summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--common/deploy-steps-tasks.yaml (renamed from docker/deploy-steps-playbook.yaml)8
-rw-r--r--common/deploy-steps.j2 (renamed from docker/docker-steps.j2)50
-rw-r--r--common/major_upgrade_steps.j2.yaml (renamed from puppet/major_upgrade_steps.j2.yaml)0
-rw-r--r--common/post-upgrade.j2.yaml (renamed from docker/post-upgrade.j2.yaml)2
-rw-r--r--common/post.j2.yaml1
-rw-r--r--common/services.yaml11
-rwxr-xr-xdeployed-server/scripts/enable-ssh-admin.sh60
-rw-r--r--docker/post.j2.yaml1
-rw-r--r--docker/services/ceilometer-agent-central.yaml2
-rw-r--r--docker/services/ceph-ansible/ceph-base.yaml1
-rw-r--r--docker/services/database/mongodb.yaml2
-rw-r--r--docker/services/gnocchi-api.yaml16
-rw-r--r--docker/services/nova-api.yaml26
-rw-r--r--docker/services/nova-placement.yaml17
-rw-r--r--environments/docker-centos-tripleoupstream.yaml11
-rw-r--r--environments/docker-services-tls-everywhere.yaml3
-rw-r--r--environments/docker.yaml3
-rw-r--r--environments/major-upgrade-composable-steps-docker.yaml5
-rw-r--r--environments/major-upgrade-converge-docker.yaml2
-rw-r--r--environments/major-upgrade-converge.yaml2
-rw-r--r--environments/puppet-ceph-external.yaml2
-rw-r--r--overcloud-resource-registry-puppet.j2.yaml8
-rw-r--r--overcloud.j2.yaml3
-rw-r--r--puppet/post-upgrade.j2.yaml30
-rw-r--r--puppet/post.j2.yaml31
-rw-r--r--puppet/puppet-steps.j2156
-rw-r--r--puppet/services/README.rst14
-rw-r--r--puppet/services/database/mongodb.yaml6
-rw-r--r--puppet/services/tripleo-packages.yaml4
29 files changed, 218 insertions, 259 deletions
diff --git a/docker/deploy-steps-playbook.yaml b/common/deploy-steps-tasks.yaml
index b884e0e7..998bbe0c 100644
--- a/docker/deploy-steps-playbook.yaml
+++ b/common/deploy-steps-tasks.yaml
@@ -1,6 +1,6 @@
-- hosts: localhost
- connection: local
- tasks:
+ # Note the indentation here is required as it's joined
+ # to create a playbook in deploy-steps.j2
+
#####################################################
# Per step puppet configuration of the baremetal host
#####################################################
@@ -27,7 +27,7 @@
shell: python /var/lib/docker-puppet/docker-puppet.py
environment:
NET_HOST: 'true'
- DEBUG: '{{docker_puppet_debug}}'
+ DEBUG: '{{docker_puppet_debug|default(false)}}'
when: step == "1"
changed_when: false
check_mode: no
diff --git a/docker/docker-steps.j2 b/common/deploy-steps.j2
index 05ff7945..b36bb97a 100644
--- a/docker/docker-steps.j2
+++ b/common/deploy-steps.j2
@@ -10,6 +10,7 @@
{%- set primary_role_name = primary_role[0].name -%}
# primary role is: {{primary_role_name}}
{% set deploy_steps_max = 6 -%}
+{% set update_steps_max = 6 -%}
heat_template_version: pike
@@ -72,7 +73,15 @@ resources:
- name: update_identifier
- name: bootstrap_server_id
- name: docker_puppet_debug
- config: {get_file: deploy-steps-playbook.yaml}
+ config:
+ str_replace:
+ template: |
+ - hosts: localhost
+ connection: local
+ tasks:
+ _TASKS
+ params:
+ _TASKS: {get_file: deploy-steps-tasks.yaml}
{%- for step in range(1, deploy_steps_max) %}
# BEGIN service_workflow_tasks handling
@@ -159,7 +168,7 @@ resources:
connection: local
vars:
puppet_config: {get_param: [role_data, {{role.name}}, puppet_config]}
- docker_puppet_script: {get_file: docker-puppet.py}
+ docker_puppet_script: {get_file: ../docker/docker-puppet.py}
docker_puppet_tasks: {get_param: [role_data, {{role.name}}, docker_puppet_tasks]}
docker_startup_configs: {get_param: [role_data, {{role.name}}, docker_config]}
kolla_config: {get_param: [role_data, {{role.name}}, kolla_config]}
@@ -235,7 +244,7 @@ resources:
{% for step in range(1, deploy_steps_max) %}
{{role.name}}Deployment_Step{{step}}:
- type: OS::Heat::StructuredDeploymentGroup
+ type: OS::TripleO::DeploymentSteps
depends_on:
- WorkflowTasks_Step{{step}}_Execution
# TODO(gfidente): the following if/else condition
@@ -294,3 +303,38 @@ resources:
{% endfor %}
+
+outputs:
+ RoleConfig:
+ description: Mapping of config data for all roles
+ value:
+ deploy_steps_tasks: {get_file: deploy-steps-tasks.yaml}
+ deploy_steps_playbook: |
+ - hosts: overcloud
+ tasks:
+{%- for role in roles %}
+ - include: {{role.name}}/host_prep_tasks.yaml
+ when: role_name == '{{role.name}}'
+{%- endfor %}
+ - include: deploy_steps_tasks.yaml
+ with_sequence: count={{deploy_steps_max-1}}
+ loop_control:
+ loop_var: step
+ update_steps_tasks: |
+{%- for role in roles %}
+ - include: {{role.name}}/update_tasks.yaml
+ when: role_name == '{{role.name}}'
+{%- endfor %}
+ update_steps_playbook: |
+ - hosts: overcloud
+ serial: 1
+ tasks:
+ - include: update_steps_tasks.yaml
+ with_sequence: count={{update_steps_max-1}}
+ loop_control:
+ loop_var: step
+ - include: deploy_steps_tasks.yaml
+ with_sequence: count={{deploy_steps_max-1}}
+ loop_control:
+ loop_var: step
+
diff --git a/puppet/major_upgrade_steps.j2.yaml b/common/major_upgrade_steps.j2.yaml
index 11113eec..11113eec 100644
--- a/puppet/major_upgrade_steps.j2.yaml
+++ b/common/major_upgrade_steps.j2.yaml
diff --git a/docker/post-upgrade.j2.yaml b/common/post-upgrade.j2.yaml
index 4477f868..7cd6abdf 100644
--- a/docker/post-upgrade.j2.yaml
+++ b/common/post-upgrade.j2.yaml
@@ -1,4 +1,4 @@
# Note the include here is the same as post.j2.yaml but the data used at
# # the time of rendering is different if any roles disable upgrades
{% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
-{% include 'docker-steps.j2' %}
+{% include 'deploy-steps.j2' %}
diff --git a/common/post.j2.yaml b/common/post.j2.yaml
new file mode 100644
index 00000000..8a70dfa9
--- /dev/null
+++ b/common/post.j2.yaml
@@ -0,0 +1 @@
+{% include 'deploy-steps.j2' %}
diff --git a/common/services.yaml b/common/services.yaml
index 0bc3462f..a8186e43 100644
--- a/common/services.yaml
+++ b/common/services.yaml
@@ -193,6 +193,16 @@ resources:
expression: coalesce($.data, []).where($ != null).select($.get('upgrade_tasks')).where($ != null).flatten().distinct()
data: {get_attr: [ServiceChain, role_data]}
+ UpdateTasks:
+ type: OS::Heat::Value
+ properties:
+ type: comma_delimited_list
+ value:
+ yaql:
+ # Note we use distinct() here to filter any identical tasks, e.g yum update for all services
+ expression: coalesce($.data, []).where($ != null).select($.get('update_tasks')).where($ != null).flatten().distinct()
+ data: {get_attr: [ServiceChain, role_data]}
+
UpgradeBatchTasks:
type: OS::Heat::Value
properties:
@@ -253,6 +263,7 @@ outputs:
service_workflow_tasks: {get_attr: [ServiceWorkflowTasks, value]}
step_config: {get_attr: [PuppetStepConfig, value]}
upgrade_tasks: {get_attr: [UpgradeTasks, value]}
+ update_tasks: {get_attr: [UpdateTasks, value]}
upgrade_batch_tasks: {get_attr: [UpgradeBatchTasks, value]}
service_metadata_settings: {get_attr: [ServiceServerMetadataHook, metadata]}
diff --git a/deployed-server/scripts/enable-ssh-admin.sh b/deployed-server/scripts/enable-ssh-admin.sh
new file mode 100755
index 00000000..dcabeadf
--- /dev/null
+++ b/deployed-server/scripts/enable-ssh-admin.sh
@@ -0,0 +1,60 @@
+#!/bin/bash
+
+set -eu
+
+# whitespace (space or newline) separated list
+OVERCLOUD_HOSTS=${OVERCLOUD_HOSTS:-""}
+OVERCLOUD_SSH_USER=${OVERCLOUD_SSH_USER:-"$USER"}
+# this is just for compatibility with CI
+SUBNODES_SSH_KEY=${SUBNODES_SSH_KEY:-"$HOME/.ssh/id_rsa"}
+# this is the intended variable for overriding
+OVERCLOUD_SSH_KEY=${OVERCLOUD_SSH_KEY:-"$SUBNODES_SSH_KEY"}
+
+SLEEP_TIME=5
+
+function overcloud_ssh_hosts_json {
+ echo "$OVERCLOUD_HOSTS" | python -c '
+from __future__ import print_function
+import json, re, sys
+print(json.dumps(re.split("\s+", sys.stdin.read().strip())))'
+}
+
+function overcloud_ssh_key_json {
+ # we pass the contents to Mistral instead of just path, otherwise
+ # the key file would have to be readable for the mistral user
+ cat "$OVERCLOUD_SSH_KEY" | python -c 'import json,sys; print(json.dumps(sys.stdin.read()))'
+}
+
+function workflow_finished {
+ local execution_id="$1"
+ openstack workflow execution show -f shell $execution_id | grep 'state="SUCCESS"' > /dev/null
+}
+
+if [ -z "$OVERCLOUD_HOSTS" ]; then
+ echo 'Please set $OVERCLOUD_HOSTS'
+ exit 1
+fi
+
+echo "Starting workflow to create ssh admin on deployed servers."
+echo "SSH user: $OVERCLOUD_SSH_USER"
+echo "SSH key file: $OVERCLOUD_SSH_KEY"
+echo "Hosts: $OVERCLOUD_HOSTS"
+echo
+
+EXECUTION_PARAMS="{\"ssh_user\": \"$OVERCLOUD_SSH_USER\", \"ssh_servers\": $(overcloud_ssh_hosts_json), \"ssh_private_key\": $(overcloud_ssh_key_json)}"
+EXECUTION_CREATE_OUTPUT=$(openstack workflow execution create -f shell -d 'deployed server ssh admin creation' tripleo.access.v1.enable_ssh_admin "$EXECUTION_PARAMS")
+echo "$EXECUTION_CREATE_OUTPUT"
+EXECUTION_ID=$(echo "$EXECUTION_CREATE_OUTPUT" | grep '^id=' | awk '-F"' '{ print $2 }')
+
+if [ -z "$EXECUTION_ID" ]; then
+ echo "Failed to get workflow execution ID for ssh admin creation workflow"
+ exit 1
+fi
+
+echo -n "Waiting for the workflow execution to finish (id $EXECUTION_ID)."
+while ! workflow_finished $EXECUTION_ID; do
+ sleep $SLEEP_TIME
+ echo -n .
+done
+
+echo "Success."
diff --git a/docker/post.j2.yaml b/docker/post.j2.yaml
deleted file mode 100644
index fd956215..00000000
--- a/docker/post.j2.yaml
+++ /dev/null
@@ -1 +0,0 @@
-{% include 'docker-steps.j2' %}
diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml
index 6caffd15..424c316f 100644
--- a/docker/services/ceilometer-agent-central.yaml
+++ b/docker/services/ceilometer-agent-central.yaml
@@ -115,7 +115,7 @@ outputs:
command:
- '/usr/bin/bootstrap_host_exec'
- 'ceilometer_agent_central'
- - "su ceilometer -s /bin/bash -c '/usr/bin/ceilometer-upgrade --skip-metering-database'"
+ - "su ceilometer -s /bin/bash -c 'for n in {1..10}; do /usr/bin/ceilometer-upgrade --skip-metering-database && exit 0 || sleep 5; done; exit 1'"
upgrade_tasks:
- name: Stop and disable ceilometer agent central service
tags: step2
diff --git a/docker/services/ceph-ansible/ceph-base.yaml b/docker/services/ceph-ansible/ceph-base.yaml
index 1468415e..85fe0608 100644
--- a/docker/services/ceph-ansible/ceph-base.yaml
+++ b/docker/services/ceph-ansible/ceph-base.yaml
@@ -142,6 +142,7 @@ outputs:
ceph_docker_image_tag: {str_split: [':', {get_param: DockerCephDaemonImage}, 1]}
containerized_deployment: true
public_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
+ monitor_address_block: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephMonNetwork]}]}
cluster_network: {get_param: [ServiceData, net_cidr_map, {get_param: [ServiceNetMap, CephClusterNetwork]}]}
user_config: true
ceph_stable: true
diff --git a/docker/services/database/mongodb.yaml b/docker/services/database/mongodb.yaml
index 5ba79b31..86bb6d54 100644
--- a/docker/services/database/mongodb.yaml
+++ b/docker/services/database/mongodb.yaml
@@ -116,6 +116,8 @@ outputs:
with_items:
- /var/log/containers/mongodb
- /var/lib/mongodb
+ metadata_settings:
+ get_attr: [MongodbPuppetBase, role_data, metadata_settings]
upgrade_tasks:
- name: Stop and disable mongodb service
tags: step2
diff --git a/docker/services/gnocchi-api.yaml b/docker/services/gnocchi-api.yaml
index 41fe197b..7c6b6766 100644
--- a/docker/services/gnocchi-api.yaml
+++ b/docker/services/gnocchi-api.yaml
@@ -88,6 +88,10 @@ outputs:
dest: "/"
merge: true
preserve_properties: true
+ - source: "/var/lib/kolla/config_files/src-ceph/"
+ dest: "/etc/ceph/"
+ merge: true
+ preserve_properties: true
permissions:
- path: /var/log/gnocchi
owner: gnocchi:gnocchi
@@ -101,7 +105,7 @@ outputs:
volumes:
- /var/log/containers/gnocchi:/var/log/gnocchi
command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R gnocchi:gnocchi /var/log/gnocchi']
- step_3:
+ step_4:
gnocchi_db_sync:
image: *gnocchi_api_image
net: host
@@ -114,12 +118,13 @@ outputs:
-
- /var/lib/config-data/gnocchi/etc/gnocchi/:/etc/gnocchi/:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
+ - /etc/ceph:/etc/ceph:ro
command:
str_replace:
- template: "/usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c /usr/bin/gnocchi-upgrade --sacks-number=SACK_NUM"
+ template: /usr/bin/bootstrap_host_exec gnocchi_api su gnocchi -s /bin/bash -c '/usr/bin/gnocchi-upgrade --sacks-number=SACK_NUM'
params:
SACK_NUM: {get_param: NumberOfStorageSacks}
- step_4:
+ step_5:
gnocchi_api:
image: *gnocchi_api_image
net: host
@@ -132,6 +137,7 @@ outputs:
- /var/lib/kolla/config_files/gnocchi_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/gnocchi/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/gnocchi:/var/log/gnocchi
+ - /etc/ceph:/var/lib/kolla/config_files/src-ceph:ro
-
if:
- internal_tls_enabled
@@ -149,6 +155,10 @@ outputs:
file:
path: /var/log/containers/gnocchi
state: directory
+ - name: ensure ceph configurations exist
+ file:
+ path: /etc/ceph
+ state: directory
upgrade_tasks:
- name: Stop and disable httpd service
tags: step2
diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index da461049..45de265e 100644
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -36,6 +36,13 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -64,9 +71,6 @@ outputs:
map_merge:
- get_attr: [NovaApiBase, role_data, config_settings]
- apache::default_vhost: false
- nova_wsgi_enabled: false
- nova::api::service_name: '%{::nova::params::api_service_name}'
- nova::wsgi::apache_api::ssl: false
step_config: &step_config
list_join:
- "\n"
@@ -82,7 +86,7 @@ outputs:
config_image: {get_param: DockerNovaConfigImage}
kolla_config:
/var/lib/kolla/config_files/nova_api.json:
- command: /usr/bin/nova-api
+ command: /usr/sbin/httpd -DFOREGROUND
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
@@ -112,7 +116,7 @@ outputs:
user: root
volumes:
- /var/log/containers/nova:/var/log/nova
- command: ['/bin/bash', '-c', 'chown -R nova:nova /var/log/nova']
+ command: ['/bin/bash', '-c', 'mkdir -p /var/log/httpd; chown -R nova:nova /var/log/nova']
step_3:
nova_api_db_sync:
start_order: 0
@@ -163,7 +167,7 @@ outputs:
start_order: 2
image: *nova_api_image
net: host
- user: nova
+ user: root
privileged: true
restart: always
volumes:
@@ -173,6 +177,16 @@ outputs:
- /var/lib/kolla/config_files/nova_api.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
nova_api_cron:
diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml
index d784ace3..26d17560 100644
--- a/docker/services/nova-placement.yaml
+++ b/docker/services/nova-placement.yaml
@@ -36,6 +36,13 @@ parameters:
default: {}
description: Parameters specific to the role
type: json
+ EnableInternalTLS:
+ type: boolean
+ default: false
+
+conditions:
+
+ internal_tls_enabled: {equals: [{get_param: EnableInternalTLS}, true]}
resources:
@@ -104,6 +111,16 @@ outputs:
- /var/lib/kolla/config_files/nova_placement.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/nova_placement/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/nova:/var/log/nova
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/certs/httpd:/etc/pki/tls/certs/httpd:ro
+ - ''
+ -
+ if:
+ - internal_tls_enabled
+ - /etc/pki/tls/private/httpd:/etc/pki/tls/private/httpd:ro
+ - ''
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
metadata_settings:
diff --git a/environments/docker-centos-tripleoupstream.yaml b/environments/docker-centos-tripleoupstream.yaml
index 47f8e528..01a118e4 100644
--- a/environments/docker-centos-tripleoupstream.yaml
+++ b/environments/docker-centos-tripleoupstream.yaml
@@ -1,6 +1,6 @@
-# Generated with the following on 2017-07-12T11:40:50.219622
+# Generated with the following on 2017-08-11T04:58:59.567629
#
-# overcloud container image prepare --env-file environments/docker-centos-tripleoupstream.yaml
+# openstack overcloud container image prepare --env-file environments/docker-centos-tripleoupstream.yaml
#
parameter_defaults:
@@ -9,6 +9,7 @@ parameter_defaults:
DockerAodhEvaluatorImage: tripleoupstream/centos-binary-aodh-evaluator:latest
DockerAodhListenerImage: tripleoupstream/centos-binary-aodh-listener:latest
DockerAodhNotifierImage: tripleoupstream/centos-binary-aodh-notifier:latest
+ DockerBarbicanApiImage: tripleoupstream/centos-binary-barbican-api:latest
DockerCeilometerCentralImage: tripleoupstream/centos-binary-ceilometer-central:latest
DockerCeilometerComputeImage: tripleoupstream/centos-binary-ceilometer-compute:latest
DockerCeilometerConfigImage: tripleoupstream/centos-binary-ceilometer-central:latest
@@ -45,8 +46,8 @@ parameter_defaults:
DockerHeatEngineImage: tripleoupstream/centos-binary-heat-engine:latest
DockerHorizonConfigImage: tripleoupstream/centos-binary-horizon:latest
DockerHorizonImage: tripleoupstream/centos-binary-horizon:latest
- DockerIronicApiImage: tripleoupstream/centos-binary-ironic-api:latest
DockerIronicApiConfigImage: tripleoupstream/centos-binary-ironic-api:latest
+ DockerIronicApiImage: tripleoupstream/centos-binary-ironic-api:latest
DockerIronicConductorImage: tripleoupstream/centos-binary-ironic-conductor:latest
DockerIronicConfigImage: tripleoupstream/centos-binary-ironic-pxe:latest
DockerIronicInspectorConfigImage: tripleoupstream/centos-binary-ironic-inspector:latest
@@ -82,7 +83,7 @@ parameter_defaults:
DockerNovaComputeImage: tripleoupstream/centos-binary-nova-compute:latest
DockerNovaComputeIronicImage: tripleoupstream/centos-binary-nova-compute-ironic:latest
DockerNovaConductorImage: tripleoupstream/centos-binary-nova-conductor:latest
- DockerNovaConfigImage: tripleoupstream/centos-binary-nova-base:latest
+ DockerNovaConfigImage: tripleoupstream/centos-binary-nova-api:latest
DockerNovaConsoleauthImage: tripleoupstream/centos-binary-nova-consoleauth:latest
DockerNovaLibvirtConfigImage: tripleoupstream/centos-binary-nova-compute:latest
DockerNovaLibvirtImage: tripleoupstream/centos-binary-nova-libvirt:latest
@@ -100,8 +101,6 @@ parameter_defaults:
DockerOctaviaHealthManagerImage: tripleoupstream/centos-binary-octavia-health-manager:latest
DockerOctaviaHousekeepingImage: tripleoupstream/centos-binary-octavia-housekeeping:latest
DockerOctaviaWorkerImage: tripleoupstream/centos-binary-octavia-worker:latest
- DockerOpendaylightApiImage: tripleoupstream/centos-binary-opendaylight:latest
- DockerOpendaylightConfigImage: tripleoupstream/centos-binary-opendaylight:latest
DockerOpenvswitchImage: tripleoupstream/centos-binary-neutron-openvswitch-agent:latest
DockerPankoApiImage: tripleoupstream/centos-binary-panko-api:latest
DockerPankoConfigImage: tripleoupstream/centos-binary-panko-api:latest
diff --git a/environments/docker-services-tls-everywhere.yaml b/environments/docker-services-tls-everywhere.yaml
index d4743326..49d02e6f 100644
--- a/environments/docker-services-tls-everywhere.yaml
+++ b/environments/docker-services-tls-everywhere.yaml
@@ -41,6 +41,3 @@ resource_registry:
OS::TripleO::Services::SwiftProxy: ../docker/services/swift-proxy.yaml
OS::TripleO::Services::SwiftRingBuilder: ../docker/services/swift-ringbuilder.yaml
OS::TripleO::Services::SwiftStorage: ../docker/services/swift-storage.yaml
-
- OS::TripleO::PostDeploySteps: ../docker/post.yaml
- OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
diff --git a/environments/docker.yaml b/environments/docker.yaml
index 336a0b3c..9b977f6e 100644
--- a/environments/docker.yaml
+++ b/environments/docker.yaml
@@ -61,6 +61,3 @@ resource_registry:
# OS::TripleO::Services::CinderScheduler: ../docker/services/cinder-scheduler.yaml
# OS::TripleO::Services::CinderBackup: ../docker/services/cinder-backup.yaml
# OS::TripleO::Services::CinderVolume: ../docker/services/cinder-volume.yaml
-
- OS::TripleO::PostDeploySteps: ../docker/post.yaml
- OS::TripleO::PostUpgradeSteps: ../docker/post-upgrade.yaml
diff --git a/environments/major-upgrade-composable-steps-docker.yaml b/environments/major-upgrade-composable-steps-docker.yaml
index 20340c78..888e2705 100644
--- a/environments/major-upgrade-composable-steps-docker.yaml
+++ b/environments/major-upgrade-composable-steps-docker.yaml
@@ -1,8 +1,5 @@
resource_registry:
- # FIXME(shardy) do we need to break major_upgrade_steps.yaml apart to
- # enable docker specific logic, or is just overridding PostUpgradeSteps
- # enough (as we want to share the ansible tasks steps etc)
- OS::TripleO::PostDeploySteps: ../puppet/major_upgrade_steps.yaml
+ OS::TripleO::PostDeploySteps: ../common/major_upgrade_steps.yaml
parameter_defaults:
EnableConfigPurge: false
StackUpdateType: UPGRADE
diff --git a/environments/major-upgrade-converge-docker.yaml b/environments/major-upgrade-converge-docker.yaml
index 163d1de4..668f8a94 100644
--- a/environments/major-upgrade-converge-docker.yaml
+++ b/environments/major-upgrade-converge-docker.yaml
@@ -1,7 +1,7 @@
# Use this to reset any mappings only used for upgrades after the
# update of all nodes is completed
resource_registry:
- OS::TripleO::PostDeploySteps: ../docker/post.yaml
+ OS::TripleO::PostDeploySteps: ../common/post.yaml
parameter_defaults:
EnableConfigPurge: false
StackUpdateType: ''
diff --git a/environments/major-upgrade-converge.yaml b/environments/major-upgrade-converge.yaml
index d222fb86..668f8a94 100644
--- a/environments/major-upgrade-converge.yaml
+++ b/environments/major-upgrade-converge.yaml
@@ -1,7 +1,7 @@
# Use this to reset any mappings only used for upgrades after the
# update of all nodes is completed
resource_registry:
- OS::TripleO::PostDeploySteps: ../puppet/post.yaml
+ OS::TripleO::PostDeploySteps: ../common/post.yaml
parameter_defaults:
EnableConfigPurge: false
StackUpdateType: ''
diff --git a/environments/puppet-ceph-external.yaml b/environments/puppet-ceph-external.yaml
index 2f577c26..7718b821 100644
--- a/environments/puppet-ceph-external.yaml
+++ b/environments/puppet-ceph-external.yaml
@@ -1,5 +1,5 @@
# ******************************************************************************
-# DEPRECATED: Use tripleo-heat-templates/environments/storage/ceph-external.yaml
+# DEPRECATED: Use tripleo-heat-templates/environments/storage/external-ceph.yaml
# instead.
# ******************************************************************************
# A Heat environment file which can be used to enable the
diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 0b4b4feb..63868b54 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -1,8 +1,8 @@
resource_registry:
OS::TripleO::SoftwareDeployment: OS::Heat::StructuredDeployment
- OS::TripleO::PostDeploySteps: puppet/post.yaml
- OS::TripleO::PostUpgradeSteps: puppet/post-upgrade.yaml
+ OS::TripleO::PostDeploySteps: common/post.yaml
+ OS::TripleO::PostUpgradeSteps: common/post-upgrade.yaml
OS::TripleO::AllNodes::SoftwareConfig: puppet/all-nodes-config.yaml
OS::TripleO::AllNodesDeployment: OS::Heat::StructuredDeployments
OS::TripleO::Hosts::SoftwareConfig: hosts-config.yaml
@@ -17,7 +17,7 @@ resource_registry:
{% for role in roles %}
OS::TripleO::{{role.name}}::PreNetworkConfig: OS::Heat::None
- OS::TripleO::{{role.name}}PostDeploySteps: puppet/post.yaml
+ OS::TripleO::{{role.name}}PostDeploySteps: common/post.yaml
OS::TripleO::{{role.name}}: puppet/{{role.name.lower()}}-role.yaml
OS::TripleO::{{role.name}}Config: puppet/{{role.name.lower()}}-config.yaml
OS::TripleO::Tasks::{{role.name}}PreConfig: OS::Heat::None
@@ -109,6 +109,8 @@ resource_registry:
OS::TripleO::DeployedServerEnvironment: OS::Heat::None
+ OS::TripleO::DeploymentSteps: OS::Heat::StructuredDeploymentGroup
+
# services
OS::TripleO::Services: common/services.yaml
OS::TripleO::Services::Apache: puppet/services/apache.yaml
diff --git a/overcloud.j2.yaml b/overcloud.j2.yaml
index 7241a974..a7a4fe25 100644
--- a/overcloud.j2.yaml
+++ b/overcloud.j2.yaml
@@ -929,6 +929,9 @@ outputs:
- {get_attr: [{{role.name}}ServiceChainRoleData, value]}
- {get_attr: [{{role.name}}MergedConfigSettings, value]}
{% endfor %}
+ RoleConfig:
+ description: The configuration workflows associated with each role
+ value: {get_attr: [AllNodesDeploySteps, RoleConfig]}
RoleNetIpMap:
description: Mapping of each network to a list of IPs for each role
value:
diff --git a/puppet/post-upgrade.j2.yaml b/puppet/post-upgrade.j2.yaml
deleted file mode 100644
index bdd1e613..00000000
--- a/puppet/post-upgrade.j2.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-heat_template_version: pike
-
-description: >
- Post-upgrade configuration steps via puppet for all roles
- where upgrade is not disabled as defined in ../roles_data.yaml
-
-parameters:
- servers:
- type: json
- description: Mapping of Role name e.g Controller to a list of servers
- stack_name:
- type: string
- description: Name of the topmost stack
- role_data:
- type: json
- description: Mapping of Role name e.g Controller to the per-role data
- DeployIdentifier:
- default: ''
- type: string
- description: >
- Setting this to a unique value will re-run any deployment tasks which
- perform configuration on a Heat stack-update.
- ctlplane_service_ips:
- type: json
-
-resources:
-# Note the include here is the same as post.j2.yaml but the data used at
-# the time of rendering is different if any roles disable upgrades
-{% set roles = roles|rejectattr('disable_upgrade_deployment')|list -%}
-{% include 'puppet-steps.j2' %}
diff --git a/puppet/post.j2.yaml b/puppet/post.j2.yaml
deleted file mode 100644
index 67e1ecfd..00000000
--- a/puppet/post.j2.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-heat_template_version: pike
-
-description: >
- Post-deploy configuration steps via puppet for all roles,
- as defined in ../roles_data.yaml
-
-parameters:
- servers:
- type: json
- description: Mapping of Role name e.g Controller to a list of servers
- stack_name:
- type: string
- description: Name of the topmost stack
- role_data:
- type: json
- description: Mapping of Role name e.g Controller to the per-role data
- EndpointMap:
- default: {}
- description: Mapping of service endpoint -> protocol. Typically set
- via parameter_defaults in the resource registry.
- type: json
- DeployIdentifier:
- default: ''
- type: string
- description: >
- Setting this to a unique value will re-run any deployment tasks which
- perform configuration on a Heat stack-update.
- ctlplane_service_ips:
- type: json
-
-{% include 'puppet-steps.j2' %}
diff --git a/puppet/puppet-steps.j2 b/puppet/puppet-steps.j2
deleted file mode 100644
index f7651a57..00000000
--- a/puppet/puppet-steps.j2
+++ /dev/null
@@ -1,156 +0,0 @@
-{% set deploy_steps_max = 6 %}
-conditions:
-{% for step in range(1, deploy_steps_max) %}
- WorkflowTasks_Step{{step}}_Enabled:
- or:
- {%- for role in roles %}
- - not:
- equals:
- - get_param: [role_data, {{role.name}}, service_workflow_tasks, step{{step}}]
- - ''
- - False
- {%- endfor %}
-{% endfor %}
-
-resources:
- # Post deployment steps for all roles
- # A single config is re-applied with an incrementing step number
-{% for role in roles %}
- # {{role.name}} Role post-deploy steps
- {{role.name}}ArtifactsConfig:
- type: deploy-artifacts.yaml
-
- {{role.name}}ArtifactsDeploy:
- type: OS::Heat::StructuredDeployments
- properties:
- name: {{role.name}}ArtifactsDeploy
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}ArtifactsConfig}
-
- {{role.name}}PreConfig:
- type: OS::TripleO::Tasks::{{role.name}}PreConfig
- properties:
- servers: {get_param: [servers, {{role.name}}]}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
- {{role.name}}Config:
- type: OS::TripleO::{{role.name}}Config
- properties:
- StepConfig: {get_param: [role_data, {{role.name}}, step_config]}
-
- # Step through a series of configuration steps
-{% for step in range(1, deploy_steps_max) %}
- {{role.name}}Deployment_Step{{step}}:
- type: OS::Heat::StructuredDeploymentGroup
- depends_on:
- - WorkflowTasks_Step{{step}}_Execution
- # TODO(gfidente): the following if/else condition
- # replicates what is already defined for the
- # WorkflowTasks_StepX resource and can be remove
- # if https://bugs.launchpad.net/heat/+bug/1700569
- # is fixed.
- {%- if step == 1 %}
- {%- for dep in roles %}
- - {{dep.name}}PreConfig
- - {{dep.name}}ArtifactsDeploy
- {%- endfor %}
- {%- else %}
- {%- for dep in roles %}
- - {{dep.name}}Deployment_Step{{step -1}}
- {%- endfor %}
- {%- endif %}
- properties:
- name: {{role.name}}Deployment_Step{{step}}
- servers: {get_param: [servers, {{role.name}}]}
- config: {get_resource: {{role.name}}Config}
- input_values:
- step: {{step}}
- update_identifier: {get_param: DeployIdentifier}
-{% endfor %}
-
- # Note, this should be the last step to execute configuration changes.
- # Ensure that all {{role.name}}ExtraConfigPost steps are executed
- # after all the previous deployment steps.
- {{role.name}}ExtraConfigPost:
- depends_on:
- {%- for dep in roles %}
- - {{dep.name}}Deployment_Step5
- {%- endfor %}
- type: OS::TripleO::NodeExtraConfigPost
- properties:
- servers: {get_param: [servers, {{role.name}}]}
-
- # The {{role.name}}PostConfig steps are in charge of
- # quiescing all services, i.e. in the Controller case,
- # we should run a full service reload.
- {{role.name}}PostConfig:
- type: OS::TripleO::Tasks::{{role.name}}PostConfig
- depends_on:
- {%- for dep in roles %}
- - {{dep.name}}ExtraConfigPost
- {%- endfor %}
- properties:
- servers: {get_param: servers}
- input_values:
- update_identifier: {get_param: DeployIdentifier}
-
-
-{% endfor %}
-
-# BEGIN service_workflow_tasks handling
-{% for step in range(1, deploy_steps_max) %}
- WorkflowTasks_Step{{step}}:
- type: OS::Mistral::Workflow
- condition: WorkflowTasks_Step{{step}}_Enabled
- depends_on:
- {%- if step == 1 %}
- {%- for dep in roles %}
- - {{dep.name}}PreConfig
- - {{dep.name}}ArtifactsDeploy
- {%- endfor %}
- {%- else %}
- {%- for dep in roles %}
- - {{dep.name}}Deployment_Step{{step -1}}
- {%- endfor %}
- {%- endif %}
- properties:
- name: {list_join: [".", ["tripleo", {get_param: stack_name}, "workflowtasks", "step{{step}}"]]}
- type: direct
- tasks:
- yaql:
- expression: $.data.where($ != '').select($.get('step{{step}}')).where($ != null).flatten()
- data:
- {%- for role in roles %}
- - get_param: [role_data, {{role.name}}, service_workflow_tasks]
- {%- endfor %}
-
- WorkflowTasks_Step{{step}}_Execution:
- type: OS::Mistral::ExternalResource
- condition: WorkflowTasks_Step{{step}}_Enabled
- depends_on: WorkflowTasks_Step{{step}}
- properties:
- actions:
- CREATE:
- workflow: { get_resource: WorkflowTasks_Step{{step}} }
- params:
- env:
- service_ips: { get_param: ctlplane_service_ips }
- role_merged_configs:
- {%- for r in roles %}
- {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
- {%- endfor %}
- evaluate_env: false
- UPDATE:
- workflow: { get_resource: WorkflowTasks_Step{{step}} }
- params:
- env:
- service_ips: { get_param: ctlplane_service_ips }
- role_merged_configs:
- {%- for r in roles %}
- {{r.name}}: {get_param: [role_data, {{r.name}}, merged_config_settings]}
- {%- endfor %}
- evaluate_env: false
- always_update: true
-{% endfor %}
-# END service_workflow_tasks handling
diff --git a/puppet/services/README.rst b/puppet/services/README.rst
index d55414b7..a593d55e 100644
--- a/puppet/services/README.rst
+++ b/puppet/services/README.rst
@@ -155,7 +155,7 @@ Similar to the step_config, we allow a series of steps for the per-service
upgrade sequence, defined as ansible tasks with a tag e.g "step1" for the first
step, "step2" for the second, etc.
- Steps/tages correlate to the following:
+ Steps/tags correlate to the following:
1) Stop all control-plane services.
@@ -186,6 +186,18 @@ Note that the services are not started in the upgrade tasks - we instead re-run
puppet which does any reconfiguration required for the new version, then starts
the services.
+Update Steps
+------------
+
+Each service template may optionally define a `update_tasks` key, which is a
+list of ansible tasks to be performed during the minor update process.
+
+Similar to the upgrade_tasks, we allow a series of steps for the per-service
+update sequence, but note update_task selects the steps via a conditional
+referencing the step variable e.g when: step == 2, which is different to the
+tags based approach used for upgrade_tasks (the two may be aligned in future).
+
+
Nova Server Metadata Settings
-----------------------------
diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml
index 04f34e24..dcead0f7 100644
--- a/puppet/services/database/mongodb.yaml
+++ b/puppet/services/database/mongodb.yaml
@@ -47,6 +47,11 @@ parameters:
EnableInternalTLS:
type: boolean
default: false
+ InternalTLSCAFile:
+ default: '/etc/ipa/ca.crt'
+ type: string
+ description: Specifies the default CA cert to use if TLS is used for
+ services in the internal network.
conditions:
@@ -98,6 +103,7 @@ outputs:
generate_service_certificates: true
mongodb::server::ssl: true
mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem'
+ mongodb::server::ssl_ca: {get_param: InternalTLSCAFile}
mongodb_certificate_specs:
service_pem: '/etc/pki/tls/certs/mongodb.pem'
service_certificate: '/etc/pki/tls/certs/mongodb.crt'
diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml
index e471c2a6..2a8620c8 100644
--- a/puppet/services/tripleo-packages.yaml
+++ b/puppet/services/tripleo-packages.yaml
@@ -56,3 +56,7 @@ outputs:
- name: Update all packages
tags: step3
yum: name=* state=latest
+ update_tasks:
+ - name: Update all packages
+ yum: name=* state=latest
+ when: step == "3"