summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.rst2
-rw-r--r--capabilities-map.yaml7
-rw-r--r--ci/common/net-config-multinode-os-net-config.yaml4
-rw-r--r--ci/common/net-config-multinode.yaml4
-rw-r--r--ci/environments/multinode-containers.yaml5
-rw-r--r--ci/environments/multinode.yaml4
-rw-r--r--ci/environments/multinode_major_upgrade.yaml4
-rw-r--r--ci/environments/scenario001-multinode-containers.yaml23
-rw-r--r--ci/environments/scenario002-multinode-containers.yaml5
-rw-r--r--ci/environments/scenario004-multinode-containers.yaml1
-rw-r--r--common/deploy-steps-tasks.yaml (renamed from common/deploy-steps-playbook.yaml)8
-rw-r--r--common/deploy-steps.j265
-rw-r--r--common/services.yaml11
-rwxr-xr-xdocker/firstboot/setup_docker_host.sh8
-rw-r--r--docker/firstboot/setup_docker_host.yaml19
-rw-r--r--docker/services/aodh-api.yaml1
-rw-r--r--docker/services/ceph-ansible/ceph-base.yaml98
-rw-r--r--docker/services/ceph-ansible/ceph-mds.yaml83
-rw-r--r--docker/services/database/mongodb.yaml54
-rw-r--r--docker/services/database/mysql.yaml69
-rw-r--r--docker/services/glance-api.yaml11
-rw-r--r--docker/services/gnocchi-api.yaml1
-rw-r--r--docker/services/gnocchi-statsd.yaml9
-rw-r--r--docker/services/haproxy.yaml65
-rw-r--r--docker/services/heat-engine.yaml1
-rw-r--r--docker/services/horizon.yaml17
-rw-r--r--docker/services/logrotate-crond.yaml84
-rw-r--r--docker/services/neutron-api.yaml1
-rw-r--r--docker/services/nova-api.yaml27
-rw-r--r--docker/services/nova-libvirt.yaml66
-rw-r--r--docker/services/nova-metadata.yaml66
-rw-r--r--docker/services/nova-placement.yaml17
-rw-r--r--docker/services/pacemaker/cinder-backup.yaml35
-rw-r--r--docker/services/pacemaker/cinder-volume.yaml35
-rw-r--r--docker/services/pacemaker/database/mysql.yaml77
-rw-r--r--docker/services/pacemaker/database/redis.yaml31
-rw-r--r--docker/services/pacemaker/haproxy.yaml90
-rw-r--r--docker/services/pacemaker/manila-share.yaml171
-rw-r--r--docker/services/pacemaker/rabbitmq.yaml49
-rw-r--r--docker/services/panko-api.yaml1
-rw-r--r--docker/services/rabbitmq.yaml51
-rw-r--r--environments/ceph-ansible/ceph-mds.yaml2
-rw-r--r--environments/cinder-dellemc-unity-config.yaml14
-rw-r--r--environments/composable-roles/monolithic-ha.yaml59
-rw-r--r--environments/composable-roles/monolithic-nonha.yaml59
-rw-r--r--environments/composable-roles/standalone.yaml84
-rw-r--r--environments/contrail/roles_data_contrail.yaml10
-rw-r--r--environments/docker-centos-tripleoupstream.yaml125
-rw-r--r--environments/docker-services-tls-everywhere.yaml17
-rw-r--r--environments/docker.yaml8
-rw-r--r--environments/hyperconverged-ceph.yaml1
-rw-r--r--environments/major-upgrade-composable-steps.yaml2
-rw-r--r--environments/network-isolation-v6.j2.yaml58
-rw-r--r--environments/network-isolation-v6.yaml57
-rw-r--r--environments/network-management-v6.yaml4
-rw-r--r--environments/network-management.yaml4
-rw-r--r--environments/storage/external-ceph.yaml2
-rw-r--r--extraconfig/nova_metadata/krb-service-principals.j2.yaml (renamed from extraconfig/nova_metadata/krb-service-principals.yaml)44
-rw-r--r--extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml42
-rw-r--r--extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration14
-rw-r--r--j2_excludes.yaml10
-rw-r--r--net-config-bond.yaml4
-rw-r--r--net-config-bridge.yaml4
-rw-r--r--net-config-linux-bridge.yaml4
-rw-r--r--net-config-noop.yaml4
-rw-r--r--net-config-static-bridge-with-external-dhcp.yaml4
-rw-r--r--net-config-static-bridge.yaml4
-rw-r--r--net-config-static.yaml4
-rw-r--r--net-config-undercloud.yaml4
-rw-r--r--network/config/bond-with-vlans/ceph-storage.yaml4
-rw-r--r--network/config/bond-with-vlans/cinder-storage.yaml4
-rw-r--r--network/config/bond-with-vlans/compute-dpdk.yaml4
-rw-r--r--network/config/bond-with-vlans/compute.yaml4
-rw-r--r--network/config/bond-with-vlans/controller-no-external.yaml4
-rw-r--r--network/config/bond-with-vlans/controller-v6.yaml4
-rw-r--r--network/config/bond-with-vlans/controller.yaml4
-rw-r--r--network/config/bond-with-vlans/networker.yaml4
-rw-r--r--network/config/bond-with-vlans/swift-storage.yaml4
-rw-r--r--network/config/contrail/contrail-nic-config-compute.yaml4
-rw-r--r--network/config/contrail/contrail-nic-config.yaml4
-rw-r--r--network/config/multiple-nics/ceph-storage.yaml4
-rw-r--r--network/config/multiple-nics/cinder-storage.yaml4
-rw-r--r--network/config/multiple-nics/compute-dvr.yaml4
-rw-r--r--network/config/multiple-nics/compute.yaml4
-rw-r--r--network/config/multiple-nics/controller-v6.yaml4
-rw-r--r--network/config/multiple-nics/controller.yaml4
-rw-r--r--network/config/multiple-nics/networker.yaml4
-rw-r--r--network/config/multiple-nics/swift-storage.yaml4
-rw-r--r--network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml4
-rw-r--r--network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml4
-rw-r--r--network/config/single-nic-linux-bridge-vlans/compute.yaml4
-rw-r--r--network/config/single-nic-linux-bridge-vlans/controller-v6.yaml4
-rw-r--r--network/config/single-nic-linux-bridge-vlans/controller.yaml4
-rw-r--r--network/config/single-nic-linux-bridge-vlans/networker.yaml4
-rw-r--r--network/config/single-nic-linux-bridge-vlans/swift-storage.yaml4
-rw-r--r--network/config/single-nic-vlans/ceph-storage.yaml4
-rw-r--r--network/config/single-nic-vlans/cinder-storage.yaml4
-rw-r--r--network/config/single-nic-vlans/compute.yaml4
-rw-r--r--network/config/single-nic-vlans/controller-no-external.yaml4
-rw-r--r--network/config/single-nic-vlans/controller-v6.yaml4
-rw-r--r--network/config/single-nic-vlans/controller.yaml4
-rw-r--r--network/config/single-nic-vlans/networker.yaml4
-rw-r--r--network/config/single-nic-vlans/swift-storage.yaml4
-rw-r--r--network/external.yaml69
-rw-r--r--network/internal_api.yaml65
-rw-r--r--network/internal_api_v6.yaml10
-rw-r--r--network/management.yaml70
-rw-r--r--network/network.network.j2.yaml6
-rw-r--r--network/ports/internal_api.yaml2
-rw-r--r--network/ports/internal_api_from_pool.yaml4
-rw-r--r--network/ports/internal_api_from_pool_v6.yaml4
-rw-r--r--network/ports/internal_api_v6.yaml2
-rw-r--r--network/ports/net_ip_list_map.j2.yaml (renamed from network/ports/net_ip_list_map.yaml)46
-rw-r--r--network/ports/net_ip_map.j2.yaml81
-rw-r--r--network/ports/net_ip_map.yaml210
-rw-r--r--network/ports/net_vip_map_external.j2.yaml40
-rw-r--r--network/ports/net_vip_map_external.yaml68
-rw-r--r--network/ports/net_vip_map_external_v6.j2.yaml45
-rw-r--r--network/ports/net_vip_map_external_v6.yaml88
-rw-r--r--network/ports/storage_mgmt.yaml2
-rw-r--r--network/ports/storage_mgmt_from_pool.yaml4
-rw-r--r--network/ports/storage_mgmt_from_pool_v6.yaml4
-rw-r--r--network/ports/storage_mgmt_v6.yaml2
-rw-r--r--network/service_net_map.j2.yaml4
-rw-r--r--network/storage.yaml65
-rw-r--r--network/storage_mgmt.yaml65
-rw-r--r--network/storage_mgmt_v6.yaml8
-rw-r--r--network/tenant.yaml65
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml5
-rw-r--r--overcloud.j2.yaml211
-rw-r--r--puppet/all-nodes-config.yaml4
-rw-r--r--puppet/cephstorage-role.yaml718
-rw-r--r--puppet/services/README.rst14
-rw-r--r--puppet/services/ceph-base.yaml18
-rw-r--r--puppet/services/ceph-external.yaml18
-rw-r--r--puppet/services/ceph-mds.yaml12
-rw-r--r--puppet/services/cinder-backend-dellemc-unity.yaml85
-rw-r--r--puppet/services/haproxy-internal-tls-certmonger.yaml1
-rw-r--r--puppet/services/haproxy-public-tls-certmonger.yaml1
-rw-r--r--puppet/services/horizon.yaml16
-rw-r--r--puppet/services/manila-backend-cephfs.yaml9
-rw-r--r--puppet/services/neutron-metadata.yaml16
-rw-r--r--puppet/services/neutron-plugin-ml2.yaml7
-rw-r--r--puppet/services/nova-compute.yaml2
-rw-r--r--puppet/services/nova-libvirt.yaml4
-rw-r--r--puppet/services/nova-metadata.yaml37
-rw-r--r--puppet/services/pacemaker/cinder-volume.yaml20
-rw-r--r--puppet/services/pacemaker_remote.yaml13
-rw-r--r--puppet/services/tripleo-packages.yaml4
-rw-r--r--releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml5
-rw-r--r--releasenotes/notes/dont-unregister-on-delete-9708f7cbc73a0d2f.yaml8
-rw-r--r--releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml9
-rw-r--r--releasenotes/notes/neutron-ml2-overlay-ip-version-4f14932355847aa0.yaml5
-rw-r--r--releasenotes/notes/unity_cinder_e9872898724a11e7.yaml4
-rw-r--r--releasenotes/notes/workaround-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml8
-rw-r--r--releasenotes/source/conf.py2
-rw-r--r--roles/BlockStorage.yaml1
-rw-r--r--roles/CephStorage.yaml1
-rw-r--r--roles/Compute.yaml1
-rw-r--r--roles/ComputeHCI.yaml1
-rw-r--r--roles/ComputeOvsDpdk.yaml1
-rw-r--r--roles/Controller.yaml2
-rw-r--r--roles/ControllerOpenstack.yaml2
-rw-r--r--roles/Database.yaml2
-rw-r--r--roles/IronicConductor.yaml2
-rw-r--r--roles/Messaging.yaml2
-rw-r--r--roles/Networker.yaml2
-rw-r--r--roles/ObjectStorage.yaml1
-rw-r--r--roles/Telemetry.yaml3
-rw-r--r--roles/Undercloud.yaml1
-rw-r--r--roles_data.yaml6
-rw-r--r--roles_data_undercloud.yaml1
-rw-r--r--sample-env-generator/composable-roles.yaml174
-rwxr-xr-xtripleo_heat_templates/environment_generator.py2
174 files changed, 2517 insertions, 2137 deletions
diff --git a/README.rst b/README.rst
index 93c443bb..94f4f63c 100644
--- a/README.rst
+++ b/README.rst
@@ -82,7 +82,7 @@ and should be executed according to the following table:
| neutron-bgpvpn | | | | X | | |
+----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
| ovn | | | | | | X |
-+---------------------------------------------------------------------------------------------------------+
++----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
| neutron-l2gw | | | | X | | |
+----------------+-------------+-------------+-------------+-------------+-----------------+--------------+
| rabbitmq | X | X | X | X | X | X |
diff --git a/capabilities-map.yaml b/capabilities-map.yaml
index fdf2ad63..91daa689 100644
--- a/capabilities-map.yaml
+++ b/capabilities-map.yaml
@@ -312,6 +312,13 @@ topics:
Enables a Cinder Dell EMC Storage Center ISCSI backend
requires:
- overcloud-resource-registry-puppet.yaml
+ - file: environments/cinder-dellemc-unity-config.yaml
+ title: Cinder Dell EMC Unity backend
+ description: >
+ Enables a Cinder Dell EMC Unity backend,
+ configured via puppet
+ requires:
+ - overcloud-resource-registry-puppet.yaml
- file: environments/cinder-hpelefthand-config.yaml
title: Cinder HPELeftHandISCSI backend
description: >
diff --git a/ci/common/net-config-multinode-os-net-config.yaml b/ci/common/net-config-multinode-os-net-config.yaml
index 6f4542bd..9d45a9ff 100644
--- a/ci/common/net-config-multinode-os-net-config.yaml
+++ b/ci/common/net-config-multinode-os-net-config.yaml
@@ -15,7 +15,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -23,7 +23,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/ci/common/net-config-multinode.yaml b/ci/common/net-config-multinode.yaml
index f7e250e2..6beb62f0 100644
--- a/ci/common/net-config-multinode.yaml
+++ b/ci/common/net-config-multinode.yaml
@@ -15,7 +15,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -23,7 +23,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml
index 7768c4f0..03baf4aa 100644
--- a/ci/environments/multinode-containers.yaml
+++ b/ci/environments/multinode-containers.yaml
@@ -52,9 +52,7 @@ parameter_defaults:
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- - OS::TripleO::Services::SwiftProxy
- - OS::TripleO::Services::SwiftStorage
- - OS::TripleO::Services::SwiftRingBuilder
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::TripleoPackages
@@ -75,3 +73,4 @@ parameter_defaults:
SwiftCeilometerPipelineEnabled: False
Debug: True
NotificationDriver: 'noop'
+ GlanceBackend: 'file'
diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml
index 2b25e58e..f945a021 100644
--- a/ci/environments/multinode.yaml
+++ b/ci/environments/multinode.yaml
@@ -48,9 +48,6 @@ parameter_defaults:
- OS::TripleO::Services::NovaMetadata
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
- - OS::TripleO::Services::SwiftProxy
- - OS::TripleO::Services::SwiftStorage
- - OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::NovaCompute
@@ -72,3 +69,4 @@ parameter_defaults:
SwiftCeilometerPipelineEnabled: False
Debug: True
NotificationDriver: 'noop'
+ GlanceBackend: 'file'
diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml
index d8f71414..81301349 100644
--- a/ci/environments/multinode_major_upgrade.yaml
+++ b/ci/environments/multinode_major_upgrade.yaml
@@ -32,9 +32,6 @@ parameter_defaults:
- OS::TripleO::Services::HeatApiCfn
- OS::TripleO::Services::HeatApiCloudwatch
- OS::TripleO::Services::HeatEngine
- - OS::TripleO::Services::SwiftProxy
- - OS::TripleO::Services::SwiftStorage
- - OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::SaharaApi
- OS::TripleO::Services::SaharaEngine
- OS::TripleO::Services::MySQL
@@ -68,3 +65,4 @@ parameter_defaults:
SwiftCeilometerPipelineEnabled: False
Debug: True
NotificationDriver: 'noop'
+ GlanceBackend: 'file'
diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml
index 73dc5b14..edc03d6c 100644
--- a/ci/environments/scenario001-multinode-containers.yaml
+++ b/ci/environments/scenario001-multinode-containers.yaml
@@ -7,9 +7,9 @@ resource_registry:
OS::TripleO::Controller::Net::SoftwareConfig: ../common/net-config-multinode.yaml
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
# TODO deploy ceph with ceph-ansible: https://review.openstack.org/#/c/465066/
- OS::TripleO::Services::CephMon: ../../puppet/services/ceph-mon.yaml
- OS::TripleO::Services::CephOSD: ../../puppet/services/ceph-osd.yaml
- OS::TripleO::Services::CephClient: ../../puppet/services/ceph-client.yaml
+ OS::TripleO::Services::CephMon: ../../docker/services/ceph-ansible/ceph-mon.yaml
+ OS::TripleO::Services::CephOSD: ../../docker/services/ceph-ansible/ceph-osd.yaml
+ OS::TripleO::Services::CephClient: ../../docker/services/ceph-ansible/ceph-client.yaml
OS::TripleO::Services::PankoApi: ../../docker/services/panko-api.yaml
OS::TripleO::Services::Collectd: ../../docker/services/collectd.yaml
OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml
@@ -99,9 +99,19 @@ parameter_defaults:
Debug: true
#NOTE(gfidente): not great but we need this to deploy on ext4
#http://docs.ceph.com/docs/jewel/rados/configuration/filesystem-recommendations/
- ExtraConfig:
- ceph::profile::params::osd_max_object_name_len: 256
- ceph::profile::params::osd_max_object_namespace_len: 64
+ CephAnsibleDisksConfig:
+ devices:
+ - /dev/loop3
+ journal_size: 512
+ journal_collocation: true
+ CephAnsibleExtraConfig:
+ ceph_conf_overrides:
+ global:
+ osd_pool_default_size: 1
+ osd_pool_default_pg_num: 32
+ osd_max_object_name_len: 256
+ osd_max_object_namespace_len: 64
+ CephAnsibleSkipTags: ''
#NOTE: These ID's and keys should be regenerated for
# a production deployment. What is here is suitable for
# developer and CI testing only.
@@ -109,6 +119,7 @@ parameter_defaults:
CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+ CephPoolDefaultSize: 1
NovaEnableRbdBackend: true
CinderEnableRbdBackend: true
CinderBackupBackend: ceph
diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml
index d300f773..fe06ef66 100644
--- a/ci/environments/scenario002-multinode-containers.yaml
+++ b/ci/environments/scenario002-multinode-containers.yaml
@@ -8,7 +8,10 @@ resource_registry:
OS::TripleO::Compute::Net::SoftwareConfig: ../common/net-config-multinode.yaml
# TODO: Barbican is not yet containerized: https://review.openstack.org/#/c/474327
# OS::TripleO::Services::BarbicanApi: ../../docker/services/barbican-api.yaml
- OS::TripleO::Services::Zaqar: ../../docker/services/zaqar.yaml
+ OS::TripleO::Services::BarbicanApi: ../../puppet/services/barbican-api.yaml
+ # TODO: Zaqar doesn't work when containerized
+ # https://bugs.launchpad.net/tripleo/+bug/1710959
+ OS::TripleO::Services::Zaqar: ../../puppet/services/zaqar.yaml
OS::TripleO::Services::Ec2Api: ../../docker/services/ec2-api.yaml
# NOTE: This is needed because of upgrades from Ocata to Pike. We
# deploy the initial environment with Ocata templates, and
diff --git a/ci/environments/scenario004-multinode-containers.yaml b/ci/environments/scenario004-multinode-containers.yaml
index 6d795f97..5590de26 100644
--- a/ci/environments/scenario004-multinode-containers.yaml
+++ b/ci/environments/scenario004-multinode-containers.yaml
@@ -95,6 +95,7 @@ parameter_defaults:
CephMonKey: 'AQC+Ox1VmEr3BxAALZejqeHj50Nj6wJDvs96OQ=='
CephAdminKey: 'AQDLOh1VgEp6FRAAFzT7Zw+Y9V6JJExQAsRnRQ=='
CephClientKey: 'AQC+vYNXgDAgAhAAc8UoYt+OTz5uhV7ItLdwUw=='
+ CephPoolDefaultSize: 1
SwiftCeilometerPipelineEnabled: false
NeutronServicePlugins: 'router, networking_bgpvpn.neutron.services.plugin.BGPVPNPlugin'
BgpvpnServiceProvider: 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
diff --git a/common/deploy-steps-playbook.yaml b/common/deploy-steps-tasks.yaml
index b884e0e7..998bbe0c 100644
--- a/common/deploy-steps-playbook.yaml
+++ b/common/deploy-steps-tasks.yaml
@@ -1,6 +1,6 @@
-- hosts: localhost
- connection: local
- tasks:
+ # Note the indentation here is required as it's joined
+ # to create a playbook in deploy-steps.j2
+
#####################################################
# Per step puppet configuration of the baremetal host
#####################################################
@@ -27,7 +27,7 @@
shell: python /var/lib/docker-puppet/docker-puppet.py
environment:
NET_HOST: 'true'
- DEBUG: '{{docker_puppet_debug}}'
+ DEBUG: '{{docker_puppet_debug|default(false)}}'
when: step == "1"
changed_when: false
check_mode: no
diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2
index e5d7e98c..8d17c223 100644
--- a/common/deploy-steps.j2
+++ b/common/deploy-steps.j2
@@ -10,6 +10,8 @@
{%- set primary_role_name = primary_role[0].name -%}
# primary role is: {{primary_role_name}}
{% set deploy_steps_max = 6 -%}
+{% set update_steps_max = 6 -%}
+{% set upgrade_steps_max = 6 -%}
heat_template_version: pike
@@ -72,7 +74,15 @@ resources:
- name: update_identifier
- name: bootstrap_server_id
- name: docker_puppet_debug
- config: {get_file: deploy-steps-playbook.yaml}
+ config:
+ str_replace:
+ template: |
+ - hosts: localhost
+ connection: local
+ tasks:
+ _TASKS
+ params:
+ _TASKS: {get_file: deploy-steps-tasks.yaml}
{%- for step in range(1, deploy_steps_max) %}
# BEGIN service_workflow_tasks handling
@@ -235,7 +245,7 @@ resources:
{% for step in range(1, deploy_steps_max) %}
{{role.name}}Deployment_Step{{step}}:
- type: OS::Heat::StructuredDeploymentGroup
+ type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step{{step}}_Execution
# TODO(gfidente): the following if/else condition
@@ -294,3 +304,54 @@ resources:
{% endfor %}
+
+outputs:
+ RoleConfig:
+ description: Mapping of config data for all roles
+ value:
+ deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml}
+ deploy_steps_playbook: |
+ - hosts: overcloud
+ tasks:
+{%- for role in roles %}
+ - include: {{role.name}}/host_prep_tasks.yaml
+ when: role_name == '{{role.name}}'
+{%- endfor %}
+ - include: deploy_steps_tasks.yaml
+ with_sequence: count={{deploy_steps_max-1}}
+ loop_control:
+ loop_var: step
+ update_steps_tasks: |
+{%- for role in roles %}
+ - include: {{role.name}}/update_tasks.yaml
+ when: role_name == '{{role.name}}'
+{%- endfor %}
+ update_steps_playbook: |
+ - hosts: overcloud
+ serial: 1
+ tasks:
+ - include: update_steps_tasks.yaml
+ with_sequence: count={{update_steps_max-1}}
+ loop_control:
+ loop_var: step
+ - include: deploy_steps_tasks.yaml
+ with_sequence: count={{deploy_steps_max-1}}
+ loop_control:
+ loop_var: step
+ upgrade_steps_tasks: |
+{%- for role in roles %}
+ - include: {{role.name}}/upgrade_tasks.yaml
+ when: role_name == '{{role.name}}'
+{%- endfor %}
+ upgrade_steps_playbook: |
+ - hosts: overcloud
+ tasks:
+ - include: upgrade_steps_tasks.yaml
+ with_sequence: count={{upgrade_steps_max-1}}
+ loop_control:
+ loop_var: step
+ - include: deploy_steps_tasks.yaml
+ with_sequence: count={{deploy_steps_max-1}}
+ loop_control:
+ loop_var: step
+
diff --git a/common/services.yaml b/common/services.yaml
index 0bc3462f..a8186e43 100644
--- a/common/services.yaml
+++ b/common/services.yaml
@@ -193,6 +193,16 @@ resources:
expression: coalesce($.data, []).where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct()
data: {get_attr: [ServiceChain, role_data]}
+ UpdateTasks:
+ type: OS::Heat::Value
+ properties:
+ type: comma_delimited_list
+ value:
+ yaql:
+ # Note we use distinct() here to filter any identical tasks, e.g yum update for all services
+ expression: coalesce($.data, []).where($ != null).select($.get('update_tasks')).where($ != null).flatten().distinct()
+ data: {get_attr: [ServiceChain, role_data]}
+
UpgradeBatchTasks:
type: OS::Heat::Value
properties:
@@ -253,6 +263,7 @@ outputs:
service_workflow_tasks: {get_attr: [ServiceWorkflowTasks, value]}
step_config: {get_attr: [PuppetStepConfig, value]}
upgrade_tasks: {get_attr: [UpgradeTasks, value]}
+ update_tasks: {get_attr: [UpdateTasks, value]}
upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]}
service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}
diff --git a/docker/firstboot/setup_docker_host.sh b/docker/firstboot/setup_docker_host.sh
deleted file mode 100755
index 8b4c6a03..00000000
--- a/docker/firstboot/setup_docker_host.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-set -eux
-# This file contains setup steps that can't be or have not yet been moved to
-# puppet
-
-# Disable libvirtd since it conflicts with nova_libvirt container
-/usr/bin/systemctl disable libvirtd.service
-/usr/bin/systemctl stop libvirtd.service
diff --git a/docker/firstboot/setup_docker_host.yaml b/docker/firstboot/setup_docker_host.yaml
deleted file mode 100644
index ddfa8802..00000000
--- a/docker/firstboot/setup_docker_host.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-heat_template_version: pike
-
-resources:
-
- userdata:
- type: OS::Heat::MultipartMime
- properties:
- parts:
- - config: {get_resource: setup_docker_host}
-
- setup_docker_host:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config: {get_file: ./setup_docker_host.sh}
-
-outputs:
- OS::stack_id:
- value: {get_resource: userdata}
diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml
index 8afb6d28..da4b981c 100644
--- a/docker/services/aodh-api.yaml
+++ b/docker/services/aodh-api.yaml
@@ -114,6 +114,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
+ - /var/lib/config-data/aodh/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/aodh/etc/aodh/:/etc/aodh/:ro
- /var/log/containers/aodh:/var/log/aodh
command: "/usr/bin/bootstrap_host_exec aodh_api su aodh -s /bin/bash -c /usr/bin/aodh-dbsync"
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml
index 1468415e..f09e98ce 100644
--- a/docker/services/ceph-ansible/ceph-base.yaml
+++ b/docker/services/ceph-ansible/ceph-base.yaml
@@ -30,6 +30,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ StackUpdateType:
+ type: string
+ description: >
+ Type of update, to differentiate between UPGRADE and UPDATE cases
+ when StackAction is UPDATE (both are the same stack action).
+ constraints:
+ - allowed_values: ['', 'UPGRADE']
+ default: ''
CephAnsibleWorkflowName:
type: string
description: Name of the Mistral workflow to execute
@@ -38,10 +46,18 @@ parameters:
type: string
description: Path to the ceph-ansible playbook to execute
default: /usr/share/ceph-ansible/site-docker.yml.sample
+ CephAnsibleUpgradePlaybook:
+ type: string
+ description: Path to the ceph-ansible playbook to execute on upgrade
+ default: /usr/share/ceph-ansible/infrastructure-playbooks/take-over-existing-cluster.yml
CephAnsibleExtraConfig:
type: json
description: Extra vars for the ceph-ansible playbook
default: {}
+ CephAnsibleSkipTags:
+ type: string
+ description: List of ceph-ansible tags to skip
+ default: 'package-install,with_pkg'
CephClusterFSID:
type: string
description: The Ceph cluster FSID. Must be a UUID.
@@ -78,7 +94,7 @@ parameters:
default: vms
type: string
CephClientKey:
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClientUserName:
@@ -88,6 +104,14 @@ parameters:
description: default minimum replication for RBD copies
type: number
default: 3
+ ManilaCephFSNativeCephFSAuthId:
+ default: manila
+ type: string
+ CephManilaClientKey:
+ default: ''
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
CephIPv6:
default: False
type: boolean
@@ -101,6 +125,35 @@ conditions:
yaql:
data: {get_param: DockerCephDaemonImage}
expression: $.data.split('/')[0].matches('(\.|:)')
+ perform_upgrade:
+ equals: [{get_param: StackUpdateType}, 'UPGRADE']
+
+resources:
+ DockerImageUrlParts:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ host:
+ if:
+ - custom_registry_host
+ - yaql:
+ expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*)/').split($location)[1]
+ data: {get_param: DockerCephDaemonImage}
+ - docker.io
+ image:
+ if:
+ - custom_registry_host
+ - yaql:
+ expression: let(location => $.data.rightSplit(':', 1)[0]) -> regex('(?:https?://)?(.*)/').split($location)[2]
+ data: {get_param: DockerCephDaemonImage}
+ - yaql:
+ expression: $.data.rightSplit(':', 1)[0]
+ data: {get_param: DockerCephDaemonImage}
+ image_tag:
+ yaql:
+ expression: $.data.rightSplit(':', 1)[1]
+ data: {get_param: DockerCephDaemonImage}
outputs:
role_data:
@@ -119,29 +172,24 @@ outputs:
- name: ceph_base_ansible_workflow
workflow: { get_param: CephAnsibleWorkflowName }
input:
+ ansible_skip_tags: {get_param: CephAnsibleSkipTags}
ceph_ansible_extra_vars: {get_param: CephAnsibleExtraConfig}
- ceph_ansible_playbook: {get_param: CephAnsiblePlaybook}
+ ceph_ansible_playbook:
+ if:
+ - perform_upgrade
+ - {get_param: CephAnsibleUpgradePlaybook}
+ - {get_param: CephAnsiblePlaybook}
config_settings:
ceph_common_ansible_vars:
+ ireallymeanit: 'yes'
fsid: { get_param: CephClusterFSID }
docker: true
- ceph_docker_registry:
- if:
- - custom_registry_host
- - yaql:
- expression: regex('(?:https?://)?(.*)/').split($.data)[1]
- data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]}
- - docker.io
- ceph_docker_image:
- if:
- - custom_registry_host
- - yaql:
- expression: regex('(?:https?://)?(.*)/').split($.data)[2]
- data: {str_split: [':', {get_param: DockerCephDaemonImage}, 0]}
- - {str_split: [':', {get_param: DockerCephDaemonImage}, 0]}
- ceph_docker_image_tag: {str_split: [':', {get_param: DockerCephDaemonImage}, 1]}
+ ceph_docker_registry: {get_attr: [DockerImageUrlParts, value, host]}
+ ceph_docker_image: {get_attr: [DockerImageUrlParts, value, image]}
+ ceph_docker_image_tag: {get_attr: [DockerImageUrlParts, value, image_tag]}
containerized_deployment: true
public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
+ monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
user_config: true
ceph_stable: true
@@ -185,11 +233,17 @@ outputs:
CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
- acls:
- - "u:glance:r--"
- - "u:nova:r--"
- - "u:cinder:r--"
- - "u:gnocchi:r--"
+ mode: "0644"
+ - name:
+ list_join:
+ - '.'
+ - - client
+ - {get_param: ManilaCephFSNativeCephFSAuthId}
+ key: {get_param: CephManilaClientKey}
+ mon_cap: "allow r, allow command auth del, allow command auth caps, allow command auth get, allow command auth get-or-create"
+ mds_cap: "allow *"
+ osd_cap: "allow rw"
+ mode: "0644"
keys: *openstack_keys
pools: []
ceph_conf_overrides:
diff --git a/docker/services/ceph-ansible/ceph-mds.yaml b/docker/services/ceph-ansible/ceph-mds.yaml
new file mode 100644
index 00000000..4ef3a669
--- /dev/null
+++ b/docker/services/ceph-ansible/ceph-mds.yaml
@@ -0,0 +1,83 @@
+heat_template_version: pike
+
+description: >
+ Ceph Metadata service.
+
+parameters:
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ CephMdsKey:
+ description: The cephx key for the MDS service. Can be created
+ with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
+ ManilaCephFSDataPoolName:
+ default: manila_data
+ type: string
+ ManilaCephFSMetadataPoolName:
+ default: manila_metadata
+ type: string
+ ManilaCephFSNativeShareBackendName:
+ default: cephfs
+ type: string
+
+resources:
+ CephBase:
+ type: ./ceph-base.yaml
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Ceph Metadata service.
+ value:
+ service_name: ceph_mds
+ upgrade_tasks: []
+ step_config: ''
+ puppet_config:
+ config_image: ''
+ config_volume: ''
+ step_config: ''
+ docker_config: {}
+ service_workflow_tasks: {get_attr: [CephBase, role_data, service_workflow_tasks]}
+ config_settings:
+ map_merge:
+ - tripleo.ceph_mds.firewall_rules:
+ '112 ceph_mds':
+ dport:
+ - '6800-7300'
+ - ceph_mds_ansible_vars:
+ map_merge:
+ - {get_attr: [CephBase, role_data, config_settings, ceph_common_ansible_vars]}
+ - cephfs_data: {get_param: ManilaCephFSDataPoolName}
+ cephfs_metadata: {get_param: ManilaCephFSMetadataPoolName}
+ cephfs: {get_param: ManilaCephFSNativeShareBackendName}
diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml
index 5ba79b31..9b5c5b8f 100644
--- a/docker/services/database/mongodb.yaml
+++ b/docker/services/database/mongodb.yaml
@@ -36,6 +36,18 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -77,6 +89,10 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-tls/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/lib/mongodb
owner: mongodb:mongodb
@@ -84,6 +100,8 @@ outputs:
- path: /var/log/mongodb
owner: mongodb:mongodb
recurse: true
+ - path: /etc/pki/tls/certs/mongodb.pem
+ owner: mongodb:mongodb
docker_config:
step_2:
mongodb:
@@ -91,11 +109,21 @@ outputs:
net: host
privileged: false
volumes: &mongodb_volumes
- - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro
- - /etc/localtime:/etc/localtime:ro
- - /var/log/containers/mongodb:/var/log/mongodb
- - /var/lib/mongodb:/var/lib/mongodb
+ list_concat:
+ - - /var/lib/kolla/config_files/mongodb.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/puppet-generated/mongodb/:/var/lib/kolla/config_files/src:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /var/log/containers/mongodb:/var/log/mongodb
+ - /var/lib/mongodb:/var/lib/mongodb
+ - if:
+ - internal_tls_enabled
+ - - list_join:
+ - ':'
+ - - {get_param: InternalTLSCAFile}
+ - {get_param: InternalTLSCAFile}
+ - 'ro'
+ - /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro
+ - null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:
@@ -106,8 +134,18 @@ outputs:
step_config: 'include ::tripleo::profile::base::database::mongodb'
config_image: *mongodb_config_image
volumes:
- - /var/lib/mongodb:/var/lib/mongodb
- - /var/log/containers/mongodb:/var/log/mongodb
+ list_concat:
+ - - /var/lib/mongodb:/var/lib/mongodb
+ - /var/log/containers/mongodb:/var/log/mongodb
+ - if:
+ - internal_tls_enabled
+ - - list_join:
+ - ':'
+ - - {get_param: InternalTLSCAFile}
+ - {get_param: InternalTLSCAFile}
+ - 'ro'
+ - /etc/pki/tls/certs/mongodb.pem:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mongodb.pem:ro
+ - null
host_prep_tasks:
- name: create persistent directories
file:
@@ -116,6 +154,8 @@ outputs:
with_items:
- /var/log/containers/mongodb
- /var/lib/mongodb
+ metadata_settings:
+ get_attr: [MongodbPuppetBase, role_data, metadata_settings]
upgrade_tasks:
- name: Stop and disable mongodb service
tags: step2
diff --git a/docker/services/database/mysql.yaml b/docker/services/database/mysql.yaml
index 54331415..402dc351 100644
--- a/docker/services/database/mysql.yaml
+++ b/docker/services/database/mysql.yaml
@@ -40,6 +40,18 @@ parameters:
type: string
hidden: true
default: ''
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -86,10 +98,21 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-tls/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ optional: true
permissions:
- path: /var/lib/mysql
owner: mysql:mysql
recurse: true
+ - path: /etc/pki/tls/certs/mysql.crt
+ owner: mysql:mysql
+ optional: true
+ - path: /etc/pki/tls/private/mysql.key
+ owner: mysql:mysql
+ optional: true
docker_config:
# Kolla_bootstrap runs before permissions set by kolla_config
step_1:
@@ -108,12 +131,25 @@ outputs:
# Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
command: ['bash', '-c', 'test -e /var/lib/mysql/mysql || kolla_start']
volumes: &mysql_volumes
- - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
- - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro
- - /etc/localtime:/etc/localtime:ro
- - /etc/hosts:/etc/hosts:ro
- - /var/lib/mysql:/var/lib/mysql
- - /var/log/containers/mysql:/var/log/mariadb
+ list_concat:
+ -
+ - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json
+ - /var/lib/config-data/puppet-generated/mysql/:/var/lib/kolla/config_files/src:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/hosts:/etc/hosts:ro
+ - /var/lib/mysql:/var/lib/mysql
+ - /var/log/containers/mysql:/var/log/mariadb
+ - if:
+ - internal_tls_enabled
+ -
+ - list_join:
+ - ':'
+ - - {get_param: InternalTLSCAFile}
+ - {get_param: InternalTLSCAFile}
+ - 'ro'
+ - /etc/pki/tls/certs/mysql.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mysql.crt:ro
+ - /etc/pki/tls/private/mysql.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/mysql.key:ro
+ - null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- KOLLA_BOOTSTRAP=True
@@ -146,9 +182,24 @@ outputs:
step_config: 'include ::tripleo::profile::base::database::mysql'
config_image: *mysql_config_image
volumes:
- - /var/lib/mysql:/var/lib/mysql/:ro
- - /var/log/containers/mysql:/var/log/mariadb
- - /var/lib/config-data/mysql/root:/root:ro #provides .my.cnf
+ list_concat:
+ -
+ - /var/lib/mysql:/var/lib/mysql/:ro
+ - /var/log/containers/mysql:/var/log/mariadb
+ - /var/lib/config-data/mysql/root:/root:ro #provides .my.cnf
+ - if:
+ - internal_tls_enabled
+ -
+ - list_join:
+ - ':'
+ - - {get_param: InternalTLSCAFile}
+ - {get_param: InternalTLSCAFile}
+ - 'ro'
+ - /etc/pki/tls/certs/mysql.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mysql.crt:ro
+ - /etc/pki/tls/private/mysql.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/mysql.key:ro
+ - null
+ metadata_settings:
+ get_attr: [MysqlPuppetBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent directories
file:
diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml
index 044eb283..df226b15 100644
--- a/docker/services/glance-api.yaml
+++ b/docker/services/glance-api.yaml
@@ -39,10 +39,16 @@ parameters:
EnableInternalTLS:
type: boolean
default: false
+ GlanceNfsEnabled:
+ default: false
+ description: >
+ When using GlanceBackend 'file', mount NFS share for image storage.
+ type: boolean
conditions:
internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+ nfs_backend_enabled: {equals: [{get_param: GlanceNfsEnabled}, true]}
resources:
@@ -128,6 +134,11 @@ outputs:
- /var/lib/config-data/puppet-generated/glance_api/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/glance:/var/log/glance
- /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
+ -
+ if:
+ - nfs_backend_enabled
+ - /var/lib/glance:/var/lib/glance
+ - ''
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml
index 7c6b6766..1443da40 100644
--- a/docker/services/gnocchi-api.yaml
+++ b/docker/services/gnocchi-api.yaml
@@ -116,6 +116,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
+ - /var/lib/config-data/gnocchi/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
- /etc/ceph:/etc/ceph:ro
diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml
index 19e658cd..2957312b 100644
--- a/docker/services/gnocchi-statsd.yaml
+++ b/docker/services/gnocchi-statsd.yaml
@@ -81,6 +81,10 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/gnocchi
owner: gnocchi:gnocchi
@@ -99,6 +103,7 @@ outputs:
- /var/lib/kolla/config_files/gnocchi_statsd.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
@@ -106,6 +111,10 @@ outputs:
file:
path: /var/log/containers/gnocchi
state: directory
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
upgrade_tasks:
- name: Stop and disable openstack-gnocchi-statsd service
tags: step2
diff --git a/docker/services/haproxy.yaml b/docker/services/haproxy.yaml
index 2f0584ea..f0e2f71d 100644
--- a/docker/services/haproxy.yaml
+++ b/docker/services/haproxy.yaml
@@ -60,6 +60,18 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -86,6 +98,9 @@ outputs:
- get_attr: [HAProxyBase, role_data, config_settings]
- tripleo::haproxy::haproxy_daemon: false
tripleo::haproxy::haproxy_service_manage: false
+ # NOTE(jaosorior): We disable the CRL since we have no way to restart haproxy
+ # when this is updated
+ tripleo::haproxy::crl_file: null
step_config: &step_config
get_attr: [HAProxyBase, role_data, step_config]
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
@@ -96,12 +111,23 @@ outputs:
step_config:
"class {'::tripleo::profile::base::haproxy': manage_firewall => false}"
config_image: {get_param: DockerHAProxyConfigImage}
- volumes: &deployed_cert_mount
- - list_join:
- - ':'
- - - {get_param: DeployedSSLCertificatePath}
- - {get_param: DeployedSSLCertificatePath}
- - 'ro'
+ volumes:
+ list_concat:
+ - - list_join:
+ - ':'
+ - - {get_param: DeployedSSLCertificatePath}
+ - {get_param: DeployedSSLCertificatePath}
+ - 'ro'
+ - if:
+ - internal_tls_enabled
+ - - /etc/pki/tls/certs/haproxy:/etc/pki/tls/certs/haproxy:ro
+ - /etc/pki/tls/private/haproxy:/etc/pki/tls/private/haproxy:ro
+ - list_join:
+ - ':'
+ - - {get_param: InternalTLSCAFile}
+ - {get_param: InternalTLSCAFile}
+ - 'ro'
+ - null
kolla_config:
/var/lib/kolla/config_files/haproxy.json:
command: haproxy -f /etc/haproxy/haproxy.cfg
@@ -110,6 +136,16 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-tls/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ optional: true
+ permissions:
+ - path: /etc/pki/tls/certs/haproxy
+ owner: haproxy:haproxy
+ recurse: true
+ optional: true
docker_config:
step_1:
haproxy_firewall:
@@ -133,7 +169,6 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- - *deployed_cert_mount
-
- /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro
@@ -154,10 +189,24 @@ outputs:
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
- - *deployed_cert_mount
-
- /var/lib/kolla/config_files/haproxy.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/haproxy/:/var/lib/kolla/config_files/src:ro
+ - list_join:
+ - ':'
+ - - {get_param: DeployedSSLCertificatePath}
+ - {get_param: DeployedSSLCertificatePath}
+ - 'ro'
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/haproxy:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/haproxy:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/haproxy:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
diff --git a/docker/services/heat-engine.yaml b/docker/services/heat-engine.yaml
index a20dc131..fdba7d58 100644
--- a/docker/services/heat-engine.yaml
+++ b/docker/services/heat-engine.yaml
@@ -109,6 +109,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
+ - /var/lib/config-data/heat/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/heat/etc/heat/:/etc/heat/:ro
- /var/log/containers/heat:/var/log/heat
command: "/usr/bin/bootstrap_host_exec heat_engine su heat -s /bin/bash -c 'heat-manage db_sync'"
diff --git a/docker/services/horizon.yaml b/docker/services/horizon.yaml
index 3d3bc7c3..f2f2b8dc 100644
--- a/docker/services/horizon.yaml
+++ b/docker/services/horizon.yaml
@@ -36,6 +36,13 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -117,6 +124,16 @@ outputs:
- /var/lib/kolla/config_files/horizon.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/horizon/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/horizon:/var/log/horizon
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
diff --git a/docker/services/logrotate-crond.yaml b/docker/services/logrotate-crond.yaml
new file mode 100644
index 00000000..f49fd36b
--- /dev/null
+++ b/docker/services/logrotate-crond.yaml
@@ -0,0 +1,84 @@
+heat_template_version: pike
+
+description: >
+ Containerized logrotate with crond for containerized service logs rotation
+
+parameters:
+ DockerCrondImage:
+ description: image
+ type: string
+ DockerCrondConfigImage:
+ description: The container image to use for the crond config_volume
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+
+resources:
+
+ ContainersCommon:
+ type: ./containers-common.yaml
+
+outputs:
+ role_data:
+ description: Role data for the crond role.
+ value:
+ service_name: logrotate_crond
+ config_settings: {}
+ step_config: &step_config |
+ include ::tripleo::profile::base::logging::logrotate
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: crond
+ step_config: *step_config
+ config_image: {get_param: DockerCrondConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/logrotate-crond.json:
+ command: /usr/sbin/crond -s -n
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ docker_config:
+ step_4:
+ logrotate_crond:
+ image: {get_param: DockerCrondImage}
+ net: none
+ pid: host
+ privileged: true
+ user: root
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/logrotate-crond.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/logrotate-crond/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers:/var/log/containers
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml
index b4fce226..85a07128 100644
--- a/docker/services/neutron-api.yaml
+++ b/docker/services/neutron-api.yaml
@@ -122,6 +122,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
+ - /var/lib/config-data/neutron/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/neutron/etc/neutron:/etc/neutron:ro
- /var/lib/config-data/neutron/usr/share/neutron:/usr/share/neutron:ro
- /var/log/containers/neutron:/var/log/neutron
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index da461049..be2c8a5e 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -36,6 +36,13 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -64,9 +71,6 @@ outputs:
map_merge:
- get_attr: [NovaApiBase, role_data, config_settings]
- apache::default_vhost: false
- nova_wsgi_enabled: false
- nova::api::service_name: '%{::nova::params::api_service_name}'
- nova::wsgi::apache_api::ssl: false
step_config: &step_config
list_join:
- "\n"
@@ -82,7 +86,7 @@ outputs:
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_api.json:
- command: /usr/bin/nova-api
+ command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
@@ -112,7 +116,7 @@ outputs:
user: root
volumes:
- /var/log/containers/nova:/var/log/nova
- command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
+ command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R nova:nova /var/log/nova']
step_3:
nova_api_db_sync:
start_order: 0
@@ -124,6 +128,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
+ - /var/lib/config-data/nova/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/nova/etc/nova/:/etc/nova/:ro
- /var/log/containers/nova:/var/log/nova
command: "/usr/bin/bootstrap_host_exec nova_api su nova -s /bin/bash -c '/usr/bin/nova-manage api_db sync'"
@@ -163,7 +168,7 @@ outputs:
start_order: 2
image: *nova_api_image
net: host
- user: nova
+ user: root
privileged: true
restart: always
volumes:
@@ -173,6 +178,16 @@ outputs:
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
nova_api_cron:
diff --git a/docker/services/nova-libvirt.yaml b/docker/services/nova-libvirt.yaml
index 916b057e..47414083 100644
--- a/docker/services/nova-libvirt.yaml
+++ b/docker/services/nova-libvirt.yaml
@@ -12,10 +12,6 @@ parameters:
DockerNovaLibvirtConfigImage:
description: The container image to use for the nova_libvirt config_volume
type: string
- EnablePackageInstall:
- default: 'false'
- description: Set to true to enable package installation at deploy time
- type: boolean
ServiceData:
default: {}
description: Dictionary packing service data
@@ -65,7 +61,7 @@ parameters:
description: Whether to enable or not the Rbd backend for Cinder
type: boolean
CephClientKey:
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClusterFSID:
@@ -144,13 +140,45 @@ outputs:
dest: "/etc/ceph/"
merge: true
preserve_properties: true
+ /var/lib/kolla/config_files/nova_virtlogd.json:
+ command: /usr/sbin/virtlogd --config /etc/libvirt/virtlogd.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/nova
owner: nova:nova
recurse: true
docker_config:
step_3:
+ nova_virtlogd:
+ start_order: 0
+ image: {get_param: DockerNovaLibvirtImage}
+ net: host
+ pid: host
+ privileged: true
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/nova_virtlogd.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/nova_libvirt/:/var/lib/kolla/config_files/src:ro
+ - /lib/modules:/lib/modules:ro
+ - /dev:/dev
+ - /run:/run
+ - /sys/fs/cgroup:/sys/fs/cgroup
+ - /var/lib/nova:/var/lib/nova
+ - /var/run/libvirt:/var/run/libvirt
+ - /var/lib/libvirt:/var/lib/libvirt
+ - /etc/libvirt/qemu:/etc/libvirt/qemu:ro
+ - /var/log/libvirt/qemu:/var/log/libvirt/qemu
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
nova_libvirt:
+ start_order: 1
image: {get_param: DockerNovaLibvirtImage}
net: host
pid: host
@@ -169,7 +197,6 @@ outputs:
- /sys/fs/cgroup:/sys/fs/cgroup
- /var/lib/nova:/var/lib/nova
- /etc/libvirt:/etc/libvirt
- # Needed to use host's virtlogd
- /var/run/libvirt:/var/run/libvirt
- /var/lib/libvirt:/var/lib/libvirt
- /var/log/libvirt/qemu:/var/log/libvirt/qemu:ro
@@ -216,22 +243,19 @@ outputs:
file:
path: /etc/ceph
state: directory
- - name: set enable_package_install fact
- set_fact:
- enable_package_install: {get_param: EnablePackageInstall}
- # We use virtlogd on host, so when using Deployed Server
- # feature, we need to ensure libvirt is installed.
- - name: install libvirt-daemon
- package:
- name: libvirt-daemon
- state: present
- when: enable_package_install
- - name: start virtlogd socket
+ - name: check if libvirt is installed
+ command: /usr/bin/rpm -q libvirt-daemon
+ failed_when: false
+ register: libvirt_installed
+ - name: make sure libvirt services are disabled
service:
- name: virtlogd.socket
- state: started
- enabled: yes
- when: enable_package_install
+ name: "{{ item }}"
+ state: stopped
+ enabled: no
+ with_items:
+ - libvirtd.service
+ - virtlogd.socket
+ when: libvirt_installed.rc == 0
upgrade_tasks:
- name: Stop and disable libvirtd service
tags: step2
diff --git a/docker/services/nova-metadata.yaml b/docker/services/nova-metadata.yaml
index 0a8a74cd..53ae7910 100644
--- a/docker/services/nova-metadata.yaml
+++ b/docker/services/nova-metadata.yaml
@@ -4,6 +4,12 @@ description: >
OpenStack containerized Nova Metadata service
parameters:
+ DockerNovaMetadataImage:
+ description: image
+ type: string
+ DockerNovaConfigImage:
+ description: The container image to use for the nova config_volume
+ type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
@@ -33,6 +39,9 @@ parameters:
resources:
+ ContainersCommon:
+ type: ./containers-common.yaml
+
NovaMetadataBase:
type: ../../puppet/services/nova-metadata.yaml
properties:
@@ -56,9 +65,56 @@ outputs:
service_config_settings: {get_attr: [NovaMetadataBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
- config_volume: ''
- puppet_tags: ''
+ config_volume: nova
+ puppet_tags: nova_config
step_config: *step_config
- config_image: ''
- kolla_config: {}
- docker_config: {}
+ config_image: {get_param: DockerNovaConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/nova_metadata.json:
+ command: /usr/bin/nova-api-metadata
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/nova
+ owner: nova:nova
+ recurse: true
+ docker_config:
+ step_2:
+ nova_init_logs:
+ image: &nova_metadata_image {get_param: DockerNovaMetadataImage}
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/nova:/var/log/nova
+ command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
+ step_4:
+ nova_metadata:
+ start_order: 2
+ image: *nova_metadata_image
+ net: host
+ user: nova
+ privileged: true
+ restart: always
+ volumes:
+ list_concat:
+ - {get_attr: [ContainersCommon, volumes]}
+ -
+ - /var/lib/kolla/config_files/nova_metadata.json:/var/lib/kolla/config_files/config.json:ro
+ - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
+ - /var/log/containers/nova:/var/log/nova
+ environment:
+ - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ metadata_settings:
+ get_attr: [NovaMetadataBase, role_data, metadata_settings]
+ host_prep_tasks:
+ - name: create persistent logs directory
+ file:
+ path: /var/log/containers/nova
+ state: directory
+ upgrade_tasks:
+ - name: Stop and disable nova_api service
+ tags: step2
+ service: name=openstack-nova-api state=stopped enabled=no
diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml
index d784ace3..26d17560 100644
--- a/docker/services/nova-placement.yaml
+++ b/docker/services/nova-placement.yaml
@@ -36,6 +36,13 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -104,6 +111,16 @@ outputs:
- /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml
index c6a80efa..c2117c04 100644
--- a/docker/services/pacemaker/cinder-backup.yaml
+++ b/docker/services/pacemaker/cinder-backup.yaml
@@ -76,7 +76,13 @@ outputs:
config_settings:
map_merge:
- get_attr: [CinderBackupBase, role_data, config_settings]
- - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image {get_param: DockerCinderBackupImage}
+ - tripleo::profile::pacemaker::cinder::backup_bundle::cinder_backup_docker_image: &cinder_backup_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerCinderBackupImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
cinder::backup::manage_service: false
cinder::backup::enabled: false
step_config: ""
@@ -102,10 +108,33 @@ outputs:
owner: cinder:cinder
recurse: true
docker_config:
+ step_1:
+ cinder_backup_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'CINDERBACKUP_IMAGE' 'CINDERBACKUP_IMAGE_PCMKLATEST'"
+ params:
+ CINDERBACKUP_IMAGE: {get_param: DockerCinderBackupImage}
+ CINDERBACKUP_IMAGE_PCMKLATEST: *cinder_backup_image_pcmklatest
+ image: {get_param: DockerCinderBackupImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_3:
cinder_backup_init_logs:
start_order: 0
- image: *cinder_backup_image
+ image: {get_param: DockerCinderBackupImage}
privileged: false
user: root
volumes:
@@ -129,7 +158,7 @@ outputs:
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::backup_bundle'
- image: *cinder_backup_image
+ image: {get_param: DockerCinderBackupImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml
index 3c1b7a74..a4f69517 100644
--- a/docker/services/pacemaker/cinder-volume.yaml
+++ b/docker/services/pacemaker/cinder-volume.yaml
@@ -69,7 +69,13 @@ outputs:
config_settings:
map_merge:
- get_attr: [CinderBase, role_data, config_settings]
- - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image {get_param: DockerCinderVolumeImage}
+ - tripleo::profile::pacemaker::cinder::volume_bundle::cinder_volume_docker_image: &cinder_volume_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerCinderVolumeImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
cinder::volume::manage_service: false
cinder::volume::enabled: false
cinder::host: hostgroup
@@ -93,10 +99,33 @@ outputs:
owner: cinder:cinder
recurse: true
docker_config:
+ step_1:
+ cinder_volume_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'CINDERVOLUME_IMAGE' 'CINDERVOLUME_IMAGE_PCMKLATEST'"
+ params:
+ CINDERVOLUME_IMAGE: {get_param: DockerCinderVolumeImage}
+ CINDERVOLUME_IMAGE_PCMKLATEST: *cinder_volume_image_pcmklatest
+ image: {get_param: DockerCinderVolumeImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_3:
cinder_volume_init_logs:
start_order: 0
- image: *cinder_volume_image
+ image: {get_param: DockerCinderVolumeImage}
privileged: false
user: root
volumes:
@@ -120,7 +149,7 @@ outputs:
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::cinder::volume_bundle'
- image: *cinder_volume_image
+ image: {get_param: DockerCinderVolumeImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml
index 3fb38349..3de1696d 100644
--- a/docker/services/pacemaker/database/mysql.yaml
+++ b/docker/services/pacemaker/database/mysql.yaml
@@ -43,6 +43,14 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
resources:
@@ -59,6 +67,10 @@ resources:
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+
outputs:
role_data:
description: Containerized service MySQL using composable services.
@@ -67,7 +79,13 @@ outputs:
config_settings:
map_merge:
- {get_attr: [MysqlPuppetBase, role_data, config_settings]}
- - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image {get_param: DockerMysqlImage}
+ - tripleo::profile::pacemaker::database::mysql_bundle::mysql_docker_image: &mysql_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerMysqlImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
tripleo::profile::pacemaker::database::mysql_bundle::control_port: 3123
tripleo.mysql.firewall_rules:
'104 mysql galera-bundle':
@@ -79,6 +97,13 @@ outputs:
- 4567
- 4568
- 9200
+ -
+ if:
+ - internal_tls_enabled
+ -
+ tripleo::profile::pacemaker::database::mysql_bundle::ca_file:
+ get_param: InternalTLSCAFile
+ - {}
step_config: ""
# BEGIN DOCKER SETTINGS #
puppet_config:
@@ -103,12 +128,26 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-tls/*"
+ dest: "/"
+ merge: true
+ optional: true
+ preserve_properties: true
+ permissions:
+ - path: /etc/pki/tls/certs/mysql.crt
+ owner: mysql:mysql
+ perm: '0600'
+ optional: true
+ - path: /etc/pki/tls/private/mysql.key
+ owner: mysql:mysql
+ perm: '0600'
+ optional: true
docker_config:
step_1:
mysql_data_ownership:
start_order: 0
detach: false
- image: *mysql_image
+ image: {get_param: DockerMysqlImage}
net: host
user: root
# Kolla does only non-recursive chown
@@ -118,7 +157,7 @@ outputs:
mysql_bootstrap:
start_order: 1
detach: false
- image: *mysql_image
+ image: {get_param: DockerMysqlImage}
net: host
# Kolla bootstraps aren't idempotent, explicitly checking if bootstrap was done
command:
@@ -163,6 +202,28 @@ outputs:
passwords:
- {get_param: MysqlRootPassword}
- {get_param: [DefaultPasswords, mysql_root_password]}
+ mysql_image_tag:
+ start_order: 2
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'MYSQL_IMAGE' 'MYSQL_IMAGE_PCMKLATEST'"
+ params:
+ MYSQL_IMAGE: {get_param: DockerMysqlImage}
+ MYSQL_IMAGE_PCMKLATEST: *mysql_image_pcmklatest
+ image: {get_param: DockerMysqlImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_2:
mysql_init_bundle:
start_order: 1
@@ -181,7 +242,7 @@ outputs:
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation,galera_ready,mysql_database,mysql_grant,mysql_user'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::database::mysql_bundle'
- image: *mysql_image
+ image: {get_param: DockerMysqlImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
@@ -195,6 +256,8 @@ outputs:
file:
path: /var/lib/mysql
state: directory
+ metadata_settings:
+ get_attr: [MysqlPuppetBase, role_data, metadata_settings]
upgrade_tasks:
- name: get bootstrap nodeid
tags: common
@@ -220,3 +283,9 @@ outputs:
- name: Disable mysql service
tags: step2
service: name=mariadb enabled=no
+ - name: Remove clustercheck service from xinetd
+ tags: step2
+ file: state=absent path=/etc/xinetd.d/galera-monitor
+ - name: Restart xinetd service after clustercheck removal
+ tags: step2
+ service: name=xinetd state=restarted
diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml
index 75b6d650..0b8aa046 100644
--- a/docker/services/pacemaker/database/redis.yaml
+++ b/docker/services/pacemaker/database/redis.yaml
@@ -60,7 +60,13 @@ outputs:
- redis::service_manage: false
redis::notify_service: false
redis::managed_by_cluster_manager: true
- tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image {get_param: DockerRedisImage}
+ tripleo::profile::pacemaker::database::redis_bundle::redis_docker_image: &redis_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerRedisImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
tripleo::profile::pacemaker::database::redis_bundle::control_port: 3124
tripleo.redis.firewall_rules:
'108 redis-bundle':
@@ -104,6 +110,29 @@ outputs:
owner: redis:redis
recurse: true
docker_config:
+ step_1:
+ redis_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'REDIS_IMAGE' 'REDIS_IMAGE_PCMKLATEST'"
+ params:
+ REDIS_IMAGE: {get_param: DockerRedisImage}
+ REDIS_IMAGE_PCMKLATEST: *redis_image_pcmklatest
+ image: {get_param: DockerRedisImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_2:
redis_init_bundle:
start_order: 2
diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml
index 24155912..2e5c7424 100644
--- a/docker/services/pacemaker/haproxy.yaml
+++ b/docker/services/pacemaker/haproxy.yaml
@@ -41,6 +41,22 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
+ InternalTLSCRLPEMFile:
+ default: '/etc/pki/CA/crl/overcloud-crl.pem'
+ type: string
+ description: Specifies the default CRL PEM file to use for revocation if
+ TLS is used for services in the internal network.
+ HAProxyInternalTLSCertsDirectory:
+ default: '/etc/pki/tls/certs/haproxy'
+ type: string
+ HAProxyInternalTLSKeysDirectory:
+ default: '/etc/pki/tls/private/haproxy'
+ type: string
resources:
@@ -65,6 +81,24 @@ outputs:
- tripleo::haproxy::haproxy_daemon: false
haproxy_docker: true
tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image {get_param: DockerHAProxyImage}
+ # the list of directories that contain the certs to bind mount in the countainer
+ # bind-mounting the directories rather than all the cert, key and pem files ensures
+ # that docker won't create directories on the host when then pem files do not exist
+ tripleo::profile::pacemaker::haproxy_bundle::tls_mapping: &tls_mapping
+ - get_param: InternalTLSCAFile
+ - get_param: HAProxyInternalTLSKeysDirectory
+ - get_param: HAProxyInternalTLSCertsDirectory
+ tripleo::profile::pacemaker::haproxy_bundle::internal_certs_directory: {get_param: HAProxyInternalTLSCertsDirectory}
+ tripleo::profile::pacemaker::haproxy_bundle::internal_keys_directory: {get_param: HAProxyInternalTLSKeysDirectory}
+ # disable the use CRL file until we can restart the container when the file expires
+ tripleo::haproxy::crl_file: null
+ tripleo::profile::pacemaker::haproxy_bundle::haproxy_docker_image: &haproxy_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerHAProxyImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
step_config: ""
service_config_settings: {get_attr: [HAProxyBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
@@ -80,11 +114,9 @@ outputs:
- 'include ::tripleo::profile::pacemaker::haproxy_bundle'
config_image: {get_param: DockerHAProxyConfigImage}
volumes: &deployed_cert_mount
- - list_join:
- - ':'
- - - {get_param: DeployedSSLCertificatePath}
- - {get_param: DeployedSSLCertificatePath}
- - 'ro'
+ yaql:
+ expression: $.data.select($+":"+$+":ro")
+ data: *tls_mapping
kolla_config:
/var/lib/kolla/config_files/haproxy.json:
command: haproxy -f /etc/haproxy/haproxy.cfg
@@ -94,7 +126,53 @@ outputs:
merge: true
preserve_properties: true
optional: true
+ - source: "/var/lib/kolla/config_files/src-tls/*"
+ dest: "/"
+ merge: true
+ optional: true
+ preserve_properties: true
+ permissions:
+ - path:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSCertsDirectory}
+ - '/*'
+ owner: haproxy:haproxy
+ perm: '0600'
+ optional: true
+ - path:
+ list_join:
+ - ''
+ - - {get_param: HAProxyInternalTLSKeysDirectory}
+ - '/*'
+ owner: haproxy:haproxy
+ perm: '0600'
+ optional: true
docker_config:
+ step_1:
+ haproxy_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'HAPROXY_IMAGE' 'HAPROXY_IMAGE_PCMKLATEST'"
+ params:
+ HAPROXY_IMAGE: {get_param: DockerHAProxyImage}
+ HAPROXY_IMAGE_PCMKLATEST: *haproxy_image_pcmklatest
+ image: {get_param: DockerHAProxyImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
+ image: {get_param: DockerHAProxyImage}
step_2:
haproxy_init_bundle:
start_order: 3
@@ -118,7 +196,7 @@ outputs:
- ';'
- - 'include ::tripleo::profile::base::pacemaker'
- 'include ::tripleo::profile::pacemaker::haproxy_bundle'
- image: *haproxy_image
+ image: {get_param: DockerHAProxyImage}
volumes:
list_concat:
- *deployed_cert_mount
diff --git a/docker/services/pacemaker/manila-share.yaml b/docker/services/pacemaker/manila-share.yaml
new file mode 100644
index 00000000..c88737aa
--- /dev/null
+++ b/docker/services/pacemaker/manila-share.yaml
@@ -0,0 +1,171 @@
+heat_template_version: pike
+
+description: >
+ OpenStack containerized Manila Share service
+
+parameters:
+ DockerManilaShareImage:
+ description: image
+ type: string
+ DockerManilaConfigImage:
+ description: image
+ type: string
+ EndpointMap:
+ default: {}
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+ type: json
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+
+resources:
+
+ MySQLClient:
+ type: ../../../puppet/services/database/mysql-client.yaml
+
+ ManilaBase:
+ type: ../../../puppet/services/pacemaker/manila-share.yaml
+ properties:
+ EndpointMap: {get_param: EndpointMap}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ RoleName: {get_param: RoleName}
+ RoleParameters: {get_param: RoleParameters}
+
+outputs:
+ role_data:
+ description: Role data for the Manila Share role.
+ value:
+ service_name: {get_attr: [ManilaBase, role_data, service_name]}
+ config_settings:
+ map_merge:
+ - get_attr: [ManilaBase, role_data, config_settings]
+ - tripleo::profile::pacemaker::manila::share_bundle::manila_share_docker_image: &manila_share_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerManilaShareImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
+ manila::share::manage_service: false
+ manila::share::enabled: false
+ manila::host: hostgroup
+ step_config: ""
+ service_config_settings: {get_attr: [ManilaBase, role_data, service_config_settings]}
+ # BEGIN DOCKER SETTINGS
+ puppet_config:
+ config_volume: manila
+ puppet_tags: manila_config,file,concat,file_line
+ step_config:
+ list_join:
+ - "\n"
+ - - {get_attr: [ManilaBase, role_data, step_config]}
+ - - {get_attr: [MySQLClient, role_data, step_config]}
+ config_image: {get_param: DockerManilaConfigImage}
+ kolla_config:
+ /var/lib/kolla/config_files/manila_share.json:
+ command: /usr/bin/manila-share --config-file /usr/share/manila/manila-dist.conf --config-file /etc/manila/manila.conf
+ config_files:
+ - source: "/var/lib/kolla/config_files/src/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ # NOTE(gfidente): ceph ansible generated
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph"
+ merge: true
+ preserve_properties: true
+ permissions:
+ - path: /var/log/manila
+ owner: manila:manila
+ recurse: true
+ docker_config:
+ step_1:
+ manila_share_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'MANILASHARE_IMAGE' 'MANILASHARE_IMAGE_PCMKLATEST'"
+ params:
+ MANILASHARE_IMAGE: {get_param: DockerManilaShareImage}
+ MANILASHARE_IMAGE_PCMKLATEST: *manila_share_image_pcmklatest
+ image: {get_param: DockerManilaShareImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
+ step_3:
+ manila_share_init_logs:
+ start_order: 0
+ image: {get_param: DockerManilaShareImage}
+ privileged: false
+ user: root
+ volumes:
+ - /var/log/containers/manila:/var/log/manila
+ command: ['/bin/bash', '-c', 'chown -R manila:manila /var/log/manila']
+ step_5:
+ manila_share_init_bundle:
+ start_order: 0
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ list_join:
+ - '; '
+ - - "cp -a /tmp/puppet-etc/* /etc/puppet; echo '{\"step\": 5}' > /etc/puppet/hieradata/docker.json"
+ - "FACTER_uuid=docker puppet apply --tags file_line,concat,augeas,TAGS --debug -v -e 'CONFIG'"
+ params:
+ TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::constraint::location'
+ CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::manila::share_bundle'
+ image: {get_param: DockerManilaShareImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /etc/puppet:/tmp/puppet-etc:ro
+ - /usr/share/openstack-puppet/modules:/usr/share/openstack-puppet/modules:ro
+ - /etc/corosync/corosync.conf:/etc/corosync/corosync.conf:ro
+ - /dev/shm:/dev/shm:rw
+ host_prep_tasks:
+ - name: create persistent directories
+ file:
+ path: "{{ item }}"
+ state: directory
+ with_items:
+ - /var/log/containers/manila
+ - /var/lib/manila
+ upgrade_tasks:
+ - name: Stop and disable manila_share service
+ tags: step2
+ service: name=openstack-manila-share state=stopped enabled=no
diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml
index de53ceee..ba1abaf9 100644
--- a/docker/services/pacemaker/rabbitmq.yaml
+++ b/docker/services/pacemaker/rabbitmq.yaml
@@ -62,7 +62,13 @@ outputs:
map_merge:
- {get_attr: [RabbitmqBase, role_data, config_settings]}
- rabbitmq::service_manage: false
- tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image {get_param: DockerRabbitmqImage}
+ tripleo::profile::pacemaker::rabbitmq_bundle::rabbitmq_docker_image: &rabbitmq_image_pcmklatest
+ list_join:
+ - ':'
+ - - yaql:
+ data: {get_param: DockerRabbitmqImage}
+ expression: $.data.rightSplit(separator => ":", maxSplits => 1)[0]
+ - 'pcmklatest'
tripleo::profile::pacemaker::rabbitmq_bundle::control_port: 3122
tripleo.rabbitmq.firewall_rules:
'109 rabbitmq-bundle':
@@ -92,6 +98,11 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-tls/*"
+ dest: "/"
+ merge: true
+ optional: true
+ preserve_properties: true
permissions:
- path: /var/lib/rabbitmq
owner: rabbitmq:rabbitmq
@@ -99,13 +110,21 @@ outputs:
- path: /var/log/rabbitmq
owner: rabbitmq:rabbitmq
recurse: true
+ - path: /etc/pki/tls/certs/rabbitmq.crt
+ owner: rabbitmq:rabbitmq
+ perm: '0600'
+ optional: true
+ - path: /etc/pki/tls/private/rabbitmq.key
+ owner: rabbitmq:rabbitmq
+ perm: '0600'
+ optional: true
# When using pacemaker we don't launch the container, instead that is done by pacemaker
# itself.
docker_config:
step_1:
rabbitmq_bootstrap:
start_order: 0
- image: *rabbitmq_image
+ image: {get_param: DockerRabbitmqImage}
net: host
privileged: false
volumes:
@@ -128,6 +147,28 @@ outputs:
passwords:
- {get_param: RabbitCookie}
- {get_param: [DefaultPasswords, rabbit_cookie]}
+ rabbitmq_image_tag:
+ start_order: 1
+ detach: false
+ net: host
+ user: root
+ command:
+ - '/bin/bash'
+ - '-c'
+ - str_replace:
+ template:
+ "/usr/bin/docker tag 'RABBITMQ_IMAGE' 'RABBITMQ_IMAGE_PCMKLATEST'"
+ params:
+ RABBITMQ_IMAGE: {get_param: DockerRabbitmqImage}
+ RABBITMQ_IMAGE_PCMKLATEST: *rabbitmq_image_pcmklatest
+ image: {get_param: DockerRabbitmqImage}
+ volumes:
+ - /etc/hosts:/etc/hosts:ro
+ - /etc/localtime:/etc/localtime:ro
+ - /dev/shm:/dev/shm:rw
+ - /etc/sysconfig/docker:/etc/sysconfig/docker:ro
+ - /usr/bin:/usr/bin:ro
+ - /var/run/docker.sock:/var/run/docker.sock:rw
step_2:
rabbitmq_init_bundle:
start_order: 0
@@ -146,7 +187,7 @@ outputs:
params:
TAGS: 'pacemaker::resource::bundle,pacemaker::property,pacemaker::resource::ocf,pacemaker::constraint::order,pacemaker::constraint::colocation'
CONFIG: 'include ::tripleo::profile::base::pacemaker;include ::tripleo::profile::pacemaker::rabbitmq_bundle'
- image: *rabbitmq_image
+ image: {get_param: DockerRabbitmqImage}
volumes:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
@@ -164,6 +205,8 @@ outputs:
echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf
for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done
+ metadata_settings:
+ get_attr: [RabbitmqBase, role_data, metadata_settings]
upgrade_tasks:
- name: get bootstrap nodeid
tags: common
diff --git a/docker/services/panko-api.yaml b/docker/services/panko-api.yaml
index 01c17388..626d9176 100644
--- a/docker/services/panko-api.yaml
+++ b/docker/services/panko-api.yaml
@@ -116,6 +116,7 @@ outputs:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
+ - /var/lib/config-data/panko/etc/my.cnf.d/tripleo.cnf:/etc/my.cnf.d/tripleo.cnf:ro
- /var/lib/config-data/panko/etc/panko:/etc/panko:ro
- /var/log/containers/panko:/var/log/panko
command: "/usr/bin/bootstrap_host_exec panko_api su panko -s /bin/bash -c '/usr/bin/panko-dbsync'"
diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml
index 418c60d2..add78879 100644
--- a/docker/services/rabbitmq.yaml
+++ b/docker/services/rabbitmq.yaml
@@ -40,6 +40,18 @@ parameters:
type: string
default: ''
hidden: true
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -66,6 +78,10 @@ outputs:
map_merge:
- {get_attr: [RabbitmqBase, role_data, config_settings]}
- rabbitmq::admin_enable: false
+ - if:
+ - internal_tls_enabled
+ - tripleo::certmonger::rabbitmq::postsave_cmd: "true" # TODO: restart the rabbitmq container here
+ - {}
step_config: &step_config
list_join:
- "\n"
@@ -85,10 +101,21 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-tls/*"
+ dest: "/"
+ merge: true
+ preserve_properties: true
+ optional: true
permissions:
- path: /var/lib/rabbitmq
owner: rabbitmq:rabbitmq
recurse: true
+ - path: /etc/pki/tls/certs/rabbitmq.crt
+ owner: rabbitmq:rabbitmq
+ optional: true
+ - path: /etc/pki/tls/private/rabbitmq.key
+ owner: rabbitmq:rabbitmq
+ optional: true
docker_config:
# Kolla_bootstrap runs before permissions set by kolla_config
step_1:
@@ -115,6 +142,17 @@ outputs:
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq
+ - if:
+ - internal_tls_enabled
+ -
+ - list_join:
+ - ':'
+ - - {get_param: InternalTLSCAFile}
+ - {get_param: InternalTLSCAFile}
+ - 'ro'
+ - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
+ - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
+ - null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
- KOLLA_BOOTSTRAP=True
@@ -143,6 +181,17 @@ outputs:
- /var/lib/config-data/puppet-generated/rabbitmq/:/var/lib/kolla/config_files/src:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq
- /var/log/containers/rabbitmq:/var/log/rabbitmq
+ - if:
+ - internal_tls_enabled
+ -
+ - list_join:
+ - ':'
+ - - {get_param: InternalTLSCAFile}
+ - {get_param: InternalTLSCAFile}
+ - 'ro'
+ - /etc/pki/tls/certs/rabbitmq.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/rabbitmq.crt:ro
+ - /etc/pki/tls/private/rabbitmq.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/rabbitmq.key:ro
+ - null
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
docker_puppet_tasks:
@@ -155,6 +204,8 @@ outputs:
volumes:
- /var/lib/config-data/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/:ro
- /var/lib/rabbitmq:/var/lib/rabbitmq:ro
+ metadata_settings:
+ get_attr: [RabbitmqBase, role_data, metadata_settings]
host_prep_tasks:
- name: create persistent directories
file:
diff --git a/environments/ceph-ansible/ceph-mds.yaml b/environments/ceph-ansible/ceph-mds.yaml
new file mode 100644
index 00000000..0834269c
--- /dev/null
+++ b/environments/ceph-ansible/ceph-mds.yaml
@@ -0,0 +1,2 @@
+resource_registry:
+ OS::TripleO::Services::CephMds: ../../docker/services/ceph-ansible/ceph-mds.yaml
diff --git a/environments/cinder-dellemc-unity-config.yaml b/environments/cinder-dellemc-unity-config.yaml
new file mode 100644
index 00000000..c67c91cb
--- /dev/null
+++ b/environments/cinder-dellemc-unity-config.yaml
@@ -0,0 +1,14 @@
+# A Heat environment file which can be used to enable a
+# Cinder Dell EMC Unity backend, configured via puppet
+resource_registry:
+ OS::TripleO::Services::CinderBackendDellEMCUnity: ../puppet/services/cinder-backend-dellemc-unity.yaml
+
+parameter_defaults:
+ CinderEnableDellEMCUnityBackend: true
+ CinderDellEMCUnityBackendName: 'tripleo_dellemc_unity'
+ CinderDellEMCUnitySanIp: ''
+ CinderDellEMCUnitySanLogin: 'Admin'
+ CinderDellEMCUnitySanPassword: ''
+ CinderDellEMCUnityStorageProtocol: 'iSCSI'
+ CinderDellEMCUnityIoPorts: ''
+ CinderDellEMCUnityStoragePoolNames: ''
diff --git a/environments/composable-roles/monolithic-ha.yaml b/environments/composable-roles/monolithic-ha.yaml
new file mode 100644
index 00000000..a1dcd7bf
--- /dev/null
+++ b/environments/composable-roles/monolithic-ha.yaml
@@ -0,0 +1,59 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Monolithic Controller HA deployment
+# description: |
+# A Heat environment that can be used to deploy controller and compute
+# services in an HA configuration with SSL everywhere and network
+# isolation.
+# This should be used with a roles_data.yaml containing the Controller,
+# Compute and CephStorage roles.
+# openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage
+parameter_defaults:
+ # Number of CephStorage nodes to deploy
+ # Type: number
+ CephStorageCount: 1
+
+ # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ CephStorageHostnameFormat: '%stackname%-cephstorage-%index%'
+
+ # Number of Compute nodes to deploy
+ # Type: number
+ ComputeCount: 3
+
+ # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ComputeHostnameFormat: '%stackname%-novacompute-%index%'
+
+ # Number of Controller nodes to deploy
+ # Type: number
+ ControllerCount: 3
+
+ # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ControllerHostnameFormat: '%stackname%-controller-%index%'
+
+ # DNS servers to use for the Overcloud
+ # Type: comma_delimited_list
+ DnsServers: ['8.8.8.8', '8,8.4.4']
+
+ # NTP servers list. Defaulted to pool.ntp.org in order to have a sane default for Pacemaker deployments when not configuring this parameter by default.
+ # Type: comma_delimited_list
+ NtpServer: ['pool.ntp.org']
+
+ # Name of the flavor for Ceph nodes
+ # Type: string
+ OvercloudCephStorageFlavor: ceph
+
+ # Name of the flavor for Compute nodes
+ # Type: string
+ OvercloudComputeFlavor: compute
+
+ # Name of the flavor for Controller nodes
+ # Type: string
+ OvercloudControllerFlavor: control
+
diff --git a/environments/composable-roles/monolithic-nonha.yaml b/environments/composable-roles/monolithic-nonha.yaml
new file mode 100644
index 00000000..f49ddf2a
--- /dev/null
+++ b/environments/composable-roles/monolithic-nonha.yaml
@@ -0,0 +1,59 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Monolithic Controller Non-HA deployment
+# description: |
+# A Heat environment that can be used to deploy controller and compute
+# services in an Non-HA configuration with SSL undercloud only and a
+# flat network.
+# This should be used with a roles_data.yaml containing the Controller,
+# Compute and CephStorage roles.
+# openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage
+parameter_defaults:
+ # Number of CephStorage nodes to deploy
+ # Type: number
+ CephStorageCount: 1
+
+ # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ CephStorageHostnameFormat: '%stackname%-cephstorage-%index%'
+
+ # Number of Compute nodes to deploy
+ # Type: number
+ ComputeCount: 1
+
+ # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ComputeHostnameFormat: '%stackname%-novacompute-%index%'
+
+ # Number of Controller nodes to deploy
+ # Type: number
+ ControllerCount: 1
+
+ # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ControllerHostnameFormat: '%stackname%-controller-%index%'
+
+ # DNS servers to use for the Overcloud
+ # Type: comma_delimited_list
+ DnsServers: ['8.8.8.8', '8,8.4.4']
+
+ # NTP servers list. Defaulted to pool.ntp.org in order to have a sane default for Pacemaker deployments when not configuring this parameter by default.
+ # Type: comma_delimited_list
+ NtpServer: ['pool.ntp.org']
+
+ # Name of the flavor for Ceph nodes
+ # Type: string
+ OvercloudCephStorageFlavor: ceph
+
+ # Name of the flavor for Compute nodes
+ # Type: string
+ OvercloudComputeFlavor: compute
+
+ # Name of the flavor for Controller nodes
+ # Type: string
+ OvercloudControllerFlavor: control
+
diff --git a/environments/composable-roles/standalone.yaml b/environments/composable-roles/standalone.yaml
new file mode 100644
index 00000000..3305c9ed
--- /dev/null
+++ b/environments/composable-roles/standalone.yaml
@@ -0,0 +1,84 @@
+# *******************************************************************
+# This file was created automatically by the sample environment
+# generator. Developers should use `tox -e genconfig` to update it.
+# Users are recommended to make changes to a copy of the file instead
+# of the original, if any customizations are needed.
+# *******************************************************************
+# title: Controller HA deployment with standalone Database, Messaging and Networker nodes.
+# description: |
+# A Heat environment that can be used to deploy controller, database,
+# messaging, networker and compute services in an HA configuration with SSL
+# everywhere and network isolation.
+# This should be used with a roles_data.yaml containing the
+# ControllerOpenstack, Database, Messaging, Networker, Compute and
+# CephStorage roles.
+# openstack overcloud roles generate -o ~/roles_data.yaml ControllerOpenstack Database Messaging Networker Compute CephStorage
+parameter_defaults:
+ # Number of CephStorage nodes to deploy
+ # Type: number
+ CephStorageCount: 1
+
+ # Format for CephStorage node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ CephStorageHostnameFormat: '%stackname%-cephstorage-%index%'
+
+ # Number of Compute nodes to deploy
+ # Type: number
+ ComputeCount: 1
+
+ # Format for Compute node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ComputeHostnameFormat: '%stackname%-novacompute-%index%'
+
+ # Number of Controller nodes to deploy
+ # Type: number
+ ControllerCount: 3
+
+ # Format for Controller node hostnames Note %index% is translated into the index of the node, e.g 0/1/2 etc and %stackname% is replaced with the stack name e.g overcloud
+ # Type: string
+ ControllerHostnameFormat: '%stackname%-controller-%index%'
+
+ # Number of Database nodes
+ # Type: number
+ DatabaseCount: 3
+
+ # DNS servers to use for the Overcloud
+ # Type: comma_delimited_list
+ DnsServers: ['8.8.8.8', '8,8.4.4']
+
+ # Number of Messaging nodes
+ # Type: number
+ MessagingCount: 3
+
+ # Number of Networker nodes
+ # Type: number
+ NetworkerCount: 2
+
+ # NTP servers list. Defaulted to pool.ntp.org in order to have a sane default for Pacemaker deployments when not configuring this parameter by default.
+ # Type: comma_delimited_list
+ NtpServer: ['pool.ntp.org']
+
+ # Name of the flavor for Ceph nodes
+ # Type: string
+ OvercloudCephStorageFlavor: ceph
+
+ # Name of the flavor for Compute nodes
+ # Type: string
+ OvercloudComputeFlavor: compute
+
+ # Name of the flavor for Controller nodes
+ # Type: string
+ OvercloudControllerFlavor: control
+
+ # Name of the flavor for Database nodes
+ # Type: string
+ OvercloudDatabaseFlavor: db
+
+ # Name of the flavor for Messaging nodes
+ # Type: string
+ OvercloudMessagingFlavor: messaging
+
+ # Name of the flavor for Networker nodes
+ # Type: string
+ OvercloudNetworkerFlavor: networker
+
diff --git a/environments/contrail/roles_data_contrail.yaml b/environments/contrail/roles_data_contrail.yaml
index eae809a5..dd1c5455 100644
--- a/environments/contrail/roles_data_contrail.yaml
+++ b/environments/contrail/roles_data_contrail.yaml
@@ -66,6 +66,7 @@
- OS::TripleO::Services::NovaVncProxy
- OS::TripleO::Services::Ec2Api
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::SwiftProxy
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::SwiftRingBuilder
@@ -122,6 +123,7 @@
- OS::TripleO::Services::CephExternal
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::NovaCompute
@@ -149,6 +151,7 @@
- OS::TripleO::Services::BlockStorageCinderVolume
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
@@ -165,6 +168,7 @@
- OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::SwiftStorage
- OS::TripleO::Services::SwiftRingBuilder
- OS::TripleO::Services::Snmp
@@ -184,6 +188,7 @@
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Timezone
@@ -203,6 +208,7 @@
- OS::TripleO::Services::ContrailWebUI
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::TripleoPackages
@@ -217,6 +223,7 @@
- OS::TripleO::Services::ContrailAnalytics
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::TripleoPackages
@@ -230,6 +237,7 @@
- OS::TripleO::Services::ContrailAnalyticsDatabase
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::TripleoPackages
@@ -243,6 +251,7 @@
- OS::TripleO::Services::ContrailTsn
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::TripleoPackages
@@ -256,6 +265,7 @@
- OS::TripleO::Services::ContrailTsn
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::TripleoPackages
diff --git a/environments/docker-centos-tripleoupstream.yaml b/environments/docker-centos-tripleoupstream.yaml
deleted file mode 100644
index 47f8e528..00000000
--- a/environments/docker-centos-tripleoupstream.yaml
+++ /dev/null
@@ -1,125 +0,0 @@
-# Generated with the following on 2017-07-12T11:40:50.219622
-#
-# overcloud container image prepare --env-file environments/docker-centos-tripleoupstream.yaml
-#
-
-parameter_defaults:
- DockerAodhApiImage: tripleoupstream/centos-binary-aodh-api:latest
- DockerAodhConfigImage: tripleoupstream/centos-binary-aodh-api:latest
- DockerAodhEvaluatorImage: tripleoupstream/centos-binary-aodh-evaluator:latest
- DockerAodhListenerImage: tripleoupstream/centos-binary-aodh-listener:latest
- DockerAodhNotifierImage: tripleoupstream/centos-binary-aodh-notifier:latest
- DockerCeilometerCentralImage: tripleoupstream/centos-binary-ceilometer-central:latest
- DockerCeilometerComputeImage: tripleoupstream/centos-binary-ceilometer-compute:latest
- DockerCeilometerConfigImage: tripleoupstream/centos-binary-ceilometer-central:latest
- DockerCeilometerIpmiImage: tripleoupstream/centos-binary-ceilometer-ipmi:latest
- DockerCeilometerNotificationImage: tripleoupstream/centos-binary-ceilometer-notification:latest
- DockerCinderApiImage: tripleoupstream/centos-binary-cinder-api:latest
- DockerCinderBackupImage: tripleoupstream/centos-binary-cinder-backup:latest
- DockerCinderConfigImage: tripleoupstream/centos-binary-cinder-api:latest
- DockerCinderSchedulerImage: tripleoupstream/centos-binary-cinder-scheduler:latest
- DockerCinderVolumeImage: tripleoupstream/centos-binary-cinder-volume:latest
- DockerClustercheckConfigImage: tripleoupstream/centos-binary-mariadb:latest
- DockerClustercheckImage: tripleoupstream/centos-binary-mariadb:latest
- DockerCollectdConfigImage: tripleoupstream/centos-binary-collectd:latest
- DockerCollectdImage: tripleoupstream/centos-binary-collectd:latest
- DockerCongressApiImage: tripleoupstream/centos-binary-congress-api:latest
- DockerCongressConfigImage: tripleoupstream/centos-binary-congress-api:latest
- DockerEc2ApiConfigImage: tripleoupstream/centos-binary-ec2-api:latest
- DockerEc2ApiImage: tripleoupstream/centos-binary-ec2-api:latest
- DockerEtcdConfigImage: tripleoupstream/centos-binary-etcd:latest
- DockerEtcdImage: tripleoupstream/centos-binary-etcd:latest
- DockerGlanceApiConfigImage: tripleoupstream/centos-binary-glance-api:latest
- DockerGlanceApiImage: tripleoupstream/centos-binary-glance-api:latest
- DockerGnocchiApiImage: tripleoupstream/centos-binary-gnocchi-api:latest
- DockerGnocchiConfigImage: tripleoupstream/centos-binary-gnocchi-api:latest
- DockerGnocchiMetricdImage: tripleoupstream/centos-binary-gnocchi-metricd:latest
- DockerGnocchiStatsdImage: tripleoupstream/centos-binary-gnocchi-statsd:latest
- DockerHAProxyConfigImage: tripleoupstream/centos-binary-haproxy:latest
- DockerHAProxyImage: tripleoupstream/centos-binary-haproxy:latest
- DockerHeatApiCfnConfigImage: tripleoupstream/centos-binary-heat-api-cfn:latest
- DockerHeatApiCfnImage: tripleoupstream/centos-binary-heat-api-cfn:latest
- DockerHeatApiConfigImage: tripleoupstream/centos-binary-heat-api:latest
- DockerHeatApiImage: tripleoupstream/centos-binary-heat-api:latest
- DockerHeatConfigImage: tripleoupstream/centos-binary-heat-api:latest
- DockerHeatEngineImage: tripleoupstream/centos-binary-heat-engine:latest
- DockerHorizonConfigImage: tripleoupstream/centos-binary-horizon:latest
- DockerHorizonImage: tripleoupstream/centos-binary-horizon:latest
- DockerIronicApiImage: tripleoupstream/centos-binary-ironic-api:latest
- DockerIronicApiConfigImage: tripleoupstream/centos-binary-ironic-api:latest
- DockerIronicConductorImage: tripleoupstream/centos-binary-ironic-conductor:latest
- DockerIronicConfigImage: tripleoupstream/centos-binary-ironic-pxe:latest
- DockerIronicInspectorConfigImage: tripleoupstream/centos-binary-ironic-inspector:latest
- DockerIronicInspectorImage: tripleoupstream/centos-binary-ironic-inspector:latest
- DockerIronicPxeImage: tripleoupstream/centos-binary-ironic-pxe:latest
- DockerIscsidConfigImage: tripleoupstream/centos-binary-iscsid:latest
- DockerIscsidImage: tripleoupstream/centos-binary-iscsid:latest
- DockerKeystoneConfigImage: tripleoupstream/centos-binary-keystone:latest
- DockerKeystoneImage: tripleoupstream/centos-binary-keystone:latest
- DockerManilaApiImage: tripleoupstream/centos-binary-manila-api:latest
- DockerManilaConfigImage: tripleoupstream/centos-binary-manila-api:latest
- DockerManilaSchedulerImage: tripleoupstream/centos-binary-manila-scheduler:latest
- DockerManilaShareImage: tripleoupstream/centos-binary-manila-share:latest
- DockerMemcachedConfigImage: tripleoupstream/centos-binary-memcached:latest
- DockerMemcachedImage: tripleoupstream/centos-binary-memcached:latest
- DockerMistralApiImage: tripleoupstream/centos-binary-mistral-api:latest
- DockerMistralConfigImage: tripleoupstream/centos-binary-mistral-api:latest
- DockerMistralEngineImage: tripleoupstream/centos-binary-mistral-engine:latest
- DockerMistralExecutorImage: tripleoupstream/centos-binary-mistral-executor:latest
- DockerMongodbConfigImage: tripleoupstream/centos-binary-mongodb:latest
- DockerMongodbImage: tripleoupstream/centos-binary-mongodb:latest
- DockerMultipathdConfigImage: tripleoupstream/centos-binary-multipathd:latest
- DockerMultipathdImage: tripleoupstream/centos-binary-multipathd:latest
- DockerMysqlClientConfigImage: tripleoupstream/centos-binary-mariadb:latest
- DockerMysqlConfigImage: tripleoupstream/centos-binary-mariadb:latest
- DockerMysqlImage: tripleoupstream/centos-binary-mariadb:latest
- DockerNeutronApiImage: tripleoupstream/centos-binary-neutron-server:latest
- DockerNeutronConfigImage: tripleoupstream/centos-binary-neutron-server:latest
- DockerNeutronDHCPImage: tripleoupstream/centos-binary-neutron-dhcp-agent:latest
- DockerNeutronL3AgentImage: tripleoupstream/centos-binary-neutron-l3-agent:latest
- DockerNeutronMetadataImage: tripleoupstream/centos-binary-neutron-metadata-agent:latest
- DockerNovaApiImage: tripleoupstream/centos-binary-nova-api:latest
- DockerNovaComputeImage: tripleoupstream/centos-binary-nova-compute:latest
- DockerNovaComputeIronicImage: tripleoupstream/centos-binary-nova-compute-ironic:latest
- DockerNovaConductorImage: tripleoupstream/centos-binary-nova-conductor:latest
- DockerNovaConfigImage: tripleoupstream/centos-binary-nova-base:latest
- DockerNovaConsoleauthImage: tripleoupstream/centos-binary-nova-consoleauth:latest
- DockerNovaLibvirtConfigImage: tripleoupstream/centos-binary-nova-compute:latest
- DockerNovaLibvirtImage: tripleoupstream/centos-binary-nova-libvirt:latest
- DockerNovaPlacementConfigImage: tripleoupstream/centos-binary-nova-placement-api:latest
- DockerNovaPlacementImage: tripleoupstream/centos-binary-nova-placement-api:latest
- DockerNovaSchedulerImage: tripleoupstream/centos-binary-nova-scheduler:latest
- DockerNovaVncProxyImage: tripleoupstream/centos-binary-nova-novncproxy:latest
- DockerOVNControllerConfigImage: tripleoupstream/centos-binary-ovn-controller:latest
- DockerOVNControllerImage: tripleoupstream/centos-binary-ovn-controller:latest
- DockerOVNNbDbImage: tripleoupstream/centos-binary-ovn-nb-db-server:latest
- DockerOVNNorthdImage: tripleoupstream/centos-binary-ovn-northd:latest
- DockerOVNSbDbImage: tripleoupstream/centos-binary-ovn-sb-db-server:latest
- DockerOctaviaApiImage: tripleoupstream/centos-binary-octavia-api:latest
- DockerOctaviaConfigImage: tripleoupstream/centos-binary-octavia-api:latest
- DockerOctaviaHealthManagerImage: tripleoupstream/centos-binary-octavia-health-manager:latest
- DockerOctaviaHousekeepingImage: tripleoupstream/centos-binary-octavia-housekeeping:latest
- DockerOctaviaWorkerImage: tripleoupstream/centos-binary-octavia-worker:latest
- DockerOpendaylightApiImage: tripleoupstream/centos-binary-opendaylight:latest
- DockerOpendaylightConfigImage: tripleoupstream/centos-binary-opendaylight:latest
- DockerOpenvswitchImage: tripleoupstream/centos-binary-neutron-openvswitch-agent:latest
- DockerPankoApiImage: tripleoupstream/centos-binary-panko-api:latest
- DockerPankoConfigImage: tripleoupstream/centos-binary-panko-api:latest
- DockerRabbitmqConfigImage: tripleoupstream/centos-binary-rabbitmq:latest
- DockerRabbitmqImage: tripleoupstream/centos-binary-rabbitmq:latest
- DockerRedisConfigImage: tripleoupstream/centos-binary-redis:latest
- DockerRedisImage: tripleoupstream/centos-binary-redis:latest
- DockerSaharaApiImage: tripleoupstream/centos-binary-sahara-api:latest
- DockerSaharaConfigImage: tripleoupstream/centos-binary-sahara-api:latest
- DockerSaharaEngineImage: tripleoupstream/centos-binary-sahara-engine:latest
- DockerSensuClientImage: tripleoupstream/centos-binary-sensu-client:latest
- DockerSensuConfigImage: tripleoupstream/centos-binary-sensu-client:latest
- DockerSwiftAccountImage: tripleoupstream/centos-binary-swift-account:latest
- DockerSwiftConfigImage: tripleoupstream/centos-binary-swift-proxy-server:latest
- DockerSwiftContainerImage: tripleoupstream/centos-binary-swift-container:latest
- DockerSwiftObjectImage: tripleoupstream/centos-binary-swift-object:latest
- DockerSwiftProxyImage: tripleoupstream/centos-binary-swift-proxy-server:latest
- DockerTackerConfigImage: tripleoupstream/centos-binary-tacker:latest
- DockerTackerImage: tripleoupstream/centos-binary-tacker:latest
- DockerZaqarConfigImage: tripleoupstream/centos-binary-zaqar:latest
- DockerZaqarImage: tripleoupstream/centos-binary-zaqar:latest
diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml
index 49d02e6f..19a43623 100644
--- a/environments/docker-services-tls-everywhere.yaml
+++ b/environments/docker-services-tls-everywhere.yaml
@@ -1,11 +1,6 @@
# This environment contains the services that can work with TLS-everywhere.
resource_registry:
- # This can be used when you don't want to run puppet on the host,
- # e.g atomic, but it has been replaced with OS::TripleO::Services::Docker
- # OS::TripleO::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
- # The compute node still needs extra initialization steps
- OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
# Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2
OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml
@@ -26,7 +21,7 @@ resource_registry:
OS::TripleO::Services::HeatApi: ../docker/services/heat-api.yaml
OS::TripleO::Services::HeatApiCfn: ../docker/services/heat-api-cfn.yaml
OS::TripleO::Services::HeatEngine: ../docker/services/heat-engine.yaml
- OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml
+ OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml
OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
OS::TripleO::Services::Memcached: ../docker/services/memcached.yaml
OS::TripleO::Services::NeutronApi: ../docker/services/neutron-api.yaml
@@ -36,8 +31,18 @@ resource_registry:
OS::TripleO::Services::NeutronMetadataAgent: ../docker/services/neutron-metadata.yaml
OS::TripleO::Services::NeutronOvsAgent: ../docker/services/neutron-ovs-agent.yaml
OS::TripleO::Services::NeutronServer: ../docker/services/neutron-api.yaml
+ OS::TripleO::Services::NovaApi: ../docker/services/nova-api.yaml
+ OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml
+ OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml
+ OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml
+ OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml
+ OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml
+ OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml
OS::TripleO::Services::PankoApi: ../docker/services/panko-api.yaml
OS::TripleO::Services::Redis: ../docker/services/database/redis.yaml
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml
+ OS::TripleO::Services::HAproxy: ../docker/services/haproxy.yaml
+ OS::TripleO::Services::MySQL: ../docker/services/database/mysql.yaml
+ OS::TripleO::Services::RabbitMQ: ../docker/services/rabbitmq.yaml
diff --git a/environments/docker.yaml b/environments/docker.yaml
index 9b977f6e..dfa30b08 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -1,10 +1,4 @@
resource_registry:
- # This can be used when you don't want to run puppet on the host,
- # e.g atomic, but it has been replaced with OS::TripleO::Services::Docker
- # OS::TripleO::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
- # The compute node still needs extra initialization steps
- OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
-
OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
# Default Neutron ML2 puppet plugin to use when NeutronCorePlugin is set to ML2
OS::TripleO::Docker::NeutronMl2PluginBase: ../puppet/services/neutron-plugin-ml2.yaml
@@ -22,6 +16,7 @@ resource_registry:
OS::TripleO::Services::NovaPlacement: ../docker/services/nova-placement.yaml
OS::TripleO::Services::NovaConductor: ../docker/services/nova-conductor.yaml
OS::TripleO::Services::NovaConsoleauth: ../docker/services/nova-consoleauth.yaml
+ OS::TripleO::Services::NovaMetadata: ../docker/services/nova-metadata.yaml
OS::TripleO::Services::NovaMigrationTarget: ../docker/services/nova-migration-target.yaml
OS::TripleO::Services::NovaScheduler: ../docker/services/nova-scheduler.yaml
OS::TripleO::Services::NovaVncProxy: ../docker/services/nova-vnc-proxy.yaml
@@ -56,6 +51,7 @@ resource_registry:
OS::TripleO::Services::Horizon: ../docker/services/horizon.yaml
OS::TripleO::Services::Iscsid: ../docker/services/iscsid.yaml
OS::TripleO::Services::Multipathd: ../docker/services/multipathd.yaml
+ OS::TripleO::Services::ContainersLogrotateCrond: ../docker/services/logrotate-crond.yaml
# FIXME: Had to remove these to unblock containers CI. They should be put back when fixed.
# OS::TripleO::Services::CinderApi: ../docker/services/cinder-api.yaml
# OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml
diff --git a/environments/hyperconverged-ceph.yaml b/environments/hyperconverged-ceph.yaml
index 834c4f10..81044170 100644
--- a/environments/hyperconverged-ceph.yaml
+++ b/environments/hyperconverged-ceph.yaml
@@ -11,6 +11,7 @@ parameter_defaults:
- OS::TripleO::Services::CephExternal
- OS::TripleO::Services::Timezone
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Sshd
- OS::TripleO::Services::Securetty
diff --git a/environments/major-upgrade-composable-steps.yaml b/environments/major-upgrade-composable-steps.yaml
index 5a695171..db83f906 100644
--- a/environments/major-upgrade-composable-steps.yaml
+++ b/environments/major-upgrade-composable-steps.yaml
@@ -1,5 +1,5 @@
resource_registry:
- OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml
+ OS::TripleO::PostDeploySteps: ../common/major_upgrade_steps.yaml
parameter_defaults:
EnableConfigPurge: true
StackUpdateType: UPGRADE
diff --git a/environments/network-isolation-v6.j2.yaml b/environments/network-isolation-v6.j2.yaml
new file mode 100644
index 00000000..bb27ee43
--- /dev/null
+++ b/environments/network-isolation-v6.j2.yaml
@@ -0,0 +1,58 @@
+{%- set primary_role = [roles[0]] -%}
+{%- for role in roles -%}
+ {%- if 'primary' in role.tags and 'controller' in role.tags -%}
+ {%- set _ = primary_role.pop() -%}
+ {%- set _ = primary_role.append(role) -%}
+ {%- endif -%}
+{%- endfor -%}
+{%- set primary_role_name = primary_role[0].name -%}
+# Enable the creation of Neutron networks for isolated Overcloud
+# traffic and configure each role to assign ports (related
+# to that role) on these networks.
+# primary role is: {{primary_role_name}}
+resource_registry:
+ # networks as defined in network_data.yaml
+ {%- for network in networks if network.enabled|default(true) %}
+ {%- if network.name != 'Tenant' %}
+ OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}_v6.yaml
+ {%- else %}
+ # IPv4 until OVS and Neutron support IPv6 tunnel endpoints
+ OS::TripleO::Network::{{network.name}}: ../network/{{network.name_lower|default(network.name.lower())}}.yaml
+ {%- endif %}
+ {%- endfor %}
+
+ # Port assignments for the VIPs
+ {%- for network in networks if network.vip and network.enabled|default(true) %}
+ OS::TripleO::Network::Ports::{{network.name}}VipPort: ../network/ports/{{network.name_lower|default(network.name.lower())}}_v6.yaml
+ {%- endfor %}
+
+ OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml
+
+{%- for role in roles %}
+ # Port assignments for the {{role.name}}
+ {%- for network in networks %}
+ {%- if network.name in role.networks|default([]) and network.enabled|default(true) and network.name != 'Tenant' %}
+ OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}_v6.yaml
+ {%- elif network.name in role.networks|default([]) and network.enabled|default(true) and network.name == 'Tenant' %}
+ # IPv4 until OVS and Neutron support IPv6 tunnel endpoints
+ OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/{{network.name_lower|default(network.name.lower())}}.yaml
+ {%- else %}
+ OS::TripleO::{{role.name}}::Ports::{{network.name}}Port: ../network/ports/noop.yaml
+ {%- endif %}
+ {%- endfor %}
+{%- endfor %}
+
+
+parameter_defaults:
+ # Enable IPv6 for Ceph.
+ CephIPv6: True
+ # Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster.
+ CorosyncIPv6: True
+ # Enable IPv6 for MongoDB. This is required when MongoDB is using an IPv6 IP.
+ MongoDbIPv6: True
+ # Enable various IPv6 features in Nova.
+ NovaIPv6: True
+ # Enable IPv6 environment for RabbitMQ.
+ RabbitIPv6: True
+ # Enable IPv6 environment for Memcached.
+ MemcachedIPv6: True
diff --git a/environments/network-isolation-v6.yaml b/environments/network-isolation-v6.yaml
deleted file mode 100644
index 11ca5b31..00000000
--- a/environments/network-isolation-v6.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
-# Enable the creation of IPv6 Neutron networks for isolated Overcloud
-# traffic and configure each role to assign ports (related
-# to that role) on these networks.
-resource_registry:
- OS::TripleO::Network::External: ../network/external_v6.yaml
- OS::TripleO::Network::InternalApi: ../network/internal_api_v6.yaml
- OS::TripleO::Network::StorageMgmt: ../network/storage_mgmt_v6.yaml
- OS::TripleO::Network::Storage: ../network/storage_v6.yaml
- # IPv4 until OVS and Neutron support IPv6 tunnel endpoints
- OS::TripleO::Network::Tenant: ../network/tenant.yaml
-
- # Port assignments for the VIPs
- OS::TripleO::Network::Ports::ExternalVipPort: ../network/ports/external_v6.yaml
- OS::TripleO::Network::Ports::InternalApiVipPort: ../network/ports/internal_api_v6.yaml
- OS::TripleO::Network::Ports::StorageVipPort: ../network/ports/storage_v6.yaml
- OS::TripleO::Network::Ports::StorageMgmtVipPort: ../network/ports/storage_mgmt_v6.yaml
- OS::TripleO::Network::Ports::RedisVipPort: ../network/ports/vip_v6.yaml
-
- # Port assignments for the controller role
- OS::TripleO::Controller::Ports::ExternalPort: ../network/ports/external_v6.yaml
- OS::TripleO::Controller::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml
- OS::TripleO::Controller::Ports::StoragePort: ../network/ports/storage_v6.yaml
- OS::TripleO::Controller::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml
- OS::TripleO::Controller::Ports::TenantPort: ../network/ports/tenant.yaml
-
- # Port assignments for the compute role
- OS::TripleO::Compute::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml
- OS::TripleO::Compute::Ports::StoragePort: ../network/ports/storage_v6.yaml
- OS::TripleO::Compute::Ports::TenantPort: ../network/ports/tenant.yaml
-
- # Port assignments for the ceph storage role
- OS::TripleO::CephStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml
- OS::TripleO::CephStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml
-
- # Port assignments for the swift storage role
- OS::TripleO::SwiftStorage::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml
- OS::TripleO::SwiftStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml
- OS::TripleO::SwiftStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml
-
- # Port assignments for the block storage role
- OS::TripleO::BlockStorage::Ports::InternalApiPort: ../network/ports/internal_api_v6.yaml
- OS::TripleO::BlockStorage::Ports::StoragePort: ../network/ports/storage_v6.yaml
- OS::TripleO::BlockStorage::Ports::StorageMgmtPort: ../network/ports/storage_mgmt_v6.yaml
-
-parameter_defaults:
- # Enable IPv6 for Ceph.
- CephIPv6: True
- # Enable IPv6 for Corosync. This is required when Corosync is using an IPv6 IP in the cluster.
- CorosyncIPv6: True
- # Enable IPv6 for MongoDB. This is required when MongoDB is using an IPv6 IP.
- MongoDbIPv6: True
- # Enable various IPv6 features in Nova.
- NovaIPv6: True
- # Enable IPv6 environment for RabbitMQ.
- RabbitIPv6: true
- # Enable IPv6 environment for Memcached.
- MemcachedIPv6: true
diff --git a/environments/network-management-v6.yaml b/environments/network-management-v6.yaml
index 812e84f3..59056217 100644
--- a/environments/network-management-v6.yaml
+++ b/environments/network-management-v6.yaml
@@ -1,3 +1,7 @@
+# ******************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/network-isolation-v6.yaml
+# and define the needed networks in your custom role file.
+# ******************************************************************************
# Enable the creation of an IPv6 system management network. This
# creates a Neutron network for isolated Overcloud
# system management traffic and configures each role to
diff --git a/environments/network-management.yaml b/environments/network-management.yaml
index 041617be..5f50bb15 100644
--- a/environments/network-management.yaml
+++ b/environments/network-management.yaml
@@ -1,3 +1,7 @@
+# ***************************************************************************
+# DEPRECATED: Use tripleo-heat-templates/environments/network-isolation.yaml
+# and define the needed networks in your custom role file.
+# ***************************************************************************
# Enable the creation of a system management network. This
# creates a Neutron network for isolated Overcloud
# system management traffic and configures each role to
diff --git a/environments/storage/external-ceph.yaml b/environments/storage/external-ceph.yaml
index f1c9d516..0f2d0396 100644
--- a/environments/storage/external-ceph.yaml
+++ b/environments/storage/external-ceph.yaml
@@ -13,7 +13,7 @@ parameter_defaults:
# Type: string
CephAdminKey: ''
- # The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ # The Ceph client key. Can be created with ceph-authtool --gen-print-key.
# Mandatory. This parameter must be set by the user.
# Type: string
CephClientKey: <None>
diff --git a/extraconfig/nova_metadata/krb-service-principals.yaml b/extraconfig/nova_metadata/krb-service-principals.j2.yaml
index cdd4341a..b18dba66 100644
--- a/extraconfig/nova_metadata/krb-service-principals.yaml
+++ b/extraconfig/nova_metadata/krb-service-principals.j2.yaml
@@ -5,30 +5,38 @@ parameters:
RoleData:
type: json
description: the list containing the 'role_data' output for the ServiceChain
-
- # Coming from parameter_defaults
+{%- for network in networks if network.vip|default(false) %}
+{%- if network.name == 'External' %}
+ # Special case the External hostname param, which is CloudName
CloudName:
default: overcloud.localdomain
description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
type: string
+{%- elif network.name == 'InternalApi' %}
+ # Special case the Internal API hostname param, which is CloudNameInternal
CloudNameInternal:
- default: overcloud.internalapi.localdomain
+ default: overcloud.{{network.name.lower()}}.localdomain
description: >
- The DNS name of this cloud's internal API endpoint. E.g.
- 'ci-overcloud.internalapi.tripleo.org'.
+ The DNS name of this cloud's {{network.name_lower}} endpoint. E.g.
+ 'ci-overcloud.{{network.name.lower()}}.tripleo.org'.
type: string
- CloudNameStorage:
- default: overcloud.storage.localdomain
+{%- elif network.name == 'StorageMgmt' %}
+ # Special case StorageMgmt hostname param, which is CloudNameStorageManagement
+ CloudNameStorageManagement:
+ default: overcloud.{{network.name.lower()}}.localdomain
description: >
- The DNS name of this cloud's storage endpoint. E.g.
- 'ci-overcloud.storage.tripleo.org'.
+ The DNS name of this cloud's {{network.name_lower}} endpoint. E.g.
+ 'ci-overcloud.{{network.name.lower()}}.tripleo.org'.
type: string
- CloudNameStorageManagement:
- default: overcloud.storagemgmt.localdomain
+{%- else %}
+ CloudName{{network.name}}:
+ default: overcloud.{{network.name.lower()}}.localdomain
description: >
- The DNS name of this cloud's storage management endpoint. E.g.
- 'ci-overcloud.storagemgmt.tripleo.org'.
+ The DNS name of this cloud's {{network.name_lower}} endpoint. E.g.
+ 'ci-overcloud.{{network.name.lower()}}.tripleo.org'.
type: string
+{%- endif %}
+{%- endfor %}
CloudNameCtlplane:
default: overcloud.ctlplane.localdomain
description: >
@@ -61,10 +69,17 @@ resources:
data:
metadata: {get_attr: [IncomingMetadataSettings, value]}
fqdns:
+{%- for network in networks if network.vip|default(false) %}
+{%- if network.name == 'External' %}
external: {get_param: CloudName}
+{%- elif network.name == 'InternalApi' %}
internal_api: {get_param: CloudNameInternal}
- storage: {get_param: CloudNameStorage}
+{%- elif network.name == 'StorageMgmt' %}
storage_mgmt: {get_param: CloudNameStorageManagement}
+{%- else %}
+ {{network.name_lower}}: {get_param: CloudName{{network.name}}}
+{%- endif %}
+{%- endfor %}
ctlplane: {get_param: CloudNameCtlplane}
CompactServices:
@@ -82,3 +97,4 @@ outputs:
map_merge:
- {get_attr: [IndividualServices, value]}
- compact_services: {get_attr: [CompactServices, value]}
+
diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
index fb0d1699..b9fd08b4 100644
--- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
+++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
@@ -59,22 +59,31 @@ parameters:
description: |
When enabled, the system will perform a yum update after performing the
RHEL Registration process.
- deployment_actions:
- default: ['CREATE', 'UPDATE']
- type: comma_delimited_list
- description: >
- List of stack actions that will trigger any deployments in this
- templates. The actions will be an empty list of the server is in the
- toplevel DeploymentServerBlacklist parameter's value.
+ DeleteOnRHELUnregistration:
+ type: boolean
+ default: false
+ description: |
+ When true, the system profile will be deleted from the registration
+ service when the rhel-registration.yaml nested stack is deleted.
conditions:
- deployment_actions_empty:
+ unregister_on_delete:
equals:
- - {get_param: deployment_actions}
- - []
+ - {get_param: DeleteOnRHELUnregistration}
+ - true
+ update_requested:
+ equals:
+ - {get_param: UpdateOnRHELRegistration}
+ - true
resources:
+ DeploymentActions:
+ type: OS::Heat::Value
+ properties:
+ value:
+ yaql
+
RHELRegistration:
type: OS::Heat::SoftwareConfig
properties:
@@ -151,9 +160,9 @@ resources:
config: {get_resource: RHELUnregistration}
actions:
if:
- - deployment_actions_empty
+ - unregister_on_delete
+ - ['DELETE']
- []
- - ['DELETE'] # Only do this on DELETE
input_values:
REG_METHOD: {get_param: rhel_reg_method}
@@ -180,17 +189,12 @@ resources:
UpdateDeploymentAfterRHELRegistration:
type: OS::Heat::SoftwareDeployment
depends_on: RHELRegistrationDeployment
- conditions:
- update_requested: {get_param: UpdateOnRHELRegistration}
+ condition: update_requested
properties:
name: UpdateDeploymentAfterRHELRegistration
config: {get_resource: YumUpdateConfigurationAfterRHELRegistration}
server: {get_param: server}
- actions:
- if:
- - deployment_actions_empty
- - []
- - ['CREATE'] # Only do this on CREATE
+ actions: ['CREATE'] # Only do this on CREATE
outputs:
deploy_stdout:
diff --git a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
index d14ed73f..487857ef 100644
--- a/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
+++ b/extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
@@ -235,11 +235,25 @@ case "${REG_METHOD:-}" in
if [ "$satellite_version" = "6" ]; then
repos="$repos --enable ${satellite_repo}"
curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm"
+
+ # https://bugs.launchpad.net/tripleo/+bug/1711435
+ # Delete the /etc/rhsm/facts directory entirely so that the
+ # %post script from katello-ca-consumer does not override the
+ # hostname with $(hostname -f) if there is no fqdn set
+ fqdn=$(hostname -f)
+ if [ "$fqdn" = "localhost" -o "$fqdn" = "localhost.localdomain" ]; then
+ rm -rf /etc/rhsm/facts
+ fi
+
rpm -Uvh katello-ca-consumer-latest.noarch.rpm || true
retry subscription-manager register $opts
retry subscription-manager $repos
retry yum install -y katello-agent || true # needed for errata reporting to satellite6
katello-package-upload
+
+ # https://bugs.launchpad.net/tripleo/+bug/1711435
+ # recreate the facts dir just in case we rm'd it earlier
+ mkdir -p /etc/rhsm/facts
else
pushd /usr/share/rhn/
curl --retry ${retry_max_count} --retry-delay 10 --max-time 30 -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT
diff --git a/j2_excludes.yaml b/j2_excludes.yaml
index 504cc153..5bdb0af9 100644
--- a/j2_excludes.yaml
+++ b/j2_excludes.yaml
@@ -1,14 +1,10 @@
# This template specifies which j2 rendered templates
# should be excluded in the render process from
# tripleo-common/tripleo_common/actions/templates.py
+# E.g:
+# name:
+# - puppet/cephstorage-role.yaml
name:
- - puppet/cephstorage-role.yaml
- - network/internal_api.yaml
- - network/external.yaml
- - network/storage.yaml
- - network/storage_mgmt.yaml
- - network/tenant.yaml
- - network/management.yaml
- network/internal_api_v6.yaml
- network/external_v6.yaml
- network/storage_v6.yaml
diff --git a/net-config-bond.yaml b/net-config-bond.yaml
index 95b47455..8a97c854 100644
--- a/net-config-bond.yaml
+++ b/net-config-bond.yaml
@@ -22,7 +22,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -30,7 +30,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/net-config-bridge.yaml b/net-config-bridge.yaml
index 29646ab5..0668245d 100644
--- a/net-config-bridge.yaml
+++ b/net-config-bridge.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/net-config-linux-bridge.yaml b/net-config-linux-bridge.yaml
index 6c44e60e..3964341a 100644
--- a/net-config-linux-bridge.yaml
+++ b/net-config-linux-bridge.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/net-config-noop.yaml b/net-config-noop.yaml
index 57f1a197..bdfda577 100644
--- a/net-config-noop.yaml
+++ b/net-config-noop.yaml
@@ -15,7 +15,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -23,7 +23,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/net-config-static-bridge-with-external-dhcp.yaml b/net-config-static-bridge-with-external-dhcp.yaml
index cbf282ea..0e0d5900 100644
--- a/net-config-static-bridge-with-external-dhcp.yaml
+++ b/net-config-static-bridge-with-external-dhcp.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/net-config-static-bridge.yaml b/net-config-static-bridge.yaml
index c778bd81..e3e930d5 100644
--- a/net-config-static-bridge.yaml
+++ b/net-config-static-bridge.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/net-config-static.yaml b/net-config-static.yaml
index e864be03..02e2fe65 100644
--- a/net-config-static.yaml
+++ b/net-config-static.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/net-config-undercloud.yaml b/net-config-undercloud.yaml
index 881fbfd7..df02833a 100644
--- a/net-config-undercloud.yaml
+++ b/net-config-undercloud.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/bond-with-vlans/ceph-storage.yaml b/network/config/bond-with-vlans/ceph-storage.yaml
index 9683456a..bd15a189 100644
--- a/network/config/bond-with-vlans/ceph-storage.yaml
+++ b/network/config/bond-with-vlans/ceph-storage.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/bond-with-vlans/cinder-storage.yaml b/network/config/bond-with-vlans/cinder-storage.yaml
index 3ad6d653..4ea3c470 100644
--- a/network/config/bond-with-vlans/cinder-storage.yaml
+++ b/network/config/bond-with-vlans/cinder-storage.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/bond-with-vlans/compute-dpdk.yaml b/network/config/bond-with-vlans/compute-dpdk.yaml
index 095c4973..5def1ca9 100644
--- a/network/config/bond-with-vlans/compute-dpdk.yaml
+++ b/network/config/bond-with-vlans/compute-dpdk.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/bond-with-vlans/compute.yaml b/network/config/bond-with-vlans/compute.yaml
index 882402af..2acbc877 100644
--- a/network/config/bond-with-vlans/compute.yaml
+++ b/network/config/bond-with-vlans/compute.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/bond-with-vlans/controller-no-external.yaml b/network/config/bond-with-vlans/controller-no-external.yaml
index 4901f94d..55603518 100644
--- a/network/config/bond-with-vlans/controller-no-external.yaml
+++ b/network/config/bond-with-vlans/controller-no-external.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/bond-with-vlans/controller-v6.yaml b/network/config/bond-with-vlans/controller-v6.yaml
index 33c6fa65..69ab7539 100644
--- a/network/config/bond-with-vlans/controller-v6.yaml
+++ b/network/config/bond-with-vlans/controller-v6.yaml
@@ -14,7 +14,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -22,7 +22,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/bond-with-vlans/controller.yaml b/network/config/bond-with-vlans/controller.yaml
index 100821b7..70e41eb6 100644
--- a/network/config/bond-with-vlans/controller.yaml
+++ b/network/config/bond-with-vlans/controller.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/bond-with-vlans/networker.yaml b/network/config/bond-with-vlans/networker.yaml
index aa6e9da6..45994c72 100644
--- a/network/config/bond-with-vlans/networker.yaml
+++ b/network/config/bond-with-vlans/networker.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/bond-with-vlans/swift-storage.yaml b/network/config/bond-with-vlans/swift-storage.yaml
index 0ede081f..c31bf225 100644
--- a/network/config/bond-with-vlans/swift-storage.yaml
+++ b/network/config/bond-with-vlans/swift-storage.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/contrail/contrail-nic-config-compute.yaml b/network/config/contrail/contrail-nic-config-compute.yaml
index a5f0ecab..5f9e9198 100644
--- a/network/config/contrail/contrail-nic-config-compute.yaml
+++ b/network/config/contrail/contrail-nic-config-compute.yaml
@@ -16,7 +16,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
InternalApiDefaultRoute: # Not used by default in this template
default: '10.0.0.1'
@@ -28,7 +28,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/contrail/contrail-nic-config.yaml b/network/config/contrail/contrail-nic-config.yaml
index 595f34d1..fb78caca 100644
--- a/network/config/contrail/contrail-nic-config.yaml
+++ b/network/config/contrail/contrail-nic-config.yaml
@@ -16,7 +16,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
InternalApiDefaultRoute: # Not used by default in this template
default: '10.0.0.1'
@@ -28,7 +28,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/multiple-nics/ceph-storage.yaml b/network/config/multiple-nics/ceph-storage.yaml
index 3cc4361f..8448f84f 100644
--- a/network/config/multiple-nics/ceph-storage.yaml
+++ b/network/config/multiple-nics/ceph-storage.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/multiple-nics/cinder-storage.yaml b/network/config/multiple-nics/cinder-storage.yaml
index fa7d49e3..57882e22 100644
--- a/network/config/multiple-nics/cinder-storage.yaml
+++ b/network/config/multiple-nics/cinder-storage.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/multiple-nics/compute-dvr.yaml b/network/config/multiple-nics/compute-dvr.yaml
index a7939125..562a63d9 100644
--- a/network/config/multiple-nics/compute-dvr.yaml
+++ b/network/config/multiple-nics/compute-dvr.yaml
@@ -13,7 +13,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -21,7 +21,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/multiple-nics/compute.yaml b/network/config/multiple-nics/compute.yaml
index d1dc06a3..febfed0c 100644
--- a/network/config/multiple-nics/compute.yaml
+++ b/network/config/multiple-nics/compute.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/multiple-nics/controller-v6.yaml b/network/config/multiple-nics/controller-v6.yaml
index 477eeaae..17544f22 100644
--- a/network/config/multiple-nics/controller-v6.yaml
+++ b/network/config/multiple-nics/controller-v6.yaml
@@ -13,7 +13,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -21,7 +21,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/multiple-nics/controller.yaml b/network/config/multiple-nics/controller.yaml
index 59f16b93..7d9dbe7a 100644
--- a/network/config/multiple-nics/controller.yaml
+++ b/network/config/multiple-nics/controller.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/multiple-nics/networker.yaml b/network/config/multiple-nics/networker.yaml
index b251fb9c..abee66ca 100644
--- a/network/config/multiple-nics/networker.yaml
+++ b/network/config/multiple-nics/networker.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/multiple-nics/swift-storage.yaml b/network/config/multiple-nics/swift-storage.yaml
index 180f553f..cf547918 100644
--- a/network/config/multiple-nics/swift-storage.yaml
+++ b/network/config/multiple-nics/swift-storage.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml
index 6685f2bc..b22f633a 100644
--- a/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/ceph-storage.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml
index ecc57ad5..1c5a8c9a 100644
--- a/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/cinder-storage.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/single-nic-linux-bridge-vlans/compute.yaml b/network/config/single-nic-linux-bridge-vlans/compute.yaml
index a637ef00..f4fd5fba 100644
--- a/network/config/single-nic-linux-bridge-vlans/compute.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/compute.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml
index d4058078..44fc961c 100644
--- a/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/controller-v6.yaml
@@ -13,7 +13,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -21,7 +21,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/single-nic-linux-bridge-vlans/controller.yaml b/network/config/single-nic-linux-bridge-vlans/controller.yaml
index a52a8b84..0a54145a 100644
--- a/network/config/single-nic-linux-bridge-vlans/controller.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/controller.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/single-nic-linux-bridge-vlans/networker.yaml b/network/config/single-nic-linux-bridge-vlans/networker.yaml
index b1733dec..7dd48944 100644
--- a/network/config/single-nic-linux-bridge-vlans/networker.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/networker.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml
index ad154fad..2649391f 100644
--- a/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml
+++ b/network/config/single-nic-linux-bridge-vlans/swift-storage.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/single-nic-vlans/ceph-storage.yaml b/network/config/single-nic-vlans/ceph-storage.yaml
index 790e8a7d..ebcc721c 100644
--- a/network/config/single-nic-vlans/ceph-storage.yaml
+++ b/network/config/single-nic-vlans/ceph-storage.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/single-nic-vlans/cinder-storage.yaml b/network/config/single-nic-vlans/cinder-storage.yaml
index 6dee3bee..d2548e4e 100644
--- a/network/config/single-nic-vlans/cinder-storage.yaml
+++ b/network/config/single-nic-vlans/cinder-storage.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/single-nic-vlans/compute.yaml b/network/config/single-nic-vlans/compute.yaml
index d2559d2c..78814af1 100644
--- a/network/config/single-nic-vlans/compute.yaml
+++ b/network/config/single-nic-vlans/compute.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/single-nic-vlans/controller-no-external.yaml b/network/config/single-nic-vlans/controller-no-external.yaml
index d26de321..1dc9a6f3 100644
--- a/network/config/single-nic-vlans/controller-no-external.yaml
+++ b/network/config/single-nic-vlans/controller-no-external.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/single-nic-vlans/controller-v6.yaml b/network/config/single-nic-vlans/controller-v6.yaml
index 8f68760f..f1055ae3 100644
--- a/network/config/single-nic-vlans/controller-v6.yaml
+++ b/network/config/single-nic-vlans/controller-v6.yaml
@@ -13,7 +13,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -21,7 +21,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/single-nic-vlans/controller.yaml b/network/config/single-nic-vlans/controller.yaml
index 8530118f..171fcf5d 100644
--- a/network/config/single-nic-vlans/controller.yaml
+++ b/network/config/single-nic-vlans/controller.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/single-nic-vlans/networker.yaml b/network/config/single-nic-vlans/networker.yaml
index 54a17e46..2502984a 100644
--- a/network/config/single-nic-vlans/networker.yaml
+++ b/network/config/single-nic-vlans/networker.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/config/single-nic-vlans/swift-storage.yaml b/network/config/single-nic-vlans/swift-storage.yaml
index b4587e04..99ab66c1 100644
--- a/network/config/single-nic-vlans/swift-storage.yaml
+++ b/network/config/single-nic-vlans/swift-storage.yaml
@@ -12,7 +12,7 @@ parameters:
type: string
InternalApiIpSubnet:
default: ''
- description: IP address/subnet on the internal API network
+ description: IP address/subnet on the internal_api network
type: string
StorageIpSubnet:
default: ''
@@ -20,7 +20,7 @@ parameters:
type: string
StorageMgmtIpSubnet:
default: ''
- description: IP address/subnet on the storage mgmt network
+ description: IP address/subnet on the storage_mgmt network
type: string
TenantIpSubnet:
default: ''
diff --git a/network/external.yaml b/network/external.yaml
deleted file mode 100644
index 708d4635..00000000
--- a/network/external.yaml
+++ /dev/null
@@ -1,69 +0,0 @@
-heat_template_version: pike
-
-description: >
- External network. Public traffic, Neutron l3router for floating IPs/SNAT, etc.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- ExternalNetCidr:
- default: '10.0.0.0/24'
- description: Cidr for the external network.
- type: string
- ExternalNetValueSpecs:
- default: {'provider:physical_network': 'external', 'provider:network_type': 'flat'}
- description: Value specs for the external network.
- type: json
- ExternalNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- ExternalNetEnableDHCP:
- default: false
- description: Whether to enable DHCP on the associated subnet.
- type: boolean
- ExternalNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- ExternalNetName:
- default: external
- description: The name of the external network.
- type: string
- ExternalSubnetName:
- default: external_subnet
- description: The name of the external subnet in Neutron.
- type: string
- ExternalAllocationPools:
- default: [{'start': '10.0.0.4', 'end': '10.0.0.250'}]
- description: Ip allocation pool range for the external network.
- type: json
- ExternalInterfaceDefaultRoute:
- default: '10.0.0.1'
- description: default route for the external network
- type: string
-
-resources:
- ExternalNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: ExternalNetAdminStateUp}
- name: {get_param: ExternalNetName}
- shared: {get_param: ExternalNetShared}
- value_specs: {get_param: ExternalNetValueSpecs}
-
- ExternalSubnet:
- type: OS::Neutron::Subnet
- properties:
- cidr: {get_param: ExternalNetCidr}
- enable_dhcp: {get_param: ExternalNetEnableDHCP}
- name: {get_param: ExternalSubnetName}
- network: {get_resource: ExternalNetwork}
- allocation_pools: {get_param: ExternalAllocationPools}
- gateway_ip: {get_param: ExternalInterfaceDefaultRoute}
-
-outputs:
- OS::stack_id:
- description: Neutron external network
- value: {get_resource: ExternalNetwork}
- subnet_cidr:
- value: {get_attr: [ExternalSubnet, cidr]}
diff --git a/network/internal_api.yaml b/network/internal_api.yaml
deleted file mode 100644
index 6e1885a9..00000000
--- a/network/internal_api.yaml
+++ /dev/null
@@ -1,65 +0,0 @@
-heat_template_version: pike
-
-description: >
- Internal API network. Used for most APIs, Database, RPC.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- InternalApiNetCidr:
- default: '172.16.2.0/24'
- description: Cidr for the internal API network.
- type: string
- InternalApiNetValueSpecs:
- default: {'provider:physical_network': 'internal_api', 'provider:network_type': 'flat'}
- description: Value specs for the internal API network.
- type: json
- InternalApiNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- InternalApiNetEnableDHCP:
- default: false
- description: Whether to enable DHCP on the associated subnet.
- type: boolean
- InternalApiNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- InternalApiNetName:
- default: internal_api
- description: The name of the internal API network.
- type: string
- InternalApiSubnetName:
- default: internal_api_subnet
- description: The name of the internal API subnet in Neutron.
- type: string
- InternalApiAllocationPools:
- default: [{'start': '172.16.2.4', 'end': '172.16.2.250'}]
- description: Ip allocation pool range for the internal API network.
- type: json
-
-resources:
- InternalApiNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: InternalApiNetAdminStateUp}
- name: {get_param: InternalApiNetName}
- shared: {get_param: InternalApiNetShared}
- value_specs: {get_param: InternalApiNetValueSpecs}
-
- InternalApiSubnet:
- type: OS::Neutron::Subnet
- properties:
- cidr: {get_param: InternalApiNetCidr}
- enable_dhcp: {get_param: InternalApiNetEnableDHCP}
- name: {get_param: InternalApiSubnetName}
- network: {get_resource: InternalApiNetwork}
- allocation_pools: {get_param: InternalApiAllocationPools}
- gateway_ip: null
-
-outputs:
- OS::stack_id:
- description: Neutron internal network
- value: {get_resource: InternalApiNetwork}
- subnet_cidr:
- value: {get_attr: [InternalApiSubnet, cidr]}
diff --git a/network/internal_api_v6.yaml b/network/internal_api_v6.yaml
index 7264b1c0..6a0912e2 100644
--- a/network/internal_api_v6.yaml
+++ b/network/internal_api_v6.yaml
@@ -8,11 +8,11 @@ parameters:
InternalApiNetCidr:
# OpenStack uses the EUI-64 address format, which requires a /64 prefix
default: 'fd00:fd00:fd00:2000::/64'
- description: Cidr for the internal API network.
+ description: Cidr for the internal_api network.
type: string
InternalApiNetValueSpecs:
default: {'provider:physical_network': 'internal_api', 'provider:network_type': 'flat'}
- description: Value specs for the internal API network.
+ description: Value specs for the internal_api network.
type: json
InternalApiNetAdminStateUp:
default: false
@@ -24,15 +24,15 @@ parameters:
type: boolean
InternalApiNetName:
default: internal_api
- description: The name of the internal API network.
+ description: The name of the internal_api network.
type: string
InternalApiSubnetName:
default: internal_api_subnet
- description: The name of the internal API subnet in Neutron.
+ description: The name of the internal_api subnet in Neutron.
type: string
InternalApiAllocationPools:
default: [{'start': 'fd00:fd00:fd00:2000::10', 'end': 'fd00:fd00:fd00:2000:ffff:ffff:ffff:fffe'}]
- description: Ip allocation pool range for the internal API network.
+ description: Ip allocation pool range for the internal_api network.
type: json
IPv6AddressMode:
default: dhcpv6-stateful
diff --git a/network/management.yaml b/network/management.yaml
deleted file mode 100644
index be197e5c..00000000
--- a/network/management.yaml
+++ /dev/null
@@ -1,70 +0,0 @@
-heat_template_version: pike
-
-description: >
- Management network. System administration, SSH, DNS, NTP, etc. This network
- would usually be the default gateway for the non-controller nodes.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- ManagementNetCidr:
- default: '10.0.1.0/24'
- description: Cidr for the management network.
- type: string
- ManagementNetValueSpecs:
- default: {'provider:physical_network': 'management', 'provider:network_type': 'flat'}
- description: Value specs for the management network.
- type: json
- ManagementNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- ManagementNetEnableDHCP:
- default: false
- description: Whether to enable DHCP on the associated subnet.
- type: boolean
- ManagementNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- ManagementNetName:
- default: management
- description: The name of the management network.
- type: string
- ManagementSubnetName:
- default: management_subnet
- description: The name of the management subnet in Neutron.
- type: string
- ManagementAllocationPools:
- default: [{'start': '10.0.1.4', 'end': '10.0.1.250'}]
- description: Ip allocation pool range for the management network.
- type: json
- ManagementInterfaceDefaultRoute:
- default: unset
- description: The default route of the management network.
- type: string
-
-resources:
- ManagementNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: ManagementNetAdminStateUp}
- name: {get_param: ManagementNetName}
- shared: {get_param: ManagementNetShared}
- value_specs: {get_param: ManagementNetValueSpecs}
-
- ManagementSubnet:
- type: OS::Neutron::Subnet
- properties:
- cidr: {get_param: ManagementNetCidr}
- enable_dhcp: {get_param: ManagementNetEnableDHCP}
- name: {get_param: ManagementSubnetName}
- network: {get_resource: ManagementNetwork}
- allocation_pools: {get_param: ManagementAllocationPools}
- gateway_ip: {get_param: ManagementInterfaceDefaultRoute}
-
-outputs:
- OS::stack_id:
- description: Neutron management network
- value: {get_resource: ManagementNetwork}
- subnet_cidr:
- value: {get_attr: [ManagementSubnet, cidr]}
diff --git a/network/network.network.j2.yaml b/network/network.network.j2.yaml
index ccf437bb..29d58cd5 100644
--- a/network/network.network.j2.yaml
+++ b/network/network.network.j2.yaml
@@ -15,7 +15,7 @@ parameters:
type: json
{{network.name}}NetAdminStateUp:
default: false
- description: This admin state of the network.
+ description: The admin state of the network.
type: boolean
{{network.name}}NetEnableDHCP:
default: false
@@ -27,7 +27,7 @@ parameters:
type: boolean
{{network.name}}NetName:
default: {{network.name_lower}}
- description: The name of the {{network.name_lower}} network.
+ description: The name of the {{network.name_lower}} network.
type: string
{{network.name}}SubnetName:
default: {{network.name_lower}}_subnet
@@ -38,7 +38,7 @@ parameters:
description: Ip allocation pool range for the {{network.name_lower}} network.
type: json
{{network.name}}InterfaceDefaultRoute:
- default: {{network.gateway_ip|default("not_defined")}}
+ default: {{network.gateway_ip|default('""')}}
description: default route for the {{network.name_lower}} network
type: string
{%- if network.vlan %}
diff --git a/network/ports/internal_api.yaml b/network/ports/internal_api.yaml
index e9eb7875..94006437 100644
--- a/network/ports/internal_api.yaml
+++ b/network/ports/internal_api.yaml
@@ -5,7 +5,7 @@ description: >
parameters:
InternalApiNetName:
- description: The name of the internal API network.
+ description: The name of the internal_api network.
default: internal_api
type: string
PortName:
diff --git a/network/ports/internal_api_from_pool.yaml b/network/ports/internal_api_from_pool.yaml
index 31c72daf..6eeca142 100644
--- a/network/ports/internal_api_from_pool.yaml
+++ b/network/ports/internal_api_from_pool.yaml
@@ -5,7 +5,7 @@ description: >
parameters:
InternalApiNetName:
- description: The name of the internal API network.
+ description: The name of the internal_api network.
default: internal_api
type: string
PortName:
@@ -26,7 +26,7 @@ parameters:
type: number
InternalApiNetCidr:
default: '172.16.2.0/24'
- description: Cidr for the internal API network.
+ description: Cidr for the internal_api network.
type: string
outputs:
diff --git a/network/ports/internal_api_from_pool_v6.yaml b/network/ports/internal_api_from_pool_v6.yaml
index 657310ed..589d72a8 100644
--- a/network/ports/internal_api_from_pool_v6.yaml
+++ b/network/ports/internal_api_from_pool_v6.yaml
@@ -6,7 +6,7 @@ description: >
parameters:
InternalApiNetName:
- description: The name of the internal API network.
+ description: The name of the internal_api network.
default: internal_api
type: string
PortName:
@@ -27,7 +27,7 @@ parameters:
type: number
InternalApiNetCidr:
default: 'fd00:fd00:fd00:2000::/64'
- description: Cidr for the internal API network.
+ description: Cidr for the internal_api network.
type: string
outputs:
diff --git a/network/ports/internal_api_v6.yaml b/network/ports/internal_api_v6.yaml
index 6a9e7083..36a3ad07 100644
--- a/network/ports/internal_api_v6.yaml
+++ b/network/ports/internal_api_v6.yaml
@@ -5,7 +5,7 @@ description: >
parameters:
InternalApiNetName:
- description: The name of the internal API network.
+ description: The name of the internal_api network.
default: internal_api
type: string
PortName:
diff --git a/network/ports/net_ip_list_map.yaml b/network/ports/net_ip_list_map.j2.yaml
index a9111ed9..e929ab2c 100644
--- a/network/ports/net_ip_list_map.yaml
+++ b/network/ports/net_ip_list_map.j2.yaml
@@ -4,24 +4,11 @@ parameters:
ControlPlaneIpList:
default: []
type: comma_delimited_list
- ExternalIpList:
- default: []
- type: comma_delimited_list
- InternalApiIpList:
- default: []
- type: comma_delimited_list
- StorageIpList:
- default: []
- type: comma_delimited_list
- StorageMgmtIpList:
- default: []
- type: comma_delimited_list
- TenantIpList:
- default: []
- type: comma_delimited_list
- ManagementIpList:
+{%- for network in networks %}
+ {{network.name}}IpList:
default: []
type: comma_delimited_list
+{%- endfor %}
EnabledServices:
default: []
type: comma_delimited_list
@@ -37,7 +24,7 @@ parameters:
InternalApiNetName:
default: internal_api
- description: The name of the internal API network.
+ description: The name of the internal_api network.
type: string
ExternalNetName:
default: external
@@ -53,12 +40,17 @@ parameters:
type: string
StorageMgmtNetName:
default: storage_mgmt
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
type: string
TenantNetName:
default: tenant
description: The name of the tenant network.
+{%- for network in networks %}
+ {{network.name}}NetName:
+ default: {{network.name_lower}}
+ description: The name of the {{network.name_lower}} network.
type: string
+{%- endfor %}
resources:
@@ -91,19 +83,13 @@ resources:
value:
map_replace:
- ctlplane: {get_param: ControlPlaneIpList}
- external: {get_param: ExternalIpList}
- internal_api: {get_param: InternalApiIpList}
- storage: {get_param: StorageIpList}
- storage_mgmt: {get_param: StorageMgmtIpList}
- tenant: {get_param: TenantIpList}
- management: {get_param: ManagementIpList}
+{%- for network in networks %}
+ {{network.name_lower}}: {get_param: {{network.name}}IpList}
+{%- endfor %}
- keys:
- external: {get_param: ExternalNetName}
- internal_api: {get_param: InternalApiNetName}
- storage: {get_param: StorageNetName}
- storage_mgmt: {get_param: StorageMgmtNetName}
- tenant: {get_param: TenantNetName}
- management: {get_param: ManagementNetName}
+{%- for network in networks %}
+ {{network.name_lower}}: {get_param: {{network.name}}NetName}
+{%- endfor %}
outputs:
net_ip_map:
diff --git a/network/ports/net_ip_map.j2.yaml b/network/ports/net_ip_map.j2.yaml
new file mode 100644
index 00000000..f01d624a
--- /dev/null
+++ b/network/ports/net_ip_map.j2.yaml
@@ -0,0 +1,81 @@
+heat_template_version: pike
+
+parameters:
+ ControlPlaneIp:
+ default: ''
+ type: string
+ ControlPlaneSubnetCidr: # Override this via parameter_defaults
+ default: '24'
+ description: The subnet CIDR of the control plane network.
+ type: string
+{%- for network in networks %}
+ {{network.name}}Ip:
+ default: ''
+ type: string
+ {{network.name}}IpSubnet:
+ description: 'IP address/subnet on the {{network.name_lower}} network'
+ default: ''
+ type: string
+ {{network.name}}IpUri:
+ default: ''
+ type: string
+ description: IP address with brackets in case of IPv6
+{%- endfor %}
+
+{%- for network in networks %}
+ {{network.name}}NetName:
+ default: {{network.name_lower}}
+ description: The name of the {{network.name_lower}} network.
+ type: string
+{%- endfor %}
+
+resources:
+
+ NetIpMapValue:
+ type: OS::Heat::Value
+ properties:
+ type: json
+ value:
+ map_replace:
+ - ctlplane: {get_param: ControlPlaneIp}
+{%- for network in networks %}
+ {{network.name_lower}}: {get_param: {{network.name}}Ip}
+{%- endfor %}
+ ctlplane_subnet:
+ list_join:
+ - ''
+ - - {get_param: ControlPlaneIp}
+ - '/'
+ - {get_param: ControlPlaneSubnetCidr}
+{%- for network in networks %}
+ {{network.name_lower}}_subnet: {get_param: {{network.name}}IpSubnet}
+{%- endfor %}
+ ctlplane_uri: {get_param: ControlPlaneIp}
+{%- for network in networks %}
+ {{network.name_lower}}_uri: {get_param: {{network.name}}IpUri}
+{%- endfor %}
+ - keys:
+{%- for network in networks %}
+ {{network.name_lower}}: {get_param: {{network.name}}NetName}
+{%- endfor %}
+{%- for network in networks %}
+ {{network.name_lower}}_subnet:
+ str_replace:
+ template: NAME_subnet
+ params:
+ NAME: {get_param: {{network.name}}NetName}
+{%- endfor %}
+{%- for network in networks %}
+ {{network.name_lower}}_uri:
+ str_replace:
+ template: NAME_uri
+ params:
+ NAME: {get_param: {{network.name}}NetName}
+{%- endfor %}
+
+outputs:
+ net_ip_map:
+ description: >
+ A Hash containing a mapping of network names to assigned IPs
+ for a specific machine.
+ value: {get_attr: [NetIpMapValue, value]}
diff --git a/network/ports/net_ip_map.yaml b/network/ports/net_ip_map.yaml
deleted file mode 100644
index ce58e96f..00000000
--- a/network/ports/net_ip_map.yaml
+++ /dev/null
@@ -1,210 +0,0 @@
-heat_template_version: pike
-
-parameters:
- ControlPlaneIp:
- default: ''
- type: string
- ControlPlaneSubnetCidr: # Override this via parameter_defaults
- default: '24'
- description: The subnet CIDR of the control plane network.
- type: string
- ExternalIp:
- default: ''
- type: string
- ExternalIpSubnet:
- default: ''
- type: string
- description: IP address/subnet on the external network
- ExternalIpUri:
- default: ''
- type: string
- description: IP address with brackets in case of IPv6
- InternalApiIp:
- default: ''
- type: string
- InternalApiIpSubnet:
- default: ''
- type: string
- description: IP address/subnet on the internal API network
- InternalApiIpUri:
- default: ''
- type: string
- description: IP address with brackets in case of IPv6
- StorageIp:
- default: ''
- type: string
- StorageIpSubnet:
- default: ''
- type: string
- description: IP address/subnet on the storage network
- StorageIpUri:
- default: ''
- type: string
- description: IP address with brackets in case of IPv6
- StorageMgmtIp:
- default: ''
- type: string
- StorageMgmtIpSubnet:
- default: ''
- type: string
- description: IP address/subnet on the storage mgmt network
- StorageMgmtIpUri:
- default: ''
- type: string
- description: IP address with brackets in case of IPv6
- TenantIp:
- default: ''
- type: string
- TenantIpSubnet:
- default: ''
- type: string
- description: IP address/subnet on the tenant network
- TenantIpUri:
- default: ''
- type: string
- description: IP address with brackets in case of IPv6
- ManagementIp:
- default: ''
- type: string
- ManagementIpSubnet:
- default: ''
- type: string
- description: IP address/subnet on the management network
- ManagementIpUri:
- default: ''
- type: string
- description: IP address with brackets in case of IPv6
-
- InternalApiNetName:
- default: internal_api
- description: The name of the internal API network.
- type: string
- ExternalNetName:
- default: external
- description: The name of the external network.
- type: string
- ManagementNetName:
- default: management
- description: The name of the management network.
- type: string
- StorageNetName:
- default: storage
- description: The name of the storage network.
- type: string
- StorageMgmtNetName:
- default: storage_mgmt
- description: The name of the Storage management network.
- type: string
- TenantNetName:
- default: tenant
- description: The name of the tenant network.
- type: string
-
-resources:
-
- NetIpMapValue:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- map_replace:
- - ctlplane: {get_param: ControlPlaneIp}
- external: {get_param: ExternalIp}
- internal_api: {get_param: InternalApiIp}
- storage: {get_param: StorageIp}
- storage_mgmt: {get_param: StorageMgmtIp}
- tenant: {get_param: TenantIp}
- management: {get_param: ManagementIp}
- ctlplane_subnet:
- list_join:
- - ''
- - - {get_param: ControlPlaneIp}
- - '/'
- - {get_param: ControlPlaneSubnetCidr}
- external_subnet: {get_param: ExternalIpSubnet}
- internal_api_subnet: {get_param: InternalApiIpSubnet}
- storage_subnet: {get_param: StorageIpSubnet}
- storage_mgmt_subnet: {get_param: StorageMgmtIpSubnet}
- tenant_subnet: {get_param: TenantIpSubnet}
- management_subnet: {get_param: ManagementIpSubnet}
- ctlplane_uri: {get_param: ControlPlaneIp}
- external_uri: {get_param: ExternalIpUri}
- internal_api_uri: {get_param: InternalApiIpUri}
- storage_uri: {get_param: StorageIpUri}
- storage_mgmt_uri: {get_param: StorageMgmtIpUri}
- tenant_uri: {get_param: TenantIpUri}
- management_uri: {get_param: ManagementIpUri}
- - keys:
- external: {get_param: ExternalNetName}
- internal_api: {get_param: InternalApiNetName}
- storage: {get_param: StorageNetName}
- storage_mgmt: {get_param: StorageMgmtNetName}
- tenant: {get_param: TenantNetName}
- management: {get_param: ManagementNetName}
- external_subnet:
- str_replace:
- template: NAME_subnet
- params:
- NAME: {get_param: ExternalNetName}
- internal_api_subnet:
- str_replace:
- template: NAME_subnet
- params:
- NAME: {get_param: InternalApiNetName}
- storage_subnet:
- str_replace:
- template: NAME_subnet
- params:
- NAME: {get_param: StorageNetName}
- storage_mgmt_subnet:
- str_replace:
- template: NAME_subnet
- params:
- NAME: {get_param: StorageMgmtNetName}
- tenant_subnet:
- str_replace:
- template: NAME_subnet
- params:
- NAME: {get_param: TenantNetName}
- management_subnet:
- str_replace:
- template: NAME_subnet
- params:
- NAME: {get_param: ManagementNetName}
- external_uri:
- str_replace:
- template: NAME_uri
- params:
- NAME: {get_param: ExternalNetName}
- internal_api_uri:
- str_replace:
- template: NAME_uri
- params:
- NAME: {get_param: InternalApiNetName}
- storage_uri:
- str_replace:
- template: NAME_uri
- params:
- NAME: {get_param: StorageNetName}
- storage_mgmt_uri:
- str_replace:
- template: NAME_uri
- params:
- NAME: {get_param: StorageMgmtNetName}
- tenant_uri:
- str_replace:
- template: NAME_uri
- params:
- NAME: {get_param: TenantNetName}
- management_uri:
- str_replace:
- template: NAME_uri
- params:
- NAME: {get_param: ManagementNetName}
-
-outputs:
- net_ip_map:
- description: >
- A Hash containing a mapping of network names to assigned IPs
- for a specific machine.
- value: {get_attr: [NetIpMapValue, value]}
diff --git a/network/ports/net_vip_map_external.j2.yaml b/network/ports/net_vip_map_external.j2.yaml
new file mode 100644
index 00000000..b17f48b5
--- /dev/null
+++ b/network/ports/net_vip_map_external.j2.yaml
@@ -0,0 +1,40 @@
+heat_template_version: pike
+
+parameters:
+ # Set these via parameter defaults to configure external VIPs
+ ControlPlaneIP:
+ default: ''
+ type: string
+{%- for network in networks if network.vip|default(false) %}
+ {{network.name}}NetworkVip:
+ default: ''
+ type: string
+{%- endfor %}
+ # The following are unused in this template
+ ControlPlaneIp:
+ default: ''
+ type: string
+{%- for network in networks if network.vip|default(false) %}
+ {{network.name}}Ip:
+ default: ''
+ type: string
+ {{network.name}}IpUri:
+ default: ''
+ type: string
+ description: IP address with brackets in case of IPv6
+{%- endfor %}
+
+outputs:
+ net_ip_map:
+ description: >
+ A Hash containing a mapping of network names to assigned IPs
+ for a specific machine.
+ value:
+ ctlplane: {get_param: ControlPlaneIP}
+{%- for network in networks if network.vip|default(false) %}
+ {{network.name_lower}}: {get_param: {{network.name}}NetworkVip}
+{%- endfor %}
+ ctlplane_uri: {get_param: ControlPlaneIP}
+{%- for network in networks if network.vip|default(false) %}
+ {{network.name_lower}}_uri: {get_param: {{network.name}}NetworkVip}
+{%- endfor %}
diff --git a/network/ports/net_vip_map_external.yaml b/network/ports/net_vip_map_external.yaml
deleted file mode 100644
index d0847882..00000000
--- a/network/ports/net_vip_map_external.yaml
+++ /dev/null
@@ -1,68 +0,0 @@
-heat_template_version: pike
-
-parameters:
- # Set these via parameter defaults to configure external VIPs
- ControlPlaneIP:
- default: ''
- type: string
- ExternalNetworkVip:
- default: ''
- type: string
- InternalApiNetworkVip:
- default: ''
- type: string
- StorageNetworkVip:
- default: ''
- type: string
- StorageMgmtNetworkVip:
- default: ''
- type: string
- # The following are unused in this template
- ControlPlaneIp:
- default: ''
- type: string
- ExternalIp:
- default: ''
- type: string
- ExternalIpUri:
- default: ''
- type: string
- description: IP address with brackets in case of IPv6
- InternalApiIp:
- default: ''
- type: string
- InternalApiIpUri:
- default: ''
- type: string
- description: IP address with brackets in case of IPv6
- StorageIp:
- default: ''
- type: string
- StorageIpUri:
- default: ''
- type: string
- description: IP address with brackets in case of IPv6
- StorageMgmtIp:
- default: ''
- type: string
- StorageMgmtIpUri:
- default: ''
- type: string
- description: IP address with brackets in case of IPv6
-
-outputs:
- net_ip_map:
- description: >
- A Hash containing a mapping of network names to assigned IPs
- for a specific machine.
- value:
- ctlplane: {get_param: ControlPlaneIP}
- external: {get_param: ExternalNetworkVip}
- internal_api: {get_param: InternalApiNetworkVip}
- storage: {get_param: StorageNetworkVip}
- storage_mgmt: {get_param: StorageMgmtNetworkVip}
- ctlplane_uri: {get_param: ControlPlaneIP}
- external_uri: {get_param: ExternalNetworkVip}
- internal_api_uri: {get_param: InternalApiNetworkVip}
- storage_uri: {get_param: StorageNetworkVip}
- storage_mgmt_uri: {get_param: StorageMgmtNetworkVip}
diff --git a/network/ports/net_vip_map_external_v6.j2.yaml b/network/ports/net_vip_map_external_v6.j2.yaml
new file mode 100644
index 00000000..5eff73c1
--- /dev/null
+++ b/network/ports/net_vip_map_external_v6.j2.yaml
@@ -0,0 +1,45 @@
+heat_template_version: pike
+
+parameters:
+ # Set these via parameter defaults to configure external VIPs
+ ControlPlaneIP:
+ default: ''
+ type: string
+{%- for network in networks if network.vip|default(false) %}
+ {{network.name}}NetworkVip:
+ default: ''
+ type: string
+{%- endfor %}
+ # The following are unused in this template
+ ControlPlaneIp:
+ default: ''
+ type: string
+{%- for network in networks if network.vip|default(false) %}
+ {{network.name}}Ip:
+ default: ''
+ type: string
+ {{network.name}}IpUri:
+ default: ''
+ type: string
+ description: IP address with brackets in case of IPv6
+{%- endfor %}
+
+outputs:
+ net_ip_map:
+ description: >
+ A Hash containing a mapping of network names to assigned IPs
+ for a specific machine.
+ value:
+ ctlplane: {get_param: ControlPlaneIP}
+{%- for network in networks if network.vip|default(false) %}
+ {{network.name_lower}}: {get_param: {{network.name}}NetworkVip}
+{%- endfor %}
+ ctlplane_uri: {get_param: ControlPlaneIP}
+{%- for network in networks if network.vip|default(false) %}
+ {{network.name_lower}}_uri:
+ list_join:
+ - ''
+ - - '['
+ - {get_param: {{network.name}}NetworkVip}
+ - ']'
+{%- endfor %}
diff --git a/network/ports/net_vip_map_external_v6.yaml b/network/ports/net_vip_map_external_v6.yaml
deleted file mode 100644
index 72e60cb2..00000000
--- a/network/ports/net_vip_map_external_v6.yaml
+++ /dev/null
@@ -1,88 +0,0 @@
-heat_template_version: pike
-
-parameters:
- # Set these via parameter defaults to configure external VIPs
- ControlPlaneIP:
- default: ''
- type: string
- ExternalNetworkVip:
- default: ''
- type: string
- InternalApiNetworkVip:
- default: ''
- type: string
- StorageNetworkVip:
- default: ''
- type: string
- StorageMgmtNetworkVip:
- default: ''
- type: string
- # The following are unused in this template
- ControlPlaneIp:
- default: ''
- type: string
- ExternalIp:
- default: ''
- type: string
- ExternalIpUri:
- default: ''
- type: string
- description: IP address with brackets in case of IPv6
- InternalApiIp:
- default: ''
- type: string
- InternalApiIpUri:
- default: ''
- type: string
- description: IP address with brackets in case of IPv6
- StorageIp:
- default: ''
- type: string
- StorageIpUri:
- default: ''
- type: string
- description: IP address with brackets in case of IPv6
- StorageMgmtIp:
- default: ''
- type: string
- StorageMgmtIpUri:
- default: ''
- type: string
- description: IP address with brackets in case of IPv6
-
-outputs:
- net_ip_map:
- description: >
- A Hash containing a mapping of network names to assigned IPs
- for a specific machine.
- value:
- ctlplane: {get_param: ControlPlaneIP}
- external: {get_param: ExternalNetworkVip}
- internal_api: {get_param: InternalApiNetworkVip}
- storage: {get_param: StorageNetworkVip}
- storage_mgmt: {get_param: StorageMgmtNetworkVip}
- ctlplane_uri: {get_param: ControlPlaneIP}
- external_uri:
- list_join:
- - ''
- - - '['
- - {get_param: ExternalNetworkVip}
- - ']'
- internal_api_uri:
- list_join:
- - ''
- - - '['
- - {get_param: InternalApiNetworkVip}
- - ']'
- storage_uri:
- list_join:
- - ''
- - - '['
- - {get_param: StorageNetworkVip}
- - ']'
- storage_mgmt_uri:
- list_join:
- - ''
- - - '['
- - {get_param: StorageMgmtNetworkVip}
- - ']'
diff --git a/network/ports/storage_mgmt.yaml b/network/ports/storage_mgmt.yaml
index c06c58ef..0940b849 100644
--- a/network/ports/storage_mgmt.yaml
+++ b/network/ports/storage_mgmt.yaml
@@ -5,7 +5,7 @@ description: >
parameters:
StorageMgmtNetName:
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
default: storage_mgmt
type: string
PortName:
diff --git a/network/ports/storage_mgmt_from_pool.yaml b/network/ports/storage_mgmt_from_pool.yaml
index 07308a70..7efbc5ee 100644
--- a/network/ports/storage_mgmt_from_pool.yaml
+++ b/network/ports/storage_mgmt_from_pool.yaml
@@ -5,7 +5,7 @@ description: >
parameters:
StorageMgmtNetName:
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
default: storage_mgmt
type: string
PortName:
@@ -26,7 +26,7 @@ parameters:
type: number
StorageMgmtNetCidr:
default: '172.16.3.0/24'
- description: Cidr for the storage management network.
+ description: Cidr for the storage_mgmt network.
type: string
outputs:
diff --git a/network/ports/storage_mgmt_from_pool_v6.yaml b/network/ports/storage_mgmt_from_pool_v6.yaml
index 1b30f0ce..07998aba 100644
--- a/network/ports/storage_mgmt_from_pool_v6.yaml
+++ b/network/ports/storage_mgmt_from_pool_v6.yaml
@@ -6,7 +6,7 @@ description: >
parameters:
StorageMgmtNetName:
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
default: storage_mgmt
type: string
PortName:
@@ -27,7 +27,7 @@ parameters:
type: number
StorageMgmtNetCidr:
default: 'fd00:fd00:fd00:4000::/64'
- description: Cidr for the storage management network.
+ description: Cidr for the storage_mgmt network.
type: string
outputs:
diff --git a/network/ports/storage_mgmt_v6.yaml b/network/ports/storage_mgmt_v6.yaml
index c10b1393..399590c1 100644
--- a/network/ports/storage_mgmt_v6.yaml
+++ b/network/ports/storage_mgmt_v6.yaml
@@ -5,7 +5,7 @@ description: >
parameters:
StorageMgmtNetName:
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
default: storage_mgmt
type: string
PortName:
diff --git a/network/service_net_map.j2.yaml b/network/service_net_map.j2.yaml
index ba8e5568..54646c38 100644
--- a/network/service_net_map.j2.yaml
+++ b/network/service_net_map.j2.yaml
@@ -106,7 +106,7 @@ parameters:
InternalApiNetName:
default: internal_api
- description: The name of the internal API network.
+ description: The name of the internal_api network.
type: string
ExternalNetName:
default: external
@@ -122,7 +122,7 @@ parameters:
type: string
StorageMgmtNetName:
default: storage_mgmt
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
type: string
TenantNetName:
default: tenant
diff --git a/network/storage.yaml b/network/storage.yaml
deleted file mode 100644
index 9729044d..00000000
--- a/network/storage.yaml
+++ /dev/null
@@ -1,65 +0,0 @@
-heat_template_version: pike
-
-description: >
- Storage network.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- StorageNetCidr:
- default: '172.16.1.0/24'
- description: Cidr for the storage network.
- type: string
- StorageNetValueSpecs:
- default: {'provider:physical_network': 'storage', 'provider:network_type': 'flat'}
- description: Value specs for the storage network.
- type: json
- StorageNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- StorageNetEnableDHCP:
- default: false
- description: Whether to enable DHCP on the associated subnet.
- type: boolean
- StorageNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- StorageNetName:
- default: storage
- description: The name of the storage network.
- type: string
- StorageSubnetName:
- default: storage_subnet
- description: The name of the storage subnet in Neutron.
- type: string
- StorageAllocationPools:
- default: [{'start': '172.16.1.4', 'end': '172.16.1.250'}]
- description: Ip allocation pool range for the storage network.
- type: json
-
-resources:
- StorageNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: StorageNetAdminStateUp}
- name: {get_param: StorageNetName}
- shared: {get_param: StorageNetShared}
- value_specs: {get_param: StorageNetValueSpecs}
-
- StorageSubnet:
- type: OS::Neutron::Subnet
- properties:
- cidr: {get_param: StorageNetCidr}
- enable_dhcp: {get_param: StorageNetEnableDHCP}
- name: {get_param: StorageSubnetName}
- network: {get_resource: StorageNetwork}
- allocation_pools: {get_param: StorageAllocationPools}
- gateway_ip: null
-
-outputs:
- OS::stack_id:
- description: Neutron storage network
- value: {get_resource: StorageNetwork}
- subnet_cidr:
- value: {get_attr: [StorageSubnet, cidr]}
diff --git a/network/storage_mgmt.yaml b/network/storage_mgmt.yaml
deleted file mode 100644
index fc005573..00000000
--- a/network/storage_mgmt.yaml
+++ /dev/null
@@ -1,65 +0,0 @@
-heat_template_version: pike
-
-description: >
- Storage management network. Storage replication, etc.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- StorageMgmtNetCidr:
- default: '172.16.3.0/24'
- description: Cidr for the storage management network.
- type: string
- StorageMgmtNetValueSpecs:
- default: {'provider:physical_network': 'storage_mgmt', 'provider:network_type': 'flat'}
- description: Value specs for the storage_mgmt network.
- type: json
- StorageMgmtNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- StorageMgmtNetEnableDHCP:
- default: false
- description: Whether to enable DHCP on the associated subnet.
- type: boolean
- StorageMgmtNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- StorageMgmtNetName:
- default: storage_mgmt
- description: The name of the Storage management network.
- type: string
- StorageMgmtSubnetName:
- default: storage_mgmt_subnet
- description: The name of the Storage management subnet in Neutron.
- type: string
- StorageMgmtAllocationPools:
- default: [{'start': '172.16.3.4', 'end': '172.16.3.250'}]
- description: Ip allocation pool range for the storage mgmt network.
- type: json
-
-resources:
- StorageMgmtNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: StorageMgmtNetAdminStateUp}
- name: {get_param: StorageMgmtNetName}
- shared: {get_param: StorageMgmtNetShared}
- value_specs: {get_param: StorageMgmtNetValueSpecs}
-
- StorageMgmtSubnet:
- type: OS::Neutron::Subnet
- properties:
- cidr: {get_param: StorageMgmtNetCidr}
- enable_dhcp: {get_param: StorageMgmtNetEnableDHCP}
- name: {get_param: StorageMgmtSubnetName}
- network: {get_resource: StorageMgmtNetwork}
- allocation_pools: {get_param: StorageMgmtAllocationPools}
- gateway_ip: null
-
-outputs:
- OS::stack_id:
- description: Neutron storage management network
- value: {get_resource: StorageMgmtNetwork}
- subnet_cidr:
- value: {get_attr: [StorageMgmtSubnet, cidr]}
diff --git a/network/storage_mgmt_v6.yaml b/network/storage_mgmt_v6.yaml
index cef87de9..7ed4c92e 100644
--- a/network/storage_mgmt_v6.yaml
+++ b/network/storage_mgmt_v6.yaml
@@ -8,7 +8,7 @@ parameters:
StorageMgmtNetCidr:
# OpenStack uses the EUI-64 address format, which requires a /64 prefix
default: 'fd00:fd00:fd00:4000::/64'
- description: Cidr for the storage management network.
+ description: Cidr for the storage_mgmt network.
type: string
StorageMgmtNetValueSpecs:
default: {'provider:physical_network': 'storage_mgmt', 'provider:network_type': 'flat'}
@@ -24,15 +24,15 @@ parameters:
type: boolean
StorageMgmtNetName:
default: storage_mgmt
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
type: string
StorageMgmtSubnetName:
default: storage_mgmt_subnet
- description: The name of the Storage management subnet in Neutron.
+ description: The name of the storage_mgmt subnet in Neutron.
type: string
StorageMgmtAllocationPools:
default: [{'start': 'fd00:fd00:fd00:4000::10', 'end': 'fd00:fd00:fd00:4000:ffff:ffff:ffff:fffe'}]
- description: Ip allocation pool range for the storage mgmt network.
+ description: Ip allocation pool range for the storage_mgmt network.
type: json
IPv6AddressMode:
default: dhcpv6-stateful
diff --git a/network/tenant.yaml b/network/tenant.yaml
deleted file mode 100644
index 67c4abbc..00000000
--- a/network/tenant.yaml
+++ /dev/null
@@ -1,65 +0,0 @@
-heat_template_version: pike
-
-description: >
- Tenant network.
-
-parameters:
- # the defaults here work for static IP assignment (IPAM) only
- TenantNetCidr:
- default: '172.16.0.0/24'
- description: Cidr for the tenant network.
- type: string
- TenantNetValueSpecs:
- default: {'provider:physical_network': 'tenant', 'provider:network_type': 'flat'}
- description: Value specs for the tenant network.
- type: json
- TenantNetAdminStateUp:
- default: false
- description: The admin state of the network.
- type: boolean
- TenantNetEnableDHCP:
- default: false
- description: Whether to enable DHCP on the associated subnet.
- type: boolean
- TenantNetShared:
- default: false
- description: Whether this network is shared across all tenants.
- type: boolean
- TenantNetName:
- default: tenant
- description: The name of the tenant network.
- type: string
- TenantSubnetName:
- default: tenant_subnet
- description: The name of the tenant subnet in Neutron.
- type: string
- TenantAllocationPools:
- default: [{'start': '172.16.0.4', 'end': '172.16.0.250'}]
- description: Ip allocation pool range for the tenant network.
- type: json
-
-resources:
- TenantNetwork:
- type: OS::Neutron::Net
- properties:
- admin_state_up: {get_param: TenantNetAdminStateUp}
- name: {get_param: TenantNetName}
- shared: {get_param: TenantNetShared}
- value_specs: {get_param: TenantNetValueSpecs}
-
- TenantSubnet:
- type: OS::Neutron::Subnet
- properties:
- cidr: {get_param: TenantNetCidr}
- enable_dhcp: {get_param: TenantNetEnableDHCP}
- name: {get_param: TenantSubnetName}
- network: {get_resource: TenantNetwork}
- allocation_pools: {get_param: TenantAllocationPools}
- gateway_ip: null
-
-outputs:
- OS::stack_id:
- description: Neutron tenant network
- value: {get_resource: TenantNetwork}
- subnet_cidr:
- value: {get_attr: [TenantSubnet, cidr]}
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index fdf3bf6a..0f0e9ceb 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -109,6 +109,8 @@ resource_registry:
OS::TripleO::DeployedServerEnvironment: OS::Heat::None
+ OS::TripleO::DeploymentSteps: OS::Heat::StructuredDeploymentGroup
+
# services
OS::TripleO::Services: common/services.yaml
OS::TripleO::Services::Apache: puppet/services/apache.yaml
@@ -193,6 +195,7 @@ resource_registry:
OS::TripleO::Services::NovaLibvirt: puppet/services/nova-libvirt.yaml
OS::TripleO::Services::NovaMigrationTarget: puppet/services/nova-migration-target.yaml
OS::TripleO::Services::Ntp: puppet/services/time/ntp.yaml
+ OS::TripleO::Services::ContainersLogrotateCrond: OS::Heat::None
OS::TripleO::Services::SwiftProxy: puppet/services/swift-proxy.yaml
OS::TripleO::Services::ExternalSwiftProxy: OS::Heat::None
OS::TripleO::Services::SwiftStorage: puppet/services/swift-storage.yaml
@@ -261,6 +264,7 @@ resource_registry:
OS::TripleO::Services::NeutronML2FujitsuFossw: OS::Heat::None
OS::TripleO::Services::CinderBackendDellPs: OS::Heat::None
OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None
+ OS::TripleO::Services::CinderBackendDellEMCUnity: OS::Heat::None
OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None
OS::TripleO::Services::CinderBackendScaleIO: OS::Heat::None
OS::TripleO::Services::CinderBackendVRTSHyperScale: OS::Heat::None
@@ -277,7 +281,6 @@ resource_registry:
OS::TripleO::Services::NeutronVppAgent: OS::Heat::None
OS::TripleO::Services::Docker: OS::Heat::None
OS::TripleO::Services::CertmongerUser: OS::Heat::None
- OS::TripleO::Services::Iscsid: OS::Heat::None
OS::TripleO::Services::Clustercheck: OS::Heat::None
OS::TripleO::Services::VRTSHyperScale: OS::Heat::None
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index 7241a974..2e398671 100644
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -21,40 +21,44 @@ description: >
parameters:
# Common parameters (not specific to a role)
+{%- for network in networks if network.vip|default(false) %}
+{%- if network.name == 'External' %}
+ # Special case the External hostname param, which is CloudName
CloudName:
default: overcloud.localdomain
description: The DNS name of this cloud. E.g. ci-overcloud.tripleo.org
type: string
+{%- elif network.name == 'InternalApi' %}
+ # Special case the Internal API hostname param, which is CloudNameInternal
CloudNameInternal:
- default: overcloud.internalapi.localdomain
+ default: overcloud.{{network.name.lower()}}.localdomain
description: >
- The DNS name of this cloud's internal API endpoint. E.g.
- 'ci-overcloud.internalapi.tripleo.org'.
+ The DNS name of this cloud's {{network.name_lower}} endpoint. E.g.
+ 'ci-overcloud.{{network.name.lower()}}.tripleo.org'.
type: string
- CloudNameStorage:
- default: overcloud.storage.localdomain
+{%- elif network.name == 'StorageMgmt' %}
+ # Special case StorageMgmt hostname param, which is CloudNameStorageManagement
+ CloudNameStorageManagement:
+ default: overcloud.{{network.name.lower()}}.localdomain
description: >
- The DNS name of this cloud's storage endpoint. E.g.
- 'ci-overcloud.storage.tripleo.org'.
+ The DNS name of this cloud's {{network.name_lower}} endpoint. E.g.
+ 'ci-overcloud.{{network.name.lower()}}.tripleo.org'.
type: string
- CloudNameStorageManagement:
- default: overcloud.storagemgmt.localdomain
+{%- else %}
+ CloudName{{network.name}}:
+ default: overcloud.{{network.name.lower()}}.localdomain
description: >
- The DNS name of this cloud's storage management endpoint. E.g.
- 'ci-overcloud.storagemgmt.tripleo.org'.
+ The DNS name of this cloud's {{network.name_lower}} endpoint. E.g.
+ 'ci-overcloud.{{network.name.lower()}}.tripleo.org'.
type: string
+{%- endif %}
+{%- endfor %}
CloudNameCtlplane:
default: overcloud.ctlplane.localdomain
description: >
The DNS name of this cloud's provisioning network endpoint. E.g.
'ci-overcloud.ctlplane.tripleo.org'.
type: string
- ControlFixedIPs:
- default: []
- description: >
- Control the IP allocation for the ControlVirtualIP port. E.g.
- [{'ip_address':'1.2.3.4'}]
- type: json
ExtraConfig:
default: {}
description: |
@@ -77,12 +81,6 @@ parameters:
description: |
DEPRECATED use ComputeExtraConfig instead
type: json
- InternalApiVirtualFixedIPs:
- default: []
- description: >
- Control the IP allocation for the InternalApiVirtualInterface port. E.g.
- [{'ip_address':'1.2.3.4'}]
- type: json
NeutronControlPlaneID:
default: 'ctlplane'
type: string
@@ -91,28 +89,34 @@ parameters:
default: nic1
description: Which interface to add to the NeutronPhysicalBridge.
type: string
- PublicVirtualFixedIPs:
+ ControlFixedIPs:
default: []
description: >
- Control the IP allocation for the PublicVirtualInterface port. E.g.
+ Control the IP allocation for the ControlVirtualIP port. E.g.
[{'ip_address':'1.2.3.4'}]
type: json
- RabbitCookieSalt:
- type: string
- default: unset
- description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
- StorageVirtualFixedIPs:
+{%- for network in networks if network.vip|default(false) %}
+{%- if network.name == 'External' %}
+ # TODO (dsneddon) Legacy name, eventually refactor to match network name
+ PublicVirtualFixedIPs:
default: []
description: >
- Control the IP allocation for the StorageVirtualInterface port. E.g.
+ Control the IP allocation for the PublicVirtualInterface port. E.g.
[{'ip_address':'1.2.3.4'}]
type: json
- StorageMgmtVirtualFixedIPs:
+{%- else %}
+ {{network.name}}VirtualFixedIPs:
default: []
description: >
- Control the IP allocation for the StorageMgmgVirtualInterface port. E.g.
+ Control the IP allocation for the {{network.name}}VirtualInterface port. E.g.
[{'ip_address':'1.2.3.4'}]
type: json
+{%- endif %}
+{%- endfor %}
+ RabbitCookieSalt:
+ type: string
+ default: unset
+ description: Salt for the rabbit cookie, change this to force the randomly generated rabbit cookie to change.
RedisVirtualFixedIPs:
default: []
description: >
@@ -240,28 +244,38 @@ resources:
- - str_replace:
template: IP HOST
params:
- IP: {get_attr: [VipMap, net_ip_map, external]}
- HOST: {get_param: CloudName}
+ IP: {get_attr: [VipMap, net_ip_map, ctlplane]}
+ HOST: {get_param: CloudNameCtlplane}
+{%- for network in networks if network.vip|default(false) %}
+{%- if network.name == 'External' %}
+ # Special case the External hostname param, which is CloudName
- str_replace:
template: IP HOST
params:
- IP: {get_attr: [VipMap, net_ip_map, ctlplane]}
- HOST: {get_param: CloudNameCtlplane}
+ IP: {get_attr: [VipMap, net_ip_map, {{network.name_lower}}]}
+ HOST: {get_param: CloudName}
+{%- elif network.name == 'InternalApi' %}
+ # Special case the Internal API hostname param, which is CloudNameInternal
- str_replace:
template: IP HOST
params:
- IP: {get_attr: [VipMap, net_ip_map, internal_api]}
+ IP: {get_attr: [VipMap, net_ip_map, {{network.name_lower}}]}
HOST: {get_param: CloudNameInternal}
+{%- elif network.name == 'StorageMgmt' %}
+ # Special case StorageMgmt hostname param, which is CloudNameStorageManagement
- str_replace:
template: IP HOST
params:
- IP: {get_attr: [VipMap, net_ip_map, storage]}
- HOST: {get_param: CloudNameStorage}
+ IP: {get_attr: [VipMap, net_ip_map, {{network.name_lower}}]}
+ HOST: {get_param: CloudNameStorageManagement}
+{%- else %}
- str_replace:
template: IP HOST
params:
- IP: {get_attr: [VipMap, net_ip_map, storage_mgmt]}
- HOST: {get_param: CloudNameStorageManagement}
+ IP: {get_attr: [VipMap, net_ip_map, {{network.name_lower}}]}
+ HOST: {get_param: CloudName{{network.name}}}
+{%- endif %}
+{%- endfor %}
HeatAuthEncryptionKey:
type: OS::TripleO::RandomString
@@ -297,11 +311,21 @@ resources:
type: OS::TripleO::EndpointMap
properties:
CloudEndpoints:
- external: {get_param: CloudName}
- internal_api: {get_param: CloudNameInternal}
- storage: {get_param: CloudNameStorage}
- storage_mgmt: {get_param: CloudNameStorageManagement}
ctlplane: {get_param: CloudNameCtlplane}
+{%- for network in networks if network.vip|default(false) %}
+{%- if network.name == 'External' %}
+ # Special case the External hostname param, which is CloudName
+ {{network.name_lower}}: {get_param: CloudName}
+{%- elif network.name == 'InternalApi' %}
+ # Special case the Internal API hostname param, which is CloudNameInternal
+ {{network.name_lower}}: {get_param: CloudNameInternal}
+{%- elif network.name == 'StorageMgmt' %}
+ # Special case StorageMgmt hostname param, which is CloudNameStorageManagement
+ {{network.name_lower}}: {get_param: CloudNameStorageManagement}
+{%- else %}
+ {{network.name_lower}}: {get_param: CloudName{{network.name}}}
+{%- endif %}
+{%- endfor %}
NetIpMap: {get_attr: [VipMap, net_ip_map]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map]}
@@ -458,12 +482,9 @@ resources:
type: OS::TripleO::Network::Ports::NetIpListMap
properties:
ControlPlaneIpList: {get_attr: [{{role.name}}, ip_address]}
- ExternalIpList: {get_attr: [{{role.name}}, external_ip_address]}
- InternalApiIpList: {get_attr: [{{role.name}}, internal_api_ip_address]}
- StorageIpList: {get_attr: [{{role.name}}, storage_ip_address]}
- StorageMgmtIpList: {get_attr: [{{role.name}}, storage_mgmt_ip_address]}
- TenantIpList: {get_attr: [{{role.name}}, tenant_ip_address]}
- ManagementIpList: {get_attr: [{{role.name}}, management_ip_address]}
+{%- for network in networks if network.enabled|default(true) %}
+ {{network.name}}IpList: {get_attr: [{{role.name}}, {{network.name_lower}}_ip_address]}
+{%- endfor %}
EnabledServices: {get_attr: [{{role.name}}ServiceNames, value]}
ServiceNetMap: {get_attr: [ServiceNetMap, service_net_map_lower]}
ServiceHostnameList: {get_attr: [{{role.name}}, hostname]}
@@ -582,10 +603,20 @@ resources:
allNodesConfig:
type: OS::TripleO::AllNodes::SoftwareConfig
properties:
- cloud_name_external: {get_param: CloudName}
- cloud_name_internal_api: {get_param: CloudNameInternal}
- cloud_name_storage: {get_param: CloudNameStorage}
- cloud_name_storage_mgmt: {get_param: CloudNameStorageManagement}
+{%- for network in networks if network.vip|default(false) %}
+{%- if network.name == 'External' %}
+ # Special case the External hostname param, which is CloudName
+ cloud_name_{{network.name_lower}}: {get_param: CloudName}
+{%- elif network.name == 'InternalApi' %}
+ # Special case the Internal API hostname param, which is CloudNameInternal
+ cloud_name_{{network.name_lower}}: {get_param: CloudNameInternal}
+{%- elif network.name == 'StorageMgmt' %}
+ # Special case StorageMgmt hostname param, which is CloudNameStorageManagement
+ cloud_name_{{network.name_lower}}: {get_param: CloudNameStorageManagement}
+{%- else %}
+ cloud_name_{{network.name_lower}}: {get_param: CloudName{{network.name}}}
+{%- endif %}
+{%- endfor %}
cloud_name_ctlplane: {get_param: CloudNameCtlplane}
enabled_services:
list_join:
@@ -699,6 +730,8 @@ resources:
ServiceName: redis
FixedIPs: {get_param: RedisVirtualFixedIPs}
+{%- for network in networks if network.vip|default(false) %}
+{%- if network.name == 'External' %}
# The public VIP is on the External net, falls back to ctlplane
PublicVirtualIP:
depends_on: Networks
@@ -708,43 +741,38 @@ resources:
ControlPlaneNetwork: {get_param: NeutronControlPlaneID}
PortName: public_virtual_ip
FixedIPs: {get_param: PublicVirtualFixedIPs}
-
- InternalApiVirtualIP:
+{%- elif network.name == 'StorageMgmt' %}
+ {{network.name}}VirtualIP:
depends_on: Networks
- type: OS::TripleO::Network::Ports::InternalApiVipPort
+ type: OS::TripleO::Network::Ports::{{network.name}}VipPort
properties:
ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
- PortName: internal_api_virtual_ip
- FixedIPs: {get_param: InternalApiVirtualFixedIPs}
-
- StorageVirtualIP:
- depends_on: Networks
- type: OS::TripleO::Network::Ports::StorageVipPort
- properties:
- ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
- PortName: storage_virtual_ip
- FixedIPs: {get_param: StorageVirtualFixedIPs}
-
- StorageMgmtVirtualIP:
+ PortName: storage_management_virtual_ip
+ FixedIPs: {get_param: {{network.name}}VirtualFixedIPs}
+{%- else %}
+ {{network.name}}VirtualIP:
depends_on: Networks
- type: OS::TripleO::Network::Ports::StorageMgmtVipPort
+ type: OS::TripleO::Network::Ports::{{network.name}}VipPort
properties:
ControlPlaneIP: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
- PortName: storage_management_virtual_ip
- FixedIPs: {get_param: StorageMgmtVirtualFixedIPs}
+ PortName: {{network.name_lower}}_virtual_ip
+ FixedIPs: {get_param: {{network.name}}VirtualFixedIPs}
+{%- endif %}
+{%- endfor %}
VipMap:
type: OS::TripleO::Network::Ports::NetVipMap
properties:
ControlPlaneIp: {get_attr: [ControlVirtualIP, fixed_ips, 0, ip_address]}
+{%- for network in networks if network.vip|default(false) %}
+{%- if network.name == 'External' %}
ExternalIp: {get_attr: [PublicVirtualIP, ip_address]}
ExternalIpUri: {get_attr: [PublicVirtualIP, ip_address_uri]}
- InternalApiIp: {get_attr: [InternalApiVirtualIP, ip_address]}
- InternalApiIpUri: {get_attr: [InternalApiVirtualIP, ip_address_uri]}
- StorageIp: {get_attr: [StorageVirtualIP, ip_address]}
- StorageIpUri: {get_attr: [StorageVirtualIP, ip_address_uri]}
- StorageMgmtIp: {get_attr: [StorageMgmtVirtualIP, ip_address]}
- StorageMgmtIpUri: {get_attr: [StorageMgmtVirtualIP, ip_address_uri]}
+{%- else %}
+ {{network.name}}Ip: {get_attr: [{{network.name}}VirtualIP, ip_address]}
+ {{network.name}}IpUri: {get_attr: [{{network.name}}VirtualIP, ip_address_uri]}
+{%- endif %}
+{%- endfor %}
# No tenant or management VIP required
# Because of nested get_attr functions in the KeystoneAdminVip output, we
# can't determine which attributes of VipMap are used until after
@@ -758,24 +786,12 @@ resources:
PingTestIps:
list_join:
- ' '
- - - yaql:
- expression: coalesce($.data, []).first(null)
- data: {get_attr: [{{primary_role_name}}, external_ip_address]}
- - yaql:
- expression: coalesce($.data, []).first(null)
- data: {get_attr: [{{primary_role_name}}, internal_api_ip_address]}
- - yaql:
- expression: coalesce($.data, []).first(null)
- data: {get_attr: [{{primary_role_name}}, storage_ip_address]}
- - yaql:
- expression: coalesce($.data, []).first(null)
- data: {get_attr: [{{primary_role_name}}, storage_mgmt_ip_address]}
- - yaql:
- expression: coalesce($.data, []).first(null)
- data: {get_attr: [{{primary_role_name}}, tenant_ip_address]}
+ -
+{%- for network in networks if network.enabled|default(true) %}
- yaql:
expression: coalesce($.data, []).first(null)
- data: {get_attr: [{{primary_role_name}}, management_ip_address]}
+ data: {get_attr: [{{primary_role_name}}, {{network.name_lower}}_ip_address]}
+{%- endfor %}
UpdateWorkflow:
type: OS::TripleO::Tasks::UpdateWorkflow
@@ -929,6 +945,9 @@ outputs:
- {get_attr: [{{role.name}}ServiceChainRoleData, value]}
- {get_attr: [{{role.name}}MergedConfigSettings, value]}
{% endfor %}
+ RoleConfig:
+ description: The configuration workflows associated with each role
+ value: {get_attr: [AllNodesDeploySteps, RoleConfig]}
RoleNetIpMap:
description: Mapping of each network to a list of IPs for each role
value:
diff --git a/puppet/all-nodes-config.yaml b/puppet/all-nodes-config.yaml
index 24aa1525..3044fe39 100644
--- a/puppet/all-nodes-config.yaml
+++ b/puppet/all-nodes-config.yaml
@@ -76,7 +76,7 @@ parameters:
InternalApiNetName:
default: internal_api
- description: The name of the internal API network.
+ description: The name of the internal_api network.
type: string
ExternalNetName:
default: external
@@ -92,7 +92,7 @@ parameters:
type: string
StorageMgmtNetName:
default: storage_mgmt
- description: The name of the Storage management network.
+ description: The name of the storage_mgmt network.
type: string
TenantNetName:
default: tenant
diff --git a/puppet/cephstorage-role.yaml b/puppet/cephstorage-role.yaml
deleted file mode 100644
index ce44fd68..00000000
--- a/puppet/cephstorage-role.yaml
+++ /dev/null
@@ -1,718 +0,0 @@
-heat_template_version: pike
-description: 'OpenStack ceph storage node configured by Puppet'
-parameters:
- OvercloudCephStorageFlavor:
- description: Flavor for the Ceph Storage node.
- default: baremetal
- type: string
- constraints:
- - custom_constraint: nova.flavor
- CephStorageImage:
- type: string
- default: overcloud-full
- constraints:
- - custom_constraint: glance.image
- ImageUpdatePolicy:
- default: 'REBUILD_PRESERVE_EPHEMERAL'
- description: What policy to use when reconstructing instances. REBUILD for rebuilds, REBUILD_PRESERVE_EPHEMERAL to preserve /mnt.
- type: string
- KeyName:
- description: Name of an existing Nova key pair to enable SSH access to the instances
- type: string
- default: default
- constraints:
- - custom_constraint: nova.keypair
- ServiceNetMap:
- default: {}
- description: Mapping of service_name -> network name. Typically set
- via parameter_defaults in the resource registry.
- type: json
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- UpdateIdentifier:
- default: ''
- type: string
- description: >
- Setting to a previously unused value during stack-update will trigger
- package update on all nodes
- Hostname:
- type: string
- default: '' # Defaults to Heat created hostname
- HostnameMap:
- type: json
- default: {}
- description: Optional mapping to override hostnames
- ExtraConfig:
- default: {}
- description: |
- Additional hiera configuration to inject into the cluster. Note
- that CephStorageExtraConfig takes precedence over ExtraConfig.
- type: json
- CephStorageExtraConfig:
- default: {}
- description: |
- Role specific additional hiera configuration to inject into the cluster.
- type: json
- CephStorageIPs:
- default: {}
- type: json
- NetworkDeploymentActions:
- type: comma_delimited_list
- description: >
- Heat action when to apply network configuration changes
- default: ['CREATE']
- SoftwareConfigTransport:
- default: POLL_SERVER_CFN
- description: |
- How the server should receive the metadata required for software configuration.
- type: string
- constraints:
- - allowed_values: [POLL_SERVER_CFN, POLL_SERVER_HEAT, POLL_TEMP_URL, ZAQAR_MESSAGE]
- CloudDomain:
- default: 'localdomain'
- type: string
- description: >
- The DNS domain used for the hosts. This must match the
- overcloud_domain_name configured on the undercloud.
- CephStorageServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This option is
- role-specific and is merged with the values given to the ServerMetadata
- parameter.
- type: json
- ServerMetadata:
- default: {}
- description: >
- Extra properties or metadata passed to Nova for the created nodes in
- the overcloud. It's accessible via the Nova metadata API. This applies to
- all roles and is merged with a role-specific metadata parameter.
- type: json
- CephStorageSchedulerHints:
- type: json
- description: Optional scheduler hints to pass to nova
- default: {}
- NodeIndex:
- type: number
- default: 0
- ServiceConfigSettings:
- type: json
- default: {}
- ServiceNames:
- type: comma_delimited_list
- default: []
- MonitoringSubscriptions:
- type: comma_delimited_list
- default: []
- ServiceMetadataSettings:
- type: json
- default: {}
- ConfigCommand:
- type: string
- description: Command which will be run whenever configuration data changes
- default: os-refresh-config --timeout 14400
- ConfigCollectSplay:
- type: number
- default: 30
- description: |
- Maximum amount of time to possibly to delay configuation collection
- polling. Defaults to 30 seconds. Set to 0 to disable it which will cause
- the configuration collection to occur as soon as the collection process
- starts. This setting is used to prevent the configuration collection
- processes from polling all at the exact same time.
- UpgradeInitCommand:
- type: string
- description: |
- Command or script snippet to run on all overcloud nodes to
- initialize the upgrade process. E.g. a repository switch.
- default: ''
- UpgradeInitCommonCommand:
- type: string
- description: |
- Common commands required by the upgrades process. This should not
- normally be modified by the operator and is set and unset in the
- major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
- environment files.
- default: ''
- DeploymentServerBlacklistDict:
- default: {}
- type: json
- description: >
- Map of server hostnames to blacklist from any triggered
- deployments. If the value is 1, the server will be blacklisted. This
- parameter is generated from the parent template.
- RoleParameters:
- type: json
- description: Parameters specific to the role
- default: {}
- DeploymentSwiftDataMap:
- type: json
- description: |
- Map of servers to Swift container and object for storing deployment data.
- The keys are the Heat assigned hostnames, and the value is a map of the
- container/object name in Swift. Example value:
- overcloud-controller-0:
- container: overcloud-controller
- object: 0
- overcloud-controller-1:
- container: overcloud-controller
- object: 1
- overcloud-controller-2:
- container: overcloud-controller
- object: 2
- overcloud-novacompute-0:
- container: overcloud-compute
- object: 0
- default: {}
-
-conditions:
- server_not_blacklisted:
- not:
- equals:
- - {get_param: [DeploymentServerBlacklistDict, {get_param: Hostname}]}
- - 1
- deployment_swift_data_map_unset:
- equals:
- - get_param:
- - DeploymentSwiftDataMap
- - {get_param: Hostname}
- - ""
-
-resources:
- CephStorage:
- type: OS::TripleO::CephStorageServer
- metadata:
- os-collect-config:
- command: {get_param: ConfigCommand}
- splay: {get_param: ConfigCollectSplay}
- properties:
- image: {get_param: CephStorageImage}
- image_update_policy: {get_param: ImageUpdatePolicy}
- flavor: {get_param: OvercloudCephStorageFlavor}
- key_name: {get_param: KeyName}
- networks:
- - network: ctlplane
- user_data_format: SOFTWARE_CONFIG
- user_data: {get_resource: UserData}
- name:
- str_replace:
- template: {get_param: Hostname}
- params: {get_param: HostnameMap}
- software_config_transport: {get_param: SoftwareConfigTransport}
- metadata:
- map_merge:
- - {get_param: ServerMetadata}
- - {get_param: CephStorageServerMetadata}
- - {get_param: ServiceMetadataSettings}
- scheduler_hints: {get_param: CephStorageSchedulerHints}
- deployment_swift_data:
- if:
- - deployment_swift_data_map_unset
- - {}
- - {get_param: [DeploymentSwiftDataMap,
- {get_param: Hostname}]}
-
- # Combine the NodeAdminUserData and NodeUserData mime archives
- UserData:
- type: OS::Heat::MultipartMime
- properties:
- parts:
- - config: {get_resource: NodeAdminUserData}
- type: multipart
- - config: {get_resource: NodeUserData}
- type: multipart
- - config: {get_resource: RoleUserData}
- type: multipart
-
- # Creates the "heat-admin" user if configured via the environment
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeAdminUserData:
- type: OS::TripleO::NodeAdminUserData
-
- # For optional operator additional userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- NodeUserData:
- type: OS::TripleO::NodeUserData
-
- # For optional operator role-specific userdata
- # Should return a OS::Heat::MultipartMime reference via OS::stack_id
- RoleUserData:
- type: OS::TripleO::CephStorage::NodeUserData
-
- ExternalPort:
- type: OS::TripleO::CephStorage::Ports::ExternalPort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- InternalApiPort:
- type: OS::TripleO::CephStorage::Ports::InternalApiPort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StoragePort:
- type: OS::TripleO::CephStorage::Ports::StoragePort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- StorageMgmtPort:
- type: OS::TripleO::CephStorage::Ports::StorageMgmtPort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- TenantPort:
- type: OS::TripleO::CephStorage::Ports::TenantPort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- ManagementPort:
- type: OS::TripleO::CephStorage::Ports::ManagementPort
- properties:
- ControlPlaneIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- IPPool: {get_param: CephStorageIPs}
- NodeIndex: {get_param: NodeIndex}
-
- NetworkConfig:
- type: OS::TripleO::CephStorage::Net::SoftwareConfig
- properties:
- ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
-
- NetIpMap:
- type: OS::TripleO::Network::Ports::NetIpMap
- properties:
- ControlPlaneIp: {get_attr: [CephStorage, networks, ctlplane, 0]}
- ExternalIp: {get_attr: [ExternalPort, ip_address]}
- ExternalIpSubnet: {get_attr: [ExternalPort, ip_subnet]}
- ExternalIpUri: {get_attr: [ExternalPort, ip_address_uri]}
- InternalApiIp: {get_attr: [InternalApiPort, ip_address]}
- InternalApiIpSubnet: {get_attr: [InternalApiPort, ip_subnet]}
- InternalApiIpUri: {get_attr: [InternalApiPort, ip_address_uri]}
- StorageIp: {get_attr: [StoragePort, ip_address]}
- StorageIpSubnet: {get_attr: [StoragePort, ip_subnet]}
- StorageIpUri: {get_attr: [StoragePort, ip_address_uri]}
- StorageMgmtIp: {get_attr: [StorageMgmtPort, ip_address]}
- StorageMgmtIpSubnet: {get_attr: [StorageMgmtPort, ip_subnet]}
- StorageMgmtIpUri: {get_attr: [StorageMgmtPort, ip_address_uri]}
- TenantIp: {get_attr: [TenantPort, ip_address]}
- TenantIpSubnet: {get_attr: [TenantPort, ip_subnet]}
- TenantIpUri: {get_attr: [TenantPort, ip_address_uri]}
- ManagementIp: {get_attr: [ManagementPort, ip_address]}
- ManagementIpSubnet: {get_attr: [ManagementPort, ip_subnet]}
- ManagementIpUri: {get_attr: [ManagementPort, ip_address_uri]}
-
- NetHostMap:
- type: OS::Heat::Value
- properties:
- type: json
- value:
- external:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - external
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - external
- internal_api:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - internalapi
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - internalapi
- storage:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - storage
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - storage
- storage_mgmt:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - storagemgmt
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - storagemgmt
- tenant:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - tenant
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - tenant
- management:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - management
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - management
- ctlplane:
- fqdn:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - ctlplane
- - {get_param: CloudDomain}
- short:
- list_join:
- - '.'
- - - {get_attr: [CephStorage, name]}
- - ctlplane
-
- PreNetworkConfig:
- type: OS::TripleO::CephStorage::PreNetworkConfig
- properties:
- server: {get_resource: CephStorage}
- RoleParameters: {get_param: RoleParameters}
- ServiceNames: {get_param: ServiceNames}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
- NetworkDeployment:
- type: OS::TripleO::SoftwareDeployment
- depends_on: PreNetworkConfig
- properties:
- name: NetworkDeployment
- config: {get_resource: NetworkConfig}
- server: {get_resource: CephStorage}
- actions:
- if:
- - server_not_blacklisted
- - {get_param: NetworkDeploymentActions}
- - []
-
- CephStorageUpgradeInitConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- config:
- list_join:
- - ''
- - - "#!/bin/bash\n\n"
- - "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- - get_param: UpgradeInitCommand
- - get_param: UpgradeInitCommonCommand
-
- # Note we may be able to make this conditional on UpgradeInitCommandNotEmpty
- # but https://bugs.launchpad.net/heat/+bug/1649900 needs fixing first
- CephStorageUpgradeInitDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- name: CephStorageUpgradeInitDeployment
- server: {get_resource: CephStorage}
- config: {get_resource: CephStorageUpgradeInitConfig}
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- CephStorageDeployment:
- type: OS::Heat::StructuredDeployment
- depends_on: CephStorageUpgradeInitDeployment
- properties:
- name: CephStorageDeployment
- config: {get_resource: CephStorageConfig}
- server: {get_resource: CephStorage}
- input_values:
- enable_package_upgrade: {get_attr: [UpdateDeployment, update_managed_packages]}
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- CephStorageConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: hiera
- config:
- hierarchy:
- - '"%{::uuid}"'
- - heat_config_%{::deploy_config_name}
- - config_step
- - ceph_extraconfig
- - extraconfig
- - service_names
- - service_configs
- - ceph
- - bootstrap_node # provided by allNodesConfig
- - all_nodes # provided by allNodesConfig
- - vip_data # provided by allNodesConfig
- - '"%{::osfamily}"'
- merge_behavior: deeper
- datafiles:
- service_names:
- service_names: {get_param: ServiceNames}
- sensu::subscriptions: {get_param: MonitoringSubscriptions}
- service_configs:
- map_replace:
- - {get_param: ServiceConfigSettings}
- - values: {get_attr: [NetIpMap, net_ip_map]}
- ceph_extraconfig: {get_param: CephStorageExtraConfig}
- extraconfig: {get_param: ExtraConfig}
- ceph:
- tripleo::packages::enable_upgrade: {get_input: enable_package_upgrade}
- fqdn_internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- fqdn_storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- fqdn_storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- fqdn_tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- fqdn_management: {get_attr: [NetHostMap, value, management, fqdn]}
- fqdn_ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- fqdn_external: {get_attr: [NetHostMap, value, external, fqdn]}
-
- # Resource for site-specific injection of root certificate
- NodeTLSCAData:
- depends_on: CephStorageDeployment
- type: OS::TripleO::NodeTLSCAData
- properties:
- server: {get_resource: CephStorage}
-
- # Hook for site-specific additional pre-deployment config, e.g extra hieradata
- CephStorageExtraConfigPre:
- depends_on: CephStorageDeployment
- type: OS::TripleO::CephStorageExtraConfigPre
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: CephStorage}
-
- # Hook for site-specific additional pre-deployment config,
- # applying to all nodes, e.g node registration/unregistration
- NodeExtraConfig:
- depends_on: [CephStorageExtraConfigPre, NodeTLSCAData]
- type: OS::TripleO::NodeExtraConfig
- # We have to use conditions here so that we don't break backwards
- # compatibility with templates everywhere
- condition: server_not_blacklisted
- properties:
- server: {get_resource: CephStorage}
-
- UpdateConfig:
- type: OS::TripleO::Tasks::PackageUpdate
-
- UpdateDeployment:
- type: OS::Heat::SoftwareDeployment
- depends_on: NetworkDeployment
- properties:
- config: {get_resource: UpdateConfig}
- server: {get_resource: CephStorage}
- input_values:
- update_identifier:
- get_param: UpdateIdentifier
- actions:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- DeploymentActions:
- type: OS::Heat::Value
- properties:
- value:
- if:
- - server_not_blacklisted
- - ['CREATE', 'UPDATE']
- - []
-
- SshHostPubKey:
- type: OS::TripleO::Ssh::HostPubKey
- depends_on: CephStorageDeployment
- properties:
- server: {get_resource: CephStorage}
- deployment_actions: {get_attr: [DeploymentActions, value]}
-
-outputs:
- ip_address:
- description: IP address of the server in the ctlplane network
- value: {get_attr: [CephStorage, networks, ctlplane, 0]}
- hostname:
- description: Hostname of the server
- value: {get_attr: [CephStorage, name]}
- hostname_map:
- description: Mapping of network names to hostnames
- value:
- external: {get_attr: [NetHostMap, value, external, fqdn]}
- internal_api: {get_attr: [NetHostMap, value, internal_api, fqdn]}
- storage: {get_attr: [NetHostMap, value, storage, fqdn]}
- storage_mgmt: {get_attr: [NetHostMap, value, storage_mgmt, fqdn]}
- tenant: {get_attr: [NetHostMap, value, tenant, fqdn]}
- management: {get_attr: [NetHostMap, value, management, fqdn]}
- ctlplane: {get_attr: [NetHostMap, value, ctlplane, fqdn]}
- hosts_entry:
- value:
- str_replace:
- template: |
- PRIMARYIP PRIMARYHOST.DOMAIN PRIMARYHOST
- EXTERNALIP EXTERNALHOST.DOMAIN EXTERNALHOST
- INTERNAL_APIIP INTERNAL_APIHOST.DOMAIN INTERNAL_APIHOST
- STORAGEIP STORAGEHOST.DOMAIN STORAGEHOST
- STORAGE_MGMTIP STORAGE_MGMTHOST.DOMAIN STORAGE_MGMTHOST
- TENANTIP TENANTHOST.DOMAIN TENANTHOST
- MANAGEMENTIP MANAGEMENTHOST.DOMAIN MANAGEMENTHOST
- CTLPLANEIP CTLPLANEHOST.DOMAIN CTLPLANEHOST
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [CephStorage, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- known_hosts_entry:
- description: Entry for ssh known hosts
- value:
- str_replace:
- template: "PRIMARYIP,PRIMARYHOST.DOMAIN,PRIMARYHOST,\
-EXTERNALIP,EXTERNALHOST.DOMAIN,EXTERNALHOST,\
-INTERNAL_APIIP,INTERNAL_APIHOST.DOMAIN,INTERNAL_APIHOST,\
-STORAGEIP,STORAGEHOST.DOMAIN,STORAGEHOST,\
-STORAGE_MGMTIP,STORAGE_MGMTHOST.DOMAIN,STORAGE_MGMTHOST,\
-TENANTIP,TENANTHOST.DOMAIN,TENANTHOST,\
-MANAGEMENTIP,MANAGEMENTHOST.DOMAIN,MANAGEMENTHOST,\
-CTLPLANEIP,CTLPLANEHOST.DOMAIN,CTLPLANEHOST HOSTSSHPUBKEY"
- params:
- PRIMARYIP: {get_attr: [NetIpMap, net_ip_map, {get_param: [ServiceNetMap, CephStorageHostnameResolveNetwork]}]}
- DOMAIN: {get_param: CloudDomain}
- PRIMARYHOST: {get_attr: [CephStorage, name]}
- EXTERNALIP: {get_attr: [ExternalPort, ip_address]}
- EXTERNALHOST: {get_attr: [NetHostMap, value, external, short]}
- INTERNAL_APIIP: {get_attr: [InternalApiPort, ip_address]}
- INTERNAL_APIHOST: {get_attr: [NetHostMap, value, internal_api, short]}
- STORAGEIP: {get_attr: [StoragePort, ip_address]}
- STORAGEHOST: {get_attr: [NetHostMap, value, storage, short]}
- STORAGE_MGMTIP: {get_attr: [StorageMgmtPort, ip_address]}
- STORAGE_MGMTHOST: {get_attr: [NetHostMap, value, storage_mgmt, short]}
- TENANTIP: {get_attr: [TenantPort, ip_address]}
- TENANTHOST: {get_attr: [NetHostMap, value, tenant, short]}
- MANAGEMENTIP: {get_attr: [ManagementPort, ip_address]}
- MANAGEMENTHOST: {get_attr: [NetHostMap, value, management, short]}
- CTLPLANEIP: {get_attr: [CephStorage, networks, ctlplane, 0]}
- CTLPLANEHOST: {get_attr: [NetHostMap, value, ctlplane, short]}
- HOSTSSHPUBKEY: {get_attr: [SshHostPubKey, ecdsa]}
- nova_server_resource:
- description: Heat resource handle for the ceph storage server
- value:
- {get_resource: CephStorage}
- condition: server_not_blacklisted
- external_ip_address:
- description: IP address of the server in the external network
- value: {get_attr: [ExternalPort, ip_address]}
- internal_api_ip_address:
- description: IP address of the server in the internal_api network
- value: {get_attr: [InternalApiPort, ip_address]}
- storage_ip_address:
- description: IP address of the server in the storage network
- value: {get_attr: [StoragePort, ip_address]}
- storage_mgmt_ip_address:
- description: IP address of the server in the storage_mgmt network
- value: {get_attr: [StorageMgmtPort, ip_address]}
- tenant_ip_address:
- description: IP address of the server in the tenant network
- value: {get_attr: [TenantPort, ip_address]}
- management_ip_address:
- description: IP address of the server in the management network
- value: {get_attr: [ManagementPort, ip_address]}
- deployed_server_port_map:
- description: |
- Map of Heat created hostname of the server to ip address. This is the
- hostname before it has been mapped with the HostnameMap parameter, and
- the IP address from the ctlplane network. This map can be used to construct
- the DeployedServerPortMap parameter when using split-stack.
- value:
- map_replace:
- - hostname:
- fixed_ips:
- - ip_address: {get_attr: [CephStorage, networks, ctlplane, 0]}
- - keys:
- hostname:
- list_join:
- - '-'
- - - {get_param: Hostname}
- - ctlplane
- deployed_server_deployment_swift_data_map:
- description:
- Map of Heat created hostname of the server to the Swift container and object
- used to created the temporary url for metadata polling with
- os-collect-config.
- value:
- map_replace:
- - hostname:
- container:
- str_split:
- - '/'
- - {get_attr: [CephStorage, os_collect_config, request, metadata_url]}
- - 5
- object:
- str_split:
- - '?'
- - str_split:
- - '/'
- - {get_attr: [CephStorage, os_collect_config, request, metadata_url]}
- - 6
- - 0
- - keys: {hostname: {get_param: Hostname}}
- os_collect_config:
- description: The os-collect-config configuration associated with this server resource
- value: {get_attr: [CephStorage, os_collect_config]}
diff --git a/puppet/services/README.rst b/puppet/services/README.rst
index d55414b7..a593d55e 100644
--- a/puppet/services/README.rst
+++ b/puppet/services/README.rst
@@ -155,7 +155,7 @@ Similar to the step_config, we allow a series of steps for the per-service
upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first
step, "step2" for the second, etc.
- Steps/tages correlate to the following:
+ Steps/tags correlate to the following:
1) Stop all control-plane services.
@@ -186,6 +186,18 @@ Note that the services are not started in the upgrade tasks - we instead re-run
puppet which does any reconfiguration required for the new version, then starts
the services.
+Update Steps
+------------
+
+Each service template may optionally define a `update_tasks` key, which is a
+list of ansible tasks to be performed during the minor update process.
+
+Similar to the upgrade_tasks, we allow a series of steps for the per-service
+update sequence, but note update_task selects the steps via a conditional
+referencing the step variable e.g when: step == 2, which is different to the
+tags based approach used for upgrade_tasks (the two may be aligned in future).
+
+
Nova Server Metadata Settings
-----------------------------
diff --git a/puppet/services/ceph-base.yaml b/puppet/services/ceph-base.yaml
index ce9f9b9d..f6573f6c 100644
--- a/puppet/services/ceph-base.yaml
+++ b/puppet/services/ceph-base.yaml
@@ -11,7 +11,7 @@ parameters:
type: string
hidden: true
CephClientKey:
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClientUserName:
@@ -61,6 +61,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ ManilaCephFSNativeCephFSAuthId:
+ type: string
+ default: 'manila'
+ CephManilaClientKey:
+ default: ''
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
# DEPRECATED options for compatibility with overcloud.yaml
# This should be removed and manipulation of the ControllerServices list
# used instead, but we need client support for that first
@@ -133,6 +141,14 @@ outputs:
CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
+ MANILA_CLIENT_KEY:
+ mode: '0644'
+ secret: {get_param: CephManilaClientKey}
+ cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"'
+ cap_mds: 'allow *'
+ cap_osd: 'allow rw'
- keys:
CEPH_CLIENT_KEY:
list_join: ['.', ['client', {get_param: CephClientUserName}]]
+ MANILA_CLIENT_KEY:
+ list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]]
diff --git a/puppet/services/ceph-external.yaml b/puppet/services/ceph-external.yaml
index 97e44159..1459b851 100644
--- a/puppet/services/ceph-external.yaml
+++ b/puppet/services/ceph-external.yaml
@@ -5,7 +5,7 @@ description: >
parameters:
CephClientKey:
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClientUserName:
@@ -68,6 +68,14 @@ parameters:
image. Only applies to format 2 images. Set to '1' for Jewel
clients using older Ceph servers.
type: string
+ ManilaCephFSNativeCephFSAuthId:
+ type: string
+ default: 'manila'
+ CephManilaClientKey:
+ default: ''
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
+ type: string
+ hidden: true
outputs:
role_data:
@@ -94,9 +102,17 @@ outputs:
CINDERBACKUP_POOL: {get_param: CinderBackupRbdPoolName}
GLANCE_POOL: {get_param: GlanceRbdPoolName}
GNOCCHI_POOL: {get_param: GnocchiRbdPoolName}
+ MANILA_CLIENT_KEY:
+ mode: '0644'
+ secret: {get_param: CephManilaClientKey}
+ cap_mon: 'allow r, allow command \"auth del\", allow command \"auth caps\", allow command \"auth get\", allow command \"auth get-or-create\"'
+ cap_mds: 'allow *'
+ cap_osd: 'allow rw'
- keys:
CEPH_CLIENT_KEY:
list_join: ['.', ['client', {get_param: CephClientUserName}]]
+ MANILA_CLIENT_KEY:
+ list_join: ['.', ['client', {get_param: ManilaCephFSNativeCephFSAuthId}]]
ceph::profile::params::manage_repo: false
# FIXME(gfidente): we should not have to list the packages explicitly in
# the templates, but this should stay until the following is fixed:
diff --git a/puppet/services/ceph-mds.yaml b/puppet/services/ceph-mds.yaml
index c561ea0e..ad799edb 100644
--- a/puppet/services/ceph-mds.yaml
+++ b/puppet/services/ceph-mds.yaml
@@ -35,6 +35,15 @@ parameters:
with ceph-authtool --gen-print-key.
type: string
hidden: true
+ ManilaCephFSDataPoolName:
+ default: manila_data
+ type: string
+ ManilaCephFSMetadataPoolName:
+ default: manila_metadata
+ type: string
+ ManilaCephFSNativeShareBackendName:
+ default: cephfs
+ type: string
resources:
CephBase:
@@ -60,5 +69,8 @@ outputs:
'112 ceph_mds':
dport:
- '6800-7300'
+ ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName}
+ ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName}
+ ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName}
step_config: |
include ::tripleo::profile::base::ceph::mds
diff --git a/puppet/services/cinder-backend-dellemc-unity.yaml b/puppet/services/cinder-backend-dellemc-unity.yaml
new file mode 100644
index 00000000..c8b8bd8f
--- /dev/null
+++ b/puppet/services/cinder-backend-dellemc-unity.yaml
@@ -0,0 +1,85 @@
+# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+heat_template_version: pike
+
+description: >
+ Openstack Cinder Dell EMC Unity backend
+
+parameters:
+ CinderEnableDellEMCUnityBackend:
+ type: boolean
+ default: true
+ CinderDellEMCUnityBackendName:
+ type: string
+ default: 'tripleo_dellemc_unity'
+ CinderDellEMCUnitySanIp:
+ type: string
+ CinderDellEMCUnitySanLogin:
+ type: string
+ default: 'Admin'
+ CinderDellEMCUnitySanPassword:
+ type: string
+ hidden: true
+ CinderDellEMCUnityStorageProtocol:
+ type: string
+ default: 'iSCSI'
+ CinderDellEMCUnityIoPorts:
+ type: string
+ default: ''
+ CinderDellEMCUnityStoragePoolNames:
+ type: string
+ default: ''
+ ServiceData:
+ default: {}
+ description: Dictionary packing service data
+ type: json
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ RoleName:
+ default: ''
+ description: Role name on which the service is applied
+ type: string
+ RoleParameters:
+ default: {}
+ description: Parameters specific to the role
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+outputs:
+ role_data:
+ description: Role data for the Cinder Dell EMC Storage Center backend.
+ value:
+ service_name: cinder_backend_dellemc_unity
+ config_settings:
+ tripleo::profile::base::cinder::volume::cinder_enable_dellemc_unity_backend: {get_param: CinderEnableDellEMCUnityBackend}
+ cinder::backend::dellemc_unity::volume_backend_name: {get_param: CinderDellEMCUnityBackendName}
+ cinder::backend::dellemc_unity::san_ip: {get_param: CinderDellEMCUnitySanIp}
+ cinder::backend::dellemc_unity::san_login: {get_param: CinderDellEMCUnitySanLogin}
+ cinder::backend::dellemc_unity::san_password: {get_param: CinderDellEMCUnitySanPassword}
+ cinder::backend::dellemc_unity::storage_protocol: {get_param: CinderDellEMCUnityStorageProtocol}
+ cinder::backend::dellemc_unity::unity_io_ports: {get_param: CinderDellEMCUnityIoPorts}
+ cinder::backend::dellemc_unity::unity_storage_pool_names: {get_param: CinderDellEMCUnityStoragePoolNames}
+ step_config: |
+ include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/haproxy-internal-tls-certmonger.yaml b/puppet/services/haproxy-internal-tls-certmonger.yaml
index 642685a8..e0173d88 100644
--- a/puppet/services/haproxy-internal-tls-certmonger.yaml
+++ b/puppet/services/haproxy-internal-tls-certmonger.yaml
@@ -86,7 +86,6 @@ outputs:
- - {get_param: HAProxyInternalTLSKeysDirectory}
- '/overcloud-haproxy-NETWORK.key'
hostname: "%{hiera('cloud_name_NETWORK')}"
- postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_NETWORK')}"
for_each:
NETWORK: {get_attr: [HAProxyNetworks, value]}
diff --git a/puppet/services/haproxy-public-tls-certmonger.yaml b/puppet/services/haproxy-public-tls-certmonger.yaml
index b2766c44..14d171dc 100644
--- a/puppet/services/haproxy-public-tls-certmonger.yaml
+++ b/puppet/services/haproxy-public-tls-certmonger.yaml
@@ -71,7 +71,6 @@ outputs:
- - {get_param: HAProxyInternalTLSKeysDirectory}
- '/overcloud-haproxy-external.key'
hostname: "%{hiera('cloud_name_external')}"
- postsave_cmd: "" # TODO
principal: "haproxy/%{hiera('cloud_name_external')}"
metadata_settings:
- service: haproxy
diff --git a/puppet/services/horizon.yaml b/puppet/services/horizon.yaml
index 63ab92eb..642a0f09 100644
--- a/puppet/services/horizon.yaml
+++ b/puppet/services/horizon.yaml
@@ -67,6 +67,14 @@ parameters:
MonitoringSubscriptionHorizon:
default: 'overcloud-horizon'
type: string
+ EnableInternalTLS:
+ type: boolean
+ default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
conditions:
@@ -109,6 +117,14 @@ outputs:
- {get_param: [DefaultPasswords, horizon_secret]}
horizon::secure_cookies: {get_param: [HorizonSecureCookies]}
memcached_ipv6: {get_param: MemcachedIPv6}
+ horizon::servername:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, HorizonNetwork]}
+ horizon::listen_ssl: {get_param: EnableInternalTLS}
+ horizon::horizon_ca: {get_param: InternalTLSCAFile}
-
if:
- debug_unset
diff --git a/puppet/services/manila-backend-cephfs.yaml b/puppet/services/manila-backend-cephfs.yaml
index 9d6b508b..9207d99f 100644
--- a/puppet/services/manila-backend-cephfs.yaml
+++ b/puppet/services/manila-backend-cephfs.yaml
@@ -52,12 +52,6 @@ parameters:
ManilaCephFSNativeCephFSEnableSnapshots:
type: boolean
default: false
- ManilaCephFSDataPoolName:
- default: manila_data
- type: string
- ManilaCephFSMetadataPoolName:
- default: manila_metadata
- type: string
# (jprovazn) default value is set to assure this templates works with an
# external ceph too (user/key is created only when ceph is deployed by
# TripleO)
@@ -81,7 +75,4 @@ outputs:
manila::backend::cephfsnative::cephfs_cluster_name: {get_param: ManilaCephFSNativeCephFSClusterName}
manila::backend::cephfsnative::cephfs_enable_snapshots: {get_param: ManilaCephFSNativeCephFSEnableSnapshots}
manila::backend::cephfsnative::ceph_client_key: {get_param: CephManilaClientKey}
- ceph::profile::params::fs_data_pool: {get_param: ManilaCephFSDataPoolName}
- ceph::profile::params::fs_metadata_pool: {get_param: ManilaCephFSMetadataPoolName}
- ceph::profile::params::fs_name: {get_param: ManilaCephFSNativeShareBackendName}
step_config:
diff --git a/puppet/services/neutron-metadata.yaml b/puppet/services/neutron-metadata.yaml
index 81f12f01..30f34777 100644
--- a/puppet/services/neutron-metadata.yaml
+++ b/puppet/services/neutron-metadata.yaml
@@ -57,10 +57,15 @@ parameters:
default:
tag: openstack.neutron.agent.metadata
path: /var/log/neutron/metadata-agent.log
+ EnableInternalTLS:
+ type: boolean
+ default: false
conditions:
neutron_workers_unset: {equals : [{get_param: NeutronWorkers}, '']}
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+
resources:
NeutronBase:
@@ -90,6 +95,17 @@ outputs:
neutron::agents::metadata::auth_url: { get_param: [EndpointMap, KeystoneInternal, uri_no_suffix] }
neutron::agents::metadata::auth_tenant: 'service'
neutron::agents::metadata::metadata_ip: "%{hiera('nova_metadata_vip')}"
+ neutron::agents::metadata::metadata_host:
+ str_replace:
+ template:
+ "%{hiera('cloud_name_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
+ neutron::agents::metadata::metadata_protocol:
+ if:
+ - internal_tls_enabled
+ - 'https'
+ - 'http'
-
if:
- neutron_workers_unset
diff --git a/puppet/services/neutron-plugin-ml2.yaml b/puppet/services/neutron-plugin-ml2.yaml
index bc91374a..1ea6b1ae 100644
--- a/puppet/services/neutron-plugin-ml2.yaml
+++ b/puppet/services/neutron-plugin-ml2.yaml
@@ -76,6 +76,12 @@ parameters:
description: Firewall driver for realizing neutron security group function
type: string
default: 'openvswitch'
+ NeutronOverlayIPVersion:
+ default: 4
+ description: IP version used for all overlay network endpoints.
+ type: number
+ constraints:
+ - allowed_values: [4,6]
resources:
NeutronBase:
@@ -105,6 +111,7 @@ outputs:
neutron::plugins::ml2::vni_ranges: {get_param: NeutronVniRanges}
neutron::plugins::ml2::tenant_network_types: {get_param: NeutronNetworkType}
neutron::plugins::ml2::firewall_driver: {get_param: NeutronFirewallDriver}
+ neutron::plugins::ml2::overlay_ip_version: {get_param: NeutronOverlayIPVersion}
step_config: |
include ::tripleo::profile::base::neutron::plugins::ml2
diff --git a/puppet/services/nova-compute.yaml b/puppet/services/nova-compute.yaml
index 36866a3a..22a743e0 100644
--- a/puppet/services/nova-compute.yaml
+++ b/puppet/services/nova-compute.yaml
@@ -37,7 +37,7 @@ parameters:
default: openstack
type: string
CephClientKey:
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClusterFSID:
diff --git a/puppet/services/nova-libvirt.yaml b/puppet/services/nova-libvirt.yaml
index 04936c33..df9e88fb 100644
--- a/puppet/services/nova-libvirt.yaml
+++ b/puppet/services/nova-libvirt.yaml
@@ -34,7 +34,7 @@ parameters:
default: openstack
type: string
CephClientKey:
- description: The Ceph client key. Can be created with ceph-authtool --gen-print-key. Currently only used for external Ceph deployments to create the openstack user keyring.
+ description: The Ceph client key. Can be created with ceph-authtool --gen-print-key.
type: string
hidden: true
CephClusterFSID:
@@ -162,7 +162,7 @@ outputs:
dport:
- 16514
- '49152-49215'
- - '5900-5999'
+ - '5900-6923'
-
if:
diff --git a/puppet/services/nova-metadata.yaml b/puppet/services/nova-metadata.yaml
index ca9eed09..3ac5f300 100644
--- a/puppet/services/nova-metadata.yaml
+++ b/puppet/services/nova-metadata.yaml
@@ -34,10 +34,26 @@ parameters:
default: 0
description: Number of workers for Nova services.
type: number
+ EnableInternalTLS:
+ type: boolean
+ default: false
conditions:
nova_workers_zero: {equals : [{get_param: NovaWorkers}, 0]}
+ use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
+
+resources:
+
+ TLSProxyBase:
+ type: OS::TripleO::Services::TLSProxyBase
+ properties:
+ ServiceData: {get_param: ServiceData}
+ ServiceNetMap: {get_param: ServiceNetMap}
+ DefaultPasswords: {get_param: DefaultPasswords}
+ EndpointMap: {get_param: EndpointMap}
+ EnableInternalTLS: {get_param: EnableInternalTLS}
+
outputs:
role_data:
description: Role data for the Nova Metadata service.
@@ -45,10 +61,29 @@ outputs:
service_name: nova_metadata
config_settings:
map_merge:
- - nova::api::metadata_listen: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
+ - get_attr: [TLSProxyBase, role_data, config_settings]
+ - nova::api::metadata_listen:
+ if:
+ - use_tls_proxy
+ - 'localhost'
+ - {get_param: [ServiceNetMap, NovaMetadataNetwork]}
-
if:
- nova_workers_zero
- {}
- nova::api::metadata_workers: {get_param: NovaWorkers}
+ -
+ if:
+ - use_tls_proxy
+ - tripleo::profile::base::nova::api::metadata_tls_proxy_bind_ip:
+ get_param: [ServiceNetMap, NovaMetadataNetwork]
+ tripleo::profile::base::nova::api::metadata_tls_proxy_fqdn:
+ str_replace:
+ template:
+ "%{hiera('fqdn_$NETWORK')}"
+ params:
+ $NETWORK: {get_param: [ServiceNetMap, NovaMetadataNetwork]}
+ - {}
step_config: ""
+ metadata_settings:
+ get_attr: [TLSProxyBase, role_data, metadata_settings]
diff --git a/puppet/services/pacemaker/cinder-volume.yaml b/puppet/services/pacemaker/cinder-volume.yaml
index a1134f3e..f4675875 100644
--- a/puppet/services/pacemaker/cinder-volume.yaml
+++ b/puppet/services/pacemaker/cinder-volume.yaml
@@ -66,11 +66,17 @@ outputs:
resource: openstack-cinder-volume
state: disable
wait_for_resource: true
- - name: Sync cinder DB
+ - name: get bootstrap nodeid
tags: step5
- command: cinder-manage db sync
- - name: Start cinder_volume service (pacemaker)
- tags: step5
- pacemaker_resource:
- resource: openstack-cinder-volume
- state: enable
+ command: hiera bootstrap_nodeid
+ register: bootstrap_node
+ - block:
+ - name: Sync cinder DB
+ tags: step5
+ command: cinder-manage db sync
+ - name: Start cinder_volume service (pacemaker)
+ tags: step5
+ pacemaker_resource:
+ resource: openstack-cinder-volume
+ state: enable
+ when: bootstrap_node.stdout == ansible_hostname
diff --git a/puppet/services/pacemaker_remote.yaml b/puppet/services/pacemaker_remote.yaml
index 76511784..47ca6142 100644
--- a/puppet/services/pacemaker_remote.yaml
+++ b/puppet/services/pacemaker_remote.yaml
@@ -35,6 +35,11 @@ parameters:
description: The authkey for the pacemaker remote service.
hidden: true
default: ''
+ PcsdPassword:
+ type: string
+ description: The password for the 'pcsd' user for pacemaker.
+ hidden: true
+ default: ''
MonitoringSubscriptionPacemakerRemote:
default: 'overcloud-pacemaker_remote'
type: string
@@ -103,5 +108,13 @@ outputs:
tripleo::fencing::config: {get_param: FencingConfig}
enable_fencing: {get_param: EnableFencing}
tripleo::profile::base::pacemaker_remote::remote_authkey: {get_param: PacemakerRemoteAuthkey}
+ pacemaker::corosync::manage_fw: false
+ hacluster_pwd:
+ yaql:
+ expression: $.data.passwords.where($ != '').first()
+ data:
+ passwords:
+ - {get_param: PcsdPassword}
+ - {get_param: [DefaultPasswords, pcsd_password]}
step_config: |
include ::tripleo::profile::base::pacemaker_remote
diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml
index e471c2a6..2a8620c8 100644
--- a/puppet/services/tripleo-packages.yaml
+++ b/puppet/services/tripleo-packages.yaml
@@ -56,3 +56,7 @@ outputs:
- name: Update all packages
tags: step3
yum: name=* state=latest
+ update_tasks:
+ - name: Update all packages
+ yum: name=* state=latest
+ when: step == "3"
diff --git a/releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml b/releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml
new file mode 100644
index 00000000..764686f4
--- /dev/null
+++ b/releasenotes/notes/deprecate-management-envs-bbc7fddb0ca871af.yaml
@@ -0,0 +1,5 @@
+---
+deprecations:
+ - |
+ Both environments/network-management.yaml and environments/network-management-v6.yaml
+ are now deprecated in favor of specifying the needed networks on each role.
diff --git a/releasenotes/notes/dont-unregister-on-delete-9708f7cbc73a0d2f.yaml b/releasenotes/notes/dont-unregister-on-delete-9708f7cbc73a0d2f.yaml
new file mode 100644
index 00000000..96e6234d
--- /dev/null
+++ b/releasenotes/notes/dont-unregister-on-delete-9708f7cbc73a0d2f.yaml
@@ -0,0 +1,8 @@
+---
+fixes:
+ - Don't unregister systems from the portal/satellite
+ when deleting from Heat. There are several reasons why
+ it's compelling to fix this behavior. See
+ https://bugs.launchpad.net/tripleo/+bug/1710144
+ for full information. The previous behavior can be triggered
+ by setting the DeleteOnRHELUnregistration parameter to "true".
diff --git a/releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml b/releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml
new file mode 100644
index 00000000..e417f5f2
--- /dev/null
+++ b/releasenotes/notes/fix-heat-condition-for-rhel-reg-311a3dce76cc0ec1.yaml
@@ -0,0 +1,9 @@
+---
+fixes:
+ - |
+ Fix Heat condition for RHEL registration yum update
+ There were 2 problems with this condition making the
+ rhel-registration.yaml template broken: "conditions" should be "condition"
+ and the condition should refer to just a condition name defined in the
+ "conditions:" section of the template. See
+ https://bugs.launchpad.net/tripleo/+bug/1709916
diff --git a/releasenotes/notes/neutron-ml2-overlay-ip-version-4f14932355847aa0.yaml b/releasenotes/notes/neutron-ml2-overlay-ip-version-4f14932355847aa0.yaml
new file mode 100644
index 00000000..1c20b26d
--- /dev/null
+++ b/releasenotes/notes/neutron-ml2-overlay-ip-version-4f14932355847aa0.yaml
@@ -0,0 +1,5 @@
+---
+features:
+ - Add NeutronOverlayIPVersion parameter to congfigure neutron ML2
+ overlay_ip_version option. This parameter should be set to 6 when user
+ requires tenant vxlan tunnel endpoints to be IPv6.
diff --git a/releasenotes/notes/unity_cinder_e9872898724a11e7.yaml b/releasenotes/notes/unity_cinder_e9872898724a11e7.yaml
new file mode 100644
index 00000000..f2edb9f7
--- /dev/null
+++ b/releasenotes/notes/unity_cinder_e9872898724a11e7.yaml
@@ -0,0 +1,4 @@
+---
+features:
+ - |
+ Add support for Dell EMC Unity cinder driver
diff --git a/releasenotes/notes/workaround-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml b/releasenotes/notes/workaround-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml
new file mode 100644
index 00000000..04b21fba
--- /dev/null
+++ b/releasenotes/notes/workaround-unset-fqdn-for-rhel-reg-be9c4620146096be.yaml
@@ -0,0 +1,8 @@
+---
+fixes:
+ - Workaround systems getting registered as "localhost" during
+ RHEL registration if they don't have a fqdn set by first
+ rm'ing the /etc/rhsm/facts directory. When the directory does not
+ exist, the katello-rshm-consumer which runs when installing
+ the katello-ca-consumer will not set the hostname.override fact to
+ "localhost". See https://bugs.launchpad.net/tripleo/+bug/1711435
diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py
index 939b263c..9d46018a 100644
--- a/releasenotes/source/conf.py
+++ b/releasenotes/source/conf.py
@@ -52,7 +52,7 @@ copyright = u'2017, TripleO Developers'
# built documents.
#
# The full version, including alpha/beta/rc tags.
-release = '7.0.0.0b3'
+release = '7.0.0.0rc1'
# The short X.Y version.
version = '7.0.0'
diff --git a/roles/BlockStorage.yaml b/roles/BlockStorage.yaml
index e4fdfa44..9d1bef08 100644
--- a/roles/BlockStorage.yaml
+++ b/roles/BlockStorage.yaml
@@ -21,6 +21,7 @@
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
diff --git a/roles/CephStorage.yaml b/roles/CephStorage.yaml
index f3978c5b..8e62e8e7 100644
--- a/roles/CephStorage.yaml
+++ b/roles/CephStorage.yaml
@@ -18,6 +18,7 @@
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
diff --git a/roles/Compute.yaml b/roles/Compute.yaml
index ce5ab742..9d2c8189 100644
--- a/roles/Compute.yaml
+++ b/roles/Compute.yaml
@@ -44,6 +44,7 @@
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
diff --git a/roles/ComputeHCI.yaml b/roles/ComputeHCI.yaml
index 0e8a90b7..0216b04a 100644
--- a/roles/ComputeHCI.yaml
+++ b/roles/ComputeHCI.yaml
@@ -35,6 +35,7 @@
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
diff --git a/roles/ComputeOvsDpdk.yaml b/roles/ComputeOvsDpdk.yaml
index 7c3cd218..9b94710d 100644
--- a/roles/ComputeOvsDpdk.yaml
+++ b/roles/ComputeOvsDpdk.yaml
@@ -31,6 +31,7 @@
- OS::TripleO::Services::NovaCompute
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
diff --git a/roles/Controller.yaml b/roles/Controller.yaml
index 224d1356..93a58df7 100644
--- a/roles/Controller.yaml
+++ b/roles/Controller.yaml
@@ -44,6 +44,7 @@
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderBackendDellPs
- OS::TripleO::Services::CinderBackendDellSc
+ - OS::TripleO::Services::CinderBackendDellEMCUnity
- OS::TripleO::Services::CinderBackendNetApp
- OS::TripleO::Services::CinderBackendScaleIO
- OS::TripleO::Services::CinderBackendVRTSHyperScale
@@ -108,6 +109,7 @@
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::NovaVncProxy
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OctaviaApi
- OS::TripleO::Services::OctaviaHealthManager
- OS::TripleO::Services::OctaviaHousekeeping
diff --git a/roles/ControllerOpenstack.yaml b/roles/ControllerOpenstack.yaml
index 10d76dd7..fdbec599 100644
--- a/roles/ControllerOpenstack.yaml
+++ b/roles/ControllerOpenstack.yaml
@@ -33,6 +33,7 @@
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephRbdMirror
- OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderHPELeftHandISCSI
@@ -79,6 +80,7 @@
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::NovaVncProxy
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OctaviaApi
- OS::TripleO::Services::OctaviaHealthManager
- OS::TripleO::Services::OctaviaHousekeeping
diff --git a/roles/Database.yaml b/roles/Database.yaml
index e101fd4f..ffeada05 100644
--- a/roles/Database.yaml
+++ b/roles/Database.yaml
@@ -10,12 +10,14 @@
ServicesDefault:
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
diff --git a/roles/IronicConductor.yaml b/roles/IronicConductor.yaml
index ae848bc8..d5d8ddd7 100644
--- a/roles/IronicConductor.yaml
+++ b/roles/IronicConductor.yaml
@@ -8,12 +8,14 @@
ServicesDefault:
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::IronicConductor
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
- OS::TripleO::Services::Timezone
diff --git a/roles/Messaging.yaml b/roles/Messaging.yaml
index 47e0f920..cd6071c4 100644
--- a/roles/Messaging.yaml
+++ b/roles/Messaging.yaml
@@ -10,10 +10,12 @@
ServicesDefault:
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Pacemaker
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::SensuClient
diff --git a/roles/Networker.yaml b/roles/Networker.yaml
index 311e0a7d..1bf58031 100644
--- a/roles/Networker.yaml
+++ b/roles/Networker.yaml
@@ -11,6 +11,7 @@
ServicesDefault:
- OS::TripleO::Services::AuditD
- OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::Collectd
- OS::TripleO::Services::FluentdClient
- OS::TripleO::Services::Kernel
@@ -29,6 +30,7 @@
- OS::TripleO::Services::NeutronOvsAgent
- OS::TripleO::Services::NeutronVppAgent
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::PacemakerRemote
- OS::TripleO::Services::SensuClient
diff --git a/roles/ObjectStorage.yaml b/roles/ObjectStorage.yaml
index ad372be6..e2eacd9e 100644
--- a/roles/ObjectStorage.yaml
+++ b/roles/ObjectStorage.yaml
@@ -26,6 +26,7 @@
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
diff --git a/roles/Telemetry.yaml b/roles/Telemetry.yaml
index b1c73798..7bc93a40 100644
--- a/roles/Telemetry.yaml
+++ b/roles/Telemetry.yaml
@@ -12,10 +12,12 @@
- OS::TripleO::Services::AodhEvaluator
- OS::TripleO::Services::AodhListener
- OS::TripleO::Services::AodhNotifier
+ - OS::TripleO::Services::CACerts
- OS::TripleO::Services::CeilometerAgentCentral
- OS::TripleO::Services::CeilometerAgentNotification
- OS::TripleO::Services::CeilometerApi
- OS::TripleO::Services::CeilometerExpirer
+ - OS::TripleO::Services::CertmongerUser
- OS::TripleO::Services::GnocchiApi
- OS::TripleO::Services::GnocchiMetricd
- OS::TripleO::Services::GnocchiStatsd
@@ -23,6 +25,7 @@
- OS::TripleO::Services::MongoDb
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::PankoApi
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::Redis
diff --git a/roles/Undercloud.yaml b/roles/Undercloud.yaml
index a408a21b..a78ba398 100644
--- a/roles/Undercloud.yaml
+++ b/roles/Undercloud.yaml
@@ -39,6 +39,7 @@
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::SwiftProxy
- OS::TripleO::Services::SwiftRingBuilder
diff --git a/roles_data.yaml b/roles_data.yaml
index 8f670994..7799fdae 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -47,6 +47,7 @@
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderBackendDellPs
- OS::TripleO::Services::CinderBackendDellSc
+ - OS::TripleO::Services::CinderBackendDellEMCUnity
- OS::TripleO::Services::CinderBackendNetApp
- OS::TripleO::Services::CinderBackendScaleIO
- OS::TripleO::Services::CinderBackendVRTSHyperScale
@@ -111,6 +112,7 @@
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::NovaVncProxy
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OctaviaApi
- OS::TripleO::Services::OctaviaHealthManager
- OS::TripleO::Services::OctaviaHousekeeping
@@ -185,6 +187,7 @@
- OS::TripleO::Services::NovaLibvirt
- OS::TripleO::Services::NovaMigrationTarget
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::OpenDaylightOvs
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
@@ -219,6 +222,7 @@
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
@@ -255,6 +259,7 @@
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
@@ -285,6 +290,7 @@
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQLClient
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::Securetty
- OS::TripleO::Services::SensuClient
- OS::TripleO::Services::Snmp
diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml
index d61d1a2f..4628665b 100644
--- a/roles_data_undercloud.yaml
+++ b/roles_data_undercloud.yaml
@@ -42,6 +42,7 @@
- OS::TripleO::Services::NovaPlacement
- OS::TripleO::Services::NovaScheduler
- OS::TripleO::Services::Ntp
+ - OS::TripleO::Services::ContainersLogrotateCrond
- OS::TripleO::Services::RabbitMQ
- OS::TripleO::Services::SwiftProxy
- OS::TripleO::Services::SwiftRingBuilder
diff --git a/sample-env-generator/composable-roles.yaml b/sample-env-generator/composable-roles.yaml
new file mode 100644
index 00000000..91d6060f
--- /dev/null
+++ b/sample-env-generator/composable-roles.yaml
@@ -0,0 +1,174 @@
+#
+# This environment generator is used to generate some sample composable role
+# environment files.
+#
+environments:
+ -
+ name: composable-roles/monolithic-nonha
+ title: Monolithic Controller Non-HA deployment
+ description: |
+ A Heat environment that can be used to deploy controller and compute
+ services in an Non-HA configuration with SSL undercloud only and a
+ flat network.
+ This should be used with a roles_data.yaml containing the Controller,
+ Compute and CephStorage roles.
+ openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage
+ files:
+ overcloud.yaml:
+ parameters:
+ - ControllerHostnameFormat
+ - ComputeHostnameFormat
+ - CephStorageHostnameFormat
+ - ControllerCount
+ - ComputeCount
+ - CephStorageCount
+ puppet/services/time/ntp.yaml:
+ parameters:
+ - NtpServer
+ sample-env-generator/composable-roles.yaml:
+ parameters:
+ - DnsServers
+ - OvercloudControllerFlavor
+ - OvercloudComputeFlavor
+ - OvercloudCephStorageFlavor
+ sample_values:
+ ControllerCount: 1
+ OvercloudControllerFlavor: control
+ ComputeCount: 1
+ OvercloudComputeFlavor: compute
+ CephStorageCount: 1
+ OvercloudCephStorageFlavor: ceph
+
+ -
+ name: composable-roles/monolithic-ha
+ title: Monolithic Controller HA deployment
+ description: |
+ A Heat environment that can be used to deploy controller and compute
+ services in an HA configuration with SSL everywhere and network
+ isolation.
+ This should be used with a roles_data.yaml containing the Controller,
+ Compute and CephStorage roles.
+ openstack overcloud roles generate -o ~/roles_data.yaml Controller Compute CephStorage
+ files:
+ overcloud.yaml:
+ parameters:
+ - ControllerHostnameFormat
+ - ComputeHostnameFormat
+ - CephStorageHostnameFormat
+ - ControllerCount
+ - ComputeCount
+ - CephStorageCount
+ puppet/services/time/ntp.yaml:
+ parameters:
+ - NtpServer
+ sample-env-generator/composable-roles.yaml:
+ parameters:
+ - DnsServers
+ - OvercloudControllerFlavor
+ - OvercloudComputeFlavor
+ - OvercloudCephStorageFlavor
+ sample_values:
+ ControllerCount: 3
+ OvercloudControllerFlavor: control
+ ComputeCount: 3
+ OvercloudComputeFlavor: compute
+ CephStorageCount: 1
+ OvercloudCephStorageFlavor: ceph
+
+ -
+ name: composable-roles/standalone
+ title: Controller HA deployment with standalone Database, Messaging and Networker nodes.
+ description: |
+ A Heat environment that can be used to deploy controller, database,
+ messaging, networker and compute services in an HA configuration with SSL
+ everywhere and network isolation.
+ This should be used with a roles_data.yaml containing the
+ ControllerOpenstack, Database, Messaging, Networker, Compute and
+ CephStorage roles.
+ openstack overcloud roles generate -o ~/roles_data.yaml ControllerOpenstack Database Messaging Networker Compute CephStorage
+ files:
+ overcloud.yaml:
+ parameters:
+ - ControllerHostnameFormat
+ - ComputeHostnameFormat
+ - CephStorageHostnameFormat
+ - ControllerCount
+ - ComputeCount
+ - CephStorageCount
+ puppet/services/time/ntp.yaml:
+ parameters:
+ - NtpServer
+ sample-env-generator/composable-roles.yaml:
+ parameters:
+ - DnsServers
+ - DatabaseCount
+ - MessagingCount
+ - NetworkerCount
+ - OvercloudControllerFlavor
+ - OvercloudComputeFlavor
+ - OvercloudCephStorageFlavor
+ - OvercloudDatabaseFlavor
+ - OvercloudMessagingFlavor
+ - OvercloudNetworkerFlavor
+ sample_values:
+ ControllerCount: 3
+ OvercloudControllerFlavor: control
+ ComputeCount: 1
+ OvercloudComputeFlavor: compute
+ CephStorageCount: 1
+ OvercloudCephStorageFlavor: ceph
+ DatabaseCount: 3
+ OvercloudDatabaseFlavor: db
+ MessagingCount: 3
+ OvercloudMessagingFlavor: messaging
+ NetworkerCount: 2
+ OvercloudNetworkerFlavor: networker
+
+
+# NOTE(aschultz): So because these are dynamic based on the roles used, we
+# do not currently define these in any heat files. So we're defining them here
+# so that the sample env generator can still provide these configuration items
+# in the generated config files.
+parameters:
+ DnsServers:
+ default: ['8.8.8.8', '8,8.4.4']
+ description: DNS servers to use for the Overcloud
+ type: comma_delimited_list
+ # Dynamic vars based on roles
+ DatabaseCount:
+ default: 0
+ description: Number of Database nodes
+ type: number
+ MessagingCount:
+ default: 0
+ description: Number of Messaging nodes
+ type: number
+ NetworkerCount:
+ default: 0
+ description: Number of Networker nodes
+ type: number
+ OvercloudControllerFlavor:
+ default: control
+ description: Name of the flavor for Controller nodes
+ type: string
+ OvercloudComputeFlavor:
+ default: compute
+ description: Name of the flavor for Compute nodes
+ type: string
+ OvercloudCephStorageFlavor:
+ default: compute
+ description: Name of the flavor for Ceph nodes
+ type: string
+ OvercloudDatabaseFlavor:
+ default: database
+ description: Name of the flavor for Database nodes
+ type: string
+ OvercloudMessagingFlavor:
+ default: messaging
+ description: Name of the flavor for Messaging nodes
+ type: string
+ OvercloudNetworkerFlavor:
+ default: networker
+ description: Name of the flavor for Networker nodes
+ type: string
+
diff --git a/tripleo_heat_templates/environment_generator.py b/tripleo_heat_templates/environment_generator.py
index 876dd854..f1469390 100755
--- a/tripleo_heat_templates/environment_generator.py
+++ b/tripleo_heat_templates/environment_generator.py
@@ -50,7 +50,7 @@ _PRIVATE_OVERRIDES = ['server', 'servers', 'NodeIndex', 'DefaultPasswords']
# static. This allows us to generate sample environments using them when
# necessary, but they won't be improperly included by accident.
_HIDDEN_PARAMS = ['EndpointMap', 'RoleName', 'RoleParameters',
- 'ServiceNetMap',
+ 'ServiceNetMap', 'ServiceData',
]