diff options
29 files changed, 218 insertions, 259 deletions
diff --git a/docker/deploy-steps-playbook.yaml b/common/deploy-steps-tasks.yaml index b884e0e7..998bbe0c 100644 --- a/docker/deploy-steps-playbook.yaml +++ b/common/deploy-steps-tasks.yaml @@ -1,6 +1,6 @@ -- hosts: localhost - connection: local - tasks: + # Note the indentation here is required as it's joined + # to create a playbook in deploy-steps.j2 + ##################################################### # Per step puppet configuration of the baremetal host ##################################################### @@ -27,7 +27,7 @@ shell: python /var/lib/docker-puppet/docker-puppet.py environment: NET_HOST: 'true' - DEBUG: '{{docker_puppet_debug}}' + DEBUG: '{{docker_puppet_debug|default(false)}}' when: step == "1" changed_when: false check_mode: no diff --git a/docker/docker-steps.j2 b/common/deploy-steps.j2 index 05ff7945..b36bb97a 100644 --- a/docker/docker-steps.j2 +++ b/common/deploy-steps.j2 @@ -10,6 +10,7 @@ {%- set primary_role_name = primary_role[0].name -%} # primary role is: {{primary_role_name}} {% set deploy_steps_max = 6 -%} +{% set update_steps_max = 6 -%} heat_template_version: pike @@ -72,7 +73,15 @@ resources: - name: update_identifier - name: bootstrap_server_id - name: docker_puppet_debug - config: {get_file: deploy-steps-playbook.yaml} + config: + str_replace: + template: | + - hosts: localhost + connection: local + tasks: + _TASKS + params: + _TASKS: {get_file: deploy-steps-tasks.yaml} {%- for step in range(1, deploy_steps_max) %} # BEGIN service_workflow_tasks handling @@ -159,7 +168,7 @@ resources: connection: local vars: puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]} - docker_puppet_script: {get_file: docker-puppet.py} + docker_puppet_script: {get_file: ../docker/docker-puppet.py} docker_puppet_tasks: {get_param: [role_data, {{role.name}}, docker_puppet_tasks]} docker_startup_configs: {get_param: [role_data, {{role.name}}, docker_config]} kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]} @@ -235,7 +244,7 @@ resources: {% for step in range(1, deploy_steps_max) %} {{role.name}}Deployment_Step{{step}}: - type: OS::Heat::StructuredDeploymentGroup + type: OS::TripleO::DeploymentSteps depends_on: - WorkflowTasks_Step{{step}}_Execution # TODO(gfidente): the following if/else condition @@ -294,3 +303,38 @@ resources: {% endfor %} + +outputs: + RoleConfig: + description: Mapping of config data for all roles + value: + deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml} + deploy_steps_playbook: | + - hosts: overcloud + tasks: +{%- for role in roles %} + - include: {{role.name}}/host_prep_tasks.yaml + when: role_name == '{{role.name}}' +{%- endfor %} + - include: deploy_steps_tasks.yaml + with_sequence: count={{deploy_steps_max-1}} + loop_control: + loop_var: step + update_steps_tasks: | +{%- for role in roles %} + - include: {{role.name}}/update_tasks.yaml + when: role_name == '{{role.name}}' +{%- endfor %} + update_steps_playbook: | + - hosts: overcloud + serial: 1 + tasks: + - include: update_steps_tasks.yaml + with_sequence: count={{update_steps_max-1}} + loop_control: + loop_var: step + - include: deploy_steps_tasks.yaml + with_sequence: count={{deploy_steps_max-1}} + loop_control: + loop_var: step + diff --git a/puppet/major_upgrade_steps.j2.yaml b/common/major_upgrade_steps.j2.yaml index 11113eec..11113eec 100644 --- a/puppet/major_upgrade_steps.j2.yaml +++ b/common/major_upgrade_steps.j2.yaml diff --git a/docker/post-upgrade.j2.yaml b/common/post-upgrade.j2.yaml index 4477f868..7cd6abdf 100644 --- a/docker/post-upgrade.j2.yaml +++ b/common/post-upgrade.j2.yaml @@ -1,4 +1,4 @@ # Note the include here is the same as post.j2.yaml but the data used at # # the time of rendering is different if any roles disable upgrades {% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%} -{% include 'docker-steps.j2' %} +{% include 'deploy-steps.j2' %} diff --git a/common/post.j2.yaml b/common/post.j2.yaml new file mode 100644 index 00000000..8a70dfa9 --- /dev/null +++ b/common/post.j2.yaml @@ -0,0 +1 @@ +{% include 'deploy-steps.j2' %} diff --git a/common/services.yaml b/common/services.yaml index 0bc3462f..a8186e43 100644 --- a/common/services.yaml +++ b/common/services.yaml @@ -193,6 +193,16 @@ resources: expression: coalesce($.data, []).where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct() data: {get_attr: [ServiceChain, role_data]} + UpdateTasks: + type: OS::Heat::Value + properties: + type: comma_delimited_list + value: + yaql: + # Note we use distinct() here to filter any identical tasks, e.g yum update for all services + expression: coalesce($.data, []).where($ != null).select($.get('update_tasks')).where($ != null).flatten().distinct() + data: {get_attr: [ServiceChain, role_data]} + UpgradeBatchTasks: type: OS::Heat::Value properties: @@ -253,6 +263,7 @@ outputs: service_workflow_tasks: {get_attr: [ServiceWorkflowTasks, value]} step_config: {get_attr: [PuppetStepConfig, value]} upgrade_tasks: {get_attr: [UpgradeTasks, value]} + update_tasks: {get_attr: [UpdateTasks, value]} upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]} service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]} diff --git a/deployed-server/scripts/enable-ssh-admin.sh b/deployed-server/scripts/enable-ssh-admin.sh new file mode 100755 index 00000000..dcabeadf --- /dev/null +++ b/deployed-server/scripts/enable-ssh-admin.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +set -eu + +# whitespace (space or newline) separated list +OVERCLOUD_HOSTS=${OVERCLOUD_HOSTS:-""} +OVERCLOUD_SSH_USER=${OVERCLOUD_SSH_USER:-"$USER"} +# this is just for compatibility with CI +SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"$HOME/.ssh/id_rsa"} +# this is the intended variable for overriding +OVERCLOUD_SSH_KEY=${OVERCLOUD_SSH_KEY:-"$SUBNODES_SSH_KEY"} + +SLEEP_TIME=5 + +function overcloud_ssh_hosts_json { + echo "$OVERCLOUD_HOSTS" | python -c ' +from __future__ import print_function +import json, re, sys +print(json.dumps(re.split("\s+", sys.stdin.read().strip())))' +} + +function overcloud_ssh_key_json { + # we pass the contents to Mistral instead of just path, otherwise + # the key file would have to be readable for the mistral user + cat "$OVERCLOUD_SSH_KEY" | python -c 'import json,sys; print(json.dumps(sys.stdin.read()))' +} + +function workflow_finished { + local execution_id="$1" + openstack workflow execution show -f shell $execution_id | grep 'state="SUCCESS"' > /dev/null +} + +if [ -z "$OVERCLOUD_HOSTS" ]; then + echo 'Please set $OVERCLOUD_HOSTS' + exit 1 +fi + +echo "Starting workflow to create ssh admin on deployed servers." +echo "SSH user: $OVERCLOUD_SSH_USER" +echo "SSH key file: $OVERCLOUD_SSH_KEY" +echo "Hosts: $OVERCLOUD_HOSTS" +echo + +EXECUTION_PARAMS="{\"ssh_user\": \"$OVERCLOUD_SSH_USER\", \"ssh_servers\": $(overcloud_ssh_hosts_json), \"ssh_private_key\": $(overcloud_ssh_key_json)}" +EXECUTION_CREATE_OUTPUT=$(openstack workflow execution create -f shell -d 'deployed server ssh admin creation' tripleo.access.v1.enable_ssh_admin "$EXECUTION_PARAMS") +echo "$EXECUTION_CREATE_OUTPUT" +EXECUTION_ID=$(echo "$EXECUTION_CREATE_OUTPUT" | grep '^id=' | awk '-F"' '{ print $2 }') + +if [ -z "$EXECUTION_ID" ]; then + echo "Failed to get workflow execution ID for ssh admin creation workflow" + exit 1 +fi + +echo -n "Waiting for the workflow execution to finish (id $EXECUTION_ID)." +while ! workflow_finished $EXECUTION_ID; do + sleep $SLEEP_TIME + echo -n . +done + +echo "Success." diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml deleted file mode 100644 index fd956215..00000000 --- a/docker/post.j2.yaml +++ /dev/null @@ -1 +0,0 @@ -{% include 'docker-steps.j2' %} diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml index 6caffd15..424c316f 100644 --- a/docker/services/ceilometer-agent-central.yaml +++ b/docker/services/ceilometer-agent-central.yaml @@ -115,7 +115,7 @@ outputs: command: - '/usr/bin/bootstrap_host_exec' - 'ceilometer_agent_central' - - "su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'" + - "su ceilometer -s /bin/bash -c 'for n in {1..10}; do /usr/bin/ceilometer-upgrade --skip-metering-database && exit 0 || sleep 5; done; exit 1'" upgrade_tasks: - name: Stop and disable ceilometer agent central service tags: step2 diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml index 1468415e..85fe0608 100644 --- a/docker/services/ceph-ansible/ceph-base.yaml +++ b/docker/services/ceph-ansible/ceph-base.yaml @@ -142,6 +142,7 @@ outputs: ceph_docker_image_tag: {str_split: [':', {get_param: DockerCephDaemonImage}, 1]} containerized_deployment: true public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} + monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]} cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]} user_config: true ceph_stable: true diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml index 5ba79b31..86bb6d54 100644 --- a/docker/services/database/mongodb.yaml +++ b/docker/services/database/mongodb.yaml @@ -116,6 +116,8 @@ outputs: with_items: - /var/log/containers/mongodb - /var/lib/mongodb + metadata_settings: + get_attr: [MongodbPuppetBase, role_data, metadata_settings] upgrade_tasks: - name: Stop and disable mongodb service tags: step2 diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml index 41fe197b..7c6b6766 100644 --- a/docker/services/gnocchi-api.yaml +++ b/docker/services/gnocchi-api.yaml @@ -88,6 +88,10 @@ outputs: dest: "/" merge: true preserve_properties: true + - source: "/var/lib/kolla/config_files/src-ceph/" + dest: "/etc/ceph/" + merge: true + preserve_properties: true permissions: - path: /var/log/gnocchi owner: gnocchi:gnocchi @@ -101,7 +105,7 @@ outputs: volumes: - /var/log/containers/gnocchi:/var/log/gnocchi command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi'] - step_3: + step_4: gnocchi_db_sync: image: *gnocchi_api_image net: host @@ -114,12 +118,13 @@ outputs: - - /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro - /var/log/containers/gnocchi:/var/log/gnocchi + - /etc/ceph:/etc/ceph:ro command: str_replace: - template: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c /usr/bin/gnocchi-upgrade --sacks-number=SACK_NUM" + template: /usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --sacks-number=SACK_NUM' params: SACK_NUM: {get_param: NumberOfStorageSacks} - step_4: + step_5: gnocchi_api: image: *gnocchi_api_image net: host @@ -132,6 +137,7 @@ outputs: - /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro - /var/log/containers/gnocchi:/var/log/gnocchi + - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro - if: - internal_tls_enabled @@ -149,6 +155,10 @@ outputs: file: path: /var/log/containers/gnocchi state: directory + - name: ensure ceph configurations exist + file: + path: /etc/ceph + state: directory upgrade_tasks: - name: Stop and disable httpd service tags: step2 diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index da461049..45de265e 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -36,6 +36,13 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -64,9 +71,6 @@ outputs: map_merge: - get_attr: [NovaApiBase, role_data, config_settings] - apache::default_vhost: false - nova_wsgi_enabled: false - nova::api::service_name: '%{::nova::params::api_service_name}' - nova::wsgi::apache_api::ssl: false step_config: &step_config list_join: - "\n" @@ -82,7 +86,7 @@ outputs: config_image: {get_param: DockerNovaConfigImage} kolla_config: /var/lib/kolla/config_files/nova_api.json: - command: /usr/bin/nova-api + command: /usr/sbin/httpd -DFOREGROUND config_files: - source: "/var/lib/kolla/config_files/src/*" dest: "/" @@ -112,7 +116,7 @@ outputs: user: root volumes: - /var/log/containers/nova:/var/log/nova - command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova'] + command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R nova:nova /var/log/nova'] step_3: nova_api_db_sync: start_order: 0 @@ -163,7 +167,7 @@ outputs: start_order: 2 image: *nova_api_image net: host - user: nova + user: root privileged: true restart: always volumes: @@ -173,6 +177,16 @@ outputs: - /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS nova_api_cron: diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index d784ace3..26d17560 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -36,6 +36,13 @@ parameters: default: {} description: Parameters specific to the role type: json + EnableInternalTLS: + type: boolean + default: false + +conditions: + + internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]} resources: @@ -104,6 +111,16 @@ outputs: - /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro - /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro - /var/log/containers/nova:/var/log/nova + - + if: + - internal_tls_enabled + - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro + - '' + - + if: + - internal_tls_enabled + - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro + - '' environment: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS metadata_settings: diff --git a/environments/docker-centos-tripleoupstream.yaml b/environments/docker-centos-tripleoupstream.yaml index 47f8e528..01a118e4 100644 --- a/environments/docker-centos-tripleoupstream.yaml +++ b/environments/docker-centos-tripleoupstream.yaml @@ -1,6 +1,6 @@ -# Generated with the following on 2017-07-12T11:40:50.219622 +# Generated with the following on 2017-08-11T04:58:59.567629 # -# overcloud container image prepare --env-file environments/docker-centos-tripleoupstream.yaml +# openstack overcloud container image prepare --env-file environments/docker-centos-tripleoupstream.yaml # parameter_defaults: @@ -9,6 +9,7 @@ parameter_defaults: DockerAodhEvaluatorImage: tripleoupstream/centos-binary-aodh-evaluator:latest DockerAodhListenerImage: tripleoupstream/centos-binary-aodh-listener:latest DockerAodhNotifierImage: tripleoupstream/centos-binary-aodh-notifier:latest + DockerBarbicanApiImage: tripleoupstream/centos-binary-barbican-api:latest DockerCeilometerCentralImage: tripleoupstream/centos-binary-ceilometer-central:latest DockerCeilometerComputeImage: tripleoupstream/centos-binary-ceilometer-compute:latest DockerCeilometerConfigImage: tripleoupstream/centos-binary-ceilometer-central:latest @@ -45,8 +46,8 @@ parameter_defaults: DockerHeatEngineImage: tripleoupstream/centos-binary-heat-engine:latest DockerHorizonConfigImage: tripleoupstream/centos-binary-horizon:latest DockerHorizonImage: tripleoupstream/centos-binary-horizon:latest - DockerIronicApiImage: tripleoupstream/centos-binary-ironic-api:latest DockerIronicApiConfigImage: tripleoupstream/centos-binary-ironic-api:latest + DockerIronicApiImage: tripleoupstream/centos-binary-ironic-api:latest DockerIronicConductorImage: tripleoupstream/centos-binary-ironic-conductor:latest DockerIronicConfigImage: tripleoupstream/centos-binary-ironic-pxe:latest DockerIronicInspectorConfigImage: tripleoupstream/centos-binary-ironic-inspector:latest @@ -82,7 +83,7 @@ parameter_defaults: DockerNovaComputeImage: tripleoupstream/centos-binary-nova-compute:latest DockerNovaComputeIronicImage: tripleoupstream/centos-binary-nova-compute-ironic:latest DockerNovaConductorImage: tripleoupstream/centos-binary-nova-conductor:latest - DockerNovaConfigImage: tripleoupstream/centos-binary-nova-base:latest + DockerNovaConfigImage: tripleoupstream/centos-binary-nova-api:latest DockerNovaConsoleauthImage: tripleoupstream/centos-binary-nova-consoleauth:latest DockerNovaLibvirtConfigImage: tripleoupstream/centos-binary-nova-compute:latest DockerNovaLibvirtImage: tripleoupstream/centos-binary-nova-libvirt:latest @@ -100,8 +101,6 @@ parameter_defaults: DockerOctaviaHealthManagerImage: tripleoupstream/centos-binary-octavia-health-manager:latest DockerOctaviaHousekeepingImage: tripleoupstream/centos-binary-octavia-housekeeping:latest DockerOctaviaWorkerImage: tripleoupstream/centos-binary-octavia-worker:latest - DockerOpendaylightApiImage: tripleoupstream/centos-binary-opendaylight:latest - DockerOpendaylightConfigImage: tripleoupstream/centos-binary-opendaylight:latest DockerOpenvswitchImage: tripleoupstream/centos-binary-neutron-openvswitch-agent:latest DockerPankoApiImage: tripleoupstream/centos-binary-panko-api:latest DockerPankoConfigImage: tripleoupstream/centos-binary-panko-api:latest diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml index d4743326..49d02e6f 100644 --- a/environments/docker-services-tls-everywhere.yaml +++ b/environments/docker-services-tls-everywhere.yaml @@ -41,6 +41,3 @@ resource_registry: OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml - - OS::TripleO::PostDeploySteps: ../docker/post.yaml - OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml diff --git a/environments/docker.yaml b/environments/docker.yaml index 336a0b3c..9b977f6e 100644 --- a/environments/docker.yaml +++ b/environments/docker.yaml @@ -61,6 +61,3 @@ resource_registry: # OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml # OS::TripleO::Services::CinderBackup: ../docker/services/cinder-backup.yaml # OS::TripleO::Services::CinderVolume: ../docker/services/cinder-volume.yaml - - OS::TripleO::PostDeploySteps: ../docker/post.yaml - OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml diff --git a/environments/major-upgrade-composable-steps-docker.yaml b/environments/major-upgrade-composable-steps-docker.yaml index 20340c78..888e2705 100644 --- a/environments/major-upgrade-composable-steps-docker.yaml +++ b/environments/major-upgrade-composable-steps-docker.yaml @@ -1,8 +1,5 @@ resource_registry: - # FIXME(shardy) do we need to break major_upgrade_steps.yaml apart to - # enable docker specific logic, or is just overridding PostUpgradeSteps - # enough (as we want to share the ansible tasks steps etc) - OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml + OS::TripleO::PostDeploySteps: ../common/major_upgrade_steps.yaml parameter_defaults: EnableConfigPurge: false StackUpdateType: UPGRADE diff --git a/environments/major-upgrade-converge-docker.yaml b/environments/major-upgrade-converge-docker.yaml index 163d1de4..668f8a94 100644 --- a/environments/major-upgrade-converge-docker.yaml +++ b/environments/major-upgrade-converge-docker.yaml @@ -1,7 +1,7 @@ # Use this to reset any mappings only used for upgrades after the # update of all nodes is completed resource_registry: - OS::TripleO::PostDeploySteps: ../docker/post.yaml + OS::TripleO::PostDeploySteps: ../common/post.yaml parameter_defaults: EnableConfigPurge: false StackUpdateType: '' diff --git a/environments/major-upgrade-converge.yaml b/environments/major-upgrade-converge.yaml index d222fb86..668f8a94 100644 --- a/environments/major-upgrade-converge.yaml +++ b/environments/major-upgrade-converge.yaml @@ -1,7 +1,7 @@ # Use this to reset any mappings only used for upgrades after the # update of all nodes is completed resource_registry: - OS::TripleO::PostDeploySteps: ../puppet/post.yaml + OS::TripleO::PostDeploySteps: ../common/post.yaml parameter_defaults: EnableConfigPurge: false StackUpdateType: '' diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml index 2f577c26..7718b821 100644 --- a/environments/puppet-ceph-external.yaml +++ b/environments/puppet-ceph-external.yaml @@ -1,5 +1,5 @@ # ****************************************************************************** -# DEPRECATED: Use tripleo-heat-templates/environments/storage/ceph-external.yaml +# DEPRECATED: Use tripleo-heat-templates/environments/storage/external-ceph.yaml # instead. # ****************************************************************************** # A Heat environment file which can be used to enable the diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml index 0b4b4feb..63868b54 100644 --- a/overcloud-resource-registry-puppet.j2.yaml +++ b/overcloud-resource-registry-puppet.j2.yaml @@ -1,8 +1,8 @@ resource_registry: OS::TripleO::SoftwareDeployment: OS::Heat::StructuredDeployment - OS::TripleO::PostDeploySteps: puppet/post.yaml - OS::TripleO::PostUpgradeSteps: puppet/post-upgrade.yaml + OS::TripleO::PostDeploySteps: common/post.yaml + OS::TripleO::PostUpgradeSteps: common/post-upgrade.yaml OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml OS::TripleO::AllNodesDeployment: OS::Heat::StructuredDeployments OS::TripleO::Hosts::SoftwareConfig: hosts-config.yaml @@ -17,7 +17,7 @@ resource_registry: {% for role in roles %} OS::TripleO::{{role.name}}::PreNetworkConfig: OS::Heat::None - OS::TripleO::{{role.name}}PostDeploySteps: puppet/post.yaml + OS::TripleO::{{role.name}}PostDeploySteps: common/post.yaml OS::TripleO::{{role.name}}: puppet/{{role.name.lower()}}-role.yaml OS::TripleO::{{role.name}}Config: puppet/{{role.name.lower()}}-config.yaml OS::TripleO::Tasks::{{role.name}}PreConfig: OS::Heat::None @@ -109,6 +109,8 @@ resource_registry: OS::TripleO::DeployedServerEnvironment: OS::Heat::None + OS::TripleO::DeploymentSteps: OS::Heat::StructuredDeploymentGroup + # services OS::TripleO::Services: common/services.yaml OS::TripleO::Services::Apache: puppet/services/apache.yaml diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml index 7241a974..a7a4fe25 100644 --- a/overcloud.j2.yaml +++ b/overcloud.j2.yaml @@ -929,6 +929,9 @@ outputs: - {get_attr: [{{role.name}}ServiceChainRoleData, value]} - {get_attr: [{{role.name}}MergedConfigSettings, value]} {% endfor %} + RoleConfig: + description: The configuration workflows associated with each role + value: {get_attr: [AllNodesDeploySteps, RoleConfig]} RoleNetIpMap: description: Mapping of each network to a list of IPs for each role value: diff --git a/puppet/post-upgrade.j2.yaml b/puppet/post-upgrade.j2.yaml deleted file mode 100644 index bdd1e613..00000000 --- a/puppet/post-upgrade.j2.yaml +++ /dev/null @@ -1,30 +0,0 @@ -heat_template_version: pike - -description: > - Post-upgrade configuration steps via puppet for all roles - where upgrade is not disabled as defined in ../roles_data.yaml - -parameters: - servers: - type: json - description: Mapping of Role name e.g Controller to a list of servers - stack_name: - type: string - description: Name of the topmost stack - role_data: - type: json - description: Mapping of Role name e.g Controller to the per-role data - DeployIdentifier: - default: '' - type: string - description: > - Setting this to a unique value will re-run any deployment tasks which - perform configuration on a Heat stack-update. - ctlplane_service_ips: - type: json - -resources: -# Note the include here is the same as post.j2.yaml but the data used at -# the time of rendering is different if any roles disable upgrades -{% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%} -{% include 'puppet-steps.j2' %} diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml deleted file mode 100644 index 67e1ecfd..00000000 --- a/puppet/post.j2.yaml +++ /dev/null @@ -1,31 +0,0 @@ -heat_template_version: pike - -description: > - Post-deploy configuration steps via puppet for all roles, - as defined in ../roles_data.yaml - -parameters: - servers: - type: json - description: Mapping of Role name e.g Controller to a list of servers - stack_name: - type: string - description: Name of the topmost stack - role_data: - type: json - description: Mapping of Role name e.g Controller to the per-role data - EndpointMap: - default: {} - description: Mapping of service endpoint -> protocol. Typically set - via parameter_defaults in the resource registry. - type: json - DeployIdentifier: - default: '' - type: string - description: > - Setting this to a unique value will re-run any deployment tasks which - perform configuration on a Heat stack-update. - ctlplane_service_ips: - type: json - -{% include 'puppet-steps.j2' %} diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2 deleted file mode 100644 index f7651a57..00000000 --- a/puppet/puppet-steps.j2 +++ /dev/null @@ -1,156 +0,0 @@ -{% set deploy_steps_max = 6 %} -conditions: -{% for step in range(1, deploy_steps_max) %} - WorkflowTasks_Step{{step}}_Enabled: - or: - {%- for role in roles %} - - not: - equals: - - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}] - - '' - - False - {%- endfor %} -{% endfor %} - -resources: - # Post deployment steps for all roles - # A single config is re-applied with an incrementing step number -{% for role in roles %} - # {{role.name}} Role post-deploy steps - {{role.name}}ArtifactsConfig: - type: deploy-artifacts.yaml - - {{role.name}}ArtifactsDeploy: - type: OS::Heat::StructuredDeployments - properties: - name: {{role.name}}ArtifactsDeploy - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}ArtifactsConfig} - - {{role.name}}PreConfig: - type: OS::TripleO::Tasks::{{role.name}}PreConfig - properties: - servers: {get_param: [servers, {{role.name}}]} - input_values: - update_identifier: {get_param: DeployIdentifier} - - {{role.name}}Config: - type: OS::TripleO::{{role.name}}Config - properties: - StepConfig: {get_param: [role_data, {{role.name}}, step_config]} - - # Step through a series of configuration steps -{% for step in range(1, deploy_steps_max) %} - {{role.name}}Deployment_Step{{step}}: - type: OS::Heat::StructuredDeploymentGroup - depends_on: - - WorkflowTasks_Step{{step}}_Execution - # TODO(gfidente): the following if/else condition - # replicates what is already defined for the - # WorkflowTasks_StepX resource and can be remove - # if https://bugs.launchpad.net/heat/+bug/1700569 - # is fixed. - {%- if step == 1 %} - {%- for dep in roles %} - - {{dep.name}}PreConfig - - {{dep.name}}ArtifactsDeploy - {%- endfor %} - {%- else %} - {%- for dep in roles %} - - {{dep.name}}Deployment_Step{{step -1}} - {%- endfor %} - {%- endif %} - properties: - name: {{role.name}}Deployment_Step{{step}} - servers: {get_param: [servers, {{role.name}}]} - config: {get_resource: {{role.name}}Config} - input_values: - step: {{step}} - update_identifier: {get_param: DeployIdentifier} -{% endfor %} - - # Note, this should be the last step to execute configuration changes. - # Ensure that all {{role.name}}ExtraConfigPost steps are executed - # after all the previous deployment steps. - {{role.name}}ExtraConfigPost: - depends_on: - {%- for dep in roles %} - - {{dep.name}}Deployment_Step5 - {%- endfor %} - type: OS::TripleO::NodeExtraConfigPost - properties: - servers: {get_param: [servers, {{role.name}}]} - - # The {{role.name}}PostConfig steps are in charge of - # quiescing all services, i.e. in the Controller case, - # we should run a full service reload. - {{role.name}}PostConfig: - type: OS::TripleO::Tasks::{{role.name}}PostConfig - depends_on: - {%- for dep in roles %} - - {{dep.name}}ExtraConfigPost - {%- endfor %} - properties: - servers: {get_param: servers} - input_values: - update_identifier: {get_param: DeployIdentifier} - - -{% endfor %} - -# BEGIN service_workflow_tasks handling -{% for step in range(1, deploy_steps_max) %} - WorkflowTasks_Step{{step}}: - type: OS::Mistral::Workflow - condition: WorkflowTasks_Step{{step}}_Enabled - depends_on: - {%- if step == 1 %} - {%- for dep in roles %} - - {{dep.name}}PreConfig - - {{dep.name}}ArtifactsDeploy - {%- endfor %} - {%- else %} - {%- for dep in roles %} - - {{dep.name}}Deployment_Step{{step -1}} - {%- endfor %} - {%- endif %} - properties: - name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]} - type: direct - tasks: - yaql: - expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten() - data: - {%- for role in roles %} - - get_param: [role_data, {{role.name}}, service_workflow_tasks] - {%- endfor %} - - WorkflowTasks_Step{{step}}_Execution: - type: OS::Mistral::ExternalResource - condition: WorkflowTasks_Step{{step}}_Enabled - depends_on: WorkflowTasks_Step{{step}} - properties: - actions: - CREATE: - workflow: { get_resource: WorkflowTasks_Step{{step}} } - params: - env: - service_ips: { get_param: ctlplane_service_ips } - role_merged_configs: - {%- for r in roles %} - {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} - {%- endfor %} - evaluate_env: false - UPDATE: - workflow: { get_resource: WorkflowTasks_Step{{step}} } - params: - env: - service_ips: { get_param: ctlplane_service_ips } - role_merged_configs: - {%- for r in roles %} - {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]} - {%- endfor %} - evaluate_env: false - always_update: true -{% endfor %} -# END service_workflow_tasks handling diff --git a/puppet/services/README.rst b/puppet/services/README.rst index d55414b7..a593d55e 100644 --- a/puppet/services/README.rst +++ b/puppet/services/README.rst @@ -155,7 +155,7 @@ Similar to the step_config, we allow a series of steps for the per-service upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first step, "step2" for the second, etc. - Steps/tages correlate to the following: + Steps/tags correlate to the following: 1) Stop all control-plane services. @@ -186,6 +186,18 @@ Note that the services are not started in the upgrade tasks - we instead re-run puppet which does any reconfiguration required for the new version, then starts the services. +Update Steps +------------ + +Each service template may optionally define a `update_tasks` key, which is a +list of ansible tasks to be performed during the minor update process. + +Similar to the upgrade_tasks, we allow a series of steps for the per-service +update sequence, but note update_task selects the steps via a conditional +referencing the step variable e.g when: step == 2, which is different to the +tags based approach used for upgrade_tasks (the two may be aligned in future). + + Nova Server Metadata Settings ----------------------------- diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml index 04f34e24..dcead0f7 100644 --- a/puppet/services/database/mongodb.yaml +++ b/puppet/services/database/mongodb.yaml @@ -47,6 +47,11 @@ parameters: EnableInternalTLS: type: boolean default: false + InternalTLSCAFile: + default: '/etc/ipa/ca.crt' + type: string + description: Specifies the default CA cert to use if TLS is used for + services in the internal network. conditions: @@ -98,6 +103,7 @@ outputs: generate_service_certificates: true mongodb::server::ssl: true mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem' + mongodb::server::ssl_ca: {get_param: InternalTLSCAFile} mongodb_certificate_specs: service_pem: '/etc/pki/tls/certs/mongodb.pem' service_certificate: '/etc/pki/tls/certs/mongodb.crt' diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index e471c2a6..2a8620c8 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -56,3 +56,7 @@ outputs: - name: Update all packages tags: step3 yum: name=* state=latest + update_tasks: + - name: Update all packages + yum: name=* state=latest + when: step == "3" |