openvswitch - restart in postun detected" - mkdir OVS_UPGRADE || true - pushd OVS_UPGRADE - echo "Attempting to downloading latest openvswitch with yumdownloader" - yumdownloader --resolve openvswitch - echo "Updating openvswitch with nopostun option" - rpm -U --replacepkgs --nopostun ./*.rpm - popd -else - echo "Skipping manual upgrade of openvswitch - no restart in postun detected" -fi +special_case_ovs_upgrade_if_needed # Update (Ceph to Jewel) yum -y install python-zaqarclient # needed for os-collect-config @@ -86,7 +76,7 @@ elif [[ "$UPDATED_VERSION" =~ ^10\.2.* ]]; then # If on ext4, we need to enforce lower values for name and namespace len # or ceph-osd will refuse to start, see: http://tracker.ceph.com/issues/16187 for OSD_ID in $OSD_IDS; do - OSD_FS=$(findmnt -n -o FSTYPE -T /var/lib/ceph/osd/ceph-${OSD_ID}) + OSD_FS=$(df -l --output=fstype /var/lib/ceph/osd/ceph-${OSD_ID} | tail -n +2) if [ ${OSD_FS} = ext4 ]; then crudini --set /etc/ceph/ceph.conf global osd_max_object_name_len 256 crudini --set /etc/ceph/ceph.conf global osd_max_object_namespace_len 64 diff --git a/extraconfig/tasks/major_upgrade_compute.sh b/extraconfig/tasks/major_upgrade_compute.sh index b0d42806..7a3e1073 100644 --- a/extraconfig/tasks/major_upgrade_compute.sh +++ b/extraconfig/tasks/major_upgrade_compute.sh @@ -18,19 +18,8 @@ set -eu crudini --set /etc/nova/nova.conf upgrade_levels compute $upgrade_level_nova_compute -# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -if [[ -n \$(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then - echo "Manual upgrade of openvswitch - restart in postun detected" - mkdir OVS_UPGRADE || true - pushd OVS_UPGRADE - echo "Attempting to downloading latest openvswitch with yumdownloader" - yumdownloader --resolve openvswitch - echo "Updating openvswitch with nopostun option" - rpm -U --replacepkgs --nopostun ./*.rpm - popd -else - echo "Skipping manual upgrade of openvswitch - no restart in postun detected" -fi +$(declare -f special_case_ovs_upgrade_if_needed) +special_case_ovs_upgrade_if_needed yum -y install python-zaqarclient # needed for os-collect-config yum -y update diff --git a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh index 7cc6735f..6bfe1239 100755 --- a/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh +++ b/extraconfig/tasks/major_upgrade_controller_pacemaker_2.sh @@ -100,18 +100,7 @@ if [ $DO_MYSQL_UPGRADE -eq 1 ]; then fi # Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then - echo "Manual upgrade of openvswitch - restart in postun detected" - mkdir OVS_UPGRADE || true - pushd OVS_UPGRADE - echo "Attempting to downloading latest openvswitch with yumdownloader" - yumdownloader --resolve openvswitch - echo "Updating openvswitch with nopostun option" - rpm -U --replacepkgs --nopostun ./*.rpm - popd -else - echo "Skipping manual upgrade of openvswitch - no restart in postun detected" -fi +special_case_ovs_upgrade_if_needed yum -y install python-zaqarclient # needed for os-collect-config yum -y -q update diff --git a/extraconfig/tasks/major_upgrade_object_storage.sh b/extraconfig/tasks/major_upgrade_object_storage.sh index 2667bb16..d9d1b4d5 100644 --- a/extraconfig/tasks/major_upgrade_object_storage.sh +++ b/extraconfig/tasks/major_upgrade_object_storage.sh @@ -23,19 +23,8 @@ function systemctl_swift { done } -# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -if [[ -n \$(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then - echo "Manual upgrade of openvswitch - restart in postun detected" - mkdir OVS_UPGRADE || true - pushd OVS_UPGRADE - echo "Attempting to downloading latest openvswitch with yumdownloader" - yumdownloader --resolve openvswitch - echo "Updating openvswitch with nopostun option" - rpm -U --replacepkgs --nopostun ./*.rpm - popd -else - echo "Skipping manual upgrade of openvswitch - no restart in postun detected" -fi +$(declare -f special_case_ovs_upgrade_if_needed) +special_case_ovs_upgrade_if_needed systemctl_swift stop diff --git a/extraconfig/tasks/major_upgrade_pacemaker.yaml b/extraconfig/tasks/major_upgrade_pacemaker.yaml index b0418a56..a175a423 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker.yaml @@ -97,7 +97,11 @@ resources: depends_on: ControllerPacemakerUpgradeDeployment_Step1 properties: group: script - config: {get_file: major_upgrade_block_storage.sh} + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_block_storage.sh BlockStorageUpgradeDeployment: type: OS::Heat::SoftwareDeploymentGroup diff --git a/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml b/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml index f6aa3066..8e9cbdb4 100644 --- a/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml +++ b/extraconfig/tasks/major_upgrade_pacemaker_init.j2.yaml @@ -54,19 +54,28 @@ resources: upgrade_level_nova_compute='UPGRADE_LEVEL_NOVA_COMPUTE' params: UPGRADE_LEVEL_NOVA_COMPUTE: {get_param: UpgradeLevelNovaCompute} + - get_file: pacemaker_common_functions.sh - get_file: major_upgrade_compute.sh ObjectStorageDeliverUpgradeScriptConfig: type: OS::Heat::SoftwareConfig properties: group: script - config: {get_file: major_upgrade_object_storage.sh} + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_object_storage.sh CephStorageDeliverUpgradeScriptConfig: type: OS::Heat::SoftwareConfig properties: group: script - config: {get_file: major_upgrade_ceph_storage.sh} + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: major_upgrade_ceph_storage.sh {% for role in roles %} UpgradeInit{{role.name}}Deployment: diff --git a/extraconfig/tasks/pacemaker_common_functions.sh b/extraconfig/tasks/pacemaker_common_functions.sh index 2c7dfc35..aae4a2de 100755 --- a/extraconfig/tasks/pacemaker_common_functions.sh +++ b/extraconfig/tasks/pacemaker_common_functions.sh @@ -297,3 +297,27 @@ function systemctl_swift { manage_systemd_service $action $service done } + +# Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 +function special_case_ovs_upgrade_if_needed { + if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then + echo "Manual upgrade of openvswitch - restart in postun detected" + rm -rf OVS_UPGRADE + mkdir OVS_UPGRADE && pushd OVS_UPGRADE + echo "Attempting to downloading latest openvswitch with yumdownloader" + yumdownloader --resolve openvswitch + for pkg in $(ls -1 *.rpm); do + if rpm -U --test $pkg 2>&1 | grep "already installed" ; then + echo "Looks like newer version of $pkg is already installed, skipping" + else + echo "Updating $pkg with nopostun option" + rpm -U --replacepkgs --nopostun $pkg + fi + done + popd + else + echo "Skipping manual upgrade of openvswitch - no restart in postun detected" + fi + +} + diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh index 8a88ee64..74af7b02 100755 --- a/extraconfig/tasks/yum_update.sh +++ b/extraconfig/tasks/yum_update.sh @@ -63,18 +63,7 @@ if [[ "$pacemaker_status" == "active" && \ fi # Special-case OVS for https://bugs.launchpad.net/tripleo/+bug/1635205 -if [[ -n $(rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep "systemctl.*try-restart") ]]; then - echo "Manual upgrade of openvswitch - restart in postun detected" - mkdir OVS_UPGRADE || true - pushd OVS_UPGRADE - echo "Attempting to downloading latest openvswitch with yumdownloader" - yumdownloader --resolve openvswitch - echo "Updating openvswitch with nopostun option" - rpm -U --replacepkgs --nopostun ./*.rpm - popd -else - echo "Skipping manual upgrade of openvswitch - no restart in postun detected" -fi +special_case_ovs_upgrade_if_needed if [[ "$pacemaker_status" == "active" ]] ; then echo "Pacemaker running, stopping cluster node and doing full package update" diff --git a/extraconfig/tasks/yum_update.yaml b/extraconfig/tasks/yum_update.yaml index d313ca9f..f2de5acf 100644 --- a/extraconfig/tasks/yum_update.yaml +++ b/extraconfig/tasks/yum_update.yaml @@ -9,7 +9,12 @@ resources: type: OS::Heat::SoftwareConfig properties: group: script - config: {get_file: yum_update.sh} + config: + list_join: + - '' + - - get_file: pacemaker_common_functions.sh + - get_file: yum_update.sh + inputs: - name: update_identifier description: yum will only run for previously unused values of update_identifier diff --git a/network/endpoints/endpoint_map.yaml b/network/endpoints/endpoint_map.yaml index 7ebb318f..95791677 100644 --- a/network/endpoints/endpoint_map.yaml +++ b/network/endpoints/endpoint_map.yaml @@ -82,9 +82,9 @@ parameters: ZaqarAdmin: {protocol: http, port: '8888', host: IP_ADDRESS} ZaqarInternal: {protocol: http, port: '8888', host: IP_ADDRESS} ZaqarPublic: {protocol: http, port: '8888', host: IP_ADDRESS} - ZaqarWebSocketAdmin: {protocol: http, port: '9000', host: IP_ADDRESS} - ZaqarWebSocketInternal: {protocol: http, port: '9000', host: IP_ADDRESS} - ZaqarWebSocketPublic: {protocol: http, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketAdmin: {protocol: ws, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketInternal: {protocol: ws, port: '9000', host: IP_ADDRESS} + ZaqarWebSocketPublic: {protocol: ws, port: '9000', host: IP_ADDRESS} description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. CloudEndpoints: diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.yaml index d7863e02..263eccd8 100644 --- a/network/ports/net_ip_list_map.yaml +++ b/network/ports/net_ip_list_map.yaml @@ -138,3 +138,20 @@ outputs: SERVICE_short_node_names: {get_param: ServiceHostnameList} for_each: SERVICE: {get_attr: [EnabledServicesValue, value]} + short_service_bootstrap_hostnames: + description: > + Map of enabled services to a list of hostnames where they're running regardless of the network + Used for bootstrap purposes + value: + yaql: + # If ServiceHostnameList is empty the role is deployed with zero nodes + # therefore we don't want to add any *_node_names to the map + expression: dict($.data.map.items().where(len($[1]) > 0)) + data: + map: + map_merge: + repeat: + template: + SERVICE_short_bootstrap_node_name: {get_param: ServiceHostnameList} + for_each: + SERVICE: {get_attr: [EnabledServicesValue, value]} diff --git a/network/scripts/run-os-net-config.sh b/network/scripts/run-os-net-config.sh index fc1e6d54..e65f922a 100755 --- a/network/scripts/run-os-net-config.sh +++ b/network/scripts/run-os-net-config.sh @@ -1,7 +1,7 @@ #!/bin/bash -# Note this script expects the following environment variables to be set -# normally these are provided by the calling SoftwareConfig resource, but -# they may also be set manually for testing +# The following environment variables may be set to substitute in a +# custom bridge or interface name. Normally these are provided by the calling +# SoftwareConfig resource, but they may also be set manually for testing. # $bridge_name : The bridge device name to apply # $interface_name : The interface name to apply # @@ -113,11 +113,17 @@ if [ -n '$network_config' ]; then mkdir -p /etc/os-net-config # Note these variables come from the calling heat SoftwareConfig echo '$network_config' > /etc/os-net-config/config.json - sed -i "s/bridge_name/$bridge_name/" /etc/os-net-config/config.json - sed -i "s/interface_name/$interface_name/" /etc/os-net-config/config.json + + if [ "$(type -t network_config_hook)" = "function" ]; then + network_config_hook + fi + + sed -i "s/bridge_name/${bridge_name:-''}/" /etc/os-net-config/config.json + sed -i "s/interface_name/${interface_name:-''}/" /etc/os-net-config/config.json os-net-config -c /etc/os-net-config/config.json -v --detailed-exit-codes RETVAL=$? + if [[ $RETVAL == 2 ]]; then ping_metadata_ip diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml index 5991b3bc..ee35f94f 100644 --- a/network/service_net_map.j2.yaml +++ b/network/service_net_map.j2.yaml @@ -58,6 +58,7 @@ parameters: CephRgwNetwork: storage PublicNetwork: external OpendaylightApiNetwork: internal_api + OvnDbsNetwork: internal_api MistralApiNetwork: internal_api ZaqarApiNetwork: internal_api # We special-case the default ResolveNetwork for the CephStorage role diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index ebbeef6e..1a73b7fc 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -41,6 +41,8 @@ resource_registry: # in the jinja loop OS::TripleO::Controller::Net::SoftwareConfig: net-config-bridge.yaml + OS::TripleO::ServiceServerMetadataHook: OS::Heat::None + OS::TripleO::Server: OS::Nova::Server # This creates the "heat-admin" user for all OS images by default @@ -49,10 +51,14 @@ resource_registry: # Hooks for operator extra config # NodeUserData == Cloud-init additional user-data, e.g cloud-config + # role::NodeUserData == Role specific cloud-init additional user-data # ControllerExtraConfigPre == Controller configuration pre service deployment # NodeExtraConfig == All nodes configuration pre service deployment # NodeExtraConfigPost == All nodes configuration post service deployment OS::TripleO::NodeUserData: firstboot/userdata_default.yaml +{% for role in roles %} + OS::TripleO::{{role.name}}::NodeUserData: firstboot/userdata_default.yaml +{% endfor %} OS::TripleO::NodeTLSCAData: OS::Heat::None OS::TripleO::NodeTLSData: OS::Heat::None OS::TripleO::NodeExtraConfig: puppet/extraconfig/pre_deploy/default.yaml @@ -147,6 +153,8 @@ resource_registry: OS::TripleO::Services::NeutronCorePluginPlumgrid: puppet/services/neutron-plugin-plumgrid.yaml OS::TripleO::Services::NeutronCorePluginNuage: puppet/services/neutron-plugin-nuage.yaml OS::TripleO::Services::NeutronCorePluginOpencontrail: puppet/services/neutron-plugin-opencontrail.yaml + OS::TripleO::Services::OVNDBs: OS::Heat::None + OS::TripleO::Services::NeutronCorePluginMidonet: puppet/services/neutron-midonet.yaml OS::TripleO::Services::NeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml OS::TripleO::Services::ComputeNeutronOvsAgent: puppet/services/neutron-ovs-agent.yaml diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index f7e6f37f..316aeb6d 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -363,6 +363,7 @@ resources: services: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} ServiceNames: {get_attr: [{{role.name}}ServiceChain, role_data, service_names]} MonitoringSubscriptions: {get_attr: [{{role.name}}ServiceChain, role_data, monitoring_subscriptions]} + ServiceMetadataSettings: {get_attr: [{{role.name}}ServiceChain, role_data, service_metadata_settings]} {% endfor %} hostsConfig: @@ -444,6 +445,14 @@ resources: {% for role in roles %} - {get_attr: [{{role.name}}IpListMap, short_service_hostnames]} {% endfor %} + short_service_bootstrap_node: + yaql: + expression: dict($.data.l.where($ != null).selectMany($.items()).groupBy($[0], $[1], [$[0], $[1].flatten().first()])) + data: + l: +{% for role in roles %} + - {get_attr: [{{role.name}}IpListMap, short_service_bootstrap_hostnames]} +{% endfor %} # FIXME(shardy): These require further work to move into service_ips memcache_node_ips: {get_attr: [ControllerIpListMap, net_ip_map, {get_attr: [ServiceNetMap, service_net_map, MemcachedNetwork]}]} NetVipMap: {get_attr: [VipMap, net_ip_map]} diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml index 0a8bec6e..5f56fe28 100644 --- a/puppet/all-nodes-config.yaml +++ b/puppet/all-nodes-config.yaml @@ -28,6 +28,8 @@ parameters: type: json short_service_node_names: type: json + short_service_bootstrap_node: + type: json controller_names: type: comma_delimited_list memcache_node_ips: @@ -125,6 +127,7 @@ resources: - {get_param: service_ips} - {get_param: service_node_names} - {get_param: short_service_node_names} + - {get_param: short_service_bootstrap_node} - controller_node_ips: list_join: - ',' diff --git a/puppet/blockstorage-role.yaml b/puppet/blockstorage-role.yaml index 7d1f8d8f..e74beb2d 100644 --- a/puppet/blockstorage-role.yaml +++ b/puppet/blockstorage-role.yaml @@ -102,6 +102,9 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -137,6 +140,7 @@ resources: map_merge: - {get_param: ServerMetadata} - {get_param: BlockStorageServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: BlockStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -148,6 +152,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -159,6 +165,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::BlockStorage::NodeUserData + ExternalPort: type: OS::TripleO::BlockStorage::Ports::ExternalPort properties: diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml index 2c46bf1a..75f58012 100644 --- a/puppet/cephstorage-role.yaml +++ b/puppet/cephstorage-role.yaml @@ -108,6 +108,9 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -143,6 +146,7 @@ resources: map_merge: - {get_param: ServerMetadata} - {get_param: CephStorageServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: CephStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -154,6 +158,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -165,6 +171,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::CephStorage::NodeUserData + ExternalPort: type: OS::TripleO::CephStorage::Ports::ExternalPort properties: diff --git a/puppet/compute-role.yaml b/puppet/compute-role.yaml index 0a2598c1..cedab0e6 100644 --- a/puppet/compute-role.yaml +++ b/puppet/compute-role.yaml @@ -120,6 +120,9 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -157,6 +160,7 @@ resources: map_merge: - {get_param: ServerMetadata} - {get_param: NovaComputeServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: NovaComputeSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -168,6 +172,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -179,6 +185,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::Compute::NodeUserData + ExternalPort: type: OS::TripleO::Compute::Ports::ExternalPort properties: diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml index 5e03adcd..05527b63 100644 --- a/puppet/controller-role.yaml +++ b/puppet/controller-role.yaml @@ -134,6 +134,9 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -176,6 +179,7 @@ resources: map_merge: - {get_param: ServerMetadata} - {get_param: ControllerServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: ControllerSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -187,6 +191,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -198,6 +204,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::Controller::NodeUserData + ExternalPort: type: OS::TripleO::Controller::Ports::ExternalPort properties: diff --git a/puppet/extraconfig/tls/freeipa-enroll.yaml b/puppet/extraconfig/tls/freeipa-enroll.yaml index 44be7c65..84d431fb 100644 --- a/puppet/extraconfig/tls/freeipa-enroll.yaml +++ b/puppet/extraconfig/tls/freeipa-enroll.yaml @@ -13,10 +13,12 @@ parameters: type: string FreeIPAOTP: + default: '' description: 'OTP that will be used for FreeIPA enrollment' type: string hidden: true FreeIPAServer: + default: '' description: 'FreeIPA server DNS name' type: string FreeIPAIPAddress: @@ -36,18 +38,27 @@ resources: - name: ipa_ip config: | #!/bin/sh - sed -i "/${ipa_server}/d" /etc/hosts - # Optionally add the FreeIPA server IP to /etc/hosts - if [ -n "${ipa_ip}" ]; then - echo "${ipa_ip} ${ipa_server}" >> /etc/hosts + # If no IPA server was given as a parameter, it will be assumed from + # DNS. + if [ -n "${ipa_server}" ]; then + sed -i "/${ipa_server}/d" /etc/hosts + # Optionally add the FreeIPA server IP to /etc/hosts + if [ -n "${ipa_ip}" ]; then + echo "${ipa_ip} ${ipa_server}" >> /etc/hosts + fi fi # Set the node's domain if needed if [ ! $(hostname -f | grep "${ipa_domain}$") ]; then hostnamectl set-hostname "$(hostname).${ipa_domain}" fi yum install -y ipa-client - # Enroll. If there is already keytab, we have already done this. + # Enroll. If there is already keytab, we have already done this. If + # this node hasn't enrolled and the OTP is missing, fail. if [ ! -f /etc/krb5.keytab ]; then + if [ -z "${otp}" ]; then + echo "OTP is missing" + exit 1 + fi ipa-client-install --server ${ipa_server} -w ${otp} \ --domain=${ipa_domain} -U fi diff --git a/puppet/objectstorage-role.yaml b/puppet/objectstorage-role.yaml index 088a2e3d..77a60510 100644 --- a/puppet/objectstorage-role.yaml +++ b/puppet/objectstorage-role.yaml @@ -102,6 +102,9 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -137,6 +140,7 @@ resources: map_merge: - {get_param: ServerMetadata} - {get_param: SwiftStorageServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: ObjectStorageSchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -148,6 +152,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -159,6 +165,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::ObjectStorage::NodeUserData + ExternalPort: type: OS::TripleO::SwiftStorage::Ports::ExternalPort properties: diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml index 1f432773..22370a7d 100644 --- a/puppet/role.role.j2.yaml +++ b/puppet/role.role.j2.yaml @@ -28,6 +28,10 @@ parameters: constraints: - custom_constraint: nova.keypair {% endif %} + NeutronPublicInterface: + default: nic1 + description: What interface to bridge onto br-ex for network nodes. + type: string ServiceNetMap: default: {} description: Mapping of service_name -> network name. Typically set @@ -114,6 +118,9 @@ parameters: MonitoringSubscriptions: type: comma_delimited_list default: [] + ServiceMetadataSettings: + type: json + default: {} ConfigCommand: type: string description: Command which will be run whenever configuration data changes @@ -156,6 +163,7 @@ resources: map_merge: - {get_param: ServerMetadata} - {get_param: {{role}}ServerMetadata} + - {get_param: ServiceMetadataSettings} scheduler_hints: {get_param: {{role}}SchedulerHints} # Combine the NodeAdminUserData and NodeUserData mime archives @@ -167,6 +175,8 @@ resources: type: multipart - config: {get_resource: NodeUserData} type: multipart + - config: {get_resource: RoleUserData} + type: multipart # Creates the "heat-admin" user if configured via the environment # Should return a OS::Heat::MultipartMime reference via OS::stack_id @@ -178,6 +188,11 @@ resources: NodeUserData: type: OS::TripleO::NodeUserData + # For optional operator role-specific userdata + # Should return a OS::Heat::MultipartMime reference via OS::stack_id + RoleUserData: + type: OS::TripleO::{{role}}::NodeUserData + ExternalPort: type: OS::TripleO::{{role}}::Ports::ExternalPort properties: @@ -351,6 +366,9 @@ resources: config: {get_resource: NetworkConfig} server: {get_resource: {{role}}} actions: {get_param: NetworkDeploymentActions} + input_values: + bridge_name: br-ex + interface_name: {get_param: NeutronPublicInterface} {{role}}UpgradeInitConfig: type: OS::Heat::SoftwareConfig diff --git a/puppet/services/README.rst b/puppet/services/README.rst index 856b306e..6e4e9c1d 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -74,3 +74,17 @@ step, "step2" for the second, etc. 6) Start control-plane services 7) Any additional online migration tasks (e.g data migrations) + +Nova Server Metadata Settings +----------------------------- + +One can use the hook of type `OS::TripleO::ServiceServerMetadataHook` to pass +entries to the nova instances' metadata. It is, however, disabled by default. +In order to overwrite it one needs to define it in the resource registry. An +implementation of this hook needs to conform to the following: + +* It needs to define an input called `RoleData` of json type. This gets as + input the contents of the `role_data` for each role's ServiceChain. + +* This needs to define an output called `metadata` which will be given to the + Nova Server resource as the instance's metadata. diff --git a/puppet/services/ceilometer-base.yaml b/puppet/services/ceilometer-base.yaml index e441c5b0..24c71cbb 100644 --- a/puppet/services/ceilometer-base.yaml +++ b/puppet/services/ceilometer-base.yaml @@ -54,6 +54,10 @@ parameters: default: false description: Enable legacy ceilometer Api service if needed. type: boolean + EventPipelinePublishers: + default: ['notifier://?topic=alarm.all'] + description: A list of publishers to put in event_pipeline.yaml. + type: comma_delimited_list Debug: default: '' description: Set to True to enable debugging on all services. @@ -109,6 +113,7 @@ outputs: ceilometer::agent::auth::auth_password: {get_param: CeilometerPassword} ceilometer::agent::auth::auth_url: {get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] } ceilometer::agent::notification::store_events: {get_param: CeilometerStoreEvents} + ceilometer::agent::notification::event_pipeline_publishers: {get_param: EventPipelinePublishers} ceilometer::agent::auth::auth_region: {get_param: KeystoneRegion} ceilometer::agent::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_endpoint_type: 'internalURL' diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml index e59dc202..d7f10757 100644 --- a/puppet/services/horizon.yaml +++ b/puppet/services/horizon.yaml @@ -61,6 +61,7 @@ outputs: horizon::enable_secure_proxy_ssl_header: true horizon::disable_password_reveal: true horizon::enforce_password_check: true + horizon::disallow_iframe_embed: true horizon::cache_backend: django.core.cache.backends.memcached.MemcachedCache horizon::django_session_engine: 'django.contrib.sessions.backends.cache' horizon::vhost_extra_params: diff --git a/puppet/services/neutron-plugin-ml2-ovn.yaml b/puppet/services/neutron-plugin-ml2-ovn.yaml index e98ed497..20dfda6a 100644 --- a/puppet/services/neutron-plugin-ml2-ovn.yaml +++ b/puppet/services/neutron-plugin-ml2-ovn.yaml @@ -18,13 +18,6 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json - OVNDbHost: - description: IP address on which the OVN DB servers are listening - type: string - OVNNorthboundServerPort: - description: Port of the OVN Northbound DB server - type: number - default: 6641 OVNDbConnectionTimeout: description: Timeout in seconds for the OVSDB connection transaction type: number @@ -68,9 +61,7 @@ outputs: config_settings: map_merge: - get_attr: [NeutronMl2Base, role_data, config_settings] - - ovn::northbound::port: {get_param: OVNNorthboundServerPort} - tripleo::profile::base::neutron::plugins::ml2::ovn::ovn_db_host: {get_param: OVNDbHost} - neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout} + - neutron::plugins::ovn::ovsdb_connection_timeout: {get_param: OVNDbConnectionTimeout} neutron::plugins::ovn::neutron_sync_mode: {get_param: OVNNeutronSyncMode} neutron::plugins::ovn::ovn_l3_mode: true neutron::plugins::ovn::vif_type: {get_param: OVNVifType} diff --git a/puppet/services/nova-base.yaml b/puppet/services/nova-base.yaml index 20bf2e42..05385607 100644 --- a/puppet/services/nova-base.yaml +++ b/puppet/services/nova-base.yaml @@ -123,3 +123,9 @@ outputs: - compute_upgrade_level_empty - {} - nova::upgrade_level_compute: {get_param: UpgradeLevelNovaCompute} + service_config_settings: + mysql: + nova::rabbit_password: {get_param: RabbitPassword} + nova::rabbit_userid: {get_param: RabbitUserName} + nova::rabbit_use_ssl: {get_param: RabbitClientUseSSL} + nova::rabbit_port: {get_param: RabbitClientPort} diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index 907ecddc..63d12fe2 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -8,6 +8,15 @@ parameters: default: 8081 description: Set opendaylight service port type: number + OpenDaylightUsername: + default: 'admin' + description: The username for the opendaylight server. + type: string + OpenDaylightPassword: + default: 'admin' + type: string + description: The password for the opendaylight server. + hidden: true OpenDaylightConnectionProtocol: description: L7 protocol used for REST access type: string @@ -46,6 +55,8 @@ outputs: service_name: opendaylight_ovs config_settings: opendaylight::odl_rest_port: {get_param: OpenDaylightPort} + opendaylight::username: {get_param: OpenDaylightUsername} + opendaylight::password: {get_param: OpenDaylightPassword} opendaylight_check_url: {get_param: OpenDaylightCheckURL} opendaylight::nb_connection_protocol: {get_param: OpenDaylightConnectionProtocol} neutron::agents::ml2::ovs::local_ip: {get_param: [ServiceNetMap, NeutronTenantNetwork]} diff --git a/puppet/services/ovn-dbs.yaml b/puppet/services/ovn-dbs.yaml new file mode 100644 index 00000000..302628d4 --- /dev/null +++ b/puppet/services/ovn-dbs.yaml @@ -0,0 +1,40 @@ +heat_template_version: 2016-04-08 + +description: > + OVN databases configured with puppet + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + OVNNorthboundServerPort: + description: Port of the OVN Northbound DB server + type: number + default: 6641 + OVNSouthboundServerPort: + description: Port of the OVN Southbound DB server + type: number + default: 6642 + +outputs: + role_data: + description: Role data for the OVN northd service + value: + service_name: ovn_dbs + config_settings: + ovn::northbound::port: {get_param: OVNNorthboundServerPort} + ovn::southbound::port: {get_param: OVNSouthboundServerPort} + ovn::northd::dbs_listen_ip: {get_param: [ServiceNetMap, OvnDbsNetwork]} + step_config: | + include ::tripleo::profile::base::neutron::ovn_northd diff --git a/puppet/services/services.yaml b/puppet/services/services.yaml index 13df5bbe..97f87061 100644 --- a/puppet/services/services.yaml +++ b/puppet/services/services.yaml @@ -42,6 +42,11 @@ resources: LoggingConfiguration: type: OS::TripleO::LoggingConfiguration + ServiceServerMetadataHook: + type: OS::TripleO::ServiceServerMetadataHook + properties: + RoleData: {get_attr: [ServiceChain, role_data]} + outputs: role_data: description: Combined Role data for this set of services. @@ -113,3 +118,4 @@ outputs: # Note we use distinct() here to filter any identical tasks, e.g yum update for all services expression: $.data.where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() data: {get_attr: [ServiceChain, role_data]} + service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]} diff --git a/puppet/services/swift-proxy.yaml b/puppet/services/swift-proxy.yaml index ba184ab0..94db9e41 100644 --- a/puppet/services/swift-proxy.yaml +++ b/puppet/services/swift-proxy.yaml @@ -1,4 +1,4 @@ -heat_template_version: 2016-04-08 +heat_template_version: 2016-10-14 description: > OpenStack Swift Proxy service configured with Puppet @@ -49,6 +49,18 @@ parameters: default: guest description: The username for RabbitMQ type: string + SwiftCeilometerPipelineEnabled: + description: Set to False to disable the swift proxy ceilometer pipeline. + default: True + type: boolean + RabbitClientPort: + default: 5672 + description: Set rabbit subscriber port, change this if using SSL + type: number + +conditions: + + ceilometer_pipeline_enabled: {equals : [{get_param: SwiftCeilometerPipelineEnabled}, True]} resources: SwiftBase: @@ -78,6 +90,8 @@ outputs: swift::proxy::ceilometer::rabbit_password: {get_param: RabbitPassword} swift::proxy::staticweb::url_base: {get_param: [EndpointMap, SwiftPublic, uri_no_suffix]} swift::proxy::ceilometer::nonblocking_notify: true + tripleo::profile::base::swift::proxy::rabbit_port: {get_param: RabbitClientPort} + tripleo::profile::base::swift::proxy::ceilometer_enabled: {get_param: SwiftCeilometerPipelineEnabled} tripleo.swift_proxy.firewall_rules: '122 swift proxy': dport: @@ -89,26 +103,34 @@ outputs: - ResellerAdmin swift::proxy::versioned_writes::allow_versioned_writes: true swift::proxy::pipeline: - - 'catch_errors' - - 'healthcheck' - - 'proxy-logging' - - 'cache' - - 'ratelimit' - - 'bulk' - - 'tempurl' - - 'formpost' - - 'authtoken' - - 'keystone' - - 'staticweb' - - 'copy' - - 'container-quotas' - - 'account-quotas' - - 'slo' - - 'dlo' - - 'versioned_writes' - - 'ceilometer' - - 'proxy-logging' - - 'proxy-server' + yaql: + expression: $.data.pipeline.where($ != '') + data: + pipeline: + - 'catch_errors' + - 'healthcheck' + - 'proxy-logging' + - 'cache' + - 'ratelimit' + - 'bulk' + - 'tempurl' + - 'formpost' + - 'authtoken' + - 'keystone' + - 'staticweb' + - 'copy' + - 'container-quotas' + - 'account-quotas' + - 'slo' + - 'dlo' + - 'versioned_writes' + - + if: + - ceilometer_pipeline_enabled + - 'ceilometer' + - '' + - 'proxy-logging' + - 'proxy-server' swift::proxy::account_autocreate: true # NOTE: bind IP is found in Heat replacing the network name with the # local node IP for the given network; replacement examples diff --git a/roles_data.yaml b/roles_data.yaml index 81ddf9ca..e96bd78d 100644 --- a/roles_data.yaml +++ b/roles_data.yaml @@ -97,6 +97,7 @@ - OS::TripleO::Services::BarbicanApi - OS::TripleO::Services::PankoApi - OS::TripleO::Services::Zaqar + - OS::TripleO::Services::OVNDBs - name: Compute CountDefault: 1 |