summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--capabilities-map.yaml10
-rw-r--r--ci/environments/multinode-3nodes.yaml2
-rw-r--r--ci/environments/multinode.yaml1
-rw-r--r--ci/environments/multinode_major_upgrade.yaml1
-rw-r--r--ci/environments/scenario001-multinode.yaml1
-rw-r--r--ci/environments/scenario002-multinode.yaml1
-rw-r--r--ci/environments/scenario003-multinode.yaml1
-rw-r--r--ci/environments/scenario004-multinode.yaml1
-rw-r--r--deployed-server/deployed-server.yaml2
-rwxr-xr-xdocker/docker-puppet.py11
-rw-r--r--docker/docker-steps.j213
-rw-r--r--docker/services/gnocchi-api.yaml4
-rw-r--r--docker/services/gnocchi-metricd.yaml4
-rw-r--r--docker/services/gnocchi-statsd.yaml4
-rw-r--r--docker/services/keystone.yaml17
-rw-r--r--docker/services/nova-api.yaml5
-rw-r--r--environments/cinder-netapp-config.yaml2
-rw-r--r--environments/docker-services-tls-everywhere.yaml28
-rw-r--r--extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml37
-rw-r--r--extraconfig/tasks/swift-ring-deploy.yaml31
-rw-r--r--extraconfig/tasks/swift-ring-update.yaml42
-rwxr-xr-xextraconfig/tasks/yum_update.sh14
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml7
-rw-r--r--overcloud.j2.yaml10
-rw-r--r--plan-environment.yaml13
-rw-r--r--puppet/controller-role.yaml1
-rw-r--r--puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml157
-rw-r--r--puppet/puppet-steps.j218
-rw-r--r--puppet/role.role.j2.yaml1
-rw-r--r--puppet/services/apache.yaml6
-rw-r--r--puppet/services/cinder-backend-netapp.yaml129
-rw-r--r--puppet/services/kernel.yaml8
-rw-r--r--puppet/services/keystone.yaml10
-rw-r--r--puppet/services/swift-ringbuilder.yaml10
-rw-r--r--releasenotes/notes/add-ipv6-diable-options-9aaee219bb87ac6a.yaml7
-rw-r--r--releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml18
-rw-r--r--releasenotes/notes/update-on-rhel-registration-afbef3ead983b08f.yaml6
-rw-r--r--releasenotes/notes/update-plan-environment-4e164b57a801e2cb.yaml3
-rw-r--r--roles_data.yaml17
-rw-r--r--roles_data_undercloud.yaml5
40 files changed, 380 insertions, 278 deletions
diff --git a/capabilities-map.yaml b/capabilities-map.yaml
index 947ba8b6..0af0e822 100644
--- a/capabilities-map.yaml
+++ b/capabilities-map.yaml
@@ -552,7 +552,7 @@ topics:
description: Enable monitoring agents
environments:
- file: environments/monitoring-environment.yaml
- title: enable monitoring agents
+ title: Enable monitoring agents
description:
requires:
- overcloud-resource-registry-puppet.yaml
@@ -564,6 +564,14 @@ topics:
description:
requires:
- overcloud-resource-registry-puppet.yaml
+ - title: Performance monitoring
+ description: Enable performance monitoring agents
+ environments:
+ - file: environments/collectd-environment.yaml
+ title: Enable performance monitoring agents
+ description:
+ requires:
+ - overcloud-resource-registry-puppet.yaml
- title: Security Options
description: Security Hardening Options
diff --git a/ci/environments/multinode-3nodes.yaml b/ci/environments/multinode-3nodes.yaml
index 8307db96..56013adf 100644
--- a/ci/environments/multinode-3nodes.yaml
+++ b/ci/environments/multinode-3nodes.yaml
@@ -24,6 +24,7 @@
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderScheduler
+ - OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
@@ -62,6 +63,7 @@
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::MySQL
- OS::TripleO::Services::MySQLClient
diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml
index c946ec8a..d0d6ba99 100644
--- a/ci/environments/multinode.yaml
+++ b/ci/environments/multinode.yaml
@@ -18,6 +18,7 @@ parameter_defaults:
- OS::TripleO::Services::CinderApi
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
diff --git a/ci/environments/multinode_major_upgrade.yaml b/ci/environments/multinode_major_upgrade.yaml
index 2251cc0c..c97080fb 100644
--- a/ci/environments/multinode_major_upgrade.yaml
+++ b/ci/environments/multinode_major_upgrade.yaml
@@ -14,6 +14,7 @@ resource_registry:
parameter_defaults:
ControllerServices:
- OS::TripleO::Services::CACerts
+ - OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
diff --git a/ci/environments/scenario001-multinode.yaml b/ci/environments/scenario001-multinode.yaml
index 5dd1f0f6..0282c385 100644
--- a/ci/environments/scenario001-multinode.yaml
+++ b/ci/environments/scenario001-multinode.yaml
@@ -23,6 +23,7 @@ resource_registry:
parameter_defaults:
ControllerServices:
+ - OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
diff --git a/ci/environments/scenario002-multinode.yaml b/ci/environments/scenario002-multinode.yaml
index cbcfa9b3..38d24ee1 100644
--- a/ci/environments/scenario002-multinode.yaml
+++ b/ci/environments/scenario002-multinode.yaml
@@ -17,6 +17,7 @@ resource_registry:
parameter_defaults:
ControllerServices:
+ - OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
diff --git a/ci/environments/scenario003-multinode.yaml b/ci/environments/scenario003-multinode.yaml
index 6e926f74..5472b494 100644
--- a/ci/environments/scenario003-multinode.yaml
+++ b/ci/environments/scenario003-multinode.yaml
@@ -17,6 +17,7 @@ resource_registry:
parameter_defaults:
ControllerServices:
+ - OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
diff --git a/ci/environments/scenario004-multinode.yaml b/ci/environments/scenario004-multinode.yaml
index 7428d426..25fad4bb 100644
--- a/ci/environments/scenario004-multinode.yaml
+++ b/ci/environments/scenario004-multinode.yaml
@@ -31,6 +31,7 @@ parameter_defaults:
- OS::TripleO::Services::CephMon
- OS::TripleO::Services::CephOSD
- OS::TripleO::Services::CephRgw
+ - OS::TripleO::Services::Docker
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
- OS::TripleO::Services::GlanceApi
diff --git a/deployed-server/deployed-server.yaml b/deployed-server/deployed-server.yaml
index 1e8afb25..afdb5d0c 100644
--- a/deployed-server/deployed-server.yaml
+++ b/deployed-server/deployed-server.yaml
@@ -81,6 +81,7 @@ resources:
InstanceIdDeployment:
type: OS::Heat::StructuredDeployment
properties:
+ name: InstanceIdDeployment
config: {get_resource: InstanceIdConfig}
server: {get_resource: deployed-server}
depends_on: UpgradeInitDeployment
@@ -103,6 +104,7 @@ resources:
HostsEntryDeployment:
type: OS::Heat::SoftwareDeployment
properties:
+ name: HostsEntryDeployment
config: {get_resource: HostsEntryConfig}
server: {get_resource: deployed-server}
diff --git a/docker/docker-puppet.py b/docker/docker-puppet.py
index c364d039..909a2c8a 100755
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@@ -61,7 +61,10 @@ def rm_container(name):
stderr=subprocess.PIPE)
cmd_stdout, cmd_stderr = subproc.communicate()
print(cmd_stdout)
- print(cmd_stderr)
+ if cmd_stderr and \
+ cmd_stderr != 'Error response from daemon: ' \
+ 'No such container: {}\n'.format(name):
+ print(cmd_stderr)
process_count = int(os.environ.get('PROCESS_COUNT',
multiprocessing.cpu_count()))
@@ -202,6 +205,12 @@ def mp_puppet_config((config_volume, puppet_tags, manifest, config_image, volume
'--volume', '/usr/share/openstack-puppet/modules/:/usr/share/openstack-puppet/modules/:ro',
'--volume', '/var/lib/config-data/:/var/lib/config-data/:rw',
'--volume', 'tripleo_logs:/var/log/tripleo/',
+ # OpenSSL trusted CA injection
+ '--volume', '/etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro',
+ '--volume', '/etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro',
+ '--volume', '/etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro',
+ '--volume', '/etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro',
+ # script injection
'--volume', '%s:%s:rw' % (sh_script, sh_script) ]
for volume in volumes:
diff --git a/docker/docker-steps.j2 b/docker/docker-steps.j2
index 301d838f..f0af8e25 100644
--- a/docker/docker-steps.j2
+++ b/docker/docker-steps.j2
@@ -1,7 +1,14 @@
# certain initialization steps (run in a container) will occur
-# on the first role listed in the roles file
-{% set primary_role_name = roles[0].name -%}
-
+# on the role marked as primary controller or the first role listed
+{%- set primary_role = [roles[0]] -%}
+{%- for role in roles -%}
+ {%- if 'primary' in role.tags and 'controller' in role.tags -%}
+ {%- set _ = primary_role.pop() -%}
+ {%- set _ = primary_role.append(role) -%}
+ {%- endif -%}
+{%- endfor -%}
+{%- set primary_role_name = primary_role[0].name -%}
+# primary role is: {{primary_role_name}}
heat_template_version: ocata
description: >
diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml
index 08f4b56b..659785aa 100644
--- a/docker/services/gnocchi-api.yaml
+++ b/docker/services/gnocchi-api.yaml
@@ -96,3 +96,7 @@ outputs:
- /etc/localtime:/etc/localtime:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable httpd service
+ tags: step2
+ service: name=httpd state=stopped enabled=no
diff --git a/docker/services/gnocchi-metricd.yaml b/docker/services/gnocchi-metricd.yaml
index 6b41eaa3..78494d66 100644
--- a/docker/services/gnocchi-metricd.yaml
+++ b/docker/services/gnocchi-metricd.yaml
@@ -71,3 +71,7 @@ outputs:
- /etc/localtime:/etc/localtime:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable openstack-gnocchi-metricd service
+ tags: step2
+ service: name=openstack-gnocchi-metricd.service state=stopped enabled=no
diff --git a/docker/services/gnocchi-statsd.yaml b/docker/services/gnocchi-statsd.yaml
index 93b616c4..7f439846 100644
--- a/docker/services/gnocchi-statsd.yaml
+++ b/docker/services/gnocchi-statsd.yaml
@@ -71,3 +71,7 @@ outputs:
- /etc/localtime:/etc/localtime:ro
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
+ upgrade_tasks:
+ - name: Stop and disable openstack-gnocchi-statsd service
+ tags: step2
+ service: name=openstack-gnocchi-statsd.service state=stopped enabled=no
diff --git a/docker/services/keystone.yaml b/docker/services/keystone.yaml
index 90ddeb9f..526a357b 100644
--- a/docker/services/keystone.yaml
+++ b/docker/services/keystone.yaml
@@ -36,6 +36,9 @@ parameters:
default: 'fernet'
constraints:
- allowed_values: ['uuid', 'fernet']
+ EnableInternalTLS:
+ type: boolean
+ default: false
resources:
@@ -46,6 +49,10 @@ resources:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
+
outputs:
role_data:
description: Role data for the Keystone API role.
@@ -96,6 +103,16 @@ outputs:
- /etc/hosts:/etc/hosts:ro
- /etc/localtime:/etc/localtime:ro
- logs:/var/log
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_BOOTSTRAP=True
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index 4cd48b75..97fafb09 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -50,7 +50,10 @@ outputs:
- get_attr: [NovaApiBase, role_data, config_settings]
- apache::default_vhost: false
step_config: &step_config
- get_attr: [NovaApiBase, role_data, step_config]
+ list_join:
+ - "\n"
+ - - "['Nova_cell_v2'].each |String $val| { noop_resource($val) }"
+ - {get_attr: [NovaApiBase, role_data, step_config]}
service_config_settings: {get_attr: [NovaApiBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
diff --git a/environments/cinder-netapp-config.yaml b/environments/cinder-netapp-config.yaml
index b9a84342..dfd15893 100644
--- a/environments/cinder-netapp-config.yaml
+++ b/environments/cinder-netapp-config.yaml
@@ -1,7 +1,7 @@
# A Heat environment file which can be used to enable a
# a Cinder NetApp backend, configured via puppet
resource_registry:
- OS::TripleO::ControllerExtraConfigPre: ../puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
+ OS::TripleO::Services::CinderBackendNetApp: ../puppet/services/cinder-backend-netapp.yaml
parameter_defaults:
CinderEnableNetappBackend: true
diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml
new file mode 100644
index 00000000..ec39951b
--- /dev/null
+++ b/environments/docker-services-tls-everywhere.yaml
@@ -0,0 +1,28 @@
+# This environment contains the services that can work with TLS-everywhere.
+resource_registry:
+ # This can be used when you don't want to run puppet on the host,
+ # e.g atomic, but it has been replaced with OS::TripleO::Services::Docker
+ # OS::TripleO::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
+ OS::TripleO::Services::Docker: ../puppet/services/docker.yaml
+ # The compute node still needs extra initialization steps
+ OS::TripleO::Compute::NodeUserData: ../docker/firstboot/setup_docker_host.yaml
+
+ # NOTE: add roles to be docker enabled as we support them.
+ OS::TripleO::Services::Keystone: ../docker/services/keystone.yaml
+
+ OS::TripleO::PostDeploySteps: ../docker/post.yaml
+ OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
+
+ OS::TripleO::Services: ../docker/services/services.yaml
+
+parameter_defaults:
+ # Defaults to 'tripleoupstream'. Specify a local docker registry
+ # Example: 192.168.24.1:8787/tripleoupstream
+ DockerNamespace: tripleoupstream
+ DockerNamespaceIsRegistry: false
+
+ ComputeServices:
+ - OS::TripleO::Services::NovaCompute
+ - OS::TripleO::Services::NovaLibvirt
+ - OS::TripleO::Services::ComputeNeutronOvsAgent
+ - OS::TripleO::Services::Docker
diff --git a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
index e8316c53..30a83550 100644
--- a/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
+++ b/extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
@@ -53,6 +53,12 @@ parameters:
type: string
rhel_reg_http_proxy_password:
type: string
+ UpdateOnRHELRegistration:
+ type: boolean
+ default: false
+ description: |
+ When enabled, the system will perform a yum update after performing the
+ RHEL Registration process.
resources:
@@ -134,6 +140,37 @@ resources:
input_values:
REG_METHOD: {get_param: rhel_reg_method}
+ YumUpdateConfigurationAfterRHELRegistration:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ config: |
+ #!/bin/bash
+ set -x
+ num_updates=$(yum list -q updates | wc -l)
+ if [ "$num_updates" -eq "0" ]; then
+ echo "No packages require updating"
+ exit 0
+ fi
+ full_command="yum -q -y update"
+ echo "Running: $full_command"
+ result=$($full_command)
+ return_code=$?
+ echo "$result"
+ echo "yum return code: $return_code"
+ exit $return_code
+
+ UpdateDeploymentAfterRHELRegistration:
+ type: OS::Heat::SoftwareDeployment
+ depends_on: RHELRegistrationDeployment
+ conditions:
+ update_requested: {get_param: UpdateOnRHELRegistration}
+ properties:
+ name: UpdateDeploymentAfterRHELRegistration
+ config: {get_resource: YumUpdateConfigurationAfterRHELRegistration}
+ server: {get_param: server}
+ actions: ['CREATE'] # Only do this on CREATE
+
outputs:
deploy_stdout:
description: Deployment reference, used to trigger puppet apply on changes
diff --git a/extraconfig/tasks/swift-ring-deploy.yaml b/extraconfig/tasks/swift-ring-deploy.yaml
deleted file mode 100644
index d17f78ae..00000000
--- a/extraconfig/tasks/swift-ring-deploy.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-heat_template_version: ocata
-
-parameters:
- servers:
- type: json
- SwiftRingGetTempurl:
- default: ''
- description: A temporary Swift URL to download rings from.
- type: string
-
-resources:
- SwiftRingDeployConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- inputs:
- - name: swift_ring_get_tempurl
- config: |
- #!/bin/sh
- pushd /
- curl --insecure --silent "${swift_ring_get_tempurl}" | tar xz || true
- popd
-
- SwiftRingDeploy:
- type: OS::Heat::SoftwareDeployments
- properties:
- name: SwiftRingDeploy
- config: {get_resource: SwiftRingDeployConfig}
- servers: {get_param: servers}
- input_values:
- swift_ring_get_tempurl: {get_param: SwiftRingGetTempurl}
diff --git a/extraconfig/tasks/swift-ring-update.yaml b/extraconfig/tasks/swift-ring-update.yaml
deleted file mode 100644
index 440c6883..00000000
--- a/extraconfig/tasks/swift-ring-update.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-heat_template_version: ocata
-
-parameters:
- servers:
- type: json
- SwiftRingPutTempurl:
- default: ''
- description: A temporary Swift URL to upload rings to.
- type: string
-
-resources:
- SwiftRingUpdateConfig:
- type: OS::Heat::SoftwareConfig
- properties:
- group: script
- inputs:
- - name: swift_ring_put_tempurl
- config: |
- #!/bin/sh
- TMP_DATA=$(mktemp -d)
- function cleanup {
- rm -Rf "$TMP_DATA"
- }
- trap cleanup EXIT
- # sanity check in case rings are not consistent within cluster
- swift-recon --md5 | grep -q "doesn't match" && exit 1
- pushd ${TMP_DATA}
- tar -cvzf swift-rings.tar.gz /etc/swift/*.builder /etc/swift/*.ring.gz /etc/swift/backups/*
- resp=`curl --insecure --silent -X PUT "${swift_ring_put_tempurl}" --write-out "%{http_code}" --data-binary @swift-rings.tar.gz`
- popd
- if [ "$resp" != "201" ]; then
- exit 1
- fi
-
- SwiftRingUpdate:
- type: OS::Heat::SoftwareDeployments
- properties:
- name: SwiftRingUpdate
- config: {get_resource: SwiftRingUpdateConfig}
- servers: {get_param: servers}
- input_values:
- swift_ring_put_tempurl: {get_param: SwiftRingPutTempurl}
diff --git a/extraconfig/tasks/yum_update.sh b/extraconfig/tasks/yum_update.sh
index ad368278..20a5b658 100755
--- a/extraconfig/tasks/yum_update.sh
+++ b/extraconfig/tasks/yum_update.sh
@@ -40,9 +40,17 @@ touch "$timestamp_file"
command_arguments=${command_arguments:-}
-list_updates=$(yum list updates)
-
-if [[ "$list_updates" == "" ]]; then
+# yum check-update exits 100 if updates are available
+set +e
+check_update=$(yum check-update 2>&1)
+check_update_exit=$?
+set -e
+
+if [[ "$check_update_exit" == "1" ]]; then
+ echo "Failed to check for package updates"
+ echo "$check_update"
+ exit 1
+elif [[ "$check_update_exit" != "100" ]]; then
echo "No packages require updating"
exit 0
fi
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 689d6396..b1780680 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -11,9 +11,6 @@ resource_registry:
OS::TripleO::Tasks::UpdateWorkflow: OS::Heat::None
OS::TripleO::Tasks::PackageUpdate: extraconfig/tasks/yum_update.yaml
- OS::TripleO::Tasks::SwiftRingDeploy: extraconfig/tasks/swift-ring-deploy.yaml
- OS::TripleO::Tasks::SwiftRingUpdate: extraconfig/tasks/swift-ring-update.yaml
-
{% for role in roles %}
OS::TripleO::{{role.name}}::PreNetworkConfig: OS::Heat::None
OS::TripleO::{{role.name}}PostDeploySteps: puppet/post.yaml
@@ -242,6 +239,10 @@ resource_registry:
OS::TripleO::Services::Zaqar: OS::Heat::None
OS::TripleO::Services::NeutronML2FujitsuCfab: OS::Heat::None
OS::TripleO::Services::NeutronML2FujitsuFossw: OS::Heat::None
+ OS::TripleO::Services::CinderBackendDellPs: OS::Heat::None
+ OS::TripleO::Services::CinderBackendDellSc: OS::Heat::None
+ OS::TripleO::Services::CinderBackendNetApp: OS::Heat::None
+ OS::TripleO::Services::CinderBackendScaleIO: OS::Heat::None
OS::TripleO::Services::CinderHPELeftHandISCSI: OS::Heat::None
OS::TripleO::Services::Etcd: OS::Heat::None
OS::TripleO::Services::Ec2Api: OS::Heat::None
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index 8998ce11..87e67eac 100644
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -1,4 +1,12 @@
-{% set primary_role_name = roles[0].name -%}
+{%- set primary_role = [roles[0]] -%}
+{%- for role in roles -%}
+ {%- if 'primary' in role.tags and 'controller' in role.tags -%}
+ {%- set _ = primary_role.pop() -%}
+ {%- set _ = primary_role.append(role) -%}
+ {%- endif -%}
+{%- endfor -%}
+{%- set primary_role_name = primary_role[0].name -%}
+# primary role is: {{primary_role_name}}
heat_template_version: ocata
description: >
diff --git a/plan-environment.yaml b/plan-environment.yaml
index f629eff3..1f9c8211 100644
--- a/plan-environment.yaml
+++ b/plan-environment.yaml
@@ -1,5 +1,8 @@
-version: 1.0
-
-template: overcloud.yaml
-environments:
-- path: overcloud-resource-registry-puppet.yaml
+version: 1.0
+
+name: overcloud
+description: >
+ Default Deployment plan
+template: overcloud.yaml
+environments:
+ - path: overcloud-resource-registry-puppet.yaml
diff --git a/puppet/controller-role.yaml b/puppet/controller-role.yaml
index 2f4f583c..3d32add2 100644
--- a/puppet/controller-role.yaml
+++ b/puppet/controller-role.yaml
@@ -467,7 +467,6 @@ resources:
- all_nodes # provided by allNodesConfig
- vip_data # provided by allNodesConfig
- '"%{::osfamily}"'
- - cinder_netapp_data # Optionally provided by ControllerExtraConfigPre
- neutron_bigswitch_data # Optionally provided by ControllerExtraConfigPre
- neutron_cisco_data # Optionally provided by ControllerExtraConfigPre
- cisco_n1kv_data # Optionally provided by ControllerExtraConfigPre
diff --git a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml b/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
deleted file mode 100644
index 378f7f98..00000000
--- a/puppet/extraconfig/pre_deploy/controller/cinder-netapp.yaml
+++ /dev/null
@@ -1,157 +0,0 @@
-heat_template_version: ocata
-
-description: Configure hieradata for Cinder Netapp configuration
-
-parameters:
- server:
- description: ID of the controller node to apply this config to
- type: string
-
- # Config specific parameters, to be provided via parameter_defaults
- CinderEnableNetappBackend:
- type: boolean
- default: true
- CinderNetappBackendName:
- type: string
- default: 'tripleo_netapp'
- CinderNetappLogin:
- type: string
- CinderNetappPassword:
- type: string
- hidden: true
- CinderNetappServerHostname:
- type: string
- CinderNetappServerPort:
- type: string
- default: '80'
- CinderNetappSizeMultiplier:
- type: string
- default: '1.2'
- CinderNetappStorageFamily:
- type: string
- default: 'ontap_cluster'
- CinderNetappStorageProtocol:
- type: string
- default: 'nfs'
- CinderNetappTransportType:
- type: string
- default: 'http'
- CinderNetappVfiler:
- type: string
- default: ''
- CinderNetappVolumeList:
- type: string
- default: ''
- CinderNetappVserver:
- type: string
- default: ''
- CinderNetappPartnerBackendName:
- type: string
- default: ''
- CinderNetappNfsShares:
- type: string
- default: ''
- CinderNetappNfsSharesConfig:
- type: string
- default: '/etc/cinder/shares.conf'
- CinderNetappNfsMountOptions:
- type: string
- default: ''
- CinderNetappCopyOffloadToolPath:
- type: string
- default: ''
- CinderNetappControllerIps:
- type: string
- default: ''
- CinderNetappSaPassword:
- type: string
- default: ''
- hidden: true
- CinderNetappStoragePools:
- type: string
- default: ''
- CinderNetappHostType:
- type: string
- default: ''
- CinderNetappWebservicePath:
- type: string
- default: '/devmgr/v2'
- # DEPRECATED options for compatibility with older versions
- CinderNetappEseriesHostType:
- type: string
- default: 'linux_dm_mp'
-
-parameter_groups:
-- label: deprecated
- description: Do not use deprecated params, they will be removed.
- parameters:
- - CinderNetappEseriesHostType
-
-resources:
- CinderNetappConfig:
- type: OS::Heat::StructuredConfig
- properties:
- group: hiera
- config:
- datafiles:
- cinder_netapp_data:
- mapped_data:
- tripleo::profile::base::cinder::volume::cinder_enable_netapp_backend: {get_input: EnableNetappBackend}
- cinder::backend::netapp::title: {get_input: NetappBackendName}
- cinder::backend::netapp::netapp_login: {get_input: NetappLogin}
- cinder::backend::netapp::netapp_password: {get_input: NetappPassword}
- cinder::backend::netapp::netapp_server_hostname: {get_input: NetappServerHostname}
- cinder::backend::netapp::netapp_server_port: {get_input: NetappServerPort}
- cinder::backend::netapp::netapp_size_multiplier: {get_input: NetappSizeMultiplier}
- cinder::backend::netapp::netapp_storage_family: {get_input: NetappStorageFamily}
- cinder::backend::netapp::netapp_storage_protocol: {get_input: NetappStorageProtocol}
- cinder::backend::netapp::netapp_transport_type: {get_input: NetappTransportType}
- cinder::backend::netapp::netapp_vfiler: {get_input: NetappVfiler}
- cinder::backend::netapp::netapp_volume_list: {get_input: NetappVolumeList}
- cinder::backend::netapp::netapp_vserver: {get_input: NetappVserver}
- cinder::backend::netapp::netapp_partner_backend_name: {get_input: NetappPartnerBackendName}
- cinder::backend::netapp::nfs_shares: {get_input: NetappNfsShares}
- cinder::backend::netapp::nfs_shares_config: {get_input: NetappNfsSharesConfig}
- cinder::backend::netapp::nfs_mount_options: {get_input: NetappNfsMountOptions}
- cinder::backend::netapp::netapp_copyoffload_tool_path: {get_input: NetappCopyOffloadToolPath}
- cinder::backend::netapp::netapp_controller_ips: {get_input: NetappControllerIps}
- cinder::backend::netapp::netapp_sa_password: {get_input: NetappSaPassword}
- cinder::backend::netapp::netapp_storage_pools: {get_input: NetappStoragePools}
- cinder::backend::netapp::netapp_host_type: {get_input: NetappHostType}
- cinder::backend::netapp::netapp_webservice_path: {get_input: NetappWebservicePath}
-
- CinderNetappDeployment:
- type: OS::Heat::StructuredDeployment
- properties:
- name: CinderNetappDeployment
- config: {get_resource: CinderNetappConfig}
- server: {get_param: server}
- input_values:
- EnableNetappBackend: {get_param: CinderEnableNetappBackend}
- NetappBackendName: {get_param: CinderNetappBackendName}
- NetappLogin: {get_param: CinderNetappLogin}
- NetappPassword: {get_param: CinderNetappPassword}
- NetappServerHostname: {get_param: CinderNetappServerHostname}
- NetappServerPort: {get_param: CinderNetappServerPort}
- NetappSizeMultiplier: {get_param: CinderNetappSizeMultiplier}
- NetappStorageFamily: {get_param: CinderNetappStorageFamily}
- NetappStorageProtocol: {get_param: CinderNetappStorageProtocol}
- NetappTransportType: {get_param: CinderNetappTransportType}
- NetappVfiler: {get_param: CinderNetappVfiler}
- NetappVolumeList: {get_param: CinderNetappVolumeList}
- NetappVserver: {get_param: CinderNetappVserver}
- NetappPartnerBackendName: {get_param: CinderNetappPartnerBackendName}
- NetappNfsShares: {get_param: CinderNetappNfsShares}
- NetappNfsSharesConfig: {get_param: CinderNetappNfsSharesConfig}
- NetappNfsMountOptions: {get_param: CinderNetappNfsMountOptions}
- NetappCopyOffloadToolPath: {get_param: CinderNetappCopyOffloadToolPath}
- NetappControllerIps: {get_param: CinderNetappControllerIps}
- NetappSaPassword: {get_param: CinderNetappSaPassword}
- NetappStoragePools: {get_param: CinderNetappStoragePools}
- NetappHostType: {get_param: CinderNetappHostType}
- NetappWebservicePath: {get_param: CinderNetappWebservicePath}
-
-outputs:
- deploy_stdout:
- description: Deployment reference, used to trigger puppet apply on changes
- value: {get_attr: [CinderNetappDeployment, deploy_stdout]}
diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2
index 86af6114..782a32c9 100644
--- a/puppet/puppet-steps.j2
+++ b/puppet/puppet-steps.j2
@@ -30,13 +30,6 @@
input_values:
update_identifier: {get_param: DeployIdentifier}
- {% if role.name in ['Controller', 'ObjectStorage'] %}
- {{role.name}}SwiftRingDeploy:
- type: OS::TripleO::Tasks::SwiftRingDeploy
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- {% endif %}
-
# Step through a series of configuration steps
{% for step in range(1, 6) %}
{{role.name}}Deployment_Step{{step}}:
@@ -88,15 +81,4 @@
servers: {get_param: [servers, {{role.name}}]}
input_values:
update_identifier: {get_param: DeployIdentifier}
-
- {% if role.name in ['Controller', 'ObjectStorage'] %}
- {{role.name}}SwiftRingUpdate:
- type: OS::TripleO::Tasks::SwiftRingUpdate
- depends_on:
- {% for dep in roles %}
- - {{dep.name}}Deployment_Step5
- {% endfor %}
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- {% endif %}
{% endfor %}
diff --git a/puppet/role.role.j2.yaml b/puppet/role.role.j2.yaml
index 1f68f41f..9227b527 100644
--- a/puppet/role.role.j2.yaml
+++ b/puppet/role.role.j2.yaml
@@ -483,6 +483,7 @@ resources:
type: OS::Heat::SoftwareDeployment
depends_on: NetworkDeployment
properties:
+ name: UpdateDeployment
config: {get_resource: UpdateConfig}
server: {get_resource: {{role}}}
input_values:
diff --git a/puppet/services/apache.yaml b/puppet/services/apache.yaml
index 9bd282f8..6e53b1f7 100644
--- a/puppet/services/apache.yaml
+++ b/puppet/services/apache.yaml
@@ -77,13 +77,15 @@ outputs:
- "%{hiera('apache_remote_proxy_ips_network')}"
-
generate_service_certificates: true
+ tripleo::certmonger::apache_dirs::certificate_dir: '/etc/pki/tls/certs/httpd'
+ tripleo::certmonger::apache_dirs::key_dir: '/etc/pki/tls/private/httpd'
apache_certificates_specs:
map_merge:
repeat:
template:
httpd-NETWORK:
- service_certificate: '/etc/pki/tls/certs/httpd-NETWORK.crt'
- service_key: '/etc/pki/tls/private/httpd-NETWORK.key'
+ service_certificate: '/etc/pki/tls/certs/httpd/httpd-NETWORK.crt'
+ service_key: '/etc/pki/tls/private/httpd/httpd-NETWORK.key'
hostname: "%{hiera('fqdn_NETWORK')}"
principal: "HTTP/%{hiera('fqdn_NETWORK')}"
for_each:
diff --git a/puppet/services/cinder-backend-netapp.yaml b/puppet/services/cinder-backend-netapp.yaml
new file mode 100644
index 00000000..29a0ce1b
--- /dev/null
+++ b/puppet/services/cinder-backend-netapp.yaml
@@ -0,0 +1,129 @@
+heat_template_version: ocata
+
+description: Openstack Cinder Netapp backend
+
+parameters:
+ CinderEnableNetappBackend:
+ type: boolean
+ default: true
+ CinderNetappBackendName:
+ type: string
+ default: 'tripleo_netapp'
+ CinderNetappLogin:
+ type: string
+ CinderNetappPassword:
+ type: string
+ hidden: true
+ CinderNetappServerHostname:
+ type: string
+ CinderNetappServerPort:
+ type: string
+ default: '80'
+ CinderNetappSizeMultiplier:
+ type: string
+ default: '1.2'
+ CinderNetappStorageFamily:
+ type: string
+ default: 'ontap_cluster'
+ CinderNetappStorageProtocol:
+ type: string
+ default: 'nfs'
+ CinderNetappTransportType:
+ type: string
+ default: 'http'
+ CinderNetappVfiler:
+ type: string
+ default: ''
+ CinderNetappVolumeList:
+ type: string
+ default: ''
+ CinderNetappVserver:
+ type: string
+ default: ''
+ CinderNetappPartnerBackendName:
+ type: string
+ default: ''
+ CinderNetappNfsShares:
+ type: string
+ default: ''
+ CinderNetappNfsSharesConfig:
+ type: string
+ default: '/etc/cinder/shares.conf'
+ CinderNetappNfsMountOptions:
+ type: string
+ default: ''
+ CinderNetappCopyOffloadToolPath:
+ type: string
+ default: ''
+ CinderNetappControllerIps:
+ type: string
+ default: ''
+ CinderNetappSaPassword:
+ type: string
+ default: ''
+ hidden: true
+ CinderNetappStoragePools:
+ type: string
+ default: ''
+ CinderNetappHostType:
+ type: string
+ default: ''
+ CinderNetappWebservicePath:
+ type: string
+ default: '/devmgr/v2'
+ # DEPRECATED options for compatibility with older versions
+ CinderNetappEseriesHostType:
+ type: string
+ default: 'linux_dm_mp'
+ ServiceNetMap:
+ default: {}
+ description: Mapping of service_name -> network name. Typically set
+ via parameter_defaults in the resource registry. This
+ mapping overrides those in ServiceNetMapDefaults.
+ type: json
+ DefaultPasswords:
+ default: {}
+ type: json
+ EndpointMap:
+ default: {}
+ type: json
+ description: Mapping of service endpoint -> protocol. Typically set
+ via parameter_defaults in the resource registry.
+
+parameter_groups:
+- label: deprecated
+ description: Do not use deprecated params, they will be removed.
+ parameters:
+ - CinderNetappEseriesHostType
+
+outputs:
+ role_data:
+ description: Role data for the Cinder NetApp backend.
+ value:
+ service_name: cinder_backend_netapp
+ config_settings:
+ tripleo::profile::base::cinder::volume::cinder_enable_netapp_backend: {get_param: CinderEnableNetappBackend}
+ cinder::backend::netapp::title: {get_param: CinderNetappBackendName}
+ cinder::backend::netapp::netapp_login: {get_param: CinderNetappLogin}
+ cinder::backend::netapp::netapp_password: {get_param: CinderNetappPassword}
+ cinder::backend::netapp::netapp_server_hostname: {get_param: CinderNetappServerHostname}
+ cinder::backend::netapp::netapp_server_port: {get_param: CinderNetappServerPort}
+ cinder::backend::netapp::netapp_size_multiplier: {get_param: CinderNetappSizeMultiplier}
+ cinder::backend::netapp::netapp_storage_family: {get_param: CinderNetappStorageFamily}
+ cinder::backend::netapp::netapp_storage_protocol: {get_param: CinderNetappStorageProtocol}
+ cinder::backend::netapp::netapp_transport_type: {get_param: CinderNetappTransportType}
+ cinder::backend::netapp::netapp_vfiler: {get_param: CinderNetappVfiler}
+ cinder::backend::netapp::netapp_volume_list: {get_param: CinderNetappVolumeList}
+ cinder::backend::netapp::netapp_vserver: {get_param: CinderNetappVserver}
+ cinder::backend::netapp::netapp_partner_backend_name: {get_param: CinderNetappPartnerBackendName}
+ cinder::backend::netapp::nfs_shares: {get_param: CinderNetappNfsShares}
+ cinder::backend::netapp::nfs_shares_config: {get_param: CinderNetappNfsSharesConfig}
+ cinder::backend::netapp::nfs_mount_options: {get_param: CinderNetappNfsMountOptions}
+ cinder::backend::netapp::netapp_copyoffload_tool_path: {get_param: CinderNetappCopyOffloadToolPath}
+ cinder::backend::netapp::netapp_controller_ips: {get_param: CinderNetappControllerIps}
+ cinder::backend::netapp::netapp_sa_password: {get_param: CinderNetappSaPassword}
+ cinder::backend::netapp::netapp_storage_pools: {get_param: CinderNetappStoragePools}
+ cinder::backend::netapp::netapp_host_type: {get_param: CinderNetappHostType}
+ cinder::backend::netapp::netapp_webservice_path: {get_param: CinderNetappWebservicePath}
+ step_config: |
+ include ::tripleo::profile::base::cinder::volume
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index 94b15d4b..2a335b67 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -22,6 +22,10 @@ parameters:
default: 1048576
description: Configures sysctl kernel.pid_max key
type: number
+ KernelDisableIPv6:
+ default: 0
+ description: Configures sysctl net.ipv6.{default/all}.disable_ipv6 keys
+ type: number
outputs:
role_data:
@@ -57,6 +61,10 @@ outputs:
value: 500000
net.netfilter.nf_conntrack_max:
value: 500000
+ net.ipv6.conf.default.disable_ipv6:
+ value: {get_param: KernelDisableIPv6}
+ net.ipv6.conf.all.disable_ipv6:
+ value: {get_param: KernelDisableIPv6}
# prevent neutron bridges from autoconfiguring ipv6 addresses
net.ipv6.conf.all.accept_ra:
value: 0
diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index 632d9b0b..7cf638b2 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -119,27 +119,27 @@ parameters:
Cron to purge expired tokens - Ensure
default: 'present'
KeystoneCronTokenFlushMinute:
- type: string
+ type: comma_delimited_list
description: >
Cron to purge expired tokens - Minute
default: '1'
KeystoneCronTokenFlushHour:
- type: string
+ type: comma_delimited_list
description: >
Cron to purge expired tokens - Hour
default: '0'
KeystoneCronTokenFlushMonthday:
- type: string
+ type: comma_delimited_list
description: >
Cron to purge expired tokens - Month Day
default: '*'
KeystoneCronTokenFlushMonth:
- type: string
+ type: comma_delimited_list
description: >
Cron to purge expired tokens - Month
default: '*'
KeystoneCronTokenFlushWeekday:
- type: string
+ type: comma_delimited_list
description: >
Cron to purge expired tokens - Week Day
default: '*'
diff --git a/puppet/services/swift-ringbuilder.yaml b/puppet/services/swift-ringbuilder.yaml
index 2e3c818f..f62d5e18 100644
--- a/puppet/services/swift-ringbuilder.yaml
+++ b/puppet/services/swift-ringbuilder.yaml
@@ -42,6 +42,14 @@ parameters:
default: true
description: 'Use a local directory for Swift storage services when building rings'
type: boolean
+ SwiftRingGetTempurl:
+ default: ''
+ description: A temporary Swift URL to download rings from.
+ type: string
+ SwiftRingPutTempurl:
+ default: ''
+ description: A temporary Swift URL to upload rings to.
+ type: string
conditions:
swift_use_local_dir:
@@ -59,6 +67,8 @@ outputs:
value:
service_name: swift_ringbuilder
config_settings:
+ tripleo::profile::base::swift::ringbuilder::swift_ring_get_tempurl: {get_param: SwiftRingGetTempurl}
+ tripleo::profile::base::swift::ringbuilder::swift_ring_put_tempurl: {get_param: SwiftRingPutTempurl}
tripleo::profile::base::swift::ringbuilder::build_ring: {get_param: SwiftRingBuild}
tripleo::profile::base::swift::ringbuilder::replicas: {get_param: SwiftReplicas}
tripleo::profile::base::swift::ringbuilder::part_power: {get_param: SwiftPartPower}
diff --git a/releasenotes/notes/add-ipv6-diable-options-9aaee219bb87ac6a.yaml b/releasenotes/notes/add-ipv6-diable-options-9aaee219bb87ac6a.yaml
new file mode 100644
index 00000000..8b57f587
--- /dev/null
+++ b/releasenotes/notes/add-ipv6-diable-options-9aaee219bb87ac6a.yaml
@@ -0,0 +1,7 @@
+---
+security:
+ - |
+ Add IPv6 disable option and make it configurable for user to disable IPv6
+ when it's not used, this will descrease the risk of ipv6 attack.
+ Both net.ipv6.conf.default.disable_ipv6 & net.ipv6.conf.all.disable_ipv6
+ will be explicitly set to the default value (0) which is enabled.
diff --git a/releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml b/releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml
new file mode 100644
index 00000000..dadbfa4b
--- /dev/null
+++ b/releasenotes/notes/role-tags-16ac2e9e8fcab218.yaml
@@ -0,0 +1,18 @@
+---
+features:
+ - |
+ Adds tags to roles that allow an operator to specify custom tags to use
+ when trying to find functionality available from a role. Currently a role
+ with both the 'primary' and 'controller' tag is consider to be the primary
+ role. Historically the role named 'Controller' was the 'primary' role and
+ this primary designation is used to determine items like memcache ip
+ addresses. If no roles have the both the 'primary' and 'controller' tags,
+ the first role specified in the roles_data.yaml is used as the primary
+ role.
+upgrade:
+ - |
+ If using custom roles data, the logic was changed to leverage the first
+ role listed in the roles_data.yaml file to be the primary role. This can
+ be worked around by adding the 'primary' and 'controller' tags to the
+ custom controller role in your roles_data.yaml to ensure that the defined
+ custom controller role is still considered the primary role.
diff --git a/releasenotes/notes/update-on-rhel-registration-afbef3ead983b08f.yaml b/releasenotes/notes/update-on-rhel-registration-afbef3ead983b08f.yaml
new file mode 100644
index 00000000..ad1f39c4
--- /dev/null
+++ b/releasenotes/notes/update-on-rhel-registration-afbef3ead983b08f.yaml
@@ -0,0 +1,6 @@
+---
+features:
+ - |
+ Adds a new boolean parameter for RHEL Registration called
+ 'UpdateOnRHELRegistration' that when enabled will trigger a yum update
+ on the node after the registration process completes.
diff --git a/releasenotes/notes/update-plan-environment-4e164b57a801e2cb.yaml b/releasenotes/notes/update-plan-environment-4e164b57a801e2cb.yaml
new file mode 100644
index 00000000..29d32cb7
--- /dev/null
+++ b/releasenotes/notes/update-plan-environment-4e164b57a801e2cb.yaml
@@ -0,0 +1,3 @@
+---
+features:
+ - Add name and description fields to plan-environment.yaml
diff --git a/roles_data.yaml b/roles_data.yaml
index 48859473..98061c0a 100644
--- a/roles_data.yaml
+++ b/roles_data.yaml
@@ -28,9 +28,18 @@
# ServicesDefault: (list) optional default list of services to be deployed
# on the role, defaults to an empty list. Sets the default for the
# {{role.name}}Services parameter in overcloud.yaml
-
-- name: Controller # the 'primary' role goes first
+#
+# tags: (list) list of tags used by other parts of the deployment process to
+# find the role for a specific type of functionality. Currently a role
+# with both 'primary' and 'controller' is used as the primary role for the
+# deployment process. If no roles have have 'primary' and 'controller', the
+# first role in this file is used as the primary role.
+#
+- name: Controller
CountDefault: 1
+ tags:
+ - primary
+ - controller
ServicesDefault:
- OS::TripleO::Services::CACerts
- OS::TripleO::Services::CertmongerUser
@@ -43,6 +52,10 @@
- OS::TripleO::Services::CinderBackup
- OS::TripleO::Services::CinderScheduler
- OS::TripleO::Services::CinderVolume
+ - OS::TripleO::Services::CinderBackendDellPs
+ - OS::TripleO::Services::CinderBackendDellSc
+ - OS::TripleO::Services::CinderBackendNetApp
+ - OS::TripleO::Services::CinderBackendScaleIO
- OS::TripleO::Services::Congress
- OS::TripleO::Services::Kernel
- OS::TripleO::Services::Keystone
diff --git a/roles_data_undercloud.yaml b/roles_data_undercloud.yaml
index 8e830711..df2e196b 100644
--- a/roles_data_undercloud.yaml
+++ b/roles_data_undercloud.yaml
@@ -1,6 +1,9 @@
-- name: Undercloud # the 'primary' role goes first
+- name: Undercloud
CountDefault: 1
disable_constraints: True
+ tags:
+ - primary
+ - controller
ServicesDefault:
- OS::TripleO::Services::Ntp
- OS::TripleO::Services::MySQL